This study examined the relationship between the National Institute of Standards and Technology (NIST) risk management framework (RMF) and cybersecurity effectiveness (CSE). Since the advent of the first piece of malware or the interconnection of systems across the internet, there has been a need for cybersecurity. As cyber-attacks continue to advance, the need for effective cybersecurity becomes more prevalent across public and private sector businesses, industries, and organizations. Most cybersecurity professionals face how to measure their effectiveness when it comes to preventing cyber-attacks. Using Enterprise Risk Management, in this case, NIST RMF, cybersecurity professionals know how to predict cybersecurity effectiveness. This analysis uses the variables within the NIST RMF: preparation of use of RMF (POR), categorization of risk (COR), selection of risk controls (SOR), implementation of risk controls (IOR), assessment of risk controls (AOR), authorization of risk controls (AUOR), and monitoring or risk controls (MOR) and analyzed them against CSE. The omnibus research question was: To what extent does the preparation of use of Risk management framework, categorization of risk, selection of risk controls, implementation of risk controls, assessment of risk controls, authorization or risk controls, and monitoring of risk controls correlate to cybersecurity effectiveness in the private sector? This quantitative nonexperimental correlation study identified the relationship between the RMF and CSE using a target population comprised of business management or IT and cybersecurity management within the private sector industry from the United States of America. SurveyMonkey collected respondent data for 81 participants who met the inclusion criteria of this study. Using Pearson correlation and multiple linear regression models, the data was analyzed to identify the NIST RMF and CSE's statistical significance. This analysis shows that each variable of the NIST RMF correlates to CSE but was not statistically significant. When combining each of the variables within the RMF (RMF Average) and analyzing the entire framework against CSE, there was a statistically significant correlation. This study shows that by using the NIST RMF in its entirety, there is a correlation with cybersecurity effectiveness that allows management within the private sector industry to allocate and align resources to combat cyber-attack threats and risks.
|Advisor:||Tynes, Vernon W.|
|Commitee:||Valentine, Dawn, Witteman, Pamelyn|
|Department:||School of Business, Technology and Health Administration|
|School Location:||United States -- Minnesota|
|Source:||DAI-A 82/8(E), Dissertation Abstracts International|
|Subjects:||Information Technology, Computer science, Business administration, Management|
|Keywords:||Cyber-attack, Cybersecurity effectiveness, Enterprise risk management, National Institute of Standards and Technology (NIST), Malware, Risk controls, IT professionals, Cyber-threats|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be