Next Article in Journal
Segmentation of Acne Vulgaris Images Techniques: A Comparative and Technical Study
Next Article in Special Issue
Phishing Node Detection in Ethereum Transaction Network Using Graph Convolutional Networks
Previous Article in Journal
A Case Report of Zygomatic Fracture Reconstruction: Evaluation with Orbital Measurements and Models Registration
Previous Article in Special Issue
A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA Systems
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 13
Issue 10
10.3390/app13106145
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Risk-Based Cybersecurity Compliance Assessment System (RC2AS)

by
Afnan Alfaadhel
1,
Iman Almomani
1,2,* and
Mohanned Ahmed
1
1
Security Engineering Lab, Computer Science Department, Prince Sultan University, Riyadh 11586, Saudi Arabia
2
Computer Science Department, King Abdullah II School of Information Technology, The University of Jordan, Amman 11942, Jordan
*
Author to whom correspondence should be addressed.
Appl. Sci. 2023, 13(10), 6145; https://doi.org/10.3390/app13106145
Submission received: 7 April 2023 / Revised: 10 May 2023 / Accepted: 12 May 2023 / Published: 17 May 2023
(This article belongs to the Special Issue Advances in Cybersecurity: Challenges and Solutions)
Browse Figures
Versions Notes

Abstract

Cybersecurity attacks are still causing significant threats to individuals and organizations, affecting almost all aspects of life. Therefore, many countries worldwide try to overcome this by introducing and applying cybersecurity regularity frameworks to maintain organizations’ information and digital resources. Saudi Arabia has taken practical steps in this direction by developing the essential cybersecurity control (ECC) as a national cybersecurity regulation reference. Generally, the compliance assessment processes of different international cybersecurity standards and controls (ISO2700x, PCI, and NIST) are generic for all organizations with different scopes, business functionality, and criticality level, where the overall compliance score is absent with no consideration of the security control risk. Therefore, to address all of these shortcomings, this research takes the ECC as a baseline to build a comprehensive and customized risk-based cybersecurity compliance assessment system (RC2AS). ECC has been chosen because it is well-defined and inspired by many international standards. Another motive for this choice is the limited related works that have deeply studied ECC. RC2AS is developed to be compatible with the current ECC tool. It offers an offline self-assessment tool that helps the organization expedite the assessment process, identify current weaknesses, and provide better planning to enhance its level based on its priorities. Additionally, RC2AS proposes four methods to calculate the overall compliance score with ECC. Several scenarios are conducted to assess these methods and compare their performance. The goal is to reflect the accurate compliance score of an organization while considering its domain, needs, resources, and risk level of its security controls. Finally, the outputs of the assessment process are displayed through rich dashboards that comprehensively present the organization’s cybersecurity maturity and suggest an improvement plan for its level of compliance.
Keywords: compliance assessment; maturity model; cybersecurity; risk; ECC; Saudi Arabia compliance assessment; maturity model; cybersecurity; risk; ECC; Saudi Arabia

Share and Cite

MDPI and ACS Style

Alfaadhel, A.; Almomani, I.; Ahmed, M. Risk-Based Cybersecurity Compliance Assessment System (RC2AS). Appl. Sci. 2023, 13, 6145. https://doi.org/10.3390/app13106145

AMA Style

Alfaadhel A, Almomani I, Ahmed M. Risk-Based Cybersecurity Compliance Assessment System (RC2AS). Applied Sciences. 2023; 13(10):6145. https://doi.org/10.3390/app13106145

Chicago/Turabian Style

Alfaadhel, Afnan, Iman Almomani, and Mohanned Ahmed. 2023. "Risk-Based Cybersecurity Compliance Assessment System (RC2AS)" Applied Sciences 13, no. 10: 6145. https://doi.org/10.3390/app13106145

APA Style

Alfaadhel, A., Almomani, I., & Ahmed, M. (2023). Risk-Based Cybersecurity Compliance Assessment System (RC2AS). Applied Sciences, 13(10), 6145. https://doi.org/10.3390/app13106145

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop