Samenvatting

This research is based on the problem that for the Dutch higher education there is a lack of comprehensive framework that address the unique challenges faced by these institutions in becoming in control of the cyber risks and increasing the cybersecurity maturity. This problem is addressed by answering the question; what components should Dutch higher education institutions include in an enterprise reference architecture model to combine their knowledge on cybersecurity practices to lower the cyber risks? Overall, the results propose the design of principles, methods, security requirements and most extensive the models as elements for ERA. In which the security requirements can serve as a standardized view on risks translating to the security baseline. The proposed models cover the business layer and consist of three sector-wide models which are cybersecurity policy, cybersecurity capability, cybersecurity reference patterns and three organization specific models which are cybersecurity strategy alignment, risk and compliance and cybersecurity organization.