Cyber security Risk Management: A Theoretical Study
DOI:
https://doi.org/10.56830/IJAMS01202604Keywords:
Cybersecurity, Risk Management, COVID-19 pandemic, Information SystemsAbstract
This paper explores the evolving landscape of cybersecurity risk management, emphasizing its critical importance for organizations handling vast amounts of sensitive data. With cyberattacks rising dramatically—from individual-targeted threats to complex assaults on businesses and nations—managing these risks has become a top priority for experts worldwide. The study outlines common cyber threats such as malware, ransomware, and distributed denial-of-service attacks, highlighting their severe consequences including data loss, reputational damage, and operational disruption. It presents a comprehensive cybersecurity risk management framework that involves five key steps: scoping the assessment, identifying risks, analyzing likelihood and impact, prioritizing and treating risks through avoidance, transfer, or mitigation, and documenting all findings in a risk register. The paper also discusses recognized standards like ISO 27001, and prominent frameworks including NIST CSF, DoD RMF, FAIR, and the AICPA reporting framework, each providing structured approaches to identify, evaluate, and mitigate cyber risks. The conclusion underscores the increasing complexity of cybersecurity risk management amid technological advances and regulatory pressures, particularly intensified by recent global challenges such as the COVID-19 pandemic. Continuous risk assessment, reassessment, and monitoring are advocated as essential practices to safeguard organizational assets and ensure resilience against emerging cyber threats.
References
Alahmari, A. A., & Duncan, R. A. (2021). Investigating Potential Barriers to Cybersecurity Risk
Management Investment in SMEs. Proceedings of the 13th International Conference on Electronics,
Computers and Artificial Intelligence, ECAI 2021. https://doi.org/10.1109/ECAI52376.2021.9515166 DOI: https://doi.org/10.1109/ECAI52376.2021.9515166
Alamri, B., Crowley, K., & Richardson, I. (2023). Cybersecurity Risk Management Framework for Blockchain Identity Management Systems in Health IoT. In Sensors (Vol. 23, Issue 1).
https://doi.org/10.3390/s23010218 DOI: https://doi.org/10.3390/s23010218
Alamri, B., Richardson, I., & Crowley, K. (2024). Cybersecuriy Risk Management and Evaluation
Framework of Blockchain Identity Management Systems in HIoT: Experts Evaluation. IEEE Access,
12. https://doi.org/10.1109/ACCESS.2024.3468379 DOI: https://doi.org/10.1109/ACCESS.2024.3468379
Ambreen, L., Jain, M., Yadav, R. K., & Loonkar, S. (2023). Effective cybersecurity risk management practices for small and medium-sized enterprises: A comprehensive review. Multidisciplinary Reviews, 6. https://doi.org/10.31893/multirev.2023ss080 DOI: https://doi.org/10.31893/multirev.2023ss080
Ampel, B. M., Samtani, S., Zhu, H., Chen, H., & Nunamaker, J. F. (2024). Improving Threat Mitigation Through a Cybersecurity Risk Management Framework: A Computational Design Science Approach. Journal of Management Information Systems, 41(1). https://doi.org/10.1080/07421222.2023.2301178 DOI: https://doi.org/10.1080/07421222.2023.2301178
Apsari, R. D., & Khudri, T. M. Y. (2025). An Evaluation of Cybersecurity Risk Management
Implementation at Bank Pembangunan XYZ. Greenation International Journal of Economics and Accounting, 3(1). https://doi.org/10.38035/gijea.v3i1.366 DOI: https://doi.org/10.38035/gijea.v3i1.366
Demek, K. C., & Kaplan, S. E. (2023). Cybersecurity breaches and investors’ interest in the firm as an investment. International Journal of Accounting Information Systems, 49. https://doi.org/10.1016/j.accinf.2023.100616 DOI: https://doi.org/10.1016/j.accinf.2023.100616
Dioubate, B. M., & Wan Daud, W. N. (2022). A Review of Cybersecurity Risk Management Framework in
Malaysia Higher Education Institutions. International Journal of Academic Research in Business and Social Sciences, 12(5). https://doi.org/10.6007/ijarbss/v12-i5/12924 DOI: https://doi.org/10.6007/IJARBSS/v12-i5/12924
Haque, G. M. M., Akula, D. K., Mohammed, Y. S., Syed, A., & Arafat, Y. (2025). Cybersecurity Risk
Management in the Age of Digital Transformation: A Systematic Literature Review. The American Journal of Engineering and Technology, 7(08). https://doi.org/10.37547/tajet/volume07issue08-14 DOI: https://doi.org/10.37547/tajet/Volume07Issue08-14
Klumpes, P. (2023). Coordination of cybersecurity risk management in the U.K. insurance sector. Geneva Papers on Risk and Insurance: Issues and Practice, 48(2). https://doi.org/10.1057/s41288-023-00287-9 DOI: https://doi.org/10.1057/s41288-023-00287-9
Kure, H. I., Islam, S., Ghazanfar, M., Raza, A., & Pasha, M. (2022). Asset criticality and risk prediction for an effective cybersecurity risk management of cyber-physical system. Neural Computing and Applications, 34(1). https://doi.org/10.1007/s00521-021-06400-0 DOI: https://doi.org/10.1007/s00521-021-06400-0
Lee, I. (2021). Cybersecurity: Risk management framework and investment cost analysis. Business
Horizons, 64(5). https://doi.org/10.1016/j.bushor.2021.02.022 DOI: https://doi.org/10.1016/j.bushor.2021.02.022
Melaku, H. M. (2023). Context-Based and Adaptive Cybersecurity Risk Management Framework. Risks, 11(6). https://doi.org/10.3390/risks11060101 DOI: https://doi.org/10.3390/risks11060101
Mizrak, F. (2023). Integrating cybersecurity risk management into strategic management: a comprehensive literature review. Pressacademia. https://doi.org/10.17261/pressacademia.2023.1807 DOI: https://doi.org/10.17261/Pressacademia.2023.1807
Nelson, A., Rekhi, S., Souppaya, M., & Scarfone, K. (2025). NIST Special Publication 800 NIST SP 800-61r3 Incident Response Recommendations and Considerations for Cybersecurity Risk Management A CSF 2.0 Community Profile. NIST Special . DOI: https://doi.org/10.6028/NIST.SP.800-61r3
Nkambule, M., & Jansen van Vuuren, J. (2024). Integrating Enterprise Architecture into Cybersecurity Risk Management in Higher Education. International Conference on Cyber Warfare and Security, 19(1). https://doi.org/10.34190/iccws.19.1.2189 DOI: https://doi.org/10.34190/iccws.19.1.2189
Perols, R. R., & Murthy, U. S. (2021). The impact of cybersecurity risk management examinations and cybersecurity incidents on investor perceptions and decisions. Auditing, 40(1). https://doi.org/10.2308/AJPT-18-010 DOI: https://doi.org/10.2308/AJPT-18-010
Prakesh, V., Khare, S., Talwandi, N. S., Surender, Lalar, S., & Thakur, P. (2025). Strategic Framework Form Cybersecurity Risk Management: Enhancing Resilience in an Evolving Threat Landscape.
Lecture Notes in Networks and Systems, 1287 LNNS. https://doi.org/10.1007/978-981-96-3284-8_13 DOI: https://doi.org/10.1007/978-981-96-3284-8_13
Salin, H., & Lundgren, M. (2022). Towards Agile Cybersecurity Risk Management for Autonomous Software Engineering Teams. Journal of Cybersecurity and Privacy, 2(2). https://doi.org/10.3390/jcp2020015 DOI: https://doi.org/10.3390/jcp2020015
Song, J. M., Wang, T., Yen, J. C., & Chen, Y. H. (2024). Does cybersecurity maturity level assurance improve cybersecurity risk management in supply chains? International Journal of Accounting Information Systems, 54. https://doi.org/10.1016/j.accinf.2024.100695 DOI: https://doi.org/10.1016/j.accinf.2024.100695
Thach, N. N., Hanh, H. T., Huy, D. T. N., Gwoździewicz, S., Nga, L. T. V., Huong, L. T. T., & Nam, V. Q.
(2021). TECHNOLOGY QUALITY MANAGEMENT OF THE INDUSTRY 4.0 AND
CYBERSECURITY RISK MANAGEMENT ON CURRENT BANKING ACTIVITIES IN EMERGING
MARKETS - THE CASE IN VIETNAM. International Journal for Quality Research, 15(3). https://doi.org/10.24874/IJQR15.03-10 DOI: https://doi.org/10.24874/IJQR15.03-10
Yang, L., Lau, L., & Gan, H. (2020). Investors’ perceptions of the cybersecurity risk management reporting framework. International Journal of Accounting and Information Management, 28(1). https://doi.org/10.1108/IJAIM-02-2019-0022 DOI: https://doi.org/10.1108/IJAIM-02-2019-0022
