Discovering the Variables of Cyber Risk Assessment Through a Systematic Literature Review
DOI:
https://doi.org/10.24191/jikm.v15iSI2.7241Abstract
This paper presents a working process in discovering the processes involved in cyber risk assessment by using systematic literature review (SLR). Cyber risk assessment is part of the risk management process of cyber security. Various approaches were used in assessing cyber risk; thus, this research tends to discover the process usually involved in the assessment part of risk management. The objectives are to discover related literature through the SLR and to identify variables used in assessing risk. A three-staged systematic review was used in this SLR which is planning, conducting, and reporting the review. The finding shows the variables discovered in each process of assessment. The finding also shows that traditional processes of identification, analysis and evaluation are still widely used in assessing risk. A framework was produced based on the process and variables found. This research would help to give a clear overview of how cyber risk assessment usually being conducted and can be a good guideline at the assessing part of risk management.
References
Anwar, N. (2015). The Impact of Information Technology Infrastructure Flexibility on Strategic Use of Information Systems. Pacific Asia Conference on Information Systems (PACIS), 3, Paper 271.
Baharuddin, M. F., Tengku, T. A., Mohamad, A. N., & Hasnol, W. M. H. W. (2016). A Framework-based Knowledge Management System (KMS) for Dynamic Decision-Making (DDM). International Journal of Academic Research in Business and Social Sciences, 6(4). https://doi.org/10.6007/ijarbss/v6-i4/2107
Crowdstrike. (2024). 2024 Global Threat Report. CrowdStrike 2024 global threat report.
Cybersecurity Risk Assessment. (n.d.). Retrieved January 6, 2024, from https://www.itgovernance.asia/cyber-security-risk-assessments-10-steps-to-cyber-security
(Gough et al., (2012). An introduction to systemic reviews.
History of Cyber Security - Cyber Security Degree. (n.d.). Retrieved January 16, 2024, from https://cyber-security.degree/resources/history-of-cyber-security/
Introduction to JBI Systematic Reviews - JBI Manual for Evidence Synthesis - JBI Global Wiki. (n.d.). Retrieved June 21, 2024, from https://jbi-global-wiki.refined.site/space/MANUAL/4687241/1.1+Introduction+to+JBI+Systematic+reviews
ISO 27001. (2013). INTERNATIONAL STANDARD ISO / IEC Information technology — Security techniques — Information security management systems — Requirements. Information Technology — Security Techniques — Information Security Management Systems — Requirements, 2014(ISO/IEC 27001:2013), 38.
ISO, I S O. (2011). IEC 27005: Information technology–security techniques–information security risk management. Iso/Iec, 44(0).
ISO, International Standards Organisation, 1, J. T. C. I. J., Technology, I., & Subcommittee SC 27, I. S. techniques. (2008). Iso/Iec 27005:2008. 3, 61. http://www.iso.org
Jnguyen. (2024, February 22). What is cyber security? the different types of cybersecurity. Check Point Software. https://www.checkpoint.com/cyber-hub/cyber-security/what-is-cybersecurity/
Kitchenham, B. A., & Charters, S. (2007). Guidelines for performing Systematic Literature Reviews in Software Engineering. EBSE Technical Report EBSE-2007-01. School of Computer Science and Mathematics, Keele University. January, 1–57.
McNeil, M., Llanso, T., & Pearson, D. (2018, April 10). Application of capability-based cyber risk assessment methodology to a space system. ACM International Conference Proceeding Series. https://doi.org/10.1145/3190619.3190644
Michael, S. (2024, November 10). The 3 types of security controls (expert explains). PurpleSec. https://purplesec.us/learn/security-controls/
Patel, S., & Zaveri, J. (2010). A risk-assessment model for cyber attacks on information systems. Journal of Computers, 5(3), 352–359. https://doi.org/10.4304/jcp.5.3.352-359
Petticrew, M., & Roberts, H. (2008). Systematic Reviews in the Social Sciences: A Practical Guide. In Systematic Reviews in the Social Sciences: A Practical Guide. https://doi.org/10.1002/9780470754887
PRISMA. (n.d.). Retrieved June 21, 2024, from https://prisma-statement.org//prismastatement/flowdiagram.aspx
Purssell, E., & McCrae, N. (2020). How to Perform a Systematic Literature Review. In How to Perform a Systematic Literature Review. https://doi.org/10.1007/978-3-030-49672-2
RSA. (2016). Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise. Rsa, 1–4. http://www.reuters.com/article/us-nasdaq-halt-glitch-idUSBRE97S11420130829%0Ahttp://www.reuters.com/article/us-nasdaq-halt-glitch-idUSBRE97S11420130829%0Ahttp://www.reuters.com/article/us-nasdaq-halt-glitch-idUSBRE97S11420130829%0Ahttps://www.rsa.com/cont
Wasyihun Sema, A., Yirga Yayeh, M., & Abebe Abeshu, D. (2024). Cyber Security: State of the Art, Challenges and Future Directions.
Zaini, M. K., Masrek, M. N., & Abdullah Sani, M. K. J. (2020). The impact of information security management practices on organizational agility. Information and Computer Security, 28(5), 681–700. https://doi.org/10.1108/ICS-02-2020-0020
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Farrah Diana Saiful Bahry; Zahari Mohd Amin, noriza, Mohd Shamsul Mohd Shoid, Norzuraiza Rina Ahmad, Suzaliana Samuri
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Copyright of articles that appear in the journal belongs exclusively to Faculty of Information Science, Universiti Teknologi MARA (Publisher). This copyright covers the rights to reproduce the article, including reprints, electronic reproductions or any other reproductions of similar nature.
