| dc.description.abstract | This Thesis delves into the realm of cybersecurity, specifically focusing on the development of a foundation for risk-based taxonomy. This research investigates and addresses the need for a structured framework that not only identifies and classifies diverse cyber threats but also facilitates a wider understanding of their potential impact on organizational assets and operations.
One of the key advantages of a comprehensive taxonomy is its ability to provide clarity amidst complexity. By classifying Cybersecurity threats into distinct categories and subcategories, organizations can gain a deeper understanding of their unique risk landscape. Moreover, a well-defined risk-based taxonomy facilitates communication and collaboration across different stakeholders and will foster alignment and enable more effective decision-making and risk management.
This thesis’ main finding suggests that Cybersecurity risk management could benefit from a risk-based taxonomy to shift cybersecurity efforts from a reactive stance to a proactive one. Instead of addressing every potential threat equally, organizations should focus on identifying and mitigating risks that pose the greatest potential impact to their operations, assets, and reputation. Furthermore, this should be communicated across the organizations disciplines to mitigate potential risks to the greatest extent.
Understanding the risk landscape allows organizations to make informed strategic decisions addressing the most critical risks, maximizing the efficiency and effectiveness of cybersecurity investments and prioritize initiatives that will have the greatest impact on reducing overall risk exposure. | |
