Cybersecurity frameworks mandate a large set of security requirements and controls towards compliance and certification. However, this creates a false impression that if companies were to follow the recommended steps mentioned within the frameworks, they are guaranteed to be safe from cyberattacks. Additionally, there are overlapping general security controls and concepts within these frameworks and organizations looking to demonstrate an active cybersecurity program spend unnecessary resources on duplicate security controls.
Findings from the data collected showed that a majority of the participants had experience and the perceived knowledge in the implementation of cybersecurity frameworks within their organizations. The participants also provided their views on the benefits, concerns and improvements on the implementation of cybersecurity frameworks. While respective participant’s views and opinions were limited to their own experience and biases, the overall messages conveyed were similar in that cybersecurity frameworks could be used as tools to achieve compliance with various regulations and legislation requirements, but there was still room for improvement. Concerns highlighted by participants included a false sense of security, lack of applicability and implementation details, absence of common lexicon to provide a common language for existing frameworks, and the absence of regular updates and revisions to existing frameworks.
The purpose of this project is to provide an analysis through questionnaires and focus group discussions by comparing the different cybersecurity frameworks currently in practice and using the data collected to propose approaches to improve existing frameworks. The result of this study aims to further guide practitioners and researchers to understand the strengths and weaknesses of existing cybersecurity frameworks and aid future research.
|School:||University of London, Royal Holloway, University of London (United Kingdom)|
|Source:||MAI 82/3(E), Masters Abstracts International|
|Subjects:||Information Technology, Computer science, Computer Engineering, Business administration|
|Keywords:||Cybersecurity, Cybersecurity frameworks, Framework, Frameworks, Information security, Information security frameworks|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be