Abstract The conventional approach to managing a cybersecurity program typically involves building an Information Security Management System based on one or a combination of security standards. However, this approach is inadequate for meeting the requirements of modern cybersecurity programs. It lacks a systematic and structured method for efficiently managing and comprehensively measuring cybersecurity efforts. In response, we conducted a three-round Delphi study to develop a hierarchical cybersecurity management process model consisting of 6 strategic processes, 11 tactical processes, and 19 operational processes. Based on these findings, we developed the Cybersecurity Management and Performance Assessment model, which helps organizations to assess process maturity and control effectiveness. Our study contributes to the theoretical knowledge in the field of cybersecurity management. By adopting our model, organizations can enhance their cybersecurity assurance and identify pathways to improve the effectiveness and maturity of their cybersecurity programs.
Liu et al. (Wed,) studied this question.