IT risk management framework for business continuity by change analysis of information system

Samejima, Masaki; Yajima, Hiroshi

doi:10.1109/icsmc.2012.6377977

Cited by 8 publications

(3 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Existing literature has examined the potential benefits of cyber defense exercises. One another benefit of cyber defense exercise that can be instrumented to generate scientifically valuable modern labeled datasets for future security research [23,24] and help uncover gaps in IT Security policies, plans and procedures [25]. It was claimed that [26] cyber exercises can be developed with a focus on measuring performance against specific standards.…”

Section: Patriciu and Furtunamentioning

confidence: 99%

The Concept of Cyber Defence Exercises (CDX): Planning, Execution, Evaluation

Seker

Ozbenli²

2018

2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

View full text Add to dashboard Cite

This paper discusses the concept of cyber defence exercises (CDX) that are very important tool when it comes to enhancing the safety awareness of cyberspace, testing an organization's ability to put up resistance and respond to different cyber events to establish the secure environment, gathering empirical data related to security, and looking at the practical training of experts on this subject. The exercises can give ideas to the decision makers about the precautions in the cybersecurity area and to the officials, institutions, organizations, and staff who are responsible on the cyber tools, techniques, and procedures that can be developed for this field. In the cyber defense exercises, the scenarios that are simulated closest to reality which provides very important contributions by bringing together the necessity of making the best decisions and management capabilities under the cyber crisis by handling stress and coordinated movement as a team. The objective of this paper is to address the issue from a scientific point of view by setting out the stages of planning, implementation, and evaluation of these exercises, taking into account and comparing international firefighting exercises. Another aim of the work is to be able to reveal the necessary processes that are required for all kind of cyber exercises, regardless of the type, although the processes involved vary according to the target mass of the planned exercise.Index Terms-Cyber defense, security exercises, cyber resilience, cyber threat, cyber security, cyber-attack mitigation, cyber crisis management. I. RELATED WORKCDX have been identified as an efficient mechanism to practice IT security awareness training [1,2] but are also an ultimate tool to reveal and define the different security needs of every organization [3]. It provides an excellent opportunity and ultimate learning experience [4,5] for the students to improve their skills in protecting and defending information systems are assessed in the context of realistic, true-to-life scenario [6]. On the other side, as discussed by Vigna [7] and Mink [8], the offensive security training is also an effective way to learn information security. The previous works in this area examined the structure [9] and how to use of cyber defence competitions, overall effectiveness of live-attack exercises in teaching information security [10], curriculum and course format at CDX in which teams design, implement, manage and defend a network of computers [11][12][13][14][15]. Other literature has examined the benefit of conducting cyber defense competitions at the K-12 level [16,17]. The architecture of a cyber defense competition [18] and different tools and techniques used and how they fit into an active learning approach and how it focuses on the operational aspect of managing and protecting an existing network infrastructure were described by Green et al [19].

show abstract

Section: Patriciu and Furtunamentioning

confidence: 99%

The Concept of Cyber Defence Exercises (CDX): Planning, Execution, Evaluation

Seker

Ozbenli²

2018

2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

View full text Add to dashboard Cite

show abstract

“…CSE has been identified as an effective technique to stimulate cyber security awareness [16], which provides opportunities and an ultimate learning experience [3] for the students or cyber professionals to improve their skills in protecting and defending information systems in the context of a realistic, true-to-life situation [6]. It helps uncover gaps in organizational security policies, procedures, and resources [12], [21], from which employees of an organization can be provided necessary training and/or tools and policies can be rectified too [34]. The growing demand for cyber security professionals with practical knowledge [38] is boosting the development and conduct of different types of CSE around the world.…”

Section: Introductionmentioning

confidence: 99%

Ontology-Based Scenario Modeling for Cyber Security Exercise

Wen

Yamin

Katt

2021

2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

“…[5], [6] (2) A study on methods for collecting business continuity information in order to implement a BCM framework [7] (3) A study on effective measures in business continuity [8] (4) A study on standards for prioritizing risks [9] However, very few detailed studies have examined methods of determining appropriate incident response measures based on risk analysis. [5] In addition, no studies could be identified that examined the different response sequences which could result from initial incidents.…”

Section: Related Workmentioning

confidence: 99%

Development and Evaluation of a Continuity Operation Plan Support System for an Information Technology System

Matsunaga

Sasaki

2015

IJCSDF

View full text Add to dashboard Cite

Because organizations need to be able to deliver products and services at acceptable predefined levels, even in the wake of disruptive incidents, the number of enterprises implementing business continuity management (BCM) systems is increasing. However, during business continuity risk planning, difficulties are often encountered when attempting to determine the most appropriate BCM to implement. To solve this problem, we have developed a BCM implementation method for use in combination with event tree analysis (ETA), which is used to secure safety in engineering, and the program-evaluation-andreview-technique (PERT), which is used in operations research, and which also includes a function for showing analysis results in an easy-to-understand manner. We have also developed a system to support the above method and have confirmed the utility of the developed system by applying it to a small example.

show abstract

IT risk management framework for business continuity by change analysis of information system

Cited by 8 publications

References 1 publication

The Concept of Cyber Defence Exercises (CDX): Planning, Execution, Evaluation

The Concept of Cyber Defence Exercises (CDX): Planning, Execution, Evaluation

Ontology-Based Scenario Modeling for Cyber Security Exercise

Development and Evaluation of a Continuity Operation Plan Support System for an Information Technology System

Contact Info

Product

Resources

About