Comprehensive review of cybersecurity framework evolution: Comparing national institute of standards and technology, international organization for standardization and gaming compliance standards
1 Cybersecurity Governance and Compliance Research Center, University of Texas Permian Basin, Odessa, TEXAS 79762, USA.
2 College of Business, University of Texas Permian Basin, Odessa, TEXAS 79765 USA.
Review Article
World Journal of Advanced Research and Reviews, 2024, 23(03), 3343-3363
Publication history:
Received on 02 August 2024; revised on 21 September 2024; accepted on 28 September 2024
Abstract:
The digital infrastructure is changing at a very fast pace, and cyber threats have also become more sophisticated, forcing organizations in all fields to adopt organized cybersecurity mechanisms. This literature review is systematized to discuss the evolutionary path of three prevalent cybersecurity governance models that are the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), the International Organization for Standardization/International Electrotechnical Commission 27001 standard (ISO/IEC 27001), and industry-specific gaming-compliance standards that control online and brick-and-mortar gambling activities worldwide. The systematic search that was conducted using PRISMA was based on nine databases and sources of grey literature, retrieving 8,047 initial records that were refined to 57 high-quality sources to be synthesized. As identified in the analysis, essential convergences and differences between these models exist, especially on how they address identity and access control, response to an incident, supply chain protection, anti-fraud controls, and player protection mechanisms, specific to the gaming industry. Quantitative analysis shows that combined framework adoption, which incorporates the use of NIST CSF, ISO 27001, and gaming-specific standards, yields the 3-year ROI of up to 348, breach cost savings of 81%, compliance penalties, on average, of $1.58 million US dollars/year on the large gaming operators. There are also significant gaps in mainstream models of Random Number Generator (RNG) fairness certification, geolocation compliance, and anti-money laundering (AML) integration, and responsible gambling controls that gaming-specific models cover, but the general model of cybersecurity frameworks systematically overlooks. The results confirm that it is possible to create a common, industry-adaptive cybersecurity governance framework that integrates the structural rigor of the NIST and ISO models with the functional specificity of the gaming compliance standards. This review would not only be valuable to the academic research on cybersecurity governance, but also practice-oriented advice to gaming regulators, operators, and cybersecurity workers in need of effective and proportional security postures in a regulatory environment that is getting more complicated.
Keywords:
Cybersecurity Frameworks; NIST CSF; ISO 27001; PCI-DSS; Gaming Compliance; Information Security Governance; Data Protection; Incident Response; Supply Chain Security
Full text article in PDF:
Copyright information:
Copyright © 2024 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0