A CONTINUOUS MONITORING FRAMEWORK TO MANAGE CYBERSECURITY AGAINST INSIDER THREATS Open Access
Downloadable ContentDownload PDF
In today’s “Cyber-Society,” an enterprise faces numerous Cybersecurity challenges as Cybercriminals, hackers, and insider threats constantly threaten to compromise the Confidentiality, Integrity, and Availability (CIA) of the enterprise’s assets and data. This research presents a Dynamic Framework system that has a proactive security concept as opposed to the traditional reactive approach. This Dynamic Framework system minimizes the risks that Cybercriminals, hackers, and insider threats pose to an enterprise’s CIA. The Dynamic Framework system is mapped to the National Institute of Standards and Technology’s (NIST) Risk Framework (RF), is designed based on three functional Controls (Preventive, Detective and Corrective), enables an enterprise to develop a healthier Cyber Hygiene (CH) through continuous monitoring of its assets, and is capable of ensuring a proper alignment between the business functionality and Cybersecurity missions of an enterprise. Furthermore, although the Dynamic Framework system was developed based on the Financial Services Sector’s vulnerabilities, its functionality applies to all enterprises.This research recognizes that the current Cybersecurity practices are insufficient to prevent a Cyber-Attack, respond to a Cyber-Attack, and, most importantly, remain resilient during a Cyber-Attack. The purpose of the Dynamic Framework system is to recommend a new and near-future Cyber-Ecosystem (CE), which an enterprise in the Financial Services Sector, or other sectors, can use to improve its security posture.