TY - JOUR
T1 - A systematic review of cyber-resilience assessment frameworks
AU - Sepúlveda Estay, Daniel A.
AU - Sahay, Rishikesh
AU - Barfod, Michael B.
AU - Jensen, Christian D.
N1 - Publisher Copyright:
© 2020
Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.
PY - 2020/10
Y1 - 2020/10
N2 - Cyber-attacks are regarded as one of the most serious threats to businesses worldwide. Organizations dependent on Information Technology (IT) derive value not only from preventing cyber-attacks, but also from responding promptly and coherently when cyber-attacks happen so as to minimize their disruptive effect on operations. This capacity is known as cyber-resilience. As multiple cyber-resilience frameworks (CRF) have been proposed in literature, an increased clarity about the scope, characteristics, synergies and gaps in existing CRFs will facilitate scientific research advancement in this area. This paper uses a systematic literature review to identify extant research on CRFs. The analysis is based on a sample representing 36 different industries and 25 different research areas. Through the use of descriptive analysis and thematic categorization, this paper makes a contribution by identifying CRFs as either strategic or operational, by the hierarchy of their decision influence, by the attacks addressed, and through the methods used and the places and institutions doing CRF research. As a result, this work presents an overview map of the current CRF research landscape, identifies relevant research gaps, highlights similarities and synergies between CRFs, and proposes opportunities for interdisciplinary research, as a contribution to guide future research in this area.
AB - Cyber-attacks are regarded as one of the most serious threats to businesses worldwide. Organizations dependent on Information Technology (IT) derive value not only from preventing cyber-attacks, but also from responding promptly and coherently when cyber-attacks happen so as to minimize their disruptive effect on operations. This capacity is known as cyber-resilience. As multiple cyber-resilience frameworks (CRF) have been proposed in literature, an increased clarity about the scope, characteristics, synergies and gaps in existing CRFs will facilitate scientific research advancement in this area. This paper uses a systematic literature review to identify extant research on CRFs. The analysis is based on a sample representing 36 different industries and 25 different research areas. Through the use of descriptive analysis and thematic categorization, this paper makes a contribution by identifying CRFs as either strategic or operational, by the hierarchy of their decision influence, by the attacks addressed, and through the methods used and the places and institutions doing CRF research. As a result, this work presents an overview map of the current CRF research landscape, identifies relevant research gaps, highlights similarities and synergies between CRFs, and proposes opportunities for interdisciplinary research, as a contribution to guide future research in this area.
KW - Cyber-attack response
KW - Cyber-resilience
KW - Literature review
KW - Recovery frameworks
UR - http://www.scopus.com/inward/record.url?scp=85089439688&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2020.101996
DO - 10.1016/j.cose.2020.101996
M3 - Journal article
AN - SCOPUS:85089439688
SN - 0167-4048
VL - 97
JO - Computers & Security
JF - Computers & Security
M1 - 101996
ER -