10.57647/ijeee.2026.1701.04

Cyber Security Resilience Score Index: A Comprehensive Framework for Assessing and Improving Organizational Cybersecurity Posture

PDF
  • Riyadh Jasim Mohammad1,
  • Ali Broumandnia*1,
  • Razieh Farazkish1,
  • Mona Moradi1,
  1. Department of Computer Engineering, ST.C., Islamic Azad University, Tehran, Iran

Received: 2026-05-03

Revised: 2026-05-09

Accepted: 2026-05-09

Published in Issue 2026-03-31

Copyright (c) 2026 Riyadh Jasim Mohammad, Ali Broumandnia, Razieh Farazkish, Mona Moradi (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Mohammad, R. J., Broumandnia, A., Farazkish, R., & Moradi, M. (2026). Cyber Security Resilience Score Index: A Comprehensive Framework for Assessing and Improving Organizational Cybersecurity Posture. International Journal of Energy and Environmental Engineering, 17(01). https://doi.org/10.57647/ijeee.2026.1701.04
Crossref
Scopus
Google Scholar
Europe PMC

PDF views: 8

Abstract

A framework designed to assess and monitor organizational cybersecurity readiness continuously. Addressing the limitations of static, compliance-based methodologies, the CRSI synthesizes the People, Process, and Technology (PPT) dimensions into a unified, network-agnostic metric. Unlike traditional binary assessments, this framework employs a dynamic maturity model applicable across diverse environments, including Information Technology (IT), Operational Technology (OT), and Critical Infrastructure Networks (CIN). The methodology integrates threat-informed weighting algorithms with qualitative control evaluations to generate a holistic resilience index. The framework’s efficacy is demonstrated through a simulated case study of a hybrid utility environment ("EnergyTech"), validated by a sensitivity analysis that confirms the model's stability against subjective weighting variations. Ultimately, the CRSI empowers organizations to diagnose capability gaps with precision, benchmark performance against industry standards, and optimize strategic investments in security infrastructure.

Keywords

  • Cyber Security Resilience,
  • Cyber Resilience Score Index (CRSI),
  • People-Process-Technology (PPT),
  • Critical Infrastructure Networks (CIN),
  • Cybersecurity Posture Assessment,
  • Quantitative Risk Analysis
PDF

References

  1. Kott A, Linkov I, editors. Cyber Resilience of Systems and Networks. Cham: Springer International Publishing; 2019. doi: https://doi.org/10.1007/978-3-319-77492-3
  2. Kott A, et al. Approaches to Enhancing Cyber Resilience: Report of the North Atlantic Treaty Organization (NATO) Workshop IST-153. 2018.
  3. Galinec D, Steingartner W. Combining cybersecurity and cyber defense to achieve cyber resilience. In: 2017 IEEE 14th International Scientific Conference on Informatics. IEEE; 2017. p. 87–93. doi: https://doi.org/10.1109/INFORMATICS.2017.8327227
  4. Meagher H, Dhirani LL. Cyber-Resilience, Principles, and Practices. 2024. p. 57–74. doi: https://doi.org/10.1007/978-3-031-45162-1_4
  5. Coiciu I, Militaru G. Improvement of Cyber Resilience by Implementation of a Digital Business Continuity Management System: Evidence from Romania. Proc Int Conf Bus Excell. 2024; 18(1): 2492–2505. doi: https://doi.org/10.2478/picbe-2024-0209
  6. AlHidaifi SM, Asghar MR, Ansari IS. Towards a Cyber Resilience Quantification Framework (CRQF) for IT Infrastructure. Comput Netw. 2024; 247: 110446. doi: https://doi.org/10.1016/j.comnet.2024.110446
  7. Khdhir R, et al. Building Resilient National Critical Infrastructure: A Digital Twin-Based Framework for Comprehensive Insider and External Threat Detection. J King Saud Univ Comput Inf Sci. 2026; 38(3): 118. doi: https://doi.org/10.1007/s44443-026-00464-5
  8. Bostick TP, Connelly EB, Lambert JH, Linkov I. Resilience Science, Policy and Investment for Civil Infrastructure. Reliab Eng Syst Saf. 2018; 175: 19–23. doi: https://doi.org/10.1016/j.ress.2018.02.025
  9. Bier V, Gutfraind A. Risk Analysis Beyond Vulnerability and Resilience: Characterizing the Defensibility of Critical Systems. Eur J Oper Res. 2019; 276(2): 626–636. doi: https://doi.org/10.1016/j.ejor.2019.01.011
  10. Aliyu A, et al. A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom. Appl Sci. 2020; 10(10): 3660. doi: https://doi.org/10.3390/app10103660
  11. Carías JF, Arrizabalaga S, Labaka L, Hernantes J. Cyber Resilience Progression Model. Appl Sci. 2020; 10(21): 7393. doi: https://doi.org/10.3390/app10217393
  12. National Institute of Standards and Technology. Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. Gaithersburg (MD): NIST; 2018. doi: https://doi.org/10.6028/NIST.CSWP.04162018
  13. Markopoulou D, Papakonstantinou V. The Regulatory Framework for the Protection of Critical Infrastructures Against Cyberthreats: Identifying Shortcomings and Addressing Future Challenges. Comput Law Secur Rev. 2021; 41: 105502. doi: https://doi.org/10.1016/j.clsr.2020.105502
  14. Pesch-Cronin KA, Marion NE. Critical Infrastructure Protection, Risk Management, and Resilience. New York: Routledge; 2024. doi: https://doi.org/10.4324/9781003434887
  15. Gritzalis D, Theocharidou M, Stergiopoulos G, editors. Critical Infrastructure Security and Resilience. Cham: Springer International Publishing; 2019. doi: https://doi.org/10.1007/978-3-030-00024-0
  16. Cao Z, Zhao H, Wang Y, He C, Zhou D, Han X. A Resilience Quantitative Assessment Framework for Cyber–Physical Systems: Mathematical Modeling and Simulation. Appl Sci. 2025; 15(15): 8285. doi: https://doi.org/10.3390/app15158285
  17. Meng D, et al. Security-First Architecture: Deploying Physically Isolated Active Security Processors for Safeguarding the Future of Computing. Cybersecurity. 2018; 1(1): 2. doi: https://doi.org/10.1186/s42400-018-0001-z
  18. Assad A, Moselhi O, Zayed T. A New Metric for Assessing Resilience of Water Distribution Networks. Water. 2019; 11(8): 1701. doi: https://doi.org/10.3390/w11081701
  19. Liu T, Liu F. Graph Neural Networks for Evaluating the Reliability and Resilience of Infrastructure Systems: A Systematic Review of Models, Applications, and Future Directions. IEEE Access. 2025; 13: 164883–164904. doi: https://doi.org/10.1109/ACCESS.2025.3611333
  20. Curt C, Tacnet J. Resilience of Critical Infrastructures: Review and Analysis of Current Approaches. Risk Anal. 2018; 38(11): 2441–2458. doi: https://doi.org/10.1111/risa.13166
  21. Aghazadeh Ardebili A, Lezzi M, Pourmadadkar M. Risk Assessment for Cyber Resilience of Critical Infrastructures: Methods, Governance, and Standards. Appl Sci. 2024; 14(24): 11807. doi: https://doi.org/10.3390/app142411807
  22. Wewer G. Bundesamt für Sicherheit in der Informationstechnik (BSI). In: Handbuch Digitalisierung in Staat und Verwaltung. Wiesbaden: Springer Fachmedien Wiesbaden; 2023. p. 1–10. doi: https://doi.org/10.1007/978-3-658-23669-4_104-1
  23. Schiller E, Aidoo A, Fuhrer J, Stahl J, Ziörjen M, Stiller B. Landscape of IoT Security. Comput Sci Rev. 2022; 44: 100467. doi: https://doi.org/10.1016/j.cosrev.2022.100467
  24. Kuzior A, Tiutiunyk I, Zielińska A, Kelemen R. Cybersecurity and Cybercrime: Current Trends and Threats. J Int Stud. 2024; 17(2): 220–239. doi: https://doi.org/10.14254/2071-8330.2024/17-2/12
  25. Verizon. Data Breach Investigations Report (DBIR). New York (NY): Verizon.
  26. European Union Agency for Cybersecurity (ENISA). ENISA Threat Landscape 2024. Athens: ENISA; 2024.
  27. Casola V, De Benedictis A, Riccio A, Rivera D, Mallouli W, de Oca EM. A Security Monitoring System for Internet of Things. Internet Things. 2019; 7: 100080.