Cybersecurity assessments are crucial in building the assurance that vital cyberassets are effectively protected from threats. Multiple assessment methods have been proposed during the decades of the cybersecurity field. However, a systematic literature search described in this paper reveals that their reviews are practically missing. Thus, the primary objective of this research was to fulfil this gap by comprehensively identifying and analysing cybersecurity assessment methods described in the scientific literature. A structured research method and transparent criteria were applied for this purpose. As a result, thirty-two methods are presented in this paper. Particular attention is paid to the question of the methods’ applicability in realistic contexts and environments. In that regard, the challenges and limitations associated with the methods’ application as well as potential approaches to addressing them have been indicated. Besides, the paper systematises the terminology and indicates complementary studies which can be helpful during assessments. Finally, the areas that leave space for improvement and directions for further research and development are indicated. The intention is to support researchers and practitioners in choosing the method to be applied in their assessments and to indicate the areas that can be further explored.
Authors
Additional information
- DOI
- Digital Object Identifier link open in new tab 10.1016/j.cose.2021.102376
- Category
- Publikacja w czasopiśmie
- Type
- artykuły w czasopismach
- Language
- angielski
- Publication year
- 2021
