E-Services Cybersecurity Assessment Model

E-Services Cybersecurity Assessment Model

Wafa Nasser Al Rusayyis, Saad Haj Bakry, Mohammed Amer Arafah
Copyright: © 2022 |Pages: 18
DOI: 10.4018/IJSEUS.300737
OnDemand:
(Individual Articles)
Available
$37.50
Current Special Offers
No Current Special Offers
TOTAL SAVINGS: $37.50

Abstract

With the increasing importance of e-services in cyberspace, cybersecurity is essential for safety and trustworthiness. This paper presents a cybersecurity assessment model that can be used to determine the current level of protection of e-services and to support its future development. The model is distinguished by its comprehensiveness, flexibility, and usability. In terms of comprehensiveness, the model integrates various cybersecurity measures recommended by international and national organizations and by academic researchers. In terms of flexibility, it structures these measures into the four-domain framework of technology, organization, people, and environment. The model also structures the assessment into levels based on the dimensions of importance, strategy consideration, and practical implementation. The usability of the model is illustrated by its application to three different Saudi organizations concerned with e-services. This work will be useful to researchers for the future development of cybersecurity assessments, and to professionals for practical applications.
Article Preview
Top

1. Introduction

This section begins by considering the importance of e-services in cyberspace, emphasizing the need for cybersecurity measures to protect these services. These measures are then reviewed considering key sources. Based on this background, the problem addressed in this paper is identified.

1.1 Cyberspace and Cybersecurity

The word cyberspace refers to “the online world of computer networks and the internet” (Merriam-Webster’s Learner’s Dictionary, 2020), which covers the whole world that is our physical space. This involves the various organizations and people worldwide that are connected. Cybersecurity is concerned with protecting cyberspace. The International Standards Organization (ISO) defined cybersecurity as “the preservation of confidentiality, integrity, and availability of information in the cyberspace” (ISO/IEC Standard 27032, 2012).

Every organization connected to cyberspace provides some type of e-service to enhance its effectiveness and promote its efficiency. Such services may be related to the organization’s internal and external supply chain or may be concerned with servicing customers or even the public at large. Examples of such organizations include those providing e-government services, e-trade services, and other e-services. The e-government services illustrated in Figure 1 provide an example of different e-services available in cyberspace (Bakry S. H., 2004).

Figure 1.

Technology infrastructure

IJSEUS.300737.f01

The e-government services illustrated in Figure 1 involve internal government-to-government (G2G) activities, government-to-citizen (G2C) services, and government-to-business (G2B) services. In addition, the Figure 1 illustrates the integration of these services with business-to-citizens (B2C) services. As governments have G2G activities, businesses can also have business-to-business (B2B) activities. Together, these services result in benefits to all the parties concerned and to the society at large (Bakry, Bakry, & Muhaya, 2016). To acquire and maintain these benefits, cybersecurity protection measures are needed to protect cyberspace and consequently to protect these benefits from risks caused by misuse or malicious actions.

Complete Article List

Search this Journal:
Reset
Volume 14: 1 Issue (2024): Forthcoming, Available for Pre-Order
Volume 13: 4 Issues (2022): 1 Released, 3 Forthcoming
Volume 12: 4 Issues (2021)
Volume 11: 4 Issues (2020)
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
View Complete Journal Contents Listing