Skip to main content
SpringerLink
Log in

A Survey of Cybersecurity Risk Management Frameworks

  • Conference paper
  • First Online:
Soft Computing Applications (SOFA 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1221))

Included in the following conference series:

Abstract

Organizations are faced with a clear need for increasing the maturity of their cybersecurity capabilities to keep pace with the ever-evolving cyber threats and accelerated institutional digitalization driven by financial reward and competitive edge. In this context, organizations acknowledge the importance of strengthening their cybersecurity programs to protect critical business processes along with the confidentiality, availability, and integrity of information and information systems through people, processes, and technology by preventing, detecting, and responding to cyber attackers resorting to sophisticated cyber tactics, techniques, and procedures (TTPs). Meanwhile, national and international standardization bodies reacted through the development of various cybersecurity risk management frameworks and standards that can be leveraged by organizations while maturing their cybersecurity capabilities. In a nutshell, this paper aims to provide a critical evaluation of several widespread cybersecurity risk management frameworks adopted by organizations to alleviate cyber risks. The paper starts with an introduction about the key drivers for adopting a cybersecurity risk management framework within organizations. Further, the paper gives an overview of several well-renowned cybersecurity risk management frameworks and related standards, methods and methodologies. Furthermore, the paper defines the evaluation criteria used for comparing frameworks and provides a holistic evaluation of selective cybersecurity risk management frameworks aiming to support decision-making with respect to framework selection, facilitate pragmatic implementation of cybersecurity programmes, and help organizations cope with cybersecurity risks. Finally, the paper presents the concluding remarks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Cabinet Office: The UK cyber security strategy: protecting and promoting the UK in a digital world. Crown, London (2011)

    Google Scholar 

  2. United States Army: Field Manual 3–38: cyber electromagnetic activities. US Army, Kansas (2014)

    Google Scholar 

  3. Bank of England: CBEST Intelligence-Led Testing Understanding Cyber Threat Intelligence Operations. Bank of England, London (2016)

    Google Scholar 

  4. ETSI: CYBER; Global Cyber Security Ecosystem (2017). https://www.etsi.org/deliver/etsi_tr/103300_103399/103306/01.02.01_60/tr_103306v010201p.pdf. Accessed 31 July 2018

  5. Lonea, A.M., Popescu, D.E., Prostean, O.: The overall process taken by enterprises to manage the IaaS cloud services. In: Proceedings of the European Conference on Information Systems Management (ECIME 2012), University College Cork, Cork, pp. 168–177 (2012)

    Google Scholar 

  6. Lonea, A.M., Tianfield, H., Popescu, D.E.: Identity management for cloud computing. In: Balas, V., Fodor, J., Várkonyi-Kóczy, A. (eds.) New Concepts and Applications in Soft Computing. Studies in Computational Intelligence, vol. 417, pp. 175–199. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-28959-0_11

  7. Poppensieker, T., Riemenschnitter, R.: A new posture for cybersecurity in a networked world (2018). https://www.mckinsey.com/business-functions/risk/our-insights/a-new-posture-for-cybersecurity-in-a-networked-world. Accessed 31 July 2018

  8. EY: Cybersecurity regained: preparing to face cyber attacks 20th Global Information Security Survey 2017–18 (2018). https://www.ey.com/Publication/vwLUAssets/ey-cybersecurity-regained-preparing-to-face-cyber-attacks/$FILE/ey-cybersecurity-regained-preparing-to-face-cyber-attacks.pdf. Accessed 31 July 2018

  9. ENISA: ENISA Threat Landscape Report 2017 15 Top Cyber-Threats and Trends (2018). https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2017/at_download/fullReport. Accessed 31 July 2018

  10. EY: Governing cyber risk in financial services, pp. 2–7 (2017)

    Google Scholar 

  11. World Economic Forum: Digital Transformation Initiative Maximizing the Return on Digital Investments (2018). http://www3.weforum.org/docs/DTI_Maximizing_Return_Digital_WP.pdf. Accessed 31 July 2018

  12. PwC: Top financial services issues of 2018 (2017). https://www.pwc.se/sv/pdf-reports/finansiell-sektor/top-financial-services-issues-of-2018.pdf. Accessed 31 July 2018

  13. PwC: Revitalizing privacy and trust in a data-driven world Key findings from The Global State of Information Security® Survey 2018 (2018). https://www.pwc.com/us/en/cybersecurity/assets/revitalizing-privacy-trust-in-data-driven-world.pdf. Accessed 31 July 2018

  14. Ali, S., Padmanabhan, V., Dixon, J.: Why Cybersecurity is a Strategic Issue (2014). https://www.bain.com/insights/why-cybersecurity-is-a-strategic-issue/. Accessed 31 July 2018

  15. Lindstrom, P., Rosen, M., Pike, S.: DX Security: A Security Model for the DX Platform, pp. 2–13 (2018)

    Google Scholar 

  16. Information Security Forum: IRAM2 The next generation of assessing information risk, pp. 1–90 (2014)

    Google Scholar 

  17. PwC: 10 most likely ways your operational technology network will be compromised December 2015 Cyber savvy: Securing operational technology assets (2016). https://www.pwc.com/ca/en/consulting/publications/2016–01-18-pwc-cyber-savvy-securing-operational-technology-assets.pdf. Accessed 31 July 2018

  18. Deloitte: ISO27032: Guidelines for cyber security a Deloitte point of view on analysing & implementing the guideline (2012). https://www2.deloitte.com/content/dam/Deloitte/ie/Documents/Risk/iso27032_guidelines_cybersecurity_2011_deloitte_uk.pdf. Accessed 31 July 2018

  19. Verizon: 2018 Data Breach Investigations Report, 11th edn (2018). https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf. Accessed 31 July 2018

  20. Deloitte: The value of visibility Cybersecurity risk management examination (2017). https://www2.deloitte.com/content/dam/Deloitte/us/Documents/risk/us-the-value-of-visibility-cybersecurity-risk-management-examination.pdf. Accessed 31 July 2018

  21. EY: Cyber program management Identifying ways to get ahead of cybercrime (2014). https://www.ey.com/Publication/vwLUAssets/EY-cyber-program-management/$FILE/EY-cyber-program-management.pdf. Accessed 31 July 2018

  22. World Economic Forum: The Global Risks Report 2018, 13th edn (2018). http://www3.weforum.org/docs/WEF_GRR18_Report.pdf. Accessed 31 July 2018

  23. Europol: Internet Organised Crime Threat Assessment 2017 (2017). https://www.europol.europa.eu/sites/default/files/documents/iocta2017.pdf. Accessed 31 July 2018

  24. IBM Security: IBM X-Force Threat Intelligence Index 2018 Notable security events of 2017, and a look ahead (2018). https://public.dhe.ibm.com/common/ssi/ecm/77/en/77014377usen/security-ibm-security-solutions-wg-research-report-77014377usen-20180404.pdf. Accessed 31 July 2018

  25. Mavroeidis, V., Bromander, S.: Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In: 2017 European Intelligence and Security Informatics Conference (EISIC), Athens, pp. 91–98. IEEE (2017)

    Google Scholar 

  26. Center for Internet Security: Top 10 Malware, January 2018. https://www.cisecurity.org/top-10-malware-january-2018/. Accessed 31 July 2018

  27. The British Standards Institution: Emerging trends in the cyber landscape – 2018 (2017). https://www.bsigroup.com/contentassets/d6a55cdd1c7f4849811d48e6397340b7/csir—emerging_cyber_trends.pdf?amp;epslanguage=fr-FR. Accessed 31 July 2018

  28. Deutscher, S., Bohmayr, W., Yin, W., Russo, M.: Cybersecurity Meets IT Risk Management: A Corporate Immune and Defense System (2014). https://www.bcg.com/publications/2014/technology-strategy-organization-cybersecurity-meets-it-risk-management.aspx. Accessed 31 July 2018

  29. Juniper Research: The Future of Cybercrime & Security: Enterprise Threats & Mitigation 2017–2022 (2017). https://www.juniperresearch.com/press/press-releases/cybercrime-to-cost-global-business-over-$8-trn. Accessed 31 July 2018

  30. National Institute of Standards and Technology: Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 (2018). https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf. Accessed 31 July 2018

  31. ENISA: ENISA overview of cybersecurity and related terminology (2017). https://www.enisa.europa.eu/publications/enisa-position-papers-and-opinions/enisa-overview-of-cybersecurity-and-related-terminology. Accessed 31 July 2018

  32. Mayer Brown: 2018 Outlook: Cybersecurity and Data Privacy (2018). https://www.mayerbrown.com/files/Publication/186b642e-812a-4b83-8e2d-138d6c9a4f6f/Presentation/PublicationAttachment/dbb4215a-6522-4bb6-9007-12a81d4d7075/Mayer-Brown-2018-Cyber-Data%20Privacy-Outlook.pdf. Accessed 31 July 2018

  33. Deloitte: Cyber risk and regulation in Europe: A new paradigm form banks (2018). https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Risk/gx-cyber-risk-and-regulation-in-europe.pdf. Accessed 31 July 2018

  34. EY: Payment Services Directive 2 for FinTech & Payment Service Providers Accelerate your growth journey (2017). https://www.ey.com/Publication/vwLUAssets/HVG-payment-services-directive-2/$FILE/HVG-payment-services-directive-2.pdf. Accessed 31 July 2018

  35. EY: Networking and Information Security (NIS) Directive An outline of consequences and next steps (2017). https://www.ey.com/Publication/vwLUAssets/EY-networking-and-information-security-directive-nis/$FILE/EY-networking-and-information-security-directive-nis.pdf. Accessed 31 July 2018

  36. ENISA: ENISA’s Position on the NIS Directive (2016). https://www.enisa.europa.eu/publications/enisa-position-papers-and-opinions/enisas-position-on-the-nis-directive/. Accessed 31 July 2018

  37. EY: Cybersecurity requirements for financial services companies Overview of the finalized Cybersecurity Requirements from the New York State Department of Financial Services (DFS) (2017). https://www.ey.com/Publication/vwLUAssets/EY-cybersecurity-requirements-for-financial-services-companies/$FILE/EY-cybersecurity-requirements-for-financial-services-companies.pdf. Accessed 31 July 2018

  38. Deloitte: Data and records disposition under new cybersecurity regulations: Is your organization ready? (2018). https://www2.deloitte.com/content/dam/Deloitte/us/Documents/regulatory/us-regulatory-data-disposition-nyfds-cybersecurity.pdf. Accessed 31 July 2018

  39. Chaudhary, R., Hamilton, J.: The Five Critical Attributes of Effective Cybersecurity Risk Management, pp. 3–11 (2015)

    Google Scholar 

  40. Cisco: Cybersecurity Management Program (2017). https://www.cisco.com/c/dam/en/us/products/collateral/security/cybersecurity-management-programs.pdf. Accessed 31 July 2018

  41. Rogers, B.E., Dunkerley, D.: CRISC™ Certified in Risk and Information Systems Control All-in-One Exam Guide. McGraw-Hill Education, New York (2016)

    Google Scholar 

  42. CNSSI: Committee on National Security Systems (CNSS) Glossary. National Security Agency, Fort Meade (2015)

    Google Scholar 

  43. Axelos: MoR® Glossary of Terms – English (2012). https://www.axelos.com/Corporate/media/Files/Glossaries/MoR-Glossary-of-Terms_GB.pdf. Accessed 31 July 2018

  44. International Organization for Standardization: ISO/IEC 27000:2018 Information technology – Security techniques – Information security management systems – Overview and vocabulary (2018). https://www.iso.org/standard/73906.html. Accessed 31 July 2018

  45. Institute of Risk Management: A Risk Practitioners Guide to ISO 31000:2018 (2018). https://www.theirm.org/media/3513119/IRM-Report-ISO-31000-2018-v3.pdf. Accessed 31 July 2018

  46. ISO: IEC 31010:2009 Preview Risk management – Risk assessment techniques (2009). https://www.iso.org/standard/51073.html. Accessed 31 July 2018

  47. ISO: ISO/IEC 27005:2018 Information technology – Security techniques – Information security risk management (2018). https://www.iso.org/standard/75281.html. Accessed 31 July 2018

  48. ENISA: Risk Management: Implementation principles and Inventories for Risk Management/Risk Assessment methods and tools (2006). https://www.enisa.europa.eu/publications/risk-management-principles-and-inventories-for-risk-management-risk-assessment-methods-and-tools/at_download/fullReport. Accessed 31 July 2018

  49. WISER Consortium: D6.2 - Best Practices & Early Assessment Pilots, Final Version (2016). https://www.cyberwiser.eu/content/d62-best-practices-early-assessment-pilots-final-version. Accessed 31 July 2018

  50. ISO: ISO/IEC 27032:2012 Information technology – Security techniques – Guidelines for cybersecurity (2012). https://www.iso.org/standard/44375.html. Accessed 31 July 2018

  51. ISACA: The Risk IT Framework Excerpt (2009). http://www.isaca.org/Knowledge-Center/Research/Documents/Risk-IT-Framework-Excerpt_fmk_Eng_0109.pdf. Accessed 31 July 2018

  52. Gashgari, G., Walters, R.J., Wills, G.: A proposed best-practice framework for information security governance. In: IoTBDS, pp. 295–301 (2017)

    Google Scholar 

  53. Innotrain IT: IT Service Management Methods and Frameworks Systematization (2010). http://www.central2013.eu/fileadmin/user_upload/Downloads/outputlib/Innotrain_Systematization_2011_04_05_FINAL.PDF. Accessed 31 July 2018

  54. ENISA: Integration of risk management/risk assessment into business governance. Project report (2008). https://www.enisa.europa.eu/publications/archive/integration-of-rm-ra-into-business-governance/at_download/fullReport. Accessed 31 July 2018

  55. Talabis, M.R.M., Martin, J.L.: Information Security Risk Assessment Toolkit, pp. 37–41. Elsevier, Amsterdam (2013)

    Google Scholar 

  56. NIST: NIST Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations (2013). https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-53r4.pdf. Accessed 31 July 2018

  57. Department for Business, Innovation and Skills (BIS): The Risk IT Framework Excerpt (2014). https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/261681/bis-13-1294-uk-cyber-security-standards-research-report.pdf. Accessed 31 July 2018

  58. Taubenberger, S.: Vulnerability identification errors in security risk assessments. Doctorate, The Open University (2014)

    Google Scholar 

  59. Ionita, D.: Current established risk assessment methodologies and tools. Master, University of Twente (2013)

    Google Scholar 

  60. NIST: NIST Special Publication 800-37 Revision 1 Guide for Applying the Risk Management Framework to Federal Information Systems (2010). https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-37r1.pdf. Accessed 31 July 2018

  61. NIST: NIST Special Publication 800-53A Assessing Security and Privacy Controls in Federal Information Systems and Organizations (2014). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar4.pdf. Accessed 31 July 2018

  62. NIST: NIST Special Publication 800-30 Revision 1 Guide for Conducting Risk Assessments (2012). https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-30r1.pdf. Accessed 31 July 2018

  63. NIST: NIST Special Publication 800-39 Managing Information Security Risk Organization, Mission, and Information System View (2011). https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf. Accessed 31 July 2018

  64. Software Engineering Institute: Introducing OCTAVE Allegro: improving the information security risk assessment process. Technical report (2007). https://resources.sei.cmu.edu/asset_files/TechnicalReport/2007_005_001_14885.pdf. Accessed 31 July 2018

  65. Jones, J.A.: An introduction to factor analysis of information risk (FAIR). Risk Manag. Insight LLC (2006)

    Google Scholar 

  66. Tweneboah-Koduah, S., Buchanan, W.J.: Security risk assessment of critical infrastructure systems: a comparative study. Comput. J. 61, 1389–1406 (2018)

    Article  Google Scholar 

  67. Fulford, E.: What factors influence companies’ successful implementations of technology risk management systems? Muma Bus. Rev. 1(13), 157–169 (2017)

    Google Scholar 

  68. Sherwood, J., Clark, A., Lynas, D.: Enterprise Security Architecture. White Paper, SABSA Limited (2009)

    Google Scholar 

  69. Van Os, R.: Comparing security architectures: defining and testing a model for evaluating and categorizing security architecture frameworks. Master’s thesis, Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Sweden (2014)

    Google Scholar 

  70. Bodeau, D.J., Graubart, R.: Cyber Resiliency Engineering Framework. MTR110237 (2011). https://www.mitre.org/sites/default/files/pdf/11_4436.pdf. Accessed 31 July 2018

  71. AICPA: SOC 2® examinations and SOC for Cybersecurity examinations: Understanding the key distinctions (2017). https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/cybersecurity/soc-2-vs-cyber-whitepaper-web-final.pdf. Accessed 31 July 2018

  72. CIS: CIS Controls Framework (2018). https://www.cisecurity.org/controls/. Accessed 31 July 2018

  73. COSO: Internal Control – Integrated Framework, Executive Summary (2013). https://na.theiia.org/standards-guidance/topics/Documents/Executive_Summary.pdf. Accessed 31 July 2018

  74. COSO: Enterprise Risk Management – Integrating with Strategy and Performance, Executive Summary (2017). https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf. Accessed 31 July 2018

  75. ISO: ISO 31000:2018 (2018). https://www.iso.org/standard/65694.html. Accessed 31 July 2018

  76. Davies, J.: ITIL Foundation All-in-One Exam Guide. McGraw-Hill Education, New York (2016)

    Google Scholar 

  77. ISACA: COBIT5 Enabling Processes (2012). http://www.isaca.org/COBIT/Documents/COBIT-5-Enabling-Processes-Introduction.pdf. Accessed 31 July 2018

  78. Curley, M., Kenneally, J., Carcary, M. (eds.): IT Capability Maturity Framework TM (IT-CMF TM) The Body of Knowledge Guide, 2nd edn. Van Haren Publishing, Zaltbommel (2016)

    Google Scholar 

  79. ISO: We’re ISO: we develop and publish International Standards (2018). https://www.iso.org/standards.html. Accessed 31 July 2018

  80. IEC: Developing International Standards (2018). http://www.iec.ch/about/activities/standards.htm. Accessed 31 July 2018

  81. ITU: ITU-T Recommendations and other publications (2018). https://www.itu.int/en/ITU-T/publications/Pages/default.aspx. Accessed 31 July 2018

  82. BSI: What is a standard? & What does it do? (2018). https://www.bsigroup.com/en-GB/standards/Information-about-standards/what-is-a-standard/. Accessed 31 July 2018

  83. ENISA: Information security and privacy standards for SMEs.56 (2015). https://www.enisa.europa.eu/publications/standardisation-for-smes/at_download/fullReport. Accessed 31 July 2018

  84. Cloud Standards Customer Council: Cloud Security Standards: What to Expect & What to Negotiate Version 2.0 (2016). https://www.omg.org/cloud/deliverables/CSCC-Cloud-Security-Standards-What-to-Expect-and-What-to-Negotiate.pdf. Accessed 31 July 2018

  85. ISA: The 62443 series of standards Industrial Automation and Control Systems Security (2016). https://www.isa.org/isa99/. Accessed 31 July 2018

  86. Cabinet Office and HMG: HMG IA Standard No. 6 Protecting Personal Data and Managing Information Risk (2011). https://data.gov.uk/data/contracts-finder-archive/download/611325/439bbc8a-9249-4210-93a8-8c33edcba603. Accessed 31 July 2018

  87. ISO: ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements (2013). https://www.iso.org/standard/54534.html. Accessed 31 July 2018

  88. ISO: ISO/IEC 27002:2013 Information technology – Security techniques – Code of practice for information security controls (2013). https://www.iso.org/standard/54533.html. Accessed 31 July 2018

  89. ISF: The 2011 Standard of Good Practice for Information Security, pp. 1–271 (2011)

    Google Scholar 

  90. BSI: BSI-Standard 100-1: Information Security Management Systems (ISMS) Version 1.5 (2008). https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standard_100-1_e_pdf.pdf?__blob=publicationFile&v=1. Accessed 31 July 2018

  91. BSI: BSI-Standard 100-2: IT-Grundschutz Methodology Version 2.0 (2008). https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standard_100-2_e_pdf.pdf?__blob=publicationFile. Accessed 31 July 2018

  92. Cross, J.: ISO 31010 risk assessment techniques and open systems. In: Sixth Workshop on Open Systems Dependability, Tokyo, pp. 15–18 (2017)

    Google Scholar 

  93. IRM: A Risk Management Standard (2002). https://www.theirm.org/media/886059/ARMS_2002_IRM.pdf. Accessed 31 July 2018

  94. Mackenzie, N., Knipe, S.: Research dilemmas: paradigms, methods and methodology. Issues Educ. Res. 16(2), 193–205 (2006)

    Google Scholar 

  95. Ghauri, P., Gronhaug, K.: Research Methods in Business Studies, 4th edn. Pearson Education Limited, Essex (2010)

    Google Scholar 

  96. Palvia, P., Mao, E., Salam, A.F., Soliman, K.S.: Management information systems research: what’s there in a methodology? Commun. Assoc. Inf. Syst. 11(16), 289–309 (2003)

    Google Scholar 

  97. Avison, D., Fitzgerald, G.: Information Systems Development – Methodologies, Techniques and Tools, 3rd edn. McGraw-Hill Education, New York (2002)

    Google Scholar 

  98. NIST: New NIST Publication Provides Guidance for Computer Security Risk Assessments (2012). https://www.nist.gov/news-events/news/2012/09/new-nist-publication-provides-guidance-computer-security-risk-assessments. Accessed 31 July 2018

  99. CIS: CIS RAM Version 1.0 Center for Internet Security® Risk Assessment Method For Reasonable Implementation and Evaluation of CIS Controls TM. Center for Internet Security (2018). https://learn.cisecurity.org/cis-ram. Accessed 31 July 2018

  100. Carnegie Mellon University: Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016). https://www.us-cert.gov/sites/default/files/c3vp/csc-crr-method-description-and-user-guide.pdf. Accessed 31 July 2018

  101. Department of Homeland Security: Cyber Resilience Review (CRR) (2018). https://www.us-cert.gov/ccubedvp/assessments. Accessed 31 July 2018

  102. Nurse, J.R.C., Creese, S., De Roure, D.: Security risk assessment in internet of things systems. IT Prof. 19(5), 20–26 (2017). https://doi.org/10.1109/MITP.2017.3680959

    Article  Google Scholar 

  103. Sherwood, J., Clark, A., Lynas, D.: Enterprise Security Architecture: A Business-Driven Approach. Taylor & Francis Group, Boca Raton (2005)

    Book  Google Scholar 

  104. Freund, J., Jones, J.: Measuring and Managing Information Risk: A FAIR Approach. Elsevier, Oxford (2015)

    Google Scholar 

  105. Alberts, J.C., Dorofee, A.J.: OCTAVE Criteria, Version 2.0, pp. 12–20 (2001)

    Google Scholar 

  106. American Institute of Certified Professional Accountants: Trust Services Criteria (2017). https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria.pdf. Accessed 31 July 2018

  107. The Open Group: Risk Taxonomy (O-RT), Version 2.0 Technical Standard (2013). https://publications.opengroup.org/c13k. Accessed 31 July 2018

Download references

Author information

Authors and Affiliations

  1. Management Department, Faculty of Management in Production and Transportation, “Politehnica” University of Timisoara, Remus Street 14, 300191, Timisoara, Romania

    Olivia Giuca, Traian Mihai Popescu, Alina Madalina Popescu & Gabriela Prostean

  2. Computer Engineering Department, Faculty of Electrical Engineering and Information Technology, University of Oradea, Universitatii Street 1, 410087, Oradea, Romania

    Daniela Elena Popescu

Authors
  1. Olivia Giuca
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Traian Mihai Popescu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alina Madalina Popescu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gabriela Prostean
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Daniela Elena Popescu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Olivia Giuca .

Editor information

Editors and Affiliations

  1. “Aurel Vlaicu” University of Arad, Faculty of Engineering, Arad, Romania

    Valentina Emilia Balas

  2. Faculty of Engineering and Information Technology, University of Technology Sydney, Centre for Artificial Intelligence, Sydney, Australia

    Lakhmi C. Jain

  3. Faculty of Engineering, “Aurel Vlaicu” University of Arad, Arad, Arad, Romania

    Marius Mircea Balas

  4. Department of Information Technology and Programming, Azerbaijan Technical University, Baku, Azerbaijan

    Shahnaz N. Shahbazova

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Giuca, O., Popescu, T.M., Popescu, A.M., Prostean, G., Popescu, D.E. (2021). A Survey of Cybersecurity Risk Management Frameworks. In: Balas, V., Jain, L., Balas, M., Shahbazova, S. (eds) Soft Computing Applications. SOFA 2018. Advances in Intelligent Systems and Computing, vol 1221. Springer, Cham. https://doi.org/10.1007/978-3-030-51992-6_20

Download citation

Publish with us

Policies and ethics

Search

Navigation