Risk assessment & mitigation for core security capabilities

Dupuis, Marc J. and Renaud, Karen; (2024) Risk assessment & mitigation for core security capabilities. In: eCrime 2024. UNSPECIFIED, USA. (In Press)

[thumbnail of Dupuis-Renaud-2024-Risk-assessment-and-mitigation-for-core-security-capabilities] Text. Filename: Dupuis-Renaud-2024-Risk-assessment-and-mitigation-for-core-security-capabilities.pdf
Preprint
Restricted to Repository staff only until 1 January 2099.
Download (2MB) | Request a copy

Abstract

Efforts to assure the cybersecurity of an organization's information and systems rely on industry metrics to monitor their current state of play. These, when monitored over time, could also help organizations to determine whether they are improving their stance or lagging behind. We reviewed the literature on metrics and consulted 12 cybersecurity professionals, working in industry, to take a snapshot of the status quo of metric and framework usage. We report on what our respondents told us and conclude by explaining that, although they were aware of metrics, many only used minimal metrics, and few used any existing frameworks. This was primarily due to resource and other business constraints. It seems that we have to encourage and engender more metric usage, and that an automated approach, with an associated dashboard to support reporting, would be the best way to help organizations to benefit from this helpful mechanism.

ORCID iDs

Dupuis, Marc J. and Renaud, Karen ORCID logoORCID: https://orcid.org/0000-0002-7187-6531;
  • Item type:Book Section
    ID code:90396
    Dates:
    Date
    Event
    12 August 2024
    Published
    12 August 2024
    Accepted
    Subjects:
    Department:Faculty of Science > Computer and Information Sciences
    Depositing user: Pure Administrator
    Date deposited:28 Aug 2024 13:56
    Last modified:29 Aug 2024 13:37
    Related URLs:
    URI:https://strathprints.strath.ac.uk/id/eprint/90396
CORE (COnnecting REpositories)