Al-Turkistani, Hilalah F., Aldobaian, Samar, Latif, Rabia.
2021.
Enterprise Architecture Frameworks Assessment: Capabilities, Cyber Security and Resiliency Review. 2021 1st International Conference on Artificial Intelligence and Data Analytics (CAIDA). :79–84.
Recent technological advancement demands organizations to have measures in place to manage their Information Technology (IT) systems. Enterprise Architecture Frameworks (EAF) offer companies an efficient technique to manage their IT systems aligning their business requirements with effective solutions. As a result, experts have developed multiple EAF's such as TOGAF, Zachman, MoDAF, DoDAF, SABSA to help organizations to achieve their objectives by reducing the costs and complexity. These frameworks however, concentrate mostly on business needs lacking holistic enterprise-wide security practices, which may cause enterprises to be exposed for significant security risks resulting financial loss. This study focuses on evaluating business capabilities in TOGAF, NIST, COBIT, MoDAF, DoDAF, SABSA, and Zachman, and identify essential security requirements in TOGAF, SABSA and COBIT19 frameworks by comparing their resiliency processes, which helps organization to easily select applicable framework. The study shows that; besides business requirements, EAF need to include precise cybersecurity guidelines aligning EA business strategies. Enterprises now need to focus more on building resilient approach, which is beyond of protection, detection and prevention. Now enterprises should be ready to withstand against the cyber-attacks applying relevant cyber resiliency approach improving the way of dealing with impacts of cybersecurity risks.
Al-Turkistani, Hilalah F., AlFaadhel, Alaa.
2021.
Cyber Resiliency in the Context of Cloud Computing Through Cyber Risk Assessment. 2021 1st International Conference on Artificial Intelligence and Data Analytics (CAIDA). :73–78.
Cyber resiliency in Cloud computing is one of the most important capability of an enterprise network that provides continues ability to withstand and quick recovery from the adversary conditions. This capability can be measured through cybersecurity risk assessment techniques. However, cybersecurity risk management studies in cloud computing resiliency approaches are deficient. This paper proposes resilient cloud cybersecurity risk assessment tailored specifically to Dropbox with two methods: technical-based solution motivated by a cybersecurity risk assessment of cloud services, and a target personnel-based solution guided by cybersecurity-related survey among employees to identify their knowledge that qualifies them withstand to any cyberattack. The proposed work attempts to identify cloud vulnerabilities, assess threats and detect high risk components, to finally propose appropriate safeguards such as failure predicting and removing, redundancy or load balancing techniques for quick recovery and return to pre-attack state if failure happens.