Cyber Situational Awareness and Information Sharing in Critical Infrastructure Organizations

Pöyhönen, Jouni; Nuojua, Viivi; Lehto, Martti; Rajamäki, Jyri

doi:10.11610/isij.4318

Cited by 6 publications

(4 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…E-health privacy risk awareness was surveyed by Bellekens et al (2016). Pöyhönen et al (2019) examined cyber SA in critical infrastructure organisations. Argaw et al (2020) addressed the cybersecurity of hospitals, noting that information sharing simplifies SA and a clear perception of threats and details related to threat actors.…”

Section: Early Workmentioning

confidence: 99%

Building Situational Awareness of GDPR

Hirvonen

Kari

2023

eccws

View full text Add to dashboard Cite

Because previous academic research does not comment sufficiently on how the relevant content of the European Union (EU) General Data Protection Regulation (GDPR has been properly communicated to the organisations, or how the situational awareness (SA) of GDPR has been built in the organisations, this qualitative empirical research was regarded as a valuable approach for gathering authentic research material on the practical bases of this phenomena. The aim of this empirical case study (CS) is to develop a picture of what processes organisations use to build SA of the GDPR requirements. To guide the CS, we asked how the SA for decision-making was constructed and how it was perceived in organisations. The experiences of eight Finnish organisations showed that the organisations’ practices of building SA and their experiences with the quality and adequacy of SA differed. However, building SA proved to be a critical step for organisations in the overall process of meeting GDPR requirements. Especially the data coming from inside the organisation became very relevant in the SA process, because it supported decision makers to determine how the GDPR requirements should be implemented in the organisation. As a main contribution of this article, based on best practices shared by organisations a model of building SA was built. The proposed model is threefold and was constructed by combining the findings of an empirical CS analysis, the steps of the intelligence process, and the essential elements of the model of creating information security SA. The result is potentially beneficial for building situational understanding of any complex or ambiguous issue, especially in complex and digitalised technological areas, where combining information management with accurate and efficient decision-making is a common challenge. The results can be used by any party who is looking to build SA of an abstract issue in a complex environment.

show abstract

Section: Early Workmentioning

confidence: 99%

Building Situational Awareness of GDPR

Hirvonen

Kari

2023

eccws

View full text Add to dashboard Cite

show abstract

“…Serangan siber tersebut harus dihadapi dengan upaya kolaboratif dari setiap pihak dengan upaya yang dapat dilakukan masing-masing [2]. Untuk mengembangkan cyber security situational awareness yang lebih baik, diperlukan upaya berbagi informasi antara kelompok kepentingan yang berbeda untuk meningkatkan persiapan dan manajemen insiden [3]. Langkah ini merupakan best practice yang disebut dengan Cybersecurity Information Sharing (CIS) atau yang lebih dikenal dengan Information Sharing and Analysis Center (ISAC).…”

Section: Pendahuluanunclassified

Pengembangan Financial Service Information Sharing and Analysis Center (FS-ISAC) di Indonesia dengan Pendekatan ENISA ISAC in a Box

Putra¹,

Aferudin²

2022

View full text Add to dashboard Cite

Pembentukan grup Information Sharing and Anlysis Center (ISAC) menjadi salah satu best practice yang dapat dijalankan dalam menghadapi ancaman siber yang semakin masif pada berbagai sektor infrastruktur informasi vital (IIV) termasuk pada sektor perbankan dan keuangan di Indonesia. Melalui ISAC setiap organisasi dapat berbagi kapabilitas yang dimiliki untuk secara bersama-sama menciptakan cybersecurity situational awarenesss. Pada tahun 2019, Bank Indonesia telah menginisiasi pembentukan Cyber Security Sharing Platform - Sistem Pembayaran (CSSP-SP) untuk berbagi informasi keamanan siber khususnya pada industri sistem pembayaran di Indonesia. Pada tahun 2022 telah disahkan payung hukum pelindungan IIV melalui Peraturan Presiden Nomor 82 Tahun 2022 tentang Pelindungan Infrastruktur Informasi Vital. Pada penelitian ini dilakukan pengembangan Financial Services-ISAC di Indonesia melalui pendekatan ENISA ISAC in A Box dimana kami memfokuskan pada satu tahapan yaitu tahap Build. Pada tahap ini terdapat beberapa area di antaranya penentuan tujuan, ruang lingkup, keanggotaan, tata kelola, metode pertukaran informasi serta pembiayaan. Hasil penelitian ini berupa rekomendasi pengembangan penyelenggaraan ISAC sektor perbankan dan keuangan di Indonesia guna mengoptimalkan penyelenggaraan cybersecurity information sharing khususnya pada ekosistem sistem pembayaran di Indonesia.

show abstract

“…The main research question is "how can cyber in-formation sharing models be understood in maritime domain?" • The fourth case study publish in 5 analyses inter-sector cyber information sharing models in critical infrastructure protection. It studies how the cyber situational awareness of an organisation can be developed; how do the organizations exchange their cyber security related information; and how an organisation's cybersecurity capability can be utilised more extensively?…”

Section: Individual Case Studiesmentioning

confidence: 99%

Information Sharing Models for Early Warning Systems of Cybersecurity Intelligence

Rajamäki¹,

Katos²

2020

ISIJ

Self Cite

View full text Add to dashboard Cite

An Early Warning System (EWS) for cybersecurity intelligence will provide the capability to share information to provide up to date information to all constituents involved in the EWS. The development of EWSs will be rooted in a comprehensive review of information sharing and trust models from within the cyber domain as well as models from other domains. This article is the result of a qualitative multiple-case study analysis. It consists of theory development by systematic reviews of academic articles, seven case studies, and cross-case conclusions, from which a set of system requirements and features were established to support a model that promotes information sharing among partners, while also meeting regulatory requirements. Moreover, the final analysis includes the requirements for information sharing within and between partners across organisational boundaries as derived from multi-sector analysis. The study consists of a comprehensive review of information sharing and trust models from within the cyber domain (n > 50), as well as models from other domains, such as healthcare, maritime and critical infrastructure protection.

show abstract

Cyber Situational Awareness and Information Sharing in Critical Infrastructure Organizations

Cited by 6 publications

References 1 publication

Building Situational Awareness of GDPR

Building Situational Awareness of GDPR

Pengembangan Financial Service Information Sharing and Analysis Center (FS-ISAC) di Indonesia dengan Pendekatan ENISA ISAC in a Box

Information Sharing Models for Early Warning Systems of Cybersecurity Intelligence

Contact Info

Product

Resources

About