Methodology based on the NIST cybersecurity framework as a proposal for cybersecurity management in government organizations

Abstract

This research aims to propose the use of the methodology based on the NIST Framework for adequate management of cybersecurity in government organizations within the framework of the delivery of digital services. Many government organizations have been managing cybersecurity without a defined process; this generates that the management is deficient and without indicators. Concerning whether they are implementing the methodology based on the NIST cybersecurity framework”, shows that 36.8% of respondents present a level in disagreement, 31.6% (6) an undecided level, 15.8% (3) a level of agreement, 10.5% (2) a level totally in disagreement and 5.3% (1) a level totally in agreement. Meanwhile, the variable “The management of cybersecurity” shows that 36.8% (7) of the Ministries surveyed present a level in disagreement; 36.8% (7) an undecided level, 15.8% (3) a level of agreement, and 10.5% (2) a level totally in disagreement In conclusion: It has been shown that the use of the methodology based on the NIST cybersecurity framework influences cybersecurity management in government organizations and it is clear that they are currently not using it which causes a relatively poor level of leadership in the implementation of security measures concerning cybersecurity management.