Towards a General Information Security Management Assessment Framework to Compare Cyber-Security of Critical Infrastructure Organizations

Bernroider, Edward; Margiol, Sebastian; Taudes, Alfred

doi:10.1007/978-3-319-49944-4_10

Cited by 4 publications

(4 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Quantitative data offer an inherent benchmarking dimension, which anyway requires to be complemented by qualitative assessment to ask the right questions for understanding the context, and provide meaningful answers to interpret the scores (Bernroider et al 2016 ). However, qualitative assessment needs also an attentive and accurate planning to avoid unmanageable results.…”

Section: Discussionmentioning

confidence: 99%

“…However, qualitative assessment needs also an attentive and accurate planning to avoid unmanageable results. In retrospect, it is worth mentioning how Bernroider et al ( 2016 ) admit that questionnaire and terminology might have been more precise in their study if workshops and interviews should have been conducted first. Then, the original questionnaire should have been adjusted considering the respondents’ comments, allowing for a more precise questionnaire to be distributed.…”

Section: Discussionmentioning

confidence: 99%

“…The framework launches an iterative process of awareness and training development with relevant stakeholders (healthcare authorities, end users-hospitals, industry members, cybersecurity training providers), evaluating the framework via joint exercises and workshops. Bernroider et al (2016) aim at developing and testing a framework that holistically measures the quality of Information Security Management (ISM) in the context of cybersecurity and allows for comparative assessments of organisations in CI sectors, taking ideas from the Balanced Scorecards (BSC) measurement system. Following a design science approach, workshops, cyclic refinements of the instrument, pre-tests, and framework evaluation within 30 critical infrastructure organisations were conducted, involving subject experts and Chief Security Information Officers (CISOs) as the main stakeholders from the information security domain.…”

Section: Techno-centric Resiliencementioning

confidence: 99%

See 2 more Smart Citations

Reviewing qualitative research approaches in the context of critical infrastructure resilience

2021

View full text Add to dashboard Cite

Modern societies are increasingly dependent on the proper functioning of critical infrastructures (CIs). CIs produce and distribute essential goods or services, as for power transmission systems, water treatment and distribution infrastructures, transportation systems, communication networks, nuclear power plants, and information technologies. Being resilient becomes a key property for CIs, which are constantly exposed to threats that can undermine safety, security, and business continuity. Nowadays, a variety of approaches exist in the context of CIs’ resilience research. This paper provides a state-of-the-art review on the approaches that have a complete qualitative dimension, or that can be used as entry points for semi-quantitative analyses. The study aims to uncover the usage of qualitative research methods through a systematic review based on PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses). The paper identifies four principal dimensions of resilience referred to CIs (i.e., techno-centric, organisational, community, and urban) and discusses the related qualitative methods. Besides many studies being focused on energy and transportation systems, the literature review allows to observe that interviews and questionnaires are most frequently used to gather qualitative data, besides a high percentage of mixed-method research. The article aims to provide a synthesis of literature on qualitative methods used for resilience research in the domain of CIs, detailing lessons learned from such approaches to shed lights on best practices and identify possible future research directions.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Section: Techno-centric Resiliencementioning

confidence: 99%

See 1 more Smart Citation

Reviewing qualitative research approaches in the context of critical infrastructure resilience

2021

View full text Add to dashboard Cite

show abstract

“…Unfortunately, recent researches have highlighted an impressive increase in cyber-attacks within HEIs in 2020 [1]- [4], which makes the situation alarming and requires prompt reactions. Insufficient knowledge of the risks associated with information assets can significantly damage the activity of HEIs [5]. It is necessary to consider support assets such as: network devices, applications, human resources, infrastructure; that are used to protect the primary assets of HEIs such as:…”

Section: Introductionmentioning

confidence: 99%

Implementing Design Science Research Method to Develop a Cyber Security Framework for HEIs in Moldova

Alexei¹

2022

Proceedings of the 11th International Conference on “Electronics, Communications and Computing (IC|ECCO-2021)”

View full text Add to dashboard Cite

This scientific paper presents how a problem in the field of cybersecurity can be solved by using the scientific method Design Science Research (DSR). The research problem is the lack of a comprehensive cyber security framework that meets international security standards for HEIs (Higher Education Institutions) in Moldova. Although the need for a centralized approach to cybersecurity in university networks, which are decentralized and open by design, is increasingly emerging with the digitalization of HEI. Thus, actions were identified for each stage of the DSR method, which as a result will produce a cyber security conceptual framework (CSCF) for increasing cyber security in HEIs.

show abstract

Systematic Literature Review of Security Control Assessment Challenges

Othman

Norman

Kiah

2022

2022 IEEE 12th International Conference on Control System, Computing and Engineering (ICCSCE)

View full text Add to dashboard Cite

Towards a General Information Security Management Assessment Framework to Compare Cyber-Security of Critical Infrastructure Organizations

Cited by 4 publications

References 22 publications

Reviewing qualitative research approaches in the context of critical infrastructure resilience

Reviewing qualitative research approaches in the context of critical infrastructure resilience

Implementing Design Science Research Method to Develop a Cyber Security Framework for HEIs in Moldova

Systematic Literature Review of Security Control Assessment Challenges

Contact Info

Product

Resources

About