Demonstration of the Cybersecurity Framework through Real-World Cyber Attack

Gourisetti, Sri Nikhil Gupta; Mylrea, Michael; Ashley, Travis; Kwon, Roger; Castleberry, Jerry; Wright-Mockler, Quinn; McKenzie, Penny; Brege, Geoffrey

doi:10.1109/rws47064.2019.8971822

Cited by 3 publications

(2 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Kematangan yang diinginkan dari lima domain keamanan siber ditentukan oleh penilaian inti. webtool CSF memungkinkan fasilitas untuk menilai kepatuhan NIST dengan CSF dan mencatat status keamanan [12].…”

Section: Pendahuluanunclassified

Penerapan Kerangka Kerja NIST Cybersecurity dan CIS Controls sebagai Manajemen Risiko Keamanan Siber

Mahendra,

Soewito

2023

View full text Add to dashboard Cite

Menurut laporan dari Check Point Reasearch, terjadi peningkatan sebesar 38% dalam serangan siber global pada tahun 2022 bila dibandingkan dengan tahun 2021. Untuk menghadapi serangan siber global ini, maka perlu disiapkan manajemen risiko dalam menghadapi serangan siber tersebut. Saat ini Kementerian Pekerjaan Umum dan Perumahan Rakyat (PUPR) belum memiliki panduan dalam manajemen risiko. Kementerian PUPR dapat memanfaatkan beberapa kerangka kerja keamanan siber yang telah tersedia, seperti kerangka kerja NIST Cybersecurity dan kerangka kerja CIS Controls yang juga sering disebut Critical Security Controls sebagai langkah dalam manajemen risiko keamanan siber. Penelitian ini dilakukan pada salah satu aplikasi yang sedang berjalan pada Kementerian PUPR. Penelitian ini dimulai dengan pengumpulan data, penilaian kondisi saat ini, identifikasi kondisi saat ini, identifikasi kondisi yang diinginkan, analisis kesenjangan, memberikan rekomendasi dan membuat usulan rencana aksi. Hasil penelitian didapatkan bahwa identifikasi kondisi saat ini mendapatkan skor rata-rata 2.77. Kondisi yang diinginkan/dicapai aplikasi didapat skor rata-rata 3.00. Dari hasil tersebut, terdapat kesenjangan sebesar 0.23. Setelah analisis kesenjangan didapatkan 32 rekomendasi dan mengusulkan rencana aksi dengan isu-isu prioritas tinggi dan sedang. Manajemen risiko menggunakan kerangka kerja NIST Cybersecurity dan CIS Controls terbukti dapat mengukur kematangan keamanan siber pada infrastruktur aplikasi sehingga dapat mengurangi kemungkinan terjadinya serangan siber.

show abstract

Section: Pendahuluanunclassified

Penerapan Kerangka Kerja NIST Cybersecurity dan CIS Controls sebagai Manajemen Risiko Keamanan Siber

Mahendra,

Soewito

2023

View full text Add to dashboard Cite

show abstract

“…The second most used model is C2M2 [109]. The most comprehensive and used cybersecurity maturity models are CSF-NIST and C2M2 [110]; however, they have been criticized due to their subjectivity that can be generated when making self-assessment. Although the models are general and focused on organizations, the maturity model can be adapted to specific sectors [108] (e.g., C2M2 has two variants: one developed for the energy sector and another for the gas and fuel sectors).…”

Section: ) Research Contextmentioning

confidence: 99%

A Comprehensive Study of the IoT Cybersecurity in Smart Cities

et al. 2020

View full text Add to dashboard Cite

Procedures for Digital Forensics and Incident Response on Including Data Integrity Constraints on Solid-State Drives (SSD) - A Literature Review

Pallivalappil

2022

IJCSBE

View full text Add to dashboard Cite

Background/Purpose: To get evidence from suspect computers running on Windows Operating System, law enforcement agencies and corporations follow many standard procedures relevant to Digital Forensics and Incident Response processes. The primary contrast between forensics and incident response is that forensics is evidence-driven and is often more closely connected with criminal activity, while incident response is more focused on discovering, containing, and recovering from breach of security incidents. A guideline is often intended to simplify certain procedures in accordance with a predefined routine or good practice. As data storage technology progresses from hard disc drives (HDDs) to solid-state drives (SSDs), it has become more difficult for Digital Forensics Analysts to perform evidence acquisition tasks from suspicious systems due to file integrity issues. Existing forensic principles and methods were created mostly on the basis of hard disc drive technology. This literature survey analyses several guidelines to identify gaps in SSD Forensic challenges and makes recommendations for improvement. Objective: To survey leading Digital Forensics and Incident Response guidelines on how SSD forensic acquisition procedures are outlined and to find the gaps and suggest enhancements that might be made. Design/Methodology/Approach: Data from academic papers, web articles, and other sources is analysed and presented using ABCD analysis. Findings/Results: Cyber Security Framework is a vital aspect of an organisations strategy to safeguard its IT assets from cyber assaults and other form of damages. Most organisation use NIST framework since it is being generally acknowledged. However, owing to quick improvement in new technologies CSF’s need to be kept up to date in order to confront emerging cyber security threats. After verifying the policy framework of NIST 800-61, it was determined that the SSD forensic gathering approach which raises problems about data integrity has not been addressed. Originality/Value: A study comparing and contrasting different CSFs in the field of Digital Forensics and Incident Response with the most recent emerging technologies will draw more attention to this area from a wider range of stakeholders, allowing the policy framework to keep pace with the most recent emerging technologies in the same time frame. Paper Type: Literature Review Paper.

show abstract

Demonstration of the Cybersecurity Framework through Real-World Cyber Attack

Cited by 3 publications

References 1 publication

Penerapan Kerangka Kerja NIST Cybersecurity dan CIS Controls sebagai Manajemen Risiko Keamanan Siber

Penerapan Kerangka Kerja NIST Cybersecurity dan CIS Controls sebagai Manajemen Risiko Keamanan Siber

A Comprehensive Study of the IoT Cybersecurity in Smart Cities

Procedures for Digital Forensics and Incident Response on Including Data Integrity Constraints on Solid-State Drives (SSD) - A Literature Review

Contact Info

Product

Resources

About