Evaluation of the cyber security models implemented across common attack vectors: A review of literature

Abstract

Cybersecurity is an organizational issue that should be looked at through the lens of various stakeholders. However, it is often treated as a siloed issue in which more is always seen as better. The CISOs, CIOs, and the key decision-makers struggle to understand how much security is enough. Cybersecurity solutions, referred to as controls, more often than not result in a residual risk. To assess this risk better, the security controls should be studied in further detail. The objective of this paper is to educate the audience with the various cyber security controls being used in the academia and in the industry. In order to circumvent the security issues faced by large organization, the tradeoffs of each controls should be studied further. The paper is meant to provide a balanced view providing the positive and the critical aspect of implementing some of the known security solutions. There is no one perfect formula when it comes to selecting security controls. However, picking a security control that are in line with the users’ needs will help reduce some of the risks associated with implementing the controls. An optimal solution requires a balanced approach towards the risk, cost, and benefit of the solution. The aim of the paper is to help the reader assess some of risks and the tradeoff associated with the security controls being practiced in the industry today.