Assessing and strengthening cybersecurity maturity : a NIST-based index approach

Bibliographic Details
Main Author: Bernardo, Luís António
Publication Date: 2024
Format: Master thesis
Language: eng
Source: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Download full: http://hdl.handle.net/20.500.11960/3989
Summary: This master thesis focuses on the importance of the implementation of cybersecurity reinforcement measures and the evaluation of cybersecurity maturity within organizations. With the continuous evolution of cybersecurity threats, organizations face significant challenges in protecting their data and systems. The COVID-19 pandemic and the rise of remote work have further increased risks, making cybersecurity an even more essential aspect for organizations. The objective of this research is to evaluate and contribute to the growth of cybersecurity maturity in organizations, by adopting NIST Cybersecurity Framework (NIST CSF) as an auxiliary tool. This framework provides a comprehensive structure to manage cybersecurity risks and is widely adopted by organizations due to its flexibility and ease of implementation. The methodological approach of this research is based on the development of customized questionnaires aimed at different audiences, including cybersecurity experts and employees at different hierarchical levels in organizations. The objective of this method is to identify the level of cybersecurity maturity, providing a comprehensive analysis. The responses obtained from these questionnaires are analyzed to calculate a cybersecurity maturity index, which reflects the current state of the organization’s cybersecurity practices. The findings of this research highlight the importance of prevention in cybersecurity as a fundamental approach to protect organizations against cyber threats. By identifying areas for improvement and implementing effective prevention strategies, organizations can improve their cybersecurity posture and mitigate risks. The research also emphasizes the importance of complying with data protection regulations, such as the General Data Protection Regulation (GDPR), to ensure the privacy and security of personal data. Overall, this research contributes to the advancement of knowledge and practices in cybersecurity by providing valuable information on cybersecurity maturity and the importance of prevention. By adopting preventive measures and promoting a culture of cybersecurity awareness, organizations can strengthen their security defenses and safeguard their digital assets.
id RCAP_287ebdec3ebbd0aa02f28cbfafcc152c
oai_identifier_str oai:repositorio.ipvc.pt:20.500.11960/3989
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Assessing and strengthening cybersecurity maturity : a NIST-based index approachCybersecurityCOVID-19Home officeNIST CSFMaturityCyber security maturityMaturity indexCyber resilienceCyber security riskCyber security frameworkCyber risk quantificationCibersegurancaTrabalho remotoMaturidadeMaturidade em cibersegurançaÍndice de maturidadeResiliência cibernéticaRisco em cibersegurançaEstrutura de cibersegurançaQuantificação de risco cibernéticoThis master thesis focuses on the importance of the implementation of cybersecurity reinforcement measures and the evaluation of cybersecurity maturity within organizations. With the continuous evolution of cybersecurity threats, organizations face significant challenges in protecting their data and systems. The COVID-19 pandemic and the rise of remote work have further increased risks, making cybersecurity an even more essential aspect for organizations. The objective of this research is to evaluate and contribute to the growth of cybersecurity maturity in organizations, by adopting NIST Cybersecurity Framework (NIST CSF) as an auxiliary tool. This framework provides a comprehensive structure to manage cybersecurity risks and is widely adopted by organizations due to its flexibility and ease of implementation. The methodological approach of this research is based on the development of customized questionnaires aimed at different audiences, including cybersecurity experts and employees at different hierarchical levels in organizations. The objective of this method is to identify the level of cybersecurity maturity, providing a comprehensive analysis. The responses obtained from these questionnaires are analyzed to calculate a cybersecurity maturity index, which reflects the current state of the organization’s cybersecurity practices. The findings of this research highlight the importance of prevention in cybersecurity as a fundamental approach to protect organizations against cyber threats. By identifying areas for improvement and implementing effective prevention strategies, organizations can improve their cybersecurity posture and mitigate risks. The research also emphasizes the importance of complying with data protection regulations, such as the General Data Protection Regulation (GDPR), to ensure the privacy and security of personal data. Overall, this research contributes to the advancement of knowledge and practices in cybersecurity by providing valuable information on cybersecurity maturity and the importance of prevention. By adopting preventive measures and promoting a culture of cybersecurity awareness, organizations can strengthen their security defenses and safeguard their digital assets.Esta tese de mestrado concentra-se na importância da implementação de medidas de reforço e na avaliação da maturidade em cibersegurança dentro das organizações. Com a evolução contínua das ameaças em cibersegurança, as organizações enfrentam desafios significativos na proteção de seus dados e sistemas. A pandemia de COVID-19 e o aumento do trabalho remoto aumentaram ainda mais os riscos, tornando a cibersegurança um aspecto ainda mais essencial para as organizações. O objetivo desta pesquisa é avaliar e contribuir para o crescimento da maturidade em cibersegurança nas organizações, adotando o NIST CSF como ferramenta auxiliar. Este framework oferece uma estrutura abrangente para gerenciar os riscos em cibersegurança e é amplamente adotado pelas organizações devido à sua flexibilidade e facilidade de implementação. A abordagem metodológica desta pesquisa é baseada no desenvolvimento de questionários personalizados destinados a diferentes públicos, incluindo especialistas em cibersegurança e funcionários em diferentes níveis hierárquicos nas organizações. O objetivo deste método é identificar o nível de maturidade em cibersegurança, proporcionando uma análise abrangente. As respostas obtidas desses questionários são analisadas para calcular um índice de maturidade em cibersegurança, que reflete o estado atual das práticas de cibersegurança da organização. Os resultados desta pesquisa destacam a importância da prevenção em cibersegurança como uma abordagem fundamental para proteger as organizações contra ameaças cibernéticas. Ao identificar áreas para aprimoramento e implementar estratégias eficazes de prevenção, as organizações podem melhorar sua postura em cibersegurança e mitigar riscos. A pesquisa também enfatiza a importância da conformidade com regulamentações de proteção de dados, como o Regulamento Geral de Proteção de Dados (GDPR), para garantir a privacidade e segurança de dados pessoais. No geral, esta pesquisa contribui para o avanço do conhecimento e práticas em cibersegurança, fornecendo informações valiosas sobre maturidade em cibersegurança e a importância da prevenção. Ao adotar medidas preventivas e promover uma cultura de conscientização em cibersegurança, as organizações podem fortalecer suas defesas de segurança e proteger seus ativos digitais.2024-04-09T14:19:43Z2024-02-07T00:00:00Z2024-02-07info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/20.500.11960/3989TID:203569628engBernardo, Luís Antónioinfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2024-04-11T08:15:10Zoai:repositorio.ipvc.pt:20.500.11960/3989Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T13:30:16.973398Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Assessing and strengthening cybersecurity maturity : a NIST-based index approach
title Assessing and strengthening cybersecurity maturity : a NIST-based index approach
spellingShingle Assessing and strengthening cybersecurity maturity : a NIST-based index approach
Bernardo, Luís António
Cybersecurity
COVID-19
Home office
NIST CSF
Maturity
Cyber security maturity
Maturity index
Cyber resilience
Cyber security risk
Cyber security framework
Cyber risk quantification
Ciberseguranca
Trabalho remoto
Maturidade
Maturidade em cibersegurança
Índice de maturidade
Resiliência cibernética
Risco em cibersegurança
Estrutura de cibersegurança
Quantificação de risco cibernético
title_short Assessing and strengthening cybersecurity maturity : a NIST-based index approach
title_full Assessing and strengthening cybersecurity maturity : a NIST-based index approach
title_fullStr Assessing and strengthening cybersecurity maturity : a NIST-based index approach
title_full_unstemmed Assessing and strengthening cybersecurity maturity : a NIST-based index approach
title_sort Assessing and strengthening cybersecurity maturity : a NIST-based index approach
author Bernardo, Luís António
author_facet Bernardo, Luís António
author_role author
dc.contributor.author.fl_str_mv Bernardo, Luís António
dc.subject.por.fl_str_mv Cybersecurity
COVID-19
Home office
NIST CSF
Maturity
Cyber security maturity
Maturity index
Cyber resilience
Cyber security risk
Cyber security framework
Cyber risk quantification
Ciberseguranca
Trabalho remoto
Maturidade
Maturidade em cibersegurança
Índice de maturidade
Resiliência cibernética
Risco em cibersegurança
Estrutura de cibersegurança
Quantificação de risco cibernético
topic Cybersecurity
COVID-19
Home office
NIST CSF
Maturity
Cyber security maturity
Maturity index
Cyber resilience
Cyber security risk
Cyber security framework
Cyber risk quantification
Ciberseguranca
Trabalho remoto
Maturidade
Maturidade em cibersegurança
Índice de maturidade
Resiliência cibernética
Risco em cibersegurança
Estrutura de cibersegurança
Quantificação de risco cibernético
description This master thesis focuses on the importance of the implementation of cybersecurity reinforcement measures and the evaluation of cybersecurity maturity within organizations. With the continuous evolution of cybersecurity threats, organizations face significant challenges in protecting their data and systems. The COVID-19 pandemic and the rise of remote work have further increased risks, making cybersecurity an even more essential aspect for organizations. The objective of this research is to evaluate and contribute to the growth of cybersecurity maturity in organizations, by adopting NIST Cybersecurity Framework (NIST CSF) as an auxiliary tool. This framework provides a comprehensive structure to manage cybersecurity risks and is widely adopted by organizations due to its flexibility and ease of implementation. The methodological approach of this research is based on the development of customized questionnaires aimed at different audiences, including cybersecurity experts and employees at different hierarchical levels in organizations. The objective of this method is to identify the level of cybersecurity maturity, providing a comprehensive analysis. The responses obtained from these questionnaires are analyzed to calculate a cybersecurity maturity index, which reflects the current state of the organization’s cybersecurity practices. The findings of this research highlight the importance of prevention in cybersecurity as a fundamental approach to protect organizations against cyber threats. By identifying areas for improvement and implementing effective prevention strategies, organizations can improve their cybersecurity posture and mitigate risks. The research also emphasizes the importance of complying with data protection regulations, such as the General Data Protection Regulation (GDPR), to ensure the privacy and security of personal data. Overall, this research contributes to the advancement of knowledge and practices in cybersecurity by providing valuable information on cybersecurity maturity and the importance of prevention. By adopting preventive measures and promoting a culture of cybersecurity awareness, organizations can strengthen their security defenses and safeguard their digital assets.
publishDate 2024
dc.date.none.fl_str_mv 2024-04-09T14:19:43Z
2024-02-07T00:00:00Z
2024-02-07
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/20.500.11960/3989
TID:203569628
url http://hdl.handle.net/20.500.11960/3989
identifier_str_mv TID:203569628
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833593815983718400

Similar Items