Analyzing Cybersecurity Risks and Threats in IT Infrastructure based on NIST Framework

Due to the increasing frequency and complexity of cyberattacks in recent years, cybersecurity management has received significant attention, particularly concerning the critical infrastructure of targeted countries. Such infrastructure contains several vulnerabilities that may be readily exploited if not adequately managed. National cybersecurity regulators require critical infrastructure organizations to regularly monitor and report their cybersecurity activities. This study assesses whether the NIST framework can effectively address most threats facing critical infrastructure and identifies any notable gaps within the framework. In this literature review, most threats reported in critical infrastructure will be discussed and mapped according to the NIST cybersecurity functions, concluding with a discussion of the findings. The findings indicates that human vulnerabilities with (12 instances) represent one of the leading threats to critical infrastructure, appearing prominently in reviewed sources. Human errors, negligence, lack of awareness, insufficient training, and susceptibility to social engineering significantly increase the risk of successful cyberattacks.