Abstract/Details

Framework for Continuous Cybersecurity Management

Ahmed, Yehia M.   University of Colorado Colorado Springs ProQuest Dissertations & Theses,  2024. 31565302.

Abstract (summary)

This dissertation introduces an innovative continuous cybersecurity management artifact using design science research methodology. Cybersecurity management is the informed assurance that information risks and controls are balanced. Traditionally, this assurance is organized into functions outlined by the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), which include Governance, Detection, Protection, Response, and Recovery. However, these functions have often been managed in isolation and at specific points in time, leading to ineffective outcomes. While existing literature addresses each function through continuous, dynamic, and adaptive (CDA) methods, there remains a gap in integrating these functions into a comprehensive approach. Additionally, there is limited research on the practical application and effectiveness of CDA methodologies in real-world settings (Lins et al., 2016; Melaku, 2023).

This dissertation presents a Comprehensive Continuous, Adaptive, and Dynamic (CAD) cybersecurity management framework that integrates all functions and categories of NIST CSF 2.0. The framework was validated through the creation and evaluation of a software artifact that operationalizes these principles in real world setting, called Maple GRC.

Using Design Science Research Methodology (DSRM), this study identified key challenges, derived framework requirements from the literature, designed and developed the framework, and demonstrated is as a software artifact (Maple GRC), and evaluated its perceived effectiveness in improving cybersecurity management. Thirty-six professionals from IT, cybersecurity, governance, risk management, and compliance participated in the evaluation. The findings demonstrate that the artifact enhances cybersecurity management and fosters a strong intent to adopt the software among professionals. Moreover, the study highlights the absence of similar approaches in theory and practice and confirms the validity of this integrated, holistic and continuous paradigm to address cybersecurity challenges in modern organizations.

The research advocates for a shift from siloed, disconnected cybersecurity activities to a holistic, continuous, dynamic, and adaptive framework. In this model, each function influences and is influenced by others, fully integrating cybersecurity activities across the organization and its evolving environment.

Indexing (details)


Subject
Information technology;
Management;
Organization theory;
Business administration
Classification
0489: Information Technology
0454: Management
0635: Organization Theory
0310: Business administration
Identifier / keyword
Continuous cybersecurity management; Risk management; Design Science Research Methodology; Governance; Cybersecurity
Title
Framework for Continuous Cybersecurity Management
Author
Ahmed, Yehia M.
Number of pages
207
Publication year
2024
Degree date
2024
School code
0892
Source
DAI-A 86/4(E), Dissertation Abstracts International
ISBN
9798896071778
Advisor
Key, Thomas Martin
Committee member
Metzger, Matthew; Xu, Shouhuai
University/institution
University of Colorado Colorado Springs
Department
College of Business - Business Administration
University location
United States -- Colorado
Degree
D.B.A.
Source type
Dissertation or Thesis
Language
English
Document type
Dissertation/Thesis
Dissertation/thesis number
31565302
ProQuest document ID
3118984824
Copyright
Database copyright ProQuest LLC; ProQuest does not claim copyright in the individual underlying works.
Document URL
https://www.proquest.com/docview/3118984824