Context-Based and Adaptive Cybersecurity Risk Management Framework

Abstract

Currently, organizations are faced with a variety of cyber-threats and are possibly challenged by a wide range of cyber-attacks of varying frequency, complexity, and impact. However, they can do something to prevent, or at least mitigate, these cyber-attacks by first understanding and addressing their common problems regarding cybersecurity culture, developing a cyber-risk management plan, and devising a more proactive and collaborative approach that is suitable according to their organization context. To this end, firstly various enterprise, Information Technology (IT), and cybersecurity risk management frameworks are thoroughly reviewed along with their advantages and limitations. Then, we propose a proactive cybersecurity risk management framework that is simple and dynamic, and that adapts according to the current threat and technology landscapes and organizational context. Finally, performance metrics to evaluate the framework are proposed.