Risk assessment & mitigation for core security capabilities
Dupuis, Marc J. and Renaud, Karen; (2024) Risk assessment & mitigation for core security capabilities. In: eCrime 2024. UNSPECIFIED, USA. (In Press)
Text.
Filename: Dupuis-Renaud-2024-Risk-assessment-and-mitigation-for-core-security-capabilities.pdf
Preprint Restricted to Repository staff only until 1 January 2099. Download (2MB) | Request a copy |
Abstract
Efforts to assure the cybersecurity of an organization's information and systems rely on industry metrics to monitor their current state of play. These, when monitored over time, could also help organizations to determine whether they are improving their stance or lagging behind. We reviewed the literature on metrics and consulted 12 cybersecurity professionals, working in industry, to take a snapshot of the status quo of metric and framework usage. We report on what our respondents told us and conclude by explaining that, although they were aware of metrics, many only used minimal metrics, and few used any existing frameworks. This was primarily due to resource and other business constraints. It seems that we have to encourage and engender more metric usage, and that an automated approach, with an associated dashboard to support reporting, would be the best way to help organizations to benefit from this helpful mechanism.
ORCID iDs
Dupuis, Marc J. and Renaud, Karen ORCID: https://orcid.org/0000-0002-7187-6531;-
-
Item type: Book Section ID code: 90396 Dates: DateEvent12 August 2024Published12 August 2024AcceptedSubjects: Department: Faculty of Science > Computer and Information Sciences Depositing user: Pure Administrator Date deposited: 28 Aug 2024 13:56 Last modified: 29 Aug 2024 13:37 Related URLs: URI: https://strathprints.strath.ac.uk/id/eprint/90396