Building Cyber Resilience: Key Factors for Enhancing Organizational Cyber Security

Article Sidebar

PDF
Published: Sep 13, 2023
DOI: https://doi.org/10.33093/jiwe.2023.2.2.5
Keywords:
Cyber Resilience, Cyber Security, Cyber Risk, Cyberattack, Organisational Resilience

Main Article Content

Thavaselvi Munusamy
Malaysia University of Science and Technology, Malaysia
https://orcid.org/0009-0004-2807-6987
Touraj Khodadi
Malaysia University of Science and Technology, Malaysia

Abstract

The increasingly pervasive influence of technology on a global scale, coupled with the accelerating pace of organizations operating in cyberspace, has intensified the need for adequate protection against the risks posed by cyber threats. This paper aims to identify cyber resilience management attributes that can enable organizations to sustain and continually adapt in the face of evolving cyber risks and threats. The researcher explores the intersections between cybersecurity and resilience by reviewing existing frameworks, models, studies, and surveys. This study establishes the attributes of resilience with the integration of resilience theory and security theory, along with their position in the cyber domains. By proposing a converged model with fundamental factors for attaining cyber resilience, this study offers a novel contribution to cyber security management.

Article Details

How to Cite
Munusamy, T., & Khodadi, T. (2023). Building Cyber Resilience: Key Factors for Enhancing Organizational Cyber Security. Journal of Informatics and Web Engineering, 2(2), 59–71. https://doi.org/10.33093/jiwe.2023.2.2.5
Issue
Vol. 2 No. 2 (2023): September 2023
Section
Regular issue
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

All articles published in JIWE are licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License. Readers are allowed to

  • Share — copy and redistribute the material in any medium or format under the following conditions:
  • Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use;
  • NonCommercial — You may not use the material for commercial purposes;
  • NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material.

References

R. Von Solms and J. Van Niekerk, “From information security to cyber security”, Computers & Security, vol. 38, pp. 97-102, 2013.

J. Kaplan, C. Toomey and A. Tyra, “Critical resilience: Adapting infrastructure to repel cyberthreats”, McKinsey & Company, 2019.

World Economic Forum, “Annual Report 2020-2021”, 2020. https://www.weforum.org/reports/annual-report-2020-2021.

A. Refsdal, B. Solhaug and K. Stolen, “Cyber-risk management”, Springer Briefs in Computer Science, Springer, pp. 32 – 35, 2015.

B. Dupont, “The cyber-resilience of financial institutions: significance and applicability,” Journal of Cybersecurity, vol 5, no. 1, pp. 1-17, 2019.

J. F. Lai and S. H. Heng, “Secure file storage on cloud using hybrid cryptography,” Journal of Informatics and Web Engineering, vol. 1, no. 2, pp. 1–18, 2022.

A. Annarelli, C. Battistella and F. Nonino, “A framework to evaluate the effects of organizational resilience on Service Quality”, Sustainability, vol. 12, no. 3, pp. 958, 2020.

Z. Ma, L. Xiao and J. Yin, “Toward a dynamic model of organizational resilience”, Nankai Business Review International, vol. 9, no. 3, pp. 246-263, 2018.

G. Strupczewski, “Defining cyber risk”, Safety Science, vol 135, pp. 105143, 2021.

Y. I. Starodubtsev, E. V. Vershennik and E. G. Balenko, “Cyberspace: terminology, properties, problems of operation”, International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon), pp. 1-3, 2020.

R. Ikwu, “Identifying Data and Information Streams in Cyberspace: A Multi-Dimensional Perspective”, arXiv preprint:1906.03757, 2019.

Z. Collier, I. Linkov and J. Lambert, “Four domains of cybersecurity: a risk-based systems approach to cyber decisions”, Environment Systems and Decisions, vol. 33, no. 4, pp. 469-470, 2013.

Cybersecurity and Infrastructure Security Agency, "Critical Infrastructure Security and Resilience", 2022. https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience

G. Lykou, A. Anagnostopoulou and D. Gritzalis, “Smart airport cybersecurity: Threat mitigation and cyber resilience controls”, Sensors, vol. 19, no. 1, pp. 19, 2018.

H. Maziku, S. Shetty and D. Nicol, “Security risk assessment for SDN-enabled Smart Grids,” Computer Communications, vol. 133, pp. 1–11, 2019.

R. Loheswar, “Major data breaches in Malaysia in the past 24 months”, Malay Mail, https://www.malaymail.com/news/malaysia/2022/12/31/major-data-breaches-in-malaysia-in-the-past-24-months/47722, 2022.

Harvard Business Review, “A Comprehensive Approach to Cyber Resilience”, https://hbr.org/2020/06/a-comprehensive-approach-to-cyber-resilience, 2020.

L. A. Mallak, "Toward a theory of organizational resilience", PICMET '99: Portland International Conference on Management of Engineering and Technology. Proceedings, vol. 1, pp. 223, 1999.

K. Stuermer, J. Kandt and M. Rebstock, “Resilience - A New Research Field in Business Information Systems?”, Proceedings of the 43rd Hawaii International Conference on System Sciences, pp. 1-10, 2010.

A. Koziolek and R. H Reussner, “Toward Resilience Assessment in Business Process Architectures”, IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans, vol. 41, no. 3, pp. 464-477, 2010.

L. Xiao and H. Cao, “Organizational Resilience: The Theoretical Model and Research Implication”, ITM Web Of Conferences, vol. 12, pp. 04021, 2017.

International Organization for Standardization, “ISO 22316:2017 Security and resilience - Organizational resilience - Principles and attributes”, 2017, https://www.iso.org/standard/60815.html.

G. Disterer, "ISO/IEC 27000, 27001 and 27002 for Information Security Management," Journal of Information Security, vol. 4, no. 2, pp. 92-100, 2013.

G. Culot, G. Nassimbeni, M. Podrecca and M. Sartor, “The ISO/IEC 27001 information security management standard: Literature review and theory-based Research Agenda”, The TQM Journal, vol. 33, no. 7, pp. 76–105, 2020.

NIST, “Voluntary Product Standards Program”, 2020. https://www.nist.gov/standardsgov/voluntary-product-standards-program.

MITRE, “Cyber Resiliency Design Principles”, 2017. www.mitre.org/sites/default/files/2022-09/pr-19-02172-10-cyber-resiliency-constructs-cyber-survivability.pdf.

R. Gyenes, “A Voluntary Cybersecurity Framework Is Unworkable- Government Must Crack the Whip,” Pittsburgh Journal of Technology Law and Policy, vol. 14, no. 2, pp. 293-314, 2014. https://doi.org/10.5195/tlp.2014.146

R. F. Babiceanu and R. Seker, “Cyber resilience protection for industrial internet of things: A software-defined networking approach”, Computers in Industry, vol. 104, pp. 47–58, 2019.

M. P. Efthymiopoulos, “A Cyber-Security Framework for Development, Defense and Innovation at NATO,” Journal of Innovation and Entrepreneurship, vol. 8, no. 1, pp. 1–26, 2019.

P. Nair and R. Ross, “Malaysian agencies investigate alleged breach affecting 13M, Bank Information Security”, 2023. https://www.bankinfosecurity.com/malaysian-agencies-investigate-alleged-breach-affecting-13-million-a-20839.

T. Koslowski and P. Longstaff, “Resilience Undefined: A Framework for Interdisciplinary Communication and Application to Real-World Problems”, Disaster Management: Enabling Resilience, pp. 3–20, 2015.

J. Scott, "Toward Cyberspace: Managing Cyberattacks through Polycentric Governance.", American University Law, vol. 62, no. 5, pp. 1275 – 1360, 2013.