Nonprofit Cybersecurity: NIST CSF 2.0 as Exemplar of the ZERO-TRUST MODEL

Author

Ariel Maxwell Grad, University of New Hampshire

Date of Award

Spring 2024

Project Type

Thesis

Program or Major

Information Technology

Degree Name

Master of Science

First Advisor

Michael Jonas

Second Advisor

Michaela Sabin

Third Advisor

Timothy Chadwick

Abstract

This thesis investigates the integration of Zero Trust Architecture (ZTA) and the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) within nonprofit and small organizations to enhance cybersecurity posture. Amidst increasing cyber threats, especially highlighted during the COVID-19 pandemic where nonprofit tech adoption allowed organizations to keep serving their communities during country-wide lockdowns [10], and cybercrime surged by 600% [2], the necessity for robust cybersecurity in nonprofits has never been more critical. This study aims to evaluate current cybersecurity practices, specifically Multi-Factor Authentication (MFA) adoption across varying nonprofit sizes, and assess the applicability of ZTA and NIST CSF.

The methodology involved in this Thesis includes quantitative analysis of data from the NTEN 2018 State of Nonprofit Cybersecurity report, which provided insights into IT staffing and cybersecurity practices among 250 nonprofits [16]. The thesis’s research objectives included establishing the relationship between IT resources and cybersecurity readiness, particularly focusing on MFA implementation—a basic yet crucial security measure. The results reveal a direct correlation between IT staffing levels and MFA adoption, with larger organizations more likely to implement MFA compared to smaller ones. Notably, nonprofits with dedicated IT personnel were significantly better at adopting cybersecurity measures than those without. This underscores the importance of structured IT support in enhancing cybersecurity readiness in nonprofits. Evaluation of these results indicates that integrating ZTA and NIST CSF can significantly bolster cybersecurity in nonprofits, especially if aligned with increased IT support. The implications in this thesis suggest that even minimal investments in IT resources can substantially mitigate cyber risks. This research contributes to the broader discourse on nonprofit cybersecurity, providing a scalable model for security enhancements and advocating for continued IT investment in the sector.

Recommended Citation

Grad, Ariel Maxwell, "Nonprofit Cybersecurity: NIST CSF 2.0 as Exemplar of the ZERO-TRUST MODEL" (2024). Master's Theses and Capstones. 1827.
https://scholars.unh.edu/thesis/1827