An Adaptive Wideband Delphi Method to Study State Cyber-Defence Requirements

Nugraha, Yudhistira; Brown, Ian; Sastrosubroto, Ashwin Sasongko

doi:10.1109/tetc.2015.2389661

Cited by 19 publications

(12 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Understanding the perceived threats can drive security requirements. Thus, security requirements play an important role in mitigating threats, such as unauthorised disclosure data by foreign intelligence services [19,35]. However, our participants confirmed that understanding the government security requirements was essential in offering trustworthy services to the GAs.…”

Section: Government-specific Security Requirementsmentioning

confidence: 74%

“…However, we only conducted interviews and individual feedback with six participants (n=6) from two selected SPs. The two providers are the major SPs in Indonesia, and their network infrastructures were reported to be compromised according to Edward Snowden's revelations in 2013 [19].…”

Section: Data Collection: a Three-round Delphi Studymentioning

confidence: 99%

“…An important similarity between these methods is the integration of GT analysis and a group communication processes. One of the differences is that the GADM is based on a Policy Delphi approach [29] and an adaptive Wideband Delphi method [19], which aim to suit the different views of individual participants on specific matters, with greater generalisability across different participants. The GT analysis is well suited for capturing these different views from the participants.…”

Section: Introductionmentioning

confidence: 99%

“…To this end, we conducted a longitudinal study of the government auctions in Indonesia to find "auction winners" or major external SPs, which were then contacted to do extensive face-to-face meetings as the application of GADM. In this paper, we adopted an adaptive wideband Delphi study [19] to enable the surveying of multiple panellists from major SPs through group discussions to clarify existing security-SLAs, along with individual sessions through semi-structured interviews to gather genuine knowledge and experiences in relation to the current and potential attributes of security-related SLAs. We analysed the Delphi study data using a grounded theory analysis to categorise and generalise the extracted statements.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Investigating Security Capabilities in Service Level Agreements as Trust-Enhancing Instruments

Nugraha

Martin

2017

Trust Management XI

Self Cite

View full text Add to dashboard Cite

Many government agencies (GAs) increasingly rely on external computing, communications and storage services supplied by service providers (SPs) to process, store or transmit sensitive data to increase scalability and decrease the costs of maintaining services. The relationships with external SPs are usually established through service level agreements (SLAs) as trust-enhancing instruments. However, there is a concern that existing SLAs are mainly focused on the system availability and performance aspects, but overlook security in SLAs. In this paper, we investigated 'real world' SLAs in terms of security guarantees between GAs and external SPs, using Indonesia as a case study. This paper develops a grounded adaptive Delphi method to clarify the current and potential attributes of security-related SLAs that are common among external service offerings. To this end, we conducted a longitudinal study of the Indonesian government auctions of 59 e-procurement services from 2010-2016 to find 'auction winners'. Further, we contacted five selected major SPs (n=15 experts) to participate in a three-round Delphi study. Using a grounded theory analysis, we examined the Delphi study data to categorise and generalise the extracted statements in the process of developing propositions. We observed that most of the GAs placed significant importance on service availability, but security capabilities of the SPs were not explicitly expressed in SLAs. Additionally, the GAs often use the provision of service availability to demand additional security capabilities supplied by the SPs. We also observed that most of the SPs found difficulties in addressing data confidentiality and integrity in SLAs. Overall, our findings call for a proposition-driven analysis of the Delphi study data to establish the foundation for incorporating security capabilities into security-related SLAs.

show abstract

Section: Government-specific Security Requirementsmentioning

confidence: 74%

Section: Data Collection: a Three-round Delphi Studymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Investigating Security Capabilities in Service Level Agreements as Trust-Enhancing Instruments

Nugraha

Martin

2017

Trust Management XI

Self Cite

View full text Add to dashboard Cite

show abstract

“…Related to national cyber security defense, other studies conducted by Yudishthira. He identified mitigation controls in relation to the five defence in depth elements: people, operations, technology, governance and legal remedies for state cyber defense [6].…”

Section: Introductionmentioning

confidence: 99%

Implementation of Secure Smart Grid as Critical Information Infrastructure in Indonesia: A Case Study in Smart Grid Electricity

Setiawan¹,

Syamsudin²,

Sasongko³

2015

2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (CyberSec)

View full text Add to dashboard Cite

Smart grid infrastructure is one of the critical infrastructure that combines the energy and telecommunications infrastructure and Internet networks. Thus, the smart grid must operate safely and meet the information security aspects. This research is a case study in smart electricity grid as critical infrastructure. The research objective is for improvement on critical infrastructure security policies based on case studies conducted. This research was conducted with the combined quantitative and qualitative method that combines the results of the risk assessment on the research object to the opinion of experts / practitioners. Results of this research is input to policy frameworks and securing of critical infrastructure.

show abstract

Development of an Information Security Management Model for Enterprise Automated Systems

Alhussain

AlZubi

Alfarraj

et al. 2020

Advanced Information Networking and Applications

View full text Add to dashboard Cite

An Adaptive Wideband Delphi Method to Study State Cyber-Defence Requirements

Cited by 19 publications

References 14 publications

Investigating Security Capabilities in Service Level Agreements as Trust-Enhancing Instruments

Investigating Security Capabilities in Service Level Agreements as Trust-Enhancing Instruments

Implementation of Secure Smart Grid as Critical Information Infrastructure in Indonesia: A Case Study in Smart Grid Electricity

Development of an Information Security Management Model for Enterprise Automated Systems

Contact Info

Product

Resources

About