A structured review of cyber-resilience assessment frameworks

Research output: Contribution to journalJournal articleResearchpeer-review

Abstract

Cyber-attacks are regarded as one of the most serious threats to businesses worldwide. Organizations dependent on Information Technology (IT) derive value not only from preventing cyber-attacks, but also from responding promptly and coherently when cyber-attacks happen so as to minimize their disruptive effect on operations. This capacity is known as cyber-resilience. As multiple cyberresilience frameworks (CRF) have been proposed, increased clarity about the scope, characteristics, synergies and gaps in existing CRFs will facilitate scientific research advancement in this area. This paper uses a structured literature review to identify extant research on CRFs. This analysis is based on a sample representing 36 different industries and 25 different research areas. Through the use of descriptive analysis, network analysis, text analysis and thematic categorization this paper categorizes CRFs as either strategic or operational, and according to the hierarchy of their decision influence, attacks addressed, the methods used and the places and institutions doing CRF research. As a result, this work presents an overview of the current CRF research landscape, identifies relevant research gaps, highlights similarities and synergies between CRFs, and proposes opportunities for interdisciplinary research, as a contribution to guide future research in this area.
Original languageEnglish
JournalFuture Generation Computer Systems - The International Journal of eScience
Number of pages30
ISSN0167-739X
Publication statusAccepted/In press - 2020

Cite this