Event-based cybersecurity risk assessment: identifying potential cyber-attacks in organisations

Wan Mohamad, Wan Azlena and Abd Rahim, Noor Hayani and Abdul Molok, Nurul Nuha (2025) Event-based cybersecurity risk assessment: identifying potential cyber-attacks in organisations. International Journal on Perceptive and Cognitive Computing (IJPCC), 11 (2). pp. 139-145. E-ISSN 2642-229X

PDF - Published Version
Restricted to Registered users only
Download (430kB) | Request a copy

Official URL: https://journals.iium.edu.my/kict/index.php/IJPCC/...

Abstract

Cybersecurity risk assessment is crucial for organisations since cyber threats are becoming increasingly sophisticated and dynamic. This study investigates how organisations identify potential cyber-attacks within an event-based risk assessment context. Using a qualitative approach, semi-structured interviews were conducted with ten cybersecurity experts from diverse organisations. The experts possess extensive strategic, technical, and advisory expertise in the field. Thematic analysis of the data revealed four key practices: (i)collaborative brainstorminginvolving diverse stakeholders, (ii)referring to historical data and past incident logs, (iii)staying updated on current cyber-attackstrends, and (iv)using established frameworks such as ISO/IEC 27005 supplemented with dynamic resources. These findings underscore the importance of integrating diverse methods and perspectives into event-based cybersecurity risk assessments to address evolving threats. The study contributes to theory and practice by offering actionable insights for organisations to identify potential cyber-attackswithin an event-based cybersecurity risk assessment framework. Limitations are acknowledged, including reliance on self-reported data and a small sample size, with recommendations provided for future research

Item Type:	Article (Journal)
Uncontrolled Keywords:	International Journal on Perceptive and Cognitive Computing (IJPCC)Vol 11, Issue 2 (2025)https://doi.org/10.31436/ijpcc.v11i2.572139Event-Based Cybersecurity Risk Assessment: Identifying Potential Cyber-Attacks in OrganisationsWan Azlena Wan Mohamad, Noor Hayani Abd Rahim, Nurul Nuha Abdul MolokDepartment of Information Systems, Kulliyyah of Information and Communication Technology, International Islamic University Malaysia*Corresponding author:noorhayani@iium.edu.my(Received: 19thFebruary2025; Accepted: 17thJuly, 2025; Published on-line: 30thJuly, 2025)Abstract—Cybersecurity risk assessment is crucial for organisations since cyber threats are becoming increasingly sophisticated and dynamic. This study investigates how organisations identify potential cyber-attacks within an event-based risk assessment context. Using a qualitative approach, semi-structured interviews were conducted with ten cybersecurity experts from diverse organisations. The experts possess extensive strategic, technical, and advisory expertise in the field. Thematic analysis of the data revealed four key practices: (i)collaborative brainstorminginvolving diverse stakeholders, (ii)referring to historical data and past incident logs, (iii)staying updated on current cyber-attackstrends, and (iv)using established frameworks such as ISO/IEC 27005 supplemented with dynamic resources. These findings underscore the importance of integrating diverse methods and perspectives into event-based cybersecurity risk assessments to address evolving threats. The study contributes to theory and practice by offering actionable insights for organisations to identify potential cyber-attackswithin an event-based cybersecurity risk assessment framework. Limitations are acknowledged, including reliance on self-reported data and a small sample size, with recommendations provided for future research.Keywords—
Subjects:	T Technology > T Technology (General) > T55.4 Industrial engineering.Management engineering. > T58.5 Information technology
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button):	Kulliyyah of Information and Communication Technology > Department of Information System Kulliyyah of Information and Communication Technology > Department of Information System Kulliyyah of Information and Communication Technology Kulliyyah of Information and Communication Technology
Depositing User:	Dr. Noor Hayani Abd Rahim
Date Deposited:	03 Sep 2025 14:37
Last Modified:	03 Sep 2025 14:37
URI:	http://irep.iium.edu.my/id/eprint/123053

Actions (login required)

View Item

Download Statistics

Downloads

Downloads per month over past year