Country-level cybersecurity posture assessment:Study and analysis of practices

Bahuguna, Ashutosh; Bisht, Raj Kishor; Pande, Jeetendra

doi:10.1080/19393555.2020.1767239

Cited by 10 publications

(10 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…An Organization's Security Posture Security Posture (SP) reflects an enterprise's overall cybersecurity strength and capacities to deter, detect, and respond to the ever-changing threat landscape [18]. Based on different scoring and categorization methodologies [19], [20], the defender can classify SP into finite categories (e.g., high-risk SP and low-risk SP). In this work, we consider a finite number of J SP categories that compose the SP set Y := {y j } j∈J where J := {1, • • • , J}.…”

Section: System Model Of Zetarmentioning

confidence: 99%

ZETAR: Modeling and Computational Design of Strategic and Adaptive Compliance Policies

Huang¹,

Zhu²

2022

Preprint

View full text Add to dashboard Cite

Security compliance management plays an important role in mitigating insider threats. Incentive design is a proactive and non-invasive approach to achieving compliance by aligning an employee's incentive with the defender's security objective. Controlling insiders' incentives to elicit proper actions is challenging because they are neither precisely known nor directly controllable. To this end, we develop ZETAR, a zero-trust audit and recommendation framework, to provide a quantitative approach to model incentives of the insiders and design customized and strategic recommendation policies to improve their compliance. We formulate primal and dual convex programs to compute the optimal bespoke recommendation policies. We create a theoretical underpinning for understanding trust and compliance, and it leads to security insights, including fundamental limits of Completely Trustworthy (CT) recommendation, the principle of compliance equivalency, and strategic information disclosure. This work proposes finite-step algorithms to efficiently learn the CT policy set when employees' incentives are unknown. Finally, we present a case study to corroborate the design and illustrate a formal way to achieve compliance for insiders with different risk attitudes. Our results show that the optimal recommendation policy leads to a significant improvement in compliance for risk-averse insiders. Moreover, CT recommendation policies promote insiders' satisfaction.

show abstract

Section: System Model Of Zetarmentioning

confidence: 99%

ZETAR: Modeling and Computational Design of Strategic and Adaptive Compliance Policies

Huang¹,

Zhu²

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Cybersecurity has become more important as a means of addressing risks and threats and providing a stable and secure cyberspace. A lot of tools, guidelines, standards, frameworks, and models have been introduced to provide and assess the level of cybersecurity [13]. Since it is considered a national security factor and priority [4], assessing the maturity of a nation's cybersecurity has become vital to address vulnerabilities, provide protection, and establish necessary strategies and plans.…”

Section: Statement Of the Problem And Significance Of The Studymentioning

confidence: 99%

Comparison of National-Level Cybersecurity and Cyber Power Indices: A Conceptual Framework

Çifci

2022

Preprint

View full text Add to dashboard Cite

Cybersecurity and cyber power have grown in importance as a way of mitigating risks and threats and maintaining a secure and reliable cyberspace. Several methodologies have been proposed to measure the cybersecurity and cyber power of nation states from different perspectives. In this study, the global indices and studies for assessing cybersecurity and cyber power were analyzed and compared in terms of their comprehensiveness and strength for measuring country-level capabilities. A conceptual framework covering all of the indicators of well-known indices was developed for comparison, and it can also be used as a new model to measure cyber capabilities at a national level. This study is unique in terms of the number and diversity of the indices as well as the scope and depth of the comparison since it analyzed most of the well-known country-level cybersecurity and cyber power indices as well as a maturity model at the indicator level depth. The study provides an extensive list of the categories and indicators and thereby improves comprehension of the elements of cybersecurity and cyber power with the comparison and mappings of widely used indices.

show abstract

“…Finally, Bahuguna et al [3] stated the need for a national cyber security assurance framework with a dedicated government cyber security bench-marking agency established to validate the cyber security posture of a specific country and its critical sectors on a continuous basis. It did not consider C-SCRM as part of this assurance framework, nor did it acknowledge established baseline national assurance certifications, such as the NCSC UK Cyber Essentials program 4 , or the US NIST Cyber Security Framework [50], nor the NIS Directive [31] that European member states must adopt for operators of essential services.…”

Section: Framework and Standardsmentioning

confidence: 99%

Beware suppliers bearing gifts!: Analysing coverage of supply chain cyber security in critical national infrastructure sectorial and cross-sectorial frameworks

Topping

Dwyer

Michalec

et al. 2021

Computers & Security

View full text Add to dashboard Cite

Country-level cybersecurity posture assessment:Study and analysis of practices

Cited by 10 publications

References 6 publications

ZETAR: Modeling and Computational Design of Strategic and Adaptive Compliance Policies

ZETAR: Modeling and Computational Design of Strategic and Adaptive Compliance Policies

Comparison of National-Level Cybersecurity and Cyber Power Indices: A Conceptual Framework

Beware suppliers bearing gifts!: Analysing coverage of supply chain cyber security in critical national infrastructure sectorial and cross-sectorial frameworks

Contact Info

Product

Resources

About