WEEK3.docx

1

2

Acceptable topics

Student

Instructor

University affiliation

Class Name

Date

Summary of Key Articles on Cybersecurity Governance and Risk Management

Cybersecurity governance also has a central function in the processes used by organizations to regulate the risks associated with cyber threats. This paper presents a summary of five articles that contribute significantly to understanding the impact of cybersecurity governance on risk management practices in organizations.

1. Jarjoui, S. & Murimi, R. (2021). A Framework for Enterprise Cybersecurity Risk Management. Advances in cybersecurity management

In their recent systematic literature review, Jarjoui and Murimi (2021) propose a framework for implementing cybersecurity governance within the context of enterprise risk management (ERM). The authors also pay considerable attention to such concepts as the integration of cybersecurity measures into other organizational risk policies.

Relevance to Topic: This framework directly fills the gap of how governance can be integrated into risk management, which is an important component of the proposed study. This demonstrates how proper governance of the firm leads to an improvement of controls to address the risks of cyber threats.

Methodology: This work employs a qualitative research analytic approach in trying to explore the existing cybersecurity frameworks and compare enterprises' security practices. The authors encourage future researchers to determine how this framework is implemented across various industries.

Conclusions: Integrating a unified model of cybersecurity governance when addressing the problems of managing risks in an organization is extremely effective. This in turn has prompted the need for governance structures that can address specifics of the particular industries involved.

2. The impact of cybersecurity risk management examinations and cybersecurity incidents on investor perceptions and decisions.

Perols and Murthy (2021) examine how cybersecurity risk management audits and disruptive events affect investors’ judgment. For that reason, they contend that organizations that have structured governance systems that comprehensively address cybersecurity are more likely to retain investor confidence even in the aftermath of cyber events.

Relevance to Topic: Among external dimensions of cybersecurity governance this article reveals the impact of cybersecurity on investors. The claim advances that sound governance does not only eliminate operating risks but also safeguards the image and solvency of a company.

Methodology: The research method is also quantitative, which serves to examine the responses of investors from public companies. This empirical method is popular and effective for the analysis of the financial consequences of cybersecurity governance.

Conclusions: The result of the analysis of the research materials indicates that corporate actions with effective governance practices can significantly mitigate the detrimental effects of cyber security events on investors’ decisions as they emphasize the necessity of transparent and effective cyber security policies.

3. Evaluating the cyber security readiness of organizations and its influence on performance.

In this paper, Hasan et al., (2021) assess the state of readiness in organizations for cybersecurity and its impact on performance. Instead, they present a maturity model that describes the extent of organizations’ readiness for confronting cyber threats in relation to their governance frameworks.

Relevance to Topic: The article is useful in establishing the connection between an organization’s level of governance maturity on the level of risk management it achieves. This shows that an organization’s level of preparedness for cyber threats, based on good governance practice, is proportional to organizational performance.

Methodology: The study applies a survey method to assess the firms’ preparedness for cybersecurity threats. This generally used and recognized methodology is useful for the evaluation of governance maturity levels in diverse industries.

Conclusions: Those organizations with a more developed state of cybersecurity governance structures observe improved organizational performance and are capable of adequate risk management thus confirming the readiness as the crucial part of the cybersecurity governance.

4. Integrating cybersecurity and enterprise risk management (ERM)

This article from the National Institute of Standards and Technology (NIST) offers direction for implementing cybersecurity with enterprise risk management. It provides specific guidance on how governance arrangements can be integrated with other systems of risk management.

Relevance to Topic: This article is important for the proposed study because it provides a set of guidelines for how to integrate cybersecurity governance into ERM. This paper underscores the role of governance in managing diverse risks prevalent in organizations cutting across different industries.

Methodology: Conceptually, the authors harness a regulatory and a framework-based method to give directions on how to enhance cybersecurity governance in organizations.

Conclusions: The fact that organizations are making cybersecurity governance as an integrated process with ERM proves the notion in this work that governance has to be a comprehensive component of organizational strategy.

5. PRISM: a strategic decision framework for cybersecurity risk assessment. Information & Computer Security

PRISM was developed by Goel et al. (2020) to provide a decision model for cybersecurity risk evaluation. The model also makes emphasizes with regards to the making of governance as one of the strategic factors in cybersecurity decisions.

Relevance to Topic: The PRISM framework offers a strategic vision in the context of governance on how an organization might approach, evaluate, and control cybersecurity risk, coupling governance with decision-making in risk management.

Methodology: To ensure the identified framework is generalized across a host of industries, the article uses both quantitative and qualitative data to prove the mixed-method framework.

Conclusions: By coming up with strategic decision-making frameworks such as PRISM then an organization's capability of handling cyber security risks is boosted; therefore, supports the importance of efficient governance for the organization in handling risks.

References

Goel, R., Kumar, A., & Haddow, J. (2020). PRISM: a strategic decision framework for cybersecurity risk assessment. Information & Computer Security, 28(4), 591-625.

Hasan, S., Ali, M., Kurnia, S., & Thurasamy, R. (2021). Evaluating the cyber security readiness of organizations and its influence on performance. Journal of Information Security and Applications, 58, 102726.

Jarjoui, S., & Murimi, R. (2021). A framework for enterprise cybersecurity risk management. In Advances in cybersecurity management (pp. 139-161). Cham: Springer International Publishing.

Perols, R. R., & Murthy, U. S. (2021). The impact of cybersecurity risk management examinations and cybersecurity incidents on investor perceptions and decisions. Auditing: A Journal of Practice & Theory, 40(1), 73-89.

Stine, K., Stine, K., Quinn, S., Witte, G., & Gardner, R. K. (2020). Integrating cybersecurity and enterprise risk management (ERM) (Vol. 10). US Department of Commerce, National Institute of Standards and Technology.