A systematic review of cyber-resilience assessment frameworks

Daniel Alberto Sepúlveda Estay*, Rishikesh Sahay, Michael Bruhn Barfod, Christian D. Jensen

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review


Cyber-attacks are regarded as one of the most serious threats to businesses worldwide. Organizations dependent on Information Technology (IT) derive value not only from preventing cyber-attacks, but also from responding promptly and coherently when cyber-attacks happen so as to minimize their disruptive effect on operations. This capacity is known as cyber-resilience. As multiple cyberresilience frameworks (CRF) have been proposed, increased clarity about the scope, characteristics, synergies and gaps in existing CRFs will facilitate scientific research advancement in this area. This paper uses a structured literature review to identify extant research on CRFs. This analysis is based on a sample representing 36 different industries and 25 different research areas. Through the use of descriptive analysis, network analysis, text analysis and thematic categorization this paper categorizes CRFs as either strategic or operational, and according to the hierarchy of their decision influence, attacks addressed, the methods used and the places and institutions doing CRF research. As a result, this work presents an overview of the current CRF research landscape, identifies relevant research gaps, highlights similarities and synergies between CRFs, and proposes opportunities for interdisciplinary research, as a contribution to guide future research in this area.
Original languageEnglish
Article number101996
JournalComputers & Security
Publication statusPublished - 2020

Fingerprint Dive into the research topics of 'A systematic review of cyber-resilience assessment frameworks'. Together they form a unique fingerprint.

Cite this