A Systematic Literature Review for Modeling a Cyber Risk Assessment Framework

Authors

  • Zahari Mohd Amin Senior Lecturer, School of Information Science, College of Computing, Informatics and Mathematics, Universiti Teknologi MARA, Selangor, Malaysia
  • Norizan Anwar Senior Lecturer, School of Information Science, College of Computing, Informatics and Mathematics, Universiti Teknologi MARA, Selangor, Malaysia
  • Mohd Shamsul Mohd Shoid Senior Lecturer, School of Information Science, College of Computing, Informatics and Mathematics, Universiti Teknologi MARA, Selangor, Malaysia
  • Suzaliana Samuri Senior Manager, Malaysia Airports Holding Berhad, KLIA, Sepang, Selangor, Malaysia

DOI:

https://doi.org/10.21834/e-bpj.v9iSI18.5481

Keywords:

Cyber Security, Systematic Literature Review, Cyber Risk Assessment Framework

Abstract

This paper presents a framework for cyber risk assessment using a systematic literature review (SLR). A three-staged systematic review was used in this SLR planning, conducting, and reporting the review. Results screening was done by applying inclusion and exclusion criteria. EndNote software and the PRISMA flow diagram were helpful tools during this screening process. The SLR helps the researcher to discover the variables and dimensions in assessing cyber risk. Its findings helped the researcher to produce a framework model of cyber risk assessment. The framework created is expected to give an overview of a more standardized and controlled method of assessing cyber risk to be adopted by organizations.

References

Anwar, N. (2015). The Impact of Information Technology Infrastructure Flexibility on Strategic Use of Information Systems. Pacific Asia Conference on Information Systems (PACIS), 3, Paper 271.

Baharuddin, M. F., Tengku, T. A., Mohamad, A. N., & Hasnol, W. M. H. W. (2016). A Framework-based Knowledge Management System (KMS) for Dynamic Decision-Making (DDM). International Journal of Academic Research in Business and Social Sciences, 6(4). https://doi.org/10.6007/ijarbss/v6-i4/2107 DOI: https://doi.org/10.6007/IJARBSS/v6-i4/2107

Cybersecurity Risk Assessment. (n.d.). Retrieved January 6, 2022, from https://www.itgovernance.asia/cyber-security-risk-assessments-10-steps-to-cyber-security

Gough et al., (2012). An introduction to systemic reviews.

History of Cyber Security - Cyber Security Degree. (n.d.). Retrieved January 16, 2022, from https://cyber-security.degree/resources/history-of-cyber-security/

Introduction to JBI Systematic Reviews - JBI Manual for Evidence Synthesis - JBI Global Wiki. (n.d.). Retrieved June 21, 2022, from https://jbi-global-wiki.refined.site/space/MANUAL/4687241/1.1+Introduction+to+JBI+Systematic+reviews

ISO 27001. (2013). INTERNATIONAL STANDARD ISO / IEC Information technology — Security techniques — Information security management systems — Requirements. Information Technology — Security Techniques — Information Security Management Systems — Requirements, 2014(ISO/IEC 27001:2013), 38.

ISO, I S O. (2011). IEC 27005: Information technology–security techniques–information security risk management. Iso/Iec, 44(0).

ISO, International Standards Organisation, 1, J. T. C. I. J., Technology, I., & Subcommittee SC 27, I. S. techniques. (2008). Iso/Iec 27005:2008. 3, 61. http://www.iso.org

Kitchenham, B. A., & Charters, S. (2007). Guidelines for performing Systematic Literature Reviews in Software Engineering. EBSE Technical Report EBSE-2007-01. School of Computer Science and Mathematics, Keele University. January, 1–57.

McNeil, M., Llanso, T., & Pearson, D. (2018, April 10). Application of capability-based cyber risk assessment methodology to a space system. ACM International Conference Proceeding Series. https://doi.org/10.1145/3190619.3190644 DOI: https://doi.org/10.1145/3190619.3190644

Patel, S., & Zaveri, J. (2010). A risk-assessment model for cyber attacks on information systems. Journal of Computers, 5(3), 352–359. https://doi.org/10.4304/jcp.5.3.352-359 DOI: https://doi.org/10.4304/jcp.5.3.352-359

Petticrew, M., & Roberts, H. (2008). Systematic Reviews in the Social Sciences: A Practical Guide. In Systematic Reviews in the Social Sciences: A Practical Guide. https://doi.org/10.1002/9780470754887 DOI: https://doi.org/10.1002/9780470754887

PRISMA. (n.d.). Retrieved June 21, 2022, from https://prisma-statement.org//prismastatement/flowdiagram.aspx

Purssell, E., & McCrae, N. (2020). How to Perform a Systematic Literature Review. In How to Perform a Systematic Literature Review. https://doi.org/10.1007/978-3-030-49672-2 DOI: https://doi.org/10.1007/978-3-030-49672-2

RSA. (2016). Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise. Rsa, 1–4. http://www.reuters.com/article/us-nasdaq-halt-glitch-idUSBRE97S11420130829%0A

Zaini, M. K., Masrek, M. N., & Abdullah Sani, M. K. J. (2020). The impact of information security management practices on organizational agility. Information and Computer Security, 28(5), 681–700. https://doi.org/10.1108/ICS-02-2020-0020 DOI: https://doi.org/10.1108/ICS-02-2020-0020

Downloads

Published

2024-01-17

How to Cite

Mohd Amin, Z., Anwar, N., Mohd Shoid, M. S., & Samuri, S. (2024). A Systematic Literature Review for Modeling a Cyber Risk Assessment Framework. Environment-Behaviour Proceedings Journal, 9(SI18), 189–195. https://doi.org/10.21834/e-bpj.v9iSI18.5481

Issue

Vol. 9 No. SI18 (2024): Jan. Special Issue No. 18. 2nd International Conference on Information Science, Technology, Management, Humanities & Business (ITMAHuB). Hotel UiTM Shah Alam, Malaysia, 26-27 Sep 2023

Section

Risk / Security Environment

License

Copyright (c) 2024 Zahari Mohd Ami, Norizan Anwar, Mohd Shamsul Mohd Shoid, Suzaliana Samuri

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Crossref
Scopus
Google Scholar
Europe PMC

Most read articles by the same author(s)