Assessing the Effectiveness of Cyber Domain Controls When Conducting Cybersecurity Audits: Insights from Higher Education Institutions in Canada-Reference-Cited by-同舟云学术

Assessing the Effectiveness of Cyber Domain Controls When Conducting Cybersecurity Audits: Insights from Higher Education Institutions in Canada

Published:2024-08-16 Issue:16 Volume:13 Page:3257
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Sabillon Regner¹^ORCID,Higuera Juan Ramon Bermejo¹^ORCID,Cano Jeimy²,Higuera Javier Bermejo¹^ORCID,Montalvo Juan Antonio Sicilia¹^ORCID

Affiliation:

1. Escuela Superior de Ingeniería y Tecnología, Universidad Internacional de La Rioja (UNIR), 26006 Logroño, La Rioja, Spain

2. Law Faculty, Universidad de los Andes, Bogotá 111711, Colombia

Abstract

This study validates a comprehensive cybersecurity audit model through empirical analysis in three higher education institutions in Canada. The research aims to enhance cybersecurity resilience by assessing the effectiveness of cybersecurity controls across diverse educational environments. Given the increasing frequency and sophistication of cyberattacks targeting educational institutions, this research is essential to ensure the protection of sensitive academic and personal data. Data were collected through detailed audits involving system vulnerabilities, compliance with security policies, and incident response management at each institution. The findings underscore the importance of tailored cybersecurity strategies and continuous auditing to mitigate cyber risks in the Canadian higher education sector. This study contributes to the field by validating a versatile audit tool that can be adapted to various institutional contexts, promoting enhanced cybersecurity practices and evaluating the effectiveness of cybersecurity safeguards across the higher education sector in Canada. The results of the audit model validations provide the cybersecurity maturity rating of each institution. Further research is recommended to refine the model and explore its application in other industries and sectors.

Publisher

MDPI AG

Link

https://www.mdpi.com/2079-9292/13/16/3257/pdf

Reference53 articles.

1. CrowdStrike (2023). 2023 Global Threat Report, CrowdStrike, Inc.

2. Interpol (2023). Annual Report 2022—Connecting Police for a Safer World, Interpol.

3. IBM Security (2023). Cost of a Data Breach Report 2023, IBM Corporation.

4. Meulen, N., Jo, E., and Soesanto, S. (2015). Cybersecurity in the European Union and Beyond: Exploring the Threats and Policy Responses, Study for the LIBE Committee, European Union.

5. Balbix (2024, August 04). Balridge Cybersecurity Excellence Builder: Key Questions for Improving Your Organization’s Cybersecurity Performance, Available online: https://www.nist.gov/document/baldrige-cybersecurity-excellence-builder-v11pdf.