Risk-Based Cybersecurity Governance: Integrating Regulatory Theory, Cost-Benefit Analysis, and Adaptive Security Design in Digital Infrastructures

Dr. Adrian John

Open Access

Risk-Based Cybersecurity Governance: Integrating Regulatory Theory, Cost-Benefit Analysis, and Adaptive Security Design in Digital Infrastructures

PDF

Dr. Adrian John ¹ ,

⁴ Department of Information Systems and Public Policy University of Zurich, Switzerland

Abstract

The rapid expansion of digital infrastructures across public and private sectors has intensified the need for governance models capable of addressing cybersecurity risks in a systematic, economically rational, and ethically defensible manner. While numerous frameworks exist for risk analysis, compliance management, and technical security implementation, fragmentation persists between regulatory theory, cost-benefit analysis, and operational cybersecurity design. This article develops a comprehensive risk-based cybersecurity governance framework that synthesizes principles from risk science, regulatory policy, cost-benefit theory, and contemporary cybersecurity standards. Drawing on scholarship in risk regulation (Wiener, 2010), the discipline of cost-benefit analysis (Sen, 2000), foundational risk science (Aven, 2019; Aven & Thekdi, 2022), and cybersecurity frameworks including NIST CSF 2.0 (NIST, 2024), the study constructs a design-science-informed governance architecture. The framework integrates adaptive risk management, human-factor awareness, privacy-by-design principles, and dynamic compliance mechanisms. It incorporates economic rationality through structured cost-benefit integration, including social discounting and judicial scrutiny considerations (Feldstein, 1964; Morrison, 1998), while extending evaluation beyond narrow monetization toward responsibility-centered governance (Boeken, 2024). Methodologically grounded in design science research (Hevner et al., 2004), the study proposes a policy artifact that operationalizes risk-based cybersecurity across cloud, healthcare, and multi-cloud environments. Findings indicate that purely compliance-driven or technically isolated security models are insufficient; instead, adaptive, context-sensitive, and economically informed governance is necessary to manage spillover risks and advanced persistent threats. The discussion highlights theoretical implications for risk science, regulatory accountability, and digital ethics. The article concludes that sustainable cybersecurity governance requires institutional integration of risk analysis, economic evaluation, and technical security design within a coherent normative framework.

Keywords

cybersecurity governance, risk analysis, cost-benefit analysis, regulatory policy

References

📄 Aven, T. (2019). The Science of Risk Analysis: Foundation and Practice. Routledge & CRC Press.

📄 Aven, T., & Thekdi, S. (2022). Risk Science: an Introduction. Routledge.

📄 Boehm, J., Curcio, N., Merrath, P., Shenton, L., & Stähle, T. (2019). The risk-based approach to cybersecurity. McKinsey & Company Risk Practice.

📄 Boeken, J. (2024). From compliance to security, responsibility beyond law. Computer Law & Security Review, 52, 105926.

📄 Cavoukian, A. (2009). Privacy by design: The 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada.

📄 Chauhan, M., & Shiaeles, S. (2023). An analysis of cloud security frameworks, problems and proposed solutions. Network, 3(3), 422-450.

📄 Feldstein, M. S. (1964). The social time preference discount rate in cost benefit analysis. Economic Journal, 74(294), 360-379.

📄 Gordon, L. A., & Loeb, M. P. (2020). Integrating cost-benefit analysis into the NIST cybersecurity framework via the Gordon-Loeb model. Journal of Cybersecurity, 6(1), tyaa005.

📄 Hevner, A., March, S., Park, J., & Ram, S. (2004). Design science in information systems research. MIS Quarterly, 28(1), 75-105.

📄 Kummarapurugu, C. S. (2022). Enhancing serverless computing security in multi-cloud environments: Integrating policy-as-code, automated compliance, and dynamic access controls. International Journal of Innovative Research in Engineering Multidisciplinary Physical Sciences, 10(2).

📄 Kwon, J., & Johnson, M. E. (2014). Health-care security strategies for data protection and regulatory compliance. Journal of Management Information Systems, 30(2), 41-66.

📄 Mailloux, L. O., Span, M., Grimaila, M. R., Young, W. B., & Hodson, D. D. (2018). Examination of security design principles from NIST SP 800-160. IEEE Access, 6, 34996-35007.

📄 Mbaka, W. B., van Gerwen, S., & Tuma, K. (2024). Human factors in security risk of software systems: A systematic literature review. Journal of Systems and Software.

📄 Melaku, H. M. (2023). Context-based and adaptive cybersecurity risk management framework. Risks, 11(6), 101.

📄 Merad, M. (2010). Aide à la décision et expertise en gestion des risques. Lavoisier.

📄 Merad, M., & Trump, B. D. (2020). Expertise under Scrutiny. Springer.

📄 Morrison, E. R. (1998). Judicial review of discount rates used in regulatory cost-benefit analysis. University of Chicago Law Review, 65(4), 1333-1369.

📄 National Institute of Standards and Technology (NIST). (2024). NIST Cybersecurity Framework 2.0: Quick Start Guide for Using the CSF tiers (NIST Special Publication 1302). U.S. Department of Commerce.

📄 Pelletier, J. M. (2018). Longitudinal analysis of information security incident spillover effects. Journal of Management Science and Business Intelligence, 3(2), 15-20.

📄 Sen, A. (2000). The discipline of cost-benefit analysis. Journal of Legal Studies, 29(S2), 931-952.

📄 Tatam, M., Shanmugam, B., Azam, S., & Kannoorpatti, K. (2021). A review of threat modelling approaches for APT-style attacks. Heliyon, 7(1).

📄 Wiener, J. B. (2010). Risk regulation and governance institutions. In Risk and Regulatory Policy: Improving the Governance of Risk. OECD.

📄 Nayeem, M. (2025). Strategic Cybersecurity Governance: A Risk-Based Policy Framework for IT Protection and Compliance. In Proceedings of the International Conference on Artificial Intelligence and Cybersecurity (ICAIC 2025), 19-29.

How to Cite

Dr. Adrian John. (2025). Risk-Based Cybersecurity Governance: Integrating Regulatory Theory, Cost-Benefit Analysis, and Adaptive Security Design in Digital Infrastructures. Global Multidisciplinary Journal, 4(12), 134-139. https://www.grpublishing.org/journals/index.php/gmj/article/view/339

Download Citation

Most read articles by the same author(s)

Nicola Banhwa, ECONOMISTS AND INDIGENOUS INSTITUTIONS: ROLES AND IMPACT , Global Multidisciplinary Journal: Vol. 3 No. 09 (2024): Volume 03 Issue 09
Dr. Lukas M. Verhoeven, Integrating Artificial Intelligence and Advanced Data Processing for Real-Time Credit Scoring: Theoretical Foundations, Methodological Innovations, and Implications for Contemporary Credit Risk Management , Global Multidisciplinary Journal: Vol. 4 No. 10 (2025): Volume 04 Issue 10
Shivam Kumar, Redefining Entry-Level Analyst Roles In M&A: AI-Driven Transformation Of Diligence, Skillsets, And Deal Execution , Global Multidisciplinary Journal: Vol. 4 No. 10 (2025): Volume 04 Issue 10
Arvind Raman, Towards Secure, Trusted, and Virtualized Multi-Tenant FPGA–Cloud Ecosystems: A Comprehensive Research Framework Integrating Hardware Roots of Trust, Cryptographic Acceleration, and Zero-Trust Cloud Security , Global Multidisciplinary Journal: Vol. 4 No. 09 (2025): Volume 04 Issue 09
Dr. Emma L. Carter, Private Equity, Leverage, and Distress Resolution: Governance, Investment Behavior, and Long-Run Value in Leveraged Buyouts , Global Multidisciplinary Journal: Vol. 4 No. 12 (2025): Volume 04 Issue 12
Dr. Amina R. Laurent, AI-Enabled Resilience in Cyber-Physical and Financial Systems: Integrating Secure Intelligence across Clinical Trials, IoMT, Supply Chains, and FinTech , Global Multidisciplinary Journal: Vol. 4 No. 11 (2025): Volume 04 Issue 11
Gideon Ogonna Ibeakuzie, Celestine Emeka Ekwuluo, Adaeze Janice Erondu, Kennedy Oberhiri Obohwemu, Eddy Eidenehi Esezobor, Oluwafemi Emmanuel Ooju, Festus Ituah, Oladipo Vincent Akinmade, Daniel Obande Haruna, Solomon Atuman, Perpetual Ogechukwu Nwankwo, Jennifer Adaeze Chukwu, Abba Sadiq Usman, Jerry Soni, Obioma Chidumaga Aririsukwu, Structural Drivers of Farmer–Herder Conflict in Katsina State, Nigeria: Context, Dynamics, And Implications for State Response , Global Multidisciplinary Journal: Vol. 5 No. 02 (2026): Volume 05 Issue 02
Raimova G.M., Khodjiyev S.S., Nasirov Q.E., Makhmudova N.K., Comprehensive Analysis Of Biochemical Alterations And Hemostatic Dysfunction In Dexamethasone- And Streptozotocin-Induced Type 2 Diabetes Mellitus Models , Global Multidisciplinary Journal: Vol. 4 No. 12 (2025): Volume 04 Issue 12
Ravi K. Menon, Blockchain-Enabled Cybersecurity and AI-Augmented Governance for Trusted Industrial IoT, Healthcare, and Supply Chain Systems , Global Multidisciplinary Journal: Vol. 4 No. 10 (2025): Volume 04 Issue 10
Dr. Elena Marquez, Real-Time Stream Intelligence For Financial Risk Management: Integrating Event Stream Processing, Lakehouse Architectures, And Privacy-Preserving Analytics , Global Multidisciplinary Journal: Vol. 4 No. 09 (2025): Volume 04 Issue 09

<< < 2 3 4 5 6 7 8 9 10 11 > >>

Global Multidisciplinary Journal

Risk-Based Cybersecurity Governance: Integrating Regulatory Theory, Cost-Benefit Analysis, and Adaptive Security Design in Digital Infrastructures

Abstract

Keywords

References

How to Cite

Most read articles by the same author(s)

Similar Articles