Authors:
Aseel Aldabjan
1
;
2
;
Steven Furnell
1
;
Xavier Carpent
1
and
Maria Papadaki
3
Affiliations:
1
School of Computer Science, University of Nottingham, Nottingham, U.K.
;
2
College of Computer and Information Sciences, King Saud University, Riyadh, K.S.A.
;
3
School of Computing and Engineering, University of Derby, Derby, U.K.
Keyword(s):
Cybersecurity Readiness, Organisational Readiness, Cybersecurity Preparedness, Cybersecurity Maturity, Security Incident Readiness.
Abstract:
The number and nature of cyber-attacks is continuously evolving, disrupting the productivity and operations of organisations worldwide. Timely and effective detection and response to incidents are important, as they could limit the spread of threats and restrict the risks from compromises. Studies have revealed the level of preparedness to respond for many organisations is low and varies across different industry sectors. At the same time, cybersecurity researchers have identified a substantial gap in implementing readiness assessment frameworks as they are dependent on the type, context and specific requirement of the respective industries. Moreover, organisations have a gap between their practices and the establishment of the measures. This highlights the need for a more comprehensive and holistic framework to address this issue. This paper aims to determine the current state of incident response practices across organisations of different sizes and capabilities. It further seeks t
o identify the factors that influence them to reach the desired level of cyber security readiness.
(More)