NUST Institutions Library Catalogue

Assessment of the Impact of the Global Cybersecurity Index (GCI) of the International Telecommunication Union (ITU) on Improving the Cybersecurity Posture of Developing Countries (A Pakistani Perspective) / Sardar Muhammad Ali

By: Ali, Sardar MuhammadContributor(s): Supervised by Dr. Abdul RazzaqMaterial type: TextTextPublisher: Rawalpindi, MCS (NUST), 2025Description: xviii, 203 pSubject(s): PhD Information Security Thesis | PhD IS ThesisDDC classification: 005.8,ALI
Contents:
Cybersecurity has become a critical priority as organizations increasingly depend on digital infrastructure. Traditional compliance approaches often fall short in addressing evolving threats, highlighting the need for intelligent and adaptive mechanisms to strengthen governance and resilience. Organizations encounter persistent challenges in aligning with multiple international and national cybersecurity standards. Current com pliance efforts are fragmented, costly, and lack adaptability, limiting their effectiveness in improving overall posture. In addition, existing methods fail to provide systematic and explainable guidance, creating governance and resilience gaps in developing countries. The proposed study presents an automated, machine learning–based recom mender framework that systematically suggests cybersecurity standards, audits, and compliance steps according to organizational maturity levels. The framework integrates six global standards (ISO/IEC 27001:2022, CIS, NIST, SCAP, NERC CIP, ISA/IEC 62443-4-2) and Three national cybersecurity standards were adopted for comparative analysis: Saudi Arabia follows the National Cybersecurity Authority (NCA) under the Essential Cybersecurity Controls (ECC) framework; Pakistan implements the National Cyber Security Policy (NCSP 2021) and Critical Telecom Data and Infrastructure Security Regulations (CTDISR) frameworks; while the United Arab Emirates (UAE) applies the Information Assurance (IA) framework under the National Cybersecurity Strategy (NCS). The proposed framework applies data preprocessing, TF-IDF, Recursive Feature Elimination (RFE), and a Content-Based Filtering (CBF) model with a feedback xvii loop to generate tailored compliance recommendations. The proposed framework was validated across three organizational maturity scenariosAd-hoc, Managed, and Adaptive. Findings indicated that the UAE standard recommended 158 controls at the Ad-hoc level, while the KSA standard dominated at the Managed level. Among the classifiers tested (Random Forest, K-Nearest Neighbor, and Support Vector Machine), Random Forest achieved the best performance with 81% accuracy and an ROC-AUC score of 0.98. The proposed framework provides a scalable and adaptive mechanism for compliance, enabling continuous monitoring of organizational maturity and alignment with international standards. By enhancing governance and resilience, it supports national cybersecurity capacity and contributes to improving Global Cybersecurity Index (GCI) rankings, offering both theoretical advancement and practical value for developing countries.
Tags from this library: No tags from this library for this title. Log in to add tags.

Cybersecurity has become a critical priority as organizations increasingly depend on digital infrastructure. Traditional compliance approaches often fall short in addressing evolving threats, highlighting the need for intelligent and adaptive mechanisms to strengthen governance and resilience. Organizations encounter persistent challenges in aligning with multiple international and national cybersecurity standards. Current com pliance efforts are fragmented, costly, and lack adaptability, limiting their effectiveness in improving overall posture. In addition, existing methods fail to provide systematic and explainable guidance, creating governance and resilience gaps in developing countries. The proposed study presents an automated, machine learning–based recom mender framework that systematically suggests cybersecurity standards, audits, and compliance steps according to organizational maturity levels. The framework integrates six global standards (ISO/IEC 27001:2022, CIS, NIST, SCAP, NERC CIP, ISA/IEC 62443-4-2) and Three national cybersecurity standards were adopted for comparative analysis: Saudi Arabia follows the National Cybersecurity Authority (NCA) under the Essential Cybersecurity Controls (ECC) framework; Pakistan implements the National Cyber Security Policy (NCSP 2021) and Critical Telecom Data and Infrastructure Security Regulations (CTDISR) frameworks; while the United Arab Emirates (UAE) applies the Information Assurance (IA) framework under the National Cybersecurity Strategy (NCS). The proposed framework applies data preprocessing, TF-IDF, Recursive Feature Elimination (RFE), and a Content-Based Filtering (CBF) model with a feedback xvii loop to generate tailored compliance recommendations. The proposed framework was validated across three organizational maturity scenariosAd-hoc, Managed, and Adaptive. Findings indicated that the UAE standard recommended 158 controls at the Ad-hoc level, while the KSA standard dominated at the Managed level. Among the classifiers tested (Random Forest, K-Nearest Neighbor, and Support Vector Machine), Random Forest achieved the best performance with 81% accuracy and an ROC-AUC score of 0.98. The proposed framework provides a scalable and adaptive mechanism for compliance, enabling continuous monitoring of organizational maturity and alignment with international standards. By enhancing governance and resilience, it supports national cybersecurity capacity and contributes to improving Global Cybersecurity Index (GCI) rankings, offering both theoretical advancement and practical value for developing countries.

There are no comments on this title.

to post a comment.
© 2023 Central Library, National University of Sciences and Technology. All Rights Reserved.