Conceptual Design of a Cybersecurity Resilience Maturity Measurement (CRMM) Framework

dc.citation.doihttps://doi.org/10.23962/10539/27535en_ZA
dc.citation.epage26en_ZA
dc.citation.issue23en_ZA
dc.citation.spage1en_ZA
dc.contributor.authorMbanaso, Uche M.
dc.contributor.authorAbrahams, Lucienne
dc.contributor.authorApene, Oghenevovwero Zion
dc.date.accessioned2019-06-27T23:32:46Z
dc.date.available2019-06-27T23:32:46Z
dc.date.issued2019-05-28
dc.description.abstractAfrican countries are at high risk with respect to cybersecurity breaches and are experiencing substantial financial losses. Amongst the top cybersecurity frameworks, many focus on guidelines with respect to detection, protection and response, but few offer formal frameworks for measuring actual cybersecurity resilience. This article presents the conceptual design for a cybersecurity resilience maturity measurement (CRMM) framework to be applied in organisations, notably for critical information infrastructure (CII), as part of cyber risk management treatment. The main thrusts of the framework are to establish, through assessment in terms of quantitative measures, which cybersecurity controls exist in an organisation, how effective and efficient these controls are with respect to cybersecurity resilience, and steps that need to be taken to improve resilience maturity. The CRMM framework we outline is conceptualised as being applicable both pre- and post-cyber attack. Drawing on the NIST cybersecurity framework (NIST CSF) and other relevant frameworks, the CRMM approach conceptualised in this article would be able to depict an organisation’s cybersecurity practices and gauge the organisation’s cybersecurity maturity at regular intervals. This CRMM approach is grounded in the idea that, by quantifying an organisation’s current practices against established baseline security controls and global best practices, the resulting status measurement can provide the appropriate basis for managing cyber risk in a consistent and proportionate fashion. The CRMM framework defines four cybersecurity resilience quadrants (CRQs), which depict four different degrees of organisational preparedness, in terms of both risk and resilience.en_ZA
dc.description.librarianCA2019en_ZA
dc.identifier.citationMbanaso, U. M., Abrahams, L., & Apene, O. Z. (2019). Conceptual design of a cybersecurity resilience maturity measurement (CRMM) framework. The African Journal of Information and Communication (AJIC), 23, 1–26. https://doi.org/10.23962/10539/27535en_ZA
dc.identifier.issn2077-7213 (online version)
dc.identifier.issn2077-7205 (print version)
dc.identifier.urihttps://hdl.handle.net/10539/27535
dc.identifier.urihttps://doi.org/10.23962/10539/27535
dc.journal.linkhttps://www.wits.ac.za/linkcentre/ajicen_ZA
dc.journal.titleThe African Journal of Information and Communication (AJIC)en_ZA
dc.language.isoenen_ZA
dc.orcid.idMbanaso: https://orcid.org/0000-0003-2784-7415; Abrahams: https://orcid.org/0000-0002-521; Apene: https://orcid.org/0000-0001-8051-26959-8448;en_ZA
dc.publisherLINK Centre, University of the Witwatersrand (Wits), Johannesburgen_ZA
dc.subjectcybersecurity, cybersecurity resilience maturity measurement (CRMM), cybersecurity resilience quadrants (CRQs), critical information infrastructure (CII), NIST cybersecurity framework (NIST CSF), cyber risk management, cybersecurity resilience, cybersecurity controlsen_ZA
dc.titleConceptual Design of a Cybersecurity Resilience Maturity Measurement (CRMM) Frameworken_ZA
dc.typeArticleen_ZA
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
AJIC-Issue-23-2019-Mbanaso-et-al.pdf
Size:
714.29 KB
Format:
Adobe Portable Document Format
Description:
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description: