New Validation of a Cybersecurity Model to Audit the Cybersecurity Program in a Canadian Higher Education Institution
Autor:
Sabillon, Regner
; Bermejo Higuera, Juan Ramón
Fecha:
2023Palabra clave:
Revista / editorial:
2023 Conference on Information Communications Technology and Society, ICTAS 2023 - ProceedingsCitación:
R. Sabillon and J. R. Bermejo Higuera, "New Validation of a Cybersecurity Model to Audit the Cybersecurity Program in a Canadian Higher Education Institution," 2023 Conference on Information Communications Technology and Society (ICTAS), Durban, South Africa, 2023, pp. 1-6, doi: 10.1109/ICTAS56421.2023.10082731.Tipo de Ítem:
conferenceObjectResumen:
This article presents the results of one empirical study that evaluated the validation of the CyberSecurity Audit Model (CSAM) for the second time in a different Canadian higher education institution. CSAM is utilized for conducting cybersecurity audits in medium or large organizations or a Nation State to evaluate and measure cybersecurity assurance, maturity, and cyber readiness. The authors review best practices and methodologies of global leaders in the cybersecurity assurance and audit arena, that puts in evidence the lack of universal guidelines to conduct extensive cybersecurity audits and the detection of existing weaknesses in general programs to deliver cybersecurity awareness training. The architecture of CSAM is described in central sections. CSAM has been tested, implemented, and validated in three research scenarios (1) a single cybersecurity domain audit (Awareness Education), (2) Cybersecurity audit of several domains (Governance and Strategy, Legal and compliance, Cyber Risks, Frameworks and Regulations, Incident Management, Cyber Insurance and Evolving Technologies) and (3) Cybersecurity audit of all model domains The study concludes by showing how the validation of the model allows to report significant information for future decision making that the target organization may correct cybersecurity weaknesses or to improve cybersecurity domains and controls.
Este ítem aparece en la(s) siguiente(s) colección(es)
Estadísticas de uso
Año |
2012 |
2013 |
2014 |
2015 |
2016 |
2017 |
2018 |
2019 |
2020 |
2021 |
2022 |
2023 |
2024 |
Vistas |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
26 |
124 |
Descargas |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
Ítems relacionados
Mostrando ítems relacionados por Título, autor o materia.
-
The application of a new secure software development life cycle (S-SDLC) with agile methodologies
Vicente Mohino, Juan de ; Bermejo-Higuera, Javier ; Bermejo Higuera, Juan Ramón ; Sicilia, Juan Antonio (Electronics (Switzerland), 2019)The software development environment is focused on reaching functional products in the shortest period by making use of the least amount of resources possible. In this scenario, crucial elements such as software quality ... -
Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities
Bermejo Higuera, Juan Ramón ; Bermejo-Higuera, Javier ; Sicilia, Juan Antonio ; Cubo Villalba, Javier ; Nombela Pérez, Juan José (CMC-Computers Materials & Continua, 2020)To detect security vulnerabilities in a web application, the security analyst must choose the best performance Security Analysis Static Tool (SAST) in terms of discovering the greatest number of security vulnerabilities ... -
Building a dataset through attack pattern modeling and analysis system
Bermejo Higuera, Juan Ramón; Bermejo-Higuera, Javier; Tébar García, Juan Luis; Sicilia, Juan Antonio; Sánchez Rubio, Manuel (Elsevier Ltd, 2022)The different types of cyber-attacks on information and telecommunications systems are becoming increasingly sophisticated and complex, with several defined phases (attack pattern). Therefore, it is necessary to research ...