Cybersecurity in ICT Supply Chains: Key Challenges and a Relevant Architecture

Masip-Bruin, X.; Marín‐Tordera, Eva; Ruiz, José Francisco; Jukan, Admela; Trakadas, Panagiotis; Černivec, Aleš; Lioy, Antonio; López, Diego; Santos, Henrique; Gonos, Antonis; Silva, Ana; Soriano, J. A. Arnal; Kalogiannis, Grigorios

doi:10.3390/s21186057

Cited by 15 publications

(6 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In the event of a cybersecurity breach in a third-party partner, superannuation organizations may face significant financial and reputational risks. Breaches that compromise member data can erode trust and credibility, impacting the organization's standing in the financial sector (Masip-Bruin et. al., 2021, Javaheri et.…”

Section: Navigating Cybersecurity Risks In Third-party Engagementsmentioning

confidence: 99%

Reviewing Third-Party Risk Management: Best Practices in Accounting and Cybersecurity for Superannuation Organizations

Temitayo Oluwaseun Abrahams,

Oluwatoyin Ajoke Farayola,

Simon Kaggwa

et al. 2024

Financ. account. res. j.

View full text Add to dashboard Cite

This paper conducts a comprehensive review of third-party risk management practices tailored to the unique context of superannuation organizations, with a specific focus on accounting and cybersecurity domains. Recognizing the critical role of third-party relationships in the operational landscape of superannuation entities, the review explores best practices aimed at mitigating risks associated with outsourcing accounting functions and fortifying cybersecurity defenses. In the accounting realm, the paper delves into the challenges and opportunities posed by third-party engagements, emphasizing the importance of thorough due diligence, contractual clarity, and continuous monitoring. Drawing insights from industry cases and proven methodologies, the review outlines strategies to enhance transparency, accountability, and compliance when outsourcing accounting services. Simultaneously, the paper addresses the burgeoning cybersecurity risks faced by superannuation organizations in an increasingly digital landscape. It investigates the role of third-party vendors in introducing potential vulnerabilities and advocates for a proactive approach to cybersecurity risk management. The review scrutinizes best practices in vetting, monitoring, and collaborating with third-party vendors to fortify cybersecurity protocols, emphasizing the need for alignment with regulatory standards. Ultimately, the paper provides superannuation organizations with a comprehensive guide to navigating the intricate terrain of third-party risk management. By synthesizing insights from accounting and cybersecurity perspectives, the review equips organizations with actionable strategies to cultivate resilience, safeguard member interests, and contribute to the long-term stability of the financial sector. Keywords: Third-Party, Risk Management, Superannuation, Cybersecurity, Accounting

show abstract

Section: Navigating Cybersecurity Risks In Third-party Engagementsmentioning

confidence: 99%

Reviewing Third-Party Risk Management: Best Practices in Accounting and Cybersecurity for Superannuation Organizations

Temitayo Oluwaseun Abrahams,

Oluwatoyin Ajoke Farayola,

Simon Kaggwa

et al. 2024

Financ. account. res. j.

View full text Add to dashboard Cite

show abstract

“…Firstly, at the architectural level, the RAMOS moves beyond SOTA in the following directions: (i) discard the vertical (hierarchical) offloading where the model and data are coupled as a single entity and must be migrated to a computationally higher node. This horizontally-oriented architectural change aims to deliver a more fine-grained offloading logic, allowing each node or service to offload a portion of its computational burden, thus reducing the overall data transfer; (ii) support the computing continuum carbon-aware scheduling in the cloud-native ecosystem; (iii) address the shortcomings of current solutions on the discovery of fog/edge devices and the integration of the resources of MCU devices providing a standards-compliant solution that supports location-and context-awareness; (iv) tackle the fallbacks of current SLA (service-level agreement) tools, by implementing an automatic, CNCF-driven (cloud native computing foundation) SLA management; (iv) provide a cybersecurity framework based on the principles of decentralized intelligence to harden intelligent applications [53].…”

Section: Contributions Of Ramos Architecturementioning

confidence: 99%

A Reference Architecture for Cloud–Edge Meta-Operating Systems Enabling Cross-Domain, Data-Intensive, ML-Assisted Applications: Architectural Overview and Key Concepts

Trakadas

Masip-Bruin

Facca

et al. 2022

Sensors

Self Cite

View full text Add to dashboard Cite

Future data-intensive intelligent applications are required to traverse across the cloud-to-edge-to-IoT continuum, where cloud and edge resources elegantly coordinate, alongside sensor networks and data. However, current technical solutions can only partially handle the data outburst associated with the IoT proliferation experienced in recent years, mainly due to their hierarchical architectures. In this context, this paper presents a reference architecture of a meta-operating system (RAMOS), targeted to enable a dynamic, distributed and trusted continuum which will be capable of facilitating the next-generation smart applications at the edge. RAMOS is domain-agnostic, capable of supporting heterogeneous devices in various network environments. Furthermore, the proposed architecture possesses the ability to place the data at the origin in a secure and trusted manner. Based on a layered structure, the building blocks of RAMOS are thoroughly described, and the interconnection and coordination between them is fully presented. Furthermore, illustration of how the proposed reference architecture and its characteristics could fit in potential key industrial and societal applications, which in the future will require more power at the edge, is provided in five practical scenarios, focusing on the distributed intelligence and privacy preservation principles promoted by RAMOS, as well as the concept of environmental footprint minimization. Finally, the business potential of an open edge ecosystem and the societal impacts of climate net neutrality are also illustrated.

show abstract

“…O elemento configurado como Plataforma de Compartilhamento de Inteligência de Ameaças (TISPs) é o MISP. O software Suricata e o MISP foram localizados em documentos acadêmicos atuais, sendo este o motivo da escolha (Masip-Bruin et al, 2021) (Mironeanu et al, 2021) (Koloveas et al, 2021). Assim a prova de conceito atende a todos os elementos propostos na metodologia contemplando a coleta, avaliação, enriquecimento, estruturação e compartilhamento dos Indicadores de Ameaças.…”

Section: Tisp: Mispunclassified

Metodologia Para Inteligência De Ameaças Cibernéticas Com Integração De Sensores

2022

Proceedings of the Ibero American Conferences on Applied Computing 2022 and WWW/Internet 2022

View full text Add to dashboard Cite

Identificar ataques em redes de computadores é uma tarefa complexa, dada a enorme quantidade de máquinas, diversidade e grande volume de dados. A Inteligência de Ameaças Cibernéticas consiste na coleta e produção de conhecimento sobre ameaças nos sistemas de defesa das redes. Neste cenário, encontramos os Sistemas de Detecção de Intrusão de rede que especificamente analisam o tráfego de rede e, através de assinaturas, detectam anomalias, gerando registros para os operadores do sistema. A proposta deste trabalho é apresentar uma metodologia para gerar conhecimento sobre Inteligência de Ameaças, a partir dos registros de sensores de rede, coletando Indicadores de Ameaças ou Comprometimento e enriquecendo-os para alimentar Plataformas de Compartilhamento de Inteligência de Ameaças. Nossa metodologia acelera o processo de tomada de decisão, pois incorpora um repositório público e atualizado de assinaturas já no coletor, eliminando a fase de identificação de ameaças em uma etapa adicional. Para a demonstração e avaliação da metodologia foi realizada uma prova de conceito que contemplou todo o ciclo da identificação de ameaças.

show abstract

Cybersecurity in ICT Supply Chains: Key Challenges and a Relevant Architecture

Cited by 15 publications

References 35 publications

Reviewing Third-Party Risk Management: Best Practices in Accounting and Cybersecurity for Superannuation Organizations

Reviewing Third-Party Risk Management: Best Practices in Accounting and Cybersecurity for Superannuation Organizations

A Reference Architecture for Cloud–Edge Meta-Operating Systems Enabling Cross-Domain, Data-Intensive, ML-Assisted Applications: Architectural Overview and Key Concepts

Metodologia Para Inteligência De Ameaças Cibernéticas Com Integração De Sensores

Contact Info

Product

Resources

About