Artykuły w czasopismach na temat „Cybersecurity Maturity Model Certification”
Kliknij ten link, aby zobaczyć inne rodzaje publikacji na ten temat: Cybersecurity Maturity Model Certification.
Utwórz poprawne odniesienie w stylach APA, MLA, Chicago, Harvard i wielu innych
Sprawdź 50 najlepszych artykułów w czasopismach naukowych na temat „Cybersecurity Maturity Model Certification”.
Przycisk „Dodaj do bibliografii” jest dostępny obok każdej pracy w bibliografii. Użyj go – a my automatycznie utworzymy odniesienie bibliograficzne do wybranej pracy w stylu cytowania, którego potrzebujesz: APA, MLA, Harvard, Chicago, Vancouver itp.
Możesz również pobrać pełny tekst publikacji naukowej w formacie „.pdf” i przeczytać adnotację do pracy online, jeśli odpowiednie parametry są dostępne w metadanych.
Przeglądaj artykuły w czasopismach z różnych dziedzin i twórz odpowiednie bibliografie.
1
Razikin, Khairur, i Agus Widodo. "General Cybersecurity Maturity Assessment Model: Best Practice to Achieve Payment Card Industry-Data Security Standard (PCI-DSS) Compliance". CommIT (Communication and Information Technology) Journal 15, nr 2 (31.08.2021): 91–104. http://dx.doi.org/10.21512/commit.v15i2.6931.
Pełny tekst źródłaStreszczenie:
The use of technology in the era of the Industrial Revolution 4.0 is essential, marked by the use of technology in the economy and business. This situation makes many companies in the payment sector have to improve their information technology security systems. In Indonesia, Bank Indonesia and the Financial Services Authority (Otoritas Jasa Keuangan - OJK) are agencies that provide operational permits for companies by making Payment Card Industry-Data Security Standard (PCI-DSS) certification as one of the requirements for companies to obtain operating permits. However, not all companies can easily get PCI-DSS certification because many companies still do not meet the PCI-DSS requirements. The research offers a methodology for measuring the level of technology and information maturity using general cybersecurity requirements adopted from the cybersecurity frameworks of CIS, NIST, and Cobit. Then, the research also performs qualitative calculations based on interviews, observations, and data surveys conducted on switching companies that have been able to implement and obtain certification. PCI-DSS to produce practical cybersecurity measures, in general, can be used as a measure of the maturity of technology and information security. The results and discussion provide a model assessment tool on the procedures and requirements needed to obtain PCI-DSS certification. The maturity level value of PT XYZ is 4.0667 at maturity level 4, namely quantitatively managed, approaching level 5 as the highest level at maturity level.
2
Coleman, Joe. "The DOD's CMMC 2.0: What Heat Treaters Need to Know". AM&P Technical Articles 182, nr 2 (1.03.2024): 37–39. http://dx.doi.org/10.31399/asm.amp.2024-02.p037.
Pełny tekst źródłaStreszczenie:
Abstract Cybersecurity Maturity Model Certification (CMMC) 2.0 represents the most recent iteration of the US Department of Defense's cybersecurity regulations. The CMMC 2.0 framework was developed to improve the cybersecurity posture of defense contractors and their supply chain, including heat treaters. This article reviews key requirements and how DoD contractors can prepare for compliance.
3
Fleming, Courtney, Mark Reith i Wayne Henry. "Securing Commercial Satellites for Military Operations: A Cybersecurity Supply Chain Framework". International Conference on Cyber Warfare and Security 18, nr 1 (28.02.2023): 85–92. http://dx.doi.org/10.34190/iccws.18.1.1062.
Pełny tekst źródłaStreszczenie:
The increased reliance on commercial satellites for military operations has made it essential for the Department of Defense (DoD) to adopt a supply chain framework to address cybersecurity threats in space. This paper presents a satellite supply chain framework, the Cybersecurity Supply Chain (CSSC) Framework, for the DoD in the evaluation and selection of commercial satellite contracts. The proposed strategy is informed by research on cybersecurity threats to commercial satellites, national security concerns, current DoD policy, and previous cybersecurity frameworks. This paper aims to provide a comprehensive approach for safeguarding commercial satellites used by the DoD and ensuring the security of their supporting components. Inspired by the National Institute of Standards and Technology (NIST) 800-171 requirements and the DoD’s future Cybersecurity Maturity Model Certification (CMMC) process, the two-part framework significantly streamlines the NIST requirements to accommodate small businesses. It also extends key NIST requirements to commercial-off-the-shelf (COTS) suppliers. The CSSC Framework complements the CMMC certification process by addressing the need for cybersecurity requirements for all subcontractors supporting a commercial space asset. The framework incorporates a scoring process similar to CMMC scoring, granting points to a subcontractor for meeting the cybersecurity requirements outlined by the framework. In addition, the framework creates a space architecture overview that details the overall bid score and establishes a matrix based on individual requirements. This model and matrix allow DoD acquisition personnel to closely analyze each contract bid, comparing the subcontractor's strengths and weaknesses to other bidders. The CSSC Framework will allow the DoD to apply NIST standards to subcontractors who do not meet the requirements for CMMC certification.
4
Levy, Yair, i Ruti Gafni. "Towards the quantification of cybersecurity footprint for SMBs using the CMMC 2.0". Online Journal of Applied Knowledge Management 10, nr 1 (6.09.2022): 43–61. http://dx.doi.org/10.36965/ojakm.2022.10(1)43-61.
Pełny tekst źródłaStreszczenie:
Organizations, small and big, are faced with major cybersecurity challenges over the past several decades, as the proliferation of information systems and mobile devices expand. While larger organizations invest significant efforts in developing approaches to deal with cybersecurity incidents, Small and Medium Businesses (SMBs) are still struggling with ways to both keep their businesses alive and secure their systems to the best of their abilities. When it comes to critical systems, such as defense industries, the interconnectivities of organizations in the supply-chain have demonstrated to be problematic given the depth required to provide a high-level cybersecurity posture. The United States (U.S.) Department of Defense (DoD) with the partnership of the Defense Industry Base (DIB) have developed the Cybersecurity Maturity Model Certification (CMMC) in 2020 with a third-party mandate for Level 1 certification. Following an outcry from many DIB organizations, a newly revised CMMC 2.0 was introduced in late 2021 where Level 1 (Fundamental) was adjusted for annual self-assessment. CMMC 2.0 provides the 17 practices that organizations should self-assess. While these 17 practices provide initial guidance for assessment, the specific level of measurement and how it impacts their overall cybersecurity posture is vague. Specifically, many of these practices use non-quantifiable terms such as “limit”, “verify”, “control”, “identify”, etc. The focus of this work is to provide SMBs with a quantifiable method to self-assess their Cybersecurity Footprint following the CMMC 2.0 Level 1 practices. This paper outlines the foundational literature work conducted in support of the proposed quantification Cybersecurity Footprint Index (CFI) using 26 elements that correspond to the relevant CMMC 2.0 Level 1 practices.
5
Tsvilii, Olena. "Cybersecurity regulation: cybersecurity certification of operational technologies". Technology audit and production reserves 1, nr 2(57) (28.02.2021): 54–60. http://dx.doi.org/10.15587/2706-5448.2021.225271.
Pełny tekst źródłaStreszczenie:
The object of research is the system and schemes of conformity assessment (certification) of cybersecurity of operational technologies (OT), as a set of rules and procedures that describe the objects of certification, determine the specified requirements and provide a methodology for certification. The terminological base and conceptual apparatus of the study of cybersecurity certification of operational technologies are based on the international standard ISO 17000:2020 Conformity assessment – Vocabulary and general principles. Cybersecurity certification systems and schemes are based on assessment standards, the choice and application of which is not unambiguous and historically has many interpretations and application mechanisms. These standards consist of tools, policies, security concepts, security assurances, guidelines, risk management approaches, best practices, safeguards, and technologies. But they have, to one degree or another, a significant drawback – the complexity of transforming the results of information security assessment according to these standards into security guarantees with any wide international recognition. In the context of globalization, this significantly degrades the cybersecurity quality. The main hypothesis of research is that the cybersecurity quality can be improved by converging towards a common methodology that is based on agreed international standards and international best practice for certification. The question of the key role of cybersecurity for operational technologies, which become the basis for Economy 4.0 and are now considered as a new frontier of cybersecurity, is considered. The need to create a system and schemes for certification of OT cybersecurity based on international and European certification principles is shown. A hierarchical model of cybersecurity certification system assessment standards and a hierarchical model of agreements on mutual recognition of cybersecurity certificates have been developed, which will allow a systematic approach to the creation of a system and schemes for OT cybersecurity certification. This provides an opportunity for developers of systems and certification schemes to form OT cybersecurity certification systems based on the principles of wide cross-border recognition of OT cybersecurity certificates.
6
Tsvilii, Olena. "SYSTEM OF CERTIFICATION OF CYBERSECURITY OF INFORMATION AND COMMUNICATIONS TECHNOLOGIES". Proceedings of the O.S. Popov ОNAT 1, nr 2 (31.12.2020): 121–34. http://dx.doi.org/10.33243/2518-7139-2020-1-2-121-134.
Pełny tekst źródłaStreszczenie:
Cybersecurity of information and communication technologies (hereinafter - ICT) is a key issue for maintaining the functioning and security of the digital economy and public administration in the soon. An important role in the field of cybersecurity is played by the conformity assessment (certification) of cybersecurity. This may apply to the cybersecurity of ICT components, products, equipment, services and processes, to the cybersecurity of cloud services, to the cybersecurity of technological processes, to personal competence in the field of cybersecurity, and so on. Cybersecurity certification rules, procedures, and management establish a certification scheme, and a set of rules and procedures for managing similar or related conformity assessment schemes form a certification system. Creating cybersecurity certification schemes is a priority and relevant today. There are now a number of systems and assessment standards that can be applied to cybersecurity certification, but they do not ensure mutual recognition of test laboratory test and evaluation procedures and results, and the pursuit of harmonized and comparable cybersecurity assessment and implementation procedures. This situation is a global problem. Accordingly, the current legislation of Ukraine in the field of cybersecurity sets tasks for the application of the best international and European principles of conformity assessment of information and cybersecurity. The creation of cybersecurity certification systems and schemes based on international and European principles of conformity assessment requires appropriate scientific and methodological support. The article proposes a hierarchical model of assessment standards for the cybersecurity certification system and a hierarchical model of agreements on mutual recognition of cybersecurity certificates. Also, in the article, based on these models, the basics of the Cyber Security Certification System and Cyber Security Certification Schemes for ICT products and cloud services are proposed, with an emphasis on such elements as: assessment standards; accreditation of certification bodies; mutual recognition of certification results
7
Kour, Ravdeep, Ramin Karim i Adithya Thaduri. "Cybersecurity for railways – A maturity model". Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit 234, nr 10 (18.10.2019): 1129–48. http://dx.doi.org/10.1177/0954409719881849.
Pełny tekst źródłaStreszczenie:
With the advancements in and widespread adoption of information and communication technologies in infrastructures, cyber-attacks are becoming more frequent and more severe. Advanced cybersecurity threats with automated capabilities are increasing in such sectors as finance, health, grid, retail, government, telecommunications, transportation, etc. Cyber-attacks are also increasing in railways with an impact on railway stakeholders, e.g. threat to the safety of employees, passengers, or the public in general; loss of sensitive railway information; reputational damage; monetary loss; erroneous decisions; loss of dependability, etc. There is a need to move towards advanced security analytics and automation to identify, respond to, and prevent such security breaches. The objective of this research is to reduce cyber risks and vulnerabilities and to improve the cybersecurity capabilities of railways by evaluating their cybersecurity maturity levels and making recommendations for improvements. After assessing various cybersecurity maturity models, the Cybersecurity Capability Maturity Model (C2M2) was selected to assess the cybersecurity capabilities of railway organizations. The contributions of this research are as follows. First, a new maturity level MIL4 (Maturity Indicator Level 4) is introduced in the C2M2 model. Second, the C2M2 model is adapted by adding advanced security analytics and threat intelligence to develop the Railway-Cybersecurity Capability Maturity Model (R-C2M2). The cybersecurity maturity of three railway organizations is evaluated using this model. Third, recommendations and available standards & guidelines are provided to the three railway organizations to improve maturity levels within different domains. In addition, they are given an action plan to implement the recommendations in a streamlined way. The application of this model will allow railway organizations to improve their capability to reduce the impacts of cyber-attacks and eradicate vulnerabilities. The approach can also be extended to other infrastructures with necessary adaptations.
8
Yigit Ozkan, Bilge, Sonny van Lingen i Marco Spruit. "The Cybersecurity Focus Area Maturity (CYSFAM) Model". Journal of Cybersecurity and Privacy 1, nr 1 (13.02.2021): 119–39. http://dx.doi.org/10.3390/jcp1010007.
Pełny tekst źródłaStreszczenie:
The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.
9
Kunsook, Kritiyaporn, Sotarat Thammaboosadee i Rojjalak Chuckpaiwong. "Sustainable Organic Farming Maturity Model". International Journal on Advanced Science, Engineering and Information Technology 14, nr 2 (23.04.2024): 706–16. http://dx.doi.org/10.18517/ijaseit.14.2.19504.
Pełny tekst źródłaStreszczenie:
Organic farming is of the utmost importance in promoting environmentally sustainable agricultural practices, minimizing environmental contamination, and avoiding using chemical fertilizers and genetically modified organisms (GMOs). Even inexperienced and seasoned farmers frequently encounter formidable obstacles when attempting to authenticate their organic farming status by acquiring organic agriculture certification. The current level of agricultural land maturity is accurately assessed by a comprehensive model presented in this study, which also provides a framework for the transition to organic farming standards. These maturity models were formulated through an exhaustive analysis of agricultural standards, an extensive review of pertinent literature, and expert interviews conducted in 15 distinct locations, with each expert holding certification in a minimum of three organic agricultural standards. Identifying characteristics germane to organic standards, integrating them into maturity models, and establishing maturity items and dimensions are also components of the study. The outcome of our investigation is the Sustainable Organic Farming Maturity (SOFaM) model, which consists of five levels and eight dimensions, as well as a standard operating procedure manual for organic agricultural standard certification applications. This model's potential as an assessment instrument for determining the maturity level of agricultural land has been validated by experts who hold credentials in three distinct domains and three locations. The SOFaM model has the potential to function as a paradigm shift in the agricultural sector, streamline the certification process following organic farming standards, and guarantee adherence to predetermined criteria.
10
Morales-Fernández, Rogelio, José Alfonso Brito-Rojas i Jaime Arturo Villaseñor Marcial. "CAPABILITY MATURITY MODEL INTEGRATION (CMMI)". Revista de Investigación en Tecnologías de la Información 2, nr 3 (czerwiec 2014): 15–20. http://dx.doi.org/10.36825/riti.02.03.003.
Pełny tekst źródłaStreszczenie:
Capability Maturity Model Integration or CMMI (Capability Maturity Model Integration) is a combination of process improvement models for what is systems engineering, and software, is derived from CMM, differentiating itself from this by the integration of some quality models such as the Electronic Industries Alliance Interim Standard (EIA / IS) 731. Basically the CMMI, is a global certification to measure the maturity of an organization in the design and development of software, to give us an idea of this certification, just There are 117 organizations around the world that can boast of having it. Currently it is one of the most used models worldwide in the software industry, which when applied mainly allows the reduction of costs and decreases the repetition of work.
11
Aliyu, Aliyu, Leandros Maglaras, Ying He, Iryna Yevseyeva, Eerke Boiten, Allan Cook i Helge Janicke. "A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom". Applied Sciences 10, nr 10 (25.05.2020): 3660. http://dx.doi.org/10.3390/app10103660.
Pełny tekst źródłaStreszczenie:
As organisations are vulnerable to cyberattacks, their protection becomes a significant issue. Capability Maturity Models can enable organisations to benchmark current maturity levels against best practices. Although many maturity models have been already proposed in the literature, a need for models that integrate several regulations exists. This article presents a light, web-based model that can be used as a cybersecurity assessment tool for Higher Education Institutes (HEIs) of the United Kingdom. The novel Holistic Cybersecurity Maturity Assessment Framework incorporates all security regulations, privacy regulations, and best practices that HEIs must be compliant to, and can be used as a self assessment or a cybersecurity audit tool.
12
Peliukh, O. I., M. V. Yesina i D. Yu Holubnychyi. "CERT-UA assessment based on the CSIRT ENISA Maturity Model". Radiotekhnika, nr 213 (16.06.2023): 41–48. http://dx.doi.org/10.30837/rt.2023.2.213.04.
Pełny tekst źródłaStreszczenie:
Cybersecurity threats are steadily increasing in today's world, which is characterised by increased openness and integration into the global network. The proliferation of cyber incidents, including hacker attacks, confidential data leaks and information theft, is becoming an extremely pressing issue in this context. Accordingly, the eradication of these threats requires the development of effective methods of responding to cyber incidents. The central theme of this article is to consider the critical importance of assessing and improving the effectiveness of cyber incident response teams. The structure of such a team, including cybersecurity specialists, network engineers, analysts, etc., is aimed at identifying, analysing and overcoming threats in cyberspace. The key aspects of assessing such a team, like abilities, experience, communication skills and level of cooperation, are presented clearly through the prism of the updated ENISA CSIRT Maturity Model. The article uses the Computer Emergency Response Team in Ukraine (CERT-UA), a national team operating under the leadership of the State Service for Special Communications and Information Protection of Ukraine, to illustrate the methods of assessing a cyber incident response team. The assessment of the team, based on the ENISA CSIRT Maturity Model, points to key aspects that determine its effectiveness. The paper provides a clear view of the process of measuring cyber incident response teams through a systematic approach that identifies their strengths and weaknesses. The maturity analysis of the CERT-UA provides recommendations for further development of the team, which can be an important resource for academics, cybersecurity experts and government officials interested in improving the effectiveness of cyber threat response. It highlights the importance of assessing cyber incident response teams to ensure cybersecurity and information protection. Awareness of this issue contributes to continuous improvement and readiness to respond effectively to growing challenges in the modern digital environment.
13
Abhilash Maroju, Srinivas A Vaddadi, Sravanthi Dontu, Rohith Vallabhaneni,. "An Empirical Paradigm on Cybersecurity Vulnerability Mitigation Framework". International Journal on Recent and Innovation Trends in Computing and Communication 11, nr 9s (31.08.2023): 786–92. http://dx.doi.org/10.17762/ijritcc.v11i9s.9484.
Pełny tekst źródłaStreszczenie:
Current cybersecurity vulnerability assessment tools were developed in accordance with guidelines established by entities like the National Institute of Standards and Technology (NIST) and the United States Department of Energy. When assessing their facility's cybersecurity maturity, owners and operators of critical infrastructure frequently use frameworks like the NIST Cybersecurity Framework (CSF) and the cybersecurity capability maturity model (C2M2). These frameworks are great at finding vulnerabilities and doing qualitative cybersecurity analysis, but they don't help you get to the level of cybersecurity maturity you want by letting you prioritise how you fix those flaws. Cyber dangers pose a significant risk to businesses and are becoming more pervasive in our everyday lives. In this way, businesses may devise a strategy and set of guidelines by simulating a breach attack. But these strategies are based on experts' tacit knowledge. In response to this problem, the authors of this study suggest an automated and formal process for creating prioritised action plans to enhance environmental transparency. An experiment proving the validity of the proposed method was conducted, yielding consistent and applicable results to the tested scenario. Through testing against a real-world cyberattack that targeted industrial control systems at a critical infrastructure facility, this article presents a thorough architecture of CyFEr and demonstrates its application to CSF.
14
Roy, Yanina, Olena Riabchun i Valeriy Yermoshin. "MATURITY MODEL OF CYBER SECURITY SYSTEM OPPORTUNITIES AT CRITICAL INFRASTRUCTURE FACILITIES OF THE ES-C2M2 ENERGY SECTOR". Cybersecurity: Education, Science, Technique 2, nr 10 (2020): 67–74. http://dx.doi.org/10.28925/2663-4023.2020.10.6774.
Pełny tekst źródłaStreszczenie:
Currently, a large set of IS maturity assessment models based on similar principles is available for both commercial and government organizations and institutions. At the same time, the actual use of such models is quite limited, primarily due to the weak attachment to the characteristics of specific organizations. This problem is partially solved by adapting existing approaches in the form of industry models (for example, ES-C2M2 for companies in the energy sector, ONG-C2M2 for companies in the oil and gas sector). Moreover, the emergence of a new model is very likely, which includes not only qualitative analysis through a set of characteristics / domains, but also a quantitative assessment of cybersecurity, which will use the assessment for both strategic and operational planning, as well as create an advanced expert analytical system . The best solution today is to start implementing any of the existing evaluation models with further adaptation and expansion for your own needs. Similar principles of model building will allow in the future to migrate painlessly to a more appropriate, while the experience gained in the assessment, as well as statistics will judge the progress of IS processes in the enterprise, and, importantly, in a convenient and understandable for senior management. The ES-C2M2 Cyber Security Maturity Model can significantly help energy sector organizations to assess and improve their cybersecurity areas. The ES-C2M2 Capability Maturity Model is part of the DOE Cybersecurity Capability Maturity Program (C2M2) and was developed to address the unique characteristics of the energy subsector. The opportunity maturity model is a tool for self-assessment to measure and improve their cybersecurity areas. International standards and practices in the field of information security recommend that organizations when planning IS activities to assess the current state of IS and set a target for the near future, the achievement of which will allow the company to effectively address existing threats and respond to new challenges and threats of IS.
15
Nowrozy, Raza. "GPTs or Grim Position Threats? The Potential Impacts of Large Language Models on Non-Managerial Jobs and Certifications in Cybersecurity". Informatics 11, nr 3 (11.07.2024): 45. http://dx.doi.org/10.3390/informatics11030045.
Pełny tekst źródłaStreszczenie:
ChatGPT, a Large Language Model (LLM) utilizing Natural Language Processing (NLP), has caused concerns about its impact on job sectors, including cybersecurity. This study assesses ChatGPT’s impacts in non-managerial cybersecurity roles using the NICE Framework and Technological Displacement theory. It also explores its potential to pass top cybersecurity certification exams. Findings reveal ChatGPT’s promise to streamline some jobs, especially those requiring memorization. Moreover, this paper highlights ChatGPT’s challenges and limitations, such as ethical implications, LLM limitations, and Artificial Intelligence (AI) security. The study suggests that LLMs like ChatGPT could transform the cybersecurity landscape, causing job losses, skill obsolescence, labor market shifts, and mixed socioeconomic impacts. A shift in focus from memorization to critical thinking, and collaboration between LLM developers and cybersecurity professionals, is recommended.
16
Estorilio, Carla C. A., i Lígia de Oliveira Franzosi Bessa. "Relationship between food industries maturity and quality certification". Independent Journal of Management & Production 11, nr 7 (1.12.2020): 2827–48. http://dx.doi.org/10.14807/ijmp.v11i7.1201.
Pełny tekst źródłaStreszczenie:
Purpose: The purpose of this paper is to analyze the PDP (Product Development Process) maturity level in the food industry to identify the compatibility status of their quality certification and their maturity level.Design/methodology/approach: A bibliographical review was conducted about product development, maturity process, and Capability Maturity Model Integration (CMMI). An adapted method from CMMI was used, which allows evaluating the level of maturity, through a semi-structured questionnaire. The questionnaires were applied in five companies of this industry and then, an analysis of the information obtained in each company was carried out and compared, aiming to understand the sector maturity.Findings: After conducting the interviews in each company, the median of each group of questions was calculated, according to the methodology described. Data collected from this sector show consistency between certification time and maturity level. Research limitations/implications: Due to the low number of respondents, this data cannot be generalized to this sector, being considered only an indication of the situation of the food industry located in Curitiba region. Practical implications: This study shows the relationship between the maturity level of food industry and ISO 9001 quality certification. The study shows that for the company to obtain an ISO certification, it must have been at least maturity level 2, highlighting, as well, the main deficiencies of this sector. Originality/value: The original value is to show the relationship between the maturity level of food industry and ISO 9001 quality certification.
17
Abdullahi Garba, Adamu, Aliyu Musa Bade, Muktar Yahuza i Ya’u Nuhu. "Cybersecurity capability maturity models review and application domain". International Journal of Engineering & Technology 9, nr 3 (2.09.2020): 779. http://dx.doi.org/10.14419/ijet.v9i3.30719.
Pełny tekst źródłaStreszczenie:
Cybersecurity is a way of protecting organization critical assets, through the identification of cyber threats that can compromise the information stored, it involves the protection, identification, and responding to threats. The main aim of this article is to conduct an ample review of the published cybersecurity capability maturity models using a systematic review of published articles from 2014 to 2019. Features of Hal- vorsen and Conradi’s taxonomy were adopted to explain the models identified. The results indicated adopting a model to a certain organization is not feasible. However, modification is required before implementation, as the cost of implementation is not available when conducting this research.
18
Domnik, Jan, i Alexander Holland. "On Data Leakage Prevention Maturity: Adapting the C2M2 Framework". Journal of Cybersecurity and Privacy 4, nr 2 (30.03.2024): 167–95. http://dx.doi.org/10.3390/jcp4020009.
Pełny tekst źródłaStreszczenie:
In an evolving cybersecurity landscape marked by escalating data breaches and regulatory demands, data leakage prevention (DLP) has emerged as one of several defense mechanisms. This study underscores unresolved foundational issues within DLP, revealing that it remains a significant challenge in large organizations. This highlights the necessity for a holistic approach to DLP to effectively address these persistent challenges. By developing a DLP Maturity Model, adapted from the renowned C2M2 framework, this research provides a comprehensive tool for assessing organizational DLP capabilities and pinpointing critical gaps. Applying the DLP Maturity Model within the financial sector as demonstrated through a banking scenario showcases its relevance and added value. This application illuminates the model’s effectiveness in securing sensitive data and adhering to essential regulatory standards, highlighting its adaptability across various compliance landscapes. Implementing this DLP Maturity Model in a banking scenario showcases its applicability, highlighting its ability to formulate a strategy to secure sensitive data and comply with regulatory standards. This approach aligns with the concept of a continuous risk-based strategy, merging the holistic model to identify and address critical insider risks within organizations. The study addresses a specific gap in DLP research, notably the lack of a holistic framework for assessing and enhancing DLP strategies across organizations. It equips practitioners with a foundational tool to determine current DLP maturity and devise strategies for mitigating insider-driven data breach risks, thereby bolstering organizational cybersecurity resilience.
19
Pigola, Angélica, i Priscila Rezende da Costa. "Dynamic Capabilities in Cybersecurity Intelligence: A Meta-Synthesis to Enhance Protection Against Cyber Threats". Communications of the Association for Information Systems 53, nr 1 (2023): 1099–135. http://dx.doi.org/10.17705/1cais.05347.
Pełny tekst źródłaStreszczenie:
Advanced cybersecurity threats with automated capabilities are on the rise in industries such as finance, healthcare, technology, retail, telecoms, and transportation, as well as government. It is necessary to conduct analyses of cybersecurity-related resources and capabilities to build cybersecurity intelligence (CI). The purpose of this paper is to suggest a dynamic capability in a cybersecurity intelligence (DCCI) model based on existing literature that helped firms reduce risks of cyber violations and advance the development of systems and the life cycle of firms. Through a meta-synthesis, an abduction and induction approach through eight methodological steps analyzed in forty-seven case studies the presence of cybersecurity capabilities to build CI. Combining theoretical and practical information security maturity models as a foundation, we understand capabilities building to improve the predictability of cyber incidents. The results evidenced four second-order dimensions to build CI named doing, enabling, improving, and managing cybersecurity, and eight first-order outcomes to represent the DCCI model. This research makes an unprecedented contribution to international and national scenarios, as it will allow firms to innovate their resource management processes and abilities to enable better cybersecurity projects and reduce the impacts of potential cyberattacks with the probability of eradicating vulnerabilities.
20
Varona Taborda, María Alejandra. "Dynamic Cybersecurity Model based on ISO standards for Higher Education Institutions in Colombia". Ingeniería Solidaria 17, nr 3 (6.09.2021): 1–21. http://dx.doi.org/10.16925/2357-6014.2021.03.05.
Pełny tekst źródłaStreszczenie:
Introduction: This article is the result of a research process whose product was to generate a guide for Higher Education Institutions (in Spanish, IES) to adopt a Cybersecurity Model based on ISO standards (International Organization for Standardization).
Problem: IES do not have a cybersecurity model aligned to the ISO / IEC 27032: 2012 standard (International Organization for Standardization / International Electrotechnical Commission), which causes a lack of clarity and uncertainty in the level of maturity and low efficiency in processes and information security controls to be implemented.
Objective: Propose a dynamic model of cybersecurity based on ISO standards for IES.
Methodology: The development of this work was oriented under a line of applied research, by virtue of the fact that it was necessary to address the problem based on previous knowledge that allowed supporting the theoretical contributions and the activities proposed to determine the possible causes of the problem and give it a possible solution.
Results: The generation of this dynamic model allows it to be adapted to the different needs and requirements of IES.
Conclusion: IES can implement a cybersecurity model to prevent and protect information at the cyberspace level.
Originality: The work carried out generates a great contribution, which is the generation of a dynamic cybersecurity model, since at present there are no specific models for IES.
Limitations: The model implementation guide is established in a general way to be applied later to an organization in any sector.
Keywords: Dynamic Cybersecurity Model, Higher Education Institutions, ISO/IEC 27032: 2012, Security Standards.
21
Almomani, Iman, Mohanned Ahmed i Leandros Maglaras. "Cybersecurity maturity assessment framework for higher education institutions in Saudi Arabia". PeerJ Computer Science 7 (9.09.2021): e703. http://dx.doi.org/10.7717/peerj-cs.703.
Pełny tekst źródłaStreszczenie:
The Saudi Arabia government has proposed different frameworks such as the CITC’s Cybersecurity Regulatory Framework (CRF) and the NCA’s Essential Cybersecurity Controls (ECC) to ensure data and infrastructure security in all IT-based systems. However, these frameworks lack a practical, published mechanism that continuously assesses the organizations’ security level, especially in HEI (Higher Education Institutions) systems. This paper proposes a Cybersecurity Maturity Assessment Framework (SCMAF) for HEIs in Saudi Arabia. SCMAF is a comprehensive, customized security maturity assessment framework for Saudi organizations aligned with local and international security standards. The framework can be used as a self-assessment method to establish the security level and highlight the weaknesses and mitigation plans that need to be implemented. SCMAF is a mapping and codification model for all regulations that the Saudi organizations must comply with. The framework uses different levels of maturity against which the security performance of each organization can be measured. SCMAF is implemented as a lightweight assessment tool that could be provided online through a web-based service or offline by downloading the tool to ensure the organizations’ data privacy. Organizations that apply this framework can assess the security level of their systems, conduct a gap analysis and create a mitigation plan. The assessment results are communicated to the organization using visual score charts per security requirement per level attached with an evaluation report.
22
Uraipan, Naris, Prasong Praneetpolgrang i Tharini Manisri. "Application of an Analytic Hierarchy Process to Select the Level of a Cyber Resilient Capability Maturity Model in Digital Supply Chain Systems". ECTI Transactions on Computer and Information Technology (ECTI-CIT) 15, nr 2 (27.04.2021): 198–207. http://dx.doi.org/10.37936/ecti-cit.2021152.240631.
Pełny tekst źródłaStreszczenie:
Cyber resilient is the ability to prepare for, respond to and recover from cyber attacks. Cyber resilient has emerged over the past few years because traditional cybersecurity measures are no longer enough to protect organizations from the spate of persistent attacks. It helps an organization protect against cyber risks, defend against and limit the severity of attacks, and ensure its continued survival despite an attack.The cyber resilient capability maturity model is a very important element within an effective in digital supply chain. The maturity model has 6 components: identify, protect, detect, respond, recover and continuity which affect the cybersecurity of the organization. To measure the maturity level needs a holistic approach. Therefore, the analytic hierarchy process (AHP) approach which allows both multi-criteria and simultaneous evaluation. Generally, the factors affecting cyber resilient in digital supply chain have non-physical structures. Therefore, the real problem can be represented in a better way by using fuzzy numbers instead of numbers to evaluate these factors. In this study, a fuzzy AHP approach is proposed to determine the cyber resilient capability maturity level in digital supply chain. The proposed method is applied in a real SMEs company. In the application, factors causing are weighted with triangular fuzzy numbers in pairwise comparisons. The result indicate that the weight factors from comparing the relationship of all factors put the importance of identify factors first, followed by protect, detect, respond, recover and continuity respectively.
23
Ferreira, Daniel Jorge, i Henrique São Mamede. "Predicting Cybersecurity Risk - A Methodology for Assessments". ARIS2 - Advanced Research on Information Systems Security 2, nr 2 (30.12.2022): 50–63. http://dx.doi.org/10.56394/aris2.v2i2.23.
Pełny tekst źródłaStreszczenie:
Defining an appropriate cybersecurity incident response model is a critical challenge that all companies face on a daily basis.However, there is not always an adequate answer. This is due to the lack of predictive models based on data (evidence). There is a significant investment in research to identify the main factors that can cause such incidents, always trying to have the most appropriate response and, consequently, enhancing response capacity and success. At the same time, several different methodologies assess the risk management and maturity level of organizations.There is, however, a gap in determining an organization's degree of proactive responsiveness to successfully adopt cybersecurity and an even more significant gap in assessing it from a risk management perspective. This paper proposes a model to evaluate this capacity, a model that intends to evaluate the methodological aspects of an organization and indicates the apparent gaps that can negatively impact the future of the organization in the management of cybersecurity incidents and presents a model that intends to be proactive.
24
Mori, Shigeo, i Atsuhiro Goto. "Reviewing National Cybersecurity Strategies". Journal of Disaster Research 13, nr 5 (1.10.2018): 957–66. http://dx.doi.org/10.20965/jdr.2018.p0957.
Pełny tekst źródłaStreszczenie:
The damages caused by cyber-attacks are becoming larger, broader and more serious and to include monetary losses and losses of lifeline. Some cyber-attacks are arguably suspected to be parts of national campaigns. Under such circumstances, the public sector must endeavour to enhance the national cybersecurity capacities. There are several benchmarks for national cybersecurity, i.e., a snapshot relative assessment of a nation’s cybersecurity strength at a global level. However, by considering the development of technology, attackers’ skills and capacities of other nations, we believe that it is more important to review the national strategy for cybersecurity capacity enhancement and to ensure that the national capacity advances adequately in the coming years. We propose a method of reviewing national strategies. Additionally, we performed a trial review of the Japanese cybersecurity strategy using the Cybersecurity Capacity Maturity Model for Nations (CSCMMN) developed by the Global Cyber Security Capacity Centre. This trial proved to be workable because it detected various possibly inadequate (insufficient, inappropriate or inefficient, although further investigation is needed) approaches in the Japanese strategy. Moreover, the review also discovered the shortcomings of the capacity areas in the CSCMMN. We plan to improve the reviewing method and develop the improvement process of national strategies for cybersecurity capacity enhancement.
25
Scherz, Marco, Bernd Markus Zunk, Christian Steinmann i Helmuth Kreiner. "How to Assess Sustainable Planning Processes of Buildings? A Maturity Assessment Model Approach for Designers". Sustainability 14, nr 5 (1.03.2022): 2879. http://dx.doi.org/10.3390/su14052879.
Pełny tekst źródłaStreszczenie:
Over the past decades, it has become apparent that increasing demands in the construction industry have repeatedly led to project delays and increased project costs in practice. These demands have increased as a result of international and national action plans that have been developed to achieve the climate target paths and, therefore, the necessary reduction of CO2 emissions in the construction industry. We address this problem by developing a sustainable construction maturity model (SCOMM) to answer the following research question: “What is a holistic quality assurance tool for the early design phase of buildings to monitor (sustainable) planning practices in order to achieve better certification results?”. The model includes a self-assessment procedure for the building design process, based on Software Process Improvement and Capability dEtermination (SPiCE) and the German Sustainable Building Council (DGNB) building certification system. The results show that systemic interactions between sustainability criteria can be identified in the early design phase, allowing the quality of planning practices to be evaluated and early project management to be implemented to achieve the best certification results. Our findings will enable clients and users of the construction industry to better manage the complexity of the sustainable design process and avoid undesirable developments in building projects.
26
Hochstetter-Diez, Jorge, Mauricio Diéguez-Rebolledo, Julio Fenner-López i Cristina Cachero. "AIM Triad: A Prioritization Strategy for Public Institutions to Improve Information Security Maturity". Applied Sciences 13, nr 14 (19.07.2023): 8339. http://dx.doi.org/10.3390/app13148339.
Pełny tekst źródłaStreszczenie:
In today’s world, private and government organizations are legally obligated to prioritize their information security. They need to provide proof that they are continually improving their cybersecurity compliance. One approach that can help organizations achieve this goal is implementing information security maturity models. These models provide a structured framework for measuring performance and implementing best practices. However, choosing a suitable model can be challenging, requiring cultural, process, and work practice changes. Implementing multiple models can be overwhelming, if possible. This article proposes a prioritization strategy for public institutions that want to improve their information security maturity. We thoroughly analyzed various sources through systematic mapping to identify critical similarities in information security maturity models. Our research led us to create the AIM (Awareness, Infrastructure, and Management) Triad. This triad is a practical guide for organizations to achieve maturity in information security practices.
27
Rosak-Szyrocka, Joanna, i Marek Roszak. "The role of the EFQM model in precepting quality in Polish enterprises". Multidisciplinary Aspects of Production Engineering 2, nr 1 (1.09.2019): 399–406. http://dx.doi.org/10.2478/mape-2019-0040.
Pełny tekst źródłaStreszczenie:
Abstract The purpose of the paper is to determine the degree of Polish companies’ maturity applying for Quality of the Year certification based on the EFQM excellence model. The study was conducted using a questionnaire (CAWI – computer assisted web interview). Company to get certified Quality of the Year had to get in the field of self-assessment carried out by the EFQM model at least 56%. Results and its analysis showed that among the 49 analyzed large companies seeking Quality of the Year certification only 3 achieved a value of 80% and above. Among the 10 companies selected for analysis only 3 has taken improvement actions. Based on the study carried out, the authors demonstrated that the analyzed companies that have been certified Quality of the Year are mature and conscious of quality, continuously improve, and apply modern techniques (traditional quality management tools, new quality management tools, quality management methods). The factors that determine the maturity and the awareness of the company in terms of quality are the elements included in the EFQM model (1. Leadership. 2. Vision, strategy, policy. 3. Human resources management. 4. Resource Management. 5. Process Management. 6. Customer satisfaction. 7. Employee satisfaction. 8. Cooperation with the environment. 9. Achievements companies in relation to the goals), as well as the awareness and the ability to use modern techniques.
28
Tavares de Aquino, Andre, i Renata Maciel de Melo. "Multicriteria model for selecting TQM consultancy and certification services". Benchmarking: An International Journal 23, nr 7 (3.10.2016): 1736–50. http://dx.doi.org/10.1108/bij-05-2015-0049.
Pełny tekst źródłaStreszczenie:
Purpose The purpose of this paper is to establish the need and the importance of adopting a structured model to support the decisions by using a multicriteria focus to guide drawing up a methodological framework. In addition, this study considers the maturity level of the organization, and the importance of continuous improvement after implementing ISO 9001. Design/methodology/approach This study presents a scientific technical foundation of the qualifying and selection criteria of the consultancy and Accredited Certification Body (ACB) by using ISO standards, and the guidance document CB25, which is related to quality. Finally, a numeric application with realistic data is undertaken using the PROMETHEE II method, and the GAIA plan. Findings The development of this study provides a new insight into the importance for selecting consultancy, and certification services in order to implement quality management systems within organizations. Research limitations/implications The current study is limited to the quality management services. If necessary to apply the same model to other areas, it is necessary looking for documents and regulations of this field. In addition, this model is focussed on a model for small or medium companies, which are still trying to achieve a higher position in the sector, and do not have experts in quality management. Originality/value The differential of this study is the foundation of the criteria for the proposed model. Other studies choose these criteria without any scientific basis. On the other hand, this study goes over many documents.
29
Khan, T. U. R., P. Davis i F. J. Behr. "A FRAMEWORK FOR AN OPEN SOURCE GEOSPATIAL CERTIFICATION MODEL". ISPRS - International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences XLI-B6 (17.06.2016): 57–64. http://dx.doi.org/10.5194/isprs-archives-xli-b6-57-2016.
Pełny tekst źródłaStreszczenie:
The geospatial industry is forecasted to have an enormous growth in the forthcoming years and an extended need for well-educated workforce. Hence ongoing education and training play an important role in the professional life. Parallel, in the geospatial and IT arena as well in the political discussion and legislation Open Source solutions, open data proliferation, and the use of open standards have an increasing significance. Based on the Memorandum of Understanding between International Cartographic Association, OSGeo Foundation, and ISPRS this development led to the implementation of the ICA-OSGeo-Lab imitative with its mission “Making geospatial education and opportunities accessible to all”. Discussions in this initiative and the growth and maturity of geospatial Open Source software initiated the idea to develop a framework for a worldwide applicable Open Source certification approach. <br><br> Generic and geospatial certification approaches are already offered by numerous organisations, i.e., GIS Certification Institute, GeoAcademy, ASPRS, and software vendors, i. e., Esri, Oracle, and RedHat. They focus different fields of expertise and have different levels and ways of examination which are offered for a wide range of fees. <br><br> The development of the certification framework presented here is based on the analysis of diverse bodies of knowledge concepts, i.e., NCGIA Core Curriculum, URISA Body Of Knowledge, USGIF Essential Body Of Knowledge, the “Geographic Information: Need to Know", currently under development, and the Geospatial Technology Competency Model (GTCM). The latter provides a US American oriented list of the knowledge, skills, and abilities required of workers in the geospatial technology industry and influenced essentially the framework of certification. <br><br> In addition to the theoretical analysis of existing resources the geospatial community was integrated twofold. An online survey about the relevance of Open Source was performed and evaluated with 105 respondents worldwide. 15 interviews (face-to-face or by telephone) with experts in different countries provided additional insights into Open Source usage and certification. <br><br> The findings led to the development of a certification framework of three main categories with in total eleven sub-categories, i.e., “Certified Open Source Geospatial Data Associate / Professional”, “Certified Open Source Geospatial Analyst Remote Sensing & GIS”, “Certified Open Source Geospatial Cartographer”, “Certified Open Source Geospatial Expert”, “Certified Open Source Geospatial Associate Developer / Professional Developer”, “Certified Open Source Geospatial Architect”. Each certification is described by pre-conditions, scope and objectives, course content, recommended software packages, target group, expected benefits, and the methods of examination. Examinations can be flanked by proofs of professional career paths and achievements which need a peer qualification evaluation. After a couple of years a recertification is required. <br><br> The concept seeks the accreditation by the OSGeo Foundation (and other bodies) and international support by a group of geospatial scientific institutions to achieve wide and international acceptance for this Open Source geospatial certification model. <br><br> A business case for Open Source certification and a corresponding SWOT model is examined to support the goals of the Geo-For-All initiative of the ICA-OSGeo pact.
30
Maingak, Akmal Zaifullah, Candiwan Candiwan i Listyo Dwi Harsono. "Information Security Assessment Using ISO/IEC 27001:2013 Standard on Government Institution". TRIKONOMIKA 17, nr 1 (17.09.2018): 28. http://dx.doi.org/10.23969/trikonomika.v17i1.1138.
Pełny tekst źródłaStreszczenie:
The purpose of this research is to determine the existing gap to achieve ISO/IEC 27001:2013 certification and determine the maturity level of the information system owned by X Government Institution. The information system of X Government Institution would be assessed based on 14 clauses contained in ISO/IEC 27001: 2013. The method used is qualitative method, data collection and data validation with triangulation technique (interview, observation, and documentation). Data analysis used gap analysis and to measure the maturity level of this research used CMMI (Capability Maturity Model for Integration). The result of the research showed that information security which had been applied by X Government Institution was at level 1 (Initial) which meant there was evidence that the institution was aware of problems that needed to be overcome, unstandardized process, and tended to handle the problem individually or by case.
31
Botha-Badenhorst, Danielle, André Martin McDonald, Graham David Barbour, Ethan Buckinjohn i Wian Gertenbach. "On The Zero-Trust Intranet Certification Problem". International Conference on Cyber Warfare and Security 19, nr 1 (21.03.2024): 10–18. http://dx.doi.org/10.34190/iccws.19.1.2054.
Pełny tekst źródłaStreszczenie:
Securing corporate networks and ensuring the trustworthiness of network resources are critical security concerns for organisations in today's interconnected digital landscape. The zero-trust security model is an approach to designing and implementing ICT systems which prescribes that clients and servers cannot be trusted automatically, even when connected to networks traditionally considered trusted. The implementation of the zero-trust model within the corporate intranet requires a secure method to verify the identity of local servers. On the Internet, trust in the identity of public servers is established by well-known public Certificate Authorities (CAs), which issue digital certificates to securely identify servers. However, local intranet servers exist within the internal address space of the network. Consequently, it is impossible to naturally obtain digital certificates for these servers, validly signed by a public CA, without publicly disclosing sensitive information such as intranet server Domain Name System (DNS) records. This leaves organisations with the option of relying on endpoint management systems to install custom CA root certificates on all corporate browsers or, in some cases, ignoring the problem altogether. In this paper, we draw on practical experience in the deployment of cybersecurity devices in corporate intranets to formally define the intranet certification problem. We specify five requirements that a solution to this problem must satisfy. We then conduct a comprehensive review of existing candidate solutions and academic research relevant to the intranet certification problem. Specifically, existing ICT systems for public key infrastructure and endpoint management are identified and evaluated with respect to their ability to meet the stated requirements for solving the intranet certification problem, as well as their cost. Our study reveals that solutions that meet the technical and security requirements of the intranet certification problem are beyond the reach of smaller private sector companies and public sector organisations in underdeveloped and emerging economies. The high cost and technical expertise required for their implementation and management render these solutions impractical. Consequently, by relying on servers with self-signed certificates, these entities inadvertently leave their servers susceptible to impersonation, information theft, and unauthorised resource access, thus violating the fundamental principles of the zero-trust model. We conclude that a gap exists for a simple, cost-effective, and easily managed solution to the intranet certification problem.
32
Ribeiro, Renata Maciel, Sergio Ricardo Barros, Julio Cesar Wasserman i Barbara Franz. "DIAGNOSIS FOR THE IMPLEMENTATION OF AN ENVIRONMENTAL MANAGEMENT SYSTEM IN A MICROBUSINESS IN THE URBAN VECTOR AND PEST CONTROL SECTOR". Brazilian Journal of Operations & Production Management 13, nr 1 (20.03.2016): 32. http://dx.doi.org/10.14488/bjopm.2016.v13.n1.a3.
Pełny tekst źródłaStreszczenie:
This project analyzes and discusses the application of a methodological valuation model of an environmental maturity of a company of vectors and pests control. The method used was the initial environmental diagnostics, which intended to classify in a scale of values the Business Process of the company to Certification based on NBR ISO 14001. As a result of the application of the method were identified EMS Critical Success Spots low performed by the company, and the positive influence of ISO 9001 Certification already established in the organization. As well as, proposed actions to improve the weaknesses that were identified by the diagnostics in order to establish a schedule for the compliance of the first phase of the PDCA method proposed by the ISO 14001.
33
Tabim, Verônica Maurer, Cíntia Wilke Franco i João Pedro Hoerde. "Digital transformation in e-commerce logistics". Brazilian Journal of Operations & Production Management 21, nr 1 (2.03.2024): 1641. http://dx.doi.org/10.14488/bjopm.1641.2024.
Pełny tekst źródłaStreszczenie:
Highlights: This article addresses the diagnosis of digital maturity in e-commerce logistics, specifically the final delivery stage, known as the last-mile. The last-mile has greater digitization demand than traditional logistics due to the extreme speed of the virtual world during shopping, where customers transfer these same expectations to delivery services. Goal: The main objective of this work is to evaluate the digital maturity of the last-mile area of operation of an e-commerce logistics company. Methodology: This study evaluates the maturity model in a case study with the company E-commerceCo. Interviews were conducted with key employees for data gathering. Results: The proposed method allows defining and analyzing the digital maturity of the last-mile area of the company in question, understanding strengths, such as a culture open to innovation and digitally mature, and weaknesses, such as technical limitations imposed by the main system used and lack of cybersecurity barriers. Limitations of the investigation: Since it is a single case study, it does not allow a broad generalization to industries in other branches. Another limitation is that this study is focused on Brazilian logistics operations, which may differ from other countries. Practical implications: This research is relevant to serve as a reference for other companies in the e-commerce logistics sector to assess their digital maturity from the proposed model and compare common challenges and opportunities. In addition, it will help the studied company to create a successful digital transformation strategy. Originality / Value: We propose a new approach on how to evaluate the digital maturity of the last-mile area of operation of an e-commerce logistics company.
34
Park, Na-Eun, So-Hyun Park, Ye-Sol Oh, Jung-Hyun Moon i Il-Gu Lee. "Distributed Authentication Model for Secure Network Connectivity in Network Separation Technology". Sensors 22, nr 2 (12.01.2022): 579. http://dx.doi.org/10.3390/s22020579.
Pełny tekst źródłaStreszczenie:
Considering the increasing scale and severity of damage from recent cybersecurity incidents, the need for fundamental solutions to external security threats has increased. Hence, network separation technology has been designed to stop the leakage of information by separating business computing networks from the Internet. However, security accidents have been continuously occurring, owing to the degradation of data transmission latency performance between the networks, decreasing the convenience and usability of the work environment. In a conventional centralized network connection concept, a problem occurs because if either usability or security is strengthened, the other is weakened. In this study, we proposed a distributed authentication mechanism for secure network connectivity (DAM4SNC) technology in a distributed network environment that requires security and latency performance simultaneously to overcome the trade-off limitations of existing technology. By communicating with separated networks based on the authentication between distributed nodes, the inefficiency of conventional centralized network connection solutions is overcome. Moreover, the security is enhanced through periodic authentication of the distributed nodes and differentiation of the certification levels. As a result of the experiment, the relative efficiency of the proposed scheme (REP) was about 420% or more in all cases.
35
Amanda, Delpia, Nurul Mutiah i Syahru Rahmayudha. "Analisis Tingkat Kematangan Keamanan Informasi Menggunakan NIST Cybersecurity Framework dan CMMI". Coding Jurnal Komputer dan Aplikasi 11, nr 2 (1.09.2023): 291. http://dx.doi.org/10.26418/coding.v11i2.65088.
Pełny tekst źródłaStreszczenie:
Pemanfaatan teknologi informasi di lingkungan perguruan tinggi, khususnya Universitas Tanjungpura (Untan), telah membawa berbagai kemudahan, salah satunya adalah akses informasi yang efisien. Untan menggunakan Sistem Informasi Akademik (SIAKAD) untuk mengelola data akademik dari semua fakultas. Walaupun SIAKAD memberikan manfaat besar, penggunaan teknologi ini juga membawa risiko keamanan data yang perlu diperhatikan. Ketika data dan informasi semakin banyak disimpan dan dikelola, risiko kerusakan, kehilangan, atau tereksposnya data kepada pihak tak berwenang juga semakin meningkat. Oleh karena itu, penting untuk diketahui tingkat kematangan keamanan informasi pada SIAKAD Untan guna melindungi data dan informasi yang ada karena semakin tinggi tingkat kematangan, maka akan semakin baik proses pengelolaan teknologi informasi sehingga secara tidak langsung dapat berdampak pada keamanan teknologi informasi untuk mencapai tujuan organisasi. NIST cybersecurity framework merupakan framework manajemen risiko keamanan informasi yang digunakan untuk menganalisis proses manajemen risiko, Untuk penilaian tingkat kematangan SIAKAD Untan menggunakan CMMI yang merupakan model penilaian kematangan dan kemampuan organisasi perangkat lunak untuk mengukur tingkat kematangan SIAKAD Untan dalam penilaian proses manajemen risiko. Hasil penilaian menunjukkan bahwa kategori ID.AM dan ID.RA telah mencapai level 2, sehingga maturity level function identify berada pada level 2. Dari level tersebut diberikan 92 rekomendasi perbaikan untuk mencapai level 3 yang diharapkan.
36
Taranukha, S. N., A. A. Kuzmin i M. N. Saveleva. "Qualimetric model of maturity of competencies for graduates of basic educational programs". Informatics and education, nr 5 (4.07.2020): 24–32. http://dx.doi.org/10.32517/0234-0453-2020-35-5-24-32.
Pełny tekst źródłaStreszczenie:
The rapid growth of education digitalization has significantly increased the role of the electronic information educational environment of educational organizations. It has become the basic tool for organizing, maintaining and administering the educational process. The electronic information educational environment of an educational organization should ensure the recording of the progress of the educational process and the results of mastering the main professional educational program, i. e. competencies, based on the results of intermediate certification carried out in the distance learning system integrated into the electronic information educational environment. The article considers the application of qualimetric approaches in the assessment of the quality of graduate competencies in the implementation of higher education programs in accordance with the Federal State Educational Standards of Higher Education 3++. The mathematical model of evaluation of the results of mastering the graduate program (competence forming) depending on the contribution of academic disciplines to the formation of each competence is proposed. Two methods of result evaluation are considered: as an arithmetic average and as a weighted value from the obtained evaluations in the disciplines forming this competency, as well as the possibility of monitoring the formation of competency in the process of mastering academic disciplines and entering the results of intermediate attestation into the electronic portfolio of the student. Assessment of the formation of competencies can be the next stage in the development of the student’s electronic portfolio, which is part of the electronic information educational environment.
37
Fajri, Khafidh Sunny Al, i Ruki Harwahyu. "Information Security Management System Assessment Model by Integrating ISO 27002 and 27004". MALCOM: Indonesian Journal of Machine Learning and Computer Science 4, nr 2 (24.02.2024): 498–506. http://dx.doi.org/10.57152/malcom.v4i2.1245.
Pełny tekst źródłaStreszczenie:
The rapid development of information and communication technology has also led to a significant increase in cybercrime activities. According to the Annual Cybersecurity Monitoring Report by the National Cyber and Cryptography Agency, there were 495 million instances of traffic anomalies or attempted attacks in 2020, which rose to 1.6 billion in 2021 in Indonesia. Implementing the ISO 27001 standard for information security management system (ISMS) can help mitigate these cyber-attack attempts. However, with various levels of resources and organizational commitment, different levels of ISMS maturity can be achieved. Therefore, there is a need for an ISMS assessment model. This is crucial, considering cyber incidents such as data breaches in organizations that have implemented or are certified with ISO 27001. This research proposed a concept of ISMS assessment model by integrating ISO 27002 and 27004 to a case study (Directorate XYZ), where the guidance function of ISO 27002 is transformed into assessment parameters and ISO 27004 for measuring performance. Using this model, the score of the case study’s ISMS was found to be 53.925, which is still below the established standard of 80.
38
Lisboa Malaquias, Felipe, Georgios Giantamidis, Stylianos Basagiannis, Simone Fulvio Rollini i Isaac Amundson. "Towards a Methodology to Design Provably Secure Cyber-physical Systems". ACM SIGAda Ada Letters 43, nr 1 (30.10.2023): 94–99. http://dx.doi.org/10.1145/3631483.3631499.
Pełny tekst źródłaStreszczenie:
The inordinate financial cost of mitigating post-production cybersecurity vulnerabilities in cyber-physical systems (CPS) is forcing the industry to rethink systems design cycles: greater attention is being given to the design phase - with the goal of reducing the attack surface of systems at an early stage (i.e., before silicon tape out). Fortunately, formal methods have advanced to the point that they can address such needs and contribute towards achieving security certification. However, new methods and tools focusing on industrial scalability and usability for systems engineers are required. In this ongoing research paper, we describe a framework that will help systems engineers to: a) design cyber-assured CPS using a Model Based Engineering (MBE) approach; b) formally map security requirements to different hardware and software blocks in the model; and c) formally verify security requirements. Based on the nature of each requirement, our framework collects formal correctness evidence from different tools: while high-level architectural properties are suitable for a contract- or ontology-based reasoning, more complex properties with rich semantics require the use of model checking or theorem proving techniques.
39
Dunn, Paul, i Barbara Sainty. "Professionalism in accounting: a five-factor model of ethical decision-making". Social Responsibility Journal 16, nr 2 (11.01.2019): 255–69. http://dx.doi.org/10.1108/srj-11-2017-0240.
Pełny tekst źródłaStreszczenie:
Purpose The purpose of this paper is to develop a model of ethical decision-making that applies to accountants and the accounting profession. Design/methodology/approach This model is an integration of five factors that influence ethical decision-making by accountants: professional codes of conduct; philosophical orientation; religious orientation; culturally derived values; and moral maturity. Findings This model is a synthesis of previous identified factors that influence ethical decision-making and incorporates them into a model that is specific to professional accountants. Research limitations/implications The authors develop a set of propositions and explain how this model can be tested and its implications for both the accounting profession and the teaching of business ethics. Originality/value This model presents a new way of viewing ethical decision-making by accountants that is predicated on the importance of professional codes of conduct that influence both behaviour and decision-making. The external certification of professional accountants provides a layer of accountability not previously incorporated into ethical decision-making models.
40
Kvint, V. L., A. V. Babkin i E. V. Shkarupeta. "Strategizing of forming a platform operating model to increase the level of digital maturity of industrial systems". Russian Journal of Industrial Economics 15, nr 3 (8.10.2022): 249–61. http://dx.doi.org/10.17073/2072-1633-2022-3-249-261.
Pełny tekst źródłaStreszczenie:
The authors of the article suggest the strategy of forming a platform operating model to increase the level of digital maturity of industrial systems in the changing conditions of reality. They have analyzed the current situation on adapting industrial systems to the changing conditions of reality of 2022: the sanctions restrictions and the COVID-19 pandemic crisis. In analogy with the bionics companies concept the authors introduce the term of «bionic industrial systems» as the aggregate of economic entities which form the closed cycle of producing artificial products by machine and combine new technology with human ability of transforming operations on the basis of digital strategizing, develop the experience, customer relationships and more effective performance, increase the pace of innovation significantly. There is a conclusion that bionic industrial systems are characterized by the presence of digital strategies, high level of digital maturity which should be evaluated according to the index of digital acceleration. The authors suggest four strategies allowing transformation of industrial systems into bionic ones and maximize their value on the basis of digital strategizing. The use of platform operating model is considered to be the key distinctive feature of the bionic industrial systems. The article presents the strategy of forming a platform operating model of bionic industrial systems based on the model of digital transformation of the transactions of the Deloitte company. This is the structure describing the digital path on the basis of defining 10 evolution stages taking into account cybersecurity and digital culture. The digital industrial platform ZIIoT by the Russian IT-company «Tsifra» (Digit) has been studied as the best experience, and the authors present practical cases of its implementation in Gasprom, Lukoil, Novolipetsk Metallurgical Plant. The implementation of the strategy of forming a platform operating model in industrial systems is expected to result in reducing costs due to accelerated implementation of digital scenarios, additional income and opportunities of diversification through digital strategizing, etc. The authors introduce the concept of forming a platform operating model to increase the level of digital maturity of industrial systems.
41
Pereira, Soraia, Lara Silva, José Machado i Alexandra Cabral. "The Clinical Informatization in Portugal". International Journal of Reliable and Quality E-Healthcare 9, nr 2 (kwiecień 2020): 34–47. http://dx.doi.org/10.4018/ijrqeh.2020040103.
Pełny tekst źródłaStreszczenie:
In the context of the Technological Revolution, people are forced to change their way of being in order to survive in an increasingly competitive and efficient society. The healthcare sector is no exception. The clinical informatization brought a lot of changes in procedures and ways to act and manage in order to follow the advent of the Information Age. However, this clinical informatization should be evaluated and measured in order to report the actual stage of dematerialization and identify possible improvements. The maturity models, such as the EMRAM model, are good candidates to reach these goals. On behalf of the Health Ministry, the Portuguese Shared Services of the Ministry of Health wanted to implement the model in the National Health Service to certify, at a clinical level, the institutions, and, at the same time, contribute with a new methodology to ensure the certification of administrative services of health institutions.
42
Wella, Wella, i Laurentia Chia. "The Implementing ISO 9001 In Manufacture Industry". IJNMT (International Journal of New Media Technology) 6, nr 2 (16.01.2020): 92–97. http://dx.doi.org/10.31937/ijnmt.v6i2.1248.
Pełny tekst źródłaStreszczenie:
In 2015 ISO 9001 significantly reviewed and new requirements for certification were introduced. One of the new requirements is risk-based thinking. The risk-based thinking has to be addressed and managed in all aspects of quality management system processes and functions. In ISO 9001:2015 an organization required to take into those risk linked to quality and customer satisfaction. Risk management can be a guideline for the implementation of ISO 9001:2015. This research is only focused on information technology department at PT Softex Indonesia. The methodology of this implementation applies the seventh clause of ISO 9001:2015. Measurements performed by using maturity model and seventh audit stage. After the implementation, the organization needs to maintain the requirements of ISO 9001:2015 and try to continuously improve its quality performance.
43
Kayisoglu, Gizem, Pelin Bolat i Emre Duzenli. "Modelling of Maritime Cyber Security Education and Training". Pedagogika-Pedagogy 95, nr 6s (29.08.2023): 64–78. http://dx.doi.org/10.53656/ped2023-6s.07.
Pełny tekst źródłaStreszczenie:
The existence of sophisticated and integrated cyberspace aboard ships with information technology (IT) and operational technology (OT) makes cybersecurity a crucial concern for the maritime sector. The marine sector has benefited greatly from information and communication technologies, but they have also made ship systems and maritime infrastructure more susceptible to cyberattacks. Cyberattacks on ships have the potential to result in fatalities, severe financial losses, environmental damage, and other negative effects. A model course or specification for maritime cyber security education and training through the International Convention on Standards of Training, Certification, and Watchkeeping for Seafarers (STCW) 1978 has not yet been published by the International Maritime Organization (IMO), despite the fact that MSC.428 mandates cyber security risk management in the safety management system on ships to combat cyber-attacks and improve cyber resistance in maritime environments. The Analytic Hierarchical Process (AHP) technique is used in this work to offer a model for a curriculum for cyber security in the Maritime Education and Training (MET) system. It is possible to identify each competency’s priority in the MET system’s cyber security curriculum by comparing the relative weights assigned to each one. The results of the research provide the Met Institutions with the ability to be proactive and include cyber security knowledge and abilities into proposed curricula.
44
Ahmed, Adel A. "Lightweight Digital Certificate Management and Efficacious Symmetric Cryptographic Mechanism over Industrial Internet of Things". Sensors 21, nr 8 (16.04.2021): 2810. http://dx.doi.org/10.3390/s21082810.
Pełny tekst źródłaStreszczenie:
The certificate authority, a trusted entity, issues digital certificates which contain identity credentials to help Industrial Internet of Things (IIoT) devices to represent their authenticity in a secure means. The crucial challenge of a digital certificate is to how design a secure certification authority management system that can counteract cyberattacks on the IIoT network. Moreover, current IIoT systems are not capable of implementing complex mathematical operations due to their constrained power capacity and processing capability. This paper proposes an effective, secure symmetric cryptographic mechanism (ESSC) based on the certificate authority management and Elliptic Curve Diffie Hellman (ECDH) to share a digital certificate among IIoT devices. The proposed certificate authority is used to securely exchange the shared secret key and to resolve the problem of spoofing attacks that may be used to impersonate the identity of the certificate authority. Also, ESSC uses the shared secret key to encrypt the sensitive data during transmission through the insecure communication channel. This research studies the adversary model for ESSC on IIoT and analyzes the cybersecurity of ESSC in the random oracle model. The findings that result from the experiments show that ESSC outperforms the baseline in terms of communication, computation, and storage costs. ESSC thus provides an adequate lightweight digital certificate management and cryptographic scheme which can help in the detection and prevention of several cyberattacks that can harm IIoT networks.
45
Lee, Jung-Chieh, Chung-Yang Chen i Yih-Chearng Shiue. "The moderating effects of organisational culture on the relationship between absorptive capacity and software process improvement success". Information Technology & People 30, nr 1 (6.03.2017): 47–70. http://dx.doi.org/10.1108/itp-09-2013-0171.
Pełny tekst źródłaStreszczenie:
Purpose The purpose of this paper is to identify the relationships among absorptive capacity (AC), organisational culture (OC), and software process improvement (SPI) implementation success based on capability maturity model integration (CMMI). Specifically, the aim of this study is to understand the roles of potential and realised AC in SPI success. Design/methodology/approach This study proposes a research model and examines the relations among firm AC, SPI success, and OC. The authors surveyed 56 Taiwanese firms that adopted the CMMI-based SPI programme and received official certification. Findings The findings indicate that potential and realised AC have significantly positive effects on SPI success. In particular, realized (AC) partially mediates the effects of potential AC on SPI success. Furthermore, the effects of potential and realised AC on SPI success are significantly moderated by the adhocracy and hierarchy OCs, respectively. Research limitations/implications Given that the scope of this empirical study was limited to Taiwan, the findings might lack generalisability; however, this provides an opportunity for future research. Originality/value This is the first empirical study investigating the influence of AC on CMMI-based SPI success. The proposed research model also examines the moderating relationships of two types of OCs, namely adhocracy and hierarchy, on AC (potential and realized) and SPI success.
46
Muttaqin, Hidayatul, i Kalamullah Ramli. "Designing An Information Security Framework For The Indonesia Water Industry Sector". Cakrawala Repositori IMWI 6, nr 3 (7.07.2023): 771–80. http://dx.doi.org/10.52851/cakrawala.v6i3.352.
Pełny tekst źródłaStreszczenie:
The majority of Indonesia's water industry sectors have implemented smart water management systems as part of their business development, which has an indirect impact on enterprise information security. However, in general, water sector enterprises continue to place a low priority on information security, and the development of information system frameworks is based on generic norms employed by financial firms. There has been no research on information security frameworks especially built for water firms in Indonesia that use information security standards in the utilities sector. This article proposes a solution in the form of a new framework for Indonesian water firms that combines international information security requirements in the utilities sector with Indonesian government rules. This approach of development combines worldwide standards with national rules. The Cybersecurity Capability Maturity Model (C2M2) and ISO 27019 are two international standards commonly used by utility businesses globally. Government Regulation or Peraturan Pemerintah (PP) Number 71 of 2019 on the Implementation of Electronic Systems and Transactions is the relevant national regulation. The framework addresses information technology, telecommunications, and operational technology, with four approach categories: governance and ecosystem, protection, defense, and resilience. According to the research findings, the newly integrated framework can be applied and is worthy of recommendation. This framework also meets the standards for information security and can be used by Indonesian water corporations.
47
Lerro, Angelo, Alberto Brandl, Manuela Battipede i Piero Gili. "Preliminary Design of a Model-Free Synthetic Sensor for Aerodynamic Angle Estimation for Commercial Aviation". Sensors 19, nr 23 (23.11.2019): 5133. http://dx.doi.org/10.3390/s19235133.
Pełny tekst źródłaStreszczenie:
Heterogeneity of the small aircraft category (e.g., small air transport (SAT), urban air mobility (UAM), unmanned aircraft system (UAS)), modern avionic solution (e.g., fly-by-wire (FBW)) and reduced aircraft (A/C) size require more compact, integrated, digital and modular air data system (ADS) able to measure data from the external environment. The MIDAS project, funded in the frame of the Clean Sky 2 program, aims to satisfy those recent requirements with an ADS certified for commercial applications. The main pillar lays on a smart fusion between COTS solutions and analytical sensors (patented technology) for the identification of the aerodynamic angles. The identification involves both flight dynamic relationships and data-driven state observer(s) based on neural techniques, which are deterministic once the training is completed. As this project will bring analytical sensors on board of civil aircraft as part of a redundant system for the very first time, design activities documented in this work have a particular focus on airworthiness certification aspects. At this maturity level, simulated data are used, real flight test data will be used in the next stages. Data collection is described both for the training and test aspects. Training maneuvers are defined aiming to excite all dynamic modes, whereas test maneuvers are collected aiming to validate results independently from the training set and all autopilot configurations. Results demonstrate that an alternate solution is possible enabling significant savings in terms of computational effort and lines of codes but they show, at the same time, that a better training strategy may be beneficial to cope with the new neural network architecture.
48
Vasiliev, S. A., I. A. Nikonova i O. S. Miroshnichenko. "Banks, Financial Platforms and Big Data: Development Trends and Regulation Directions". Financial Journal 14, nr 5 (październik 2022): 105–19. http://dx.doi.org/10.31107/2075-1990-2022-5-105-119.
Pełny tekst źródłaStreszczenie:
The introduction of Big Data technology into banking activities is aimed at improving the efficiency of banks, improving business processes, however, it creates new risk factors and determines the need to transform regulatory approaches. The purpose of the article is to develop recommendations on the use of Big Data technology in banking, including the bank transactions using a financial platform, taking into account the need to ensure the stability of the banking sector at the macro and micro levels, and the development of the financial market. It has been established that Big Data technology is used in the management of banking risks, in the development of relationships with customers, the development of personalized products; in cost reduction. The use of Big Data defines new requirements for staff competencies. As a result of the analysis, the need for cooperation between banks, operators of financial platforms with specialized providers of cloud services, software, as well as fintech companies is substantiated. It was revealed that the implementation of Big Data technology increases the importance of model, reputational risks, third-party risks, unethical behavior, and cybersecurity. When using Big Data technology, banks are recommended to separate the data management function; the regulator — to expand the regulatory principles and approaches to the use of data in the construction, validation, adjustment of banking models based on Big Data technology, to the exchange of data and their protection, to the use by banks, operators of financial platforms of Open data, to the certification of specialized suppliers, interacting with banks; the legislator is recommended to develop a legal framework that regulates the formation and use of open data by economic agents.
49
Meng, Baoluo, Daniel Larraz, Kit Siu, Abha Moitra, John Interrante, William Smith, Saswata Paul i in. "VERDICT: A Language and Framework for Engineering Cyber Resilient and Safe System". Systems 9, nr 1 (3.03.2021): 18. http://dx.doi.org/10.3390/systems9010018.
Pełny tekst źródłaStreszczenie:
The ever-increasing complexity of cyber-physical systems is driving the need for assurance of critical infrastructure and embedded systems. However, traditional methods to secure cyber-physical systems—e.g., using cyber best practices, adapting mechanisms from information technology systems, and penetration testing followed by patching—are becoming ineffective. This paper describes, in detail, Verification Evidence and Resilient Design In anticipation of Cybersecurity Threats (VERDICT), a language and framework to address cyber resiliency. When we use the term resiliency, we mean hardening a system such that it anticipates and withstands attacks. VERDICT analyzes a system in the face of cyber threats and recommends design improvements that can be applied early in the system engineering process. This is done in two steps: (1) Analyzing at the system architectural level, with respect to cyber and safety requirements and (2) by analyzing at the component behavioral level, with respect to a set of cyber-resiliency properties. The framework consists of three parts: (1) Model-Based Architectural Analysis and Synthesis (MBAAS); (2) Assurance Case Fragments Generation (ACFG); and (3) Cyber Resiliency Verifier (CRV). The VERDICT language is an Architecture Analysis and Design Language (AADL) annex for modeling the safety and security aspects of a system’s architecture. MBAAS performs probabilistic analyses, suggests defenses to mitigate attacks, and generates attack-defense trees and fault trees as evidence of resiliency and safety. It can also synthesize optimal defense solutions—with respect to implementation costs. In addition, ACFG assembles MBAAS evidence into goal structuring notation for certification purposes. CRV analyzes behavioral aspects of the system (i.e., the design model)—modeled using the Assume-Guarantee Reasoning Environment (AGREE) annex and checked against cyber resiliency properties using the Kind 2 model checker. When a property is proved or disproved, a minimal set of vital system components responsible for the proof/disproof are identified. CRV also provides rich and localized diagnostics so the user can quickly identify problems and fix the design model. This paper describes the VERDICT language and each part of the framework in detail and includes a case study to demonstrate the effectiveness of VERDICT—in this case, a delivery drone.
50
Jeyaraj, Andrew K., i Susan Liscouët-Hanke. "A Safety-Focused System Architecting Framework for the Conceptual Design of Aircraft Systems". Aerospace 9, nr 12 (3.12.2022): 791. http://dx.doi.org/10.3390/aerospace9120791.
Pełny tekst źródłaStreszczenie:
To reduce the environmental impact of aviation, aircraft manufacturers develop novel aircraft configurations and investigate advanced systems technologies. These new technologies are complex and characterized by electrical or hybrid-electric propulsion systems. Ensuring that these complex architectures are safe is paramount to enabling the certification and entry into service of new aircraft concepts. Emerging techniques in systems architecting, such as using model-based systems engineering (MBSE), help deal with such complexity. However, MBSE techniques are currently not integrated with the overall aircraft conceptual design, using automated multidisciplinary design analysis and optimization (MDAO) techniques. Current MDAO frameworks do not incorporate the various aspects of system safety assessment. The industry is increasingly interested in Model-Based Safety Assessment (MBSA) to improve the safety assessment process and give the safety engineer detailed insight into the failure characteristics of system components. This paper presents a comprehensive framework to introduce various aspects of safety assessment in conceptual design and MDAO, also considering downstream compatibility of the system architecting and safety assessment process. The presented methodology includes specific elements of the SAE ARP4761 safety assessment process and adapts them to the systems architecting process in conceptual design. The proposed framework also introduces a novel safety-based filtering approach for large system architecture design spaces. The framework’s effectiveness is illustrated with examples from applications in recent collaborative research projects with industry and academia. The work presented in this paper contributes to increasing maturity in conceptual design studies and enables more innovation by opening the design space while considering safety upfront.