Evaluating cyber resilience frameworks for e-government: applicability of NIST CSF, ISO/IEC 27001 and COBIT 2019 in developing country contexts

Abstract

Purpose This paper aims to examine three cybersecurity and governance frameworks, namely, NIST Cybersecurity Framework (CSF) 2.0, ISO/IEC 27001:2022 and COBIT 2019, in relation to South Africa’s e-government systems. It explores how context-sensitive integration of global standards may inform cyber resilience thinking in developing-country public-sector environments, with relevance to reducing digital inequalities (SDG 10) and supporting sustainable urban digital infrastructure (SDG 11). Design/methodology/approach A qualitative, literature-based comparative evaluation is used. The frameworks are assessed against analytically derived dimensions, including governance alignment, operational usability, adaptability, resource and capacity sensitivity, resilience orientation and performance monitoring. Peer-reviewed literature, framework documentation and policy sources inform the conceptual comparative analysis. Findings The analysis indicates that no single framework is sufficient in isolation. NIST CSF 2.0 contributes modularity and adaptability, ISO/IEC 27001 provides structured controls and continuous improvement mechanisms, and COBIT 2019 embeds governance and oversight. Their complementary characteristics inform the development of a conceptual hybrid cyber resilience framework. Research limitations/implications The study is conceptual and literature-based. An empirical investigation through practitioner engagement or case-based analysis is required to examine contextual feasibility and operational relevance. Practical implications The proposed hybrid framework serves as a conceptual reference model to inform policy dialogue, institutional analysis and future empirical research on cybersecurity governance. Social implications The study contributes to discussions on inclusive access to secure e-government services and resilient digital public infrastructure, with relevance to SDG 10 and SDG 11. Originality/value To the best of the authors’ knowledge, this study provides one of the first literature-based comparative evaluations of NIST CSF 2.0, ISO/IEC 27001:2022 and COBIT 2019 within a developing-country e-government context, contributing a conceptually grounded hybrid framework for cyber resilience analysis.