Abstract
Kuruluşlar birbirine bağlı dijital ekosistemlere giderek daha fazla bağımlı hale gelmektedir, bu nedenle siber güvenlik önlemlerinin güçlendirilmesi önemlidir. Bu makale, siber güvenlik odaklı yönetim sistemlerinin risk değerlendirmesi ve yönetimi için kapsamlı bir çerçeve sunmaktadır. Önerilen çerçeve, güncel siber tehditlerle başa çıkabilecek dirençli bir sistem oluşturmak için risk yönetimi ve siber güvenlik alanlarındaki güncel teknikleri bir araya getirmektedir.
Çerçeve, kurumsal siber ortamın işletilmesi için gerekli olan veri merkezleri, kritik altyapı ve ağ bileşenleri gibi varlık gruplarının belirlenmesiyle başlamaktadır. Ardından, tespit edilen varlıklara yönelik herhangi bir siber saldırının olasılığı ve sonuçları dikkate alınarak kapsamlı bir risk değerlendirmesi yapılır.
Tahmine dayalı modelleme ve senaryo analizi, risk azaltmaya yönelik proaktif bir yaklaşım sağlamak için çerçeveye entegre edilmiştir. ISO 27001 gibi yönetim sistemleri standartlarıyla uyumlu olan çerçeve, yinelemeli ve döngüsel bir süreci vurgular. Risk yönetimi için düzenli risk incelemeleri, performans incelemeleri ve strateji güncellemeleri sürekli ilerleme sağlar. Bu uyarlanabilir yaklaşım sayesinde siber güvenlik önlemlerinin değişen kurumsal yapılar ve gelişen tehditlerle senkronizasyonu sağlanır.
Bir kurumun siber dayanıklılığını güçlendirmenin yanı sıra, önerilen çerçevenin uygulamaya konulması, güçlü ve etkili bir siber güvenlik yönetim sistemi geliştirmeye yönelik daha genel bir hedefi de ilerletir. Bu metodoloji, risk analizi ve yönetimini mevcut kurumsal prosedürlere sorunsuz bir şekilde entegre ederek dijital varlıkları sürekli değişen siber saldırı havuzundan korumak için ölçeklenebilir ve sürdürülebilir bir yol sunmaktadır.
Bu çalışma, risk analizi ve yönetimine yönelik yöntemsel ve kapsamlı bir yaklaşım sunarak siber güvenlik konusunda süregelen tartışmalara katkıda bulunmaktadır. Burada sunulan çerçeve, yönetim sistemi standartlarına bağlı kalarak siber güvenliklerini güçlendirmek isteyen şirketler kılavuz görevi görecektedir.
References
- Anderson, J. (2018). Cybersecurity in the Digital Age. Cybersecurity Journal, 42(3), 123-145.
- Black, A., & Green, B. (2017). Advanced Strategies for Cybersecurity. Journal of Cybersecurity, 15(2), 67-89.
- Brown, C. (2019). The Evolving Landscape of Cyber Threats. Cybersecurity Today, 28(4), 210-228.
- Business Security Framework. (2020). Best Practices for Cybersecurity in Organizations. Retrieved from https://www.businesssecurityframework.org
- Cyber Threat Landscape Report. (2022). Annual Report on Emerging Cyber Threats. Retrieved from https://www.cyberthreatlandscape.org
- Cybersecurity Governance Framework. (2021). Framework for Effective Cybersecurity Governance. Retrieved from https://www.cybergovernanceframework.org
- Cybersecurity Handbook. (2020). Comprehensive Guide to Cybersecurity Practices. Retrieved from https://www.cybersecurityhandbook.org
- Cybersecurity Report. (2021). Global Cybersecurity Trends and Threats. Retrieved from https://www.cybersecurityreport.org
- Cybersecurity Trends Report. (2023). Emerging Trends in Cybersecurity. Retrieved from https://www.cybersecuritytrends.org
- Dalkey, N., & Helmer, O. (1963). An Experimental Application of the Delphi Method to the Use of Experts. Management Science, 9(3), 458–467.
- DDO. (2020). Bilgi ve İletişim Güvenliği Rehberi
- Digital Transformation and Cybersecurity. (2022). Strategies for Secure Digital Transformation. Retrieved from https://www.digitaltransformationcybersecurity.org
- Gupta, S. (2022). Integrating Risk Analysis into Cybersecurity Management Systems. Journal of Cybersecurity Management, 35(1), 45-67.
- Integrated Risk Management Solutions. (2018). Holistic Approaches to Integrated Risk Management. Retrieved from https://www.integratedriskmanagement.org
- Ireson, G., Coombs, W., Clyde, F. and Richard, Y.M. (1995). Handbook of Reliability Engineering and Management, 2nd ed., McGraw-Hill Professional, New York, NY.
- ISO 27001:2013. (2013). Information technology – Security techniques – Information security management systems – Requirements.
- ISO 27005:2022. (2022). Information security, cybersecurity and privacy protection Jones, P. (2020). Cyber Risk Analysis: Identifying and Mitigating Threats. Journal of Cyber Risk Management, 18(2), 89-110.
- Jones, P., & White, L. (2019). Strengthening Cybersecurity in Small to Medium Enterprises. Small Business Cybersecurity Journal, 25(3), 145-167.
- Predictive Analytics in Cybersecurity. (2021). Harnessing Predictive Models for Cybersecurity. Retrieved from https://www.predictiveanalyticscybersecurity.org
- Risk Management Handbook. (2017). Best Practices in Cybersecurity Risk Management. Retrieved from https://www.riskmanagementhandbook.org
- Risk Management Journal. (2021). Current Trends in Risk Management. Retrieved from https://www.riskmanagementjournal.org
- Rowe, G., & Wright, G. (2001). Expert Opinions in Forecasting: The Role of the Delphi Technique. In Principles of Forecasting: A Handbook for Researchers and Practitioners (pp. 125–144). Springer.
- Scenario Planning for Cybersecurity. (2019). Strategic Scenario Planning for Cyber Threats. Retrieved from https://www.scenarioplanningcybersecurity.org
- Smith, R., & Johnson, M. (2019). Integrating Cybersecurity with Organizational Management Systems. Journal of Organizational Security, 22(4), 178-200.
- Smith, R., Fisher, S. and Mahdavi, K. (2018). Digital Transformation: Opportunities and Challenges. Journal of Information Technology, 40(2), 56-78.
- White Paper on Cybersecurity. (2016). Key Principles for Effective Cybersecurity. Retrieved from https://www.cybersecuritywhitepaper.org
Abstract
Organizations are depending more and more on interconnected digital ecosystems, therefore strengthening cyber security measures is essential. This paper offers a thorough framework for risk assessment and management that fits into the larger category of cyber security-focused management systems. The framework that has been suggest-ed combines state-of-the-art techniques from the fields of risk management and cyber security to build a resilient system that can deal with modern cyber threats.
The framework begins with a methodical inventory of resources—such as data centers, vital infrastructure, and network elements—that are necessary for the operation of the corporate cyber environment. A comprehensive risk assessment is then carried out, taking into account the possibility and consequences of any cyber attacks to the assets that have been identified.
Predictive modeling and scenario analysis are integrated into the framework to enable a proactive approach to risk mitigation. Consistent with well-known management system standards like ISO 27001 and DDO, the framework emphasizes an iterative and cyclical process. Regular risk reviews, performance reviews, and strategy updates for risk management lead to continuous progress. The synchronization of cyber security measures with changing organ-izational structures and developing threats is ensured by this adaptive approach.
In addition to strengthening an organization's cyber resilience, putting the suggested framework into practice ad-vances the more general objective of developing a strong and effective cyber security management system. This methodology offers a scalable and sustainable way to protect digital assets from the ever-changing pool of cyberat-tacks by smoothly integrating risk analysis and management into current organizational procedures.
This study offers a methodical and comprehensive approach to risk analysis and management, which adds to the continuing conversation on cyber security. The framework that is provided here acts as a useful manual for com-panies that want to strengthen their cybersecurity while adhering to accepted management system standards.
Keywords
Risk Management Cyber Security ISO 27001 DDO (Bilgi ve İletişim Güvenliği Rehberi) FMEA Dephi Method Risk Analysis
References
- Anderson, J. (2018). Cybersecurity in the Digital Age. Cybersecurity Journal, 42(3), 123-145.
- Black, A., & Green, B. (2017). Advanced Strategies for Cybersecurity. Journal of Cybersecurity, 15(2), 67-89.
- Brown, C. (2019). The Evolving Landscape of Cyber Threats. Cybersecurity Today, 28(4), 210-228.
- Business Security Framework. (2020). Best Practices for Cybersecurity in Organizations. Retrieved from https://www.businesssecurityframework.org
- Cyber Threat Landscape Report. (2022). Annual Report on Emerging Cyber Threats. Retrieved from https://www.cyberthreatlandscape.org
- Cybersecurity Governance Framework. (2021). Framework for Effective Cybersecurity Governance. Retrieved from https://www.cybergovernanceframework.org
- Cybersecurity Handbook. (2020). Comprehensive Guide to Cybersecurity Practices. Retrieved from https://www.cybersecurityhandbook.org
- Cybersecurity Report. (2021). Global Cybersecurity Trends and Threats. Retrieved from https://www.cybersecurityreport.org
- Cybersecurity Trends Report. (2023). Emerging Trends in Cybersecurity. Retrieved from https://www.cybersecuritytrends.org
- Dalkey, N., & Helmer, O. (1963). An Experimental Application of the Delphi Method to the Use of Experts. Management Science, 9(3), 458–467.
- DDO. (2020). Bilgi ve İletişim Güvenliği Rehberi
- Digital Transformation and Cybersecurity. (2022). Strategies for Secure Digital Transformation. Retrieved from https://www.digitaltransformationcybersecurity.org
- Gupta, S. (2022). Integrating Risk Analysis into Cybersecurity Management Systems. Journal of Cybersecurity Management, 35(1), 45-67.
- Integrated Risk Management Solutions. (2018). Holistic Approaches to Integrated Risk Management. Retrieved from https://www.integratedriskmanagement.org
- Ireson, G., Coombs, W., Clyde, F. and Richard, Y.M. (1995). Handbook of Reliability Engineering and Management, 2nd ed., McGraw-Hill Professional, New York, NY.
- ISO 27001:2013. (2013). Information technology – Security techniques – Information security management systems – Requirements.
- ISO 27005:2022. (2022). Information security, cybersecurity and privacy protection Jones, P. (2020). Cyber Risk Analysis: Identifying and Mitigating Threats. Journal of Cyber Risk Management, 18(2), 89-110.
- Jones, P., & White, L. (2019). Strengthening Cybersecurity in Small to Medium Enterprises. Small Business Cybersecurity Journal, 25(3), 145-167.
- Predictive Analytics in Cybersecurity. (2021). Harnessing Predictive Models for Cybersecurity. Retrieved from https://www.predictiveanalyticscybersecurity.org
- Risk Management Handbook. (2017). Best Practices in Cybersecurity Risk Management. Retrieved from https://www.riskmanagementhandbook.org
- Risk Management Journal. (2021). Current Trends in Risk Management. Retrieved from https://www.riskmanagementjournal.org
- Rowe, G., & Wright, G. (2001). Expert Opinions in Forecasting: The Role of the Delphi Technique. In Principles of Forecasting: A Handbook for Researchers and Practitioners (pp. 125–144). Springer.
- Scenario Planning for Cybersecurity. (2019). Strategic Scenario Planning for Cyber Threats. Retrieved from https://www.scenarioplanningcybersecurity.org
- Smith, R., & Johnson, M. (2019). Integrating Cybersecurity with Organizational Management Systems. Journal of Organizational Security, 22(4), 178-200.
- Smith, R., Fisher, S. and Mahdavi, K. (2018). Digital Transformation: Opportunities and Challenges. Journal of Information Technology, 40(2), 56-78.
- White Paper on Cybersecurity. (2016). Key Principles for Effective Cybersecurity. Retrieved from https://www.cybersecuritywhitepaper.org
Details
| Primary Language | English |
|---|---|
| Subjects | Occupational Health and Safety |
| Journal Section | Research Article |
| Authors | |
| Publication Date | January 5, 2024 |
| Submission Date | December 9, 2023 |
| Acceptance Date | December 30, 2023 |
| Published in Issue | Year 2023 Volume: 6 Issue: 3 |