Abstract

Purpose This study proposes a guided tool for cybersecurity risk assessment tailored for nongovernmental organizations (NGOs), enabling them to comply with cybersecurity policies despite limitations in security awareness, funding and expertise. Design/methodology/approach A digital transformation is indispensable for ensuring the sustainable operation of NGOs. Embracing a digital manifesto necessitates an awareness of cybersecurity risks, highlighting the critical need for a robust cybersecurity risk assessment methodology. Initial research phases revealed significant shortages in security awareness, funding and expertise. Consequently, this study introduces an intuitive approach tailored specifically for NGOs, supported by a customized tool designed to address their unique requirements. The NIST cybersecurity risk assessment framework and National Cyber-security Authority (NCA) were adopted to define the risk assessment approach. The efficacy of this approach is evaluated qualitatively through a case study involving three NGOs in Saudi Arabia, aimed at assessing their capability to utilize the tool effectively. Following the implementation, a Likert-scale survey gauged satisfaction among NGOs regarding the tool’s utility. Findings Results from the case study indicate high satisfaction, affirming its alignment with their operational needs and enhancement of compliance with NCA controls. Furthermore, the use of the tool enhances the awareness of NCA’s cybercity requirements and controls. Originality/value Based on theoretical and empirical grounds, this research proposes a novel design of security assessment framework tailored for NGO requirements and supported by initiative tool enabling complying with cybersecurity policies and enhances the awareness of cybersecurity controls.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.