Risk-Based Cybersecurity Compliance Assessment System (RC2AS)-Reference-Cited by-同舟云学术

Risk-Based Cybersecurity Compliance Assessment System (RC2AS)

Published:2023-05-17 Issue:10 Volume:13 Page:6145
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Alfaadhel Afnan¹,Almomani Iman¹²^ORCID,Ahmed Mohanned¹^ORCID

Affiliation:

1. Security Engineering Lab, Computer Science Department, Prince Sultan University, Riyadh 11586, Saudi Arabia

2. Computer Science Department, King Abdullah II School of Information Technology, The University of Jordan, Amman 11942, Jordan

Abstract

Cybersecurity attacks are still causing significant threats to individuals and organizations, affecting almost all aspects of life. Therefore, many countries worldwide try to overcome this by introducing and applying cybersecurity regularity frameworks to maintain organizations’ information and digital resources. Saudi Arabia has taken practical steps in this direction by developing the essential cybersecurity control (ECC) as a national cybersecurity regulation reference. Generally, the compliance assessment processes of different international cybersecurity standards and controls (ISO2700x, PCI, and NIST) are generic for all organizations with different scopes, business functionality, and criticality level, where the overall compliance score is absent with no consideration of the security control risk. Therefore, to address all of these shortcomings, this research takes the ECC as a baseline to build a comprehensive and customized risk-based cybersecurity compliance assessment system (RC2AS). ECC has been chosen because it is well-defined and inspired by many international standards. Another motive for this choice is the limited related works that have deeply studied ECC. RC2AS is developed to be compatible with the current ECC tool. It offers an offline self-assessment tool that helps the organization expedite the assessment process, identify current weaknesses, and provide better planning to enhance its level based on its priorities. Additionally, RC2AS proposes four methods to calculate the overall compliance score with ECC. Several scenarios are conducted to assess these methods and compare their performance. The goal is to reflect the accurate compliance score of an organization while considering its domain, needs, resources, and risk level of its security controls. Finally, the outputs of the assessment process are displayed through rich dashboards that comprehensively present the organization’s cybersecurity maturity and suggest an improvement plan for its level of compliance.

Funder

Prince Sultan University, Riyadh, Saudi Arabia

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

https://www.mdpi.com/2076-3417/13/10/6145/pdf

Reference43 articles.

1. A comprehensive review study of cyberattacks and cyber security; Emerging trends and recent developments;Li;Energy Rep.,2021

2. Information technology solutions, challenges, and suggestions for tackling the COVID-19 pandemic;He;Int. J. Inf. Manag.,2021

3. The role of national cybersecurity strategies on the improvement of cybersecurity education;AlDaajeh;Comput. Secur.,2022

4. Organizational science and cybersecurity: Abundant opportunities for research at the interface;Dalal;J. Bus. Psychol.,2021

5. Perera, S., Jin, X., Maurushat, A., and Opoku, D.G.J. (2022). Factors Affecting Reputational Damage to Organisations Due to Cyberattacks. Informatics, 9.

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A compliance assessment system for Incident Management process;Computers & Security;2024-11

2. Raiju: Reinforcement learning-guided post-exploitation for automating security assessment of network systems;Computer Networks;2024-11

3. Financial Fraud Detection Using Value-at-Risk With Machine Learning in Skewed Data;IEEE Access;2024