Journal of Operational Risk

Risk.net

Bridging networks, systems and controls frameworks for cybersecurity curriculums and standards development

Yogesh Malhotra

  • Applied Cybersecurity & Finance practices in the US and global private and public industry are transitioning to an overall 'Cyber Finance' focus on Cyber Risk Management.
  • It is hence necessary to align Cybersecurity & Finance application standards and curricula with emerging 'Cyber Finance' practices.
  • Towards that goal, this article proposes a framework for aligning, integrating, and, streamlining Cybersecurity & Finance Networks, Systems, and, Controls Frameworks across the three levels to align them with the needs of Cyber Risk Management practice.

Applied cybersecurity practices in private and public industry in the United States are transitioning to an overall focus on cyber risk management. Hence, it is necessary to align the information technology (IT) cybersecurity application standards of professional associations and related educational curriculums with emerging applications in practice. Current standards and educational curriculums seem fragmented across network protocols and network analysis tool frameworks (NPNATFs); systems and networks infrastructure frameworks (SNIFs); and risk management and controls policy frameworks (RMCPFs). This paper develops an applied framework for aligning, integrating and streamlining standards and curriculums across all three levels, aligning them with the needs of applied risk management practice. A cyber risk management framework is developed with a focus on voice over internet protocol (VoIP) networks. These networks have been gaining central prominence across diverse industries, such as global banking and finance, over the past decade. Despite their central role (in both technological and economic terms), sparse attention has been given to their critical vulnerabilities – described as the “weakest links” in global banking and finance networks – as is evident from cybersecurity and penetration testing. This paper demonstrates the contribution of the proposed cyber risk management framework in addressing such critical gaps in global banking and finance cybersecurity and information assurance practices. The latter constitutes an example application of the proposed framework; it is extendable to multiple other industries including health care.

To continue reading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an indvidual account here: