Developing an Agile Cybersecurity Framework With Organizational Culture Approach Using Q Methodology

Cyberattacks continue to pose significant threats and damages across a wide range of sectors. The main problem that causes this lies in the misinterpretation of the implementation of cybersecurity frameworks. They often rely excessively on technology as the primary solution and neglect human factors...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2024, Vol.12, p.108835-108850
Main Authors: Handri, Eko Yon, Indra Sensuse, Dana, Tarigan, Avinanta
Format: Article
Language:English
Subjects:
Agile computing
Agile software development
Computer security
cybersecurity
Electronic government
framework
Human factors
Information security
methodology
NIST
organizational culture
Security
Systematics
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cyberattacks continue to pose significant threats and damages across a wide range of sectors. The main problem that causes this lies in the misinterpretation of the implementation of cybersecurity frameworks. They often rely excessively on technology as the primary solution and neglect human factors. Resulting the implementation not being agile or adaptive. This study critically evaluates existing cybersecurity frameworks and introduces a new approach, an agile cybersecurity framework that integrates technology and organizational culture. Utilizing Q methodology, this study determined the core components and processes of a reconstructed cybersecurity framework based on inputs from a systematic literature review and expert views. The results revealed five core components: Security Governance, Risk Management, Incident Management, Security Technology, and Organizational Culture. The adopted agile method is a combination of the Dynamic System Development Model (DSDM) and Feature Driven Development (FDD). The proposed framework is expected to improve the agility of cybersecurity implementation, optimize human factors in the organization to mitigate cyberattacks better, and reduce their potential impact.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2024.3432160