GoSafe: On the practical characterization of the overall security posture of an organization information system using smart auditing and ranking

Al‐Karaki, Jamal N.; Gawanmeh, Amjad; Elyassami, Sanaa

doi:10.1016/j.jksuci.2020.09.011

Cited by 12 publications

(5 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Enhances the organization's ability to anticipate and respond to evolving cyber threats, reducing the likelihood of successful attacks and improving overall cybersecurity resilience. Conduct regular security audits and vulnerability assessments to identify weaknesses in the cybersecurity posture (Al-Karaki et al, 2022). This continuous evaluation allows organizations to address emerging risks promptly and implement necessary improvements.…”

Section: Continuous Improvement Strategiesmentioning

confidence: 99%

Securing the digital supply chain: Cybersecurity best practices for logistics and shipping companies

Agnes Clare Odimarha,

Sodrudeen Abolore Ayodeji,

Emmanuel Adeyemi Abaku

2024

World J. Adv. Sci. Technol.

View full text Add to dashboard Cite

The review investigates the pressing need for robust cybersecurity measures within the logistics and shipping sector, where the digital supply chain is vulnerable to a myriad of cyber threats. The paper delves into the specific challenges faced by logistics companies, including the interconnectedness of global supply chains, reliance on digital technologies for operations, and the high value of goods in transit. It explores the multifaceted nature of cyber risks, encompassing threats such as ransomware, phishing attacks, data breaches, and supply chain disruptions, which can have far-reaching consequences for business continuity and reputation. Through a detailed analysis, the study elucidates cybersecurity best practices tailored to the logistics and shipping industry, encompassing both technical solutions and organizational policies. These include implementing robust authentication and access controls, encrypting sensitive data in transit and at rest, establishing secure communication channels, and conducting regular vulnerability assessments and penetration testing. Furthermore, the paper emphasizes the importance of fostering a culture of cybersecurity awareness among employees through comprehensive training programs and incident response drills. It also discusses the role of regulatory compliance frameworks such as GDPR, CCPA, and industry-specific standards like ISO 27001 in guiding cybersecurity efforts and ensuring adherence to best practices. By providing actionable recommendations and insights garnered from real-world case studies, the study equips logistics and shipping companies with the knowledge and tools needed to bolster their cybersecurity defenses, safeguard critical assets, and maintain trust in the digital supply chain ecosystem.

show abstract

Section: Continuous Improvement Strategiesmentioning

confidence: 99%

Securing the digital supply chain: Cybersecurity best practices for logistics and shipping companies

Agnes Clare Odimarha,

Sodrudeen Abolore Ayodeji,

Emmanuel Adeyemi Abaku

2024

World J. Adv. Sci. Technol.

View full text Add to dashboard Cite

show abstract

“…Moving to the outcomes of ISO/IEC 27001 adoption, the literature highlights lower IS risk levels (e.g. Al-Karaki et al, 2022) and improved business continuity (e.g. Rezaei et al, 2014) with consequent reduction of expenditures stemming from legal costs and bad news (e.g.…”

Section: Iso/iec 27001mentioning

confidence: 99%

“…Moving to the outcomes of ISO/IEC 27001 adoption, the literature highlights lower IS risk levels (e.g. Al-Karaki et al. , 2022) and improved business continuity (e.g.…”

Section: Literature Reviewmentioning

confidence: 99%

Forecasting the diffusion of ISO/IEC 27001: a Grey model approach

Podrecca

Sartor

2023

TQM

View full text Add to dashboard Cite

PurposeThe aim of this paper is to present the first diffusion analysis of ISO/IEC 27001, the fourth most popular ISO certification at global level and the most important standard for information security.Design/methodology/approachTo achieve the purposes, the authors applied Grey Models (GM) – Even GM (1,1), Even GM (1,1,α,θ), Discrete GM (1,1), Discrete GM (1,1,α) – complemented by the relative growth rate and the doubling time indexes on the six most important countries in terms of issued certificates.FindingsResults show that a growing trend is likely to be expected in the years to come and that China will lead at country level.Originality/valueThe study contributes to the scientific debate by presenting the first diffusive analysis of ISO/IEC 27001 and by proposing a forecasting approach that to date has found little application in the field of international standards.

show abstract

“…An Organization's Security Posture Security Posture (SP) reflects an enterprise's overall cybersecurity strength and capacities to deter, detect, and respond to the ever-changing threat landscape [18]. Based on different scoring and categorization methodologies [19], [20], the defender can classify SP into finite categories (e.g., high-risk SP and low-risk SP). In this work, we consider a finite number of J SP categories that compose the SP set Y := {y j } j∈J where J := {1, • • • , J}.…”

Section: System Model Of Zetarmentioning

confidence: 99%

ZETAR: Modeling and Computational Design of Strategic and Adaptive Compliance Policies

Huang¹,

Zhu²

2022

Preprint

View full text Add to dashboard Cite

Security compliance management plays an important role in mitigating insider threats. Incentive design is a proactive and non-invasive approach to achieving compliance by aligning an employee's incentive with the defender's security objective. Controlling insiders' incentives to elicit proper actions is challenging because they are neither precisely known nor directly controllable. To this end, we develop ZETAR, a zero-trust audit and recommendation framework, to provide a quantitative approach to model incentives of the insiders and design customized and strategic recommendation policies to improve their compliance. We formulate primal and dual convex programs to compute the optimal bespoke recommendation policies. We create a theoretical underpinning for understanding trust and compliance, and it leads to security insights, including fundamental limits of Completely Trustworthy (CT) recommendation, the principle of compliance equivalency, and strategic information disclosure. This work proposes finite-step algorithms to efficiently learn the CT policy set when employees' incentives are unknown. Finally, we present a case study to corroborate the design and illustrate a formal way to achieve compliance for insiders with different risk attitudes. Our results show that the optimal recommendation policy leads to a significant improvement in compliance for risk-averse insiders. Moreover, CT recommendation policies promote insiders' satisfaction.

show abstract

GoSafe: On the practical characterization of the overall security posture of an organization information system using smart auditing and ranking

Cited by 12 publications

References 15 publications

Securing the digital supply chain: Cybersecurity best practices for logistics and shipping companies

Securing the digital supply chain: Cybersecurity best practices for logistics and shipping companies

Forecasting the diffusion of ISO/IEC 27001: a Grey model approach

ZETAR: Modeling and Computational Design of Strategic and Adaptive Compliance Policies

Contact Info

Product

Resources

About