Ijcds150193 1570991548

International Journal of Computing and Digital Systems
ISSN (2210-142X)
Int. J. Com. Dig. Sys. 15, No.1 (Mar-24)
http://dx.doi.org/10.12785/ijcds/150193
Cyber Resilience Framework: Strengthening Defenses and

Enhancing Continuity in Business Security
Ahmad AL-Hawamleh1
1
Department of Electronic Training, Institute of Public Administration, Riyadh, Saudi Arabia
Received 26 Jan. 2024, Revised 1 Mar. 2024, Accepted 4 Mar. 2024, Published 10 Mar. 2024
Abstract: This study presents a comprehensive Cybersecurity Resilience Framework designed to fortify organizational defenses against
the evolving landscape of cyber threats while enhancing business continuity. The aim is to provide businesses with a robust and
adaptive strategy that extends beyond traditional cybersecurity paradigms. This study employs a methodology grounded in an extensive
cybersecurity literature review to inform the conceptualization and iterative development of a resilient framework, integrating key
elements from established sources and aligning with industry wisdom. By integrating governance and leadership principles, collaboration
with external stakeholders, and continuous monitoring, the framework fosters a holistic approach to cyber resilience. Leveraging a
behavioral perspective, the study explores human factors, user awareness, and decision-making processes, recognizing the critical
role of organizational culture in fostering a cybersecurity-aware ethos. Findings reveal a roadmap that includes technology resilience,
regular audits, and assessments, emphasizing evidence-based improvements. The framework addresses resource constraints, regulatory
variability, and the dynamic threat landscape, promoting adaptability in the face of diverse organizational contexts. The significance
of this study lies in its contribution to the ongoing evolution of cyber resilience strategies, offering organizations a practical guide to
navigate the complexities of the digital realm. As businesses increasingly rely on interconnected technologies, this framework stands
as a vital tool for enhancing security, safeguarding critical assets, and ensuring continuity in the face of an ever-changing cyber threat
landscape.
Keywords: Cyber Security, Threats, Risk Assessments, Resilience Framework, Business Security, Business Continuity.
1. Introduction more critical. Organizations are now heavily reliant on

The rapid development of technology over the past few digital platforms and networks for their daily operations,
decades has brought about unprecedented advancements, making them susceptible to a wide range of cyber threats
fundamentally altering the way businesses operate and [3]. The consequences of a successful cyber-attack can be
interact with the world. This breakneck pace of techno- severe, ranging from financial losses to reputational damage.
logical evolution, however, has not come without its set Recognizing the inherent risks, businesses must prioritize
of challenges. Security issues have become increasingly the establishment of a resilient cybersecurity framework
prevalent, as cyber threats and vulnerabilities multiply in to ensure their survival and continued success in an ever-
tandem with technological progress [1]. The interconnect- evolving digital landscape [4].
edness of modern systems and the sheer volume of data
transmission create a fertile ground for malicious actors to The integration of a robust cybersecurity system within
exploit weaknesses [2]. From sophisticated cyber-attacks to the organizational framework is paramount to confronting
data breaches, the digital landscape is rife with potential electronic attacks and maintaining business sustainability
risks. As organizations increasingly rely on interconnected [5], [4]. Such a system serves as a bulwark against potential
systems and data-driven processes, the need for robust threats, enabling seamless continuity and growth without
cybersecurity measures becomes more critical than ever [1]. interruption [4]. As the digital ecosystem becomes more
It is against this backdrop of technological complexity and complex, businesses must invest in sophisticated cyberse-
heightened security risks that businesses must navigate to curity measures to mitigate risks and fortify their defenses
ensure the integrity, confidentiality, and availability of their against the relentless onslaught of cyber adversaries [6],
digital assets [2]. [5]. Cybersecurity is not merely a defensive mechanism; it
is a strategic enabler that fosters trust among stakeholders,
In the dynamic and interconnected world of business, customers, and partners. A well-established cybersecurity
the need for robust cybersecurity measures has never been posture not only protects against potential threats but also
E-mail address: [email protected] https:// journal.uob.edu.bh/

1316 AL-Hawamleh: Cyber Resilience Framework for Business Security
positions the organization as a reliable and secure partner operate in a highly interconnected and interdependent envi-
in the digital marketplace [7], [8]. ronment, making them vulnerable to various cyber threats
that can compromise sensitive data, disrupt operations, and
In recent years, the concept of cyber resilience has tarnish reputation [11]. Hence, establishing a comprehensive
emerged as a crucial aspect of cybersecurity strategy [9]. cybersecurity resilience framework is essential to fortify
Despite its significance, many businesses have yet to fully defenses and ensure the continuity of business operations
embrace a cyber resilience framework, leaving them vulner- [5].
able to the evolving tactics of cybercriminals [4], [5], [10].
The absence of a cohesive and adaptive approach to cyber To begin with, a cybersecurity resilience framework
resilience can lead to significant vulnerabilities, hindering provides a structured approach to identifying, assessing, and
a business’s ability to recover swiftly and continue its mitigating potential cyber risks [12]. By comprehensively
operations after a cyber-attack [10]. Cyber resilience goes understanding the threat landscape, businesses can proac-
beyond traditional security measures; it encapsulates an tively implement security measures that not only address
organization’s ability to anticipate, respond to, and recover current vulnerabilities but also anticipate future challenges.
from a diverse range of cyber threats. It is a holistic This proactive stance is crucial in an environment where
approach that integrates cybersecurity, risk management, cyber threats are dynamic and continually evolving, requir-
and business continuity to ensure a comprehensive defense ing businesses to stay ahead of potential risks to maintain
against the ever-evolving threat landscape [11]. a secure operational environment [13].
To address the evolving nature of cyber threats, it is im- Furthermore, a resilient cybersecurity framework con-
perative to have applicable cyber resilience frameworks in tributes significantly to the overall risk management strategy
place. These frameworks should not only provide protection of a business. By integrating cybersecurity into the broader
against known threats but also be flexible and adaptive to the risk management framework, organizations can align their
changing cybersecurity landscape [4]. The challenge lies in security measures with strategic objectives [14]. This align-
the development and continuous update of these frameworks ment ensures that cybersecurity investments are not only
to keep pace with the rapid advancements in technology and seen as a necessity for compliance but are also strategically
the increasingly sophisticated nature of electronic attacks. embedded in the business strategy, enhancing the overall
The traditional approach of static cybersecurity measures is resilience of the organization [15].
no longer sufficient [10]; businesses need dynamic frame-
works that can evolve alongside the threat landscape. The In addition to mitigating risks, a cybersecurity resilience
integration of threat intelligence, continuous monitoring, framework plays a pivotal role in strengthening the defense
and adaptive response mechanisms is crucial for building mechanisms of a business [16]. This involves not only
resilience against emerging cyber threats. technological measures but also focuses on building a
cybersecurity-aware culture within the organization [17].
The motivation behind this research arises from the Employees are often considered the first line of defense
escalating and dynamic nature of cyber threats that orga- [5], [18], and a resilient framework emphasizes the impor-
nizations confront in today’s digital landscape. The ever- tance of cybersecurity training and awareness programs to
evolving tactics employed by malicious actors necessitate empower individuals within the organization to identify and
a comprehensive and adaptive approach to cybersecurity. respond to potential threats effectively [19].
The increasing frequency and sophistication of cyber at-
tacks present significant challenges to the resilience of Moreover, the interconnected nature of modern business
organizational systems and data. Recognizing the imperative operations necessitates a holistic approach to cybersecurity
for a proactive and holistic strategy, this research aims to resilience. A comprehensive framework considers not only
contribute a structured and versatile framework that guides internal threats but also external factors, including supply
organizations in fortifying their cyber defenses and response chain vulnerabilities and third-party risks [20]. By extending
mechanisms. Through the strengthening of defenses and security measures beyond the organizational boundaries,
enhancement of continuity, the proposed framework seeks businesses can enhance their resilience against a wide array
to address gaps in current cybersecurity strategies, offering of potential threats that could compromise the integrity of
businesses a comprehensive and adaptive approach aligned their operations [14], [20].
with the evolving threat landscape.
Another critical aspect of a cybersecurity resilience
2. Literature Review framework is its role in ensuring business continuity [4].
A. Cyber Resilience for Business Continuity Cyber-attacks can have severe consequences, leading to
In an era dominated by rapid technological advance- disruptions in operations and financial losses. A resilient
ments and an ever-expanding digital landscape, businesses framework incorporates strategies for maintaining essential
face an unprecedented level of cyber threats [8]. The need business functions during and after a cyber incident [21].
for a robust cybersecurity resilience framework has become This includes robust backup and recovery mechanisms,
paramount to safeguard against the evolving and sophis- incident response plans, and communication strategies to
ticated nature of cyber-attacks [4], [10]. Businesses today minimize the impact of cyber incidents on business opera-
https:// journal.uob.edu.bh/
Int. J. Com. Dig. Sys. 15, No.1, 1315-1331 (Mar-24) 1317
tions [13], [5]. ISO 27001 and 27002: Forged by the International Or-
ganization for Standardization (ISO), ISO 27001 and 27002
In conclusion, the need for a cybersecurity resilience stand as testaments to meticulous structure and comprehen-
framework for businesses is imperative in today’s digital sive detail [23]. This framework offers a vast library of 114
landscape. Such a framework not only strengthens the controls, meticulously categorized and readily deployable
defense mechanisms against cyber threats but also con- [24]. These controls, encompassing best practices from
tributes to the overall risk management strategy, builds a access control to incident management, form an impene-
cybersecurity-aware culture, addresses supply chain vulner- trable barrier against common vulnerabilities. Earning ISO
abilities, and ensures business continuity. In an environment certification adds a critical layer of validation, signifying an
where the threat landscape is constantly evolving, the adop- unwavering commitment to international security standards
tion of a comprehensive cybersecurity resilience framework and fostering trust within the global digital community
is not just a prudent business practice but a fundamental [25]. However, the sheer volume of controls, coupled with
necessity for sustaining secure and resilient operations. the rigorous compliance requirements, can be perceived as
B. Existing Cybersecurity Frameworks rigid and cumbersome, potentially overwhelming smaller
The burgeoning digital ecosystem, rife with innovation organizations and hindering their agility in responding to
and connectivity, simultaneously exposes organizations to emerging threats [26]. Furthermore, the framework’s focus
an ever-evolving tapestry of cyber threats. In this treach- on generic controls may necessitate additional tailoring to
erous landscape, robust cybersecurity frameworks serve as address specific industry-related vulnerabilities.
essential armor, providing organizations with the tools and The CIS controls: Developed by the Center for Internet
strategies to mitigate risks and safeguard their assets [5], Security (CIS), the CIS Controls advocate for a dynamic
[4]. and action-oriented approach [27]. Envisioned as a highly
This section delves into a comparative analysis of four trained SWAT team, these controls are organized into five
prominent global frameworks—the NIST Cybersecurity key domains: basic hygiene, defense-in-depth, counterin-
Framework (CSF), ISO 27001 and 27002, the CIS Controls, telligence, ongoing awareness and training, and secure
and the Payment Card Industry Data Security Standard (PCI configuration [28]. These prioritized and practical controls
DSS)—illuminating their unique approaches, strengths, and offer a readily implementable plan, allowing organizations
limitations in navigating the dynamic threat landscape. to quickly identify and address critical weaknesses [29].
The deliberate selection of these four global frameworks This focused approach, devoid of burdensome certification
is grounded in their widespread recognition, their diverse processes, makes CIS Controls particularly attractive for
approaches to cybersecurity, and their alignment with the startups and agile organizations seeking immediate impact
overarching theme of this study. By focusing on a man- [28]. However, their streamlined nature may not provide
ageable number, we ensure a more in-depth analysis of the same level of comprehensive protection as the exten-
each, providing meaningful insights within the confines sive libraries of their counterparts [27]. Additionally, the
of this study. While recognizing the dynamic nature of framework’s emphasis on readily implementable tactics can
the cybersecurity landscape and the existence of other overshadow the crucial role of strategic risk assessment and
frameworks, this focused approach allows for a nuanced long-term planning in a robust cybersecurity posture [27].
exploration of select frameworks to contribute effectively PCI DSS: Conceived by the collective might of major
to the discussion on cyber resilience. credit card brands, the Payment Card Industry Data Security
NIST Cybersecurity Framework: Conceptualized Standard (PCI DSS) acts as a vigilant sentry, protecting the
by the National Institute of Standards and Technology realm of payment card data [30]. This framework dictates
(NIST), the NIST CSF champions an adaptable and flex- twelve essential requirements for data security, vulnerability
ible approach to cybersecurity [11]. Its five core func- management, and access control, functioning as a dedicated
tions—Identify, Protect, Detect, Respond, and Recover—act firewall safeguarding financial transactions and sensitive
as modular shields, further divided into customizable cate- information [31]. Achieving PCI DSS compliance ensures
gories and subcategories [5]. This bespoke nature empow- adherence to industry standards, protects customers, and
ers organizations to tailor the framework to their specific fosters trust within the financial ecosystem [32]. However,
risk profile and vulnerabilities, dynamically adjusting it its narrow focus and rigorous compliance demands can be
as technological advancements and external threats evolve resource-intensive for organizations outside the payment
[17]. Notably, the CSF’s integration with Risk Management processing sector, potentially diverting resources from other
Framework (RMF) principles facilitates a risk-informed security concerns [33]. Furthermore, the evolving compli-
approach, enabling organizations to prioritize control imple- ance landscape within the financial industry necessitates
mentation based on the potential impact and likelihood of constant adaptation and vigilance to retain compliance,
identified threats [22]. However, the lack of prescriptive reg- adding to the potential strain on resources [34].
ulations and formal certification within the CSF can leave Choosing the right cybersecurity framework is akin to
some organizations grappling with ambiguity and struggling selecting the perfect weapon for a dynamic cyber battle.
to demonstrate compliance to external stakeholders [12].
Ultimately, the optimal choice depends on an organization’s

specific needs, resources, and industry demands. However,
by understanding the strengths and limitations of each
framework, organizations can build a multifaceted defense,
weaving together adaptable strategies, meticulous controls,
rapid response tactics, and industry-specific safeguards to
navigate the complexities of the evolving digital landscape
and emerge victorious in the ongoing quest for cybersecu-
rity dominance.
3. Methodology
This study adopts a methodology rooted in an extensive
review of existing cybersecurity frameworks, standards, and
best practices. The foundational stage involves a meticulous
examination of related works in the cybersecurity domain, Figure 1. Governance and Leadership Indicators
extracting valuable insights and discerning key elements
contributing to a resilient cybersecurity posture. This liter-
ature review not only informs the conceptualization of the elucidating the accepted norms and practices to be followed.
proposed cyber resilience framework but also establishes This documentation serves as a foundational artifact, aiding
a knowledge base grounded in established principles and in the dissemination of cybersecurity best practices and
industry wisdom. fostering a collective understanding among stakeholders.
Furthermore, it facilitates compliance efforts and provides
Following the literature review, the methodology em- a basis for periodic reviews and updates, ensuring that
ploys an iterative approach in crafting the framework. the cybersecurity framework remains adaptive to evolving
Leveraging insights from related works, the development threat landscapes.
process integrates key elements and principles drawn from
established cybersecurity sources. This ensures that the Defined Cybersecurity Leadership Roles: Building upon
framework is grounded in proven methodologies and aligns the establishment of governance policies, the second indi-
with the collective wisdom of the cybersecurity community. cator underscores the importance of clearly defined roles
4. Development of Framework and responsibilities for cybersecurity leadership. Cyber re-
In the formulation of the proposed comprehensive silience requires a coordinated and efficient response to
framework for cyber resilience as articulated in this study, potential threats, and this necessitates a clear delineation of
a methodical approach has been adopted, encompassing functions and accountabilities among individuals or teams
multiple distinct stages. responsible for cybersecurity [12].
A. Governance and Leadership In this context, well-defined roles and responsibilities

The primary focus of the initial stage is on Governance contribute to organizational efficiency and efficacy in ad-
and Leadership, recognizing the critical role that organiza- dressing cyber threats. Clearly assigned functions ensure
tional governance structures and leadership practices play in that every aspect of cybersecurity management, from risk
fortifying cyber resilience. Within this foundational stage, assessment to incident response, is managed by competent
three pivotal indicators have been identified to guide and and accountable parties. This clarity not only enhances the
assess the establishment of an effective cyber resilience organization’s ability to respond promptly and effectively to
framework, as shown in Figure 1. cyber incidents but also promotes a proactive and collabo-
rative cybersecurity culture.
Documented Cybersecurity Governance: Central to the
cultivation of robust cyber resilience is the development and By explicitly outlining the responsibilities of cyberse-
documentation of clear and comprehensive cybersecurity curity leadership, organizations can establish a framework
governance policies and procedures [12]. This first indicator for accountability, fostering a culture where individuals
emphasizes the imperative of crafting a structured frame- understand their roles in safeguarding digital assets. This
work that delineates the overarching principles, guidelines, indicator promotes the cultivation of a cybersecurity-aware
and procedural protocols governing cybersecurity within the workforce and enables the organization to leverage the
organizational context. The presence of well-documented collective expertise of its cybersecurity professionals in a
policies not only serves as a foundational reference point for targeted and strategic manner.
all stakeholders but also ensures a standardized and unified
approach to managing cybersecurity risks and challenges Cybersecurity in Strategic Decisions: The third indicator
[5]. amplifies the strategic dimension of cyber resilience by
highlighting the necessity of integrating cybersecurity con-
A meticulously documented set of cybersecurity gov- siderations into the fabric of strategic business decisions. As
ernance policies provides a roadmap for the organization, organizations navigate an increasingly digital landscape, the
alignment of cybersecurity with broader strategic objectives valuable tool for communication and transparency, fostering
becomes paramount [35]. This indicator underscores the a shared understanding of the organization’s risk landscape
imperative for organizations to embed cybersecurity as among key stakeholders.
a fundamental and integral component of their strategic
planning processes. Risk Prioritization: Effectively managing cybersecurity
risks requires a strategic approach to prioritization. This
Achieving a seamless integration of cybersecurity into indicator underscores the importance of systematically pri-
strategic decision-making involves recognizing and incorpo- oritizing identified risks based on their potential impact and
rating cybersecurity perspectives at the inception of strategic likelihood of occurrence. By categorizing risks according to
initiatives. By doing so, organizations ensure that cyberse- their severity and probability, organizations can allocate re-
curity is not treated as an isolated or reactive function but sources judiciously, focusing on mitigating the most critical
is woven into the very fabric of the organization’s strategic and imminent threats [36].
vision. This proactive integration enables the organization to
anticipate and preemptively address potential cybersecurity The prioritization process enables cybersecurity teams
challenges, fostering a more resilient and adaptive posture. to concentrate their efforts on addressing high-impact risks
that pose the greatest threat to the organization’s assets and
Moreover, the integration of cybersecurity considera- operations. This targeted approach enhances the efficiency
tions into strategic decisions facilitates the identification of of risk mitigation efforts and ensures that resources are
synergies and trade-offs between business objectives and directed towards addressing vulnerabilities with the most
security imperatives. This alignment enables organizations significant potential consequences. Additionally, it enables
to strike a balance between innovation, growth, and risk organizations to tailor their risk mitigation strategies to align
mitigation, ensuring that cybersecurity is not perceived as with the specific characteristics and nuances of each iden-
an impediment but rather as an enabler of strategic success. tified risk, fostering a nuanced and adaptive cybersecurity
posture.
B. Risk Assessment
The second stage focuses on Risk Assessment, a critical Ongoing Evaluation: Cybersecurity risks are dynamic
component that underpins effective cybersecurity manage- and influenced by a multitude of internal and external
ment. In this phase, the emphasis is on evaluating and factors [37]. This indicator emphasizes the importance of
understanding the dynamic landscape of cybersecurity risks continuous consideration and analysis of these factors to
through a structured and comprehensive approach. The sec- maintain a comprehensive understanding of the evolving
ond stage encompasses three key indicators, each designed risk landscape. Internal factors may include changes in orga-
to fortify the organization’s ability to assess and manage nizational structure, technology infrastructure, or workforce
cybersecurity risks proactively, as shown in Figure 2. dynamics [37], while external factors could encompass
emerging cyber threats, regulatory changes, or shifts in the
geopolitical landscape.
Ongoing consideration of these factors ensures that risk
assessments remain relevant and reflective of the organi-
zation’s current state. It also allows for the identification
Figure 2. Risk Assessment Indicators of new risks that may emerge as a result of changes in the
internal or external environment. By staying attuned to these
Updated Cybersecurity Risk Assessments: A corner- contextual elements, organizations can adapt their cyberse-
stone of effective cyber resilience lies in the establishment curity strategies in a timely manner, enhancing their ability
of regularly updated and well-documented cybersecurity to proactively address emerging threats and challenges.
risk assessments [36]. This indicator underscores the need
for a continuous and systematic evaluation of potential Moreover, acceptable risk thresholds in cybersecurity
threats and vulnerabilities that could impact the organiza- denote predetermined levels of risk tolerance within an
tion’s digital assets. Regular updates to risk assessments organization’s information technology landscape. This crit-
ensure that the organization remains abreast of evolving ical aspect of risk management involves aligning thresh-
cyber threats, technological advancements, and changes in olds with business objectives, regulatory compliance, and
its operational landscape. the organization’s risk appetite. Balancing considerations
such as asset valuation, impact assessment, and resource
The documentation of these risk assessments serves as a constraints, organizations aim to define realistic boundaries
crucial reference point, providing a comprehensive overview for potential cybersecurity risks. Continuous monitoring
of identified risks, their potential impact, and the corre- and dynamic adaptation to evolving threats, coupled with
sponding mitigation strategies. A documented repository of effective communication and awareness initiatives, ensure
cybersecurity risk assessments facilitates informed decision- that risk thresholds remain relevant and aligned with the
making, aids in compliance efforts, and enables a proactive organization’s overall cybersecurity strategy. This ongoing
response to emerging threats [8]. Furthermore, it serves as a process, involving collaboration between cybersecurity pro-
fessionals, senior management, and stakeholders, enables organizational culture, fostering a sense of shared respon-
organizations to navigate the dynamic cybersecurity land- sibility for safeguarding digital assets.
scape while safeguarding their digital assets and maintain-
ing resilience. Training programs play a pivotal role in empowering
employees to understand and implement cybersecurity poli-
C. Security Policies and Procedures cies effectively. These programs should cover a range of
Advancing into the third stage of the proposed frame- topics, including safe online practices, incident response
work for cyber resilience, the focus now turns to Security procedures, and the specific requirements outlined in or-
Policies and Procedures—a crucial aspect in promoting a ganizational security policies. By investing in continuous
culture of cybersecurity within the organization. This stage education, organizations equip their workforce with the
is dedicated to the formulation, communication, and main- knowledge and skills needed to navigate the evolving cyber
tenance of comprehensive policies and procedures designed threat landscape, ultimately strengthening the overall cyber
to safeguard against cyber threats. Three key indicators resilience of the organization.
have been identified to fortify the organization’s ability
to establish and maintain effective security policies and Policy Updates for Technology and Threats: The dy-
procedures, as shown in Figure 3. namic nature of the cybersecurity landscape requires orga-
nizations to maintain agility in responding to technological
advancements and emerging threats [39]. This indicator
underscores the need for timely updates to security policies
and procedures to address evolving risks. Regular reviews
and revisions should be conducted to align policies with the
latest technological developments, industry standards, and
the ever-changing threat landscape.
Timely updates also involve incorporating lessons
learned from security incidents and breaches. By analyzing
and adapting policies based on real-world experiences, orga-
nizations enhance their ability to prevent similar incidents in
the future. This iterative process ensures that cybersecurity
policies remain robust, relevant, and responsive to the
dynamic nature of cyber threats.
Figure 3. Security Policies and Procedures Indicators
D. Employee Training and Awareness
Accessibility and Awareness: Central to the effectiveness This crucial stage recognizes the pivotal role that well-
of security policies is the accessibility and awareness of informed and vigilant employees play in bolstering an orga-
these policies among employees. This indicator emphasizes nization’s overall cyber resilience. To achieve this, three key
the importance of ensuring that cybersecurity policies are indicators have been identified, each aimed at cultivating a
not only well-documented but also easily accessible to cybersecurity-aware workforce capable of mitigating risks
all members of the organization. Accessibility facilitates effectively, as shown in Figure 4.
a collective understanding of the established guidelines,
creating a shared responsibility for cybersecurity among
employees [12].
Awareness, in this context, involves not only making
the policies available but also actively communicating and
promoting an understanding of their significance. Through
various channels such as employee handbooks, intranet
platforms, and training sessions, organizations can dissem-
inate information about cybersecurity policies. Cultivating
an informed and aware workforce enhances adherence to
established security protocols, reducing the likelihood of
inadvertent security breaches [38].
Regular Communication: Building on the first indicator,
effective security policies necessitate ongoing communica- Figure 4. Employee Training and Awareness Indicators
tion and training initiatives. Regular communication ensures
that employees remain informed about updates to policies, Training Session Frequency and Attendance: A cor-
emerging threats, and best practices [4]. This proactive nerstone of building a cybersecurity-aware culture is the
approach helps embed a cybersecurity mindset into the regular provision of training sessions to employees. This
indicator underscores the importance of both the frequency

and attendance of these training sessions. Regular, recurring
training sessions ensure that employees are consistently
exposed to the latest cybersecurity information, threats, and
best practices [40].
Attendance serves as a tangible metric, reflecting the
engagement and commitment of employees to the organiza-
tion’s cybersecurity initiatives. By measuring the frequency
of training sessions and monitoring participation rates, or-
ganizations can assess the level of exposure and knowledge
dissemination, facilitating the cultivation of a workforce that
is well-versed in cybersecurity principles.
Figure 5. Incident Response Plan Indicators
Awareness of Cyber Threats and Best Practices: A key
objective of employee training is to enhance awareness
of common cyber threats and instill best practices for Incident Response Plan Existence and Accessibility: The
mitigating risks [5]. This indicator emphasizes the need foundation of an effective incident response capability lies
for employees to not only attend training sessions but to in the existence of a well-documented Incident Response
demonstrate a comprehensive understanding of prevalent Plan (IRP) [4]. This indicator underscores the importance
cyber threats and the corresponding preventive measures. of having a comprehensive plan in place, outlining the
procedures and protocols to be followed in the event of
Organizations can gauge this awareness through as- a cybersecurity incident. Equally crucial is the accessibility
sessments, quizzes, or surveys that evaluate employees’ of this plan to relevant stakeholders within the organization.
grasp of essential cybersecurity concepts. Additionally, the
creation of educational materials, such as infographics or Ensuring the existence and availability of the IRP es-
newsletters, can serve as ongoing resources to reinforce key tablishes a baseline for organizational preparedness. The
messages. By ensuring that employees are not only present documented plan serves as a reference guide during high-
at training sessions but also possess a nuanced awareness stress situations, providing clear steps for incident detection,
of cyber threats, organizations fortify the foundation for a containment, eradication, recovery, and lessons learned.
vigilant and proactive workforce. Accessibility ensures that key personnel, including incident
responders and decision-makers, can quickly reference and
Evidence of Reporting Suspicious Activities: Fostering execute the prescribed procedures when faced with a cyber-
a cybersecurity-aware culture extends beyond knowledge security incident.
retention to active participation in safeguarding organiza-
tional assets [8]. This indicator assesses the establishment Regular Testing and Updating: The dynamic nature
of a culture where employees actively contribute to the of cyber threats and the evolving technology landscape
cybersecurity effort by reporting suspicious activities or necessitate the regular testing and updating of the Incident
potential security incidents. Response Plan [17]. This indicator emphasizes the impor-
tance of conducting simulated exercises and tests to validate
An organization with a robust cybersecurity-aware cul- the effectiveness of the IRP in real-world scenarios. It also
ture encourages employees to be proactive in identify- underscores the need for periodic reviews and updates to
ing and reporting anomalies. This could include reporting keep the plan aligned with the changing threat landscape
phishing attempts, flagging unusual network behavior, or and technological advancements.
promptly reporting lost devices. Evidence of such reporting
mechanisms and the actual reporting of incidents serves as Regular testing allows organizations to identify areas
tangible proof of a culture where cybersecurity is ingrained for improvement, fine-tune response procedures, and ensure
in the organizational ethos. that the IRP remains relevant and effective. By incorporating
lessons learned from simulations, organizations enhance
E. Incident Response Plan their ability to respond swiftly and decisively during actual
Advancing into the fifth stage of the proposed cyber incidents. This iterative process of testing and updating
resilience framework, the focus turns to the development strengthens the overall resilience of the organization’s inci-
and implementation of an Incident Response Plan (IRP). dent response capabilities.
This stage is dedicated to preparing the organization for
effective responses in the event of a cybersecurity incident. Effective Coordination and Communication: Beyond the
Three key indicators have been identified to ensure the existence and testing of the IRP, the effectiveness of inci-
organization is well-equipped to detect, respond to, and dent response hinges on coordination and communication.
recover from incidents, as shown in Figure 5. This indicator emphasizes the need for organizations to
conduct simulated incident response drills that not only test
technical procedures but also evaluate the coordination and paredness is the regular testing of disaster recovery plans
communication among incident response teams and relevant [5]. This indicator emphasizes the importance of conducting
stakeholders. systematic tests to evaluate the effectiveness of recovery
plans, including the restoration of IT systems and critical
Effective coordination involves the seamless collabo- processes. The frequency and thoroughness of these tests
ration of various teams, including IT, security, legal, and serve as key metrics for assessing the organization’s readi-
communications, to ensure a unified response to the in- ness.
cident [38]. Communication during drills should mirror
the urgency and clarity required during actual incidents. Regular testing allows organizations to identify vulner-
Assessing the effectiveness of coordination and commu- abilities, refine procedures, and validate the recoverability
nication during simulated drills provides insights into the of critical functions. The results of these tests provide
organization’s readiness to manage the complexities of a insights into the organization’s ability to recover swiftly and
real cybersecurity incident. efficiently. Continuous improvement based on test outcomes
enhances the overall effectiveness of disaster recovery plans,
F. Business Continuity and Disaster Recovery reinforcing the organization’s resilience in the face of un-
Entering the sixth stage of the proposed cyber resilience foreseen events.
framework, the focus shifts to Business Continuity and
Disaster Recovery—a critical aspect ensuring the organi- Evidence of Successful Recovery: The ultimate valida-
zation’s ability to maintain essential functions in the face tion of Business Continuity and Disaster Recovery measures
of disruptions. Three key indicators have been identified comes from evidence of successful recovery following a
to establish and evaluate the organization’s preparedness simulated or real incident [38]. This indicator emphasizes
for sustaining operations during and after a cybersecurity the importance of tracking and documenting instances
incident, as shown in Figure 6. where the organization successfully recovered its critical
functions after a disruption, whether the incident was sim-
ulated or occurred in a real-world scenario.
Real incidents or simulations provide opportunities to
evaluate the practical application of BCDR measures. Doc-
umenting and analyzing the success of recovery efforts
enables the organization to identify strengths, address weak-
nesses, and refine strategies for future incidents. Evidence
of successful recovery serves as a tangible demonstration of
the organization’s resilience and its ability to bounce back
from disruptions.
G. Security Controls
Transitioning to the seventh stage of the proposed cyber
Figure 6. Business Continuity and Disaster Recovery Indicators resilience framework, the focus shifts to Security Con-
trols—an essential component in safeguarding an organiza-
Documentation of Measures: At the core of Business tion’s digital assets. This stage encompasses the implemen-
Continuity and Disaster Recovery (BCDR) is the documentation and management of measures aimed at preventing,
tation of measures that guarantee the continuity of critical detecting, and responding to security threats. Three key
functions [17]. This indicator underscores the necessity of indicators have been identified to assess the organization’s
having comprehensive plans and strategies in place to sus- capability to maintain effective security controls, as shown
tain essential operations during and after a disruptive event. in Figure 7.
These measures should encompass not only IT systems but
also key business processes and resources. Regular Security Control Updates: The foundation of
robust security controls lies in the regular updates and
The documentation of BCDR measures serves as a patching of security measures. This indicator emphasizes
blueprint for maintaining critical functions, guiding the the importance of keeping security controls current to
organization in times of crisis. It includes procedures for address emerging threats, vulnerabilities, and exploit tech-
data backup, redundancy in infrastructure, and alternative niques. Regular updates ensure that the organization’s de-
work arrangements. Ensuring the existence and accessibil- fense mechanisms are equipped to withstand evolving cyber
ity of these documented measures is fundamental to the threats [4].
organization’s ability to weather disruptions and maintain
operational resilience. Timely application of security patches and updates is
essential for closing potential vulnerabilities in software,
Testing and Results of Recovery Plans: A crucial ele- hardware, and other infrastructure components. Neglecting
ment of Business Continuity and Disaster Recovery pre- this aspect can leave the organization exposed to known
H. Collaboration with Stakeholders

Entering the eighth stage of the proposed cyber re-
silience framework, the focus now expands to Collaboration
with Stakeholders—a critical component in enhancing the
collective ability to detect, prevent, and respond to cyber-
security threats. This stage emphasizes the importance of
forging partnerships and sharing information with external
entities to fortify the organization’s cyber resilience. Three
key indicators have been identified to assess the effective-
ness of collaboration efforts, as shown in Figure 8.
Figure 7. Security Controls Indicators
exploits. The indicator underscores the organization’s com-

mitment to maintaining a proactive security posture by
regularly updating and patching security controls.
Implementation and Effectiveness of Authentication: An
integral aspect of enhancing security controls is the imple-
mentation and effectiveness of multi-factor authentication
(MFA) [9]. This indicator underscores the importance of
utilizing additional authentication factors beyond passwords
Figure 8. Collaboration with Stakeholders Indicators
to enhance access security. MFA adds an extra layer of
protection by requiring users to provide multiple forms of
Documentation of Collaboration Efforts: Central to ef-
identification, such as passwords, biometrics, or security
fective collaboration is the documentation of efforts un-
tokens.
dertaken in partnership with external stakeholders [42].
The effectiveness of MFA lies not only in its imple- This indicator underscores the importance of maintaining a
mentation but also in the organization’s ability to ensure its record of collaborative initiatives, outlining the nature and
proper use across various systems and user accounts. Suc- scope of engagements with external entities. Documentation
cessful implementation of MFA mitigates the risk of unau- may include formalized agreements, joint projects, or shared
thorized access, especially in scenarios where passwords resources aimed at bolstering cybersecurity capabilities.
alone may be susceptible to compromise. Monitoring and
Recording collaboration efforts not only provides a
managing the effectiveness of MFA contribute significantly
tangible reference for evaluating the organization’s com-
to bolstering overall security controls [41].
mitment to fostering partnerships that contribute to cyber
Security Control Log Monitoring for Anomalies: The resilience but also serves as a valuable resource for com-
proactive identification of security threats is facilitated by municating the organization’s collaborative achievements
the continuous monitoring and analysis of security control and strategies to internal and external stakeholders. These
logs for anomalies [17]. This indicator emphasizes the recorded collaborations become essential documentation
importance of actively reviewing logs generated by security that highlights the concerted efforts made towards creating a
controls, such as firewalls, intrusion detection systems, secure environment, showcasing the organization’s dedica-
and antivirus solutions. Analyzing these logs enables the tion to addressing cybersecurity challenges through unified
organization to detect unusual patterns or behaviors that initiatives.
may indicate potential security incidents.
Establishing a robust partnership between the internal
Effective monitoring involves not only the collection audit and cybersecurity functions is pivotal for nurturing a
of log data but also the analysis of this data for signs of secure and resilient organizational environment. This col-
unauthorized access, unusual network traffic, or other suspi- laboration ensures a comprehensive and holistic approach
cious activities. Establishing a robust system for monitoring to organizational security, where the internal audit function,
security control logs contributes to early threat detection, with its independent evaluation role, plays a crucial part in
allowing the organization to respond promptly to mitigate assessing the effectiveness of cybersecurity controls and risk
potential risks. management practices. The synergy between internal audit
and cybersecurity enhances accountability and transparency,
allowing internal auditors to offer an objective evaluation of
the cybersecurity framework. This collaboration, promoting

a culture of continuous improvement, facilitates adaptation
to emerging threats, ensuring the organization’s overall
resilience by addressing identified gaps and refining cyber-
security strategies. The justification for this partnership lies
in its ability to fortify risk management, internal controls,
and the overarching security posture of the organization.
Sharing Threat Intelligence: A cornerstone of effective
collaboration is the sharing of threat intelligence and best
practices with industry groups [43]. This indicator empha-
sizes the importance of actively contributing and benefiting
from collective knowledge within the industry. By sharing
information about emerging threats, attack vectors, and
Figure 9. Continuous Monitoring Indicators
effective defense strategies, organizations can collectively
elevate their cybersecurity postures.
Active participation in industry groups allows organi- works, endpoints, applications, and data repositories.
zations to tap into a broader pool of expertise and stay
informed about the latest developments in the cyber threat The implementation of continuous monitoring systems
landscape. The sharing of best practices fosters a collab- serves as a foundational element in maintaining visibility
orative ecosystem where collective intelligence enhances into the organization’s cybersecurity landscape. The func-
the ability to anticipate, prepare for, and respond to cyber tionality of these systems should enable real-time detection
threats effectively. of anomalies, rapid incident response, and the generation
of actionable insights. The indicator evaluates the organiza-
Evidence of Collaboration: An essential aspect of col- tion’s commitment to investing in and maintaining cutting-
laboration for enhanced cyber resilience involves engage- edge technologies for continuous surveillance.
ment with law enforcement and cybersecurity organizations
[20]. This indicator emphasizes the importance of establish- Analysis Tool Usage: A key technology in the realm of
ing and maintaining collaborative relationships with entities continuous monitoring is Security Information and Event
that play a role in combating cybercrime and promoting Management (SIEM) [44]. This indicator underscores the
cybersecurity at a broader scale. importance of regularly using SIEM tools for real-time
analysis of security events. SIEM systems aggregate and
Evidence of collaboration with law enforcement and correlate data from various sources, providing a compre-
cybersecurity organizations may include joint investiga- hensive view of the organization’s security posture.
tions, information-sharing mechanisms, or participation in
cybersecurity awareness campaigns. Collaborative efforts Regular utilization of SIEM tools allows organizations
in this realm contribute to the overall cyber resilience of to detect and respond promptly to security incidents, anoma-
the organization and the broader community by aligning lies, and potential threats. Effective use of these tools
interests in addressing cyber threats at a systemic level. involves not only their deployment but also ongoing op-
timization to align with the organization’s evolving threat
I. Continuous Monitoring landscape. This indicator assesses the organization’s com-
Embarking on the ninth stage of the proposed cyber re- mitment to leveraging SIEM technology as a proactive
silience framework, the focus now converges on Continuous measure for continuous monitoring.
Monitoring—a critical component in the proactive detection Evidence of Proactive Monitoring: Complementing
and response to potential cybersecurity threats. This stage technology-driven continuous monitoring is the evidence of
underscores the importance of ongoing surveillance and proactive human-driven efforts, including regular audits and
analysis to maintain a vigilant cybersecurity posture. Three log reviews [39]. This indicator emphasizes the importance
key indicators have been identified to assess the organi- of establishing a routine for manual inspections of logs, con-
zation’s capability for continuous monitoring, as shown in figurations, and security controls. These audits contribute to
Figure 9. the identification of potential vulnerabilities, unauthorized
Implementation and Functionality: At the core of con- activities, and gaps in the security posture.
tinuous monitoring is the implementation and functionality Evidence of proactive monitoring through regular audits
of systems designed to track and analyze the organiza- and log reviews demonstrates a commitment to a holistic
tion’s digital environment continuously [9]. This indicator approach to continuous monitoring. It involves not only
emphasizes the importance of having robust and effective automated systems but also human expertise in scrutinizing
continuous monitoring solutions in place. These systems the details of security events. This indicator evaluates the
should encompass a wide range of assets, including net-
organization’s dedication to maintaining a comprehensive Adjustments to Practices: As regulatory landscapes

and layered approach to cybersecurity surveillance. evolve, organizations must be adaptable and make ad-
justments to their practices to ensure ongoing compliance
J. Regulatory Compliance [46]. This indicator emphasizes the need for organizations
This stage emphasizes the importance of aligning cyber- to proactively identify and implement changes in their
security practices with applicable regulations to ensure legal cybersecurity practices in response to evolving regulatory
and regulatory obligations are met. Three key indicators requirements. Adjustments may include updates to policies,
have been identified to assess the organization’s commit- procedures, and technical controls to align with new or
ment to regulatory compliance, as shown in Figure 10. modified regulations.
Organizations should establish mechanisms for moni-
toring regulatory changes and assessing their impact on
cybersecurity practices. This indicator assesses the organi-
zation’s ability to stay nimble and responsive, ensuring that
its cybersecurity measures remain in line with the latest
regulatory expectations.
K. Technology and Infrastructure Resilience
This stage emphasizes the importance of fortifying
technology and infrastructure to withstand disruptions and
vulnerabilities. Three key indicators have been identified
to assess the organization’s capability for technology and
infrastructure resilience, as shown in Figure 11.
Figure 10. Regulatory Compliance Indicators
Awareness of Cybersecurity Regulations: The founda-

tion of regulatory compliance lies in the awareness and
understanding of relevant cybersecurity regulations [45].
This indicator emphasizes the importance of staying in-
formed about the regulatory landscape applicable to the or-
ganization’s industry and geographical location. Awareness
extends beyond mere knowledge to a deep understanding
of the implications and requirements of these regulations.
Organizations should actively monitor updates, changes,
and new regulations that may impact cybersecurity practices
[38]. The indicator assesses the organization’s commitment
to maintaining a proactive stance in understanding the reg- Figure 11. Technology and Infrastructure Resilience Indicators
ulatory environment and staying abreast of any alterations
that could affect compliance obligations. Existence of Redundancy Measures: At the core of
technology and infrastructure resilience is the existence of
Regular Compliance Assessments: Compliance is an redundancy measures in critical technology systems [47].
ongoing process that requires regular assessments and doc- This indicator underscores the importance of implementing
umentation of the organization’s compliance status [5]. backup and failover mechanisms to ensure continuity of
This indicator underscores the importance of conducting operations in the event of disruptions or system failures.
systematic evaluations to measure adherence to relevant Redundancy measures provide a safety net, allowing critical
cybersecurity regulations. Regular assessments ensure that functions to persist even if primary systems encounter
the organization remains in compliance and can demonstrate issues.
its commitment to regulatory standards.
The presence of redundancy measures reflects the or-
Documentation of compliance status involves maintain- ganization’s commitment to building resilient technological
ing detailed records of assessments, audit results, and any foundations. It includes considerations such as redundant
remediation actions taken. This documentation serves as servers, data backups, and alternative communication chan-
tangible evidence of the organization’s efforts to adhere nels. This indicator evaluates the organization’s proactive
to regulatory requirements and provides a foundation for efforts to mitigate the impact of potential disruptions to
transparent communication with regulatory authorities and critical technology systems.
stakeholders.
Infrastructure Testing Results: Ensuring the resilience of
infrastructure involves regular testing to assess the organiza- provides insights into the organization’s commitment to
tion’s ability to withstand various scenarios and challenges ongoing scrutiny of its cybersecurity controls [17].
[9]. This indicator emphasizes the importance of conducting
systematic tests to evaluate the resilience of infrastructure The results of these audits offer a comprehensive view
components, including networks, servers, and other critical of the effectiveness of cybersecurity measures, the identi-
assets. fication of potential weaknesses, and the overall state of
compliance. By assessing the frequency and outcomes of
Regular testing allows organizations to identify vulnera- cybersecurity audits, organizations can gauge their ability to
bilities, validate the effectiveness of contingency plans, and maintain a proactive and vigilant approach to cybersecurity
refine strategies for maintaining infrastructure resilience. governance.
The results of these tests provide insights into the orga-
nization’s readiness to cope with disruptions and potential Vulnerability Assessments and Penetration Testing: To
areas for improvement. This indicator assesses the organi- proactively identify and address potential weaknesses in the
zation’s dedication to actively validating and enhancing the cybersecurity infrastructure, organizations should conduct
resilience of its technology and infrastructure. vulnerability assessments and penetration testing [49]. This
indicator emphasizes the importance of actively seeking
Hardware and Software Updates: Technology and in- vulnerabilities and weaknesses in systems, networks, and
frastructure resilience also hinge on the timely updates applications.
to hardware and software to address vulnerabilities. This
indicator underscores the importance of staying current with Evidence of vulnerability assessments and penetration
patches, updates, and security enhancements to mitigate testing includes documented reports, findings, and remedi-
potential risks. Timely updates are essential for closing ation efforts. Regular engagement in these activities demon-
vulnerabilities that could be exploited by malicious actors strates the organization’s proactive stance in identifying and
[48]. addressing potential security risks. This indicator assesses
the organization’s commitment to regularly evaluating its
Proactive measures to address vulnerabilities include cybersecurity defenses and fortifying its resilience against
applying security patches promptly, updating firmware, and evolving threats.
upgrading software to the latest versions. This indicator
evaluates the organization’s commitment to maintaining a Documentation of Improvements: Conducting audits and
secure and resilient technology environment through timely assessments is valuable only if the findings drive tangible
updates, reducing the likelihood of successful cyberattacks. improvements [39]. This indicator emphasizes the impor-
tance of documenting the specific actions taken to address
L. Regular Audits and Assessments vulnerabilities, enhance controls, and implement remedia-
Venturing into the last stage of the proposed cyber re- tion measures based on audit and assessment findings.
silience framework, the focus converges on Regular Audits
and Assessments—an integral component in maintaining Documentation of improvements provides a transparent
a robust cybersecurity posture. This stage emphasizes the record of the organization’s commitment to learning from
importance of systematic evaluations, audits, and assess- assessments and audits. It also serves as a guide for future
ments to identify vulnerabilities, assess controls, and drive enhancements, ensuring that the organization’s cybersecu-
continuous improvement. Three key indicators have been rity posture evolves in response to emerging threats and
identified to assess the organization’s commitment to regu- changing risk landscapes.
lar audits and assessments, as shown in Figure 12. M. Proposed Framework
The proposed cyber resilience framework introduces a
comprehensive and systematic approach to bolstering orga-
nizational defenses against evolving cyber threats. Through
twelve distinct stages, as shown in Figure 13, each anchored
by key indicators, the framework guides organizations on
a journey towards enhanced cyber resilience. The stages
cover a range of aspects from Governance and Leadership
to Continuous Monitoring, drawing inspiration from estab-
Figure 12. Regular Audits and Assessments Indicators lished global frameworks such as the NIST Cybersecurity
Framework (CSF), ISO 27001 and 27002, the CIS Controls,
Audit Frequency and Results: At the core of maintaining and the Payment Card Industry Data Security Standard (PCI
a resilient cybersecurity posture is the regular conduct of DSS).
cybersecurity audits. This indicator underscores the impor-
tance of systematically scheduled audits to assess the or- Aligning with the NIST CSF, the foundational stage
ganization’s adherence to policies, regulatory requirements, emphasizes the importance of a robust cybersecurity gover-
and cybersecurity best practices. The frequency of audits nance structure and clear leadership roles, woven seamlessly
Figure 13. Proposed Cyber Resilience Framework
into strategic decision-making processes. Risk Assessment seamlessly weave into strategic decision-making processes,
follows, echoing the adaptive risk management principles of emphasizing leadership commitment for a top-down ap-
both ISO 27001 and the NIST CSF. Security Policies and proach that fosters a culture of cyber resilience throughout
Procedures draw on the communicative and policy-centric the organization.
nature of ISO 27001, promoting accessibility, awareness,
and regular updates. The Employee Training and Awareness The accuracy of Risk Assessment indicators, when
stage converges with ISO 27001’s focus on continuous effectively implemented, lies in their ability to provide a
training and cultivating awareness of cyber threats. comprehensive and dynamic understanding of the cyber-
security landscape. Regularly updated cybersecurity risk
The proposed framework extends the NIST CSF by assessments serve as a foundational element, ensuring that
incorporating elements that specifically address the dynamic organizations stay informed about evolving threats and
and evolving nature of cyber threats. It introduces a more technological advancements. The documentation of these
nuanced approach to risk management, emphasizing on- assessments not only facilitates informed decision-making
going evaluation and adaptability. Furthermore, the frame- and compliance efforts but also promotes transparency
work enhances collaboration with stakeholders, ensuring a among stakeholders. The process of risk prioritization is
cooperative stance in the face of cybersecurity challenges. key to resource allocation, allowing organizations to focus
The unique contribution of the proposed framework lies in on mitigating high-impact risks efficiently. This targeted
its ability to provide organizations with a more adaptable approach ensures that efforts are directed towards vulner-
and comprehensive strategy for cyber resilience, addressing abilities with the most significant potential consequences,
the intricacies of the modern cybersecurity landscape and fostering an adaptive cybersecurity posture. Moreover, the
fostering a proactive and collaborative response to emerging emphasis on ongoing evaluation acknowledges the dynamic
threats. nature of cybersecurity risks, considering both internal
and external factors. Continuous analysis allows for the
5. Practical Implementation identification of new risks and enables organizations to
The practical implementation of the proposed cyber adapt their strategies proactively, enhancing their resilience
resilience framework involves a multifaceted process that against emerging threats and challenges.
requires a systematic integration of its stages and indicators
into the organizational fabric. Governance and leadership The next critical phase involves employee training and
are foundational, requiring the establishment of a robust cy- awareness. Organizations must develop a comprehensive
bersecurity governance structure with clearly defined roles cybersecurity training program for all employees and reg-
and responsibilities. Cybersecurity considerations should ularly conduct awareness campaigns. These initiatives aim
to keep the workforce informed about the dynamic nature thwarting emerging threats but also establishes a robust
of cyber threats. Equipping employees with the knowledge foundation for sustained cybersecurity resilience within the
and protocols for reporting suspicious activities fosters a organizational infrastructure.
cybersecurity-aware culture, turning every individual into a
proactive participant in the organization’s defense against 6. Implications and Limitations
cyber threats. The proposed cyber resilience framework is a compre-
hensive strategy for organizations to navigate the complex
Risk management is a pivotal stage in the implemen- cybersecurity landscape. It emphasizes a holistic approach
tation process, necessitating regular risk assessments to that includes governance, collaboration, technology, and on-
identify and prioritize potential threats. The organization going assessments. Leadership plays a crucial role in foster-
must develop strategies for mitigating identified risks and ing a cyber-resilient culture, integrating cybersecurity into
seamlessly integrate them into operational processes. Es- strategic decision-making, and recognizing cybersecurity as
tablishing a dedicated risk response team ensures a swift a shared responsibility. The framework also emphasizes
and coordinated approach to addressing emerging threats, continuous monitoring, technology resilience, and regular
enhancing the organization’s overall resilience. audits to stay ahead of emerging threats. However, its ef-
fectiveness may vary across industries, organizational sizes,
The subsequent stages involve the practical implemen- and geographical locations due to differences in regulations,
tation of incident response plans, business continuity and resource availability, and threat landscapes. The dynamic
disaster recovery measures, and security controls. These de- nature of the cyber threat landscape requires regular updates
mand the development and regular testing of comprehensive to address emerging threats, while resource constraints may
plans, documentation of measures, and the implementation hinder full implementation. Success depends on cultivating
of security controls, including the application of timely a cybersecurity-aware culture, addressing regulatory vari-
updates and the effectiveness of authentication methods. ability, human factors, technological evolution, and external
Collaboration with stakeholders and continuous monitoring dependencies.
are equally vital, requiring documented collaborative efforts,
active participation in industry groups, and evidence of 7. Conclusion and Future Research
proactive human-driven monitoring through regular audits. This study has charted a comprehensive course towards
cyber resilience, offering a robust framework designed to
The final implementation phase encompasses regulatory fortify organizations against the ever-evolving spectrum
compliance, technology, and infrastructure resilience, and of cyber threats. By addressing key dimensions, from
regular audits and assessments. Organizations must stay governance and collaboration to technology resilience and
informed about relevant cybersecurity regulations, conduct continuous monitoring, the framework provides a holis-
regular compliance assessments, and proactively adjust tic approach that extends beyond traditional cybersecurity
practices to align with evolving regulatory requirements. paradigms.
Ensuring technology and infrastructure resilience involves
redundancy measures, regular testing, and timely updates. The journey begins with governance and leadership,
Regular audits, vulnerability assessments, and penetration recognizing that a strong foundation necessitates strate-
testing contribute to ongoing improvements, and document- gic integration of cybersecurity considerations into or-
ing specific actions taken to address vulnerabilities is essen- ganizational decision-making. Collaboration with external
tial. This comprehensive implementation strategy forms a stakeholders amplifies the collective strength against cyber
resilient cybersecurity foundation, positioning organizations threats, emphasizing the interconnected nature of cyberse-
to navigate the complexities of the digital realm and fortify curity. Continuous monitoring, technology resilience, and
their defenses against the uncertainties of the cyber threat regular audits form pivotal stages, ensuring that organiza-
landscape. tions remain vigilant, adaptable, and proactive in the face
of dynamic threat landscapes. The framework’s emphasis
In addition, regular updates at each stage of the proposed on documentation and evidence-based improvements under-
framework in response to emerging threats play a pivotal scores a commitment to transparency, accountability, and
role in enhancing its efficiency and resilience. By staying continuous learning.
abreast of the evolving threat landscape, the framework can
adapt and incorporate the latest cybersecurity measures, In essence, this study not only lays out a roadmap for
ensuring it remains well-suited to address contemporary building cyber resilience but emphasizes the importance of
challenges. Continuous monitoring and analysis of new a cultural shift. Beyond technologies and processes, it is a
threats enable timely adjustments to risk thresholds, allow- call for organizations to instill a cybersecurity-aware ethos,
ing for a proactive and dynamic approach to risk manage- transforming cybersecurity from a compliance checkbox to
ment. Integrating the most up-to-date threat intelligence into an integral aspect of organizational DNA. As organizations
the framework’s protocols ensures that mitigation strategies embark on this journey towards cyber resilience, they equip
are aligned with current cybersecurity risks. This iterative themselves not only to withstand the current threat land-
process not only bolsters the framework’s effectiveness in scape but also to evolve with it. The framework serves as a
dynamic guide, acknowledging the fluidity of cybersecurity
challenges and providing a compass for organizations to for businesses resilience: Issues and recommendations,” Sensors,
navigate towards a future fortified against the uncertainties vol. 23, no. 15, p. 6666, 2023.
of the digital realm.
[5] M. F. Safitra, M. Lubis, and H. Fakhrurroja, “Counterattacking cyber
Future research in cyber resilience aims to refine strate- threats: A framework for the future of cybersecurity,” Sustainability,
vol. 15, no. 18, p. 13369, 2023.
gies, addressing challenges through understanding human
behavior in cybersecurity, integrating advanced AI and ML [6] A. Hawamleh, A. S. M. Alorfi, J. A. Al-Gasawneh, and G. Al-
technologies, establishing quantifiable metrics, fostering Rawashdeh, “Cyber security and ethical hacking: The importance
cross-industry collaboration, and adapting to the resilience of protecting user data,” Solid State Technology, vol. 63, no. 5, pp.
requirements of emerging technologies. Additionally, the 7894–7899, 2020.
implementation of Automated Risk Assessment using AI
[7] A. Mishra, Y. I. Alzoubi, M. J. Anwar, and A. Q. Gill, “Attributes
is a promising direction to overcome challenges related to impacting cybersecurity policy development: An evidence from
insufficient grasp of acceptable risk thresholds in traditional seven nations,” Computers & Security, vol. 120, p. 102820, 2022.
risk assessments. Leveraging machine learning algorithms,
this approach enhances the precision and effectiveness of [8] A. Kanaan, A. AL-Hawamleh, A. Abulfaraj, H. Al-Kaseasbeh, and
risk evaluations, overcoming human limitations and stream- A. Alorfi, “The effect of quality, security and privacy factors on trust
lining processes for efficiency in responding to evolving and intention to use e-government services,” International Journal
of Data and Network Science, vol. 7, no. 1, pp. 185–198, 2023.
cybersecurity landscapes. Moreover, a recommended future
research direction involves empirical assessments, such as [9] A. M. Alhawamleh, “Advanced spam filtering in electronic mail
cyber resilience reviews, to comprehensively evaluate the using hybrid the mini batch k-means normalized mutual information
practical application of the proposed framework, particu- feature elimination with elephant herding optimization technique,”
larly in assessing the effectiveness of security policies and International Journal of Computing and Digital Systems, vol. 13,
no. 1, pp. 1–1, 2023.
procedures.
Furthermore, future research endeavors should aim to [10] J. Jeimy and M. Cano, “Flexi-a conceptual model for enterprise
cyber resilience,” Procedia Computer Science, vol. 219, pp. 11–19,
enhance the proposed cyber resilience framework by in- 2023.
corporating insights from established global standards like
the NIST Cybersecurity Framework (CSF), ISO 27001 and [11] A. Alqudhaibi, S. Deshpande, S. Jagtap, and K. Salonitis, “Towards
27002, CIS Controls, and PCI DSS. Aligning the framework a sustainable future: developing a cybersecurity framework for
with the NIST CSF functions would establish a structured manufacturing,” Technological Sustainability, vol. 2, no. 4, pp. 372–
387, 2023.
and universally recognized approach to cybersecurity. Ex-
plicit references to ISO standards would further globalize [12] S. Slapničar, M. Axelsen, I. Bongiovanni, and D. Stockdale, “A
the framework, ensuring alignment with widely accepted pathway model to five lines of accountability in cybersecurity gov-
best practices. Integration with CIS Controls could boost ernance,” International journal of accounting information systems,
practicality and actionable measures, offering a prioritized vol. 51, p. 100642, 2023.
set of cybersecurity actions. Tailoring the framework to
include PCI DSS compliance standards would address the [13] A. Panda and A. Bower, “Cyber security and the disaster resilience
framework,” International Journal of Disaster Resilience in the Built
needs of organizations handling payment card transactions, Environment, vol. 11, no. 4, pp. 507–518, 2020.
ensuring comprehensive adherence to industry-specific se-
curity measures. This approach not only enriches the frame- [14] F. Kitsios, E. Chatzidimitriou, and M. Kamariotou, “Developing a
work’s versatility but also aligns it with globally acknowl- risk analysis strategy framework for impact assessment in informa-
edged cybersecurity standards, paving the way for a more tion security management systems: A case study in it consulting
industry,” Sustainability, vol. 14, no. 3, p. 1269, 2022.
robust and universally applicable resilience framework.
References [15] I. F. De Arroyabe, C. F. Arranz, M. F. Arroyabe, and J. C. F.
de Arroyabe, “Cybersecurity capabilities and cyber-attacks as drivers
[1] Ö. Aslan, S. S. Aktuğ, M. Ozkan-Okay, A. A. Yilmaz, and E. Akin, of investment in cybersecurity systems: A uk survey for 2018 and
“A comprehensive review of cyber security vulnerabilities, threats, 2019,” Computers & Security, vol. 124, p. 102954, 2023.
attacks, and solutions,” Electronics, vol. 12, no. 6, p. 1333, 2023.
[16] T. N. Alrumaih, M. J. Alenazi, N. A. AlSowaygh, A. A. Humayed,
[2] A. N. Lone, S. Mustajab, and M. Alam, “A comprehensive study on and I. A. Alablani, “Cyber resilience in industrial networks: A state
cybersecurity challenges and opportunities in the iot world,” Security of the art, challenges, and future directions,” Journal of King Saud
and Privacy, vol. 6, no. 6, p. e318, 2023. University-Computer and Information Sciences, p. 101781, 2023.
[3] A. E. Omolara, A. Alabdulatif, O. I. Abiodun, M. Alawida, A. Alab- [17] H. M. Melaku, “A dynamic and adaptive cybersecurity governance
dulatif, H. Arshad et al., “The internet of things security: A survey framework,” Journal of Cybersecurity and Privacy, vol. 3, no. 3,
encompassing unexplored areas and new insights,” Computers & pp. 327–350, 2023.
Security, vol. 112, p. 102494, 2022.
[18] A. AL-Hawamleh, “Exploring the satisfaction and continuance in-
[4] S. Saeed, S. A. Altamimi, N. A. Alkayyal, E. Alshehri, and tention to use e-learning systems: An integration of the information
D. A. Alabbad, “Digital transformation and cybersecurity challenges systems success model and the technology acceptance model,” In-
ternational journal of electrical and computer engineering systems, [34] G. Sarkar and S. K. Shukla, “Behavioral analysis of cybercrime:
vol. 15, no. 2, pp. 201–214, 2024. Paving the way for effective policing strategies,” Journal of Eco-
nomic Criminology, p. 100034, 2023.
[19] B. Dupont, C. Shearing, M. Bernier, and R. Leukfeldt, “The tensions
of cyber-resilience: From sensemaking to practice,” Computers & [35] Z. Jaradat, A. AL-Hawamleh, M. Altarawneh, H. Hikal, and
Security, vol. 132, p. 103372, 2023. A. Elfedawy, “The interplay between intellectual capital, business
intelligence adoption, and the decision to innovate: Evidence from
[20] S. Pandey, R. K. Singh, and A. Gunasekaran, “Supply chain risks jordan,” International Journal of Computing and Digital Systems,
in industry 4.0 environment: review and analysis framework,” Pro- vol. 15, no. 1, pp. 1–12, 2024.
duction Planning & Control, vol. 34, no. 13, pp. 1275–1302, 2023.
[36] J. Al-Gasawneh, A. AL-Hawamleh, A. Alorfi, and G. Al-Rawashde,
[21] F. Abdullayeva, “Cyber resilience and cyber security issues of “Moderating the role of the perceived security and endorsement on
intelligent cloud computing systems,” Results in Control and Opti- the relationship between per-ceived risk and intention to use the
mization, vol. 12, p. 100268, 2023. artificial intelligence in financial services,” International Journal of
Data and Network Science, vol. 6, no. 3, pp. 743–752, 2022.
[22] J. V. Barraza de la Paz, L. A. Rodrı́guez-Picón, V. Morales-
Rocha, and S. V. Torres-Argüelles, “A systematic review of risk [37] D. Muneeb, A. Khattak, K. Wahba, S. Abdalla, and S. Z. Ahmad,
management methodologies for complex organizations in industry “Dynamic capabilities as a strategic flexibility enabler: organiza-
4.0 and 5.0,” Systems, vol. 11, no. 5, p. 218, 2023. tional responsiveness to covid-19,” Journal of Asia Business Studies,
vol. 17, no. 4, pp. 824–849, 2023.
[23] I. Meriah and L. B. A. Rabai, “Comparative study of ontologies
based iso 27000 series security standards,” Procedia Computer [38] A. AL-Hawamleh, M. Altarawneh, H. Hikal, and A. Elfedawy,
Science, vol. 160, pp. 85–92, 2019. “Blockchain technology and virtual asset accounting in the meta-
verse: A comprehensive review of future directions,” International
Journal of Computing and Digital Systems, vol. 15, no. 1, pp. 1–16,
[24] Y. Nugraha and A. Martin, “Towards a framework for trustworthy
2024.
data security level agreement in cloud procurement,” Computers &
Security, vol. 106, p. 102266, 2021.
[39] H. Naseer, K. Desouza, S. B. Maynard, and A. Ahmad, “Enabling
cybersecurity incident response agility through dynamic capabilities:
[25] H. Stewart and J. Jürjens, “Information security management and the
the role of real-time analytics,” European Journal of Information
human aspect in organizations,” Information & Computer Security,
Systems, pp. 1–21, 2023.
vol. 25, no. 5, pp. 494–534, 2017.
[40] A. M. Hawamleh and A. Ngah, “An adoption model of mobile
[26] J. Butt, “A conceptual framework to support digital transformation
knowledge sharing based on the theory of planned behavior,” Jour-
in manufacturing using an integrated business process management
nal of Telecommunication, Electronic and Computer Engineering
approach,” Designs, vol. 4, no. 3, p. 17, 2020.
(JTEC), vol. 9, no. 3-5, pp. 37–43, 2017.
[27] H. Winarno, F. Yasin, M. A. Prasetyo, F. Rohman, M. R. Shihab,
[41] A. M. AL-Hawamleh, “Predictions of cybersecurity experts on fu-
and B. Ranti, “It infrastructure security risk assessment using the
ture cyber-attacks and related cybersecurity measures,” International
center for internet security critical security control framework: a case
Journal of Advanced Computer Science and Applications, vol. 14,
study at insurance company,” in 2020 3rd International Conference
no. 2, 2023.
on Computer and Informatics Engineering (IC2IE). IEEE, 2020,
pp. 404–409.
[42] N. Stojčić, “Collaborative innovation in emerging innovation sys-
tems: Evidence from central and eastern europe,” The Journal of
[28] B. Russell and D. Van Duren, Practical internet of things security.
Technology Transfer, vol. 46, no. 2, pp. 531–562, 2021.
Packt Publishing Ltd, 2016.
[43] D. Schlette, M. Caselli, and G. Pernul, “A comparative study on
[29] T. Limba, T. Plėta, K. Agafonov, and M. Damkus, “Cyber security
cyber threat intelligence: The security incident response perspec-
management model for critical infrastructure,” Entrepreneurship and
tive,” IEEE Communications Surveys & Tutorials, vol. 23, no. 4,
sustainability issues. Vilnius: Entrepreneurship and Sustainability
pp. 2525–2556, 2021.
Center, 2017, vol. 4, no. 4., 2017.
[44] E. Tuyishime, T. C. Balan, P. A. Cotfas, D. T. Cotfas, and A. Rek-
[30] M. N. M. Bhutta, S. Bhattia, M. A. Alojail, K. Nisar, Y. Cao,
eraho, “Enhancing cloud security—proactive threat monitoring and
S. A. Chaudhry, and Z. Sun, “Towards secure iot-based payments
detection using a siem-based approach,” Applied Sciences, vol. 13,
by extension of payment card industry data security standard (pci
no. 22, p. 12359, 2023.
dss),” Wireless Communications and Mobile Computing, vol. 2022,
pp. 1–10, 2022.
[45] C. Donalds and K.-M. Osei-Bryson, “Cybersecurity compliance
behavior: Exploring the influences of individual decision style and
[31] E. A. Morse and V. Raval, “Pci dss: Payment card industry data
other antecedents,” International Journal of Information Manage-
security standards in context,” Computer Law & Security Review,
ment, vol. 51, p. 102056, 2020.
vol. 24, no. 6, pp. 540–554, 2008.
[46] Z. Jaradat, A. Al-Hawamleh, M. O. Al Shbail, and A. Hamdan,
[32] J. Seaman, PCI DSS: an integrated data security standard guide.
“Does the adoption of blockchain technology add intangible benefits
Apress, 2020.
to the industrial sector? evidence from jordan,” Journal of Financial
Reporting and Accounting, 2023.
[33] S. Majumdar, T. Madi, Y. Wang, A. Tabiban, M. Oqaily, A. Alimo-
hammadifar, Y. Jarraya, M. Pourzandi, L. Wang, and M. Debbabi,
[47] M. Belesioti, R. Makri, P. Karaivazoglou, E. Sfakianakis,
Cloud security auditing. Springer, 2019.
I. Chochliouros, and A. Kyritsis, “Security and resilience in critical

infrastructures,” in Technology Development for Security Practition-
ers. Springer, 2021, pp. 317–333.
[48] W. Al Omari, N. Mai, H. S. Hin, and A. Al Hawamleh, “Enhancing

learning process by applying cooperative learning supported with
augmented reality environment,” International Journal, vol. 10,
no. 4, pp. 68–75, 2023.
[49] P. Lachkov, L. Tawalbeh, and S. Bhatt, “Vulnerability assessment

for applications security through penetration simulation and testing,”
Journal of Web Engineering, vol. 21, no. 7, pp. 2187–2208, 2022.
Ahmad Mtair AL-Hawamleh holds the po-

sition of Assistant Professor specializing in
Computer Science-Cybersecurity at the In-
stitute of Public Administration-KSA. With
expertise in Blackboard Education Tech-
nology and Services, he is also a certi-
fied trainer in the Zoom Meetings Platform.
AL-Hawamleh earned his Ph.D. in Com-
puter Science from the University Malaysia
Terengganu (UMT) in 2018 and obtained his
MSc in IT from University Utara Malaysia (UUM) in 2012. His
research spans the domains of Information Security, Cybersecurity,
Blockchain, AI, and IoT. His contributions to the fields are
evident through research papers published in journals indexed
under prestigious data sources such as Scopus and Web of Science.

Ijcds150193 1570991548

Uploaded by

Copyright:

Available Formats

Ijcds150193 1570991548

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ijcds150193 1570991548

Uploaded by

Copyright:

Available Formats

International Journal of Computing and Digital Systems

Cyber Resilience Framework: Strengthening Defenses and

1. Introduction more critical. Organizations are now heavily reliant on

E-mail address: [email protected] https:// journal.uob.edu.bh/

Ultimately, the optimal choice depends on an organization’s

A. Governance and Leadership In this context, well-defined roles and responsibilities

indicator underscores the importance of both the frequency

H. Collaboration with Stakeholders

Figure 7. Security Controls Indicators

exploits. The indicator underscores the organization’s com-

the cybersecurity framework. This collaboration, promoting

organization’s dedication to maintaining a comprehensive Adjustments to Practices: As regulatory landscapes

Figure 10. Regulatory Compliance Indicators

Awareness of Cybersecurity Regulations: The founda-

Figure 13. Proposed Cyber Resilience Framework

I. Chochliouros, and A. Kyritsis, “Security and resilience in critical

[48] W. Al Omari, N. Mai, H. S. Hin, and A. Al Hawamleh, “Enhancing

[49] P. Lachkov, L. Tawalbeh, and S. Bhatt, “Vulnerability assessment

Ahmad Mtair AL-Hawamleh holds the po-

You might also like