Skip to main content
placeholder image

Review of cybersecurity frameworks: context and shared concepts

Journal Article


Download full-text (Open Access)

Abstract


  • In an effort to develop strong cyber resilience, international organisations, academic institutions, corporations and countries have been actively working to develop cybersecurity frameworks (CSFs). Such efforts emphasize various perspectives depending on the organisation’s intention, while their contents involve the same concept. The aim of this paper is to incorporate the many varied perspectives on CSFs and gather them into a concise view by contrasting different intentions and distilling shared concepts. To do so, this study uses the document analysis method alongside two cycles of coding (descriptive coding and pattern coding) to excerpt 12 extant CSFs. The various intentions can be cascaded with respect to four areas: 1) the promoted action, 2) the driver, 3) the framework milieu and 4) the audience. The frameworks can also be examined according to three common concepts: 1) shared actions, 2) cyber pillars and 3) the framework life cycle. A total of seven shared actions are distilled from the frameworks, while the human, organisational, infrastructure, technology and law and regulation pillar are the most frequently discussed excerpts from the CSFs. Moreover, there are three processes for securing cyberspace: profiling, delivering and assuring. The shared concepts presented in this paper may also be useful for developing a general model of a CSF.

Publication Date


  • 2018

Citation


  • Azmi, R., Tibben, W. & Win, K. (2018). Review of cybersecurity frameworks: context and shared concepts. Journal of Cyber Policy, 3 (2), 258-283.

Ro Full-text Url


  • https://ro.uow.edu.au/cgi/viewcontent.cgi?article=2961&context=eispapers1

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers1/1959

Number Of Pages


  • 25

Start Page


  • 258

End Page


  • 283

Volume


  • 3

Issue


  • 2

Place Of Publication


  • United Kingdom

Abstract


  • In an effort to develop strong cyber resilience, international organisations, academic institutions, corporations and countries have been actively working to develop cybersecurity frameworks (CSFs). Such efforts emphasize various perspectives depending on the organisation’s intention, while their contents involve the same concept. The aim of this paper is to incorporate the many varied perspectives on CSFs and gather them into a concise view by contrasting different intentions and distilling shared concepts. To do so, this study uses the document analysis method alongside two cycles of coding (descriptive coding and pattern coding) to excerpt 12 extant CSFs. The various intentions can be cascaded with respect to four areas: 1) the promoted action, 2) the driver, 3) the framework milieu and 4) the audience. The frameworks can also be examined according to three common concepts: 1) shared actions, 2) cyber pillars and 3) the framework life cycle. A total of seven shared actions are distilled from the frameworks, while the human, organisational, infrastructure, technology and law and regulation pillar are the most frequently discussed excerpts from the CSFs. Moreover, there are three processes for securing cyberspace: profiling, delivering and assuring. The shared concepts presented in this paper may also be useful for developing a general model of a CSF.

Publication Date


  • 2018

Citation


  • Azmi, R., Tibben, W. & Win, K. (2018). Review of cybersecurity frameworks: context and shared concepts. Journal of Cyber Policy, 3 (2), 258-283.

Ro Full-text Url


  • https://ro.uow.edu.au/cgi/viewcontent.cgi?article=2961&context=eispapers1

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers1/1959

Number Of Pages


  • 25

Start Page


  • 258

End Page


  • 283

Volume


  • 3

Issue


  • 2

Place Of Publication


  • United Kingdom