Author(s)

ADEL I. G. IBRAHIM

Abstract

Cyber threats have changed the universe of enterprise security. These threats are often difficult to determine and locate particularly in the digital and mobile era. Cybercriminals behind these threats possess knowledge, intelligence, creativity, flexibility, and resilience, which increase with time. Security measures taken to mitigate these threats require the cooperation of multiple security disciplines, because a single discipline cannot address the issues of growing threats. This paper first presents the panorama of cybersecurity and its components; subsequently, it reviews the cybersecurity landscape in terms of various frameworks, models, and recommendations issued from specialized organizations and institutions such as NIST, ISO, CSI, and ISACA. This paper attempts to guide enterprises to navigate this supercharged landscape as well as to implement a sound cybersecurity model that is suitable for a specified industry and situation. A methodology was developed in this study. The methodology recommends a framework that is based on a cross section of standard frameworks but adapted to the levels of decision making in the enterprise. The proposed methodology was applied to an institution in the public sector, whereby the cybersecurity panorama was explored, and the best practices suitable for the activity and the processes of the institution were implemented. Thus, a project with defined phases was executed. The methodology also suggests a sense of continuity, as cybersecurity is a never-ending endeavour.

Keywords

cybersecurity, cybercrime, malicious software, cybersecurity standards, cybersecurity frameworks, NIST 800, CIS controls, cybersecurity governance, cybersecurity strategy, cybersecurity imp