COMING SOON! PQDT Open is getting a new home!

ProQuest Open Access Dissertations & Theses will remain freely available as part of a new and enhanced search experience at

Questions? Please refer to this FAQ.

Dissertation/Thesis Abstract

Enterprise Risk Management as a Measurement of Cybersecurity Effectiveness: A Correlational Study
by Hess, William, Ph.D., Capella University, 2021, 151; 28316083
Abstract (Summary)

This study examined the relationship between the National Institute of Standards and Technology (NIST) risk management framework (RMF) and cybersecurity effectiveness (CSE). Since the advent of the first piece of malware or the interconnection of systems across the internet, there has been a need for cybersecurity. As cyber-attacks continue to advance, the need for effective cybersecurity becomes more prevalent across public and private sector businesses, industries, and organizations. Most cybersecurity professionals face how to measure their effectiveness when it comes to preventing cyber-attacks. Using Enterprise Risk Management, in this case, NIST RMF, cybersecurity professionals know how to predict cybersecurity effectiveness. This analysis uses the variables within the NIST RMF: preparation of use of RMF (POR), categorization of risk (COR), selection of risk controls (SOR), implementation of risk controls (IOR), assessment of risk controls (AOR), authorization of risk controls (AUOR), and monitoring or risk controls (MOR) and analyzed them against CSE. The omnibus research question was: To what extent does the preparation of use of Risk management framework, categorization of risk, selection of risk controls, implementation of risk controls, assessment of risk controls, authorization or risk controls, and monitoring of risk controls correlate to cybersecurity effectiveness in the private sector? This quantitative nonexperimental correlation study identified the relationship between the RMF and CSE using a target population comprised of business management or IT and cybersecurity management within the private sector industry from the United States of America. SurveyMonkey collected respondent data for 81 participants who met the inclusion criteria of this study. Using Pearson correlation and multiple linear regression models, the data was analyzed to identify the NIST RMF and CSE's statistical significance. This analysis shows that each variable of the NIST RMF correlates to CSE but was not statistically significant. When combining each of the variables within the RMF (RMF Average) and analyzing the entire framework against CSE, there was a statistically significant correlation. This study shows that by using the NIST RMF in its entirety, there is a correlation with cybersecurity effectiveness that allows management within the private sector industry to allocate and align resources to combat cyber-attack threats and risks.

Indexing (document details)
Advisor: Tynes, Vernon W.
Commitee: Valentine, Dawn, Witteman, Pamelyn
School: Capella University
Department: School of Business, Technology and Health Administration
School Location: United States -- Minnesota
Source: DAI-A 82/8(E), Dissertation Abstracts International
Subjects: Information Technology, Computer science, Business administration, Management
Keywords: Cyber-attack, Cybersecurity effectiveness, Enterprise risk management, National Institute of Standards and Technology (NIST), Malware, Risk controls, IT professionals, Cyber-threats
Publication Number: 28316083
ISBN: 9798569969630
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy