Wan Mohamad, Wan Azlena and Abdul Molok, Nurul Nuha and Abd Rahim, Noor Hayani (2025) A conceptual framework: event-based cybersecurity risk assessment for organisations. Journal of Information Systems and Digital Technologies, 7 (1). pp. 120-144. E-ISSN 2682-8790
![[img]](http://irep.iium.edu.my/style/images/fileicons/application_pdf.png) |
PDF
- Published Version
Restricted to Registered users only Download (904kB) | Request a copy |
Abstract
The current phenomenon of the interconnected digital world has heightened exposure to cyber risks, emphasising the critical need for robust cybersecurity risk management within organisations. Cybersecurity risk management encompasses identifying, assessing, and mitigating threats to protect individuals, organisations, and nations from cyber risks. Central to this process is the cybersecurity risk assessment, a fundamental exercise aimed at understanding and mitigating potential cyber threats. There are two primary risk assessment approaches: event-based and asset-based approaches. While current literatures are mostly focused on an asset-based approach, this study delves into the event-based approach by exploring potential cyber-attacks that could compromise the confidentiality, integrity, and availability of digital data, posing significant cybersecurity risks to organisations. Despite technological advancements and the increasing complexity of cyber threats, organisations’ predominant reliance on an asset-based approach to cybersecurity risk assessment may not adequately address the evolving nature of cyber risks. Furthermore, there is a lack of harmonisation between scholarly and established cybersecurity frameworks based on international standards, such as those by the National Institute of Standards and Technology (NIST) and the International Organisation for Standardization (ISO). This paper synthesises existing frameworks from ISO, NIST and academic research and proposes recommendations to guide organisations in implementing an event-based approach to cybersecurity risk assessment.
| Item Type: | Article (Journal) |
|---|---|
| Uncontrolled Keywords: | Cybersecurity, Information security, Risk management, Risk assessment, Event-based, Framework |
| Subjects: | T Technology > T Technology (General) > T55.4 Industrial engineering.Management engineering. > T58.5 Information technology |
| Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): | Kulliyyah of Information and Communication Technology > Department of Information System Kulliyyah of Information and Communication Technology > Department of Information System |
| Depositing User: | Dr. Noor Hayani Abd Rahim |
| Date Deposited: | 12 Jun 2025 14:51 |
| Last Modified: | 12 Jun 2025 14:51 |
| URI: | http://irep.iium.edu.my/id/eprint/121325 |
Actions (login required)
 |
View Item |
Download Statistics
Download Statistics