Cyber secure digital transformations

Abstract

Introduction → There are no best practices concerning cyber security in the different phases of digital transformation nor frameworks that can be used by organizations in a digital transformation to decide the degree of cyber security controls which have to be implemented in which phase of their digital transformation, while cyber security and digital transformation are more important than ever. Objectives → With this research, the aim is to develop a secure digital transformation framework that helps organizations to decide the degree of cyber security controls which have to be implemented to find the most optimal level of cyber security in the organization and define a basic security baseline when situated in different phases of a digital transformation. Methods → This thesis consists of multiple steps. A multivocal literature review is conducted to (1) create a definition for digital transformation, (2) create a digital transformation phases model, and (3) define cybersecurity for digital transformation. Expert interviews are conducted to (4) collect the most relevant current cyber security risks. A focus group with experts from practice is organized to (5) prioritize the risk in different phases of digital transformation. With this information, (6) the secure digital transformation framework is created. To validate this framework, (7) a cyber security assessment is conducted in the form of an interview. Results → The cyber security assessment showed that the SDX framework could be used to measure an organization's cyber security in a DX. However, it is important to note that the SDX framework should be validated in different stages of a digital transformation and with different types of organizations to ensure its applicability and generalizability. Conclusion → Overall, this research provides valuable insights for organizations looking to navigate the landscape of DX and cyber security.