Search results

This paper aims to explore the evolution of a trend in which countries are developing or adopting cybersecurity implementation frameworks that are intended to be used nationally. This paper contrasts the cybersecurity frameworks that have been developed in three countries, namely, Australia, UK and USA.

The paper uses literature review and qualitative document analysis for the study. The paper developed and used an assessment matrix as its coding protocol. The contents of the three cybersecurity frameworks were then scored to capture the degree to which they covered the themes/items of the cybersecurity assessment matrix.

The analysis found that the three cybersecurity frameworks are oriented toward the risk management approach. However, the frameworks also had notable differences with regard to the security domains that they cover. For example, one of the frameworks did not offer guidelines with regard to what to do to respond to attacks or to plan for recovery.

The results of this study are beneficial to policymakers in the three countries targeted, as they are able to gain insights about how their cybersecurity frameworks compares to those of the other two countries. Such knowledge would be useful as decision-makers take steps to improve their existing frameworks. The results of this study are also beneficial to executives who have branches in all three countries. In such cases, security professionals could deploy the most comprehensive framework across all three countries and then extend the deployment in each location to meet country-specific requirements.

This paper proposes a holistic, proactive and adaptive approach to cybersecurity from a service lens, given the continuously evolving cyber-attack techniques, threat and vulnerability landscape that often overshadow existing cybersecurity approaches.

Through an extensive literature review of relevant concepts and analysis of existing cybersecurity frameworks, standards and best practices, a logical argument is made to produce a dynamic end-to-end cybersecurity service system model.

Cyberspace has provided great value for businesses and individuals. The COVID-19 pandemic has significantly motivated the move to cyberspace by organizations. However, the extension to cyberspace comes with additional risks as traditional protection techniques are insufficient and isolated, generally focused on an organization's perimeter with little attention to what is out there. More so, cyberattacks continue to grow in complexity creating overwhelming consequences. Existing cybersecurity approaches and best practices are limited in scope, and implementation strategies, differing in strength and focus, at different levels of granularity. Nevertheless, the need for a proactive, adaptive and responsive cybersecurity solution is recognized.

This paper presents a model that promises proactive, adaptive and responsive end-to-end cybersecurity. The proposed cybersecurity continuity and management model premised on a service system, leveraging on lessons learned from existing solutions, takes a holistic analytical view of service activities from source (service provider) to destination (Customer) to ensure end-to-end security, whether internally (within an organization) or externally.

This paper aims to develop a framework for critical information infrastructure (CII) protection in smart government, an alternative measure for common cybersecurity frameworks such as NIST Cybersecurity Framework and ISO 27001. Smart government is defined as the government administration sector of CII due to its similarity as a core of smart technology.

To ensure the validity of the data, the research methodology used in this paper follows the predicting malfunctions in socio-technical systems (PreMiSTS) approach, a variation of the socio-technical system (STS) approach specifically designed to predict potential issues in the STS. In this study, PreMiSTS was enriched with observation and systematic literature review as its main data collection method, thematic analysis and validation by experts using fuzzy Delphi method (FDM).

The proposed CII protection framework comprises several dimensions: objectives, interdependency, functions, risk management, resources and governance. For all those dimensions, there are 20 elements and 41 variables.

This framework can be an alternative guideline for CII protection in smart government, particularly in government administration services.

The author uses PreMiSTS, a socio-technical approach combined with thematic analysis and FDM, to design a security framework for CII protection. This combination was designed as a mixed-method approach to improve the likelihood of success in an IT project.

This paper aims to highlight the importance and role of strategic cyber intelligence to support risk-informed decision-making, ultimately leading to improved objectives, policies, architectures and investments to advance a nation or organization’s interests in the cyber domain.

Integration of professional research literature from the fields of intelligence studies, strategy and information/computer security.

Investing in technology, firewalls and intrusion detection systems is appropriate but, by itself, insufficient. Intelligence is a key component. Cyber intelligence emphasizes prevention and anticipation, to focus cybersecurity efforts before an attack occurs (“left of the hack”). Strategic cyber intelligence can substantially reduce risk to the organization’s mission and valued assets and support its due diligence.

This paper describes how strategic cyber intelligence can be implemented and used within an enterprise to enhance its cyber defense, and create a more proactive and adaptive security posture. It not only describes strategic cyber intelligence as a distinct discipline, but also demonstrates how the key intelligence functions articulate with existing cybersecurity risk management standards.

Introduction: The frequency and complexity of cyber assaults have grown in recent years. Consequently, organisations have increased their expenditures in more robust infrastructure to protect themselves from these cyber assaults. These organisations’ assets, data, and reputations are at risk due to rapidly increasing cybercrimes. However, complete protection from these many and ever-changing threats is very challenging as a result. To deal with them, companies are taking steps to reduce risks and limit company losses in their occurrence.

Purpose: Progressively, the insurance sector organisations are including digital protection as a component of the board’s general danger technique. Protection enterprises, then again, depend on accurately expecting risks, while a significant number of them depend on normalised approaches. Because of the exceptional attributes of the digital assaults, transporters now and again depend on subjective strategies dependent on master decisions. There is an unmistakeable absence of observational information on digital protection, specifically subjective examinations planning to comprehend and depict necessities, impediments, and cycles applicable for digital protection.

Methodology: There are various unanswered inquiries and worries about the oversight and legitimate and administrative assessment of network safety weaknesses in the protection business. In the wake-up of looking over all these worries and issues, steps to alleviate them are laid out after an extensive literature survey and secondary data sources. In this study, the authors have principally viewed the executive parts of the associations as the danger. While considering network protection, their insight of needs was taken as one among a few dangerous treatment systems, just as the necessities of the organisations’ protection in assessing the danger level of likely customers.

Findings: This section analyses past research in network safety and information security in the protection market. The danger of the executives’ strategies, the numerical models, and the forecasts of digital occassions are illustrated in this section. Lastly, the future headings are likewise expressed momentarily.

Practical implications: This review might be valuable for additional examination and logical discussion, yet additionally for down-to-earth applications. Moreover, it could be gainful to organisations as a supportive instrument for better agreement on what digital protection is and how to get ready to take on network safety and information security procedures in the association.

Significance: These associations’ resources, information, and notoriety are in danger because of quickly expanding cybercrimes. Cybercriminals are utilising more refined approaches to start digital assaults. Digital protection was anticipated to affect security conduct before any proof was gathered. Progressively, organisations are including digital protection as a feature of their general danger to the executive system. Because of the exceptional attributes of the digital assaults, transporters as often as possible depend on subjective methods dependent on master decisions. Thus, this space of network safety and information security is vital uniquely in the protection market.

To better understand the current state of world economic competitiveness as well as the challenges and opportunities both present and emerging for national economies, the IBM Institute for Business Value (IBV) 10;surveyed top executives on a range of topics related to their organizations’ and their nations’ successes.

More than 2,700 C-level executives across the 12 largest national economies were surveyed in collaboration with Oxford Economics.

•9;90 percent of executives cite skilled labor availability and quality as a critical factor for their organization when considering expansion into new markets. 10;•9;54 percent of executives say cyber threats are among the biggest strategic risks for their nation’s economy in the next five years. 10;•9;120 million workers in the world’s 12 largest economies may need to be retrained/reskilled in the next three years as a result of intelligent/AI-enabled automation. 10;

By a wide margin, regulatory risk and cyber threats dominate the attention of business and other leaders as primary risks to their respective economies.

The future success of national economies is heavily dependent upon ecosystem partners working together to develop and maintain a skilled workforce across regional labor markets.

Based on the responses, the researches recommend a focus on developing and maintaining the workforce skills required to realize value from intelligent automation and other emerging technologies.As intelligent automation and other disruptions continue to redefine industries, the types of skills these industries require are also evolving. 10;

The purpose of this paper can be encapsulated in the following points: identify the research papers published on the topic: competencies and skills necessary for critical infrastructure (CI) cyber-security (CS) protection; determine main focus areas within the identified literature and evaluate the dependency or lack thereof between them: make recommendations for future research.

This study is based on a systematic literature review conducted to identify scientific papers discussing and evaluating competencies, skills and essential attributes needed by the CI workforce for CS and preparedness to attacks and incidents.

After a comparative analysis of the articles reviewed in this study, a variety of skills and competencies was found to be necessary for CS assurance in CIs. These skills have been grouped into four categories, namely, technical, managerial, implementation and soft skills. Nonetheless, there is still a lack of agreement on which skills are the most critical and further research should be conducted on the relation between specific soft skills and CS assurance.

Investigation of which skills are required by industry for specific CS roles, by conducting interviews and sending questionnaire\surveys, would allow consolidating whether literature and industry requirements are equivalent.

Findings from this literature review suggest that more effort should be taken to conciliate current CS curricula in academia with the skills and competencies required for CS roles in the industry.

This study provides a previously lacking current mapping and review of literature discussing skills and competencies evidenced as critical for CS assurance for CI. The findings of this research are useful for the development of comprehensive solutions for CS awareness and training.

The purpose of this paper is to highlight the potential of cyber-testing techniques in assessing the effectiveness of cyber-security controls and obtaining audit evidence.

The paper starts with an identification of the applicable cyber-testing techniques and evaluates their applicability to generally accepted assurance schemes and cyber-security guidelines.

Cyber-testing techniques are providing insight in the effectiveness of the actual implementation of cyber-security controls, which may significantly deviate from the conceptual designs of these controls. Furthermore, cyber-testing techniques could provide concise input for cyber-risk management and improvement recommendations.

The presented cyber-testing techniques could complement traditional process-oriented assurance techniques with specialized technical analyses of real-world implementations that focus on the adversaries’ viewpoint.

The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security risks, technology-centred measures were deemed to be the ultimate solution. Nowadays, however, it is accepted that the process of cyber security requires much more than mere technical controls. On the contrary, it now demands a human-centred approach, including a cyber security culture. Although the role of cultivating a culture in pursuing cyber security is well appreciated, research focusing intensely on cyber security culture is still in its infancy. Additionally, knowledge on the subject is not clearly bounded and defined.

General morphological analysis (GMA) is used to define, structure and analyse the cyber security environment culture.

This paper identifies the most important variables in cultivating a cyber security culture.

The delineation of the national cyber security domain will contribute to the relatively new domain of cyber security culture. They contribute to the research community by means of promoting a shared and common understanding of terms. It is a step in the right direction towards eliminating the ambiguity of domain assumptions.

Practically, the study can assist developing nations in constructing strategies that addresses the key factors that need to be apparent in lieu to cultivating its envisaged national culture of cyber security. Additionally, the GMA will contribute to the development of solutions or means that do not overlook interrelations of such factors.

Delineating and defining the cyber security culture domain more precisely could greatly contribute to realizing the elements that collectively play a role in cultivating such a culture for a national perspective.