CYBERSECURITY IN ENTERPRISE INFORMATION SYSTEMS: PREVENTING DATA BREACHES IN THE USA

Abstract

This systematic literature review investigates the evolving landscape of cybersecurity practices within enterprise information systems (EIS), with a specific focus on U.S.-based organizations. By analyzing 144 peer-reviewed articles published between 2010 and 2024, the study synthesizes insights across multiple thematic areas, including cybersecurity maturity models, Zero Trust Architecture (ZTA), identity and access management (IAM), incident response planning, cloud security, and governance frameworks. Following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines, the review identifies critical gaps between theoretical best practices and real-world implementation. The findings reveal that while conceptual frameworks such as CMMI, CMMC, and NIST CSF are widely acknowledged, their practical adoption remains inconsistent across sectors. Zero Trust Architecture, though increasingly recognized for its benefits, has yet to be fully integrated into enterprise-wide strategies due to technical, organizational, and cultural barriers. Identity and access controls are often fragmented, and incident response plans, where present, are frequently underdeveloped or untested. Furthermore, organizations struggle with securing hybrid and multi-cloud environments and often underutilize benchmarking and governance models, leading to reactive and siloed cybersecurity efforts. The review emphasizes that effective cybersecurity in enterprises requires a holistic, integrated approach that combines technical safeguards with governance, leadership commitment, and continuous adaptation to emerging threats. These findings serve as a foundation for future research and practice, offering actionable insights for strengthening organizational cybersecurity readiness in an era of increasing digital complexity.