Cybersecurity governance framework for board directors
- Publication Type:
- Thesis
- Issue Date:
- 2024
Open Access
Copyright Clearance Process
- Recently Added
- In Progress
- Open Access
This item is open access.
The importance of managing cybersecurity risk has become more relevant as the dependency on online digital services and operational resilience has grown. Cybersecurity for many Board Directors and Senior Executives senior is challenging given the technical language in use and the ever-changing nature of the field. Whilst there has been a growth in awareness on the importance of cybersecurity at the Board level, there has been a lack of practical frameworks to guide such stakeholders. Thus, this thesis aims to address the important research question of “What framework should be developed to help non-technical audiences such as Board Directors and Senior Executives better govern cybersecurity?” This thesis proposes a novel framework, called the Board Cybersecurity Governance Framework (BCGF). This framework consists of seven related models: Assets, Risk Appetite Statement, Standards, Risk Clusters, Metrics, Questions and Culture. The BCGF was iteratively developed and evaluated using the design science research method, including literature review, interviews (with Board Directors, Chief Information Security Officers, and Chief Information Officers), an expert evaluation workshop and an online expert survey. While the BCGF addresses the current research question in hand, it is important to acknowledge the dynamic nature of the cybersecurity field, which will warrant the continuous evolution of the framework for different organisational contexts.
Please use this identifier to cite or link to this item: