The Cybersecurity Focus Area Maturity (CYSFAM) Model
The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Fo...
Gespeichert in:
Veröffentlicht in: | Journal of cybersecurity and privacy 2021-03, Vol.1 (1), p.119-139 |
---|---|
Hauptverfasser: | , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | 139 |
---|---|
container_issue | 1 |
container_start_page | 119 |
container_title | Journal of cybersecurity and privacy |
container_volume | 1 |
creator | Yigit Ozkan, Bilge van Lingen, Sonny Spruit, Marco |
description | The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result. |
doi_str_mv | 10.3390/jcp1010007 |
format | Article |
fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2655550501</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2655550501</sourcerecordid><originalsourceid>FETCH-LOGICAL-c2107-f307e19fe43617cbb97ee0da4c2c77fe3d6867e3eb08b41ec4690cbf4418fcfb3</originalsourceid><addsrcrecordid>eNpNkE1LxDAQhoMouKx78RcUvKhQnXw0aY-lWBW2eHAFPYUmneCW1dakPfTfW6mgc3mHl4cZeAg5p3DDeQa3re0pUABQR2TFJBNxCvB6_G8_JZsQ2plgKuMJFSsidu8YFZNBH9COfj9MUdnZMUS5xzqq6mHpLou35zKvrqKqa_BwRk5cfQi4-c01eSnvdsVDvH26fyzybWwZBRU7Dgpp5lBwSZU1JlOI0NTCMquUQ97IVCrkaCA1gqIVMgNrnBA0ddYZviYXy93ed18jhkG33eg_55eayWQeSIDO1PVCWd-F4NHp3u8_aj9pCvpHjP4Tw78BtFBTrA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2655550501</pqid></control><display><type>article</type><title>The Cybersecurity Focus Area Maturity (CYSFAM) Model</title><source>DOAJ Directory of Open Access Journals</source><source>MDPI - Multidisciplinary Digital Publishing Institute</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Yigit Ozkan, Bilge ; van Lingen, Sonny ; Spruit, Marco</creator><creatorcontrib>Yigit Ozkan, Bilge ; van Lingen, Sonny ; Spruit, Marco</creatorcontrib><description>The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.</description><identifier>ISSN: 2624-800X</identifier><identifier>EISSN: 2624-800X</identifier><identifier>DOI: 10.3390/jcp1010007</identifier><language>eng</language><publisher>Washington: MDPI AG</publisher><subject>Cybercrime ; Cybersecurity ; Data encryption ; Information technology ; International organizations ; International standards ; Internet of Things ; ISO standards ; Network security ; Privacy ; Security management ; Standardization ; Workforce</subject><ispartof>Journal of cybersecurity and privacy, 2021-03, Vol.1 (1), p.119-139</ispartof><rights>2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c2107-f307e19fe43617cbb97ee0da4c2c77fe3d6867e3eb08b41ec4690cbf4418fcfb3</citedby><cites>FETCH-LOGICAL-c2107-f307e19fe43617cbb97ee0da4c2c77fe3d6867e3eb08b41ec4690cbf4418fcfb3</cites><orcidid>0000-0002-9237-221X ; 0000-0001-6406-356X</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,864,27924,27925</link.rule.ids></links><search><creatorcontrib>Yigit Ozkan, Bilge</creatorcontrib><creatorcontrib>van Lingen, Sonny</creatorcontrib><creatorcontrib>Spruit, Marco</creatorcontrib><title>The Cybersecurity Focus Area Maturity (CYSFAM) Model</title><title>Journal of cybersecurity and privacy</title><description>The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.</description><subject>Cybercrime</subject><subject>Cybersecurity</subject><subject>Data encryption</subject><subject>Information technology</subject><subject>International organizations</subject><subject>International standards</subject><subject>Internet of Things</subject><subject>ISO standards</subject><subject>Network security</subject><subject>Privacy</subject><subject>Security management</subject><subject>Standardization</subject><subject>Workforce</subject><issn>2624-800X</issn><issn>2624-800X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNpNkE1LxDAQhoMouKx78RcUvKhQnXw0aY-lWBW2eHAFPYUmneCW1dakPfTfW6mgc3mHl4cZeAg5p3DDeQa3re0pUABQR2TFJBNxCvB6_G8_JZsQ2plgKuMJFSsidu8YFZNBH9COfj9MUdnZMUS5xzqq6mHpLou35zKvrqKqa_BwRk5cfQi4-c01eSnvdsVDvH26fyzybWwZBRU7Dgpp5lBwSZU1JlOI0NTCMquUQ97IVCrkaCA1gqIVMgNrnBA0ddYZviYXy93ed18jhkG33eg_55eayWQeSIDO1PVCWd-F4NHp3u8_aj9pCvpHjP4Tw78BtFBTrA</recordid><startdate>20210301</startdate><enddate>20210301</enddate><creator>Yigit Ozkan, Bilge</creator><creator>van Lingen, Sonny</creator><creator>Spruit, Marco</creator><general>MDPI AG</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>8FK</scope><scope>8FL</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>K60</scope><scope>K6~</scope><scope>L.-</scope><scope>M0C</scope><scope>PIMPY</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>Q9U</scope><orcidid>https://orcid.org/0000-0002-9237-221X</orcidid><orcidid>https://orcid.org/0000-0001-6406-356X</orcidid></search><sort><creationdate>20210301</creationdate><title>The Cybersecurity Focus Area Maturity (CYSFAM) Model</title><author>Yigit Ozkan, Bilge ; van Lingen, Sonny ; Spruit, Marco</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c2107-f307e19fe43617cbb97ee0da4c2c77fe3d6867e3eb08b41ec4690cbf4418fcfb3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Cybercrime</topic><topic>Cybersecurity</topic><topic>Data encryption</topic><topic>Information technology</topic><topic>International organizations</topic><topic>International standards</topic><topic>Internet of Things</topic><topic>ISO standards</topic><topic>Network security</topic><topic>Privacy</topic><topic>Security management</topic><topic>Standardization</topic><topic>Workforce</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Yigit Ozkan, Bilge</creatorcontrib><creatorcontrib>van Lingen, Sonny</creatorcontrib><creatorcontrib>Spruit, Marco</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>ABI/INFORM Professional Advanced</collection><collection>ABI/INFORM Global</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central Basic</collection><jtitle>Journal of cybersecurity and privacy</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Yigit Ozkan, Bilge</au><au>van Lingen, Sonny</au><au>Spruit, Marco</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>The Cybersecurity Focus Area Maturity (CYSFAM) Model</atitle><jtitle>Journal of cybersecurity and privacy</jtitle><date>2021-03-01</date><risdate>2021</risdate><volume>1</volume><issue>1</issue><spage>119</spage><epage>139</epage><pages>119-139</pages><issn>2624-800X</issn><eissn>2624-800X</eissn><abstract>The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.</abstract><cop>Washington</cop><pub>MDPI AG</pub><doi>10.3390/jcp1010007</doi><tpages>21</tpages><orcidid>https://orcid.org/0000-0002-9237-221X</orcidid><orcidid>https://orcid.org/0000-0001-6406-356X</orcidid><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | ISSN: 2624-800X |
ispartof | Journal of cybersecurity and privacy, 2021-03, Vol.1 (1), p.119-139 |
issn | 2624-800X 2624-800X |
language | eng |
recordid | cdi_proquest_journals_2655550501 |
source | DOAJ Directory of Open Access Journals; MDPI - Multidisciplinary Digital Publishing Institute; EZB-FREE-00999 freely available EZB journals |
subjects | Cybercrime Cybersecurity Data encryption Information technology International organizations International standards Internet of Things ISO standards Network security Privacy Security management Standardization Workforce |
title | The Cybersecurity Focus Area Maturity (CYSFAM) Model |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T02%3A12%3A58IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=The%20Cybersecurity%20Focus%20Area%20Maturity%20(CYSFAM)%20Model&rft.jtitle=Journal%20of%20cybersecurity%20and%20privacy&rft.au=Yigit%20Ozkan,%20Bilge&rft.date=2021-03-01&rft.volume=1&rft.issue=1&rft.spage=119&rft.epage=139&rft.pages=119-139&rft.issn=2624-800X&rft.eissn=2624-800X&rft_id=info:doi/10.3390/jcp1010007&rft_dat=%3Cproquest_cross%3E2655550501%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2655550501&rft_id=info:pmid/&rfr_iscdi=true |