Cybersecurity Risk Assessment Approach for Malaysian Organizations: Malaysian Universities as Case Study

Abstract

Malaysian organizations are following different methods for cybersecurity risk assessment such as Control Objectives for Information and Related Technologies (COBIT) and International Organization for Standardization (ISO) 27001. The higher education institutions in Malaysia are facing the same difficulties as different standards and approaches are used to evaluate the cybersecurity risk of their institutions. So, there is a lack of a cybersecurity risk assessment approach that takes Malaysian and international standards into consideration. This paper aims to develop a cybersecurity risk assessment approach for higher education institutions in Malaysia. The methodology of conducting this research is qualitative research using a case study. The framework has considered international cybersecurity standards such as the Holistic cybersecurity maturity assessment framework (HCYMAF) and local cybersecurity standards such as National Cyber Security Agency (NACSA) and the Malaysia Cyber Security Strategy (MCSS). In addition, a measurable instrument to assess cybersecurity risk has been proposed. The subject-matter expert can apply this approach to assess their organization's cybersecurity maturity and risk. The findings of this study shall be useful in overcoming the drawbacks of employing non-standard procedures in such evaluations, resulting in more accurate and reliable evaluation outcomes.