Relevant bibliographies by topics / Cybersecurity risk management

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers
  6. Reports

Academic literature on the topic 'Cybersecurity risk management'

Author: Grafiati
Published: 28 July 2024
Last updated: 9 January 2025

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Cybersecurity risk management.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Cybersecurity risk management"

1

Eaton, Tim V., Jonathan H. Grenier, and David Layman. "Accounting and Cybersecurity Risk Management." Current Issues in Auditing 13, no. 2 (March 1, 2019): C1—C9. http://dx.doi.org/10.2308/ciia-52419.

Full text
Abstract:
SUMMARY As the number of cybersecurity incidents continue to rise and stakeholders are becoming increasingly concerned, companies are devoting considerable resources to their cybersecurity risk management efforts and related cybersecurity disclosures. This paper describes how accountants are uniquely positioned to assist companies with these efforts in advisory and assurance capacities. We present a model of effective cybersecurity risk management and discuss how accountants' core competencies can add significant value in each of the model's five stages. In addition, we use several recent high-profile cybersecurity incidents as illustrative examples in each of the five stages. We conclude by discussing implications for accountants.
APA, Harvard, Vancouver, ISO, and other styles
2

Burrell, Darrell Norman. "Understanding Healthcare Cybersecurity Risk Management Complexity." Land Forces Academy Review 29, no. 1 (February 28, 2024): 38–49. http://dx.doi.org/10.2478/raft-2024-0004.

Full text
Abstract:
Abstract It is important to fully comprehend the critical role of the healthcare and public health sector in safeguarding the economy from various threats, including terrorism, infectious diseases, and natural disasters. The private ownership of many healthcare assets underscores the need for enhanced collaboration and information sharing between the public and private sectors. The COVID-19 pandemic has accelerated the digitalization of this sector, leading to a heightened risk of cyber threats. The increasing reliance on emerging technologies such as blockchain, the metaverse, and virtual reality is further exacerbating the cybersecurity landscape, with the projected cost of cybercrime exceeding $10 trillion in 2023 and an anticipated surge to nearly $24 trillion in the next four years. Human error remains the primary cause of cybersecurity incidents, accounting for 95% of reported cases, with insider threats contributing significantly. Despite increased cyber training and risk mitigation efforts, vulnerabilities continue to be rapidly exploited. This paper provides an in-depth analysis of cybersecurity risks in the healthcare sector, drawing on existing literature and theoretical frameworks to highlight the complex challenges in this evolving landscape.
APA, Harvard, Vancouver, ISO, and other styles
3

Briscoe, Christopher, and Carl Young. "Scale, Complexity, and Cybersecurity Risk Management." Journal of Information Security 15, no. 04 (2024): 524–44. http://dx.doi.org/10.4236/jis.2024.154029.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Olawoyin, Olayinka Michael. "Blockchain Technology in Risk Management: Strengthening Cybersecurity and Financial Integrity." International Journal of Research Publication and Reviews 5, no. 10 (October 2024): 2336–48. http://dx.doi.org/10.55248/gengpi.5.1024.2829.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Adebayo Omowunmi Temitope, LawalYusufAdedayo, and Braimoh Kareem. "Cybersecurity risk management in agile development: protecting data and system." International Journal of Science and Research Archive 8, no. 1 (February 28, 2023): 988–94. http://dx.doi.org/10.30574/ijsra.2023.8.1.0188.

Full text
Abstract:
The rapid evolution of technology and the increasing complexity of systems have made cybersecurity a critical concern for organizations, particularly in the context of Agile development. Agile methodologies prioritize flexibility, collaboration, and iterative progress, which can inadvertently introduce unique cybersecurity risks. This paper explores the integration of cybersecurity risk management practices within Agile development frameworks, emphasizing the need for organizations to proactively address vulnerabilities while maintaining the agility of their development processes. By examining common threats, risk assessment techniques, and mitigation strategies, this research outlines best practices for incorporating cybersecurity into Agile development cycles. The paper further discusses the importance of fostering a security-aware culture among Agile teams and leveraging DevSecOps principles to ensure that security considerations are embedded throughout the development lifecycle. Real-world case studies illustrate successful implementations of cybersecurity risk management in Agile projects, providing valuable insights for organizations seeking to protect their data and systems while remaining agile. Ultimately, this research aims to provide a comprehensive framework for integrating cybersecurity risk management into Agile development practices, thereby enhancing the overall security posture of organizations. The accelerating pace of digital transformation and the increasing sophistication of cyber threats have made cybersecurity a paramount concern for organizations operating within Agile development frameworks. Agile methodologies, characterized by their emphasis on iterative progress, collaboration, and rapid delivery, present unique challenges to traditional cybersecurity practices. This paper investigates the critical intersection of cybersecurity risk management and Agile development, highlighting the need for organizations to proactively identify and mitigate security risks while maintaining the inherent flexibility and responsiveness that Agile offers. Through a comprehensive examination of common cybersecurity threats faced by Agile teams—such as data breaches, insider threats, and third-party vulnerabilities—this research underscores the importance of integrating security into the Agile lifecycle. The paper details effective risk assessment methodologies tailored to Agile environments, including continuous risk assessment, threat modeling, and user story analysis. Furthermore, it presents a framework for risk mitigation that emphasizes the adoption of DevSecOps principles, automated security testing, and the cultivation of a security-aware culture among Agile practitioners. By fostering open communication and recognizing security champions within teams, organizations can enhance their cybersecurity posture without compromising their Agile values. Real-world case studies illustrate successful implementations of cybersecurity practices in Agile projects, providing actionable insights for organizations aiming to protect their data and systems. Ultimately, this research aims to equip stakeholders with a holistic understanding of how to integrate cybersecurity risk management into Agile development processes, thereby enhancing organizational resilience against cyber threats while supporting the goals of agility and innovation.
APA, Harvard, Vancouver, ISO, and other styles
6

Keskin, Omer F., Kevin Matthe Caramancion, Irem Tatar, Owais Raza, and Unal Tatar. "Cyber Third-Party Risk Management: A Comparison of Non-Intrusive Risk Scoring Reports." Electronics 10, no. 10 (May 13, 2021): 1168. http://dx.doi.org/10.3390/electronics10101168.

Full text
Abstract:
Cybersecurity is a concern for organizations in this era. However, strengthening the security of an organization’s internal network may not be sufficient since modern organizations depend on third parties, and these dependencies may open new attack paths to cybercriminals. Cyber Third-Party Risk Management (C-TPRM) is a relatively new concept in the business world. All vendors or partners possess a potential security vulnerability and threat. Even if an organization has the best cybersecurity practice, its data, customers, and reputation may be at risk because of a third party. Organizations seek effective and efficient methods to assess their partners’ cybersecurity risks. In addition to intrusive methods to assess an organization’s cybersecurity risks, such as penetration testing, non-intrusive methods are emerging to conduct C-TPRM more easily by synthesizing the publicly available information without requiring any involvement of the subject organization. In this study, the existing methods for C-TPRM built by different companies are presented and compared to discover the commonly used indicators and criteria for the assessments. Additionally, the results of different methods assessing the cybersecurity risks of a specific organization were compared to examine reliability and consistency. The results showed that even if there is a similarity among the results, the provided security scores do not entirely converge.
APA, Harvard, Vancouver, ISO, and other styles
7

Li, He, Won Gyun No, and Tawei Wang. "SEC's cybersecurity disclosure guidance and disclosed cybersecurity risk factors." International Journal of Accounting Information Systems 30 (September 2018): 40–55. http://dx.doi.org/10.1016/j.accinf.2018.06.003.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Chebib, Tom. "Digital Identity: A Human-Centered Risk Awareness Study." Muma Business Review 5 (2021): 031–33. http://dx.doi.org/10.28945/4826.

Full text
Abstract:
Cybersecurity breaches have been at the forefront of most news outlets, recently. People’s Digital Identity has been at the epicenter of cybersecurity breaches. Defining the composition of digital identity is the first step at risk identification and the first step towards risk mitigation. Cybersecurity risk management tools are lacking in user-centricity. Organizations like the National Institute of Standards and Technology have to craft user-centric personal cybersecurity risk management frameworks.
APA, Harvard, Vancouver, ISO, and other styles
9

Kure, Halima Ibrahim, and Shareeful Islam. "Assets focus risk management framework for critical infrastructure cybersecurity risk management." IET Cyber-Physical Systems: Theory & Applications 4, no. 4 (December 1, 2019): 332–40. http://dx.doi.org/10.1049/iet-cps.2018.5079.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Lee, In. "Internet of Things (IoT) Cybersecurity: Literature Review and IoT Cyber Risk Management." Future Internet 12, no. 9 (September 18, 2020): 157. http://dx.doi.org/10.3390/fi12090157.

Full text
Abstract:
Along with the growing threat of cyberattacks, cybersecurity has become one of the most important areas of the Internet of Things (IoT). The purpose of IoT cybersecurity is to reduce cybersecurity risk for organizations and users through the protection of IoT assets and privacy. New cybersecurity technologies and tools provide potential for better IoT security management. However, there is a lack of effective IoT cyber risk management frameworks for managers. This paper reviews IoT cybersecurity technologies and cyber risk management frameworks. Then, this paper presents a four-layer IoT cyber risk management framework. This paper also applies a linear programming method for the allocation of financial resources to multiple IoT cybersecurity projects. An illustration is provided as a proof of concept.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Cybersecurity risk management"

1

Rassega, Valter. "Cyber security risk management nei servizi pubblici strategici." Doctoral thesis, Universita degli studi di Salerno, 2017. http://hdl.handle.net/10556/2571.

Full text
Abstract:
2015 - 2016
The global digital network, with its ability to communicate directly and in real time between people in every part of the planet, is a formidable tool to develop relationships and realize exchange of information and knowledge. In cyberspace they coexist people of all kinds, characterized by different interests, different cultures and different ways of relating to others. From an economic point of view, the global network has become a formidable transactional tool for the exchange of goods and services and there is the commercial and industrial sector that has not arrived in some way in cyberspace. The cybernetic revolution, induced by new and increasingly powerful electronic and computer technologies, it is not limited to connect the network, almost all of the planet's surface but is rapidly expanding to the direct control of myriad physical devices of the most varied , from Smartphone to wearable devices, from city traffic control to the electricity production and distribution infrastructure systems. And 'the SO-CALLED "Internet of Things" and the Internet of things, the network that interconnects all electronic devices capable of communicating with the outside world. A pervasive who did not spare the public sector which, first, is called on to provide answers on many fronts, not least regulatory, and as far as possible, ensure compliance with the rules in the real world even in cyberspace. In particular, the public sector must take responsibility to ensure the physical and cyber security of SO-CALLED National Critical Infrastructure, including all the essential services for national security, the proper functioning of the country and its economic growth and, not least, the well-being of the population. Are Critical Infrastructures electric and energy system, communication networks in general, networks and transport infrastructure of people and goods (ship, rail, air and road), the public health system, economics and financial channels, the national networks of government , regions, those for emergency management and civil protection. The challenge is complex and Public Administration alone seems unable to respond effectively to increasingly sophisticated cyber-attacks that day, affecting the civilian world, industrial and economic. NCI are not immune and, as a result, the Public Strategic Services are exposed to significant risks. On this issue, Western governments have long established close cooperation with the private sector, and highlighted the need to define a strategy and a shared modus operandi and quality between the various actors involved. This work aims to address systematically the "hot" topic of cyber security, an area that involves national governments, military, intelligence services, the economy and the business world as a whole and, gradually and in various capacities and degree of interest, every single citizen of the world. In this unprecedented scenario, strongly characterized by uncertainty and variability of the virus, the application sic et simpliciter of "traditional" evaluation techniques of the corporate risk derivation is inadequate for this purpose, despite a certain degree of adaptation to the new scenario is already underway. The analysis focuses on the relative adaptive-evolution that is affecting the risk management in the field of cyber security and state of the art in the academic and scientific world views in the introduction of new and more advanced tools for analysis the Cyber Risk. The work ends with a case study of a large Italian company which provides a strategic public service such as electricity. [edited by author]
La rete digitale globale, con la sua capacità di stabilire contatti diretti e in tempo reale tra persone in ogni parte del pianeta, rappresenta uno strumento formidabile per sviluppare relazioni e realizzare scambio di informazioni e di conoscenza. Nel cyberspazio convivono persone di ogni tipo, caratterizzate da interessi diversi, culture differenti e diversi modi di relazionarsi con il prossimo. Dal punto di vista economico, la rete globale è oggi un formidabile strumento transazionale per lo scambio di beni e di servizi e non vi è settore commerciale e industriale che non sia approdato in qualche modo nel cyberspazio. La rivoluzione cibernetica, indotta dalle nuove e sempre più potenti tecnologie elettroniche e informatiche, non si è limitata a connettere in rete la quasi totalità della superficie del pianeta ma si sta rapidamente espandendo verso il controllo diretto di una miriade di dispositivi fisici tra i più vari, dagli Smartphone ai dispositivi indossabili, dai sistemi di controllo del traffico cittadino alle infrastrutture di produzione e distribuzione di energia elettrica. E’ la c.d. “Internet of Things” o Internet delle cose, che interconnette in rete tutti i dispositivi elettronici in grado di comunicare con il mondo esterno. Una pervasività che non ha risparmiato il settore pubblico che, in primo luogo, è chiamato a fornire risposte su numerosi fronti, non ultimo quello normativo, e, per quanto possibile, garantire il rispetto delle regole presenti nel mondo reale anche nello spazio cibernetico. In particolare, il settore pubblico deve farsi carico di garantire la sicurezza fisica e informatica delle c.d. infrastrutture critiche nazionali, che includono tutti quei servizi essenziali per la sicurezza nazionale, il buon funzionamento del Paese e la sua crescita economica e, non ultimo, il benessere della popolazione. Sono Infrastrutture Critiche il sistema elettrico ed energetico, le reti di comunicazione in genere, le reti e le infrastrutture di trasporto di persone e merci (navale, ferroviario, aereo e stradale), il sistema sanitario pubblico, i circuiti economici e finanziari, le reti del Governo nazionale, delle Regioni, quelle per la gestione delle emergenze e della Protezione Civile. La sfida è complessa e la Pubblica Amministrazione da sola non sembra in grado di poter rispondere in modo efficace agli attacchi informatici sempre più sofisticati che, quotidianamente, colpiscono il mondo civile, industriale ed economico. Le infrastrutture critiche nazionali non ne sono immuni e, di conseguenza, i Servizi Pubblici Strategici sono esposti a significativi rischi. Su questo tema, i Governi occidentali hanno da tempo avviato una stretta collaborazione con il settore privato, ed è emersa la necessità di definire una strategia e un modus operandi condiviso e di qualità tra i vari attori coinvolti. Questo lavoro si propone di affrontare in maniera sistematica il tema “caldo” della Cyber Security, un ambito che coinvolge governi nazionali, settori militari, servizi di informazione, il sistema economico e il mondo delle imprese nel suo complesso e, via via e a vario titolo e grado di interesse, ogni singolo cittadino del mondo. In questo scenario inedito, fortemente connotato da incertezza e variabilità delle minacce, l’applicazione sic et simpliciter delle tecniche “tradizionali” di valutazione del rischio di derivazione aziendale risulta inadeguata allo scopo, nonostante un certo grado di adattamento al nuovo scenario sia già in corso. L’analisi si concentra sulla parte relativa all’’evoluzione adattativa’ che sta interessando il risk management nel campo della cyber security e dello stato dell’arte nel panorama accademico e scientifico mondiale nell’introduzione di nuovi e più evoluti strumenti per l’analisi del Cyber Risk. Il lavoro si conclude con un caso di studio effettuato su di una grande azienda italiana che fornisce un servizio pubblico strategico quale l’energia elettrica. [a cura dell'autore]
XV n.s.
APA, Harvard, Vancouver, ISO, and other styles
2

Steinbernreiter, Kajsa. ""The cyber war" : A qualitative study investigating the management of cybersecurity in Swedish online fashion companies." Thesis, Högskolan i Borås, Akademin för textil, teknik och ekonomi, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:hb:diva-22101.

Full text
Abstract:
Due to a world-wide digitalisation, the fashion segment has experienced a shift from offline to online shopping. Consequently, more companies choose to interconnect digitally with consumers and suppliers. This highlights cyber risks and cybersecurity issues more than ever, which becomes specifically apparent amongst online companies. Through qualitative semi-structured interviews with three different Swedish online fashion companies, the purpose of investigating how cybersecurity currently is prioritised and managed was reached. In addition to this, two cybersecurity experts gave their view of the most important aspects in the field, which companies should consider. Results showed a fairly well-managed cybersecurity amongst Swedish online fashion companies, even though knowledge in the field is scarce. Through educating everyone at the company and implementing a group of people in charge of these questions, a more holistic view could be attained. By offering thoughts on how online fashion companies can enhance their current cybersecurity, this paper contributes to the literature of cyber risk management as well as provides meaningful knowledge to all types of online companies.
APA, Harvard, Vancouver, ISO, and other styles
3

Baker, Wade Henderson. "Toward a Decision Support System for Measuring and Managing Cybersecurity Risk in Supply Chains." Diss., Virginia Tech, 2017. http://hdl.handle.net/10919/85128.

Full text
Abstract:
Much of the confusion about the effectiveness of information security programs concerns not only how to measure, but also what to measure — an issue of equivocality. Thus, to lower uncertainty for improved decision-making, it is first essential to reduce equivocality by defining, expanding, and clarifying risk factors so that metrics, the "necessary measures," can be unambiguously applied. We formulate a system that (1) allows threats to be accurately measured and tracked, (2) enables the impacts and costs of successful threats to be determined, and (3) aids in evaluating the effectiveness and return on investment of countermeasures. We then examine the quality of controls implemented to mitigate cyber risk and study how effectively they reduce the likelihood of security incidents. Improved control quality was shown to reduce the likelihood of security incidents, yet the results indicate that investing in maximum quality is not necessarily the most efficient use of resources. The next manuscript expands the discussion of cyber risk management beyond single organizations by surveying perceptions and experiences of risk factors related to 3rd parties. To validate and these findings, we undertake in an in-depth investigation of nearly 1000 real-world data breaches occurring over a ten-year period. It provides a robust data model and rich database required by a decision support system for cyber risk in the extended enterprise. To our knowledge, it is the most comprehensive field study ever conducted on the subject. Finally, we incorporate these insights, data, and factors into a simulation model that enables us study the transfer of cyber risk across different supply chain configurations and draw important managerial implications.
Ph. D.
APA, Harvard, Vancouver, ISO, and other styles
4

Gao, Olivia Qing. "Risk Assessment for IoT : a system evaluation of the smart home and its cybersecurity imperative." Thesis, Massachusetts Institute of Technology, 2016. http://hdl.handle.net/1721.1/106247.

Full text
Abstract:
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, School of Engineering, System Design and Management Program, Engineering and Management Program, 2016.
Cataloged from PDF version of thesis.
Includes bibliographical references (pages 92-107).
In the past two decades, the exponential growth of the modern Internet with the digitization of most human activities such as data gathering and storage have also fueled the growth of cybercrimes. In more recent years, the modern Internet is spreading into everyday life through the Internet of Things (IoT), which is further expanding the attack surface. Among all the IoT domains, the smart home, in particular, is poised to be one of the most exciting application areas of the IoT. However, behind the optimistic outlook, the shadow of an impending threat is also growing. Across the board, among the smart home device manufacturers, security is nearly non-existent or significantly downplayed. Consequently, the neglected, unresolved vulnerabilities in these devices widely expose their users and their family to cyberattacks. This thesis aims to illuminate the dynamics in the smart home market and their implications for IoT as a whole. First, it will review the past evolution of the IoT and the smart home along with current trends in enabling technologies. Next, through detailed examinations of four dynamic factors - i) macro pressures to innovate, 2) growing perils of cybercrimes, 3) vulnerabilities in the smart home, and 4) values at risk - the thesis seeks to elucidate the serious consequences of ignoring cybersecurity in the smart home system through causal loop diagramming. This thesis uses substantiated data from the past few years to justify its analyses. The thesis concludes that the smart home is an essential innovation that can help solve many urgent challenges facing our time, and securing the smart home devices is a key step towards building a safer and more secure IoT future as well as a future for the current generation and many generations to come.
by Olivia Qing Gao.
S.M. in Engineering and Management
APA, Harvard, Vancouver, ISO, and other styles
5

Stefanska, Beata, and Fatimah Laura Al-Dawod. "The importance of risk awareness in cybersecurity among companies : A perspective on the role of top management." Thesis, Linköpings universitet, Institutionen för ekonomisk och industriell utveckling, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-177218.

Full text
Abstract:
Background: Today´s world is characterized by a high level of digitalization that contributes to the development of new and effective technologies. However, this digital success requires knowledge and awareness about cybersecurity. Previous studies have shown that during 2020 the number of cyber-attacks among Swedish companies have increased. Due to digitalization, external parties find new methods to enter a company's systems and take advantage of its innovations and valuable information. That can affect the company's value negatively by ruining its reputation and making the stakeholders mistrust it. Purpose: The purpose of the study is to contribute to an increased understanding of strategic leadership´s influence on cyber risk awareness. Methodology: This study follows a qualitative research method. The data have been conducted through semi-structured interviews, based on 11 respondents consisting of experts whose professional background is anchored in cybersecurity. The research process follows an abductive approach. Conclusion: This study concludes that the current state of cyber risk awareness is not sufficient although it is increasing. Risk awareness is dependent on knowledge and organizational culture. This study concludes that the top management has a significant role in the influence of organizational culture and knowledge and thereby the risk awareness of a company, which in turn has an impact ontheir cybersecurity. It is the responsibility of the top management to delegate tasks that enhance riskawareness. Therefore, cyber risk awareness is to be treated as a top management issue. As a contribution, the study provides an insight on how humans, in this case, the top managementinfluences a company's cybersecurity through risk awareness.
APA, Harvard, Vancouver, ISO, and other styles
6

Arowolo, Olatunji Mujib. "Strategic Cyber-Risk Implications of Cloud Technology Adoption in the U.S. Financial Services Sector." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/4347.

Full text
Abstract:
According to research, the risks of adopting new technology and the technological and organizational factors that influence adopting it are not clear. Thus, many financial institutions have hesitated to adopt cloud-computing. The purpose of this quantitative, cross-sectional study was to evaluate the cyber-risk implications of cloud-computing adoption in the U.S. financial services sector. The study examined 6 technological and organizational factors: organization size, relative advantage, compliance, security, compatibility, and complexity within the context of cyber-risk. Using a combination of diffusion of innovation theory and technology-organization-environment framework as the foundation, a predictive cybersecurity model was developed to determine the factors that influence the intent to adopt cloud-computing in this sector. A random sample of 118 IT and business leaders from the U.S. financial services sector was used. Multiple regression analysis indicated that there were significant relationships between the intent to adopt cloud-computing by the leaders of financial organizations and only 2 of the 6 independent variables: compliance risk and compatibility risk. The predictive cybersecurity model proposed in this study could help close the gaps in understanding the factors that influence decisions to adopt cloud-computing. Once the rate of cloud-computing adoption increases, this study could yield social change in operational efficiency and cost improvement for both U.S. financial organizations and their consumers.
APA, Harvard, Vancouver, ISO, and other styles
7

Abu-Shaqra, Baha. "Technoethics and Sensemaking: Risk Assessment and Knowledge Management of Ethical Hacking in a Sociotechnical Society." Thesis, Université d'Ottawa / University of Ottawa, 2020. http://hdl.handle.net/10393/40393.

Full text
Abstract:
Cyber attacks by domestic and foreign threat actors are increasing in frequency and sophistication. Cyber adversaries exploit a cybersecurity skill/knowledge gap and an open society, undermining the information security/privacy of citizens and businesses and eroding trust in governments, thus threatening social and political stability. The use of open digital hacking technologies in ethical hacking in higher education and within broader society raises ethical, technical, social, and political challenges for liberal democracies. Programs teaching ethical hacking in higher education are steadily growing but there is a concern that teaching students hacking skills increases crime risk to society by drawing students toward criminal acts. A cybersecurity skill gap undermines the security/viability of business and government institutions. The thesis presents an examination of opportunities and risks involved in using AI powered intelligence gathering/surveillance technologies in ethical hacking teaching practices in Canada. Taking a qualitative exploratory case study approach, technoethical inquiry theory (Bunge-Luppicini) and Weick’s sensemaking model were applied as a sociotechnical theory (STEI-KW) to explore ethical hacking teaching practices in two Canadian universities. In-depth interviews with ethical hacking university experts, industry practitioners, and policy experts, and a document review were conducted. Findings pointed to a skill/knowledge gap in ethical hacking literature regarding the meanings, ethics, values, skills/knowledge, roles and responsibilities, and practices of ethical hacking and ethical hackers which underlies an identity and legitimacy crisis for professional ethical hacking practitioners; and a Teaching vs Practice cybersecurity skill gap in ethical hacking curricula. Two main S&T innovation risk mitigation initiatives were explored: An OSINT Analyst cybersecurity role and associated body of knowledge foundation framework as an interdisciplinary research area, and a networked centre of excellence of ethical hacking communities of practice as a knowledge management and governance/policy innovation approach focusing on the systematization and standardization of an ethical hacking body of knowledge.
APA, Harvard, Vancouver, ISO, and other styles
8

Takacs, Gergely. "Integration of CTI into security management." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-74246.

Full text
Abstract:
Current thesis is a documentative approach to sum up experiences of a practical projectof implementing Cyber Threat Intelligence into an existing information securitymanagement system and delivering best practices using action design researchmethodology. The project itself was delivered to a multinational energy provider in 2017.The aim of the CTI-implementation was to improve the information security posture ofthe customer. The author, as participant of the delivery team presents an extensive reviewof the current literature on CTI and puts the need for threat intelligence into context. Theauthor claims that traditional security management is not able to keep up with currentcybersecurity threats which makes a new approach required. The thesis gives an insightof an actually working and continuously developed CTI-service and offers possible bestpractices for InfoSec professionals, adds theoretical knowledge to the body of knowledgeand opens up new research areas for researchers.
APA, Harvard, Vancouver, ISO, and other styles
9

Curran, Theresa. "Standardizing Instructional Definition and Content Supporting Information Security Compliance Requirements." Diss., NSUWorks, 2018. https://nsuworks.nova.edu/gscis_etd/1038.

Full text
Abstract:
Information security (IS)-related risks affect global public and private organizations on a daily basis. These risks may be introduced through technical or human-based activities, and can include fraud, hacking, malware, insider abuse, physical loss, mobile device misconfiguration or unintended disclosure. Numerous and diverse regulatory and contractual compliance requirements have been mandated to assist organizations proactively prevent these types of risks. Two constants are noted in these requirements. The first constant is requiring organizations to disseminate security policies addressing risk management through secure behavior. The second constant is communicating policies through IS awareness, training and education (ISATE) programs. Compliance requirements direct that these policies provide instruction about making compliant and positive security decisions to reduce risk. Policy-driven and organizationally-relevant ISATE content is understood to be foundational and critical to prevent security risk. The problem identified for investigation is inconsistency of the terms awareness, training and education as found in security-related regulatory, contractual and policy compliance requirements. Organizations are mandated to manage a rapidly increasing portfolio of inconsistent ISATE compliance requirements generated from many sources. Since there is no one set of common guidance for compliance, organizations struggle to meet global, diverse and inconsistent compliance requirements. Inconsistent policy-related content and instructions, generated from differing sources, may cause incorrect security behavior that can present increased security risk. Traditionally, organizations were required to provide only internally-developed programs, with content left to business, regulatory/contractual, and cultural discretion. Updated compliance requirements now require organizations to disseminate externally-developed content in addition to internally-provided content. This real-world business requirement may cause compliance risks due to inconsistent instruction, guidance gaps and lack of organizational relevance. The problem has been experienced by industry practitioners within the last five years due to increased regulatory and contractual compliance requirements. Prior studies have not yet identified specific impacts of multiple and differing compliance requirements on organizations. The need for organizational relevance in ISATE content has been explored in literature, but the amount of organizationally-relevant content has not been examined in balance of newer compliance mandates.The goal of the research project was to develop a standard content definition and framework. Experienced practitioners responsible for ISATE content within their organizations participated in a survey to validate definitions, content, compliance and organizational relevance requirements imposed on their organizations. Fifty-five of 80 practitioners surveyed (68.75% participation rate) provided responses to one or more sections of the survey. This research is believed to be the first to suggest a standardized content definition for ISATE program activities based on literature review, assessment of existing regulatory, contractual, standard and framework definitions and information obtained from specialized practitioner survey data. It is understood to be the first effort to align and synthesize cross-industry compliance requirements, security awareness topics and organizational relevance within information security awareness program content. Findings validated that multiple and varied regulatory and contractual compliance requirements are imposed on organizations. A lower number of organizations were impacted by third party program requirements than was originally expected. Negative and positive impacts of third party compliance requirements were identified. Program titles and content definitions vary in respondent organizations and are documented in a variety of organizational methods. Respondents indicated high acceptance of a standard definition of awareness, less so for training and education. Organizationally-relevant program content is highly important and must contain traditional and contemporary topics. Results are believed to be an original contribution to information/cyber security practitioners, with findings of interest to academic researchers, standards/framework bodies, auditing/risk management practitioners and learning/development specialists.
APA, Harvard, Vancouver, ISO, and other styles
10

MOKALLED, HASSAN. "The importance to manage data protection in the right way: Problems and solutions." Doctoral thesis, Università degli studi di Genova, 2020. http://hdl.handle.net/11567/997252.

Full text
Abstract:
Information and communication technology (ICT) has made remarkable impact on the society, especially on companies and organizations. The use of computers, databases, servers, and other technologies has made an evolution on the way of storing, processing, and transferring data. However, companies access and share their data on internet or intranet, thus there is a critical need to protect this data from destructive forces and from the unwanted actions of unauthorized users. This thesis groups a set of solutions proposed, from a company point of view, to reach the goal of “Managing data protection”. The work presented in this thesis represents a set of security solutions, which focuses on the management of data protection taking into account both the organizational and technological side. The work achieved can be divided into set of goals that are obtained particularly from the needs of the research community. This thesis handles the issue of managing data protection in a systematic way, through proposing a Data protection management approach, aiming to protect the data from both the organizational and the technological side, which was inspired by the ISO 27001 requirements. An Information Security Management System (ISMS) is then presented implementing this approach, an ISMS consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security to achieve business objectives, The goal of ISMS is to minimize risk and ensure continuity by pro-actively limiting the impact of a security breach. To be well-prepared to the potential threats that could occur to an organization, it is important to adopt an ISMS that helps in managing the data protection process, and in saving time and effort, minimizes cost of any loss. After that, a comprehensive framework is designed for the security risk management of Cyber Physical Systems (CPSs), this framework represents the strategy used to manage the security risk management, and it falls inside the ISMS as a security strategy. Traditional IT risk assessment methods can do the job (security risk management for a CPS); however, and because of the characteristics of a CPS, it is more efficient to adopt a solution that is wider than a method that addresses the type, functionalities and complexity of a CPS. Therefore, there is a critical need to follow a solution that breaks the restriction to a traditional risk assessment method, and so a high-level framework is proposed, it encompasses wider set of procedures and gives a great attention to the cybersecurity of these systems, which consequently leads to the safety of the physical world. In addition, inside the ISMS, another part of the work takes place, suggesting the guidelines to select an applicable Security Incident and Event Management (SIEM) solution. It also proposes an approach that aims to support companies seeking to adopt SIEM systems into their environments, suggesting suitable answers to preferred requirements that are believed to be valuable prerequisites a SIEM system should have; and to suggest criteria to judge SIEM systems using an evaluation process composed of quantitative and qualitative methods. This approach, unlike others, is customer driven which means that customer needs are taken into account when following the whole approach, specifically when defining the requirements and then evaluating the suppliers’ solutions. At the end, a research activity was carried out aiming classify web attacks on the network level, since any information about the attackers might be helpful and worth a lot to the cyber security analysts. And so, using network statistical fingerprints and machine learning techniques, a two-layers classification system is designed to detect the type of the web attack and the type of software used by the attackers.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Books on the topic "Cybersecurity risk management"

1

Rohmeyer, Paul, and Jennifer L. Bayuk. Financial Cybersecurity Risk Management. Berkeley, CA: Apress, 2019. http://dx.doi.org/10.1007/978-1-4842-4194-3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

United States. Congress. House. Committee on Homeland Security. Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. Protecting the homeland from nuclear and radiological threats: Hearing before the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the Committee on Homeland Security, House of Representatives, One Hundred Thirteenth Congress, second session, July 29, 2014. Washington: U.S. Government Publishing Office, 2015.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
3

Stepping Through Cybersecurity Risk Management. Wiley & Sons, Limited, John, 2024.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
4

Stepping Through Cybersecurity Risk Management. Wiley & Sons, Incorporated, John, 2023.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
5

Stepping Through Cybersecurity Risk Management. Wiley & Sons, Incorporated, John, 2023.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
6

Stepping Through Cybersecurity Risk Management. Wiley & Sons, Incorporated, John, 2023.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
7

Oh, Kok-Boon. Cybersecurity Risk Management: An ERM Approach. Nova Science Publishers, Incorporated, 2021.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
8

Oh, Kok-Boon. Cybersecurity Risk Management: An ERM Approach. Nova Science Publishers, Incorporated, 2022.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
9

Kissoon, Tara. Optimal Spending on Cybersecurity Measures: Risk Management. Taylor & Francis Group, 2021.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
10

Blokdyk, Gerardus. Cybersecurity Risk Management Complete Self-Assessment Guide. Createspace Independent Publishing Platform, 2017.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
More sources

Book chapters on the topic "Cybersecurity risk management"

1

Jøsang, Audun. "Cyber Risk Management." In Cybersecurity, 405–28. Cham: Springer Nature Switzerland, 2024. http://dx.doi.org/10.1007/978-3-031-68483-8_19.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Refsdal, Atle, Bjørnar Solhaug, and Ketil Stølen. "Cybersecurity." In Cyber-Risk Management, 29–32. Cham: Springer International Publishing, 2015. http://dx.doi.org/10.1007/978-3-319-23570-7_4.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Watters, Paul A. "Risk Management." In Cybercrime and Cybersecurity, 16–27. New York: CRC Press, 2023. http://dx.doi.org/10.1201/9781003406730-2.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Kissoon, Tara. "Cybersecurity risk-management framework." In Optimal Spending on Cybersecurity Measures, 95–112. London: Routledge, 2021. http://dx.doi.org/10.4324/9781003200895-7.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Kissoon, Tara. "Cybersecurity Risk Management Framework." In Optimal Spending on Cybersecurity Measures, 127–48. Boca Raton: CRC Press, 2024. http://dx.doi.org/10.1201/9781003497523-6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Kissoon, Tara. "Risk-management practice – vulnerability management." In Optimal Spending on Cybersecurity Measures, 26–45. London: Routledge, 2021. http://dx.doi.org/10.4324/9781003200895-4.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Kaur, Gurdip, and Arash Habibi Lashkari. "Information Technology Risk Management." In Advances in Cybersecurity Management, 269–87. Cham: Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-71381-2_13.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Kaur, Gurdip, Ziba Habibi Lashkari, and Arash Habibi Lashkari. "Cybersecurity Risk in FinTech." In Understanding Cybersecurity Management in FinTech, 103–22. Cham: Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-79915-1_6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Kissoon, Tara. "Risk-management practice – business continuity management." In Optimal Spending on Cybersecurity Measures, 68–94. London: Routledge, 2021. http://dx.doi.org/10.4324/9781003200895-6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Billois, Gérôme. "Cybersecurity Incident and Crisis Management." In The Cyber Risk Handbook, 171–84. Hoboken, NJ, USA: John Wiley & Sons, Inc., 2017. http://dx.doi.org/10.1002/9781119309741.ch12.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Cybersecurity risk management"

1

Marek, James. "Cybersecurity and Risk Management Framework in Avionics." In Vertical Flight Society 74th Annual Forum & Technology Display, 1–10. The Vertical Flight Society, 2018. http://dx.doi.org/10.4050/f-0074-2018-12893.

Full text
Abstract:
It is impossible to open a newspaper, turn on a television, or visit a news website these days without being barraged with cybersecurity related news. Every domain is being attacked, penetrated, and impacted by cyber-crime and the range, complexity, and frequency of attacks is expanding daily. Across the board we face a wide range of adversaries from disgruntled employees to nation states that are bent on taking our critical systems down temporarily or permanently. Avionics systems are not immune from this and over the past several years, cybersecurity policies and the Risk Management Framework (DoD 8510.01) approach to securing US cyber systems, have been maturing and rapidly growing in adoption. However, many in the avionics community remain uninformed regarding the impacts of these new policies and initiatives to their systems nor how best to ensure they are taking a practical and efficient approach to implementing them. Gone are the days of a magic box that all of the security requirements are allocated to. Modern Cybersecurity is a systems discipline and cuts across the entire avionics suite. This paper will introduce the Risk Management Framework (RMF) and Cybersecurity and discuss what they are, how we got here, how they are related, and how they are impacting and will impact legacy and future avionics systems on tactical military aircraft. The paper will present some observations and best practices associated with application of Cybersecurity and RMF to avionics. It will also include some benefits of safety critical designs toward cyber-hardening and where safety and security are mutually exclusive. It will touch briefly on some impacts to avionics systems related to hot Cybersecurity topics such as HBSS (Host Based Security System), STIGs (Security Technical Implementation Guides), Static code analysis, DoD PKI (Department of Defense Public Key Infrastructure), electronic delivery, and insider threats. The paper will include a perspective on the development environment, the deployed systems, and deployment sites and how RMF and Cybersecurity impact both the contractor and the DoD customer related to these perspectives.
APA, Harvard, Vancouver, ISO, and other styles
2

Mann, Zoltán Ádám. "Urgency in Cybersecurity Risk Management: Toward a Solid Theory." In 2024 IEEE 37th Computer Security Foundations Symposium (CSF), 651–64. IEEE, 2024. http://dx.doi.org/10.1109/csf61375.2024.00051.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Eltaeib, Tarik, Shakour Abuzneid, and Khaled Elleithy. "Proposed Framework for a Comprehensive Cybersecurity Risk Management Strategy." In 2024 IEEE Long Island Systems, Applications and Technology Conference (LISAT), 1–6. IEEE, 2024. https://doi.org/10.1109/lisat63094.2024.10808119.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Farouk, Suleiman, Chandrashekhar Uppin, and Gilbert George. "Enhancing Cybersecurity in Nigeria: A Proposed Risk Management Framework for Universities." In 2024 International Conference on Science, Engineering and Business for Driving Sustainable Development Goals (SEB4SDG), 1–8. IEEE, 2024. http://dx.doi.org/10.1109/seb4sdg60871.2024.10629748.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Tsai, Joseph, and Marc Dupuis. "Identification and Operationalization of Key Risks and Mitigations for the Cybersecurity Risk Management of Home Users." In 2024 Cyber Awareness and Research Symposium (CARS), 1–9. IEEE, 2024. https://doi.org/10.1109/cars61786.2024.10778868.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Salutina, Tatyana Y., Galina P. Platunina, and Irina A. Frank. "Cybersecurity, Risk Management and Monitoring of Digital and Infocommunication Development of the Company." In 2024 International Conference on Engineering Management of Communication and Technology (EMCTECH), 1–5. IEEE, 2024. http://dx.doi.org/10.1109/emctech63049.2024.10741653.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Curran, Barry, and James Egan. "A Method of Assessing Data Quality in Publicly Available Cybersecurity Data Sources for Use in Medical Device Cybersecurity Risk Management." In 2023 Cyber Research Conference - Ireland (Cyber-RCI), 1–9. IEEE, 2023. http://dx.doi.org/10.1109/cyber-rci59474.2023.10671424.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Sheh, R., K. Geappen, and D. Harriss. "AUTONOMOUS CYBERSECURITY AND AI RISK MANAGEMENT FOR UNCREWED SYSTEMS: CHALLENGES AND OPPORTUNITIES USING THE NIST FRAMEWORKS." In XPONENTIAL 2024, 46–67. Arlington, Virginia, USA: Association for Unmanned Vehicle Systems International, 2024. http://dx.doi.org/10.52202/075106-0003.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Katsumata, Peter, Judy Hemenway, and Wes Gavins. "Cybersecurity risk management." In MILCOM 2010 - 2010 IEEE Military Communications Conference. IEEE, 2010. http://dx.doi.org/10.1109/milcom.2010.5680181.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Ohrimenco, Serghei, and Valeriu Cernei. "Cybersecurity risk." In Economic Security in the Context of Systemic Transformations, 3rd Edition. Academy of Economic Studies of Moldova, 2024. http://dx.doi.org/10.53486/escst2023.17.

Full text
Abstract:
This paper presents the multifaceted field of cyber risks, their structure and composition, exploring the challenges posed by the rapid evolution of digital technologies. It highlights the prevalence of cyber risks as a set of activities performed in various sectors of human life, revealing the vulnerabilities faced by individual and collective users, commercial organisations, governments and individuals in today's hyper-connected landscape. The paper emphasises the importance of robust risk management strategies, highlighting the dynamic and persistent nature of cyber threats. A host of relevant international standards, frameworks and cyber risk management techniques to mitigate potential losses are reviewed. Approaches to defining the category of cyber risk are analysed. Daily attack techniques are reviewed. Risk analysis based on a set of reports from leading computer firms has been carried out. The structure of cyber security threats affecting the level of risk is determined. Despite the existing scientific and practical achievements in the field of cyber security, the ever-changing tactics of cyber criminals require constant adaptation of organisational and technical actions and the adoption of a set of proactive measures. Cyber risk management strategies are discussed, which include the selection of possible approaches, taking into account factors such as the level of cyber maturity, available resources, required skills and experience in cyber risk management. The article identifies the most prominent risk management tools, suggests some risk management strategies and advocates a comprehensive approach to cyber security that recognises the inevitability of cyber attacks and the need to build resilience in the face of emerging threats.
APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "Cybersecurity risk management"

1

Quinn, Stephen, Nahla Ivy, Matthew Barrett, Greg Witte, and R. K. Gardner. Prioritizing Cybersecurity Risk for Enterprise Risk Management. National Institute of Standards and Technology, February 2022. http://dx.doi.org/10.6028/nist.ir.8286b.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

McWhite, Rebecca. NIST Cybersecurity Supply Chain Risk Management:. Gaithersburg, MD: National Institute of Standards and Technology, 2024. http://dx.doi.org/10.6028/nist.sp.1326.ipd.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Quinn, Stephen, Nahla Ivy, Matthew Barrett, Larry Feldman, Greg Witte, and R. K. Gardner. Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management. National Institute of Standards and Technology, November 2021. http://dx.doi.org/10.6028/nist.ir.8286a.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Stine, Kevin, Stephen Quinn, Greg Witte, and R. K. Gardner. Integrating Cybersecurity and Enterprise Risk Management (ERM). National Institute of Standards and Technology, October 2020. http://dx.doi.org/10.6028/nist.ir.8286.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Barker, William C., Karen Scarfone, William Fisher, and Murugiah Souppaya. Cybersecurity Framework Profile for Ransomware Risk Management. National Institute of Standards and Technology, September 2021. http://dx.doi.org/10.6028/nist.ir.8374-draft.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Quinn, Stephen, Nahla Ivy, Matthew Barrett, Greg Witte, and R. K. Gardner. Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight. National Institute of Standards and Technology, January 2022. http://dx.doi.org/10.6028/nist.ir.8286c-draft.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Quinn, Stephen. Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight. Gaithersburg, MD: National Institute of Standards and Technology, 2022. http://dx.doi.org/10.6028/nist.ir.8286c.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Quinn, Stephen. Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight. Gaithersburg, MD: National Institute of Standards and Technology, 2024. http://dx.doi.org/10.6028/nist.ir.8286c-upd1.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Stine, Kevin, Stephen Quinn, Nahla Ivy, Larry Feldman, Greg Witte, and R. K. Gardner. Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management (ERM). National Institute of Standards and Technology, July 2021. http://dx.doi.org/10.6028/nist.ir.8286a-draft2.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Boyens, Jon M. Cybersecurity Supply Chain Risk Management for Systems and Organizations. Gaithersburg, MD: National Institute of Standards and Technology, 2022. http://dx.doi.org/10.6028/nist.sp.800-161r1.

Full text
Abstract:
Organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These risks are associated with an enterprise’s decreased visibility into, and understanding of, how the technology they acquire is developed, integrated, and deployed, or the processes, procedures, standards, and practices used to ensure the security, resilience, reliability, safety, integrity, and quality of the products and services. This publication provides guidance to organizations on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain at all levels of their organizations. The publication integrates cybersecurity supply chain risk management (C-SCRM) into risk management activities by applying a multilevel, C-SCRM-specific approach, including guidance on development of C-SCRM strategy implementation plans, C-SCRM policies, C-SCRM plans, and risk assessments for products and services
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Cybersecurity risk management' for particular source types:
Journal articles Dissertations / Theses Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography