Evaluation of the Impact of Risk Management and Information Security on Cybersecurity Maturity of the Institute ABC Data Management Application
DOI:
https://doi.org/10.58812/wsist.v2i01.802Keywords:
Risk Management, Information Security, Cyber Security Maturity, Data Management Application, Quantitative AnalysisAbstract
In the contemporary digital landscape, organizations face an escalating array of cyber threats that imperil the security and confidentiality of their data assets. This quantitative study investigates the impact of risk management strategies and information security measures on the cyber security maturity of ABC Institute's data management application. Survey data were collected from 122 employees directly engaged in data management and security roles within the institute, and Structural Equation Modeling (SEM) with Partial Least Squares (PLS) was employed for data analysis. The findings reveal significant positive associations between risk management practices, information security measures, and cyber security maturity. These results emphasize the crucial role of comprehensive risk management strategies and robust information security measures in bolstering cyber resilience. Practical recommendations stemming from this study provide actionable insights for organizations aiming to fortify their cyber security posture.
References
A. Yeboah-Ofori and F. A. Opoku-Boateng, “Mitigating cybercrimes in an evolving organizational landscape,” Contin. Resil. Rev., vol. 5, no. 1, pp. 53–78, 2023.
S. Hore, F. Moomtaheen, A. Shah, and X. Ou, “Towards optimal triage and mitigation of context-sensitive cyber vulnerabilities,” IEEE Trans. Dependable Secur. Comput., vol. 20, no. 2, pp. 1270–1285, 2022.
C. B. Silaule, L. M. Makhubele, and S. P. Mamorobela, “A model to reduce insider cybersecurity threats in a South African telecommunications company,” South African J. Inf. Manag., vol. 24, no. 1, pp. 1–8, 2022.
N. Chaudhry, M. M. Yousaf, and M. T. Khan, “Security assessment of data management systems for cyber physical system applications,” J. Softw. Evol. Process, vol. 32, no. 2, p. e2241, 2020.
B. Diène, J. J. P. C. Rodrigues, O. Diallo, E. L. H. M. Ndoye, and V. V Korotaev, “Data management techniques for Internet of Things,” Mech. Syst. Signal Process., vol. 138, p. 106564, 2020.
A. Nikiforova, “Data security as a top priority in the digital world: preserve data value by being proactive and thinking security first,” in The International Research & Innovation Forum, Springer, 2022, pp. 3–15.
M. Y. Jung and J. W. Jang, “Data management and searching system and method to provide increased security for IoT platform,” in 2017 International conference on information and communication technology convergence (ICTC), IEEE, 2017, pp. 873–878.
G. Alam, S. Mahmood, M. Alshayeb, M. Niazi, and S. Zafar, “Maturity model for secure software testing,” J. Softw. Evol. Process, 2023.
V. E. Kulugh, U. M. Mbanaso, and G. Chukwudebe, “Cybersecurity Resilience Maturity Assessment Model for Critical National Information Infrastructure,” SN Comput. Sci., vol. 3, no. 3, p. 217, 2022.
O. Kuzmenko, H. Yarovenko, and L. Perkhun, “Assessing the maturity of the current global system for combating financial and cyber fraud,” Stat. Transit. new Ser., vol. 24, no. 1, pp. 229–258, 2023.
D. P. F. Möller, “Cybersecurity Maturity Models and SWOT Analysis,” in Guide to Cybersecurity in Digital Transformation: Trends, Methods, Technologies, Applications and Best Practices, Springer, 2023, pp. 305–346.
S. Chockalingam, E. Nystad, and C. Esnoul, “Capability Maturity Models for Targeted Cyber Security Training,” in International Conference on Human-Computer Interaction, Springer, 2023, pp. 576–590.
M.-E. Paté-Cornell and M. A. Kuypers, “A probabilistic analysis of cyber risks,” IEEE Trans. Eng. Manag., vol. 70, no. 1, pp. 3–13, 2021.
E. J. Wibowo and K. Ramli, “Impact of Implementation of Information Security Risk Management and Security Controls on Cyber Security Maturity (A Case Study at Data Management Applications of XYZ Institute),” J. Sist. Inf., vol. 18, no. 2, pp. 1–17, 2022.
K. Jakimoski, A. Bennett, and A. Holliday, “Positioning Cyber Security Risk Management Within a Consolidated Security Platform,” in Building Cyber Resilience against Hybrid Threats, IOS Press, 2022, pp. 134–144.
H. I. Kure and A. O. Nwajana, “Protection of critical infrastructure using an Integrated Cybersecurity Risk Management (i-CSRM) framework,” in 5G Internet of Things and Changing Standards for Computing and Electronic Systems, IGI Global, 2022, pp. 94–133.
R. R. Asaad and V. A. Saeed, “A Cyber Security Threats, Vulnerability, Challenges and Proposed Solution,” Appl. Comput. J., pp. 227–244, 2022.
K. I. Jones and R. Suchithra, “Information Security: A Coordinated Strategy to Guarantee Data Security in Cloud Computing,” Int. J. Data Informatics Intell. Comput., vol. 2, no. 1, pp. 11–31, 2023.
L. Huiyuan, “The The importance of information security as an integral part of the cyber security program,” «Вестник ВИСВ», no. 53, pp. 35–43, 2023.
L. A. Alexei and A. Alexei, “The difference between cyber security vs information security,” J. Eng. Sci., no. 4, pp. 72–83, 2022.
J. Marquez-Tejon, M. Jimenez-Partearroyo, and D. Benito-Osorio, “Integrated security management model: a proposal applied to organisational resilience,” Secur. J., pp. 1–24, 2023.
L. A. Sincorá, M. P. V. de Oliveira, H. Zanquetto-Filho, and M. Z. Alvarenga, “Developing organizational resilience from business process management maturity,” Innov. Manag. Rev., vol. 20, no. 2, pp. 147–161, 2023.
A. S. C. Junior and C. H. Arima, “Cyber risk management and iso 27005 applied in organizations: A systematic literature review,” Rev. FOCO, vol. 16, no. 02, pp. e1188–e1188, 2023.
M. H. Zahedi, A. R. Kashanaki, and E. Farahani, “Risk management framework in Agile software development methodology.,” Int. J. Electr. Comput. Eng., vol. 13, no. 4, 2023.
H. Zafar, “Critical Success Factors for an Effective Security Risk Management Program,” Int. J. Syst. Softw. Secur. Prot., vol. 13, no. 1, pp. 1–26, 2022.
E. S. Mandrakov, D. A. Dudina, V. A. Vasiliev, and M. N. Aleksandrov, “Risk Management Process in the Digital Environment,” in 2022 International Conference on Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS), IEEE, 2022, pp. 108–111.
S. Alghaithi, A. Alkaabi, H. Al Hamadi, N. A. Al-Dmour, and T. M. Ghazal, “A study of risk management frameworks and security testing for secure software systems,” in 2022 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME), IEEE, 2022, pp. 1–4.
C. L. Smith, “Security technology in the protection of assets,” Handb. Secur., pp. 656–682, 2014.
M. N. Masrek, T. Soesantari, A. Khan, and A. K. Dermawan, “Examining the relationship between information security effectiveness and information security threats,” Int. J. Bus. Soc., vol. 21, no. 3, pp. 1203–1214, 2020.
A. Al Mehairi, R. Zgheib, T. M. Abdellatif, and E. Conchon, “Cyber Security Strategies While Safeguarding Information Systems in Public/Private Sectors,” in International Conference on Electronic Governance with Emerging Technologies, Springer, 2022, pp. 49–63.
B. Kör and B. Metin, “Understanding human aspects for an effective information security management implementation,” Int. J. Appl. Decis. Sci., vol. 14, no. 2, pp. 105–122, 2021.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Riana Safitri, Darjat Darjat
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.