The Cybersecurity Focus Area Maturity (CYSFAM) Model

The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Fo...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of cybersecurity and privacy 2021-03, Vol.1 (1), p.119-139
Hauptverfasser: Yigit Ozkan, Bilge, van Lingen, Sonny, Spruit, Marco
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 139
container_issue 1
container_start_page 119
container_title Journal of cybersecurity and privacy
container_volume 1
creator Yigit Ozkan, Bilge
van Lingen, Sonny
Spruit, Marco
description The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.
doi_str_mv 10.3390/jcp1010007
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2655550501</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2655550501</sourcerecordid><originalsourceid>FETCH-LOGICAL-c2107-f307e19fe43617cbb97ee0da4c2c77fe3d6867e3eb08b41ec4690cbf4418fcfb3</originalsourceid><addsrcrecordid>eNpNkE1LxDAQhoMouKx78RcUvKhQnXw0aY-lWBW2eHAFPYUmneCW1dakPfTfW6mgc3mHl4cZeAg5p3DDeQa3re0pUABQR2TFJBNxCvB6_G8_JZsQ2plgKuMJFSsidu8YFZNBH9COfj9MUdnZMUS5xzqq6mHpLou35zKvrqKqa_BwRk5cfQi4-c01eSnvdsVDvH26fyzybWwZBRU7Dgpp5lBwSZU1JlOI0NTCMquUQ97IVCrkaCA1gqIVMgNrnBA0ddYZviYXy93ed18jhkG33eg_55eayWQeSIDO1PVCWd-F4NHp3u8_aj9pCvpHjP4Tw78BtFBTrA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2655550501</pqid></control><display><type>article</type><title>The Cybersecurity Focus Area Maturity (CYSFAM) Model</title><source>DOAJ Directory of Open Access Journals</source><source>MDPI - Multidisciplinary Digital Publishing Institute</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Yigit Ozkan, Bilge ; van Lingen, Sonny ; Spruit, Marco</creator><creatorcontrib>Yigit Ozkan, Bilge ; van Lingen, Sonny ; Spruit, Marco</creatorcontrib><description>The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.</description><identifier>ISSN: 2624-800X</identifier><identifier>EISSN: 2624-800X</identifier><identifier>DOI: 10.3390/jcp1010007</identifier><language>eng</language><publisher>Washington: MDPI AG</publisher><subject>Cybercrime ; Cybersecurity ; Data encryption ; Information technology ; International organizations ; International standards ; Internet of Things ; ISO standards ; Network security ; Privacy ; Security management ; Standardization ; Workforce</subject><ispartof>Journal of cybersecurity and privacy, 2021-03, Vol.1 (1), p.119-139</ispartof><rights>2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c2107-f307e19fe43617cbb97ee0da4c2c77fe3d6867e3eb08b41ec4690cbf4418fcfb3</citedby><cites>FETCH-LOGICAL-c2107-f307e19fe43617cbb97ee0da4c2c77fe3d6867e3eb08b41ec4690cbf4418fcfb3</cites><orcidid>0000-0002-9237-221X ; 0000-0001-6406-356X</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,864,27924,27925</link.rule.ids></links><search><creatorcontrib>Yigit Ozkan, Bilge</creatorcontrib><creatorcontrib>van Lingen, Sonny</creatorcontrib><creatorcontrib>Spruit, Marco</creatorcontrib><title>The Cybersecurity Focus Area Maturity (CYSFAM) Model</title><title>Journal of cybersecurity and privacy</title><description>The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.</description><subject>Cybercrime</subject><subject>Cybersecurity</subject><subject>Data encryption</subject><subject>Information technology</subject><subject>International organizations</subject><subject>International standards</subject><subject>Internet of Things</subject><subject>ISO standards</subject><subject>Network security</subject><subject>Privacy</subject><subject>Security management</subject><subject>Standardization</subject><subject>Workforce</subject><issn>2624-800X</issn><issn>2624-800X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNpNkE1LxDAQhoMouKx78RcUvKhQnXw0aY-lWBW2eHAFPYUmneCW1dakPfTfW6mgc3mHl4cZeAg5p3DDeQa3re0pUABQR2TFJBNxCvB6_G8_JZsQ2plgKuMJFSsidu8YFZNBH9COfj9MUdnZMUS5xzqq6mHpLou35zKvrqKqa_BwRk5cfQi4-c01eSnvdsVDvH26fyzybWwZBRU7Dgpp5lBwSZU1JlOI0NTCMquUQ97IVCrkaCA1gqIVMgNrnBA0ddYZviYXy93ed18jhkG33eg_55eayWQeSIDO1PVCWd-F4NHp3u8_aj9pCvpHjP4Tw78BtFBTrA</recordid><startdate>20210301</startdate><enddate>20210301</enddate><creator>Yigit Ozkan, Bilge</creator><creator>van Lingen, Sonny</creator><creator>Spruit, Marco</creator><general>MDPI AG</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>8FK</scope><scope>8FL</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>K60</scope><scope>K6~</scope><scope>L.-</scope><scope>M0C</scope><scope>PIMPY</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>Q9U</scope><orcidid>https://orcid.org/0000-0002-9237-221X</orcidid><orcidid>https://orcid.org/0000-0001-6406-356X</orcidid></search><sort><creationdate>20210301</creationdate><title>The Cybersecurity Focus Area Maturity (CYSFAM) Model</title><author>Yigit Ozkan, Bilge ; van Lingen, Sonny ; Spruit, Marco</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c2107-f307e19fe43617cbb97ee0da4c2c77fe3d6867e3eb08b41ec4690cbf4418fcfb3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Cybercrime</topic><topic>Cybersecurity</topic><topic>Data encryption</topic><topic>Information technology</topic><topic>International organizations</topic><topic>International standards</topic><topic>Internet of Things</topic><topic>ISO standards</topic><topic>Network security</topic><topic>Privacy</topic><topic>Security management</topic><topic>Standardization</topic><topic>Workforce</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Yigit Ozkan, Bilge</creatorcontrib><creatorcontrib>van Lingen, Sonny</creatorcontrib><creatorcontrib>Spruit, Marco</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>ABI/INFORM Professional Advanced</collection><collection>ABI/INFORM Global</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central Basic</collection><jtitle>Journal of cybersecurity and privacy</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Yigit Ozkan, Bilge</au><au>van Lingen, Sonny</au><au>Spruit, Marco</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>The Cybersecurity Focus Area Maturity (CYSFAM) Model</atitle><jtitle>Journal of cybersecurity and privacy</jtitle><date>2021-03-01</date><risdate>2021</risdate><volume>1</volume><issue>1</issue><spage>119</spage><epage>139</epage><pages>119-139</pages><issn>2624-800X</issn><eissn>2624-800X</eissn><abstract>The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.</abstract><cop>Washington</cop><pub>MDPI AG</pub><doi>10.3390/jcp1010007</doi><tpages>21</tpages><orcidid>https://orcid.org/0000-0002-9237-221X</orcidid><orcidid>https://orcid.org/0000-0001-6406-356X</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2624-800X
ispartof Journal of cybersecurity and privacy, 2021-03, Vol.1 (1), p.119-139
issn 2624-800X
2624-800X
language eng
recordid cdi_proquest_journals_2655550501
source DOAJ Directory of Open Access Journals; MDPI - Multidisciplinary Digital Publishing Institute; EZB-FREE-00999 freely available EZB journals
subjects Cybercrime
Cybersecurity
Data encryption
Information technology
International organizations
International standards
Internet of Things
ISO standards
Network security
Privacy
Security management
Standardization
Workforce
title The Cybersecurity Focus Area Maturity (CYSFAM) Model
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T02%3A12%3A58IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=The%20Cybersecurity%20Focus%20Area%20Maturity%20(CYSFAM)%20Model&rft.jtitle=Journal%20of%20cybersecurity%20and%20privacy&rft.au=Yigit%20Ozkan,%20Bilge&rft.date=2021-03-01&rft.volume=1&rft.issue=1&rft.spage=119&rft.epage=139&rft.pages=119-139&rft.issn=2624-800X&rft.eissn=2624-800X&rft_id=info:doi/10.3390/jcp1010007&rft_dat=%3Cproquest_cross%3E2655550501%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2655550501&rft_id=info:pmid/&rfr_iscdi=true