Best Practice for Cybersecurity Capacity Building in Bulgaria’s Public Sector

Николова, Ирена

doi:10.11610/isij.3806

Cited by 4 publications

(7 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cyber security exercises have proven to be a highly effective mechanism to provide information security awareness and uncover gaps in information security plans, procedures, and policies (Furtunǎ et al, 2010). Many initiatives to train and educate personnel through exercises to gain competence and skills within information security are supported, and as a result, exercises conducted within the field of cyber-and information security in Europe represented over 40% of all global exercises in Europe in 2015 (Nikolova, 2017).…”

Section: Background and Relevant Literaturementioning

confidence: 99%

“…To build an EXCON team for cyber-and information security exercises, one should firstly consider what organization, and therein layers in the organization, one is about to train before one decide the team (Østby et al, 2019). Experiences from full-scaled exercises and computer assisted exercises also shows that some exercises like full-scaled exercises can have a complex form which requires high number of recourses, while computer assisted exercises (CAX) are more effective in terms of recourses (Nikolova, 2017). CAX has also been proven highly flexible with the possibility to attend from different places in the world (Zinca & Bârsan, 2021).…”

Section: Background and Relevant Literaturementioning

confidence: 99%

“…At the same time there is a great shortage of trained and qualified personnel within cyber-and information security (Cisco, 2018). To fill this demand supply gap there has been an increased focus to educate new personnel through exercises and training (Nikolova, 2017). To meet this increased demand the Norwegian government in cooperation with several private and public organizations and academia established the Norwegian Cyber Range (NCR) in 2018 (NTNU, 2019).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Training the Trainers for Cybersecurity Exercises - Developing EXCON-teams

Østby,

Emil Selebø,

Kowalski

2023

Human Factors in Cybersecurity

View full text Add to dashboard Cite

In recent years there has been a large increase in advanced computer attacks targeting Norwegian authorities and businesses (PST, 2021). At the same time there is a great shortage of trained and qualified personnel within cyber- and information security (Cisco, 2018). To fill this demand supply gap there has been an increased focus to educate new personnel through exercises and training (Nikolova, 2017). To meet this increased demand the Norwegian government in cooperation with several private and public organizations and academia established the Norwegian Cyber Range (NCR) in 2018 (NTNU, 2019). NCR is an arena for testing, training, and exercising in cyber- and information security. Running the training and exercises in a realistic and safe environment is a demanding task, which requires a well-trained Exercise Control (EXCON) team. In a military context NATO’s Bilateral Strategic Command (BI-SC) Directive 75-003 – Collective Training and Evaluation appendix H;” Roles and responsibilities of the exercise control (EXCON)” (NATO, 2013), provides a clear plan for how to establish an EXCON team that can properly direct and control an exercise (NATO, 2013, pg. 166). In addition, Østby et. al have suggested how to build an EXCON team to train public emergency organizations (Østby et al., 2019). Neither of these specify how the EXCON-team itself should be trained. In this paper we present results from in-depth interviews which were conducted with information security and/or exercise experts from different Norwegian organizations with relevant EXCON experience, and suggest a future train-the trainer concept to meet the challenges found in the study.The result from the research shows that the development of exercise control teams is not prioritized by organizations, and not given time or resources for education or team development. Being part of an exercise control teams is a side job where organizations mostly rely on hiring external experts. Another key finding in this research is the importance of exercise planning competence amongst the exercise control team, for the exercises to be successfully executed. Results also shows that a core team of experts is necessary to continuously improve the exercises, and also the need for these experts participating in the preparation for exercises.References:Cisco. (2018). Annual cyber security report.NATO. (2013). Resilient e-Communications Networks Good Practice Guide on National Exercises Enhancing the Resilience of Public Communications Networks Good Practice Guide on Exercises 2 Good Practice Guide on National Exercises. http://www.enisa.europa.eu/act/resNikolova, I. (2017). Best Practice for Cybersecurity Capacity Building in Bulgaria’s Public Sector. Information & Security: An International Journal, 38, 79–92. https://doi.org/10.11610/isij.3806NTNU. (2019). The Norwegian Cyber Range. https://www.ntnu.no/ncrØstby, G., Lovell, K. N., & Katt, B. (2019). EXCON teams in cyber security training. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019, 14–19. https://doi.org/10.1109/CSCI49370.2019.00010PST 2021, (2021). https://www.pst.no/alle-artikler/trusselvurderinger/nasjonal-trusselvurdering-2021/

show abstract

Section: Background and Relevant Literaturementioning

confidence: 99%

Section: Background and Relevant Literaturementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Training the Trainers for Cybersecurity Exercises - Developing EXCON-teams

Østby,

Emil Selebø,

Kowalski

2023

Human Factors in Cybersecurity

View full text Add to dashboard Cite

show abstract

“…Russell and Jackson (2018) 13 Operating in the dark: Cyber decision-making from First Principles Zăgan et al (2018) 14 Realities in the maritime domain regarding cybersecurity concept Nikolova (2017) 15 Best practice for cybersecurity capacity building in Bulgaria's public sector Choi and Lee (2015) 16 A study on strengthening security awareness programs based on an RFID access control system for inside information leakage prevention…”

Section: General Cybersecuritymentioning

confidence: 99%

Cyber Skills Gaps – A Systematic Review of the Academic Literature

Ruoslahti,

Coburn,

Trent

et al. 2021

Connections QJ

View full text Add to dashboard Cite

This literature review is part of research on the roles of and training for e-skills in modern society, specifically, the role of cyber skills. This article explores how the academic literature discusses cyber skills and identifies e-skills that can be determined as necessary for the functioning of society today. First, the introduction provides an explanation of the overall impact of cyber skills in our modern-day society. Next, the body presents the method used to conduct the review and a concise summary of the findings to answer our research questions. Finally, based on the research findings, the conclusions address the feasibility, impact, strengths, weaknesses, and possible ethical concerns.

show abstract

“…The first contribution describes practical experience of using Computer Assisted Exercises (CAX) to strengthen the cyber resilience of various administrative organizations, building on previous work in the field of crisis / emergency management exercises. 6 The final article in this volume presents an architecture developed by the authors to manage research activities in support of cyber security and resilience. 7 In addition to the already standard ICT and cyber-physical systems strands of research, the architecture covers studies of UxVs, bio-integrated systems and cognitive processes, all treated in an integrated manner in a systems of systems framework.…”

mentioning

confidence: 99%

Towards Effective and Efficient IT Organizations with Enhanced Cyber Resilience

Shalamanov¹

2017

ISIJ

View full text Add to dashboard Cite

Journal aims to establish a baseline for a multiyear study on IT governance and management of large national and international IT organizations aiming to increase effectiveness, efficiency and cyber resilience -their own and of the customers they serve. The objectives are to identify best practices, develop a maturity model and processes for assessment, compliance, change management and continuous improvement.Modern society and organizations are highly dependent on information technologies. At the same time, rapid changes in technology, vulnerabilities of cyber domain for attacks, interoperability challenges, increased cost of the IT systems, critical shortage of specialists and many other factors call for improved governance and management of IT. In response, the collection, analysis and managed use of good practices form the approach, largely implemented nowadays.We consider NATO as an excellent laboratory for identification of best practices in many areas, including IT governance and management, for effective, efficient and cyber resilient IT organizations, due to the very nature of the Alliance. NATO provides well developed consultations and decision making system, a very demanding customer base and availability of a sufficiently large budget; it also has an executive agency to address the customer requirements in most effective and efficient ways, where cyber security is the ultimate priority.At the Lisbon Summit of 2010, heads of states and governments of NATO nations decided to consolidate all IT organizations of NATO in one service-based and customer-funded agency, as shared IT service centre capable to support not only common funded NATO structures, but any other eligible customers -national or multinational. This transformation effort challenged all 28 (now 29) nations and agency team to work together in identifying the best governance and management practices for increased effectiveness and efficiency in IT support with visible savings in com-

show abstract

Best Practice for Cybersecurity Capacity Building in Bulgaria’s Public Sector

Cited by 4 publications

References 1 publication

Training the Trainers for Cybersecurity Exercises - Developing EXCON-teams

Training the Trainers for Cybersecurity Exercises - Developing EXCON-teams

Cyber Skills Gaps – A Systematic Review of the Academic Literature

Towards Effective and Efficient IT Organizations with Enhanced Cyber Resilience

Contact Info

Product

Resources

About