Developing an Agile Cybersecurity Framework With Organizational Culture Approach Using Q Methodology

Abstract

Cyberattacks continue to pose significant threats and damages across a wide range of sectors. The main problem that causes this lies in the misinterpretation of the implementation of cybersecurity frameworks. They often rely excessively on technology as the primary solution and neglect human factors. Resulting the implementation not being agile or adaptive. This study critically evaluates existing cybersecurity frameworks and introduces a new approach, an agile cybersecurity framework that integrates technology and organizational culture. Utilizing Q methodology, this study determined the core components and processes of a reconstructed cybersecurity framework based on inputs from a systematic literature review and expert views. The results revealed five core components: Security Governance, Risk Management, Incident Management, Security Technology, and Organizational Culture. The adopted agile method is a combination of the Dynamic System Development Model (DSDM) and Feature Driven Development (FDD). The proposed framework is expected to improve the agility of cybersecurity implementation, optimize human factors in the organization to mitigate cyberattacks better, and reduce their potential impact.