Designing Cyber Security Risk Assessment Framework for the Railways Industry in Nigeria
Cybersecurity is very crucial for the railway industry. The railway’s organization should protect its asset from possible threats. An organization needs to assess cybersecurity risks primarily to protect its assets. In order to conduct a cybersecurity risk assessment, a framework should be developed first. The researcher identified and investigated the railway industry problem in Nigeria and the gap in previous cybersecurity risk assessment standards, guidelines, and frameworks and come up with a solution. The general objective of this research is to develop an integrated cybersecurity risk assessment framework for the railway industry in Ethiopia to improve the level of safety and security. The synthesized result of thematic data analysis and the relevant framework, standard, and guidelines such as ISO27001, NIST SP 800-30, and critical mass cybersecurity requirement standard is used to develop a cybersecurity risk assessment framework for the railways industry in Nigeria. The national cybersecurity risk assessment process has3 main levels that are national, sectoral, and organizational. The organizational level risk assessment process also has 3 main level that is strategic tactical/managerial and operational level. The organizational operational level has a total of 13 components that include cybersecurity strategic management awareness, organizational structure, established system context, purpose, scope, identification assets & intrusion detection, identification threats, identification vulnerability determining likelihood, determining impact, risk evaluation, communicating result and risk identification & evaluation update opportunity. The design science approach is applied in this study to develop and evaluate the framework. To evaluate the framework the researcher used a descriptive approach which is a scenario and panel of experts method. The data is collected from Nigerian Railways Corporation and Information Network Security Agency then a thematic data analysis approach is applied to analyze and interpret the data. Though two studies were conducted on the financial sector, the methodology to conduct this study and few CSRA process components makes this research different from the other two. Thus it provides the opportunity to extend the knowledge area. The result of this research can help improve an organization’s cybersecurity risk assessment process.
Designing Cyber Security Risk Assessment Framework for the Railways Industry in Nigeria, GET MORE COMPUTER SCIENCE PROJECT TOPICS AND MATERIALS