Measurement of the Cybersecurity Strategy Effectiveness with a Scorecard Based On Risk Analysis

Year 2023, Volume: 11 Issue: 4, 1116 - 1130, 28.12.2023

Özlem Görkan Evre Bünyamin Ciylan

https://doi.org/10.29109/gujsc.1345984

Abstract

Although the rapid acceleration of technology offers solutions that will make life easier, it also brings technological threats that will negatively affect human life and cause serious problems. Attacks, thefts and espionage using technology increase exponentially every year compared to the previous. In order to eliminate this problem that affects the whole world, many countries give priority to creating cybersecurity strategies in order to protect their information and re-sources, and develop effective implementation methods. Despite the abundant literature, there is a large gap in the effective implementation of strategies. While evaluating the strategy, measurement is made regardless of the risks that will arise if the action plan is not fulfilled. For this reason, it is recommended to evaluate the risk that will arise if the action titles are not implemented in order to eliminate this shortcoming. The aim is to emphasize that sustainability and continuous improvement will be increased by using the scorecard based on risk analysis by implementing the proposed action plan through the strategy model. The use of scorecards to over-come the increasing challenges arising from digital transformation today will contribute to the evaluation of the strategy and eliminate its shortcomings, as well as provide self-assessment. This study suggests that measuring as a method of increasing efficiency, which has not been discussed much until now, may be the solution. In order to ensure the security of the smart world, there is a need for a sustainable and effective strategy that can keep up with digital realities, renewing itself.

Keywords

National Cybersecurity Strategy, Effectiveness of Strategy, Strategy Implementation Model, Scorecard for Cybersecurity Strategy, Measuring Cybersecurity Strategy

References

• [1] Tsaruk O, Korniiets M. Hybrid nature of modern threats for cybersecurity and information security. Smart Cities and Regional Development (SCRD) Journal. 2020; 4(1): 57-78.
• [2] Flowerday S, Tuyikeze T. Information security policy development and implementation: The what, how and who. Computers & Security. 2016; 61: 169-183.
• [3] Mills J, Stuban SMF, Dever, J. Predict insider threats using human behaviors. IEEE Engineering Management Review. 2017; 45(1): 39-48.
• [4] Kovacs L. National cybersecurity strategy framework. Academic and Applied Research in Military and Public Management Science. 2019: 18(2).
• [5] TR Ministry of Transport, Maritime Affairs and Communications. National cyber security strategy and 2013-2014 action plan. 2013. Available online: https://www.btk.gov.tr/uploads/pages/2-1-strateji-eylem-plani-2013-2014-5a3412cf8f45a.pdf (accessed on 12 June 2023).
• [6] TR Ministry of Transport, Maritime Affairs and Communications. 2016-2019 national cyber security strategy. 2016. Available online: https://hgm.uab.gov.tr/uploads/pages/strateji-eylem-planlari/2016-2019guvenlik.pdf https://www.btk.gov.tr/uploads/pages/2-1-strateji-eylem-plani-2013-2014-5a3412cf8f45a.pdf (accessed on 12 June 2023).
• [7] Cyber Security Agency of Singapore. Singapore’s cybersecurity strategy. 2016. Available online: https://www.csa.gov.sg/Tips-Resource/publications/2016/Singapore-Cybersecurity-Strategy (accessed on 12 June 2023).
• [8] Cyber Security Agency of Singapore. Singapore's safer cyberspace masterplan. 2020. Available online: https://www.csa.gov.sg/Tips-Resource/publications/2020/safer-cyberspace-masterplan (accessed on 12 June 2023).
• [9] Cyber Security Agency of Singapore. Singapore cyber safety handbook. 2020. Available online: https://www.csa.gov.sg/docs/default-source/csa/documents/publications/cyber-safety-activity-book-and-handbook/cyber-safety-handbook.pdf?sfvrsn=7ddf002f_0 (accessed on 12 June 2023).
• [10] Cyber Security Agency of Singapore. The singapore cybersecurity strategy. 2021. Available online: https://www.csa.gov.sg/docs/default-source/csa/documents/publications/the-singapore-cybersecurity-strategy-2021.pdf?sfvrsn=809ced95_0 (accessed on 12 June 2023).
• [11] Republic of Estonia. Cybersecurity strategy. 2019. Available online: https://www.mkm.ee/media/703/download (accessed on 12 June 2023).
• [12] Republic of Estonia. Cybersecurity strategy in Estonia. 2021. Available online: https://www.ria.ee/media/1494/download (accessed on 12 June 2023).
• [13] The European Network and Information Security Agency (ENISA). National cyber security strategies practical guide on development and execution. 2012. Available online: https://www.enisa.europa.eu/publications/national-cyber-security-strategies-an-implementation-guide (accessed on 12 June 2023).
• [14] NATO Cooperative Cyber Defense Centre of Excellence. National cyber security framework manual. 2012. Available online: https://ccdcoe.org/uploads/2018/10/NCSFM_0.pdf (accessed on 12 June 2023).
• [15] International Telecommunication Union (ITU). Guide to developing a national cybersecurity strategy. 2018. Available online: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-CYB_GUIDE.01-2018-PDF-E.pdf (accessed on 12 June 2023).
• [16] International Telecommunication Union (ITU). Global cybersecurity index. 2014. Available online: https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx (accessed on 12 June 2023).
• [17] International Telecommunication Union (ITU). Global cybersecurity index. 2017. Available online: https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx (accessed on 12 June 2023).
• [18] International Telecommunication Union (ITU). Global cybersecurity index. 2018. Available online: https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx (accessed on 12 June 2023).
• [19] International Telecommunication Union (ITU). Global cybersecurity index. 2020. Available online: https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx (accessed on 12 June 2023).
• [20] Haddad C, Binder C. Governing through cybersecurity: National policy strategies, globalized (in-) security and sociotechnical visions of the digital society. Österreichische Zeitschrift für Soziologie, 2019; 44(1):115-134.
• [21] Karatas A. The comparative analysis of national cyber security policies: United States, United Kingdom and Turkey examples. Journal of Academic Social Resources, 2020; 5(19): 737-751.
• [22] Stitilis D, Pakutinskas P, Malinauskaitė I. EU and NATO cybersecurity strategies and national cyber security strategies: A comparative analysis. Security Journal. 2017; 30(4): 1151–1168.
• [23] Göçoğlu V, Aydın MD. Cybersecurity Policy: A comparative analysis of the USA, Russia, and China. Journal of Security Sciences. 2019; 8(2): 229-252.
• [24] Egas MR, Ninahualpa G, Molina D, Ron M, Ninahualpa G, Díaz J. National cybersecurity strategy for developing countries: Case study: Ecuador proposal. In proceedings of the 15th Iberian Conference on Information Systems and Technologies (CISTI), Sevilla, Spain. 24-27 June 2020.
• [25] Al-Hamar A. Enhancing information security process in organisations in Qatar. PhD Thesis, Loughborough University, England, 25 June 2018.
• [26] Alarifi AS. Assesing and mitigating information security risk in Saudi Arabia. PhD Thesis, University of Wollongong, Australia, 2013.
• [27] Paarlberg JW. An empirical analysis on the effectiveness of information security policies, information technology governance, and international organization for standardization security certification. PhD Thesis, Capella University, United States, 2016.
• [28] Izycki E, Colli R. Protection of critical infrastructure in national cyber security strategies, european conference on cyber warfare and security. In proceedings of the 18th European Conference on Cyber Warfare and Security – ECCWS, Coimbra, Portugal, 4-5 July 2019.
• [29] Pavlova E. Enhancing the organisational culture related to cyber security during the university digital transformation. Information & Security. 2020; 46(3): 239-249.
• [30] Darıcılı AB. Analysis of Turkey's cyber security policies; Turkey's potential cyber security strategy. Turkish Journal of TESAM Academy. 2019; 6(2): 11-33.
• [31] Santisteban A, Cunyarachi LO, Andrade-Arenas L. Analysis of national cybersecurity strategies. (IJACSA) International Journal of Advanced Computer Science and Applications. 2020; 11(12): 771-779.
• [32] Al-Ghamdi M. Guide to developing a national cyber security strategy. Materials Today: Proceedings. 2021.
• [33] Tews S. Does the US need a national cybersecurity strategy? 2021. Available online: https://www.aei.org/events/does-the-us-need-a-national-cybersecurity-strategy/ (accessed on 12 June 2023).
• [34] Jacuch A. Comparative analysis of cybersecurity strategies. European Union Strategy and Policies. Polish and Selected Countries Strategies. Online Journal Modelling the New Europe. 2021; 37: 102-120.
• [35] Jelenc L, Lerner S, Knapic V. Strategy deployment using PDCA cycle. In Proceedings of the 5th International Scientific Conference Lean Spring Summit, Zagreb, 25 June 2020.
• [36] Traditional media vs. new media: Which is beneficial. Available online: https://www.techfunnel.com/martech/traditional-media-vs-new-media-beneficial/#:~:text=New%20media%20tends%20to%20be,interaction%20between%20business%20and%20consumer (accessed on 12 June 2023).
• [37] Alauddin N, Yamada S. Overview of deming criteria for total quality management conceptual framework design in education services. Journal of Engineering and Science Research. 2019; 3(5): 12-20.
• [38] Chatchalermpun S, Daengsi T. Improving cybersecurity awareness using phishing attack simulation. In proceedings on Annual Conference on Computer Science and Engineering Technology (AC2SET), Medan, Indonesia, 23 September 2020.
• [39] ENISA national cybersecurity strategies evaluation tool. Available online: https://www.enisa.europa.eu/topics/national-cyber-security-strategies/national-cyber-security-strategies-guidelines-tools/national-cyber-security-strategies-evaluation-tool (accessed on 12 June 2023).
• [40] Shabe T, Kritzinger E, Loock M. Scorecard approach for cyber-security awareness. In proceedings of International Symposium on Emerging Technologies for Education, Cape Town, South Africa, 20-22 September 2017.
• [41] Null, C. What is a cyber risk score? 2021. Available online: https://www.tanium.com/blog/what-is-a-cyber-risk-score-and-why-does-it-matter/ (accessed on 28 July 2023).
• [42] Venkataraman S. The importance of measuring security awareness. 2021. Available online: https://www.forbes.com/sites/forbestechcouncil/2021/10/22/the-importance-of-measuring-security-awareness/?sh=2989d26c2704 (accessed on 28 July 2023).
• [43] Jazri H, Zakaria O, Chikohora E. Measuring cybersecurity wellness index of critical organisations. In proceedings of IST-Africa Conference, Gaborone, Botswana, 09 - 11 May 2018.