Transforming cybersecurity governance

Research Challenge: How can we identify cybersecurity governance needs and remedies through a dynamic adaptive approach to cyber threat landscaping so that the resultant governance framework is comprehensive, easily implemented and integrated in cybersecurity management?

The challenge is to design and develop a cybersecurity governance framework that is flexible enough to evolve with a changing threat landscape, but also fixed to such an extent that identified and previously solved security breaches and incidents do not reoccur under known circumstances. The challenge extends further to enable the building of a model that is re-usable for different clients, taking into cognisance the ever-changing technology landscape and the unique set of attributes that make up each entity within the cyber domain. The aim is to model the complex cyber environment and present this in a structured manner according to client needs in an easily understood and implemented governance framework.

A number of different approaches to cybersecurity governance exist. Yet, the existing frameworks are often generic or too broad in the sense that they encourage tick box cybersecurity exercises without the in-depth insight that are really required to ensure that entities are adequately prepared to mitigate cyber attacks and events. In many instances, existing approaches to cybersecurity governance are theoretical in nature, lacking the practical guidance that is often needed to lessen the effect of a cyber attack or incident.

The ultimate challenge that will be addressed is to make cybersecurity governance accessible to the users in a manner that is comprehensive in terms of the scope and content, yet not overwhelming to the implementer or a burden to the technology user. By succeeding in this goal, the cybersecurity domain will become a platform where Australian (and ultimately international) networks will be supporting each other in threat intelligence sharing and building national cyber resilience. By developing an adaptive approach to cybersecurity governance, entities (including federal, state and territorial, business and startup levels) will be able to take practical steps towards more effectively taking charge of their cybersecurity space governance. When we solve this scientific challenge, clients will be empowered to maximise their cybersecurity knowledge towards practical application that will not only benefit themselves, but also the larger Australian cyber ecosystem.