Cybersecurity Framework

14,000,000 Leading Edge Experts on the ideXlab platform

Scan Science and Technology

Contact Leading Edge Experts & Companies

Scan Science and Technology

Contact Leading Edge Experts & Companies

The Experts below are selected from a list of 3297 Experts worldwide ranked by ideXlab platform

K Soodsandeep - One of the best experts on this subject based on the ideXlab platform.

Carol Mullins Hayes - One of the best experts on this subject based on the ideXlab platform.

  • creating a circle of trust to further digital privacy and Cybersecurity goals
    Michigan state law review, 2015
    Co-Authors: Jay P Kesan, Carol Mullins Hayes
    Abstract:

    Cyberattacks loom over the technological landscape as a dire threat to Internet commerce, information security, and even national security. Meaningfully improving Cybersecurity and ensuring the resilience of systems will require cooperation between members of the private sector and the government. To this end, we propose a Framework that creates a circle of trust for the sharing of information about threats and solutions. To emphasize the importance of cooperation to enhance cyber defense, this Article presents a case study of two items: the proposed legislative regime of the Cyber Intelligence Sharing and Protection Act, and President Obama’s Executive Order 13,636 with its emphasis on a Cybersecurity Framework that would establish voluntary Cybersecurity standards. Through application of our circle of trust Framework, we hope to provide a solution that balances the sometimes competing concerns of privacy and Cybersecurity. Our secondary focus is whether such a program should emphasize voluntary or mandatory compliance. A proper balance between the two approaches could improve the dynamics between the public and private sectors in a way that increases respective levels of trust. The Executive Order and CISPA both use a voluntary approach. Under each system as currently proposed, firms could choose to follow the program, but compliance is not mandatory, and there is no penalty for noncompliance. However, mandatory programs with effective enforcement mechanisms are likely to result in higher levels of compliance than purely voluntary programs in many situations. We urge that government intervention in the free * Jay P. Kesan, Ph.D., J.D., Professor and H. Ross & Helen Workman Research Scholar, University of Illinois College of Law. ** Carol M. Hayes, J.D., Research Associate, University of Illinois College of Law. 1476 Michigan State Law Review 2014:1475 market should be kept at a low level, but because Cybersecurity issues can have implications for national security, some degree of mandatory regulation would be beneficial. We believe that Cybersecurity can be enhanced without creating a Big Brother world and encourage the development of a circle of trust that brings the public and private sectors together to resolve Cybersecurity threats more effectively. It is vital that these issues be addressed soon while there is still a chance to prevent a catastrophic cyber event. It would be ill-advised to rely solely on executive power or on legislation that is quickly drafted and enacted after an emergency. A careful, deliberative process aimed at protecting Cybersecurity and civil liberties would ultimately be the most beneficial approach, and these steps must be taken now, before the emergence of a Cybersecurity crisis that causes us to suspend reason.

  • creating a circle of trust to further digital privacy and Cybersecurity goals
    Social Science Research Network, 2014
    Co-Authors: Jay P Kesan, Carol Mullins Hayes
    Abstract:

    Cyberattacks loom over the technological landscape as a dire threat to Internet commerce, information security, and even national security. Meaningfully improving Cybersecurity and ensuring the resilience of systems will require cooperation between members of the private sector and the government. To this end, we propose a Framework that creates a circle of trust for the sharing of information about threats and solutions. To emphasize the importance of cooperation to enhance cyber defense, this Article presents a case study of two items: the proposed legislative regime of the Cyber Intelligence Sharing and Protection Act, and President Obama’s Executive Order 13,636 with its emphasis on a Cybersecurity Framework that would establish voluntary Cybersecurity standards. Through application of our circle of trust Framework, we hope to provide a solution that balances the sometimes competing concerns of privacy and Cybersecurity.Our secondary focus is whether such a program should emphasize voluntary or mandatory compliance. A proper balance between the two approaches could improve the dynamics between the public and private sectors in a way that increases respective levels of trust. The Executive Order and CISPA both use a voluntary approach. Under each system as currently proposed, firms could choose to follow the program, but compliance is not mandatory and there is no penalty for noncompliance. However, mandatory programs with effective enforcement mechanisms are likely to result in higher levels of compliance than purely voluntary programs in many situations. We urge that government intervention in the free market should be kept at a low level, but because Cybersecurity issues can have implications for national security, we believe that some degree of mandatory regulation would be beneficial.We believe that Cybersecurity can be enhanced without creating a Big Brother world, and encourage the development of a circle of trust that brings the public and private sectors together to resolve Cybersecurity threats more effectively. It is vital that these issues be addressed soon while there is still a chance to prevent a catastrophic cyber event. It would be ill-advised to rely solely on executive power or on legislation that is quickly drafted and enacted after an emergency. A careful, deliberative process aimed at protecting Cybersecurity and civil liberties would ultimately be the most beneficial approach, and these steps must be taken now, before the emergence of a Cybersecurity crisis that causes us to suspend reason.

Sri Nikhil Gupta Gourisetti - One of the best experts on this subject based on the ideXlab platform.

  • cyber threat dictionary using mitre att ck matrix and nist Cybersecurity Framework mapping
    2020 Resilience Week (RWS), 2020
    Co-Authors: Roger Kwon, Travis Ashley, Jerry Castleberry, Penny Mckenzie, Sri Nikhil Gupta Gourisetti
    Abstract:

    Cyber-attack and defense Frameworks offer numerous ways to protect systems and networks from threats. However, only a few of these numerous attack and defense Frameworks provide countermeasures by linking multiple Frameworks. Due to the lack of attack-defense mapped Frameworks, a number of cyber security practitioners are often puzzled how to cope with cyber-attacks when it occurs. The objective of this paper is to present a tool called the "Cyber Threat Dictionary" to solve the problem. Cyber Threat Dictionary offers approaches and practical solutions to the threats by mapping MITRE ATT&CK Matrix to the NIST Cybersecurity Framework. By providing immediate solutions to cyber security practitioners, Cyber Threat Dictionary enables effective responses against cyber-attacks.

  • Cybersecurity vulnerability mitigation Framework through empirical paradigm: Enhanced prioritized gap analysis
    Future Generation Computer Systems, 2020
    Co-Authors: Sri Nikhil Gupta Gourisetti, Michael Mylrea, Hirak Patangia
    Abstract:

    Abstract Existing Cybersecurity vulnerability assessment tools were designed based on the policies and standards defined by organizations such as the U.S. Department of Energy and the National Institute of Standards and Technology (NIST). Frameworks such as the Cybersecurity capability maturity model (C2M2) and the NIST Cybersecurity Framework (CSF) are often used by the critical infrastructure owners and operators to determine the Cybersecurity maturity of their facility. Although these Frameworks are exceptional at performing qualitative Cybersecurity analysis and identifying vulnerabilities, they do not provide a means to perform prioritized mitigation of those vulnerabilities in order to achieve a desired Cybersecurity maturity. To address that challenge, we developed a Framework and software application called the Cybersecurity vulnerability mitigation Framework through empirical paradigm (CyFEr). This paper presents the detailed architecture of CyFEr’s enhanced prioritized gap analysis (EPGA) methodology and its application to CSF. The efficacy of the presented Framework is demonstrated by comparing against existing similar models and testing against the cyber injects from a real-world cyber-attack that targeted industrial control systems (ICS) in critical infrastructures.

  • insider threat Cybersecurity Framework webtool methodology defending against complex cyber physical threats
    IEEE Symposium on Security and Privacy, 2018
    Co-Authors: Michael Mylrea, Sri Nikhil Gupta Gourisetti, Curtis J Larimer, Christine F Noonan
    Abstract:

    This paper demonstrates how the Insider Threat Cybersecurity Framework (ITCF) web tool and methodology help provide a more dynamic, defense-in-depth security posture against insider cyber and cyber-physical threats. ITCF includes over 30 Cybersecurity best practices to help organizations identify, protect, detect, respond and recover to sophisticated insider threats and vulnerabilities. The paper tests the efficacy of this approach and helps validate and verify ITCF's capabilities and features through various insider attacks use-cases. Two case-studies were explored to determine how organizations can leverage ITCF to increase their overall security posture against insider attacks. The paper also highlights how ITCF facilitates implementation of the goals outlined in two Presidential Executive Orders to improve the security of classified information and help owners and operators secure critical infrastructure. In realization of these goals, ITCF: provides an easy to use rapid assessment tool to perform an insider threat self-assessment; determines the current insider threat Cybersecurity posture; defines investment-based goals to achieve a target state; connects the Cybersecurity posture with business processes, functions, and continuity; and finally, helps develop plans to answer critical organizational Cybersecurity questions. In this paper, the webtool and its core capabilities are tested by performing an extensive comparative assessment over two different high-profile insider threat incidents.

  • An introduction to buildings Cybersecurity Framework
    2017 IEEE Symposium Series on Computational Intelligence (SSCI), 2017
    Co-Authors: Michael Mylrea, Sri Nikhil Gupta Gourisetti, Andrew Nicholls
    Abstract:

    This paper presents an introduction to the Buildings Cybersecurity Framework (BCF). The BCF provides the organizations with a set of Cybersecurity best practices, policies and procedures to improve their Cybersecurity posture; defines structured methodologies to interact Cybersecurity activities and outcomes from the executive to operations levels. The foundation of the BCF core is based on five core elements defined by the National Institute of Standards and Technology (NIST) Cybersecurity Framework: Identify, Protect, Detect, Respond and Recover. Those five core elements were crafted to address evolving Cybersecurity threats and vulnerabilities. With the BCF, an organization will be able to: assess their target Cybersecurity state and current Cybersecurity posture; identify and prioritize improvement opportunities and necessary actions by continuous and repeatable process; assess progress towards the target state; and communicate Cybersecurity risk among internal and external stakeholders. This paper is a miniature of the ~100-page Buildings Cybersecurity Framework, and the goal of this paper is to explicate the applicability of BCF in different types of buildings such as Residential, Small Commercial, Large Commercial, and Federal buildings. Note that the Framework itself is a detailed version of the various aspects discussed in this paper.

  • Multi-scenario use case based demonstration of Buildings Cybersecurity Framework webtool
    2017 IEEE Symposium Series on Computational Intelligence (SSCI), 2017
    Co-Authors: Sri Nikhil Gupta Gourisetti, Easton Gervais, Michael Mylrea, Sraddhanjoli Bhadra
    Abstract:

    The purpose of this paper is to demonstrate the Cybersecurity and software capabilities of Buildings Cybersecurity Framework (BCF) webtool. The webtool is designed based on BCF document and existing NIST standards. Its capabilities and features are depicted through a building use-case with four different investment scenarios geared towards improving the Cybersecurity posture of the building. BCF webtool also facilitates implementation of the goals outlined in Presidential Executive Order (EO) on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (May 2017. In realization of the EO goals, BCF includes five core elements: Identify, Protect, Detect, Respond, and Recover, to help determine various policy and process level vulnerabilities and provide mitigation strategies. With the BCF webtool, an organization can perform a Cybersecurity self-assessment; determine the current Cybersecurity posture; define investment based goals to achieve a target state; connect the Cybersecurity posture with business processes, functions, and continuity; and finally, develop plans to answer critical organizational Cybersecurity questions. In this paper, the webtool and its core capabilities are depicted by performing an extensive comparative assessment over four different scenarios.

Peter Swire - One of the best experts on this subject based on the ideXlab platform.

  • Privacy and Security A Pedagogic Cybersecurity Framework
    SSRN Electronic Journal, 2018
    Co-Authors: Peter Swire
    Abstract:

    “Real” Cybersecurity today devotes enormous effort to non-code vulnerabilities and responses. This essay proposes a Pedagogic Cybersecurity Framework (PCF) for categorizing and teaching the jumble of non-code yet vital Cybersecurity topics. The PCF adds three layers beyond the traditional seven layers in the Open Systems Interconnection model. In the Framework, Layer 8 is organizations, often studied in business schools. Layer 9 is government, often studied in law and public policy schools. Layer 10 is international, often studied in international relations programs. The PCF creates a 3x3 matrix that refines which institutions are involved in each area of cyber-vulnerability or response. Each of the three columns refines the sorts of institutions making the decisions. For each layer, Column A contains issues arising within the institution - the organization or nation. Column B contains issues defined by relations with other actors at that level. Column C contains issues where other limits arise from actors at the same layer of the stack. For students, the PCF provides context for how all the issues fit together, to ensure they understand the “big picture”. The Framework also clarifies the scope of a cyber-curriculum. Some classes, for instance, focus primarily on how a CISO or company should manage a company’s risks (layer 8). Others are mostly about international affairs (layer 10), perhaps with discussion of national Cybersecurity laws (Cell 9A). The PCF enables program directors and students to concisely describe the coverage of a Cybersecurity class or curriculum. The 3x3 matrix clarifies a research agenda for those seeking to identify and mitigate non-code cyber problems. Researchers can develop an issue list for each cell, along with canonical readings to assign in general examinations. For Cybersecurity practitioners, the sheer volume of issues identified in the 3x3 matrix drives home the growing significance of non-code issues – bad decisions in any part of the matrix can negatively affect Cybersecurity. In sum, the PCF provides a parsimonious way to identify and develop a response to the growing number of non-code cyber risks. The 3x3 matrix visually categorizes and communicates the range of non-code Cybersecurity issues. No longer can “real” Cybersecurity refer only to technical measures. Instead, a large and growing amount of cyber-risk arises from problems at layers 8, 9, and 10. By extending the stack to these ten layers, we gain an effective mental model for identifying and mitigating the full range of these risks.

  • a pedagogic Cybersecurity Framework
    Communications of The ACM, 2018
    Co-Authors: Peter Swire
    Abstract:

    A proposal for teaching the organizational, legal, and international aspects of Cybersecurity.

Sohalamandeep Singh - One of the best experts on this subject based on the ideXlab platform.

Related terms

Cybersecurity Framework - 15 days free trial to Access Experts & Abstracts