Search results

The purpose of this paper is to present the educational computer emergency response team (EduCERT) framework, an integrated response mechanism to bolster national cybersecurity through collaborative efforts in the higher education sector. The EduCERT framework addresses this gap by enhancing cyber security and mitigating cybercrime through collaborative incident management, knowledge sharing and university awareness campaigns.

The authors propose an EduCERT framework following the design science methodology. The framework is developed based on literature and input from focus group experts. Moreover, it is grounded in the principles of the technology-organization-environment framework, organizational learning and diffusion of innovations theory.

The EduCERT has eight components: infrastructure, governance, knowledge development, awareness, incident management, evaluation and continuous improvement. The framework reinforces national cybersecurity through cooperation between universities and the National Computer Emergency Response Team. The framework has been implemented in Jordan to generate a cybersecurity foundation for higher education. Evaluating the EduCERT framework’s influence on national cybersecurity highlights the importance of adopting comprehensive cyber-security policies and controls. The framework application shows its relevance, effectiveness, adaptability and alignment with best practices.

Despite the impact of applying the framework in the Jordanian context, it is essential to acknowledge that the proposed EduCERT framework’s practical implementation may encounter challenges specific to diverse international educational environment sectors. However, framework customization for global applicability could address varied educational institutions in other countries.

Furthermore, the proposed EduCERT framework is designed with universal applicability that extends beyond the specific country’s context. The principles and components presented in the framework can serve as valuable design advice for establishing collaborative and resilient cybersecurity frameworks in educational settings worldwide. Therefore, the research enhances the proposed framework’s practical utility and positions it as an invaluable contribution to the broader discourse on global cybersecurity in academia.

This paper enhances national cybersecurity in the higher education sector, addressing the need for a more integrated response mechanism. The EduCERT framework demonstrates its effectiveness, adaptability and alignment with best practices, offering valuable guidance for global educational institutions.

This paper aims to explore the evolution of a trend in which countries are developing or adopting cybersecurity implementation frameworks that are intended to be used nationally. This paper contrasts the cybersecurity frameworks that have been developed in three countries, namely, Australia, UK and USA.

The paper uses literature review and qualitative document analysis for the study. The paper developed and used an assessment matrix as its coding protocol. The contents of the three cybersecurity frameworks were then scored to capture the degree to which they covered the themes/items of the cybersecurity assessment matrix.

The analysis found that the three cybersecurity frameworks are oriented toward the risk management approach. However, the frameworks also had notable differences with regard to the security domains that they cover. For example, one of the frameworks did not offer guidelines with regard to what to do to respond to attacks or to plan for recovery.

The results of this study are beneficial to policymakers in the three countries targeted, as they are able to gain insights about how their cybersecurity frameworks compares to those of the other two countries. Such knowledge would be useful as decision-makers take steps to improve their existing frameworks. The results of this study are also beneficial to executives who have branches in all three countries. In such cases, security professionals could deploy the most comprehensive framework across all three countries and then extend the deployment in each location to meet country-specific requirements.

This paper proposes a holistic, proactive and adaptive approach to cybersecurity from a service lens, given the continuously evolving cyber-attack techniques, threat and vulnerability landscape that often overshadow existing cybersecurity approaches.

Through an extensive literature review of relevant concepts and analysis of existing cybersecurity frameworks, standards and best practices, a logical argument is made to produce a dynamic end-to-end cybersecurity service system model.

Cyberspace has provided great value for businesses and individuals. The COVID-19 pandemic has significantly motivated the move to cyberspace by organizations. However, the extension to cyberspace comes with additional risks as traditional protection techniques are insufficient and isolated, generally focused on an organization's perimeter with little attention to what is out there. More so, cyberattacks continue to grow in complexity creating overwhelming consequences. Existing cybersecurity approaches and best practices are limited in scope, and implementation strategies, differing in strength and focus, at different levels of granularity. Nevertheless, the need for a proactive, adaptive and responsive cybersecurity solution is recognized.

This paper presents a model that promises proactive, adaptive and responsive end-to-end cybersecurity. The proposed cybersecurity continuity and management model premised on a service system, leveraging on lessons learned from existing solutions, takes a holistic analytical view of service activities from source (service provider) to destination (Customer) to ensure end-to-end security, whether internally (within an organization) or externally.

Data breaches in the US healthcare sector have more than tripled in the last decade across all states. However, to this day, no established framework ranks all states from most to least at risk for healthcare data breaches. This gap has led to a lack of proper risk identification and understanding of cyber environments at state levels.

Based on the security action cycle, the National Institute of Standards and Technology (NIST) cybersecurity framework, the risk-planning model, and the multicriteria decision-making (MCDM) literature, the paper offers an integrated multicriteria framework for prioritization in cybersecurity to address this lack and other prioritization issues in risk management in the field. The study used historical breach data between 2015 and 2021.

The findings showed that California, Texas, New York, Florida, Indiana, Pennsylvania, Massachusetts, Minnesota, Ohio, and Georgia are the states most at risk for healthcare data breaches.

The findings highlight each US state faces a different level of healthcare risk. The findings are informative for patients, crucial for privacy officers in understanding the nuances of their risk environment, and important for policy-makers who must grasp the grave disconnect between existing issues and legislative practices. Furthermore, the study suggests an association between positioning state risk and such factors as population and wealth, both avenues for future research.

Theoretically, the paper offers an integrated framework, whose basis in established security models in both academia and industry practice enables utilizing it in various prioritization scenarios in the field of cybersecurity. It further emphasizes the importance of risk identification and brings attention to different healthcare cybersecurity environments among the different US states.

The accelerated digital transformation and the growing emphasis on privacy, safety and security present ongoing challenges for cybersecurity experts. Alongside these challenges, the multidisciplinary, everchanging and complex nature of the cybersecurity domain has further challenged the acquisition and retention of cybersecurity talent. Empowering reskilling and upskilling in cybersecurity necessitates efficacious educational endeavours which promote self-confidence and foster a growth mindset. The purpose of this paper is to highlight that cultivating self-efficacy in cybersecurity education can help promote competency development and effectively address the prominent skills gaps. This notion applies equally to both aspiring individuals pursuing a career in cybersecurity and professionals in the field who may wish to better articulate the skills they already possess, the skills they lack and newly surfacing skills that need to be developed.

The study discusses the imminent need for adopting a “skills-first” approach in cybersecurity and explores innovative pedagogies and professional frameworks that can inform and frame such an approach. Subsequently, a critical analysis of the importance of self-efficacy towards motivating and supporting upskilling in cybersecurity is performed. A case study is presented, expanding the authors’ previous work on cybersecurity professional development, to demonstrate the mediating role that self-efficacy can play in developing core cybersecurity competencies. The case study presents the design of a new cybersecurity curriculum in the context of postgraduate, synchronous distance cybersecurity education, and it is utilised as a basis to discuss how the proposed curriculum cultivates self-efficacy attitudes.

A skills-first approach is becoming the new norm in contemporary workplaces. This work highlights the importance of actively nurturing self-efficacy attitudes through innovative cybersecurity curricula that can be tailored to the learners’ needs, instigating a drive for learning and, ultimately, helping learners effectively upskilling by portraying a self-directed learning path and a professional growth mindset in cybersecurity.

The authors present the importance of cultivating self-efficacy in higher and lifelong education to foster reskilling and upskilling in cybersecurity. An innovative cybersecurity curriculum was constructed and delivered with a group of learners demonstrating how self-efficacy can be leveraged through interactive, reflective and self-assessment educational activities that enhanced motivation and self-awareness, curiosity, attention to detail and resilience – key skills for a successful career in cybersecurity.

This paper aims to develop a framework for critical information infrastructure (CII) protection in smart government, an alternative measure for common cybersecurity frameworks such as NIST Cybersecurity Framework and ISO 27001. Smart government is defined as the government administration sector of CII due to its similarity as a core of smart technology.

To ensure the validity of the data, the research methodology used in this paper follows the predicting malfunctions in socio-technical systems (PreMiSTS) approach, a variation of the socio-technical system (STS) approach specifically designed to predict potential issues in the STS. In this study, PreMiSTS was enriched with observation and systematic literature review as its main data collection method, thematic analysis and validation by experts using fuzzy Delphi method (FDM).

The proposed CII protection framework comprises several dimensions: objectives, interdependency, functions, risk management, resources and governance. For all those dimensions, there are 20 elements and 41 variables.

This framework can be an alternative guideline for CII protection in smart government, particularly in government administration services.

The author uses PreMiSTS, a socio-technical approach combined with thematic analysis and FDM, to design a security framework for CII protection. This combination was designed as a mixed-method approach to improve the likelihood of success in an IT project.

This paper aims to highlight the importance and role of strategic cyber intelligence to support risk-informed decision-making, ultimately leading to improved objectives, policies, architectures and investments to advance a nation or organization’s interests in the cyber domain.

Integration of professional research literature from the fields of intelligence studies, strategy and information/computer security.

Investing in technology, firewalls and intrusion detection systems is appropriate but, by itself, insufficient. Intelligence is a key component. Cyber intelligence emphasizes prevention and anticipation, to focus cybersecurity efforts before an attack occurs (“left of the hack”). Strategic cyber intelligence can substantially reduce risk to the organization’s mission and valued assets and support its due diligence.

This paper describes how strategic cyber intelligence can be implemented and used within an enterprise to enhance its cyber defense, and create a more proactive and adaptive security posture. It not only describes strategic cyber intelligence as a distinct discipline, but also demonstrates how the key intelligence functions articulate with existing cybersecurity risk management standards.

Introduction: The frequency and complexity of cyber assaults have grown in recent years. Consequently, organisations have increased their expenditures in more robust infrastructure to protect themselves from these cyber assaults. These organisations’ assets, data, and reputations are at risk due to rapidly increasing cybercrimes. However, complete protection from these many and ever-changing threats is very challenging as a result. To deal with them, companies are taking steps to reduce risks and limit company losses in their occurrence.

Purpose: Progressively, the insurance sector organisations are including digital protection as a component of the board’s general danger technique. Protection enterprises, then again, depend on accurately expecting risks, while a significant number of them depend on normalised approaches. Because of the exceptional attributes of the digital assaults, transporters now and again depend on subjective strategies dependent on master decisions. There is an unmistakeable absence of observational information on digital protection, specifically subjective examinations planning to comprehend and depict necessities, impediments, and cycles applicable for digital protection.

Methodology: There are various unanswered inquiries and worries about the oversight and legitimate and administrative assessment of network safety weaknesses in the protection business. In the wake-up of looking over all these worries and issues, steps to alleviate them are laid out after an extensive literature survey and secondary data sources. In this study, the authors have principally viewed the executive parts of the associations as the danger. While considering network protection, their insight of needs was taken as one among a few dangerous treatment systems, just as the necessities of the organisations’ protection in assessing the danger level of likely customers.

Findings: This section analyses past research in network safety and information security in the protection market. The danger of the executives’ strategies, the numerical models, and the forecasts of digital occassions are illustrated in this section. Lastly, the future headings are likewise expressed momentarily.

Practical implications: This review might be valuable for additional examination and logical discussion, yet additionally for down-to-earth applications. Moreover, it could be gainful to organisations as a supportive instrument for better agreement on what digital protection is and how to get ready to take on network safety and information security procedures in the association.

Significance: These associations’ resources, information, and notoriety are in danger because of quickly expanding cybercrimes. Cybercriminals are utilising more refined approaches to start digital assaults. Digital protection was anticipated to affect security conduct before any proof was gathered. Progressively, organisations are including digital protection as a feature of their general danger to the executive system. Because of the exceptional attributes of the digital assaults, transporters as often as possible depend on subjective methods dependent on master decisions. Thus, this space of network safety and information security is vital uniquely in the protection market.

To better understand the current state of world economic competitiveness as well as the challenges and opportunities both present and emerging for national economies, the IBM Institute for Business Value (IBV) 10;surveyed top executives on a range of topics related to their organizations’ and their nations’ successes.

More than 2,700 C-level executives across the 12 largest national economies were surveyed in collaboration with Oxford Economics.

•9;90 percent of executives cite skilled labor availability and quality as a critical factor for their organization when considering expansion into new markets. 10;•9;54 percent of executives say cyber threats are among the biggest strategic risks for their nation’s economy in the next five years. 10;•9;120 million workers in the world’s 12 largest economies may need to be retrained/reskilled in the next three years as a result of intelligent/AI-enabled automation. 10;

By a wide margin, regulatory risk and cyber threats dominate the attention of business and other leaders as primary risks to their respective economies.

The future success of national economies is heavily dependent upon ecosystem partners working together to develop and maintain a skilled workforce across regional labor markets.

Based on the responses, the researches recommend a focus on developing and maintaining the workforce skills required to realize value from intelligent automation and other emerging technologies.As intelligent automation and other disruptions continue to redefine industries, the types of skills these industries require are also evolving. 10;

The purpose of this paper can be encapsulated in the following points: identify the research papers published on the topic: competencies and skills necessary for critical infrastructure (CI) cyber-security (CS) protection; determine main focus areas within the identified literature and evaluate the dependency or lack thereof between them: make recommendations for future research.

This study is based on a systematic literature review conducted to identify scientific papers discussing and evaluating competencies, skills and essential attributes needed by the CI workforce for CS and preparedness to attacks and incidents.

After a comparative analysis of the articles reviewed in this study, a variety of skills and competencies was found to be necessary for CS assurance in CIs. These skills have been grouped into four categories, namely, technical, managerial, implementation and soft skills. Nonetheless, there is still a lack of agreement on which skills are the most critical and further research should be conducted on the relation between specific soft skills and CS assurance.

Investigation of which skills are required by industry for specific CS roles, by conducting interviews and sending questionnaire\surveys, would allow consolidating whether literature and industry requirements are equivalent.

Findings from this literature review suggest that more effort should be taken to conciliate current CS curricula in academia with the skills and competencies required for CS roles in the industry.

This study provides a previously lacking current mapping and review of literature discussing skills and competencies evidenced as critical for CS assurance for CI. The findings of this research are useful for the development of comprehensive solutions for CS awareness and training.