Jacobs, PCSolms, SHGrobler, MM2016-07-202016-07-202015-05Jacobs, P.C. Solms, S.H. and Grobler, M.M. 2015. Framework for the implementation of Business Cybersecurity. In: International Conference on Business and Cyber Security (ICBCS), 12-13 May 2016, Holiday Inn, Regents Park, Carburton Street, Londonhttp://hdl.handle.net/10204/8640International Conference on Business and Cyber Security (ICBCS), 12-13 May 2016, Holiday Inn, Regents Park, Carburton Street, LondonInformation and Communications Technology is often seen as a critical organisational asset. To prevent loss of revenue and money, as well as to protect organisational reputation, this asset must be protected from threats and vulnerabilities. Organisations use different standards, frameworks and best practices when addressing cybersecurity. These governance documents could be chosen based on legislative or corporate governance requirements, and are most often industry specific. These documents typically prescribe sets of controls to be implemented, such as technical controls, administrative controls and physical controls. Most of these documents also describe very specific capabilities that a business has to develop in securing their cyberdomain. Capabilities, consisting of people, processes and technology, are meant to achieve outcomes or effects, and are applicable to the operational domain. Initial research has shown that no cybersecurity capability development framework applicable to the business domain exists. In this article, a framework called the Business Cybersecurity Capability Development Framework (BCCapDev framework) is proposed. In developing the BCCapDev, a modular approach is followed, starting with the identification of requirements for such a framework. Input into the BCCapDev framework such as legal requirements and business governance requirements are identified. Existing standards, frameworks and best practices are consulted, and capabilities identified, as well as actors and stakeholders. Mechanisms to align BCCapDev processes with business are identified, as well as a methodology to build the capability. The framework is developed in such a way that it is modular, reusable, and independent to changes in standards, frameworks or best practices. The BCCapDev is also developed flexible enough to be industry neutral.enCybersecurityCapability frameworkCybersecurity structuresConference PresentationJacobs, P., Solms, S., & Grobler, M. (2015). Framework for the implementation of Business Cybersecurity. http://hdl.handle.net/10204/8640Jacobs, PC, SH Solms, and MM Grobler. "Framework for the implementation of Business Cybersecurity." (2015): http://hdl.handle.net/10204/8640Jacobs P, Solms S, Grobler M, Framework for the implementation of Business Cybersecurity; 2015. http://hdl.handle.net/10204/8640 .TY - Conference Presentation AU - Jacobs, PC AU - Solms, SH AU - Grobler, MM AB - Information and Communications Technology is often seen as a critical organisational asset. To prevent loss of revenue and money, as well as to protect organisational reputation, this asset must be protected from threats and vulnerabilities. Organisations use different standards, frameworks and best practices when addressing cybersecurity. These governance documents could be chosen based on legislative or corporate governance requirements, and are most often industry specific. These documents typically prescribe sets of controls to be implemented, such as technical controls, administrative controls and physical controls. Most of these documents also describe very specific capabilities that a business has to develop in securing their cyberdomain. Capabilities, consisting of people, processes and technology, are meant to achieve outcomes or effects, and are applicable to the operational domain. Initial research has shown that no cybersecurity capability development framework applicable to the business domain exists. In this article, a framework called the Business Cybersecurity Capability Development Framework (BCCapDev framework) is proposed. In developing the BCCapDev, a modular approach is followed, starting with the identification of requirements for such a framework. Input into the BCCapDev framework such as legal requirements and business governance requirements are identified. Existing standards, frameworks and best practices are consulted, and capabilities identified, as well as actors and stakeholders. Mechanisms to align BCCapDev processes with business are identified, as well as a methodology to build the capability. The framework is developed in such a way that it is modular, reusable, and independent to changes in standards, frameworks or best practices. The BCCapDev is also developed flexible enough to be industry neutral. DA - 2015-05 DB - ResearchSpace DP - CSIR KW - Cybersecurity KW - Capability framework KW - Cybersecurity structures LK - https://researchspace.csir.co.za PY - 2015 T1 - Framework for the implementation of Business Cybersecurity TI - Framework for the implementation of Business Cybersecurity UR - http://hdl.handle.net/10204/8640 ER -