Dissertation on Cyber Security Governance
Added on 2022-12-15
52 Pages16595 Words253 Views
Running Head: Dissertation on Cyber Security Governance
A Comparative Analysis in Cyber Security Governance
Standards
And
Proposed Roadmap to Successful Implementation
A Comparative Analysis in Cyber Security Governance
Standards
And
Proposed Roadmap to Successful Implementation
CYBER SECURITY GOVERNANCE1
Abstract:
One of the most notable development of the recent era is the IT, but the challenges associated
with them have also increased. The challenge is mostly associated with the security concerns.
Hence, to counter the challenge the development of cybersecurity techniques and policies have
been done. However, without adequate governance of cybersecurity, the effectiveness of the
cybersecurity is mitigated. Hence, the study in discussion have pursued the case study of Dubai
Municipality and have presented a cybersecurity governance framework for the municipality.
The challenges that are associated with the cyber-security governance framework have also been
presented to gain a better insight into the subject of discussion. A comparative analysis of
different and existing cybersecurity governance standards have also been done to offer an
improved insight. The findings of the paper have been obtained through mixed data collection
methodology. As part of the study the secondary data, interviews, and survey were conducted
and they were summarized to conclude on the paper.
Abstract:
One of the most notable development of the recent era is the IT, but the challenges associated
with them have also increased. The challenge is mostly associated with the security concerns.
Hence, to counter the challenge the development of cybersecurity techniques and policies have
been done. However, without adequate governance of cybersecurity, the effectiveness of the
cybersecurity is mitigated. Hence, the study in discussion have pursued the case study of Dubai
Municipality and have presented a cybersecurity governance framework for the municipality.
The challenges that are associated with the cyber-security governance framework have also been
presented to gain a better insight into the subject of discussion. A comparative analysis of
different and existing cybersecurity governance standards have also been done to offer an
improved insight. The findings of the paper have been obtained through mixed data collection
methodology. As part of the study the secondary data, interviews, and survey were conducted
and they were summarized to conclude on the paper.
CYBER SECURITY GOVERNANCE2
Table of Contents
1 Introduction............................................................................................................................4
1.1 Background.......................................................................................................................4
1.2 Problem.............................................................................................................................4
1.3 Purpose..............................................................................................................................5
1.4 Characterization of Knowledge........................................................................................5
1.5 Scope.................................................................................................................................6
2 Research Methodology..........................................................................................................7
2.1 Research strategy..............................................................................................................7
2.1.1 Case Study.................................................................................................................8
2.2 Data collection methods....................................................................................................9
2.2.1 Interviews..................................................................................................................9
2.2.2 Documented data.....................................................................................................10
2.2.3 Quantitative data......................................................................................................10
2.3 Data Analysis..................................................................................................................10
2.4 Tools used.......................................................................................................................11
3 Extended Background.........................................................................................................11
3.1 Introduction.....................................................................................................................11
3.2 Cybersecurity..................................................................................................................12
3.3 Factors associated with Cyber security Governance.......................................................13
3.3.1 Senior engagement...................................................................................................13
3.3.2 Adaptability and Agility of decision making...........................................................14
3.3.3 Cyber risk mitigation approach...............................................................................14
3.3.4 Disciplines...............................................................................................................15
3.3.5 Strategic Integration.................................................................................................15
3.4 Summary.........................................................................................................................15
4 Results and Analysis............................................................................................................16
4.1 Case Study.......................................................................................................................16
4.2 Information on Standards................................................................................................17
4.2.1 Comparison between the Standards.........................................................................18
4.2.2 Summary..................................................................................................................20
4.3 Descriptive Analysis.......................................................................................................20
Table of Contents
1 Introduction............................................................................................................................4
1.1 Background.......................................................................................................................4
1.2 Problem.............................................................................................................................4
1.3 Purpose..............................................................................................................................5
1.4 Characterization of Knowledge........................................................................................5
1.5 Scope.................................................................................................................................6
2 Research Methodology..........................................................................................................7
2.1 Research strategy..............................................................................................................7
2.1.1 Case Study.................................................................................................................8
2.2 Data collection methods....................................................................................................9
2.2.1 Interviews..................................................................................................................9
2.2.2 Documented data.....................................................................................................10
2.2.3 Quantitative data......................................................................................................10
2.3 Data Analysis..................................................................................................................10
2.4 Tools used.......................................................................................................................11
3 Extended Background.........................................................................................................11
3.1 Introduction.....................................................................................................................11
3.2 Cybersecurity..................................................................................................................12
3.3 Factors associated with Cyber security Governance.......................................................13
3.3.1 Senior engagement...................................................................................................13
3.3.2 Adaptability and Agility of decision making...........................................................14
3.3.3 Cyber risk mitigation approach...............................................................................14
3.3.4 Disciplines...............................................................................................................15
3.3.5 Strategic Integration.................................................................................................15
3.4 Summary.........................................................................................................................15
4 Results and Analysis............................................................................................................16
4.1 Case Study.......................................................................................................................16
4.2 Information on Standards................................................................................................17
4.2.1 Comparison between the Standards.........................................................................18
4.2.2 Summary..................................................................................................................20
4.3 Descriptive Analysis.......................................................................................................20
CYBER SECURITY GOVERNANCE3
4.3.1 Summary..................................................................................................................27
4.4 Inferential Analysis.........................................................................................................27
4.4.1 Cyber Security in Dubai Municipality.....................................................................27
4.4.2 ANOVA test on identified variable for adequate Cyber Security Governance.......28
4.5 Findings...........................................................................................................................30
4.5.1 Cyber Security Governance Challenges..................................................................30
4.5.2 Comparison with other municipality to determine Factors and protocols......31
4.5.3 Crucial Factors.......................................................................................................33
4.6 Recommendation for Framework and implementation..................................................35
5 Conclusion............................................................................................................................37
6 References.............................................................................................................................39
7 Appendices............................................................................................................................47
7.1 Appendix A.....................................................................................................................47
7.2 Appendix B.....................................................................................................................47
4.3.1 Summary..................................................................................................................27
4.4 Inferential Analysis.........................................................................................................27
4.4.1 Cyber Security in Dubai Municipality.....................................................................27
4.4.2 ANOVA test on identified variable for adequate Cyber Security Governance.......28
4.5 Findings...........................................................................................................................30
4.5.1 Cyber Security Governance Challenges..................................................................30
4.5.2 Comparison with other municipality to determine Factors and protocols......31
4.5.3 Crucial Factors.......................................................................................................33
4.6 Recommendation for Framework and implementation..................................................35
5 Conclusion............................................................................................................................37
6 References.............................................................................................................................39
7 Appendices............................................................................................................................47
7.1 Appendix A.....................................................................................................................47
7.2 Appendix B.....................................................................................................................47
CYBER SECURITY GOVERNANCE4
1 Introduction
1.1 Background
Information Technology development is one of the most prior developments that have
revolutionized the world and humans as well. The development of the technology has enabled
humans to carry out the most complex operations with great ease and efficiency (Schwalbe,
2015). However, the use of technology has also exposed its users to a great number of challenges
such as security threats, privacy threats and similar others that can be very influential. Hence, the
mitigation of the discussed challenges is also necessary. The mitigation of the challenges posed
by the IT (Information Technology) will enable the users to leverage the technology without
concerning the challenges posed by the IT. Two approaches are primary that can mitigate the
threats that make the IT infrastructure of an entity vulnerable (Lloyd, 2017).
The approaches mentioned above are IT management and IT governance. The IT
management discusses the managing of the IT infrastructure while, IT governance is dedicated to
governing the use of IT services with adequate attention (Alreemy et al., 2016). The paper in the
discussion is aimed at detailing the IT governance that has been further shortlisted to detail the
cybersecurity governance. The paper has done a comparative analysis of different cyber-security
governance standards and will eventually propose a cyber-security framework for the Dubai
Municipality. The paper has also emphasized on the roadmap for the successful implementation
of the cyber-security governance framework.
1.2 Problem
The section above has established the fact that the IT infrastructure is vulnerable to certain
challenges. The challenges that have been detailed in the section above are extensive that
includes the physical damages to the equipment of the IT infrastructure and internal threats as
well as the threat from the external sources. The threats from the internal source and physical
damage are prominent however; the primary threat is that from the external sources (Trim & Lee,
2016). The threats from the external sources are called as the cyber-attacks that are carried out
using the cyber network. The cyber-attacks are the most prominent and most frequent threat to
an IT infrastructure. The cyber-attacks compromises the data of the entity that can compromise
the strategic planning in case of the organizations and poses security and privacy threat to the
1 Introduction
1.1 Background
Information Technology development is one of the most prior developments that have
revolutionized the world and humans as well. The development of the technology has enabled
humans to carry out the most complex operations with great ease and efficiency (Schwalbe,
2015). However, the use of technology has also exposed its users to a great number of challenges
such as security threats, privacy threats and similar others that can be very influential. Hence, the
mitigation of the discussed challenges is also necessary. The mitigation of the challenges posed
by the IT (Information Technology) will enable the users to leverage the technology without
concerning the challenges posed by the IT. Two approaches are primary that can mitigate the
threats that make the IT infrastructure of an entity vulnerable (Lloyd, 2017).
The approaches mentioned above are IT management and IT governance. The IT
management discusses the managing of the IT infrastructure while, IT governance is dedicated to
governing the use of IT services with adequate attention (Alreemy et al., 2016). The paper in the
discussion is aimed at detailing the IT governance that has been further shortlisted to detail the
cybersecurity governance. The paper has done a comparative analysis of different cyber-security
governance standards and will eventually propose a cyber-security framework for the Dubai
Municipality. The paper has also emphasized on the roadmap for the successful implementation
of the cyber-security governance framework.
1.2 Problem
The section above has established the fact that the IT infrastructure is vulnerable to certain
challenges. The challenges that have been detailed in the section above are extensive that
includes the physical damages to the equipment of the IT infrastructure and internal threats as
well as the threat from the external sources. The threats from the internal source and physical
damage are prominent however; the primary threat is that from the external sources (Trim & Lee,
2016). The threats from the external sources are called as the cyber-attacks that are carried out
using the cyber network. The cyber-attacks are the most prominent and most frequent threat to
an IT infrastructure. The cyber-attacks compromises the data of the entity that can compromise
the strategic planning in case of the organizations and poses security and privacy threat to the
CYBER SECURITY GOVERNANCE5
individuals associated with the organizations, community, or other groups (Malhotra, 2017).
Hence, it is primary to have a cyber-threats mitigation plan in the establishment. One of the
primary needs for attaining the cyber-threat mitigation plan is to establish a cyber-security
governance policy.
The establishment of the above-discussed policy needs to be accurate so that the policy
offers no vulnerability and can offer its services in ensuring a safe and secure IT infrastructure.
One of the potential challenges in the above-mentioned objective is to have an adequate cyber-
security policy and is the problem statement that the paper has attempted to addressed. Hence,
the problem statement of the paper is to address the needs for cyber-security governance need for
the Dubai Municipality.
1.3 Purpose
The discussions above have established the context for the paper and have addressed the
key issue that has provided motivation for carrying out the research. Hence, based on the
discussion above, it can be stated that the primary aim of the paper is to identify the most suited
factors and protocols for cyber-security governance through comparative analysis. The
secondary aim that the paper has pursued it to determine the roadmap that will offer assistance
for the successful implementation of the proposed cyber-security governance framework. The
aim of the paper along with the objectives of the paper have been listed as follows.
To identify the cyber-security challenges that are associated with the Dubai Municipality.
To identify the most suitable factors and protocols that can offer assistance in the
development of a cyber-security governance framework for the Dubai Municipality.
To run a comparative analysis to identify the factors and patterns that are common to the
most prominent and reliable cybersecurity governance frameworks.
To propose a framework for the cyber-security governance of the Dubai Municipality.
To propose an implementation strategy for the effective and efficient implementation of
the cyber-security framework proposed in the paper.
1.4 Characterization of Knowledge
Cyber threats are the most prominent threats that are being faced by the individuals and the
groups as well. Hence, the need for cybersecurity is very high; however, the existence of cyber
individuals associated with the organizations, community, or other groups (Malhotra, 2017).
Hence, it is primary to have a cyber-threats mitigation plan in the establishment. One of the
primary needs for attaining the cyber-threat mitigation plan is to establish a cyber-security
governance policy.
The establishment of the above-discussed policy needs to be accurate so that the policy
offers no vulnerability and can offer its services in ensuring a safe and secure IT infrastructure.
One of the potential challenges in the above-mentioned objective is to have an adequate cyber-
security policy and is the problem statement that the paper has attempted to addressed. Hence,
the problem statement of the paper is to address the needs for cyber-security governance need for
the Dubai Municipality.
1.3 Purpose
The discussions above have established the context for the paper and have addressed the
key issue that has provided motivation for carrying out the research. Hence, based on the
discussion above, it can be stated that the primary aim of the paper is to identify the most suited
factors and protocols for cyber-security governance through comparative analysis. The
secondary aim that the paper has pursued it to determine the roadmap that will offer assistance
for the successful implementation of the proposed cyber-security governance framework. The
aim of the paper along with the objectives of the paper have been listed as follows.
To identify the cyber-security challenges that are associated with the Dubai Municipality.
To identify the most suitable factors and protocols that can offer assistance in the
development of a cyber-security governance framework for the Dubai Municipality.
To run a comparative analysis to identify the factors and patterns that are common to the
most prominent and reliable cybersecurity governance frameworks.
To propose a framework for the cyber-security governance of the Dubai Municipality.
To propose an implementation strategy for the effective and efficient implementation of
the cyber-security framework proposed in the paper.
1.4 Characterization of Knowledge
Cyber threats are the most prominent threats that are being faced by the individuals and the
groups as well. Hence, the need for cybersecurity is very high; however, the existence of cyber
CYBER SECURITY GOVERNANCE6
security is not enough, as there needs to be a focus on the cybersecurity framework as well. The
reason for the aforementioned statement has been justified by Malhotra (2017), where he had
claimed that the cybersecurity governance framework ensures that the adopted cybersecurity
measures are effective and are being used properly without developing any chaos and unethical
measures. The statement above can be further explained by the fact that the cyber security
measures that are being used for protection against the cyberattacks can be used for
compromising with the human rights (Soomro,Shah & Ahmed, 2016). The human rights here can
be directed towards the fact that the cyber security protocols can be applied towards monitoring
of the user's activities, which violates there right of privacy and security. The monitoring of the
use of cyber-technology without the consent of the users is also an unethical act that should be
associated and needs to be taken into consideration. Similarly, a cyber-security framework with
proper governance can add to different challenges that are unethical and violates the rights of the
users.
Furthermore, cybersecurity governance is needed because the governance establishes a
guideline for the adequate use of the cyber infrastructure for the associated individuals.
Establishing of the proper guideline for the use of the cyber-technologies not just helps the users
with ease of use by providing them direction and guidance over the use of the technology but
also ensures that the users are not using the cyber-network for conducting any misconducts that
are undesirable and should be mitigated. The governance also makes it simple for the
organization or any other larger group of users such as cities, states and others to keep track of
the flaws and need for advancements in the cyber-network of the firm (Rashid et al., 2018). The
discussed identification enables the organizations, states or other major group to continuously
upgrade the cyber capabilities that offer prominence to the network and its users, which adds to
the competitive advantage and sustainability as a whole.
Hence, to summarize, the discussion above it can be stated that cybersecurity governance
is one of the primary aspects that add value to the needs for cyber-protection and ethical use of
the network. It also provides guidelines for the use of the network, which altogether adds value
to the users in terms of security and ethical use of the cyber framework.
security is not enough, as there needs to be a focus on the cybersecurity framework as well. The
reason for the aforementioned statement has been justified by Malhotra (2017), where he had
claimed that the cybersecurity governance framework ensures that the adopted cybersecurity
measures are effective and are being used properly without developing any chaos and unethical
measures. The statement above can be further explained by the fact that the cyber security
measures that are being used for protection against the cyberattacks can be used for
compromising with the human rights (Soomro,Shah & Ahmed, 2016). The human rights here can
be directed towards the fact that the cyber security protocols can be applied towards monitoring
of the user's activities, which violates there right of privacy and security. The monitoring of the
use of cyber-technology without the consent of the users is also an unethical act that should be
associated and needs to be taken into consideration. Similarly, a cyber-security framework with
proper governance can add to different challenges that are unethical and violates the rights of the
users.
Furthermore, cybersecurity governance is needed because the governance establishes a
guideline for the adequate use of the cyber infrastructure for the associated individuals.
Establishing of the proper guideline for the use of the cyber-technologies not just helps the users
with ease of use by providing them direction and guidance over the use of the technology but
also ensures that the users are not using the cyber-network for conducting any misconducts that
are undesirable and should be mitigated. The governance also makes it simple for the
organization or any other larger group of users such as cities, states and others to keep track of
the flaws and need for advancements in the cyber-network of the firm (Rashid et al., 2018). The
discussed identification enables the organizations, states or other major group to continuously
upgrade the cyber capabilities that offer prominence to the network and its users, which adds to
the competitive advantage and sustainability as a whole.
Hence, to summarize, the discussion above it can be stated that cybersecurity governance
is one of the primary aspects that add value to the needs for cyber-protection and ethical use of
the network. It also provides guidelines for the use of the network, which altogether adds value
to the users in terms of security and ethical use of the cyber framework.
CYBER SECURITY GOVERNANCE7
1.5 Scope
The aim of the report is to present a cyber-security governance framework for the Dubai
Municipality. It offers great prominence to the users of the cyber-technology in the Dubai
Municipality. The developed framework will offer them a highly secure and efficient use of the
technologies and networks that will add value to their life as an individual. Furthermore, the
presented framework will be developed using insights and ideas from different cybersecurity
governance frameworks that are in place and have been developed post research and studies by
different researchers, scholars, and organizations. Hence. The presented framework will be of
great viability and will offer support in the development of similar framework for the entities
similar to Dubai Municipality. Furthermore, as the developed framework will be based on the
best practices for cybersecurity governance, so it can be used as a generalized solution. The
entities that are similar to the Dubai Municipality can leveraged it as their own cybersecurity
governance. Furthermore, the study in the discussion will pave ways for future studies that can
offer benefit to the cyber-security framework standard. Hence, to summarize the discussions
above it would the justified to state that the scope of the discussed study is very extensive and
can be leveraged to offer values in terms of different contexts.
2 Research Methodology
2.1 Research strategy
The research strategy of a research work depicts the systematic plan that is undertaken to
complete a research plan (Brannen, 2017). The depicting of the research strategy adds value to
the reliability of the research study. The reason for the aforementioned fact can be justified by
the fact that the research strategy is a reference to the direction, which was adopted to complete
the research and even offers evidence to the efforts and thoughts of the researcher. Hence, the
discussed section is depicted towards detailing the research strategy of the study in the
discussion. The background established for the paper and the selection of the case for which the
cybersecurity framework is being developed offers evidence to the fact that the Dubai
Municipality needs a framework for its protection against the cyber-attacks.
The philosophy adopted for the research study in the discussion is the interpretivism
research philosophy. The reason for the selection of the interpretivism research philosophy can
be justified by the fact that the philosophy in the discussion is of believe that a subject or
1.5 Scope
The aim of the report is to present a cyber-security governance framework for the Dubai
Municipality. It offers great prominence to the users of the cyber-technology in the Dubai
Municipality. The developed framework will offer them a highly secure and efficient use of the
technologies and networks that will add value to their life as an individual. Furthermore, the
presented framework will be developed using insights and ideas from different cybersecurity
governance frameworks that are in place and have been developed post research and studies by
different researchers, scholars, and organizations. Hence. The presented framework will be of
great viability and will offer support in the development of similar framework for the entities
similar to Dubai Municipality. Furthermore, as the developed framework will be based on the
best practices for cybersecurity governance, so it can be used as a generalized solution. The
entities that are similar to the Dubai Municipality can leveraged it as their own cybersecurity
governance. Furthermore, the study in the discussion will pave ways for future studies that can
offer benefit to the cyber-security framework standard. Hence, to summarize the discussions
above it would the justified to state that the scope of the discussed study is very extensive and
can be leveraged to offer values in terms of different contexts.
2 Research Methodology
2.1 Research strategy
The research strategy of a research work depicts the systematic plan that is undertaken to
complete a research plan (Brannen, 2017). The depicting of the research strategy adds value to
the reliability of the research study. The reason for the aforementioned fact can be justified by
the fact that the research strategy is a reference to the direction, which was adopted to complete
the research and even offers evidence to the efforts and thoughts of the researcher. Hence, the
discussed section is depicted towards detailing the research strategy of the study in the
discussion. The background established for the paper and the selection of the case for which the
cybersecurity framework is being developed offers evidence to the fact that the Dubai
Municipality needs a framework for its protection against the cyber-attacks.
The philosophy adopted for the research study in the discussion is the interpretivism
research philosophy. The reason for the selection of the interpretivism research philosophy can
be justified by the fact that the philosophy in the discussion is of believe that a subject or
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Importance of Cybersecurity in Crime Prevention in Australialg...
|36
|8968
|130
IS Audit Report - Information System Risk and Cybersecuritylg...
|13
|2565
|359
Cyber Security: Exploring the Various Aspects and Solutionslg...
|29
|8168
|290
Cyber Security Risk and Mitigation Techniqueslg...
|19
|4079
|163
Emerging Threats and Counter Measurementslg...
|4
|866
|38
Cyber Security Framework and Capacity Building for Cyber Security Acculturationlg...
|18
|4434
|292