Bridging networks, systems and controls frameworks for cybersecurity curriculums and standards development

Applied cybersecurity practices in private and public industry in the United States are transitioning to an overall focus on cyber risk management. Hence, it is necessary to align the information technology (IT) cybersecurity application standards of professional associations and related educational curriculums with emerging applications in practice. Current standards and educational curriculums seem fragmented across network protocols and network analysis tool frameworks (NPNATFs); systems and networks infrastructure frameworks (SNIFs); and risk management and controls policy frameworks (RMCPFs). This paper develops an applied framework for aligning, integrating and streamlining standards and curriculums across all three levels, aligning them with the needs of applied risk management practice. A cyber risk management framework is developed with a focus on voice over internet protocol (VoIP) networks. These networks have been gaining central prominence across diverse industries, such as global banking and finance, over the past decade. Despite their central role (in both technological and economic terms), sparse attention has been given to their critical vulnerabilities – described as the “weakest links†in global banking and finance networks – as is evident from cybersecurity and penetration testing. This;paper demonstrates the contribution of the proposed cyber risk management framework in addressing such critical gaps in global banking and finance cybersecurity and information assurance practices. The latter constitutes an example application of the proposed framework; it is extendable to multiple other industries including health care.