CYBER SECURITY FRAMEWORK SELECTION: COMPARISION OF NIST AND ISO27001
Abstract
Plans for preventing and mitigating vulnerabilities in computer networks are known as cybersecurity frameworks. With the assistance of the Cybersecurity Framework, organisations are able to reduce their vulnerability to cyber attacks and improve the strength of their defences. The cybersecurity framework has made the decision to take part in trials so that it may improve its ability to handle long-term security frameworks. This gives rise to concerns about cost and time rather than safety at this point in time because of the situation that is occurring. A firm may utilise the similarities that are shared by many cyber security frameworks as a reference to assist it in selecting the framework that is the most suitable for the needs that are unique to the organisation. According to the findings of this study, the risk maturity level, cost, and certification are the three most significant components of CSF implementation for firms.
References
Ajijola, A., Zavarsky, P., & Ruhl, R. (2014). A review and comparative evaluation of forensics guidelines of NIST SP 800-101 Rev. 1: 2014 and ISO/IEC 27037: 2012. World Congress on Internet Security (WorldCIS-2014), 66–73.
Alshar’e, M., Al Nasar, M. R., Kumar, R., Sharma, M., Dharamvir, & Tripathi, V. (2022). A Face Recognition Method In Machine Learning (ML) For Enhancing Security In Smart Home. 2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE), 1081–1086. https://doi.org/10.1109/ICACITE53722.2022.9823833
Alshar’e, M., Albadi, A., Jawarneh, M., Tahir, N., & Al Amri, M. (n.d.). Usability evaluation of educational games: an analysis of culture as a factor Affecting children’s educational attainment. Advances in Human-Computer Interaction, 2022.
Alshar’e, M., Albadi, A., Mustafa, M., Tahir, N., & Al Amri, M. (2022). Hybrid User Evaluation Methodology for Remote Evaluation: Case study of Educational games for children during Covid-19 Pandemic. Journal of Positive School Psychology, 6(3), 3049–3063.
Alshar’e, M. I., Sulaiman, R., Mokhtar, M. R., & MohdZin, A. (2014). DESIGN AND IMPLEMENTATION OF THE TPM USER AUTHENTICATION MODEL. Journal of Computer Science, 10(11), 2299–2314. https://doi.org/10.3844/jcssp.2014.2299.2314
Alshar’e, M. I., Sulaiman, R., Mokhtar, M. R., & Zin, A. M. (2014). Design and Implementation of the TPM User Authentication Model. J. Comput. Sci., 10(11), 2299–2314.
Alshar’e, M., & Mustafa, M. (2021). Evaluation of autistic children’s education in Oman: the role of eLearning as a major aid to fill the gap. Elementary Education Online, 20(5). https://doi.org/10.17051/ilkonline.2021.05.623
Alshar’e, M., Mustafa, M., & Bsoul, Q. (2022). Evaluation of E-Learning Method as a Mean to Support Autistic Children Learning in Oman. Journal of Positive School Psychology, 6(3), 3040–3048.
Alshar’E, M., Zin, A. M., Sulaiman, R., & Mokhtar, M. R. (2015). Evaluation of the TPM user authentication model for trusted computers. Journal of Theoretical and Applied Information Technology, 81(2).
ALSHAR’E, M., Zin, A. M., Sulaiman, R., & Mokhtar, M. R. (2015). EVALUATION OF THE TPM USER AUTHENTICATION MODEL FOR TRUSTED COMPUTERS. Journal of Theoretical \& Applied Information Technology, 81(2).
Atoum, I., Otoom, A., & Ali, A. (2014). A holistic cyber security implementation framework. Information Management & Computer Security, 22. https://doi.org/10.1108/IMCS-02-2013-0014
Azmi, R., Tibben, W., & Win, K. T. (2018). Review of cybersecurity frameworks: context and shared concepts. Journal of Cyber Policy, 3(2), 258–283.
Boneh, D., & Shoup, V. (2020). A graduate course in applied cryptography. Draft 0.5.
Donaldson, S. E., Siegel, S. G., Williams, C. K., & Aslam, A. (2015). Cybersecurity frameworks. In Enterprise Cybersecurity (pp. 297–309). Springer.
Forouzan, B. A., & Mukhopadhyay, D. (2015). Cryptography and network security (Vol. 12). Mc Graw Hill Education (India) Private Limited New York, NY, USA:
JAWARNEH, M. (2022). An Enhanced UTAUT Framework for Students Perception on Acceptance of Educational Games. Iconic Research And Engineering Journals, 6(6), 254–261.
Kahyaoglu, S. B., & Caliyurt, K. (2018). Cyber security assurance process from the internal audit perspective. Managerial Auditing Journal.
Kim, K., Alfouzan, F. A., & Kim, H. (2021). Cyber-Attack Scoring Model Based on the Offensive Cybersecurity Framework. Applied Sciences, 11(16), 7738.
Malatji, M., Von Solms, S., & Marnewick, A. (2019). Socio-technical systems cybersecurity framework. Information & Computer Security.
Middleton, T. T. (2022). Effective Cybersecurity Risk Management Policies for the Residential Real Estate Industry. Capella University.
Mustafa, M., Alshare, M., Bhargava, D., Neware, R., Singh, B., & Ngulube, P. (2022). Perceived Security Risk Based on Moderating Factors for Blockchain Technology Applications in Cloud Storage to Achieve Secure Healthcare Systems. Computational and Mathematical Methods in Medicine, 2022, 6112815. https://doi.org/10.1155/2022/6112815
Mustafa, M., Alzubi, S., & Alshare, M. (2020). The Moderating Effect of Demographic Factors Acceptance Virtual Reality Learning in Developing Countries in the Middle East. Communications in Computer and Information Science, 1244, 12–23. https://doi.org/10.1007/978-981-15-6634-9_2
Mustafa, M., Virmani, D., Kaliyaperumal, K., Phasinam, K., & Santosh, T. (2021). Towards Investigation of Various Security And Privacy Issues In Internet Of Things. Design Engineering, 1747–1758.
Najar, F., Bourouis, S., Alshar’e, M., Alroobaea, R., Bouguila, N., Badi, A. H. Al, & Channoufi, I. (2020). Efficient Statistical Learning Framework with Applications to Human Activity and Facial Expression Recognition. https://doi.org/10.1109/atsip49331.2020.9231759
Olayah, F., Anaam, E. A., Bakhtan, M. A., Shamsan, A., Al Mudawi, N., Alazeb, A., Alshehri, M., & Jawarneh, M. (2022). Online Security on E-CRM System. Telematique, 7427–7443.
Panda, A., & Bower, A. (2020). Cyber security and the disaster resilience framework. International Journal of Disaster Resilience in the Built Environment, 11(4), 507–518.
Radanliev, P., De Roure, D., Nurse, J. R. C., Nicolescu, R., Huth, M., Cannady, S., & Montalvo, R. M. (2018). Integration of cyber security frameworks, models and approaches for building design principles for the internet-of-things in industry 4.0. Living in the Internet of Things: Cybersecurity of the IoT-2018, 1–6.
Radanliev, P., Montalvo, R. M., Cannady, S., Nicolescu, R., De Roure, D., Nurse, J. R. C., & Huth, M. (2019). Cyber Security Framework for the Internet-of-Things in Industry 4.0.
Roy, P. P. (2020). A High-Level Comparison between the NIST Cyber Security Framework and the ISO 27001 Information Security Standard. 2020 National Conference on Emerging Trends on Sustainable Technology and Engineering Applications (NCETSTEA), 1–3.
Sabillon, R., Serra-Ruiz, J., Cavaller, V., & Cano, J. (2017). A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM). 2017 International Conference on Information Systems and Computer Science (INCISCOS), 253–259.
Shackelford, S. J., Proia, A. A., Martell, B., & Craig, A. N. (2015). Toward a global cybersecurity standard of care: Exploring the implications of the 2014 NIST cybersecurity framework on shaping reasonable national and international cybersecurity practices. Tex. Int’l LJ, 50, 305.
Shackelford, S. J., Russell, S., & Haut, J. (2015). Bottoms up: A comparison of voluntary cybersecurity frameworks. UC Davis Bus. LJ, 16, 217.
Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, 178–188.
Thakur, K., Qiu, M., Gai, K., & Ali, M. L. (2015). An investigation on cyber security threats and security models. 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, 307–311.
White, G. B., & Sjelin, N. (2022). The NIST Cybersecurity Framework. In Research Anthology on Business Aspects of Cybersecurity (pp. 39–55). IGI Global.
Alshar’e, M., Al Nasar, M. R., Kumar, R., Sharma, M., Dharamvir, & Tripathi, V. (2022). A Face Recognition Method In Machine Learning (ML) For Enhancing Security In Smart Home. 2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE), 1081–1086. https://doi.org/10.1109/ICACITE53722.2022.9823833
Alshar’e, M., Albadi, A., Jawarneh, M., Tahir, N., & Al Amri, M. (n.d.). Usability evaluation of educational games: an analysis of culture as a factor Affecting children’s educational attainment. Advances in Human-Computer Interaction, 2022.
Alshar’e, M., Albadi, A., Mustafa, M., Tahir, N., & Al Amri, M. (2022). Hybrid User Evaluation Methodology for Remote Evaluation: Case study of Educational games for children during Covid-19 Pandemic. Journal of Positive School Psychology, 6(3), 3049–3063.
Alshar’e, M. I., Sulaiman, R., Mokhtar, M. R., & MohdZin, A. (2014). DESIGN AND IMPLEMENTATION OF THE TPM USER AUTHENTICATION MODEL. Journal of Computer Science, 10(11), 2299–2314. https://doi.org/10.3844/jcssp.2014.2299.2314
Alshar’e, M. I., Sulaiman, R., Mokhtar, M. R., & Zin, A. M. (2014). Design and Implementation of the TPM User Authentication Model. J. Comput. Sci., 10(11), 2299–2314.
Alshar’e, M., & Mustafa, M. (2021). Evaluation of autistic children’s education in Oman: the role of eLearning as a major aid to fill the gap. Elementary Education Online, 20(5). https://doi.org/10.17051/ilkonline.2021.05.623
Alshar’e, M., Mustafa, M., & Bsoul, Q. (2022). Evaluation of E-Learning Method as a Mean to Support Autistic Children Learning in Oman. Journal of Positive School Psychology, 6(3), 3040–3048.
Alshar’E, M., Zin, A. M., Sulaiman, R., & Mokhtar, M. R. (2015). Evaluation of the TPM user authentication model for trusted computers. Journal of Theoretical and Applied Information Technology, 81(2).
ALSHAR’E, M., Zin, A. M., Sulaiman, R., & Mokhtar, M. R. (2015). EVALUATION OF THE TPM USER AUTHENTICATION MODEL FOR TRUSTED COMPUTERS. Journal of Theoretical \& Applied Information Technology, 81(2).
Atoum, I., Otoom, A., & Ali, A. (2014). A holistic cyber security implementation framework. Information Management & Computer Security, 22. https://doi.org/10.1108/IMCS-02-2013-0014
Azmi, R., Tibben, W., & Win, K. T. (2018). Review of cybersecurity frameworks: context and shared concepts. Journal of Cyber Policy, 3(2), 258–283.
Boneh, D., & Shoup, V. (2020). A graduate course in applied cryptography. Draft 0.5.
Donaldson, S. E., Siegel, S. G., Williams, C. K., & Aslam, A. (2015). Cybersecurity frameworks. In Enterprise Cybersecurity (pp. 297–309). Springer.
Forouzan, B. A., & Mukhopadhyay, D. (2015). Cryptography and network security (Vol. 12). Mc Graw Hill Education (India) Private Limited New York, NY, USA:
JAWARNEH, M. (2022). An Enhanced UTAUT Framework for Students Perception on Acceptance of Educational Games. Iconic Research And Engineering Journals, 6(6), 254–261.
Kahyaoglu, S. B., & Caliyurt, K. (2018). Cyber security assurance process from the internal audit perspective. Managerial Auditing Journal.
Kim, K., Alfouzan, F. A., & Kim, H. (2021). Cyber-Attack Scoring Model Based on the Offensive Cybersecurity Framework. Applied Sciences, 11(16), 7738.
Malatji, M., Von Solms, S., & Marnewick, A. (2019). Socio-technical systems cybersecurity framework. Information & Computer Security.
Middleton, T. T. (2022). Effective Cybersecurity Risk Management Policies for the Residential Real Estate Industry. Capella University.
Mustafa, M., Alshare, M., Bhargava, D., Neware, R., Singh, B., & Ngulube, P. (2022). Perceived Security Risk Based on Moderating Factors for Blockchain Technology Applications in Cloud Storage to Achieve Secure Healthcare Systems. Computational and Mathematical Methods in Medicine, 2022, 6112815. https://doi.org/10.1155/2022/6112815
Mustafa, M., Alzubi, S., & Alshare, M. (2020). The Moderating Effect of Demographic Factors Acceptance Virtual Reality Learning in Developing Countries in the Middle East. Communications in Computer and Information Science, 1244, 12–23. https://doi.org/10.1007/978-981-15-6634-9_2
Mustafa, M., Virmani, D., Kaliyaperumal, K., Phasinam, K., & Santosh, T. (2021). Towards Investigation of Various Security And Privacy Issues In Internet Of Things. Design Engineering, 1747–1758.
Najar, F., Bourouis, S., Alshar’e, M., Alroobaea, R., Bouguila, N., Badi, A. H. Al, & Channoufi, I. (2020). Efficient Statistical Learning Framework with Applications to Human Activity and Facial Expression Recognition. https://doi.org/10.1109/atsip49331.2020.9231759
Olayah, F., Anaam, E. A., Bakhtan, M. A., Shamsan, A., Al Mudawi, N., Alazeb, A., Alshehri, M., & Jawarneh, M. (2022). Online Security on E-CRM System. Telematique, 7427–7443.
Panda, A., & Bower, A. (2020). Cyber security and the disaster resilience framework. International Journal of Disaster Resilience in the Built Environment, 11(4), 507–518.
Radanliev, P., De Roure, D., Nurse, J. R. C., Nicolescu, R., Huth, M., Cannady, S., & Montalvo, R. M. (2018). Integration of cyber security frameworks, models and approaches for building design principles for the internet-of-things in industry 4.0. Living in the Internet of Things: Cybersecurity of the IoT-2018, 1–6.
Radanliev, P., Montalvo, R. M., Cannady, S., Nicolescu, R., De Roure, D., Nurse, J. R. C., & Huth, M. (2019). Cyber Security Framework for the Internet-of-Things in Industry 4.0.
Roy, P. P. (2020). A High-Level Comparison between the NIST Cyber Security Framework and the ISO 27001 Information Security Standard. 2020 National Conference on Emerging Trends on Sustainable Technology and Engineering Applications (NCETSTEA), 1–3.
Sabillon, R., Serra-Ruiz, J., Cavaller, V., & Cano, J. (2017). A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM). 2017 International Conference on Information Systems and Computer Science (INCISCOS), 253–259.
Shackelford, S. J., Proia, A. A., Martell, B., & Craig, A. N. (2015). Toward a global cybersecurity standard of care: Exploring the implications of the 2014 NIST cybersecurity framework on shaping reasonable national and international cybersecurity practices. Tex. Int’l LJ, 50, 305.
Shackelford, S. J., Russell, S., & Haut, J. (2015). Bottoms up: A comparison of voluntary cybersecurity frameworks. UC Davis Bus. LJ, 16, 217.
Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, 178–188.
Thakur, K., Qiu, M., Gai, K., & Ali, M. L. (2015). An investigation on cyber security threats and security models. 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, 307–311.
White, G. B., & Sjelin, N. (2022). The NIST Cybersecurity Framework. In Research Anthology on Business Aspects of Cybersecurity (pp. 39–55). IGI Global.
Published
February 9, 2023
Keywords
- cyber security,
- cybersecurity framework,
- CSF,
- selection,
- NIST
- ISO27001 ...More
How to Cite
Alshar’e, M. (2023). CYBER SECURITY FRAMEWORK SELECTION: COMPARISION OF NIST AND ISO27001. Applied Computing Journal, 3(1), 245-255. https://doi.org/10.52098/acj.202364
Copyright (c) 2023 Author(s) of this work retain copyright and grant the journal right, publishing license of first publication with the work simultaneously licensed under Creative Commons Attribution International License (CC BY 4.0). Author(s) and ACAA permit unrestricted use, distribution, and reproduction in any medium, provided the original work with proper citation. ACAA publishing house is located in Oman / Sohar , Zip code 311. ISNI 0000 0004 9361 5767
This work is licensed under a Creative Commons Attribution 4.0 International License.