Journal of Operational Risk
ISSN:
1744-6740 (print)
1755-2710 (online)
Editor-in-chief: Marcelo Cruz
Bridging networks, systems and controls frameworks for cybersecurity curriculums and standards development
Need to know
- Applied Cybersecurity & Finance practices in the US and global private and public industry are transitioning to an overall 'Cyber Finance' focus on Cyber Risk Management.
- It is hence necessary to align Cybersecurity & Finance application standards and curricula with emerging 'Cyber Finance' practices.
- Towards that goal, this article proposes a framework for aligning, integrating, and, streamlining Cybersecurity & Finance Networks, Systems, and, Controls Frameworks across the three levels to align them with the needs of Cyber Risk Management practice.
Abstract
Applied cybersecurity practices in private and public industry in the United States are transitioning to an overall focus on cyber risk management. Hence, it is necessary to align the information technology (IT) cybersecurity application standards of professional associations and related educational curriculums with emerging applications in practice. Current standards and educational curriculums seem fragmented across network protocols and network analysis tool frameworks (NPNATFs); systems and networks infrastructure frameworks (SNIFs); and risk management and controls policy frameworks (RMCPFs). This paper develops an applied framework for aligning, integrating and streamlining standards and curriculums across all three levels, aligning them with the needs of applied risk management practice. A cyber risk management framework is developed with a focus on voice over internet protocol (VoIP) networks. These networks have been gaining central prominence across diverse industries, such as global banking and finance, over the past decade. Despite their central role (in both technological and economic terms), sparse attention has been given to their critical vulnerabilities – described as the “weakest links” in global banking and finance networks – as is evident from cybersecurity and penetration testing. This paper demonstrates the contribution of the proposed cyber risk management framework in addressing such critical gaps in global banking and finance cybersecurity and information assurance practices. The latter constitutes an example application of the proposed framework; it is extendable to multiple other industries including health care.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net