Cybersecurity Cost of Quality: Managing the Costs of Cybersecurity Risk Management
نویسندگان
چکیده
There is no standard yet for measuring and controlling the costs associated with implementing cybersecurity programs. To advance research and practice towards this end, we develop a mapping using the well-known concept of quality costs and the Framework Core within the Cybersecurity Framework produced by the National Institute of Standards and Technology (NIST) in response to the Cybersecurity Enhancement Act of 2014. This mapping can be easily adopted by organizations that are already using the NIST CSF for cybersecurity risk management to plan, manage, and continually improve cybersecurity operations. If an organization is not using the NIST CSF, this mapping may still be useful for linking elements in accounting systems that are associated with cybersecurity operations and risk management to a quality cost model. Keywords: cyberquality, cybersecurity, quality costs, cybersecurity cost of quality (CCoQ), standards, risk management
منابع مشابه
Cybersecurity Practices for E-Government: An Assessment in Bhutan
The main goal of e-government implementation is to improve the effectiveness, efficiency and quality of public service delivery using Information and Communication Technologies (ICT). However, its success is dependent on the provision of information security goals such as confidentiality, integrity, availability and trust. Therefore, cybersecurity is vital for the successful adoption of e-gover...
متن کاملCritical review of cybersecurity protection procedures and practice in water distribution systems
The objective of this paper is to conduct a critical review of cybersecurity procedures and practices in the water distribution sector. Specifically, this paper provides a characterization of the current state of cybersecurity practice and risk management in drinking water systems. This characterization is critically important due to the number of cyber attacks that have occurred against water ...
متن کامل1 Risk Management and the Cybersecurity of the U . S . Government
Risk management is a fundamental principle of cybersecurity. It is the basis of the NIST Framework for Improving Critical Infrastructure Cybersecurity. Agencies of the U.S. Government certify the operational security of their information systems against the requirements of the FISMA Risk Management Framework (RMF). The alternative to risk management would presumably be a quest for total securit...
متن کاملDoctrine for Cybersecurity
A succession of doctrines have been advocated in the past for enhancing cybersecurity: prevention, risk management, and deterrence through accountability. None has proved effective, and their failings are discussed. Proposals are now being made to view cybersecurity as a public good or to adopt mechanisms inspired by those used for public health. This landscape is surveyed through the lens that...
متن کاملCybersecurity Information Sharing: a Framework for Sustainable Information Security Management in UK SME Supply Chains
UK small to medium sized enterprises (SMEs) are suffering increasing levels of cybersecurity breaches and are a major point of vulnerability in the supply chain networks in which they participate. A key factor for achieving optimal security levels within supply chains is the management and sharing of cybersecurity information associated with specific metrics. Such information sharing schemes am...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1707.02653 شماره
صفحات -
تاریخ انتشار 2017