To see the other types of publications on this topic, follow the link: Cybersecurity certification.
Journal articles on the topic 'Cybersecurity certification'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Cybersecurity certification.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Al Harrack, Micheline. "Connecting O*Net® Database to Cybersecurity Workforce Professional Certifications." International Journal on Integrating Technology in Education 10, no. 2 (June 30, 2021): 65–76. http://dx.doi.org/10.5121/ijite.2021.10206.
Full textAbstract:
The Occupational Information Network O*NET is considered the primary source of occupational information in the U.S. I explore here possible uses of O*NET data to inform cybersecurity workforce readiness certification programs. The O*NET database is used to map out education requirements and how they relate to professional certifications as required by employers and job designers in accordance with the National Initiative for Cybersecurity Careers and Studies (NICCS). The search focuses on the “Information Security Analysts” occupation as listed on O*NET, Careeronestop, U.S. Bureau of Labor Statistics (BLS), and finally tied back to NICCS source work role to identify certifications requirements. I found that no site has listed any certification as required, desirable or mandatory. NICCS offered general guidance to potential topics and areas of certification. Careeronestop site provided the ultimate guidance for this role certification. Professional certifications are still not integrated in the Cybersecurity Workforce Framework official guidance.
2
Wang, Ping, and Hubert D'Cruze. "Certifications in Cybersecurity Workforce Development." International Journal of Hyperconnectivity and the Internet of Things 3, no. 2 (July 2019): 38–57. http://dx.doi.org/10.4018/ijhiot.2019070104.
Full textAbstract:
The workforce demand for cybersecurity professionals has been substantial and fast growing. Qualified cybersecurity professionals with appropriate knowledge, skills, and abilities for various tasks and job roles are needed to perform the challenging work of defending the cyber space. The certified information systems security professional (CISSP) certification is a globally recognized premier cybersecurity credential and validation of qualifications. This case study analyzes the CISSP certification requirements, domains and objectives and attempts to map them to the cybersecurity industry competencies and the US national cybersecurity workforce framework (NCWF). This research is an extended study with full mapping of all CISSP domain areas to the knowledge, skills, and abilities in NCWF. The extended study aims to discover the in-depth value and role of reputable certifications such as CISSP in competency development for cybersecurity workforce. This article also discusses the value and implications of the CISSP certification on cybersecurity education and training.
3
Tsvilii, Olena. "Cybersecurity regulation: cybersecurity certification of operational technologies." Technology audit and production reserves 1, no. 2(57) (February 28, 2021): 54–60. http://dx.doi.org/10.15587/2706-5448.2021.225271.
Full textAbstract:
The object of research is the system and schemes of conformity assessment (certification) of cybersecurity of operational technologies (OT), as a set of rules and procedures that describe the objects of certification, determine the specified requirements and provide a methodology for certification. The terminological base and conceptual apparatus of the study of cybersecurity certification of operational technologies are based on the international standard ISO 17000:2020 Conformity assessment – Vocabulary and general principles. Cybersecurity certification systems and schemes are based on assessment standards, the choice and application of which is not unambiguous and historically has many interpretations and application mechanisms. These standards consist of tools, policies, security concepts, security assurances, guidelines, risk management approaches, best practices, safeguards, and technologies. But they have, to one degree or another, a significant drawback – the complexity of transforming the results of information security assessment according to these standards into security guarantees with any wide international recognition. In the context of globalization, this significantly degrades the cybersecurity quality. The main hypothesis of research is that the cybersecurity quality can be improved by converging towards a common methodology that is based on agreed international standards and international best practice for certification. The question of the key role of cybersecurity for operational technologies, which become the basis for Economy 4.0 and are now considered as a new frontier of cybersecurity, is considered. The need to create a system and schemes for certification of OT cybersecurity based on international and European certification principles is shown. A hierarchical model of cybersecurity certification system assessment standards and a hierarchical model of agreements on mutual recognition of cybersecurity certificates have been developed, which will allow a systematic approach to the creation of a system and schemes for OT cybersecurity certification. This provides an opportunity for developers of systems and certification schemes to form OT cybersecurity certification systems based on the principles of wide cross-border recognition of OT cybersecurity certificates.
4
Tsvilii, Olena. "SYSTEM OF CERTIFICATION OF CYBERSECURITY OF INFORMATION AND COMMUNICATIONS TECHNOLOGIES." Proceedings of the O.S. Popov ОNAT 1, no. 2 (December 31, 2020): 121–34. http://dx.doi.org/10.33243/2518-7139-2020-1-2-121-134.
Full textAbstract:
Cybersecurity of information and communication technologies (hereinafter - ICT) is a key issue for maintaining the functioning and security of the digital economy and public administration in the soon. An important role in the field of cybersecurity is played by the conformity assessment (certification) of cybersecurity. This may apply to the cybersecurity of ICT components, products, equipment, services and processes, to the cybersecurity of cloud services, to the cybersecurity of technological processes, to personal competence in the field of cybersecurity, and so on. Cybersecurity certification rules, procedures, and management establish a certification scheme, and a set of rules and procedures for managing similar or related conformity assessment schemes form a certification system. Creating cybersecurity certification schemes is a priority and relevant today. There are now a number of systems and assessment standards that can be applied to cybersecurity certification, but they do not ensure mutual recognition of test laboratory test and evaluation procedures and results, and the pursuit of harmonized and comparable cybersecurity assessment and implementation procedures. This situation is a global problem. Accordingly, the current legislation of Ukraine in the field of cybersecurity sets tasks for the application of the best international and European principles of conformity assessment of information and cybersecurity. The creation of cybersecurity certification systems and schemes based on international and European principles of conformity assessment requires appropriate scientific and methodological support. The article proposes a hierarchical model of assessment standards for the cybersecurity certification system and a hierarchical model of agreements on mutual recognition of cybersecurity certificates. Also, in the article, based on these models, the basics of the Cyber Security Certification System and Cyber Security Certification Schemes for ICT products and cloud services are proposed, with an emphasis on such elements as: assessment standards; accreditation of certification bodies; mutual recognition of certification results
5
Ananda, Safrida, Ika Putranti, and Andi Dir. "ANALYSIS OF THE EU CYBERSECURITY ACT UNDER THE THEORY OF NEOLIBERAL INSTITUTIONALISM." Arena Hukum 15, no. 1 (April 28, 2022): 176–99. http://dx.doi.org/10.21776/ub.arenahukum.2022.01501.9.
Full textAbstract:
Wannacry Ransomware epidemics have attacked several high-profile companies in European Union creating an EU-wide cybersecurity crisis in the digital economy and social order. In response, European Union established an appropriate regulation in cybercrime namely The Cybersecurity Act. The Act as an international regime does not only gives a permanent mandate that strengthens European Union Agency for Network and Information Security (ENISA) but also establishes The EU Cybersecurity Certification Scheme in order to increase cybersecurity and build cyber resilience in the European Union Digital Single Market. This paper investigates how does the Cybersecurity Act as a business law in maintaining cybersecurity aspect on the European Union Digital Single Market through the theory of neoliberal institutionalism as a framework of thinking. After a series of conduction of literature reviews, this research argues that The Cybersecurity Act would be an appropriate regulation in dealing with the cybersecurity crisis in the digitalized market order. The standardization in The EU Cybersecurity Certification Scheme regulated by The Cybersecurity Act would improve cybersecurity and build cyber resilience in the European Union Digital Single Market.
6
Gunawan, Budi, Barito Mulyo Ratmono, Denok Kurniasih, and Paulus Israwan Setyoko. "Cybersecurity effectiveness: The role of internal auditor certification, risk assessment and senior management." International Journal of Data and Network Science 7, no. 4 (2023): 1805–14. http://dx.doi.org/10.5267/j.ijdns.2023.7.011.
Full textAbstract:
This study aims to analyze and examine the influence of internal auditor certification, risk assessment, and the role of senior management on the effectiveness of cybersecurity for internal auditors who have experience in cybersecurity and information technology. This research method is a quantitative method, data analysis uses structural equation modeling (SEM) with SmartPLS 3.0 software tools. The population of this study is internal auditors who have experience in cybersecurity and information technology. The sample for this study was 480 respondents who were determined by the snowball sampling method. The research data was obtained from an online questionnaire which was distributed via social media. The questionnaire was designed using a Likert scale of 1 to 5. The stages of data analysis were validity test, reliability test and significance test. The results of this study indicate that internal auditor certification has a positive effect on cybersecurity effectiveness, risk assessment has a positive effect on cybersecurity effectiveness, and the role of senior management has a positive effect on cybersecurity effectiveness.
7
Mitrakas, Andreas. "The emerging EU framework on cybersecurity certification." Datenschutz und Datensicherheit - DuD 42, no. 7 (June 29, 2018): 411–14. http://dx.doi.org/10.1007/s11623-018-0969-2.
Full text
8
Coleman, Joe. "The DOD's CMMC 2.0: What Heat Treaters Need to Know." AM&P Technical Articles 182, no. 2 (March 1, 2024): 37–39. http://dx.doi.org/10.31399/asm.amp.2024-02.p037.
Full textAbstract:
Abstract Cybersecurity Maturity Model Certification (CMMC) 2.0 represents the most recent iteration of the US Department of Defense's cybersecurity regulations. The CMMC 2.0 framework was developed to improve the cybersecurity posture of defense contractors and their supply chain, including heat treaters. This article reviews key requirements and how DoD contractors can prepare for compliance.
9
Fleming, Courtney, Mark Reith, and Wayne Henry. "Securing Commercial Satellites for Military Operations: A Cybersecurity Supply Chain Framework." International Conference on Cyber Warfare and Security 18, no. 1 (February 28, 2023): 85–92. http://dx.doi.org/10.34190/iccws.18.1.1062.
Full textAbstract:
The increased reliance on commercial satellites for military operations has made it essential for the Department of Defense (DoD) to adopt a supply chain framework to address cybersecurity threats in space. This paper presents a satellite supply chain framework, the Cybersecurity Supply Chain (CSSC) Framework, for the DoD in the evaluation and selection of commercial satellite contracts. The proposed strategy is informed by research on cybersecurity threats to commercial satellites, national security concerns, current DoD policy, and previous cybersecurity frameworks. This paper aims to provide a comprehensive approach for safeguarding commercial satellites used by the DoD and ensuring the security of their supporting components. Inspired by the National Institute of Standards and Technology (NIST) 800-171 requirements and the DoD’s future Cybersecurity Maturity Model Certification (CMMC) process, the two-part framework significantly streamlines the NIST requirements to accommodate small businesses. It also extends key NIST requirements to commercial-off-the-shelf (COTS) suppliers. The CSSC Framework complements the CMMC certification process by addressing the need for cybersecurity requirements for all subcontractors supporting a commercial space asset. The framework incorporates a scoring process similar to CMMC scoring, granting points to a subcontractor for meeting the cybersecurity requirements outlined by the framework. In addition, the framework creates a space architecture overview that details the overall bid score and establishes a matrix based on individual requirements. This model and matrix allow DoD acquisition personnel to closely analyze each contract bid, comparing the subcontractor's strengths and weaknesses to other bidders. The CSSC Framework will allow the DoD to apply NIST standards to subcontractors who do not meet the requirements for CMMC certification.
10
Nikolov, Borislav. "Maritime Cybersecurity Education and Training at Nikola Vaptsarov Naval Academy." Pedagogika-Pedagogy 95, no. 6s (August 29, 2023): 48–55. http://dx.doi.org/10.53656/ped2023-6s.05.
Full textAbstract:
As of the beginning of 2021, a set of new requirements has been introduced by the International Maritime Organization (IMO), necessitating established rules and measures about the cybersecurity of the ship’s systems. That is to ensure a certain level of cybersecurity onboard, as well as re-occurring training of onboard staff, is required, to maintain cybersecurity measures. That leads to a new vector of postgraduate certification and namely – ships’ system cybersecurity and cybersecurity management. Its purpose is to provide the necessary knowledge and skills, related to fulfilling the requirements of the IMO. This paper examines some aspects of education and training of the ship’s crew regarding cybersecurity.
11
Razikin, Khairur, and Agus Widodo. "General Cybersecurity Maturity Assessment Model: Best Practice to Achieve Payment Card Industry-Data Security Standard (PCI-DSS) Compliance." CommIT (Communication and Information Technology) Journal 15, no. 2 (August 31, 2021): 91–104. http://dx.doi.org/10.21512/commit.v15i2.6931.
Full textAbstract:
The use of technology in the era of the Industrial Revolution 4.0 is essential, marked by the use of technology in the economy and business. This situation makes many companies in the payment sector have to improve their information technology security systems. In Indonesia, Bank Indonesia and the Financial Services Authority (Otoritas Jasa Keuangan - OJK) are agencies that provide operational permits for companies by making Payment Card Industry-Data Security Standard (PCI-DSS) certification as one of the requirements for companies to obtain operating permits. However, not all companies can easily get PCI-DSS certification because many companies still do not meet the PCI-DSS requirements. The research offers a methodology for measuring the level of technology and information maturity using general cybersecurity requirements adopted from the cybersecurity frameworks of CIS, NIST, and Cobit. Then, the research also performs qualitative calculations based on interviews, observations, and data surveys conducted on switching companies that have been able to implement and obtain certification. PCI-DSS to produce practical cybersecurity measures, in general, can be used as a measure of the maturity of technology and information security. The results and discussion provide a model assessment tool on the procedures and requirements needed to obtain PCI-DSS certification. The maturity level value of PT XYZ is 4.0667 at maturity level 4, namely quantitatively managed, approaching level 5 as the highest level at maturity level.
12
Dawson, Maurice. "Applying a holistic cybersecurity framework for global IT organizations." Business Information Review 35, no. 2 (May 8, 2018): 60–67. http://dx.doi.org/10.1177/0266382118773624.
Full textAbstract:
Examined are the three core themes: the role of education in cybersecurity, the role of technology in cybersecurity, and the role of policy in cybersecurity. These topics are essential for organizations seeking to establish environments that allow them to be successful irregardless of location while examining external and internal conditions. This study examined the research gaps within cybersecurity as it relates to core themes in an effort to develop stronger policies, education programs, and hardened technologies for cybersecurity use. This work illustrates how cybersecurity can be broken into these three core areas and used together to address issues such as developing training environments for teaching real cybersecurity events. It will further show the correlations between technologies and policies for system Certification and Accreditation. Finally, it will offer insights on how cybersecurity can be used to maintain wirelessly security for international and national security for global organizations.
13
Nowrozy, Raza. "GPTs or Grim Position Threats? The Potential Impacts of Large Language Models on Non-Managerial Jobs and Certifications in Cybersecurity." Informatics 11, no. 3 (July 11, 2024): 45. http://dx.doi.org/10.3390/informatics11030045.
Full textAbstract:
ChatGPT, a Large Language Model (LLM) utilizing Natural Language Processing (NLP), has caused concerns about its impact on job sectors, including cybersecurity. This study assesses ChatGPT’s impacts in non-managerial cybersecurity roles using the NICE Framework and Technological Displacement theory. It also explores its potential to pass top cybersecurity certification exams. Findings reveal ChatGPT’s promise to streamline some jobs, especially those requiring memorization. Moreover, this paper highlights ChatGPT’s challenges and limitations, such as ethical implications, LLM limitations, and Artificial Intelligence (AI) security. The study suggests that LLMs like ChatGPT could transform the cybersecurity landscape, causing job losses, skill obsolescence, labor market shifts, and mixed socioeconomic impacts. A shift in focus from memorization to critical thinking, and collaboration between LLM developers and cybersecurity professionals, is recommended.
14
Levy, Yair, and Ruti Gafni. "Towards the quantification of cybersecurity footprint for SMBs using the CMMC 2.0." Online Journal of Applied Knowledge Management 10, no. 1 (September 6, 2022): 43–61. http://dx.doi.org/10.36965/ojakm.2022.10(1)43-61.
Full textAbstract:
Organizations, small and big, are faced with major cybersecurity challenges over the past several decades, as the proliferation of information systems and mobile devices expand. While larger organizations invest significant efforts in developing approaches to deal with cybersecurity incidents, Small and Medium Businesses (SMBs) are still struggling with ways to both keep their businesses alive and secure their systems to the best of their abilities. When it comes to critical systems, such as defense industries, the interconnectivities of organizations in the supply-chain have demonstrated to be problematic given the depth required to provide a high-level cybersecurity posture. The United States (U.S.) Department of Defense (DoD) with the partnership of the Defense Industry Base (DIB) have developed the Cybersecurity Maturity Model Certification (CMMC) in 2020 with a third-party mandate for Level 1 certification. Following an outcry from many DIB organizations, a newly revised CMMC 2.0 was introduced in late 2021 where Level 1 (Fundamental) was adjusted for annual self-assessment. CMMC 2.0 provides the 17 practices that organizations should self-assess. While these 17 practices provide initial guidance for assessment, the specific level of measurement and how it impacts their overall cybersecurity posture is vague. Specifically, many of these practices use non-quantifiable terms such as “limit”, “verify”, “control”, “identify”, etc. The focus of this work is to provide SMBs with a quantifiable method to self-assess their Cybersecurity Footprint following the CMMC 2.0 Level 1 practices. This paper outlines the foundational literature work conducted in support of the proposed quantification Cybersecurity Footprint Index (CFI) using 26 elements that correspond to the relevant CMMC 2.0 Level 1 practices.
15
Nwankwo, Iheanyi, Marc Stauch, Panagiotis Radoglou-Grammatikis, Panagiotis Sarigiannidis, George Lazaridis, Anastasios Drosou, and Dimitrios Tzovaras. "Data Protection and Cybersecurity Certification Activities and Schemes in the Energy Sector." Electronics 11, no. 6 (March 21, 2022): 965. http://dx.doi.org/10.3390/electronics11060965.
Full textAbstract:
Cybersecurity concerns have been at the forefront of regulatory reform in the European Union (EU) recently. One of the outcomes of these reforms is the introduction of certification schemes for information and communication technology (ICT) products, services and processes, as well as for data processing operations concerning personal data. These schemes aim to provide an avenue for consumers to assess the compliance posture of organisations concerning the privacy and security of ICT products, services and processes. They also present manufacturers, providers and data controllers with the opportunity to demonstrate compliance with regulatory requirements through a verifiable third-party assessment. As these certification schemes are being developed, various sectors, including the electrical power and energy sector, will need to access the impact on their operations and plan towards successful implementation. Relying on a doctrinal method, this paper identifies relevant EU legal instruments on data protection and cybersecurity certification and their interpretation in order to examine their potential impact when applying certification schemes within the Electrical Power and Energy System (EPES) domain. The result suggests that the EPES domain employs different technologies and services from diverse areas, which can result in the application of several certification schemes within its environment, including horizontal, technological and sector-specific schemes. This has the potential for creating a complex constellation of implementation models and would require careful design to avoid proliferation and disincentivising of stakeholders.
16
Hernandez-Ramos, Jose L., Sara N. Matheu, and Antonio Skarmeta. "The Challenges of Software Cybersecurity Certification [Building Security In]." IEEE Security & Privacy 19, no. 1 (January 2021): 99–102. http://dx.doi.org/10.1109/msec.2020.3037845.
Full text
17
Kipker, Dennis-Kenji. "EU Cybersecurity Act und Certification Schemes: ein aktueller Fortschrittsbericht." Datenschutz und Datensicherheit - DuD 44, no. 4 (March 16, 2020): 263–65. http://dx.doi.org/10.1007/s11623-020-1264-6.
Full text
18
Martinez, Cristina, Iñaki Etxaniz, Alberto Molinuevo, and Juncal Alonso. "MEDINA Catalogue of Cloud Security controls and metrics: Towards Continuous Cloud Security compliance." Open Research Europe 4 (April 24, 2024): 90. http://dx.doi.org/10.12688/openreseurope.16669.1.
Full textAbstract:
In order to address current challenges on security certification of European ICT products, processes and services, the European Comission, through ENISA (European Union Agency for Cybersecurity), has developed the European Cybersecurity Certification Scheme for Cloud Services (EUCS). This paper presents the overview of the H2020 MEDINA project approach and tools to support the adoption of EUCS and offers a detailed description of one of the core components of the framework, the MEDINA Catalogue of Controls and Metrics. The main objective of the MEDINA Catalogue is to provide automated functionalities for CSPs’ compliance managers and auditors to ease the certification process towards EUCS, through the provision of all information and guidance related to the scheme, namely categories, controls, security requirements, assurance levels, etc. The tool has been enhanced with all the research and implementation works performed in MEDINA, such as definition of compliance metrics, suggestion of related implementation guidelines, alignment of similar controls in other schemes, and a set of self-assessment questionnaires, which are presented and discussed in this paper.
19
Islam, Md Shariful, Nusrat Farah, and Thomas F. Stafford. "Factors associated with security/cybersecurity audit by internal audit function." Managerial Auditing Journal 33, no. 4 (April 3, 2018): 377–409. http://dx.doi.org/10.1108/maj-07-2017-1595.
Full textAbstract:
Purpose The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit. Design/methodology/approach For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF). Findings The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit. Originality/value This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.
20
Matheu, Sara N., Jose L. Hernandez-Ramos, and Antonio F. Skarmeta. "Toward a Cybersecurity Certification Framework for the Internet of Things." IEEE Security & Privacy 17, no. 3 (May 2019): 66–76. http://dx.doi.org/10.1109/msec.2019.2904475.
Full text
21
Matheu, Sara N., José L. Hernández-Ramos, Antonio F. Skarmeta, and Gianmarco Baldini. "A Survey of Cybersecurity Certification for the Internet of Things." ACM Computing Surveys 53, no. 6 (December 29, 2020): 1–36. http://dx.doi.org/10.1145/3410160.
Full text
22
Benyahya, Meriem, Anastasija Collen, and Niels Alexander Nijdam. "Cybersecurity and Data Privacy Certification Gaps of Connected and Automated Vehicles." Transportation Research Procedia 72 (2023): 783–90. http://dx.doi.org/10.1016/j.trpro.2023.11.468.
Full text
23
Mincewicz, Wojciech. "EDUCATION IN THE FIELD OF CYBERSECURITY AT UNIVERSITIES IN POLAND." Zeszyty Naukowe SGSP 86 (June 26, 2023): 117–25. http://dx.doi.org/10.5604/01.3001.0053.7149.
Full textAbstract:
The article characterizes the current state of development of cybersecurity education in highereducation institutions in Poland. The purpose of the study is to characterize the models of cybersecurity education, to verify the development trends and to attempt to estimate further directionsin higher education for cyber security professionals. The compiled material, obtained frompublicly available databases and curricula, allowed us to formulate conclusions related to theeducation process itself, as well as to the confirmation of skills. A quantitative as well as qualitativeanalysis of the data was carried out, focused on the content of study programs. The profile ofa cybersecurity graduate varies by the leading institution, as well as by the discipline under whichthe education is provided. Recent years show a significant increase in new majors with a socialhumanitiesprofile, which, in addition to technological issues, pay attention to the broad contextof human functioning in cyberspace. An important addition to cybersecurity education, apartfrom formal confirmation of skills during higher education, is the certification process. This is anexample of informal education, but as global experience shows, it is equally important, both fromthe perspective of improving specialized skills and as a formal requirement in the recruitment andemployment search process.
24
Kipker, Dennis-Kenji. "EU Cybersecurity Act and Certification Schemes: an up-to-date progress report." Datenschutz und Datensicherheit - DuD 44, no. 6 (May 14, 2020): 390–92. http://dx.doi.org/10.1007/s11623-020-1290-4.
Full text
25
Azzani, Ihsania Karin, Susilo Adi Purwantoro, and Hikmat Zakky Almubarok. "Enhancing awareness of cyber crime: a crucial element in confronting the challenges of hybrid warfare In Indonesia." Defense and Security Studies 5 (January 5, 2024): 1–9. http://dx.doi.org/10.37868/dss.v5.id255.
Full textAbstract:
The Cyber Defense Center, abbreviated as Pushansiber, is an institution responsible for carrying out the duties and functions of the Defense Strategic Installation Agency. Pushansiber has an important role in implementing governance, cooperation, operations, and ensuring cyber defense security. However, this year there has been an increase in problems related to cyber attacks, such as phishing, malware, ransomware, spam. These cyber attacks are included in the concept of hybrid warfare which is believed to be a form of conflict that involves the utilization of various elements, one of which is cyber attacks, military, political, economic, and information aspects. This causes conflict situations to be complicated and demands a comprehensive approach in terms of defense and handling, with digital literacy and cybersecurity awareness which has an important role in defense management, the need for awareness and training, simulation, and certification to strengthen cybercrime awareness in every organization. The success of other countries that have established specialized cybersecurity teams and invested in advanced technology can serve as an example for Indonesia. For Indonesia, the cooperation between National Cyber and Crypto Agency (BSSN) and the Ministry of Defense in strengthening cybersecurity capabilities is an important step to safeguard infrastructure, protect sensitive data, and reduce potential disruptions from malicious cyber activities with the aim of strengthening cybersecurity capabilities.
26
Puchkov, Oleksandr, and Оlena Uvarkina. "Sustainable development of the system of formal cyber education: reflection of modern concepts." Collection "Information Technology and Security" 11, no. 1 (June 29, 2023): 60–68. http://dx.doi.org/10.20535/2411-1031.2023.11.1.283635.
Full textAbstract:
The article defines the conceptual framework for sustainable development of the formal cyberworld system. An analysis of contemporary regulatory, legal, and scientific sources on the preparation of cyber specialists for the security and defense sector has been conducted. The main research methods identified are synthesis, comparative analysis, focusing method, and cause-and-effect method. The new U.S. Cybersecurity Strategy addressing cyber education issues has been analyzed, which sets new requirements for cyber professionals in the context of the transformation of the global and national security environment. The use of analysis data from EU cybersecurity educational programs revealed the characteristic variability of the cybersecurity educational landscape in the EU and helped identify key gaps in the preparation of future professionals. It has been demonstrated that the integration of Ukrainian cyber education into the Euro-Atlantic educational space should occur through the updating of cybersecurity curricula based on the best international practices, the establishment of a unified system for accreditation, certification, and the development of cyber e-learning platforms for formal education. The competency-based approach in the preparation of cyber specialists is identified as a priority direction in research across various fields of knowledge. It has been revealed that there is a hysteresis of skills within the knowledge-ability-skill triad, acquired during education, in relation to the demands of advanced technologies in professional activities.
27
Matheu-García, Sara N., José L. Hernández-Ramos, Antonio F. Skarmeta, and Gianmarco Baldini. "Risk-based automated assessment and testing for the cybersecurity certification and labelling of IoT devices." Computer Standards & Interfaces 62 (February 2019): 64–83. http://dx.doi.org/10.1016/j.csi.2018.08.003.
Full text
28
Botha-Badenhorst, Danielle, André Martin McDonald, Graham David Barbour, Ethan Buckinjohn, and Wian Gertenbach. "On The Zero-Trust Intranet Certification Problem." International Conference on Cyber Warfare and Security 19, no. 1 (March 21, 2024): 10–18. http://dx.doi.org/10.34190/iccws.19.1.2054.
Full textAbstract:
Securing corporate networks and ensuring the trustworthiness of network resources are critical security concerns for organisations in today's interconnected digital landscape. The zero-trust security model is an approach to designing and implementing ICT systems which prescribes that clients and servers cannot be trusted automatically, even when connected to networks traditionally considered trusted. The implementation of the zero-trust model within the corporate intranet requires a secure method to verify the identity of local servers. On the Internet, trust in the identity of public servers is established by well-known public Certificate Authorities (CAs), which issue digital certificates to securely identify servers. However, local intranet servers exist within the internal address space of the network. Consequently, it is impossible to naturally obtain digital certificates for these servers, validly signed by a public CA, without publicly disclosing sensitive information such as intranet server Domain Name System (DNS) records. This leaves organisations with the option of relying on endpoint management systems to install custom CA root certificates on all corporate browsers or, in some cases, ignoring the problem altogether. In this paper, we draw on practical experience in the deployment of cybersecurity devices in corporate intranets to formally define the intranet certification problem. We specify five requirements that a solution to this problem must satisfy. We then conduct a comprehensive review of existing candidate solutions and academic research relevant to the intranet certification problem. Specifically, existing ICT systems for public key infrastructure and endpoint management are identified and evaluated with respect to their ability to meet the stated requirements for solving the intranet certification problem, as well as their cost. Our study reveals that solutions that meet the technical and security requirements of the intranet certification problem are beyond the reach of smaller private sector companies and public sector organisations in underdeveloped and emerging economies. The high cost and technical expertise required for their implementation and management render these solutions impractical. Consequently, by relying on servers with self-signed certificates, these entities inadvertently leave their servers susceptible to impersonation, information theft, and unauthorised resource access, thus violating the fundamental principles of the zero-trust model. We conclude that a gap exists for a simple, cost-effective, and easily managed solution to the intranet certification problem.
29
Ito, Kosuke, Shuji Morisaki, and Atsuhiro Goto. "IoT Security-Quality-Metrics Method and Its Conformity with Emerging Guidelines." IoT 2, no. 4 (December 15, 2021): 761–85. http://dx.doi.org/10.3390/iot2040038.
Full textAbstract:
This study proposes a security-quality-metrics method tailored for the Internet of things (IoT) and evaluates conformity of the proposed approach with pertinent cybersecurity regulations and guidelines for IoT. Cybersecurity incidents involving IoT devices have recently come to light; consequently, IoT security correspondence has become a necessity. The ISO 25000 series is used for software; however, the concept of security as a quality factor has not been applied to IoT devices. Because software vulnerabilities were not the device vendors’ responsibility as product liability, most vendors did not consider the security capability of IoT devices as part of their quality control. Furthermore, an appropriate IoT security-quality metric for vendors does not exist; instead, vendors have to set their security standards, which lack consistency and are difficult to justify by themselves. To address this problem, the authors propose a universal method for specifying IoT security-quality metrics on a globally accepted scale, inspired by the goal/question/metric (GQM) method. The method enables vendors to verify their products to conform to the requirements of existing baselines and certification programs and to help vendors to tailor their quality requirements to meet the given security requirements. The IoT users would also be able to use these metrics to verify the security quality of IoT devices.
30
Porche, Joshua, and Shawon Rahman. "Security Culture, Top Management, and Training on Security Effectiveness: A Correlational Study Without CISSP Participants." International journal of Computer Networks & Communications 15, no. 2 (March 30, 2023): 81–104. http://dx.doi.org/10.5121/ijcnc.2023.15205.
Full textAbstract:
The purpose of this study was to analyze the relationships between four variables (predictive constructs of top management, awareness and training, security culture, and task interdependence) and an information program's security effectiveness. The difference between this study and previous research is the exclusion of information technology (IT) security professionals with Certified Information Systems Security Professional (CISSP) certifications. In contrast, participants in previous research were IT professionals with CISSP certifications. The research question asked to what extent is there a statistically significant correlation between each of the four predictive constructs and security effectiveness. This study made the same correlational determination between the independent variables and the dependent variable construct using a study population of 155 Information Systems Audit and Control Association (ISACA) members. This study used structural equation modeling (SEM) techniques to analyze relationships. The same previously used instruments were reused to reassess these particular participants. The results of SEM revealed that there was a significant relationship between security culture and security effectiveness. Similarly, significant relationships were found between top management, awareness and training, security culture, and security effectiveness, which repeated similar findings from previous research. A post hoc test was conducted using path analysis to reaffirm the direct causal relationship between security culture and security effectiveness that was also previously researched with similar results. The results demonstrated that security culture is a significant influence regardless of the participants' perception of a security professional with or without CISSP certification. The implications of this can greatly affect reorganizational structure changes focused on developing security culture as an investment and a much-targeted construct focused on by future researchers. This could result in humandepartments or functional managers realigning staff positions to concentrate on spreading security culture among fellow employees who affect cybersecurity either directly or indirectly in the workplace.
31
Lisboa Malaquias, Felipe, Georgios Giantamidis, Stylianos Basagiannis, Simone Fulvio Rollini, and Isaac Amundson. "Towards a Methodology to Design Provably Secure Cyber-physical Systems." ACM SIGAda Ada Letters 43, no. 1 (October 30, 2023): 94–99. http://dx.doi.org/10.1145/3631483.3631499.
Full textAbstract:
The inordinate financial cost of mitigating post-production cybersecurity vulnerabilities in cyber-physical systems (CPS) is forcing the industry to rethink systems design cycles: greater attention is being given to the design phase - with the goal of reducing the attack surface of systems at an early stage (i.e., before silicon tape out). Fortunately, formal methods have advanced to the point that they can address such needs and contribute towards achieving security certification. However, new methods and tools focusing on industrial scalability and usability for systems engineers are required. In this ongoing research paper, we describe a framework that will help systems engineers to: a) design cyber-assured CPS using a Model Based Engineering (MBE) approach; b) formally map security requirements to different hardware and software blocks in the model; and c) formally verify security requirements. Based on the nature of each requirement, our framework collects formal correctness evidence from different tools: while high-level architectural properties are suitable for a contract- or ontology-based reasoning, more complex properties with rich semantics require the use of model checking or theorem proving techniques.
32
Gonzalez-Amarillo, Carlos Andrés, Anabel Fraga Vazquez, Gustavo Adolfo Ramirez-Gonzalez, Miguel Angel Mendoza-Moreno, and Juan Carlos Corrales Muñoz. "BIoTS-Path: Certification Transmission of Supply Chains Based on Blockchain–Internet of Things Architectures by Validating the Information Path." Mathematics 11, no. 19 (September 28, 2023): 4108. http://dx.doi.org/10.3390/math11194108.
Full textAbstract:
A food traceability system (FTS) can record information about processes along a production chain to determine their safety and quality. Under the Internet of Things (IoT) concept, the communication technologies that support FTSs act as platforms for mass access to information with limited security. However, the integrity of the collected data is not immune to security attacks. This paper proposes a point-to-point information transmission path with no edges or access boundaries (no intermediaries) to transmit data with integrity. This route is possible thanks to the architectural articulation of a hardware device (sensor BIoTS) at the perception layer, with the Blockchain architecture at the application layer. This pairing makes an ecosystem with the ability to trace and certify in parallel the products, the supply chain processes, and the data recorded in it possible. The design of the security testing ecosystem is based on the theoretical and technical principles of cybersecurity. It is executed through mathematical models that define the probability of attacks’ success against the transmitted data’s integrity. The security tests performed allow for establishing that this BIoTS information transmission route is unlikely to suffer from transmission vulnerabilities and that it is not prone to security attacks against integrity. This work paves the way toward fully integrating Blockchain technology in dedicated IoT architectures.
33
Park, Na-Eun, So-Hyun Park, Ye-Sol Oh, Jung-Hyun Moon, and Il-Gu Lee. "Distributed Authentication Model for Secure Network Connectivity in Network Separation Technology." Sensors 22, no. 2 (January 12, 2022): 579. http://dx.doi.org/10.3390/s22020579.
Full textAbstract:
Considering the increasing scale and severity of damage from recent cybersecurity incidents, the need for fundamental solutions to external security threats has increased. Hence, network separation technology has been designed to stop the leakage of information by separating business computing networks from the Internet. However, security accidents have been continuously occurring, owing to the degradation of data transmission latency performance between the networks, decreasing the convenience and usability of the work environment. In a conventional centralized network connection concept, a problem occurs because if either usability or security is strengthened, the other is weakened. In this study, we proposed a distributed authentication mechanism for secure network connectivity (DAM4SNC) technology in a distributed network environment that requires security and latency performance simultaneously to overcome the trade-off limitations of existing technology. By communicating with separated networks based on the authentication between distributed nodes, the inefficiency of conventional centralized network connection solutions is overcome. Moreover, the security is enhanced through periodic authentication of the distributed nodes and differentiation of the certification levels. As a result of the experiment, the relative efficiency of the proposed scheme (REP) was about 420% or more in all cases.
34
Short, Hannah, David Kelsey, Romain Wartel, David Groep, Urpo Kaila, Ralph Niederberger, and Nicole Harris. "WISE Information Security for Collaborating e-Infrastructures." EPJ Web of Conferences 214 (2019): 03041. http://dx.doi.org/10.1051/epjconf/201921403041.
Full textAbstract:
As most are fully aware, cybersecurity attacks are an ever-growing problem as larger parts of our lives take place on-line. Distributed digital infrastructures are no exception and action must be taken to both reduce the security risk and tohandle security incidents when they inevitably happen. These activities are carried out by the various research infrastructures and it has become very clear in recent years that collaboration with others both helps to improve the security and to work more efficiently. The Wise Information Security for Collaborating e-Infrastructures (WISE) community provides a trusted framework where security experts can share information on topics such as risk management, experiences about certification processes and threat intelligence. With participants from multiple large scale Infrastructures, WISE focuses on standards, guidelines and practices, and promotes the protection of critical infrastructure. To date WISE has published two documents; a risk management template and a second version of the SCI framework, endorsed by multiple large-scale infrastructures. In 2018 WISE began work on new areas of relevance to the High Energy Physics community, including a focus on operational security and incident response for interoperating infrastructures. We present an overview of the available WISE recommendations, future work and how WISE brings benefits to the High Energy Physics community.
35
Kayisoglu, Gizem, Pelin Bolat, and Emre Duzenli. "Modelling of Maritime Cyber Security Education and Training." Pedagogika-Pedagogy 95, no. 6s (August 29, 2023): 64–78. http://dx.doi.org/10.53656/ped2023-6s.07.
Full textAbstract:
The existence of sophisticated and integrated cyberspace aboard ships with information technology (IT) and operational technology (OT) makes cybersecurity a crucial concern for the maritime sector. The marine sector has benefited greatly from information and communication technologies, but they have also made ship systems and maritime infrastructure more susceptible to cyberattacks. Cyberattacks on ships have the potential to result in fatalities, severe financial losses, environmental damage, and other negative effects. A model course or specification for maritime cyber security education and training through the International Convention on Standards of Training, Certification, and Watchkeeping for Seafarers (STCW) 1978 has not yet been published by the International Maritime Organization (IMO), despite the fact that MSC.428 mandates cyber security risk management in the safety management system on ships to combat cyber-attacks and improve cyber resistance in maritime environments. The Analytic Hierarchical Process (AHP) technique is used in this work to offer a model for a curriculum for cyber security in the Maritime Education and Training (MET) system. It is possible to identify each competency’s priority in the MET system’s cyber security curriculum by comparing the relative weights assigned to each one. The results of the research provide the Met Institutions with the ability to be proactive and include cyber security knowledge and abilities into proposed curricula.
36
Ivasiuk, Oleksandr, and Vyacheslav Kharchenko. "Використання методу верифікації FMEDA/FIT для оцінювання кібербезпеки програмованого логічного контролера: нова інтерпретація принципу SIS." Aerospace Technic and Technology, no. 1 (February 27, 2024): 76–90. http://dx.doi.org/10.32620/aktt.2024.1.07.
Full textAbstract:
The object of this study is a programmable logic controller (safety PLC), which is part of an information and control system designed for safe management of important technological processes. The subject of this study is the substantiation of the legality of reusing the results obtained during the development of the safety PLC in accordance with the requirements of functional safety to assess the level of its cyber security. The purpose of this work is to investigate the possibility of "cross" evaluation of the safety characteristics of the safety PLC, namely, the possibility of evaluating the level of cyber security of the programmable logic controller based on known data regarding its level of functional safety, in order to optimize the use of available resources in the project. The study tasks are following: to provide a theoretical basis for the relationship between safety PLC characteristics such as functional safety and cybersecurity. Determine the metrics by which it will be possible to assess the degree of reuse of existing results. Perform an analysis of potential cyberattacks depending on the architecture of the information and control system, which performs security functions, as well as on the possible modes of its use. Determine and evaluate the degree of "cross" influence of critical characteristics of the research object. To perform a calculation analysis of the potential financial and time gain from the reuse of already known results for the minimum configuration of the safety PLC. Conclusions. The study demonstrated the relevance of the question of assessing the cybersecurity of a programmable logic controller based on the use of existing data, regarding its level of functional security (SIL). The proposed approach provides opportunities to significantly optimize the use of resources in safety PLC certification projects. However, the main methodological conclusion is that the well-known principle of Security Informed Safety can be developed and used in practice in the opposite direction, as Security supported/assessed by Safety. That is, to the principle of "assessment of functional safety taking into account/on information (cyber) security" the principle of "assessment of information (cyber) security with the support of/taking into account the results of the assessment of functional security" is added.
37
Ahmed, Adel A. "Lightweight Digital Certificate Management and Efficacious Symmetric Cryptographic Mechanism over Industrial Internet of Things." Sensors 21, no. 8 (April 16, 2021): 2810. http://dx.doi.org/10.3390/s21082810.
Full textAbstract:
The certificate authority, a trusted entity, issues digital certificates which contain identity credentials to help Industrial Internet of Things (IIoT) devices to represent their authenticity in a secure means. The crucial challenge of a digital certificate is to how design a secure certification authority management system that can counteract cyberattacks on the IIoT network. Moreover, current IIoT systems are not capable of implementing complex mathematical operations due to their constrained power capacity and processing capability. This paper proposes an effective, secure symmetric cryptographic mechanism (ESSC) based on the certificate authority management and Elliptic Curve Diffie Hellman (ECDH) to share a digital certificate among IIoT devices. The proposed certificate authority is used to securely exchange the shared secret key and to resolve the problem of spoofing attacks that may be used to impersonate the identity of the certificate authority. Also, ESSC uses the shared secret key to encrypt the sensitive data during transmission through the insecure communication channel. This research studies the adversary model for ESSC on IIoT and analyzes the cybersecurity of ESSC in the random oracle model. The findings that result from the experiments show that ESSC outperforms the baseline in terms of communication, computation, and storage costs. ESSC thus provides an adequate lightweight digital certificate management and cryptographic scheme which can help in the detection and prevention of several cyberattacks that can harm IIoT networks.
38
Chetry, Arjun, and Uzzal Sharma. "Anonymity in decentralized apps: Study of implications for cybercrime investigations." International Journal of Experimental Research and Review 32 (August 30, 2023): 195–205. http://dx.doi.org/10.52756/ijerr.2023.v32.017.
Full textAbstract:
In the digital age, cybercrime facilitated by anonymous communication apps raises significant concerns. Criminals exploit the anonymity provided by these apps, creating challenges for law enforcement and cybersecurity professionals when investigating and combating cybercrime. The complexity of decentralized applications (DApps) without centralized servers further complicates evidence certification. Although anonymity features to protect privacy, they impede the establishment of connections between digital accounts and real-world identities. In centralized server environments, data access for investigations is relatively straightforward. However, this study reveals that DApps present challenges due to decentralized control, anonymity, encrypted communication, and jurisdictional issues. DApps designed for anonymous communication allow users to interact without revealing their identities, making it challenging to trace criminals. While cybercrime investigations in centralized environments involve systematic evidence collection, correlation, analyzing communication patterns, collaboration with agencies, tracking IP addresses, legal authorization, and forensic analysis of digital devices, DApps-based investigations require vital intelligence gathering through open-source techniques (OSINT). This includes retrieving digital footprints, analyzing social media profiles, and tracing ownership information. Moreover, investigators may exploit human vulnerabilities, engage in deceptive communication, or use social engineering techniques to gather information while carefully considering the balance between user privacy and investigative requirements. In this study, we explore the many facets of anonymity in DApps and what challenges they impose for the investigation of cybercrime. The anonymity of users and their transactions in the context of new blockchain and decentralized technology presents difficulties for law enforcement. In the end, our research helps shed light on the complex relationship between anonymity in decentralized systems and the need for fairness online.
39
Scovia, Apio, and Asiimwe Jonath. "The Electronic Government Procurement System in Uganda; Challenges and Benefits." International Journal of Research and Innovation in Social Science VIII, no. VI (2024): 2598–606. http://dx.doi.org/10.47772/ijriss.2024.806199.
Full textAbstract:
The Public Procurement and Disposal of Public Assets Authority of Uganda (PPDA), the primary regulatory body in charge of managing public procurement and the disposal of public assets in the nation, developed the Electronic Government Procurement (e-GP) system, to address issues with the paper-based procurement system. Numerous obstacles prevent Uganda’s public e-procurement or e-GP system installation from becoming effective. This study aimed to investigate the advantages and implementation difficulties of the e-GP system. It used a qualitative research approach, utilizing a desk study review methodology that involved reviewing relevant empirical literature. Data collection was focused consistently on the aim of the research, and the keywords used were specific to the goal of the study. The study identified challenges in three technological, organizational and contextual categories. These challenges include; Inadequate IT & networking infrastructure, Acceptance and usage issues, IT security issues, resistance to change, lack of training and skilled personnel and legal framework as some of the obstacles to the effective implementation of the e-GP system. The system when effectively implemented also has several benefits enhancing, transparency, mitigating the risks of corruption, reducing financial and technological risks, increasing competitiveness, minimizing business effort, offering quality bidding, promptness, cost savings, and lowering the cost of purchasing goods or services at premium pricing. The study recommends investing in infrastructure; developing comprehensive training programs for government staff on e-GP systems, procurement processes, and cybersecurity; Certification and continuous professional development for procurement professionals and Change management strategies to address resistance in order to best maximize its benefits.
40
Muzhanova, Tetiana, Svitlana Lehominova, Yurii Shchavinsky, Yuriy Yakymenko, and Halyna Nesterenko. "MAIN APPROACHES AND DIRECTIONS OF DEVELOPMENT OF EUROPEAN UNION CYBER SECURITY POLICY." Cybersecurity: Education, Science, Technique 4, no. 24 (2024): 133–49. http://dx.doi.org/10.28925/2663-4023.2024.24.133149.
Full textAbstract:
The implementation of digital technologies into all spheres of society's life, along with many advantages, has caused the emergence of new security challenges, the response to which requires flexible, innovative and complex approaches, a quick and coordinated reaction, and the consolidation of efforts of many stakeholders. In recent years, significant results in the development and realization of cybersecurity policy have been achieved by the European Union, which, thanks to the combination of institutional capabilities at the community level, efforts of member states, cooperation with business and international partners, is already implementing a number of coordinated initiatives in the field of cybersecurity. The experience of the EU in solving the problems of safe digital development can be a benchmark for other states, including Ukraine. The article examines the development of the main approaches and directions of the EU cyber security policy from the end of the 90s of the 20th century to the present day. It has been established that since the beginning of the 2000s, the European Commission outlined a common approach to the EU cyber security policy, which provided for the further implementation of measures related to: justification of the policy and improvement of the legal framework; creation of a European warning and information system; supporting and investing in cyber security technological solutions; increasing digital awareness; introduction of market oriented standardization and certification; ensuring the security of EU institutions and member states; international cooperation in the field of cyber security. The listed directions generally remained relevant during the further development and improvement of EU policy of cyber security. The study showed that the next stages of the evolution of the EU cyber security policy were related with the adoption of three cyber security strategies of 2013, 2017 and 2020, which reflected the development trends of the digital environment and the need to respond to new cyber security challenges. The analysis of these strategies indicated that the EU cyber security policy was and continues to be aimed at solving three key goals: achieving cyber resilience of the European Community, the state, and organizations in the face of constant cyber threats; ensuring effective cyber resilience; promoting a safe and open global cyberspace. In order to fulfill the declared goals of the cyber security policy during 2022-2023, the European Commission proposed a number of important initiatives, in particular, to increase the level of cyber security in the EU states; establish common cyber security standards for EU institutions; implement cybersecurity requirements for products with digital elements; strengthen the EU's capabilities to identify, prepare for and respond to cyber security threats and incidents. It was established that during the development and implementation of the cyber security policy, the EU faced a number of problems and challenges, including an insufficient level of coordination, support and resource provision; lagging behind the regulatory and legal framework of cyber security from the development of the field; difficulties of cross-border and international cooperation; the need for a proactive approach and policy adaptation to the dynamic cyber environment; necessity to maintain a balance between openness and security, etc. It has been proven that the cyber security policy of the European Union, which is developing progressively and dynamically, involves the implementation of new approaches and solutions in response to the challenges of the digital environment, is a benchmark for other states, in particular Ukraine.
41
Vasiliev, S. A., I. A. Nikonova, and O. S. Miroshnichenko. "Banks, Financial Platforms and Big Data: Development Trends and Regulation Directions." Financial Journal 14, no. 5 (October 2022): 105–19. http://dx.doi.org/10.31107/2075-1990-2022-5-105-119.
Full textAbstract:
The introduction of Big Data technology into banking activities is aimed at improving the efficiency of banks, improving business processes, however, it creates new risk factors and determines the need to transform regulatory approaches. The purpose of the article is to develop recommendations on the use of Big Data technology in banking, including the bank transactions using a financial platform, taking into account the need to ensure the stability of the banking sector at the macro and micro levels, and the development of the financial market. It has been established that Big Data technology is used in the management of banking risks, in the development of relationships with customers, the development of personalized products; in cost reduction. The use of Big Data defines new requirements for staff competencies. As a result of the analysis, the need for cooperation between banks, operators of financial platforms with specialized providers of cloud services, software, as well as fintech companies is substantiated. It was revealed that the implementation of Big Data technology increases the importance of model, reputational risks, third-party risks, unethical behavior, and cybersecurity. When using Big Data technology, banks are recommended to separate the data management function; the regulator — to expand the regulatory principles and approaches to the use of data in the construction, validation, adjustment of banking models based on Big Data technology, to the exchange of data and their protection, to the use by banks, operators of financial platforms of Open data, to the certification of specialized suppliers, interacting with banks; the legislator is recommended to develop a legal framework that regulates the formation and use of open data by economic agents.
42
Meng, Baoluo, Daniel Larraz, Kit Siu, Abha Moitra, John Interrante, William Smith, Saswata Paul, et al. "VERDICT: A Language and Framework for Engineering Cyber Resilient and Safe System." Systems 9, no. 1 (March 3, 2021): 18. http://dx.doi.org/10.3390/systems9010018.
Full textAbstract:
The ever-increasing complexity of cyber-physical systems is driving the need for assurance of critical infrastructure and embedded systems. However, traditional methods to secure cyber-physical systems—e.g., using cyber best practices, adapting mechanisms from information technology systems, and penetration testing followed by patching—are becoming ineffective. This paper describes, in detail, Verification Evidence and Resilient Design In anticipation of Cybersecurity Threats (VERDICT), a language and framework to address cyber resiliency. When we use the term resiliency, we mean hardening a system such that it anticipates and withstands attacks. VERDICT analyzes a system in the face of cyber threats and recommends design improvements that can be applied early in the system engineering process. This is done in two steps: (1) Analyzing at the system architectural level, with respect to cyber and safety requirements and (2) by analyzing at the component behavioral level, with respect to a set of cyber-resiliency properties. The framework consists of three parts: (1) Model-Based Architectural Analysis and Synthesis (MBAAS); (2) Assurance Case Fragments Generation (ACFG); and (3) Cyber Resiliency Verifier (CRV). The VERDICT language is an Architecture Analysis and Design Language (AADL) annex for modeling the safety and security aspects of a system’s architecture. MBAAS performs probabilistic analyses, suggests defenses to mitigate attacks, and generates attack-defense trees and fault trees as evidence of resiliency and safety. It can also synthesize optimal defense solutions—with respect to implementation costs. In addition, ACFG assembles MBAAS evidence into goal structuring notation for certification purposes. CRV analyzes behavioral aspects of the system (i.e., the design model)—modeled using the Assume-Guarantee Reasoning Environment (AGREE) annex and checked against cyber resiliency properties using the Kind 2 model checker. When a property is proved or disproved, a minimal set of vital system components responsible for the proof/disproof are identified. CRV also provides rich and localized diagnostics so the user can quickly identify problems and fix the design model. This paper describes the VERDICT language and each part of the framework in detail and includes a case study to demonstrate the effectiveness of VERDICT—in this case, a delivery drone.
43
Acheampong, Felix. "Role of Emerging Technologies in Improving Procurement Efficiency and Effectiveness in Ghana." Global Journal of Purchasing and Procurement Management 3, no. 2 (July 5, 2024): 24–33. http://dx.doi.org/10.47604/gjppm.2770.
Full textAbstract:
Purpose: The aim of the study was to examine the role of emerging technologies in improving procurement efficiency and effectiveness in Ghana. Methodology: This study adopted a desk methodology. A desk study research design is commonly known as secondary data collection. This is basically collecting data from existing resources preferably because of its low cost advantage as compared to a field research. Our current study looked into already published studies and reports as the data was easily accessed through online journals and libraries. Findings: The role of emerging technologies in improving procurement efficiency and effectiveness in Ghana has been transformative, driving significant advancements in the procurement landscape. The adoption of technologies such as blockchain, artificial intelligence (AI), Internet of Things (IoT), and big data analytics has streamlined procurement processes, enhanced transparency, and fostered better decision-making. Emerging technologies have automated repetitive and time-consuming tasks, reducing manual errors and speeding up procurement cycles. AI and machine learning algorithms have enabled predictive analytics, allowing procurement professionals to forecast demand more accurately, optimize inventory levels, and negotiate better with suppliers based on data-driven insights. Unique Contribution to Theory, Practice and Policy: Technology Acceptance Model, Resource-Based View (RBV) & Transaction Cost Economics (TCE) may be used to anchor future studies on role of emerging technologies in improving procurement efficiency and effectiveness in Ghana. Organizations can benefit significantly by investing in training and development programs tailored to equip procurement professionals with the skills needed to leverage emerging technologies effectively. Hands-on workshops, certification courses, and mentorship programs focused on technology integration should be prioritized to bridge existing skill gaps and build a workforce capable of implementing and managing these advanced procurement tools. Governments and regulatory bodies play a pivotal role in creating an enabling environment for the widespread adoption of emerging technologies in procurement. Developing flexible regulatory frameworks that accommodate the unique characteristics and risks associated with these technologies, such as data privacy and cybersecurity concerns, is essential. Policymakers should also consider incentives such as tax credits, grants, and subsidies to encourage organizations to invest in technology upgrades and innovations that enhance procurement efficiency and effectiveness.
44
Beveridge, Robert. "Effectiveness of Increasing Realism Into Cybersecurity Training." International Journal of Cyber Research and Education 2, no. 1 (January 2020): 40–54. http://dx.doi.org/10.4018/ijcre.2020010104.
Full textAbstract:
This article describes how cybersecurity is a field that is growing at an exponential rate. In light of many highly publicized incidences of cyber-attacks against organizations, the need to hire experienced cybersecurity professionals is increasing. The lack of available workforce to fill open positions is alarming and organizations are finding that potential candidates with academic degrees and certifications alone are not as valuable as those with experience. Gaining rapid experience requires immersion into realistic virtual environments that mimic real-world environments. Currently, cybersecurity competitions leverage many technologies that immerse participants into virtual environments that mimic real-world systems to improve experiential learning. These systems are expensive to build and maintain, and to continuously improve realism is difficult. However, the training value of cyber competitions in which the participants cannot distinguish from real-world systems will ultimately develop highly experience cybersecurity professionals.
45
Gudz, Liudmyla. "ENSURING HUMAN RIGHTS IN THE CONTEXT OF IMPLEMENTATION OF ELECTRONIC VOTING IN UKRAINE: PERSPECTIVES AND RISKS." Journal of V. N. Karazin Kharkiv National University, Series "Law", no. 37 (May 28, 2024): 67–75. http://dx.doi.org/10.26565/2075-1834-2024-37-07.
Full textAbstract:
Introduction. The article focuses on the advantages of e-voting and the insufficient study of human rights aspects in this process. Therefore, the purpose of the study is to identify public policy strategies for the successful implementation of e-voting in Ukraine, taking into account international experience and ensuring human rights and freedoms in the electoral process. Summary of the main research results. The main findings of the study point to the relevance of introducing e-voting in the context of the COVID-19 pandemic and other challenges. An e-voting system can ensure compliance with international electoral and human rights standards, such as privacy, accessibility, non-discrimination, information, and verification of votes. The experience of foreign countries, in particular Estonia, confirms the success and benefits of e-voting, the analysis of which is important for other countries, including Ukraine, in implementing their e-voting systems. Switzerland, the United States, Norway, Sweden, India, and Brazil have also used e-voting, with varying degrees of success and challenges related to security and privacy. For example, in Switzerland, e-voting was used experimentally in some cantons but faced significant security issues, while in India, EVMs have become standard in most polling stations, increasing public confidence in the electoral process. However, recent events in Brazil and the United States show that unscrupulous politicians can challenge the operation of any electronic voting system, which can lead to mass protests and unrest. The Council of Europe and the Venice Commission have formulated principles and standards for the use of information and communication technologies in electoral processes, which include security, transparency, and respect for fundamental human rights. Ukraine is actively preparing for the introduction of electronic voting, as evidenced by the large number of draft laws that have been registered in the Verkhovna Rada of Ukraine but have not yet been adopted, although this indicates an awareness of the need to use digital technologies to ensure citizens' voting rights. Conclusions. The experience of foreign countries confirms the popularity of e-voting due to the development of information and communication technologies. Ukraine, with its high scientific and technical potential, has prospects for introducing e-voting. However, the successful application requires comprehensive preparation, including software certification, pilot projects, personal data protection, strengthening cybersecurity, and the adoption of a special law on the use of e-voting at various levels and the introduction of e-voting as an alternative method along with traditional voting.
46
Loo, Sin Ming, Elizabeth Khan, Eleanor Taylor, and Char Sample. "Transforming Cyber Education thru Open to All Accessible Pathways." Journal of The Colloquium for Information Systems Security Education 11, no. 1 (February 27, 2024): 6. http://dx.doi.org/10.53735/cisse.v11i1.188.
Full textAbstract:
Boise State University’s (BSU) Cyber Operations and Resilience CORe program was intentionally designed so that any student, especially non-traditional and non-technical students, with an interest in cybersecurity could have an education and training pathway to enter the cyber workforce. The CORe curriculum focuses on teaching students how to design, apply, and improve cybersecurity through the interaction of people, processes, and technology. CORe is a stackable curriculum with elective credit hours and options for various academic and industry certificates and certifications that enable students to customize their unique career pathway. The CORe program guides students to think about the system being managed, the risks presented, and the dynamic intersection of system elements when considering how to incorporate resilience frameworks in achieving a resilient system. By developing systems thinking, the students gain an understanding of the interdependencies interacting with the operational system. The CORe program encourages students to integrate cybersecurity knowledge with models and frameworks found in other academic disciplines through a unifying systems approach. CORe is designed around the realities of today’s broad cyber landscape: that breaches will occur in any system over time and proactive design of resilience into systems to detect, respond, and recover in a timely and orderly manner is critical. Students are taught to think holistically about cybersecurity focusing on all system elements. CORe is not a traditional cybersecurity degree. CORe is distinguished by the non-traditional engineering, computer science approach to cybersecurity education with the singular focus on infusing resilience operations and transdisciplinary systems thinking principles throughout the curriculum.
47
Burrell, Darrell Norman. "An Exploration of the Critical Need for Formal Training in Leadership for Cybersecurity and Technology Management Professionals." International Journal of Hyperconnectivity and the Internet of Things 2, no. 1 (January 2018): 52–67. http://dx.doi.org/10.4018/ijhiot.2018010105.
Full textAbstract:
For many cybersecurity professionals it is often their technical skills, certifications, and technical academic education that gets them hired and even promoted from a line employee to a management role in technical departments and technical organizations. Being in management roles requires the development of new leadership soft skills that include personality traits, attitudes, habits, and behaviors you display when working with leading, coaching, empowering and developing others. While good soft skills are also important for employees, they are critical for managers - and for those who want to be managers. This article explores that nature of those skills and approaches to help organizations develop leaders in these areas.
48
Tran, Binh, Karen Benson, and Lorraine Jonassen. "Integrating certifications into the cybersecurity college curriculum: The efficacy of education with certifications to increase the cybersecurity workforce." Journal of Cybersecurity Education Research and Practice 2023, no. 2 (October 12, 2023). http://dx.doi.org/10.32727/8.2023.19.
Full textAbstract:
One only needs to listen to the news reports to recognize that the gap between securing the enterprise and cybersecurity threats, breaches, and vulnerabilities appears to be widening at an alarming rate. An un-tapped resource to combat these attacks lies in the students of the secondary educational system. Necessary in the cybersecurity education is a 3-tiered approach to quickly escalate the student into a workplace-ready graduate. The analogy used is a three-legged-stool, where curriculum content, hands-on skills, and certifications are equal instruments in the edification of the cybersecurity student. This paper endeavors to delve into the 3rd leg of the stool by developing the concept of vendor-specific and vendor-neutral certifications to educate the cybersecurity student and test their capability of protecting the workplace. The research data was drawn from companies in the Atlanta, Georgia area, who employ and hire cybersecurity recruits. The data from the research proves certifications are necessary as an addition to the cybersecurity curriculum in the secondary education arena. The paper reviews the need for cybersecurity graduates, the balance between cybersecurity theory and applied skillsets, the difference between a certificate and a certification, benefits to the community, classifications of certifications, relevancy of a college degree in today’s workforce, and recommendations for further study.
49
Ramezan, Christopher, Paul Coffy, and Jared Lemons. "Building the Operational Technology (OT) Cybersecurity Workforce: What are Employers Looking for?" Journal of Cybersecurity Education Research and Practice 2024, no. 1 (October 16, 2023). http://dx.doi.org/10.32727/8.2023.31.
Full textAbstract:
A trained workforce is needed to protect operational technology (OT) and industrial control systems (ICS) within national critical infrastructure and critical industries. However, what knowledge, skills, and credentials are employers looking for in OT cybersecurity professionals? To best train the next generation of OT cybersecurity professionals, an understanding of current OT cybersecurity position requirements is needed. Thus, this work analyzes 100 OT cybersecurity positions to provide insights on key prerequisite requirements such as prior professional experience, education, industry certifications, security clearances, programming expertise, soft verbal and written communication skills, knowledge of OT frameworks, standards, and network communication protocols, and position travel. We found that OT cybersecurity roles are typically non-entry level, as experience was the most common requirement, and was required on 95% of analyzed positions. Possession of a bachelor’s degree or higher was required for 82% of positions, while industry certifications such as the Certified Information Systems Security Professional (CISSP) or the Global Information Assurance Certification (GIAC) Global Industrial Cyber Security Professional (GICSP) were listed on 64% of positions. Knowledge of OT or IT frameworks and standards and strong communication skills were listed on 48% of positions, while programming expertise, possession of the United States security clearance, and knowledge of OT or IT networking protocols were required for 18%, 24%, and 27% of positions, respectively. A work travel requirement was listed on 29% of positions. Individuals seeking to enter the OT cybersecurity field, and educational programs focusing on training OT cybersecurity professionals should prioritize obtaining experience, education, and certification, possessing strong communication skills, and knowledge of relevant OT and IT industry standards and frameworks.
50
Tang, Fengchun, and Ling Yang. "The Effects of IT Management Certification Type and Corporate Social Responsibility Performance on Investors’ Responses to Cybersecurity Breaches." Journal of Information Systems, June 1, 2024, 1–16. http://dx.doi.org/10.2308/isys-2023-032.
Full textAbstract:
ABSTRACT We investigate the joint effects of IT management certification type (for example, International Organization for Standardization (ISO) 27001 certification, the certification of a company’s Information Security Management System against the ISO 27001 standard, the leading international standard focused on information security) and CSR performance on investors’ responses to cybersecurity breaches. We find that the ISO 27001 certificate issued by an independent certification body serves as a proactive remedial strategy for reputation management and attenuates investors’ negative reactions following data breaches. However, the connection between the certification body that issues the certificate and the financial audit firm of the audited company may impair the effectiveness of the certificate serving as a remedial strategy for cybersecurity breaches. Similarly, superior CSR performance provides insurance-like protection and spillovers to reduce investors’ negative responses to cybersecurity breaches. We also provide some evidence suggesting that IT management certification type and CSR performance are likely substitutive mechanisms.