Cyber security maturity assessment framework for technology startups: A systematic literature review
Cybersecurity has gained increasing importance among firms of different sizes and industries due to the significant rise of cyber-attacks over time. Technology startups are particularly vulnerable to cyber-attacks due to the lack of cyber security measures. This is because of limited human capital a...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Institute of Electrical and Electronics Engineers Inc.
2023
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/107589/1/AliSelamat2023_CyberSecurityMaturityAssessmentFramework.pdf http://eprints.utm.my/107589/ http://dx.doi.org/10.1109/ACCESS.2022.3229766 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.utm.107589 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.1075892024-09-25T06:23:56Z http://eprints.utm.my/107589/ Cyber security maturity assessment framework for technology startups: A systematic literature review Yusuff Marican, Mohamed Noordin Abd. Razak, Shukor Selamat, Ali Othman, Siti Hajar T Technology (General) Cybersecurity has gained increasing importance among firms of different sizes and industries due to the significant rise of cyber-attacks over time. Technology startups are particularly vulnerable to cyber-attacks due to the lack of cyber security measures. This is because of limited human capital and financial resources to quantify cyber risks and allocate appropriate investments to cyber security. Technology startups are suppliers and vendors to large organisations such as MNCs, government and financial institutions. They could possibly have a network connection back to the large organisations and might even store confidential information of these large organisations such as financial records, personal data and other proprietary information. As such, with the lack of appropriate cyber security measures, technology startups may be an attack vector for malicious hackers to gain entry to the large organisations. Focusing on technology startups, this study conducted a systematic literature review on cyber security maturity assessment frameworks. This study addressed five research questions on the existing cyber security maturity assessment frameworks in various industries, the target for implementation, cyber security maturity level, shared control domains of these frameworks, and the quantification of the return of cyber security investments. Referring to the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA) checklist, a detailed analysis was performed on 24 published research articles (out of 650) from reputable journals and conference proceedings from January 2011 to June 2022. The results revealed the lack of an end-to-end cyber security maturity assessment framework for technology startups. Despite the similarities in the cyber security maturity level for certain frameworks, the results revealed no singular framework that can evaluate the cyber security maturity level of technology startups. The results further revealed the lack of studies on the quantification of the return of cyber security investments in an end-to-end cyber security maturity assessment framework for technology startups. This put the startup in a vulnerable position since management is not able to obtain relevant data on the startup's cyber maturity posture and without such information, they are not able to appropriately justify their security investments to mitigate the evolving cyber risks. Institute of Electrical and Electronics Engineers Inc. 2023 Article PeerReviewed application/pdf en http://eprints.utm.my/107589/1/AliSelamat2023_CyberSecurityMaturityAssessmentFramework.pdf Yusuff Marican, Mohamed Noordin and Abd. Razak, Shukor and Selamat, Ali and Othman, Siti Hajar (2023) Cyber security maturity assessment framework for technology startups: A systematic literature review. IEEE Access, 11 (NA). pp. 5442-5452. ISSN 2169-3536 http://dx.doi.org/10.1109/ACCESS.2022.3229766 DOI : 10.1109/ACCESS.2022.3229766 |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| language |
English |
| topic |
T Technology (General) |
| spellingShingle |
T Technology (General) Yusuff Marican, Mohamed Noordin Abd. Razak, Shukor Selamat, Ali Othman, Siti Hajar Cyber security maturity assessment framework for technology startups: A systematic literature review |
| description |
Cybersecurity has gained increasing importance among firms of different sizes and industries due to the significant rise of cyber-attacks over time. Technology startups are particularly vulnerable to cyber-attacks due to the lack of cyber security measures. This is because of limited human capital and financial resources to quantify cyber risks and allocate appropriate investments to cyber security. Technology startups are suppliers and vendors to large organisations such as MNCs, government and financial institutions. They could possibly have a network connection back to the large organisations and might even store confidential information of these large organisations such as financial records, personal data and other proprietary information. As such, with the lack of appropriate cyber security measures, technology startups may be an attack vector for malicious hackers to gain entry to the large organisations. Focusing on technology startups, this study conducted a systematic literature review on cyber security maturity assessment frameworks. This study addressed five research questions on the existing cyber security maturity assessment frameworks in various industries, the target for implementation, cyber security maturity level, shared control domains of these frameworks, and the quantification of the return of cyber security investments. Referring to the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA) checklist, a detailed analysis was performed on 24 published research articles (out of 650) from reputable journals and conference proceedings from January 2011 to June 2022. The results revealed the lack of an end-to-end cyber security maturity assessment framework for technology startups. Despite the similarities in the cyber security maturity level for certain frameworks, the results revealed no singular framework that can evaluate the cyber security maturity level of technology startups. The results further revealed the lack of studies on the quantification of the return of cyber security investments in an end-to-end cyber security maturity assessment framework for technology startups. This put the startup in a vulnerable position since management is not able to obtain relevant data on the startup's cyber maturity posture and without such information, they are not able to appropriately justify their security investments to mitigate the evolving cyber risks. |
| format |
Article |
| author |
Yusuff Marican, Mohamed Noordin Abd. Razak, Shukor Selamat, Ali Othman, Siti Hajar |
| author_facet |
Yusuff Marican, Mohamed Noordin Abd. Razak, Shukor Selamat, Ali Othman, Siti Hajar |
| author_sort |
Yusuff Marican, Mohamed Noordin |
| title |
Cyber security maturity assessment framework for technology startups: A systematic literature review |
| title_short |
Cyber security maturity assessment framework for technology startups: A systematic literature review |
| title_full |
Cyber security maturity assessment framework for technology startups: A systematic literature review |
| title_fullStr |
Cyber security maturity assessment framework for technology startups: A systematic literature review |
| title_full_unstemmed |
Cyber security maturity assessment framework for technology startups: A systematic literature review |
| title_sort |
cyber security maturity assessment framework for technology startups: a systematic literature review |
| publisher |
Institute of Electrical and Electronics Engineers Inc. |
| publishDate |
2023 |
| url |
http://eprints.utm.my/107589/1/AliSelamat2023_CyberSecurityMaturityAssessmentFramework.pdf http://eprints.utm.my/107589/ http://dx.doi.org/10.1109/ACCESS.2022.3229766 |
| _version_ |
1811681229078003712 |
| score |
13.211869 |