Skip navigation
st. Mary's University Institutional Repository St. Mary's University Institutional Repository

Please use this identifier to cite or link to this item: http://hdl.handle.net/123456789/5298
Full metadata record
DC FieldValueLanguage
dc.contributor.authorMulualem, Eyuel-
dc.date.accessioned2020-04-07T13:53:26Z-
dc.date.available2020-04-07T13:53:26Z-
dc.date.issued2019-05-
dc.identifier.uri.-
dc.identifier.urihttp://hdl.handle.net/123456789/5298-
dc.description.abstractCybersecurity is very crucial for the railway's industry. The railway's organization should protect its asset from possible threats. An organization needs to assess cybersecurity risks primary to protect the assets. In order to conduct a cybersecurity risk assessment, a framework should be developed first. The researcher identified and investigated the railway's industry problem in Ethiopia and the gap of previous cybersecurity risk assessment standards, guidelines and frameworks and come up with the solution. The general objective of this research is to develop an integrated cybersecurity risk assessment framework for the railway's industry in Ethiopia to improve the level of safety and security. The synthesized result of thematic data analysis and the relevant framework, standard, guidelines such as ISO27001, NIST SP 800-30, and critical mass cybersecurity requirement standard is used to develop cybersecurity risk assessment framework for railways industry in Ethiopia. The national cybersecurity risk assessment process has3 main levels that are national, sectoral and organizational. The organizational level risk assessment process also has 3 main level that is strategic tactical/managerial and operational level. The organizational operational level has a total of 13 components that include cybersecurity strategic management awareness, organizational structure, established system context, purpose, scope, identify assets & intrusion detection, identify threats, identify vulnerability determine likelihood, determine impact, risk evaluation, communicate result and risk identification & evaluation update opportunity. The design science approach is applied in this study to develop and evaluate the framework. To evaluate the framework the researcher used a descriptive approach which is scenario and panel of expert’s method. The data is collected from Ethiopian Railways Corporation and Information Network Security agency then thematic data analysis approach is applied to analyze and interpret the data. Though two studies conducted on the financial sector in Ethiopia, the methodology to conduct this study and few CSRA process components (specific to the railway's industry in Ethiopia) makes this research different from the other two. Thus it provides the opportunity to extend the knowledge area. The result of this research can help improve organization cybersecurity risk assessment process.en_US
dc.language.isoenen_US
dc.publisherSt. Mary's Universityen_US
dc.subjectCybersecurity, Risk Assessment, Cyber Security Risk Assessment, Cyber Security Risk Assessment Standardsen_US
dc.subjectframework and Guidelines, Cyber Security Risk Assessment Framework for Railwayen_US
dc.titleDeveloping Cyber Security Risk Assessment Framework for Railways Industry in Ethiopiaen_US
dc.typeThesisen_US
Appears in Collections:Master of computer science

Files in This Item:
File Description SizeFormat 
Eyuel Mulualem-converted(2)-converted-converted.pdf1.02 MBAdobe PDFView/Open
Show simple item record


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.