Reimagining Cybersecurity Controls: BDSLCCI vs. ISO/IEC 27001, NIST CSF, and COBIT 2019
Keywords:
Artificial intelligence, Digital wellness, Emotion recognition, Eye strain prevention, Healthcare technology, Human-computer interaction, Multimodal machine learning, Personalized interventions, Posture monitoring, Stress detectionAbstract
Cybersecurity has become a major concern for organizations due to the rapid growth of digital technologies and the increasing number of cyber threats such as data breaches, ransomware, and phishing attacks. Various cybersecurity frameworks, including ISO/IEC 27001, the NIST Cybersecurity Framework (CSF), and COBIT 2019, provide structured guidelines for managing risks, improving governance, and ensuring regulatory compliance. However, these frameworks are often complex, costly, and resource-intensive, making them difficult for small and medium enterprises (SMEs) to implement effectively. SMEs typically face limitations in terms of budget, expertise, and infrastructure, which increases their vulnerability to cyberattacks. This research paper presents a comparative study of a newly proposed framework, Business Domain Specific Least Cybersecurity Controls Implementation (BDSLCCI), with established frameworks such as ISO/IEC 27001, NIST CSF, and COBIT 2019. The comparison is conducted based on structure, control objectives, implementation methodology, governance integration, risk management, compliance support, and maturity assessment. The study highlights that BDSLCCI provides a domain-specific, cost-effective, and stepwise implementation approach tailored to SME needs. The findings suggest that while traditional frameworks remain essential for large enterprises and regulatory requirements, BDSLCCI offers a practical and scalable solution for improving cybersecurity readiness among SMEs.
References
International Organization for Standardization and International Electrotechnical Commission, ISO/IEC 27001:2022—Information security, cybersecurity and privacy protection—information security management systems—requirements, 3rd ed. Geneva, Switzerland: ISO/IEC, 2022.
National Institute of Standards and Technology, NIST Special Publication 800-53: Cybersecurity Framework Version 2.0, Gaithersburg, MD, USA, Feb. 2024.
ISACA, COBIT 2019 Framework: Introduction and methodology, Rolling Meadows, IL, USA, 2018.
S. Pawar and J. T., “Implementing HIPAA compliant cybersecurity for healthcare SMEs using BDSLCCI framework,” European Economic Letters, vol. 15, no. 2, pp. 883–904, 2025.
SecureClaw Inc., BDSLCCI cybersecurity framework – overview, USA, 2025.
A. Alahmari and B. Duncan, “Cybersecurity risk management in Small and Medium-Sized Enterprises: A systematic review of recent evidence,” 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), Dublin, Ireland, 2020, pp. 1–5.
A. K. Makhija, “Information security management systems - evolving landscape & ISO 27001: An empirical study,” Journal of Accounting, Finance, Economics, and Social Sciences, vol. 6, no. 1, pp. 9–17, 2021.
A. M. Alghamdi, “Comparative analysis of ISO27001 and NIST CSF,” International Journal of Membrane Science and Technology, vol. 10, no. 4, pp. 1423–1429, Sep. 2023.
E. Aflakhah and B. Soewito, “Assessing information security using COBIT 2019 and ISO 27001:2013 for developing a mitigation plan,” International Journal of Engineering Trends and Technology, vol. 71, no. 10, pp. 223–237, Oct. 2023.
S. Siddamsetti and R. Subramanian, “Comparative study of cyber security risk assessment frameworks,” NeuroQuantology vol. 21, no. 6, pp. 2015–2024, Jun. 2023.
F. R. Moreira, D. A. Da Silva Filho, G. D. A. Nze, R. T. de Sousa Júnior and R. R. Nunes, “Evaluating the performance of NIST’s framework cybersecurity controls through a constructivist multicriteria methodology,” in IEEE Access, vol. 9, pp. 129605–129618, 2021.
H., M. N. H. Siregar, D. Apriadi, A., and N., “Integrating COBIT 2019 and ISO/IEC 27001 for strengthening IT governance and information security,” Proceedings of The International Conference on Computer Science Engineering Social Science and Multi-Disciplinary Studies, vol. 1, pp. 225–231, Nov. 2025.
G. Büyüközkan and M. Güler, “Cybersecurity maturity model: Systematic literature review and a proposed model,” Technological Forecasting and Social Change, vol. 213, Apr. 2025.
N. Khan, S. Furnell, M. Bada, J. R. C. Nurse, and M. Rand, “The hidden barriers to cyber security adoption amongst Small and Medium-Sized Enterprises,” Information & Computer Security, vol. 34, no. 2, pp. 211–230, Aug. 2025.
N. Legowo and Y. Juhartoyo, “Risk management; Risk assessment of information technology security system at bank using ISO 27001,” Journal of System and Management Sciences, vol. 12, no. 3, pp. 181–199, 2022.
O. Giuca, T. M. Popescu, A. M. Popescu, G. Prostean, and D. E. Popescu, “A survey of cybersecurity risk management frameworks,” Soft Computing Applications, pp. 240–272, Aug. 2020.
H. G. Afiansyah and N. A. K. Febriyani, “Penyusunan kebijakan pengamanan dan pengelolaan infrastruktur operasi keamanan siber menggunakan NIST CSF 2.0 dan ISO/IEC 27001:2022,” Info Kripto, vol. 17, no. 3, Dec. 2023.
C. Noh-soon and C. Sung-kwon, “Cybersecurity threats and comprehensive defense strategy,” Journal of International Area Studies, vol. 20, no. 5, pp. 185–208, 2016.
H. Nugroho and T. Herawan, “Enterprise Architecture characteristics in context enterprise governance base on COBIT 5 Framework,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 3, no. 1, pp. 240–248, Jul. 2016.
T. Joswig and W. Kurz, “Regulatory and compliance requirements for SMEs operating AI systems through data centers in the EU, with a focus on data protection challenges in Germany,” Journal of Next-Generation Research 5.0, vol. 1, no. 2, Feb. 2025.
