Developing an Abstraction Framework for Managing and Controlling Saudi Banks’ Cybersecurity Threats Based on the NIST Cybersecurity Framework and ISO/IEC 27001

作     者：Abdulaziz Saleh Alraddadi Abdulaziz Saleh Alraddadi

作者机构：College of Computer Science and Engineering Taibah University Yanbu Kingdom of Saudi Arabia 

出 版 物：《Journal of Software Engineering and Applications》 (软件工程与应用（英文）)

年 卷 期：2023年第16卷第12期

页      面：695-713页

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：Cybersecurity Threats NIST Cybersecurity Framework ISO/IEC 27001 Saudi Banks Design Science Research 

摘      要：Saudi Arabian banks are deeply concerned about how to effectively monitor and control security threats. In recent years, the country has taken several steps towards restructuring its organizational security and, consequently, protecting financial institutions and their clients. However, there are still several challenges left to be addressed. Accordingly, this article aims to address this problem by proposing an abstract framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and International Organization for Standardization/International Electrotechnical Commission (ISO/IEC 27001). The framework proposed in this paper considers the following factors involved in the security policy of Saudi banks: safety, Saudi information bank, operations and security of Saudi banks, Saudi banks’ supplier relationships, risk assessment, risk mitigation, monitoring and detection, incident response, Saudi banks’ business continuity, compliance, education, and awareness about all factors contributing to the framework implementation. This way, the proposed framework provides a comprehensive, unified approach to managing bank security threats. Not only does the proposed framework provide effective guidance on how to identify, assess, and mitigate security threats, but it also instructs how to develop policy and procedure documents relating to security issues.