全部 标题 作者
关键词 摘要

OALib Journal期刊
ISSN: 2333-9721
费用:99美元

查看量下载量

Literature Review on Building Cyber Resilience Capabilities to Counter Future Cyber Threats: The Role of Enterprise Risk Management (ERM) and Business Continuity (BC)

DOI: 10.4236/oalib.1109882, PP. 1-15

Subject Areas: Business Management, Information Management

Keywords: Enterprise Risk Management, ERM, Business Continuity, BC, Risk Assessment, Risk Mitigation, Risk Monitoring, Risk Reporting, Risk Culture, Crisis Management, Disaster Recovery, Business Resilience, Risk Governance, Risk Framework

Full-Text   Cite this paper   Add to My Lib

Abstract

The primary purpose of this paper is to critically explore the importance of building cyber resilience capabilities in organizations to counter future cyber threats. With the increasing sophistication and frequency of cyber-crimes, traditional security systems and techniques are no longer sufficient to combat them. To maintain business operations during and after a cyber-attack, it is essential to adopt a holistic approach to IT risks and create a robust cyber resilience program. The methodology adopted involved a systematic literature review on how Enterprise Risk Management (ERM) and Business Continuity (BC) contribute to building cyber resilience capabilities. The results showed that ERM and BC are critical components of cyber resilience and can help organizations identify, evaluate, and manage interruption risks. The paper concludes that organizations must maintain cyber resilience with efficient business continuity management and enterprise risk management frameworks as cyber hazards continue to increase.

Cite this paper

Assibi, A. T. (2023). Literature Review on Building Cyber Resilience Capabilities to Counter Future Cyber Threats: The Role of Enterprise Risk Management (ERM) and Business Continuity (BC). Open Access Library Journal, 10, e9882. doi: http://dx.doi.org/10.4236/oalib.1109882.

References

[1]  Goel, R., Kumar, A. and Haddow, J. (2020) PRISM: A Strategic Decision Framework for Cybersecurity Risk Assessment. Information & Computer Security, 28, 591-625. https://doi.org/10.1108/ICS-11-2018-0131
[2]  Quinn, S., Ivy, N., Chua, J., Barrett, M., Feldman, L., Topper, D. and Gardner, R.K. (2022) Using Business Impact Analysis to Inform Risk Prioritization and Response (No. NIST Internal or Interagency Report (NISTIR) 8286D (Draft)). National Institute of Standards and Technology, Gaithersburg. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=935699
https://doi.org/10.6028/NIST.IR.8286D.ipd
[3]  Carcary, M., Doherty, E. and Conway, G. (2019, July) A Framework for Managing Cybersecurity Effectiveness in the Digital Context. European Conference on Cyber Warfare and Security, Coimbra, 4-5 July 2019, 78-86. https://books.google.com/books?hl=en&lr=&id=b8-hDwAAQBAJ&oi=fnd&pg=PA78&dq=cybersecurity and ERM and business continuity&ots=KPTYyCKryo&sig=Jin0UKnI_HZ5VhAG0Tn5WU0eKgs
[4]  Stine, K., Quinn, S., Witte, G. and Gardner, R. (2020) Integrating Cybersecurity and Enterprise Risk Management (ERM). National Institute of Standards and Technology, NIST Internal or Interagency Report (NISTIR), Gaithersburg, 8286. https://complexdiscovery.com/wp-content/uploads/2020/03/NIST.IR_.8286.pdf
https://doi.org/10.6028/NIST.IR.8286
[5]  Andronache, A. (2019) Aligning Cybersecurity Management with Enterprise Risk Management in the Financial Industry. Doctoral Dissertation, Brunel University, London. https://bura.brunel.ac.uk/bitstream/2438/19040/1/FulltextThesis.pdf
[6]  Ghadge, A., Weiß, M., Caldwell, N.D. and Wilding, R. (2019) Managing Cyber Risk in Supply Chains: A Review and Research Agenda. Supply Chain Management: An International Journal, 25, 223-240. https://doi.org/10.2139/ssrn.3426030
https://www.researchgate.net/profile/Dr-Abhijeet-Ghadge/publication/334736415_Managing_cyber_risk_in_supply_chains_A_review_and_research_agenda/links/62040b49075f695e892d54d9/Managing-cyber-risk-in-supply-chains-A-review-and-research-agenda.pdf
[7]  Klucka, J. and Grünbichler, R. (2020) Enterprise Risk Management-Approaches Determining Its Application and Relation to Business Performance. Quality Innovation Prosperity, 24, 51-58. https://doi.org/10.12776/qip.v24i2.1467
https://www.qip-journal.eu/index.php/QIP/article/view/1467/1218
[8]  Niemimaa, M., Järveläinen, J., Heikkilä, M. and Heikkilä, J. (2019) Business Continuity of Business Models: Evaluating the Resilience of Business Models for Contingencies. International Journal of Information Management, 49, 208-216. https://jyx.jyu.fi/bitstream/handle/123456789/66650/1/bc%20for%20bmshare.pdf
https://doi.org/10.1016/j.ijinfomgt.2019.04.010
[9]  Antonucci, D. (2017) The Cyber Risk Handbook: Creating and Measuring Effective Cybersecurity Capabilities. Wiley, Hoboken. https://doi.org/10.1002/9781119309741
https://www.wiley.com/en-us/The Cyber Risk Handbook: Creating and Measuring Effective Cybersecurity Capabilities-p-9781119308805
[10]  Lee, I. (2021) Cybersecurity: Risk Management Framework and Investment Cost Analysis. Business Horizons, 64, 659-671. https://e-tarjome.com/storage/btn_uploaded/2021-06-15/1623738581_11813-etarjome%20English.pdf
https://doi.org/10.1016/j.bushor.2021.02.022
[11]  Hopkin, P. (2018) Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management. Kogan Page Limited, London. http://dspace.vnbrims.org:13000/xmlui/bitstream/handle/123456789/5077/Fundamentals%20of%20Risk%20Management.pdf?sequence=1
[12]  Varga, S., Brynielsson, J. and Franke, U. (2021) Cyber-Threat Perception and Risk Management in the Swedish Financial Sector. Computers & Security, 105, Article ID: 102239. https://www.sciencedirect.com/science/article/pii/S0167404821000638
https://doi.org/10.1016/j.cose.2021.102239
[13]  Hunziker, S. (2021) Enterprise Risk Management: Modern Approaches to Balancing Risk and Reward. Springer, Berlin. https://doi.org/10.1007/978-3-658-33523-6
https://link.springer.com/content/pdf/10.1007/978-3-658-33523-6.pdf
[14]  Goldstein, M. and Flynn, S. (2022) Business Continuity Management Lessons Learned from COVID-19. Journal of Business Continuity & Emergency Planning, 15, 360-380. https://www.ingentaconnect.com/content/hsp/jbcep/2022/00000015/00000004/art00007
[15]  Ali, J.A., Nasir, Q. and Dweiri, F.T. (2020) Business Continuity Framework for Internet of Things (IoT) Services. International Journal of System Assurance Engineering and Management, 11, 1380-1394. https://doi.org/10.1007/s13198-020-01005-7
https://link.springer.com/article/10.1007/s13198-020-01005-7
[16]  Petrenko, S. (2022) Cyber Resilience. CRC Press, Boca Raton. https://www.routledge.com/Cyber-Resilience/Petrenko/p/book/9788770221160
https://doi.org/10.1201/9781003337775
[17]  Ghelani, D. (2022) Cyber Security, Cyber Threats, Implications and Future Perspectives: A Review. American Journal of Science, Engineering and Technology, 3, 12-19. https://doi.org/10.22541/au.166385207.73483369/v1
https://d197for5662m48.cloudfront.net/documents/publicationstatus/90321/preprint_pdf/bcff668d616b9c43ffde5be665cea136.pdf
[18]  Parraguez-Kobek, L., Stockton, P. and Houle, G. (2022) Cybersecurity and Critical Infrastructure Resilience in North America. In: Long, T. and Bersin, A., Eds., Forging a Continental Future, The North American Institutes, Washington DC, 217. https://www.researchgate.net/profile/Penny-Bamber/publication/363863410_North_America_in_Global_Value_Chains/links/6332ed0886b22d3db4e880df/North-America-in-Global-Value-Chains.pdf#page=228
[19]  Kure, H.I., Islam, S. and Razzaque, M.A. (2018) An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System. Applied Sciences, 8, 898. https://www.mdpi.com/2076-3417/8/6/898
https://doi.org/10.3390/app8060898
[20]  Bellini, E., Sargsyan, G. and Kavallieros, D. (2021) Cyber-Resilience. In: Shiaeles, S. and Kolokotronis, N., Eds., Internet of Things, Threats, Landscape, and Countermeasures, CRC Press, Boca Raton, 291-333. https://doi.org/10.1201/9781003006152-8
https://www.taylorfrancis.com/chapters/edit/10.1201/9781003006152-8/cyber-resilience-bellini-sargsyan-kavallieros
[21]  Lee, I. (2020) Internet of Things (IoT) Cybersecurity: Literature Review and IoT Cyber Risk Management. Future Internet, 12, 157. https://www.mdpi.com/1999-5903/12/9/157
https://doi.org/10.3390/fi12090157
[22]  Kleij, R.V.D. and Leukfeldt, R. (2019, July) Cyber Resilient Behavior: Integrating Human Behavioral Models and Resilience Engineering Capabilities into Cyber Security. In: Ahram, T. and Karwowski, W., Eds., International Conference on Applied Human Factors and Ergonomics, Springer, Berlin, 16-27. http://activiteitgerichtwerken.nl/resources/publications/Kleij-Leukfeldt2020_Chapter_CyberResilientBehaviorIntegrat.pdf
https://doi.org/10.1007/978-3-030-20488-4_2
[23]  Papathanasiou, J., Belioka, M.P., Digkoglou, P. and Zopounidis, D. (2022, May) ERM-POP Model: Improving Government Initiatives towards Enterprise Risk Management Implementation. Proceedings of the 8th International Conference on Decision Support System Technology ICDSST 2022 on Decision Support Addressing Modern Industry, Business and Societal Needs, Vol. 8, 124. https://books.google.co.ke/books?hl=en&lr=&id=7Kl3EAAAQBAJ&oi=fnd&pg=PA124&dq=Enterprise Risk Management (ERM) and Business Continuity to counter future Cyber Threats&ots=ozC9t4sbeM&sig=CM42-guvokrG1wTPc0rSerNv_Qk&redir_esc=y#v=onepage&q&f=false
[24]  Radanliev, P., De Roure, D., Cannady, S., Montalvo, R.M., Nicolescu, R. and Huth, M. (2018) Economic Impact of IoT Cyber Risk-Analysing Past and Present to Predict the Future Developments in IoT Risk Analysis and IoT Cyber Insurance. In: Living in the Internet of Things: Cybersecurity of the IoT—2018, Institution of Engineering and Technology, London, 1. https://doi.org/10.1049/cp.2018.0003
https://arxiv.org/ftp/arxiv/papers/1810/1810.10322.pdf
[25]  Settembre-Blundo, D., González-Sánchez, R., Medina-Salgado, S. and García-Muiña, F.E. (2021) Flexibility and Resilience in Corporate Decision Making: A New Sustainability-Based Risk Management System in Uncertain Times. Global Journal of Flexible Systems Management, 22, S107-S132. https://link.springer.com/content/pdf/10.1007/s40171-021-00277-7.pdf?pdf=button
https://doi.org/10.1007/s40171-021-00277-7
[26]  Keskin, O.F., Caramancion, K.M., Tatar, I., Raza, O. and Tatar, U. (2021) Cyber Third-Party Risk Management: A Comparison of Non-Intrusive Risk Scoring Reports. Electronics, 10, 1168. https://doi.org/10.3390/electronics10101168
https://www.mdpi.com/2079-9292/10/10/1168/pdf?version=1620961080
[27]  Althonayan, A. and Andronache, A. (2019) Resiliency under Strategic Foresight: The Effects of Cybersecurity Management and Enterprise Risk Management Alignment. 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), Oxford, 3-4 June 2019, 1-9. https://www.researchgate.net/profile/Alina-Andronache-2/publication/332094387_Resiliency_under_Strategic_Foresight_The_effects_of_Cybersecurity_Manage-ment_and_Enterprise_Risk_Management_Alignment/links/5d02be77a6fdccd130991fd7/Resiliency-under-Strategic-Foresight-The-effects-of-Cybersecurity-Management-and-Enterprise-Risk-Management-Alignment.pdf
https://doi.org/10.1109/CyberSA.2019.8899445
[28]  Lamine, E., Thabet, R., Sienou, A., Bork, D., Fontanili, F. and Pingaud, H. (2020) BPRIM: An Integrated Framework for Business Process Management and Risk Management. Computers in Industry, 117, Article ID: 103199. https://www.sciencedirect.com/science/article/abs/pii/S0166361520300890
https://doi.org/10.1016/j.compind.2020.103199
[29]  Marotta, A. and McShane, M. (2018) Integrating a Proactive Technique into a Holistic Cyber Risk Management Approach. Risk Management and Insurance Review, 21, 435-452. https://doi.org/10.1111/rmir.12109
https://www.researchgate.net/profile/Michael-Mcshane-4/publication/329709919_Integrating_a_Proactive_Technique_Into_a_Holistic_Cyber_Risk_Management_Approach_A_Holistic_Cyber_Risk_Management_Approach/links/5efca43392851c52d60cc56f/Integrating-a-Proactive-Technique-Into-a-Holistic-Cyber-Risk-Management-Approach-A-Holistic-Cyber-Risk-Management-Approach.pdf
[30]  Jarjoui, S. and Murimi, R. (2021) A Framework for Enterprise Cybersecurity Risk Management. In: Daimi, K. and Peoples, C., Eds., Advances in Cybersecurity Management, Springer, Berlin, 139-161. https://doi.org/10.1007/978-3-030-71381-2_8
https://www.researchgate.net/profile/Renita-Murimi/publication/352435737_A_Framework_for_Enterprise_Cybersecurity_Risk_Management/links/629f40696886635d5cc6fdd0/A-Framework-for-Enterprise-Cybersecurity-Risk-Management.pdf

Full-Text


comments powered by Disqus

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133

WeChat 1538708413