0% found this document useful (0 votes)
90 views8 pages

An Investigation On Recent Cyber Security Frameworks As Guidelines For Organizations Adoption

Cybersecurity knowledge is knowledge for all, as many organizations activities operate via the internet and also as the results of the current pandemic the world is facing (Covid 19)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
90 views8 pages

An Investigation On Recent Cyber Security Frameworks As Guidelines For Organizations Adoption

Cybersecurity knowledge is knowledge for all, as many organizations activities operate via the internet and also as the results of the current pandemic the world is facing (Covid 19)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Volume 6, Issue 2, February – 2021 International Journal of Innovative Science and Research Technology

ISSN No:-2456-2165

An Investigation on Recent Cyber Security


Frameworks as Guidelines for Organizations
Adoption
Adamu A. Garba Aliyu M. Bade
Department of Computer Science, Yobe State University Department of Computer Science, Yobe State University
Damaturu, Nigeria Damaturu, Nigeria

Abstract:- Cybersecurity knowledge is knowledge for incoming attack. This research paper aims to identify the
all, as many organizations activities operate via the currently available cybersecurity frameworks and explains
internet and also as the results of the current pandemic their components for an organization to have a start-up
the world is facing (Covid 19). This situation has further position on selecting the one that would suit their
forced many organizations to use the internet for their organization using Halverson and Conradi's taxonomy of
daily operation, on the other hand, cybercriminals have software process improvement (2001).
gotten a chance for launching more attacks on many
organizations. Cybersecurity is a method of protecting The papers are further subdivided into section II as
organization assets, through the identification of threats Literature review, Section III result analysis, and discussion,
that can compromise the critical information stored in and Section IV conclusion.
the organization systems, it also involves the protection,
identification, and responding to threats. The method II. LITERATURE REVIEW
adopted in conducting the comparative analysis was
from Halverson and Conradi's taxonomy of software This section explained all the identified Cybersecurity
process improvement taxonomy. The paper aims to frameworks from literature, the frameworks include: The
provide a detailed review of the current cybersecurity frameworks identified are National Institute of Standards and
frameworks that can serve as a guideline for the Technology (NIST), Control Objectives for Information and
organization in selecting the appropriate framework for Related Technologies (COBIT), Health Information Trust
their organization and also as a benchmark for future Alliance (HITRUST CSF), A Pedagogic Cybersecurity
cyber security framework design. Framework (PSF), Center for Internet Security (CIS) and
The Cloud Security Alliance (CSA).
Keywords:- Cybersecurity, Framework, Organization.
A. Cybersecurity Frameworks
I. INTRODUCTION This section will explain the most used cybersecurity
frameworks by organizations to protect themselves from any
Cybersecurity is a method of protecting organization form of cyber threat. The frameworks identified are National
assets, through the identification of threats that can Institute of Standards and Technology (NIST), Control
compromise the critical information stored in the Objectives for Information and Related Technologies
organization systems, it also involves the protection, (COBIT), Health Information Trust Alliance (HITRUST
identification, and responding to threats (Garba A.A. et al., CSF), A Pedagogic Cybersecurity Framework (PSF), Center
2020). This indicates the need for all organizations to be for Internet Security (CIS), and The Cloud Security Alliance
prepared and have a model or framework as a blueprint for (CSA).
implementing any cybersecurity measures in protecting
critical assets. However, protracting confidentiality, B. NIST Framework
integrity, and availability is everyone's job in any NIST framework offers a policy framework that
organization, therefore security knowledge is essential to all. guides how an organization can assess and improve the
Also, the organization needs sophisticated machines to process or method to prevent, detect, and also respond to
detect infrequent behaviors’ from employees and security any cyber-attacks. The framework provides outcomes on
levels that protect all access points or control the access cybersecurity and a methodology to measure and manage
point (Taylor et al., 2014). those outcomes, also it provides the mean of identifying,
prioritizing action that can reduce or minimize cyber risk.
A survey was conducted which revealed 20% of $130 (Calder, 2018). The framework is designed to manage
million attacks on computer systems are based on cybersecurity risk across the whole organization or it can
unauthorized access and malware, $97 million to social also be focused on the delivery of critical service within the
engineering, $78 million to email spam and phishing, and organization. The aim of designing this framework was to
$52 million to online scams (Serianu, 2018). The attacks Strengthening the Cybersecurity of Federal Networks and
show every organization needs to be vigilant on any Critical Infrastructure in the US in the year 2014.

IJISRT21FEB114 www.ijisrt.com 103


Volume 6, Issue 2, February – 2021 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
The framework focuses on assessing the current C. COBIT Framework
security situation: how to assess security, how to consider The Control Objectives for Information and Related
risk, and how to resolve the security threats. The framework Technologies known as COBIT was designed by the
constitutes three main core as stated by (Calder, 2018). Information security Audit and Control Association ISACA
These core include a non-profit organization. The evolution of the framework
 Core: this explains the desired cybersecurity outcomes started from 1996 with COBIT1 focusing on Audit, 1998
that are organized in a hierarchy and aligned to more COBIT2 focusing on Audit and control, 2000 COBIT3
detailed guidance and control Focusing on Audit, Control, and Management, 2000/7
 Implantation Tier: the implementation tier describes COBIT 4.0/4.1 focusing on Audit, Control, Management,
how cybersecurity identified risk is managed by an and IT Governance and 2005 COBIT 5 focusing on Audit,
organization and the level of the risk management Control, Management and IT Governance and Governance
practices exhibit in a key characteristic of Enterprise (Abu-Musa, 2009; Hardy, 2006; ISACA,
 Profile: this describes the alignment of an organization’s 2012; ITGI, 2007; Lainhart, 2012). This model is purely a
requirements, objectives, risk appetite, and resources set of directives based on auditing of IT process, practices,
using the desired outcomes from the core. and controls, and aims at risk reduction (Mayer, 2001)

This framework consists of five core functions The main function of this framework is to provide a
 Identify: To identify organizational systems, people, clearer and understandable policy and good practices in IT
assets, data, and capabilities in other to develop and governance (Haviluddin, 2012). This framework give helps
manage cybersecurity risk. Each function consists of a management to manage the risk associated with IT
set of categories e.g. Assets management. governance by offering a clear set of processes that helps to
 Protect: to develop and implement necessary safeguard bridge the gap between business risks, control need, and
to ensure delivery of critical service technical issues.
 Detect: to identify and detect the occurrence of a
cybersecurity event and to develop and implement The basic principle of this framework for organization
appropriate activities managers include providing clear direction in terms of
providing values of critical success factors (CSF), key Goals
 Respond: to develop activities that will be used
Indicators (KGIs), Key Performance Indicators (KPIs), and
regarding the detected incident or cyber-attacks event
Maturity Model (0; mom-existent. 1; initial/ ad-hoc, 2;
 Recover: to develop and implement activities to
repeatable but intuitive, 3; defined process, 4; managed and
maintain and restore any services that are attacked due to
measurable and 5; optimized) (Institute, 2007a, 2007b, 2008;
cybersecurity incidents.
Singleton, 2011). The framework helps an organization in
planning to improve its security and quality of production.
The framework key attributes include A common and
The framework consists of five core principles shown in
accessible language, risk-based, internal standard, constant
figure 1.2.
updating (a living document), adaptability to many
technologies, and also guided by the private sector,
academic and public sector for improvement and feedback.

Figure 1.2 COBIT core Principle (ITGI, 2007)

Figure 1.2 shows the main COBIT characteristics


namely focused business-oriented, business process-
Figure 1.1: NIST Core Structure (Calder, 2018) oriented, based on control-oriented which is controlled by
control-based measurement. The business-oriented gives
comprehensive guidance to management and business
process owners on the need for information, the framework

IJISRT21FEB114 www.ijisrt.com 104


Volume 6, Issue 2, February – 2021 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
stated the information must meet certain criteria control to organizational goals. Also, the framework suggested some
achieve objectives of the business. requirements in achieving business needs by providing IT
resources. These resources include application, information,
The criteria include 1. Effectiveness, 2. Efficiency, 3. infrastructure, and people.
Confidentiality, 4. Integrity, 5. Availability, 6. Compliance
and 7. Reliability (ITGI, 2007). In the business process- D. A Pedagogic Cybersecurity Framework
oriented, the framework defines a complete process model The pedagogic Cybersecurity Framework (PCF) was
into four themes, 1. Plan and organize (PO), 2. Acquire and proposed for teaching the organizational, legal, and
Implement AI), 3 Deliver and Support (DS), and 4. Monitor international aspects of cybersecurity. The framework aim at
and evaluate ME). (ITGI, 2007). In the control-oriented explaining the non-code vulnerabilities and responses
part, the framework provides a defined policy, procedures, related to cybersecurity. The framework organizes the
practices, and organizational structure to assure that the subject that has not been covered by normal cybersecurity
objectives of the business will be achieved by identifying courses, like cybersecurity management, policy, and
and preventing any unexpected events. It’s including international affairs (Swire, 2018).
providing the minimum requirement for effective control of
each IT process. The PCF adopted the Open Systems Interconnection
model OSI Model layers by explaining the non-code
vulnerabilities of each layer, the author added 3 more layers
Finally, in the control-based measurement, an to make it ten layers. The layers added include organization,
organization must know when and what should be measured government, and international. The framework focuses its
and using what method to obtain the performance level. attention on understanding the critical domain s that
introduce well-understood risk from the organization,
The framework guides the control of 1. Maturity government, and international affairs. Figure 1.3 shows the
model, 2. Performance measurement/objectives and also framework component expanded from the OSI stark.
showing how processes of both business and IT meet

Figure 1.3 A Pedagogic Cybersecurity Framework (layers of the expanded OSI model) source (Swire, 2018).

The expanded layer shown in figure 1.3 which are The framework consists of three columns for the
added to the OSI model include: expanded layers, the columns refer to “A”; refers to
 Organization: this layer teaches the internal policies or vulnerabilities and risk mitigation arising with the
plan of action to minimize risk within an organization. organization or nation, “B”, refer also to the vulnerabilities
 Government: this layer explains laws that govern what and risk mitigation in relation with other actors at the level
an individual or organization can or must do (security and “C”, refers to limitation created by the actors at that
rule). level.
 International: this layer describes the unilateral actions
by one government directed at one or more nations PCF offers a big picture to the student to the individual
(launching an attack on another nation). context on how cybersecurity issues fit together as many
classes focus on how the chief information security officer
(CISO) should manage companies' risk at layer 8. Another

IJISRT21FEB114 www.ijisrt.com 105


Volume 6, Issue 2, February – 2021 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
significance of this framework it discusses the national and management, or legal nature to meet the control
international cybersecurity laws to students before even objective
getting familiar with the technical part. It also gives room  Implementation Requirement: this explains all the
for more research in seeking to identify non-code support of the implementation of the control and meeting
cybersecurity threats. Finally, this framework shows a large the control objectives.
growing amount of cyber-risk arises from problems at the  Control Audit Procedure: this explains the activities to
expanded layers. be carried out for the formal examination of the
organization's implementation of the control
E. I Health Information Trust Alliance cybersecurity requirement. This can be achieved through a rigorous
framework (HITRUST CSF) examination of documentation, interviewing of staffs’
The HITRUST CSF was designed purposely for health and testing of the technical implementation
care industries by a not-for-profit organization in the US in  Standard Mapping: this serves as benchmarking or
2007 to address cybersecurity threats when managing IT cross-reference between each implementation
Security. The framework provides an efficient, requirement level and the requirement and control of
comprehensive, and flexible approach to managing risk and other common standards and regulations.
meeting various compliance regulations by interpreting
various regulations for securing personal information. F. Payment Card Industry Data Security Standard
framework (PCI DSS)
The framework was widely accepted as it serves as a Payment Card Industry Data Security Standard
certification provider for health care industries Almost 80% framework defines the security requirement for the
of hospitals, insurance carriers, and health plains have or are protection of customer payment card data, with validation
already adopting the. The framework was developed procedures and guidance to help the organization to know
similarly to ISO27001/27001 and it’s consist s of 14 control the intent of the requirement. The PCI focuses on the
categories, which contains 46 control objectives that map to unique threat and risk present in the payment industry, its
149 controls. Each control contains 3 implementation level include storing, processing, or transmitting payment card,
which must be fulfilled to meet risk factors. The factors and provide requirement between main security objective to
include organizational, system, and regulatory. The project payment environment. This standard consist of
framework consists of an 845 requirement statement spread twelve domain to facilitate payment via a secure and
over each implementation level as figure 1.4 shows. acceptable channel. The PCI DSS is not intended to be used
as an information security risk management or assessment
framework for an organization that already has ISO 27001
implemented. The PCI DSS consist of 12 basic requirements
declined into more than 200 sub-requirements, this 12
requirement is shown in figure 1.5 below.

Figure 1.4 The HITRUST CSF Framework coverage source


(MailMyStatements, 2020)

The HIRUST CSF framework as stated above


constitutes 14 control clauses and another added control
domain addressing the implementation of an Information Figure 1.5 the PCI DSS framework (PCI DSS, 2014)
Security Management program in line with ISO27001;2005.
Below are the basic components of the framework: Figure 1.5 shows the 12 controls and in each, there are
 Control Objective: this explains the states or purpose is sub-requirements to be fulfilled which are explained below:
to be achieved  Secure Network
 Control Specifications: this includes the policies, 1. Install and maintain a firewall configuration to protect
procedures, guidelines, practices, or organizational the cardholder.
structures, which can be of administrative, technical, 2. Do not use vendor-supplied default for system password
and other security parameters.

IJISRT21FEB114 www.ijisrt.com 106


Volume 6, Issue 2, February – 2021 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
 Secure Cardholder Data The foundational control includes:
3. Protect stored cardholders' data.  Email and web browser protection.
4. Encrypt transmission of the cardholder in an open  Malware defense.
public network.  Limitation and control of network port protocols and
 Vulnerability management services.
5. Use and regularly update the antivirus.  Data recovery capabilities.
6. Develop and maintain a secure system and application.  Secure configuration for network devices, such as
 Access Control firewalls, routers, and switches.
7. Restrict access to cardholder data by badness on a need-  Boundary defense.
to-know basis.  Data protection.
8. Assign a unique identification on each person with  Control Access based on the need to know.
computer access.  Wireless control.
9. Restrict physical access to cardholders.  Accounting monitoring and control.
 Network Monitoring And Testing
10. Track and monitor all access to a network resource and The organizational controls include:
cardholder data.
 Implement a Security Awareness and training program.
11. Regularly test security system and process.
 Application software security.
 Information Security
 Incident response and management.
Maintain a policy that addresses information security.
 Penetration tests and red team exercises.
G. CIS Critical Security Controls (CSC) framework
This framework was designed by setting up 20 actionable The framework is continuously changing as new
threats and cases emerge, therefore, controls can be increase
controls to mitigate the threat of the majority of common
and prioritize, other sub-requirements may increase over
cyber-attacks, an expert from different fields like a cyber-
analyst, consultant, academics, and auditors volunteer to time.
produce the controls. These controls are divided into three
parts which are: basic, foundational, and organizational. III. RESULT ANALYSIS AND DISCUSSION
These controls have other requirements associated with each
control as shown in figure 1.7. The analysis of the identified cybersecurity
frameworks was analyzed using Halverson and Conradi's
taxonomy of software process improvement, (2001) this
taxonomy consists of 21 features peculiar to software
process and are grouped into 5 categories: general, process,
organization, quality, and result. Each category refers to:
 General: features that describe the overall attribute of
improvement
 Process: the feature that explains the way the
organization uses the features
 Organization: this explains the relationship between the
features and organization and how they work
simultaneously
 Quality: this explains the feature related to the quality
dimension
 Result: this explains the feature of the results as the
result of using the environment, the cost of achieving the
result.
FIGURE 1.6 CIS CRITICAL SECURITY CONTROLS (CSC)
In this analysis, general, process, organization, and
FRAMEWORK SOURCE ( KENNEDY, 2017).
results are adapted as the other category has no relation to
Cybersecurity frameworks. The feature that falls under each
Figure 1.6 shows the controls, the basic controls include the category are modified to suit Cybersecurity terms as shown
following: in table 1.1 below.
 Inventory and control of hardware assets: Inventory and
control software assets.
 Continuous vulnerability management.
 Controlled use of administrative privileges.
 Secure configuration for hardware and software on a
mobile device, laptop workstations, and server.
 Maintenance, monitoring, and analysis of audit log.

IJISRT21FEB114 www.ijisrt.com 107


Volume 6, Issue 2, February – 2021 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Table 1.1 Halverson and Conradi Taxonomy Criteria
Category Feature The feature related to the organization group as
defined below:
General Cybersecurity oriented  Actors: this feature explains or lists those that will
Origin directly be involved in using the model in their
Purpose organization.
Prescriptive/ descriptive  Organization Size: this feature helps us to understand
Maturity level the nature of the model in terms of size to know which
Process Field Applicable organization will be applicable.
Define role  Level of Documentation: these features explain how
Depth of assessment extent the model is in terms of documentation that will
Assessment help the organization to implement the model.
Assessor  Organization Environment: this feature explain if the
Organization Actors model is focused on the entire organizational activities or
Organization size specific to the unit or department.
Level of documentation  The feature related to result, group, is defined below
Organization Environment  Validation Method: this feature explain the method
Result Validation method used for validating the model before release, and after to
see its impact
Implementation cost
 Implementation Cost: this feature shows the cost
variation in implementing the model.
The features related to the General group are defined The research has adopted the following criteria to
below:
evaluate some of the defined features above:
 Cybersecurity Oriented: the criteria use here either
 Cybersecurity Oriented: this feature depicts which fully or partially, i.e. if a model is fully designed for
model was purposely designed for Cybersecurity Cybersecurity then “fully” will be given else “partially”.
maturity and which are semi and not.
 Origin: these criteria use here is country, lab,
 Origin: this feature tells us which state, organization, the organization that created or design the model e.g. the US.
university design the model.
 Domain: this criterion is used to identify the number of
 Purpose: This feature explains the synopsis of the model domains or components each framework is made up of. (
design purpose. numbers are used for identification purposes)
 Prescriptive/ Descriptive: this feature tells us which  Purpose: this criterion is used to know the purpose of
model is prescriptive: enforcing rules and descriptive: creating the framework.
classifying processes
 Field Applicable: the criteria is used to know the area
 Maturity level: this feature explains how many levels where the model is applicable criteria include:
of maturity each model constitutes organization, research lab. University
 The features related to the process group are defined  Organization Size: this criterion is used to know the
below: size of the organization for appropriate adaption, criteria
 Field Applicable: this feature explains which used here are: large, medium, small, or all.
environment the model is implemented.  Documentation level: criteria used are either “high”
 Define Role: this feature explains the role and function when a model has an implementation guide and other
of the model and the processes and activities within the supporting documents that will help adaptor to
model implement the model, “moderate “is when no more
 Assessment: this feature helps us to know what the details are available on the implementation guide but
model is assessing in the implemented environment there are white papers and other supporting documents,
 Assessor: this feature explains who is assessing the “low” in both implementation and white paper are not
model after implementation in a given environment. available but other introductory documents are available.
 Depth of Assessment: this feature helps us to know  Validation Method: the criteria used to know the
whether the model is complex or simple based on the method of validation include: survey, case study
maturity level. experiment.

IJISRT21FEB114 www.ijisrt.com 108


Volume 6, Issue 2, February – 2021 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Table 1.2: A comparative analysis on Common Cybersecurity frameworks
Framework NIST COBIT PSF HITRUST PCI-DSS CIS CSC
Features

Origin USA USA USA USA USA UK


Cybersecurity Fully Fully Fully Fully Fully Fully
orientated

Domain 5 5 10 5 12 20
Purpose To To provide a To add To provide To protect the To mitigate
Strengthening clearer and organizational, security of payment card the common
the understandable government, and patient details of a cyber-attack
Cybersecurity policy and good international personal customer threats
of Federal practices in IT affair to the OSI information in
Networks and governance layer and explain the health
Critical the industry.
Infrastructure vulnerabilities of
each layer
Organization size Large enterprise Large enterprise All All Payment All
organization
Field Applicable Organization Organization University Hospital Financial organization

Documentation High High Moderate High High High


Level
Validation mix-method mix-method Nil Quantitative Nil Nil
method

Conradi's taxonomy of software process improvement REFERENCES


taxonomy, this was adopted from the research previous
published paper (Garba A.A. et al., 2020), as a comparative [1]. Calder, A. (2018). NIST Cybersecurity Framework:
method in understanding the difference and similarities of A pocket guide. Ely, Cambridgeshire, United
the identified frameworks. This table would serve as a Kingdom: IT Governance Publishing. Retrieved
guideline for the organization in selecting the framework February 12, 2020, from
that would assist them in minimizing the impact of www.jstor.org/stable/j.ctv4cbhf
cyberattacks or threats. Additionally, the paper would also [2]. National Institute of Standards and Technology –
help the new researcher in the domain to have a starting NIST. (2003). Building an Information Technology
point in understanding the available cybersecurity Security Awareness and Training Program (NIST
frameworks. Special Publication 800-50).
[3]. Haviluddin and Anthony, Patricia. (2012). COBIT
IV. CONCLUSION Framework for Information Technology Governance
(ITG) at Mulawarman University, Samarinda, East
Cybersecurity knowledge is essential and fundamental Kalimantan, Indonesia: A Descriptive Study.
for all organizations' employees, any organization without 10.13140/2.1.4927.1365.
proper guidelines on how to conduct or assess critical assets [4]. Institute, I. G. (2007a). COBIT® Control Practices:
on the organization might fall into cybercrimes attacks, this Guidance to Achieve Control Objectives for
indicates a need to understand the available cybersecurity Successful IT Governance, 2nd Edition Available
frameworks, their components, and area of application. This from www.itgi.org
paper has provided well-detailed information on each [5]. Institute, I. G. (2007b). IT Governance
identified framework for easy selection by any organization. Implementation Guide: Using COBIT® and Val IT
The paper also can serve as a benchmark for further TM, 2nd Edition Available from www.itgi.org.
researchers in the same domain. [6]. Singleton, W. T. (2011). Auditing IT Risk Associated
With Change Management and
sites/default/files/pdf/mitre_earnest.pdf

IJISRT21FEB114 www.ijisrt.com 109


Volume 6, Issue 2, February – 2021 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
[7]. ITGI. (2007). COBIT® 4.1. 3701 Algonquin Road,
Suite 1010 Rolling Meadows, IL 60008 USA.
[8]. Swire, P. (2018). A pedagogic cybersecurity
framework. Communications of the ACM, 61(10),
23-26.
[9]. MailMyStatements. (2019, July 24). HITRUST: The
Certification You Should Require Your Vendor to
Have. Retrieved February 16, 2020, from
https://medium.com/@MailMyStatement/hitrust-the-
certification-you-should-require-your-vendor-to-
have-b03f650c7e99
[10]. PCI Security Standards Council - PCI DSS. (2014).
Best Practices for Implementing a Security
Awareness Program.
[11]. Kennedy. (2017, February 8). Retrieved February 17,
2020, from https://www.kraftkennedy.com/cis-
critical-security-controls/
[12]. Halverson, C. P., & Conradi, R. (2001, June). A
taxonomy to compare SPI frameworks. In European
Workshop on Software Process Technology (pp. 217-
235). Springer, Berlin, Heidelberg.
[13]. Mayer, J., & Fagundes, L. L. (2009, June). A model
to assess the maturity level of the risk management
process in information security. In 2009 IFIP/IEEE
International Symposium on Integrated Network
Management-Workshops (pp. 61-70). IEEE.
[14]. Abu-Musa, A. A. (2009). Exploring COBIT
Processes for ITG in Saudi Organizations: An
empirical
[15]. Hardy, G. (2006). ITGI to Release COBIT 4.1 and
Associated Publications. COBIT Focus–The
newsletter dedicated to the COBIT user
community, 2.ISACA. (2006). IT Governance Global
Status Report - 2006. Illinois, USA.
[16]. ISACA. (2012). Executive Overview: Optimise Your
Information Systems: Balance Value, Risk and
Resources.
[17]. ITGI. (2007). COBIT® 4.1. 3701 Algonquin Road,
Suite 1010 Rolling Meadows, IL 60008 USA.
[18]. Lainhart, J. (2012). Overview of COBIT 5 Public
Exposure Commentary. COBIT Focus: Using
COBIT, Val IT, Risk IT, BMIS and ITAF,
1(2012Magazine, Vol. 5 No. 6, pp. 58-60.
[19]. Garba, A. A., Siraj, M. M., & Othman, S. H. An
Explanatory Review on Cybersecurity Capability
Maturity Models.
[20]. Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014).
Digital Crime and Digital Terrorism. Prentice-Hall
Press.
[21]. Serianu, (2018), Demystifying Africa's Cybersecurity
Poverty Line, Retrieve from http://www.serianu.com.

IJISRT21FEB114 www.ijisrt.com 110

You might also like