To see the other types of publications on this topic, follow the link: Cybersecurity Framework (e.g.
Journal articles on the topic 'Cybersecurity Framework (e.g'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Cybersecurity Framework (e.g.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Rao, Yongsheng, Srinath Ponnusamy, Sundareswaran Raman, Aysha Khan, and Jana Shafi. "Fuzzy Coalition Graphs: A Framework for Understanding Cooperative Dominance in Uncertain Networks." Mathematics 12, no. 22 (2024): 3614. http://dx.doi.org/10.3390/math12223614.
Full textAbstract:
In a fuzzy graph G, a fuzzy coalition is formed by two disjoint vertex sets V1 and V2, neither of which is a strongly dominating set, but the union V1∪V2 forms a strongly dominating set. A fuzzy coalition partition of G is defined as Π={V1,V2,⋯,Vk}, where each set Vi either forms a singleton strongly dominating set or is not a strongly dominating set but forms a fuzzy coalition with another non-strongly dominating set in Π. A fuzzy graph with such a fuzzy coalition partition Π is called a fuzzy coalition graph, denoted as FG(G,Π). The vertex set of the fuzzy coalition graph consists of {V1,V2,⋯,Vk}, corresponding one-to-one with the sets of Π, and the two vertices are adjacent in FG(G,Π) if and only if Vi and Vj are fuzzy coalition partners in Π. This study demonstrates how fuzzy coalition graphs can model and optimize cybersecurity collaborations across critical infrastructures in smart cities, ensuring comprehensive protection against cyber threats. This study concludes that fuzzy coalition graphs offer a robust framework for optimizing collaboration and decision-making in interconnected systems like smart cities.
2
Mosaddeque, Ananna, Mantaka Rowshon, Tamim Ahmed, Umma Twaha, and Binso Babu. "The Role of AI and Machine Learning in Fortifying Cybersecurity Systems in the US Healthcare Industry." Inverge Journal of Social Sciences 1, no. 2 (2022): 70–81. https://doi.org/10.63544/ijss.v1i2.101.
Full textAbstract:
The digital transformation of healthcare has brought about unprecedented advancements, but it has also introduced significant cybersecurity risks. Cyberattacks targeting sensitive patient data, employee information, and critical operational systems are on the rise, demanding innovative and robust security measures. Enter the powerful duo of Artificial Intelligence (AI) and Machine Learning (ML). These cutting-edge technologies offer a powerful arsenal against these cyber threats. AI algorithms can analyse massive datasets from various sources, such as network traffic, user behaviour, and medical device logs, to identify anomalies and detect malicious activity in real-time. This proactive approach allows security teams to swiftly respond to threats, minimizing the impact of cyberattacks and protecting patient safety. Furthermore, AI can leverage threat intelligence from diverse sources, including cybersecurity feeds, social media, and dark web forums, to proactively identify and mitigate emerging threats. This proactive approach empowers healthcare organizations to stay ahead of the curve, anticipating and neutralizing cyberattacks before they can cause significant damage. However, challenges remain. Implementing and maintaining AI/ML-based security solutions requires significant investment, both in terms of infrastructure and skilled personnel. Concerns surrounding data privacy and the potential for algorithmic bias also need careful consideration. Despite these challenges, the potential benefits of AI and ML in healthcare cybersecurity are undeniable. By embracing these technologies, healthcare organizations can enhance patient safety, improve operational efficiency, and build a more secure and resilient future in the face of evolving cyber threats. References Aarav, M., & Layla, R. (2019). Cybersecurity in the cloud era: Integrating AI, firewalls, and engineering for robust protection. International Journal of Trend in Scientific Research and Development, 3(4), 1892-1899. Abie, H. (2019, May). Cognitive cybersecurity for CPS-IoT enabled healthcare ecosystems. In 2019 13th International Symposium on Medical Information and Communication Technology (ISMICT) (pp. 1-6). IEEE. Aitazaz, F. (2018). Fortifying technology: Computer science solutions for cyber-attacks and cloud security. Alabdulatif, A., Khalil, I., & Saidur Rahman, M. (2020). Security of blockchain and AI-empowered smart healthcare: Application-based analysis. Applied Sciences, 12(21), 11039. Alizai, S. H., Asif, M., & Rind, Z. K. (2021). Relevance of Motivational Theories and Firm Health. Management (IJM), 12(3), 1130-1137. Asif, M. (2021). Contingent Effect of Conflict Management towards Psychological Capital and Employees’ Engagement in Financial Sector of Islamabad. Preston University, Kohat, Islamabad Campus. Bellamkonda, S. (2020). Cybersecurity in critical infrastructure: Protecting the foundations of modern society. International Journal of Communication Networks and Information Security, 12, 273-280. Bibi, P. (2020). AI-powered cybersecurity: Advanced database technologies for robust data protection. Chintala, S. (2020). Data privacy and security challenges in AI-driven healthcare systems in India. Journal of Data Acquisition and Processing, 37(5), 2769-2778. Chirra, D. R. (2021). Mitigating ransomware in healthcare: A cybersecurity framework for critical data protection. Revista de Inteligencia Artificial en Medicina, 12(1), 495-513. Chirra, D. R. (2021). Secure edge computing for IoT systems: AI-powered strategies for data integrity and privacy. Revista de Inteligencia Artificial en Medicina, 13(1), 485-507. Cooper, M. (2020). AI-driven early threat detection: Strengthening cybersecurity ecosystems with proactive cyber defense strategies. Elijah Roy, R. (2021). Harnessing AI and machine learning for enhanced security in cloud infrastructures. International Journal of Advanced Engineering Technologies and Innovations, 1(3), 14-28. Fatima, S. (2020). Fortifying the future: Advanced cybersecurity tactics for cloud platforms and device security. Hussain, A. H., Hasan, M. N., Prince, N. U., Islam, M. M., Islam, S., & Hasan, S. K. (2021). Enhancing cyber security using quantum computing and artificial intelligence: A. Hussain, Z., & Khan, S. (2021). AI and cloud security synergies: Building resilient information and network security circulation ecosystems. IBRAHIM, A. (2019). AI armory: Empowering cybersecurity through machine learning. Jimmy, F. (2021). Emerging threats: The latest cybersecurity risks and the role of artificial intelligence in enhancing cybersecurity defenses. Valley International Journal Digital Library, 564-574. Kasula, B. Y. (2017). Machine learning unleashed: Innovations, applications, and impact across industries. International Transactions in Artificial Intelligence, 1(1), 1-7. Maddireddy, B. R., & Maddireddy, B. R. (2021). Enhancing endpoint security through machine learning and artificial intelligence applications. Revista Espanola de Documentacion Cientifica, 15(4), 154-164. Nimmagadda, V. S. P. (2021). Artificial intelligence and block chain integration for enhanced security in insurance: Techniques, models, and real-world applications. African Journal of Artificial Intelligence and Sustainable Development, 1(2), 187-224. Raza, H. (2021). Proactive cyber defense with AI: Enhancing risk assessment and threat detection in cybersecurity ecosystems. Reddy, A. R. P. (2021). The role of artificial intelligence in proactive cyber threat detection in cloud environments. Neuro Quantology, 19(12), 764-773. Shah, V. (2021). Machine learning algorithms for cybersecurity: Detecting and preventing threats. Revista Espanola de Documentacion Cientifica, 15(4), 42-66. Shukla, A. (2021). Leveraging AI and ML for advance cyber security. Journal of Artificial Intelligence & Cloud Computing. SRC/JAICC-154. DOI: doi.org/10.47363/JAICC/2021 (1), 142, 2-3. Waqas, M., Tu, S., Halim, Z., Rehman, S. U., Abbas, G., & Abbas, Z. H. (2020). The role of artificial intelligence and machine learning in wireless networks security: Principle, practice and challenges. Artificial Intelligence Review, 55(7), 5215-5261. Zygun, D. (2020). Cyber-attack resilience: Fortifying devices and cloud systems with computer science innovations.
3
Ahmed, N. B., N. Daclin, M. Olivaux, and G. Dusserre. "Addressing the Dilemma of a “Crisis within a crisis”: Exploring the Penetration Testing challenges in a Mobile Field Hospital Setting." Advances in Multidisciplinary and scientific Research Journal Publication 2, no. 2 (2023): 67–80. http://dx.doi.org/10.22624/aims/csean-smart2023p9.
Full textAbstract:
This paper focuses on evaluating the security challenges faced by mobile field hospitals, which play a crucial role in emergency response and disaster management in remote and austere environments. The authors conducted a penetration test using the Open Source Security Testing Methodology Manual (OSSTMM) framework to assess the security posture of a mobile field hospital. The methodology employed in the study included a combination of automated and manual techniques such as network scanning, vulnerability assessments, social engineering, and exploitation. The penetration test revealed several security vulnerabilities in the mobile field hospital, including weak passwords, unpatched software, and inadequate network segmentation. Additionally, the study identified vulnerabilities in the hospital's medical devices and equipment, posing a risk of cyber-attacks that could disrupt operations and compromise patient safety. The results underscore the importance of implementing enhanced security measures in mobile field hospitals to mitigate cyber threats and ensure the uninterrupted functioning of medical operations during emergencies and disasters. This study provides a comprehensive analysis of the mobile field hospital's security posture using the OSSTMM framework and emphasizes the urgent need for improved security practices in such settings. Keywords: Cybersecurity, Healthcare, Penetration Testing, Mobile Field Hospitals, Data, Emergency Response, Open Source, Security Testing, Ethical Hacking, Security Frameworks, Proceedings Citation Format Ahmed, N.B., Daclin, N., Olivaux, M. & 4usserre, G. (2023): Addressing the Dilemma of a “Crisis within a crisis”: Exploring the Penetration Testing challenges in a Mobile Field Hospital Setting. Proceedings of the Cyber Secure Nigeria Conference. Nigerian Army Resource Centre (NARC) Abuja, Nigeria. 11-12th July, 2023. Pp 67-80 https://www.csean.org.ng/. dx.doi.org/10.22624/AIMS/CSEAN-SMART2023P9
4
Gütl, Christian. "Editorial." JUCS - Journal of Universal Computer Science 31, no. (6) (2025): 550–51. https://doi.org/10.3897/jucs.158922.
Full textAbstract:
Dear Readers,It gives me great pleasure to announce the fifth regular issue of 2025. I would like to thank all the authors for their sound research papers and the editorial board and our guest reviewers for their extremely valuable reviews and suggestions for improvement. These contributions and the generous support of the KOALA consortium members enable us to run our journal and maintain its quality. I would also like to thank our broader community for reading and incorporating sound J.UCS papers into their research.Still, I would like to expand our editorial board: If you are a tenured associate professor or above with a good publication record, please apply to join our editorial board. We are also interested in receiving high-quality proposals for special issues on new topics and emerging trends. In this regular issue, I am very pleased to introduce 5 papers by 13 authors from 5 countries: Brazil, China, India, Tunisia, Vietnam. Icaro Prado Fernandes and Luiz Eduardo Galvão Martins from Brazil propose in their article a method to prioritize test cases based on human knowledge using a combination of factors evaluated in an assessment answered by 29 software industry professionals and 5 academics. Ryma Abassi from Tunisia builds on the principles of ethics, human rights and legal frameworks in his research to address the challenges and dilemmas faced by policymakers when it comes to ensuring cybersecurity without compromising privacy and civil liberties and proposes a set of ethical guidelines and best practices for designing and implementing cybersecurity policies. M. Priadarsini and J. Akilandeswari from India propose a unique framework in their research that leverages the big five personality traits alongside long short-term memory (LSTM) networks under a multitask learning paradigm to improve the performance of aspect-based sentiment analysis. Thuy Phuong Khuat, Trang Van and Hoang Thien Van from Vietnam discuss in their research an approach to plant leaf recognition by integrating the vision transformer (ViT) model with the OSSGabor filter, referred to as the OGViT method, and analyze the performance on four public datasets (Swedish Leaf, Flavia, Folio, and UCI Leaf) that outperforms state-of-the-art approaches. Yang Zhang, Ziwen Wei, Zhihua Liu, Xiaolong Wu and Junchao Qian from China introduce in their study a cost-effective and highly accurate method for recognizing patient postures during radiotherapy based on stacked grayscale 3-channel images. Enjoy Reading!Best regards,Christian Gütl, Managing Editor-in-Chief
5
Gütl, Christian. "Editorial." JUCS - Journal of Universal Computer Science 31, no. 6 (2025): 550–51. https://doi.org/10.3897/jucs.158922.
Full textAbstract:
Dear Readers, It gives me great pleasure to announce the fifth regular issue of 2025. I would like to thank all the authors for their sound research papers and the editorial board and our guest reviewers for their extremely valuable reviews and suggestions for improvement. These contributions and the generous support of the KOALA consortium members enable us to run our journal and maintain its quality. I would also like to thank our broader community for reading and incorporating sound J.UCS papers into their research. Still, I would like to expand our editorial board: If you are a tenured associate professor or above with a good publication record, please apply to join our editorial board. We are also interested in receiving high-quality proposals for special issues on new topics and emerging trends.  In this regular issue, I am very pleased to introduce 5 papers by 13 authors from 5 countries: Brazil, China, India, Tunisia, Vietnam.  Icaro Prado Fernandes and Luiz Eduardo Galvão Martins from Brazil propose in their article a method to prioritize test cases based on human knowledge using a combination of factors evaluated in an assessment answered by 29 software industry professionals and 5 academics.  Ryma Abassi from Tunisia builds on the principles of ethics, human rights and legal frameworks in his research to address the challenges and dilemmas faced by policymakers when it comes to ensuring cybersecurity without compromising privacy and civil liberties and proposes a set of ethical guidelines and best practices for designing and implementing cybersecurity policies.  M. Priadarsini and J. Akilandeswari from India propose a unique framework in their research that leverages the big five personality traits alongside long short-term memory (LSTM) networks under a multitask learning paradigm to improve the performance of aspect-based sentiment analysis.  Thuy Phuong Khuat, Trang Van and Hoang Thien Van from Vietnam discuss in their research an approach to plant leaf recognition by integrating the vision transformer (ViT) model with the OSSGabor filter, referred to as the OGViT method, and analyze the performance on four public datasets (Swedish Leaf, Flavia, Folio, and UCI Leaf) that outperforms state-of-the-art approaches.   Yang Zhang, Ziwen Wei, Zhihua Liu, Xiaolong Wu and Junchao Qian from China introduce in their study a cost-effective and highly accurate method for recognizing patient postures during radiotherapy based on stacked grayscale 3-channel images.  Enjoy Reading! Best regards, Christian Gütl, Managing Editor-in-Chief
6
Mohammed, Mustafa Khan. "NIST Cybersecurity Framework." Journal of Scientific and Engineering Research 10, no. 8 (2023): 150–57. https://doi.org/10.5281/zenodo.13950701.
Full textAbstract:
The NIST Cybersecurity Framework (NIST CSF) is a voluntary approach to dealing with cyber threats in an organization. The framework is developed by the National Institute of Standards and Technology and it is designed to provide organizations with a structured method and enhance their security priorities. The framework is used across the public and private sectors in various areas such as finance, the government, health care, and critical infrastructure. This essay takes an in-depth look into the NIST Cybersecurity Framework, including its different components, leadership and implementation strategies, merits and demerits, and the framework contributing to cyber awareness.
7
Brito-Acuña, Guillermo. "Aeronautic maturity cybersecurity: a framework." DYNA 90, no. 227 (2023): 24–34. http://dx.doi.org/10.15446/dyna.v90n227.107420.
Full textAbstract:
This article presents the results of a systematic review of the methods to implement cybersecurity maturity. Based on them, it proposes a framework for excellence in aeronautical cybersecurity that integrates the objectives of aeronautical cybersecurity with capabilities and requirements, which contributes to increasing the maturity of aeronautical cybersecurity. It exposes 13 objectives with 120 capabilities and 5 functional maturity levels to gradually meet up to 600 aeronautical cybersecurity requirements. Which were taken from articles with good practices associated with publications of the last 5 years and the criteria resulting from the collaboration of managers and the validation of experts in the industry, which allowed it to be enriched with good practices associated with the management of cybersecurity and the resilience of these infrastructures.
8
Kovács, László. "National Cybersecurity Strategy Framework." Academic and Applied Research in Military and Public 18, no. 2 (2019): 65–76. http://dx.doi.org/10.32565/aarms.2019.2.9.
Full text
9
Swire, Peter. "A pedagogic cybersecurity framework." Communications of the ACM 61, no. 10 (2018): 23–26. http://dx.doi.org/10.1145/3267354.
Full text
10
Liszkowska, Dominika. "Türkey’s Cybersecurity Policy Framework." Cybersecurity and Law 11, no. 1 (2024): 79–91. http://dx.doi.org/10.35467/cal/187262.
Full text
11
Rangarajan (Ray) Parthasarathy, David K. Wyant, Prasad Bingi, James R. Knight, and Anuradha Rangarajan. "DeTER Framework." International Journal of Intelligent Information Technologies 17, no. 2 (2021): 1–24. http://dx.doi.org/10.4018/ijiit.2021040101.
Full textAbstract:
The use of health apps on mobile devices by healthcare providers and receivers (patients) is proliferating. This has elevated cybersecurity concerns owing to the transmittal of personal health information through the apps. Research literature has mostly focused on the technology aspects of cybersecurity in mobile healthcare. It is equally important to focus on the ethical and regulatory perspectives. This article discusses cybersecurity concerns in mobile healthcare from the ethical perspective, the regulatory/compliance perspective, and the technology perspective. The authors present a comprehensive framework (DeTER) that integrates all three perspectives through which cybersecurity concerns in mobile healthcare could be viewed, understood, and acted upon. Guidance is provided with respect to leveraging the framework in the decision-making process that occurs during the system development life cycle (SDLC). Finally, the authors discuss a case applying the framework to a situation involving the development of a contact tracing mobile health app for pandemics such as COVID-19.
12
Malatji, Masike, Sune Von Solms, and Annlizé Marnewick. "Socio-technical systems cybersecurity framework." Information & Computer Security 27, no. 2 (2019): 233–72. http://dx.doi.org/10.1108/ics-03-2018-0031.
Full textAbstract:
Purpose This paper aims to identify and appropriately respond to any socio-technical gaps within organisational information and cybersecurity practices. This culminates in the equal emphasis of both the social, technical and environmental factors affecting security practices. Design/methodology/approach The socio-technical systems theory was used to develop a conceptual process model for analysing organisational practices in terms of their social, technical and environmental influence. The conceptual process model was then applied to specifically analyse some selected information and cybersecurity frameworks. The outcome of this exercise culminated in the design of a socio-technical systems cybersecurity framework that can be applied to any new or existing information and cybersecurity solutions in the organisation. A framework parameter to help continuously monitor the mutual alignment of the social, technical and environmental dimensions of the socio-technical systems cybersecurity framework was also introduced. Findings The results indicate a positive application of the socio-technical systems theory to the information and cybersecurity domain. In particular, the application of the conceptual process model is able to successfully categorise the selected information and cybersecurity practices into either social, technical or environmental practices. However, the validation of the socio-technical systems cybersecurity framework requires time and continuous monitoring in a real-life environment. Practical implications This research is beneficial to chief security officers, risk managers, information technology managers, security professionals and academics. They will gain more knowledge and understanding about the need to highlight the equal importance of both the social, technical and environmental dimensions of information and cybersecurity. Further, the less emphasised dimension is posited to open an equal but mutual security vulnerability gap as the more emphasised dimension. Both dimensions must, therefore, equally and jointly be emphasised for optimal security performance in the organisation. Originality/value The application of socio-technical systems theory to the information and cybersecurity domain has not received much attention. In this regard, the research adds value to the information and cybersecurity studies where too much emphasis is placed on security software and hardware capabilities.
13
Wang, Shouhong, and Hai Wang. "A Sociotechnical Systems Analysis of Knowledge Management for Cybersecurity." International Journal of Sociotechnology and Knowledge Development 13, no. 3 (2021): 77–94. http://dx.doi.org/10.4018/ijskd.2021070105.
Full textAbstract:
Knowledge management (KM) is a tool to tackle cybersecurity issues, provided it emphasizes on the interrelated social, organizational, and technological factors involved in cybersecurity. This paper proposes a sociotechnical systems analysis framework of KM systems for cybersecurity. Specifically, it applies a sociotechnical systems approach to investigation of constructs of KM systems for cybersecurity and identifies five major constructs of KM systems for cybersecurity: roles of KM in cybersecurity, organizational framework of KM for cybersecurity, cybersecurity analytics process, tools of KM for cybersecurity, and system architecture of KM for cybersecurity. The five constructs in the proposed sociotechnical systems analysis framework are analyzed. The paper makes contribution to the growing information systems literature by presenting a special case of sociotechnical systems analysis. The sociotechnical systems analysis framework provides guidelines for the development of KM systems for cybersecurity in organizations.
14
Onwubiko, Cyril, and Karim Ouazzane. "Multidimensional Cybersecurity Framework for Strategic Foresight." International Journal on Cyber Situational Awareness 6, no. 1 (2022): 46–77. http://dx.doi.org/10.22619/ijcsa.2021.100137.
Full textAbstract:
Cybersecurity is now at the forefront of most organisations’ digital transformative agendas and National economic, social and political programmes. Hence its impact to society can no longer be seen to be one dimensional. The rise in National cybersecurity laws and regulations is a good indicator of its perceived importance to nations. And the recent awakening for social and ethical transparency in society and coupled with sustainability issues demonstrate the need for a paradigm shift in how cybersecurity discourses can now happen. In response to this shift, a multidimensional cybersecurity framework for strategic foresight underpinned on situational awareness is proposed. The conceptual cybersecurity framework comprising six domains – Physical, Cultural, Economic, Social, Political and Cyber – is discussed. The guiding principles underpinning the framework are outlined, followed by in-depth reflection on the Business, Operational, Technological and Human (BOTH) factors and their implications for strategic foresight for cybersecurity.
15
Khader, Mohammed, Marcel Karam, and Hanna Fares. "Cybersecurity Awareness Framework for Academia." Information 12, no. 10 (2021): 417. http://dx.doi.org/10.3390/info12100417.
Full textAbstract:
Cybersecurity is a multifaceted global phenomenon representing complex socio-technical challenges for governments and private sectors. With technology constantly evolving, the types and numbers of cyberattacks affect different users in different ways. The majority of recorded cyberattacks can be traced to human errors. Despite being both knowledge- and environment-dependent, studies show that increasing users’ cybersecurity awareness is found to be one of the most effective protective approaches. However, the intangible nature, socio-technical dependencies, constant technological evolutions, and ambiguous impact make it challenging to offer comprehensive strategies for better communicating and combatting cyberattacks. Research in the industrial sector focused on creating institutional proprietary risk-aware cultures. In contrast, in academia, where cybersecurity awareness should be at the core of an academic institution’s mission to ensure all graduates are equipped with the skills to combat cyberattacks, most of the research focused on understanding students’ attitudes and behaviors after infusing cybersecurity awareness topics into some courses in a program. This work proposes a conceptual Cybersecurity Awareness Framework to guide the implementation of systems to improve the cybersecurity awareness of graduates in any academic institution. This framework comprises constituents designed to continuously improve the development, integration, delivery, and assessment of cybersecurity knowledge into the curriculum of a university across different disciplines and majors; this framework would thus lead to a better awareness among all university graduates, the future workforce. This framework may be adjusted to serve as a blueprint that, once adjusted by academic institutions to accommodate their missions, guides institutions in developing or amending their policies and procedures for the design and assessment of cybersecurity awareness.
16
Kumar, Ankit, Khushboo Mishra, Rajesh Kumar Mahto, and Binay Kumar Mishra. "A Framework for Institution to Enhancing Cybersecurity in Higher Education: A Review." LatIA 2 (January 1, 2024): 94. http://dx.doi.org/10.62486/latia202494.
Full textAbstract:
The increasing prevalence of cybersecurity threats has highlighted the urgent need for Higher Education Institutions (HEIs) to prioritize and enhance their cybersecurity measures. This research article presents a comprehensive framework aimed at guiding institutions in strengthening their cybersecurity posture within the higher education sector. The framework addresses the unique challenges faced by HEIs, taking into account the multifaceted nature of cybersecurity and the evolving threat landscape. The proposed framework incorporates a systematic approach that encompasses key components essential for effective cybersecurity management. These components include governance and leadership, risk assessment and management, technical controls, awareness and training, incident response, and collaboration with external stakeholders. The framework emphasizes the integration of these components to establish a robust and holistic cybersecurity strategy. The research article draws upon a thorough review of existing literature, best practices, and industry standards to provide practical insights for HEIs. The framework offers a structured approach that enables institutions to assess their current cybersecurity posture, identify gaps, and implement targeted measures to enhance their overall security resilience. By adopting this framework, institutions can proactively address cybersecurity challenges, mitigate risks, and protect sensitive data and systems. The framework serves as a valuable resource for HEI leaders, policymakers, and cybersecurity professionals seeking to enhance cybersecurity in the higher education landscape
17
Shingate, Prof Priyanka, Akash Trimbake, Mayur Sawant, Rushikesh Jagdhane, and Hrishikesh Jadhav. "Web Vulnerability Scanning Framework." International Journal for Research in Applied Science and Engineering Technology 11, no. 4 (2023): 3019–22. http://dx.doi.org/10.22214/ijraset.2023.50797.
Full textAbstract:
Abstract: The increasing reliance on web-based systems has brought cybersecurity to the forefront of concerns for organizations and individuals alike. In this paper, we present a framework that leverages open-source tools for information gathering (reconnaissance) and vulnerability assessment in web-based systems. The framework is designed to be hosted as a website, providing a user-friendly interface for cybersecurity practitioners to conduct reconnaissance and identify vulnerabilities in their target systems. Through integration of various open-source tools, our framework enables efficient and effective information gathering and vulnerability scanning, aiding in the identification and mitigation of potential security risks. Our framework contributes to the field of cybersecurity by providing a unified solution for reconnaissance and vulnerability assessment in webbased systems. The integration of open-source tools and the flexibility of our framework make it a valuable resource for cybersecurity practitioners.
18
Austin Oguejiofor Amaechi. "A methodological framework for fostering cybersecurity mindsets and behaviour." International Journal of Science and Research Archive 15, no. 2 (2025): 1799–810. https://doi.org/10.30574/ijsra.2025.15.2.1659.
Full textAbstract:
The continuously growing attack surfaces and artificial intelligence-enabled attacks have increased the overwhelming nature of the cybersecurity challenge. The result is that to some organizations, no amount of preparedness can guarantee immunity from cyber-attacks. Cybersecurity preparedness is an ongoing process and incentivizing the right behaviour is an essential characteristic of a human-centered whole-of-enterprise approach to cybersecurity. While there are many techniques developed to improve and understand cybersecurity decision making, there is a lack of design methodologies to allow cybersecurity design teams to systematically tackles creation of conditions that stimulate and sustain desired level of cybersecurity mindsets in an organization. To bridge this gap, we propose the Human Centered Methodological Cybersecurity (HCMC) framework to address this gap. This human-centered approach is based on the fundamental premise that the unpredictable nature of human behaviour and actions make humans an important element and enabler of the level of cybersecurity. Fostering sustainable cybersecurity mindset is a design problem. This study uses framework formulated from the Design Science Research (DSR) approach. The evaluation of the framework was done using different groups of cybersecurity experts, professionals, and general users. HCMC enables cybersecurity teams to surface and explore complex cybersecurity behaviour fostering issues specific to their organization and stimulate thinking from the perspective of different groups of stakeholders systematically, which might potentially be overlooked otherwise.
19
Dawson, Maurice. "Applying a holistic cybersecurity framework for global IT organizations." Business Information Review 35, no. 2 (2018): 60–67. http://dx.doi.org/10.1177/0266382118773624.
Full textAbstract:
Examined are the three core themes: the role of education in cybersecurity, the role of technology in cybersecurity, and the role of policy in cybersecurity. These topics are essential for organizations seeking to establish environments that allow them to be successful irregardless of location while examining external and internal conditions. This study examined the research gaps within cybersecurity as it relates to core themes in an effort to develop stronger policies, education programs, and hardened technologies for cybersecurity use. This work illustrates how cybersecurity can be broken into these three core areas and used together to address issues such as developing training environments for teaching real cybersecurity events. It will further show the correlations between technologies and policies for system Certification and Accreditation. Finally, it will offer insights on how cybersecurity can be used to maintain wirelessly security for international and national security for global organizations.
20
Jansen van Vuuren, Joey, Mafika Nkambule, and Louise Leenen. "Identifying Cybersecurity Elements for a Cybersecurity Framework in Higher Education." International Conference on Cyber Warfare and Security 20, no. 1 (2025): 584–94. https://doi.org/10.34190/iccws.20.1.3313.
Full textAbstract:
This study provides a framework and strategy for the creation of a cybersecurity culture in higher education institutions. Cybersecurity is identified as very important in higher education institutions have to accept responsibility for protecting the institution’s assets and personal information of staff and students. This study focuses on the challenges that higher education institutions confront in creating a cyber-secure environment, of which many relate to culture. Establishing a strong cybersecurity culture can be difficult due to variables such as the institution's size and the relatively short duration of student enrolment, which is three to four years on average. The paper includes a detailed roadmap for creating an appropriate cybersecurity culture in higher education institutions. It emphasises the critical role played by all parties concerned in achieving this goal, including administrators, academic staff, and students. As a result, higher education institutions can build a culture that prioritises cybersecurity and fosters safe behaviour among all participants while adhering to the principles presented in this paper.
21
Hossain, Sk Tahsin, Tan Yigitcanlar, Kien Nguyen, and Yue Xu. "Understanding Local Government Cybersecurity Policy: A Concept Map and Framework." Information 15, no. 6 (2024): 342. http://dx.doi.org/10.3390/info15060342.
Full textAbstract:
Cybersecurity is a crucial concern for local governments as they serve as the primary interface between public and government services, managing sensitive data and critical infrastructure. While technical safeguards are integral to cybersecurity, the role of a well-structured policy is equally important as it provides structured guidance to translate technical requirements into actionable protocols. This study reviews local governments’ cybersecurity policies to provide a comprehensive assessment of how these policies align with the National Institute of Standards and Technology’s Cybersecurity Framework 2.0, which is a widely adopted and commonly used cybersecurity assessment framework. This review offers local governments a mirror to reflect on their cybersecurity stance, identifying potential vulnerabilities and areas needing urgent attention. This study further extends the development of a cybersecurity policy framework, which local governments can use as a strategic tool. It provides valuable information on crucial cybersecurity elements that local governments must incorporate into their policies to protect confidential data and critical infrastructure.
22
Mathur, Aananaya. "Incident Response Simulation Framework." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 08, no. 04 (2024): 1–5. http://dx.doi.org/10.55041/ijsrem31743.
Full textAbstract:
Incident response is a pivotal security role in organizations that aimed to manage incidents quickly and economically. Cybersecurity Incident Response is a valuable development in the mitigation and operational security and data protection methods to safeguard employees and their assets. Cybersecurity awareness training is a powerful approach that leverage companies to cultivate employees into developing their knowledge and awareness of best practices and strategies for safeguarding sensitive data. Incident response is an emerging field due to the exceptional rise in the security breaches. The organizations need to implement such incident responses for the data breaches. The operational teams should be equipped with the hands-on experience of the incidents. The real-world scenarios must be used as a method to enhance the knowledge of the security team. The proposed system responds to such security demands generating an environment to test the security architecture, measure, track and report Cybersecurity KPIs as overall threat exposure to reduce exposure risk. The system is an educative framework for giving a real-world experience to the users and also test their ability and agility to respond to the incidents in the given time and correctly. Keywords—Incident response, Cybersecurity, data breaches, security
23
Polishchuk, Volodymyr, Vitalii Yurakh, Olena Kravchenko, Wolodymyr Warawa, and Inna Kulchii. "Legal Regulation of Cybersecurity and Privacy on the Internet." Revista de Gestão Social e Ambiental 18, no. 6 (2024): e06978. http://dx.doi.org/10.24857/rgsa.v18n6-134.
Full textAbstract:
Objective: This article examines the conceptual framework for forming and developing legal regulation of cybersecurity and privacy on the Internet. Theoretical Framework: The article aims to highlight the evolution and future prospects of legal regulation concerning cybersecurity and privacy in both Ukraine and globally. Method: The methodological principles include impartiality and unbiasedness and a comprehensive study of the legislative framework and its specifics in the context of cybersecurity and privacy. Results and Discussion: The legislative experiences of international law on cybersecurity and privacy have been summarized. In Ukraine, the legal support process for cybersecurity and privacy continues, with the country ratifying several international documents and developing its own legislative framework. Research Implications: The term "cybersecurity" has been legislatively defined, encompassing 10 fundamental principles regarding the Internet's development and impact on human life. Originality/Value: The terms "cybersecurity," "cybercrime," and "privacy in the virtual space" require further refinement. A methodology that facilitates the interaction and coexistence of legal norms and netiquette is needed.
24
Nkambule, Mafika, Joey Jansen van Vuuren, and Louise Leenen. "Creating a Cybersecurity Culture Framework in Higher Education." International Conference on Cyber Warfare and Security 20, no. 1 (2025): 304–12. https://doi.org/10.34190/iccws.20.1.3268.
Full textAbstract:
The increasing cybersecurity threats to higher education institutions in Africa necessitate risk management frameworks that are resilient and sensitive to regional needs. This paper applies Modified General Morphological Analysis (MGMA) to identify essential elements for an adaptable cybersecurity framework, focusing on the African higher education context. African institutions face many challenges, like limited funding, underdeveloped digital infrastructures, and rising cyberattacks. Our proposed MGMA is a structured methodology to examine key cybersecurity dimensions: governance, policy, technical controls, capacity building, and resource allocation. This approach allows for assessing complex interrelations among these elements, aimed at practical solutions suitable for African institutions. This study focuses on risk management approaches to address the specific vulnerabilities of African higher education institutions (HEIs), such as restricted budgets, inadequate cybersecurity teams, and increasing reliance on digital systems. The study promotes collaborative efforts by creating institutional networks, sharing resources, and enhancing cybersecurity expertise across Africa. The findings will guide decision-makers in aligning cybersecurity investments with strategic institutional goals, providing a framework for protecting critical educational assets, strengthening resilience, and advancing digital infrastructure development across African higher education.
25
Sawangphol, Wudhichart, Assadarat Khurat, and Nasorn Niampradit. "SecSAGE: NIST Cybersecurity Framework Visualization on SAGE2." ECTI Transactions on Computer and Information Technology (ECTI-CIT) 18, no. 3 (2024): 417–28. http://dx.doi.org/10.37936/ecti-cit.2024183.256034.
Full textAbstract:
Cybersecurity has been an area of great interest for an organization, given the significance of data and the increasing cybersecurity threats. The National Institute of Standards and Technology (NIST) has developed a cybersecurity framework intended for voluntary utilization by critical infrastructure owners and operators. Its primary purpose is to aid in the effective management of cybersecurity risks. This framework, similar to many other security standards, comprises a substantial volume of textual information that can be challenging to grasp comprehensively in a limited timeframe. In response to this challenge, we designed and developed an interactive visualization of the NIST Cybersecurity Framework using the SAGE2 platform. Our objective is to facilitate a better understanding of the framework. In addition, using SAGE2 enhances collaborative working. In our project, we analyze the content within the NIST document and map the framework's five core functions into a rich visualization workflow. Each function includes categories, sub-categories, and references that users can interactively explore. Our experiments show that our visualization can help participants correctly find the information about the NIST Cybersecurity Framework faster than manually finding the information in the document. For all tasks, participants can complete the tasks around 4.25 times faster than the manual method on average.
26
O'Brien, Niki, Emilia Grass, Guy Martin, Mike Durkin, Ara Darzi, and Saira Ghafur. "Developing a globally applicable cybersecurity framework for healthcare: a Delphi consensus study." BMJ Innovations 7, no. 1 (2020): 199–207. http://dx.doi.org/10.1136/bmjinnov-2020-000572.
Full textAbstract:
BackgroundCybersecurity in healthcare has become increasingly important as the COVID-19 pandemic has increased the use of digital technologies in healthcare provision around the world, while simultaneously encouraged cybercriminals to target healthcare organisations in greater numbers. Despite the threat of cyberattack to patient safety and the provision of healthcare, cybersecurity in the health sector lags behind other industries. Additionally, no adequate cybersecurity framework exists which considers the unique needs of the health sector.MethodsAn online Delphi was carried out to develop a globally relevant and applicable readiness framework to guide cybersecurity planning in healthcare. Experts (n=42) in the areas of cybersecurity, information communications and technology and health informatics were invited to list the components they felt were essential to a framework and subsequently agree with consensus on a final framework based on the identified components.ResultsAfter two rounds, the Essentials of Cybersecurity in Healthcare Organizations (ECHO) framework with 51 components, grouped into six categories, was regarded by the experts as an acceptable planning tool to guide cybersecurity in healthcare at the global level.ConclusionsThe ECHO framework, designed based on components chosen by international experts to meet the challenges of cybersecurity scale-up in the health and care sector globally, can help guide policymakers and health and care organisations in strengthening their cybersecurity infrastructure and deliver safe and effective care.
27
Kabanda, Gabriel, and Tinashe Chingoriwo. "A Cybersecurity Culture Framework for Grassroots Levels in Zimbabwe." Oriental journal of computer science and technology 14, no. 010203 (2022): 17–34. http://dx.doi.org/10.13005/ojcst14.010203.03.
Full textAbstract:
Cybersecurity is a combination of technologies, processes and operations that are designed to protect information systems, computers, devices, programs, data and networks from internal or external threats, harm, damage, attacks or unauthorized access1.The research was purposed to develop a cybersecurity culture framework which ensures that grassroot users of cyberspace are secured from cyber threats. Literature review showed that in Zimbabwe, no research had attempted to come up with a cybersecurity culture framework for grassroot users of cyberspace.The research was guided by the interpretivist paradigm and employed a qualitative methodology. A descriptive research design was used to answer the research questions and unstructured interviews were done to ascertain the cybersecurity needs and challenges of grassroot users of cyberspace. A cybersecurity culture framework was then crafted based on the research findings. The researchers recommended that Zimbabwe should have a cybersecurity vision and strategy that cascades to the grassroot users of cyberspace. Furthermore, the education curricula should be revised so that it incorporates cybersecurity courses at primary and secondary school level .This will then ensure that ICT adoption is matched with cyber hygiene and responsible use of cyberspace.
28
Bernardo, Luís, Silvestre Malta, and João Magalhães. "An Evaluation Framework for Cybersecurity Maturity Aligned with the NIST CSF." Electronics 14, no. 7 (2025): 1364. https://doi.org/10.3390/electronics14071364.
Full textAbstract:
Cybersecurity is critical for mitigating the economic and reputational impacts of cyberattacks. To address these risks, frameworks like the NIST Cybersecurity Framework (NIST CSF) provide standardized guidelines for managing and reducing cybersecurity threats. This paper presents a maturity assessment approach aligned with the NIST CSF, incorporating a dual-survey methodology. The first survey engages cybersecurity experts to calibrate question importance, while the second targets organizations across management, IT staff, and other roles. The approach employs algorithms to deliver consistent evaluations and facilitate cross-organization comparisons. Results from case studies illustrate cybersecurity maturity levels for each NIST CSF function and highlight priority controls for enhancing organizational cybersecurity.
29
Garba, J., J. Kaur, and E. Nuraihan Mior Ibrahim. "Design of a conceptual framework for cybersecurity culture amongst online banking users in Nigeria." Nigerian Journal of Technology 42, no. 3 (2023): 399–405. http://dx.doi.org/10.4314/njt.v42i3.13.
Full textAbstract:
This study aims to construct a comprehensive conceptual framework that elucidates the critical human factors influencing cybersecurity culture among online banking users in Nigeria. The research methodology is grounded in a meticulous examination of existing literature in the cybersecurity culture domain, serving as the foundation for this framework. The literature review reveals a conspicuous absence of academic research on cybersecurity culture within Nigeria and underscores the importance of comprehending its unique nuances. Key findings from the literature review highlight the prominence of “cybersecurity awareness,” “cybersecurity policy,” and “cybersecurity education” as influential factors. “Cybersecurity awareness” emerges as the most pivotal factor due to its recurrent emphasis and recognized centrality. “Cybersecurity policy” and “cybersecurity education” secure the second and third positions, respectively, due to their acknowledged significance in cultivating a security-conscious mindset among online banking users. Furthermore, the literature review exposes a research gap concerning the requisite “cybersecurity knowledge” that should permeate organizations and individuals to augment cybersecurity culture. Additionally, it reveals the underexplored influence of “social norms” and “interpersonal trust” in molding cybersecurity culture. This research accentuates the dearth of cybersecurity culture research within Nigeria and underscores the importance of understanding its unique facets. The proposed conceptual framework provides a valuable resource for designing tailored cybersecurity strategies and programs in Nigeria’s online banking sector. It advocates for prioritizing cybersecurity awareness, education, and policy, empowering users with the knowledge and skills needed to safeguard themselves against cyber threats. The model also highlights the relevance of recognizing the role played by social dynamics, interpersonal trust, and social norms in shaping cybersecurity behaviours.
30
Hamza, Muhammad Ali, Usama Ejaz, and Hyun-chul Kim. "Cyber5Gym: An Integrated Framework for 5G Cybersecurity Training." Electronics 13, no. 5 (2024): 888. http://dx.doi.org/10.3390/electronics13050888.
Full textAbstract:
The rapid evolution of 5G technology, while offering substantial benefits, concurrently presents complex cybersecurity challenges. Current cybersecurity systems often fall short in addressing challenges such as the lack of realism of the 5G network, the limited scope of attack scenarios, the absence of countermeasures, the lack of reproducible, and open-sourced cybersecurity training environments. Addressing these challenges necessitates innovative cybersecurity training systems, referred to as “cyber ranges”. In response to filling these gaps, we propose the Cyber5Gym, an integrated cyber range that enhances the automation of virtualized cybersecurity training in 5G networks with cloud-based deployment. Our framework leverages open-source tools (i) Open5GS and UERANSIM for realistic emulation of 5G networks, (ii) Docker for efficient virtualization of the training infrastructure, (iii) 5Greply for emulating attack scenarios, and (iv) Shell scripts for automating complex training operations. This integration facilitates a dynamic learning environment where cybersecurity professionals can engage in real-time attack and countermeasure exercises, thus significantly improving their readiness against 5G-specific cyber threats. We evaluated it by deploying our framework on Naver Cloud with 20 trainees, each accessing an emulated 5G network and managing 100 user equipments (UEs), emulating three distinct attack scenarios (SMC-Reply, DoS, and DDoS attacks), and exercising countermeasures, to demonstrate the cybersecurity training. We assessed the effectiveness of our framework through specific metrics such as successfully establishing the 5G network for all trainees, accurate execution of attack scenarios, and their countermeasure implementation via centralized control of the master using automated shell scripts. The open-source foundation of our framework ensures replicability and adaptability, addressing a critical gap in current cybersecurity training methodologies and contributing significantly to the resilience and security of 5G infrastructures.
31
Metin, Bilgin, Fatma Gül Özhan, and Martin Wynn. "Digitalisation and Cybersecurity: Towards an Operational Framework." Electronics 13, no. 21 (2024): 4226. http://dx.doi.org/10.3390/electronics13214226.
Full textAbstract:
As businesses increasingly adopt digital processes and solutions to enhance efficiency and productivity, they face heightened cybersecurity threats. Through a systematic literature review and concept development, this article examines the intersection of digitalisation and cybersecurity. It identifies the methodologies and tools used for cybersecurity assessments, factors influencing the adoption of cybersecurity measures, and the critical success factors for implementing these measures. The article also puts forward the concept of cybersecurity governance process categories, which are used to classify the factors uncovered in the research. Findings suggest that current information security standards tend to be too broad and not adequately tailored to the specific needs of small and medium-sized enterprises (SMEs) when implementing emerging technologies, like Internet of Things (IoT), blockchain, and artificial intelligence (AI). Additionally, these standards often employ a top-down approach, which makes it challenging for SMEs to effectively implement them, as they require more scalable solutions tailored to their specific risks and limited resources. The study thus proposes a new framework based on the Plan-Do-Check model, built around the cybersecurity governance process categories and the three core pillars of governance, culture and standards. This is essentially a bottom-up approach that complements current top-down methods, and will be of value to both information technology (IT) professionals as an operational guide, and to researchers as a basis for future research in this field.
32
Goel, Rajni, Anupam Kumar, and James Haddow. "PRISM: a strategic decision framework for cybersecurity risk assessment." Information & Computer Security 28, no. 4 (2020): 591–625. http://dx.doi.org/10.1108/ics-11-2018-0131.
Full textAbstract:
Purpose This study aims to develop a framework for cybersecurity risk assessment in an organization. Existing cybersecurity frameworks are complex and implementation oriented. The framework can be systematically used to assess the strategic orientation of a firm with respect to its cybersecurity posture. The goal is to assist top-management-team with tailoring their decision-making about security investments while managing cyber risk at their organization. Design/methodology/approach A thematic analysis of existing publications using content analysis techniques generates the initial set of keywords of significance. Additional factor analysis using the keywords provides us with a framework comprising of five pillars comprising prioritize, resource, implement, standardize and monitor (PRISM) for assessing a firm’s strategic cybersecurity orientation. Findings The primary contribution is the development of a novel PRISM framework, which enables cyber decision-makers to identify and operationalize a tailored approach to address risk management and cybersecurity problems. PRISM framework evaluation will help organizations identify and implement the most tailored risk management and cybersecurity approach applicable to their problem(s). Originality/value The new norm is for companies to realize that data stratification in cyberspace extends throughout their organizations, intertwining their need for cybersecurity within business operations. This paper fulfills an identified need improve the ability of company leaders, as CIOs and others, to address the growing problem of how organizations can better handle cyber threats by using an approach that is a methodology for cross-organization cybersecurity risk management.
33
Wang, Yunpeng, Yinghui Wang, Hongmao Qin, Haojie Ji, Yanan Zhang, and Jian Wang. "A Systematic Risk Assessment Framework of Automotive Cybersecurity." Automotive Innovation 4, no. 3 (2021): 253–61. http://dx.doi.org/10.1007/s42154-021-00140-6.
Full textAbstract:
AbstractThe increasingly intelligent and connected vehicles have brought many unprecedented automotive cybersecurity threats, which may cause privacy breaches, personal injuries, and even national security issues. Before providing effective security solutions, a comprehensive risk assessment of the automotive cybersecurity must be carried out. A systematic cybersecurity risk assessment framework for automobiles is proposed in this study. It consists of an assessment process and systematic assessment methods considering the changes of threat environment, evaluation target, and available information in vehicle lifecycle. In the process of risk identification and risk analysis, the impact level and attack feasibility level are assessed based on the STRIDE model and attack tree method. An automotive cybersecurity risk matrix using a global rating algorithm is then constructed to create a quantitative risk metric. Finally, the applicability and feasibility of the proposed risk assessment framework are demonstrated through a use case, and the results prove that the proposed framework is effective. The proposed assessment framework helps to systematically derive automotive cybersecurity requirements.
34
Albediwi, Mead, and Kishwar Sadaf. "A Framework for Cybersecurity Awareness in Saudi Arabia." Journal of Engineering and Applied Sciences 10, no. 1 (2023): 35. http://dx.doi.org/10.5455/jeas.2023050103.
Full textAbstract:
The rapid advancement in technology has improved people's lives, but it has also increased the risks that come with using the Internet, including cybercrimes. Lately, Saudi Arabia, a booming economy, has become one of the prime targets of cyberattacks. The massive amount of cyberattacks targeting Saudi Arabia can be attributed to the lack of cybersecurity awareness among Saudi people. The objective of this study is to propose methods on the national level to increase the awareness of cybersecurity among Saudi people. We conducted a cybersecurity assessment survey to assess the cybersecurity awareness among Saudi people. The survey result indicated negligent behavior and lack of awareness. To address this issue, we proposed a cybersecurity awareness framework which targets all strata of Saudi Arabia demography. The proposed framework not only emphasized training programs in schools, universities and organizations but also addresses the awareness issue in people from informal backgrounds. The framework also includes the importance of incident response and its role in reducing incidents.
35
Abhilash Maroju, Srinivas A Vaddadi, Sravanthi Dontu, Rohith Vallabhaneni,. "An Empirical Paradigm on Cybersecurity Vulnerability Mitigation Framework." International Journal on Recent and Innovation Trends in Computing and Communication 11, no. 9s (2023): 786–92. http://dx.doi.org/10.17762/ijritcc.v11i9s.9484.
Full textAbstract:
Current cybersecurity vulnerability assessment tools were developed in accordance with guidelines established by entities like the National Institute of Standards and Technology (NIST) and the United States Department of Energy. When assessing their facility's cybersecurity maturity, owners and operators of critical infrastructure frequently use frameworks like the NIST Cybersecurity Framework (CSF) and the cybersecurity capability maturity model (C2M2). These frameworks are great at finding vulnerabilities and doing qualitative cybersecurity analysis, but they don't help you get to the level of cybersecurity maturity you want by letting you prioritise how you fix those flaws. Cyber dangers pose a significant risk to businesses and are becoming more pervasive in our everyday lives. In this way, businesses may devise a strategy and set of guidelines by simulating a breach attack. But these strategies are based on experts' tacit knowledge. In response to this problem, the authors of this study suggest an automated and formal process for creating prioritised action plans to enhance environmental transparency. An experiment proving the validity of the proposed method was conducted, yielding consistent and applicable results to the tested scenario. Through testing against a real-world cyberattack that targeted industrial control systems at a critical infrastructure facility, this article presents a thorough architecture of CyFEr and demonstrates its application to CSF.
36
Hijji, Mohammad, and Gulzar Alam. "Cybersecurity Awareness and Training (CAT) Framework for Remote Working Employees." Sensors 22, no. 22 (2022): 8663. http://dx.doi.org/10.3390/s22228663.
Full textAbstract:
Currently, cybersecurity plays an essential role in computing and information technology due to its direct effect on organizations’ critical assets and information. Cybersecurity is applied using integrity, availability, and confidentiality to protect organizational assets and information from various malicious attacks and vulnerabilities. The COVID-19 pandemic has generated different cybersecurity issues and challenges for businesses as employees have become accustomed to working from home. Firms are speeding up their digital transformation, making cybersecurity the current main concern. For software and hardware systems protection, organizations tend to spend an excessive amount of money procuring intrusion detection systems, antivirus software, antispyware software, and encryption mechanisms. However, these solutions are not enough, and organizations continue to suffer security risks due to the escalating list of security vulnerabilities during the COVID-19 pandemic. There is a thriving need to provide a cybersecurity awareness and training framework for remote working employees. The main objective of this research is to propose a CAT framework for cybersecurity awareness and training that will help organizations to evaluate and measure their employees’ capability in the cybersecurity domain. The proposed CAT framework will assist different organizations in effectively and efficiently managing security-related issues and challenges to protect their assets and critical information. The developed CAT framework consists of three key levels and twenty-five core practices. Case studies are conducted to evaluate the usefulness of the CAT framework in cybersecurity-based organizational settings in a real-world environment. The case studies’ results showed that the proposed CAT framework can identify employees’ capability levels and help train them to effectively overcome the cybersecurity issues and challenges faced by the organizations.
37
Haleem, Abid, Mohd Javaid, Ravi Pratap Singh, Shanay Rab, and Rajiv Suman. "Perspectives of cybersecurity for ameliorative Industry 4.0 era: a review-based framework." Industrial Robot: the international journal of robotics research and application 49, no. 3 (2022): 582–97. http://dx.doi.org/10.1108/ir-10-2021-0243.
Full textAbstract:
Purpose Industry 4.0 refers to the interconnection of cyber-physical systems, which connects the physical and digital worlds by collecting digital data from physical objects/processes, and using this data to drive automation and optimisation. Digital technologies used in this revolution gather and handle massive volumes of high-velocity streams while automating field operations and supply chain activities. Cybersecurity is a complicated process that helps sort out various hacking issues of Industry 4.0. This purpose of this paper is to provide an overview on cybersecurity and its major applications for Industry 4.0. Design/methodology/approach The rise of Industry 4.0 technologies is changing how machines and associated information are obtained to evaluate the data contained within them. This paper undertakes a comprehensive literature-based study. Here, relevant research papers related to cybersecurity for Industry 4.0 are identified and discussed. Cybersecurity results in high-end products, with faster and better goods manufactured at a lesser cost. Findings Artificial intelligence, cloud computing, internet of things, robots and cybersecurity are being introduced to improve the Industry 4.0 environment. In the starting, this paper provides an overview of cybersecurity and its advantages. Then, this study discusses technologies used to enhance the cybersecurity process. Enablers, progressive features and steps for creating a cybersecurity culture for Industry 4.0 are discussed briefly. Also, the research identified the major cybersecurity applications for Industry 4.0 and discussed them. Cybersecurity is vital for better data protection in many businesses and industrial control systems. Manufacturing is getting more digitised as the sector embraces automation to a more significant level than ever before. Originality/value This paper states about Industry 4.0 and the safety of multiple business process systems through cybersecurity. A significant issue for Industry 4.0 devices, platforms and frameworks is undertaken by cybersecurity. Digital transformation in the Industry 4.0 era will increase industrial competitiveness and improve their capacity to make optimum decisions. Thus, this study would give an overview of the role of cybersecurity in the effective implementation of Industry 4.0.
38
Lyseiuk, Andrii, and Tetiana Svintsitska. "Development of International Cooperation in Cybersecurity: Normative and Legal Framework and Prospects." Law and innovative society, no. 2 (23) (December 20, 2024): 89–95. https://doi.org/10.37772/2309-9275-2024-2(23)-8.
Full textAbstract:
The article considers certain aspects of the development of international cooperation in the field of cybersecurity in Ukraine. It emphasizes the priority of issues of cyberspace protection, the importance of continuing cooperation with foreign partners in the field of cybersecurity and the introduction of new initiatives to strengthen cyber defense and deepen cooperation with the European Union and the North Atlantic Alliance. The norms of current regulatory legal acts and strategic planning documents in the field of cybersecurity are considered. Individual provisions of the Law of Ukraine “On the Basic Principles of Ensuring Cybersecurity of Ukraine”, the Cybersecurity Strategy of Ukraine and the EU Cybersecurity Strategy for the Digital Decade are analyzed. It is established that an important strategic aspect is ensuring active participation in the dialogue within international organizations on the joint development of norms of behavior in cyberspace and improving the relevant regulatory and legal framework. The importance of building an effective national cybersecurity system and deepening international cooperation in this area, which should be systematic and consistent, has been proven. It is noted that cybersecurity is currently a critical problem that requires increased attention, including from researchers. The need to deepen European integration processes by unifying approaches, methods and means of ensuring cybersecurity with established NATO practices has been emphasized. The following promising areas for further development of international cooperation have been identified: cooperation with international partners in the field of cybersecurity through interaction and active participation in new initiatives to strengthen cyber defense, counter cyber threats and cyber attacks; systematic exchange of research and innovations, experience in building and effective functioning of national cybersecurity systems, and improvement of national legislation in the field of cybersecurity. The conclusions are drawn that the creation of an effective national system of cybersecurity and cyberspace protection is impossible without the activation of international cooperation in this area, which must be accompanied by comprehensive scientific research and have a systemic, dynamic, and consistent nature.
39
Milagros B. Barruga. "Cybersecurity Strategy for Higher Education Institutions: A Thematic Analysis on Standards and Frameworks." Journal of Information Systems Engineering and Management 10, no. 43s (2025): 1140–52. https://doi.org/10.52783/jisem.v10i43s.8533.
Full textAbstract:
Higher education institutions (HEIs) are increasingly vulnerable to cybersecurity attacks. As HEIs shift their operations online, they inevitably employ open systems and decentralized processing, making them particularly susceptible to cyberattacks. The study aims to identify the cybersecurity frameworks that HEIs currently employ as well as the characteristics that these frameworks must have. Initially, a comprehensive literature review was conducted to determine current cybersecurity practices and frameworks used by HEIs. This is followed by expert interviews with IT and cybersecurity professionals to gather insights into the attributes of effective cybersecurity frameworks. Qualitative data is analyzed through thematic coding to identify common characteristics and challenges. Finally, a proposed cybersecurity framework is developed by integrating these identified attributes with established cybersecurity concepts and best practices. The framework, developed from the identified attributes and established concepts, offers a comprehensive approach tailored to the specific needs of HEIs. By incorporating insights from industry professionals and aligning with best practices, the framework provides a robust tool for enhancing the cybersecurity posture of HEIs. This research contributes to the ongoing development of effective cybersecurity strategies in the higher education sector. It underscores the importance of a tailored approach to addressing the evolving cyber threat landscape.
40
Fleming, Courtney, Mark Reith, and Wayne Henry. "Securing Commercial Satellites for Military Operations: A Cybersecurity Supply Chain Framework." International Conference on Cyber Warfare and Security 18, no. 1 (2023): 85–92. http://dx.doi.org/10.34190/iccws.18.1.1062.
Full textAbstract:
The increased reliance on commercial satellites for military operations has made it essential for the Department of Defense (DoD) to adopt a supply chain framework to address cybersecurity threats in space. This paper presents a satellite supply chain framework, the Cybersecurity Supply Chain (CSSC) Framework, for the DoD in the evaluation and selection of commercial satellite contracts. The proposed strategy is informed by research on cybersecurity threats to commercial satellites, national security concerns, current DoD policy, and previous cybersecurity frameworks. This paper aims to provide a comprehensive approach for safeguarding commercial satellites used by the DoD and ensuring the security of their supporting components. Inspired by the National Institute of Standards and Technology (NIST) 800-171 requirements and the DoD’s future Cybersecurity Maturity Model Certification (CMMC) process, the two-part framework significantly streamlines the NIST requirements to accommodate small businesses. It also extends key NIST requirements to commercial-off-the-shelf (COTS) suppliers. The CSSC Framework complements the CMMC certification process by addressing the need for cybersecurity requirements for all subcontractors supporting a commercial space asset. The framework incorporates a scoring process similar to CMMC scoring, granting points to a subcontractor for meeting the cybersecurity requirements outlined by the framework. In addition, the framework creates a space architecture overview that details the overall bid score and establishes a matrix based on individual requirements. This model and matrix allow DoD acquisition personnel to closely analyze each contract bid, comparing the subcontractor's strengths and weaknesses to other bidders. The CSSC Framework will allow the DoD to apply NIST standards to subcontractors who do not meet the requirements for CMMC certification.
41
Mmango, Nangamso, and Tapiwa Gundu. "Cultivating Collective Armor: Towards a Collaborative Cybersecurity Resilience Framework for SMEs." European Conference on Innovation and Entrepreneurship 19, no. 1 (2024): 523–31. http://dx.doi.org/10.34190/ecie.19.1.2799.
Full textAbstract:
As Small and Medium-sized Enterprises (SMEs) increasingly integrate digital technologies into their operations, they face escalating cybersecurity threats that challenge their limited financial and human resources. Historically, cybersecurity was not a primary concern for many SMEs due to their minimal reliance on cyberinfrastructure. However, the growing dependency on digital systems has exposed them to significant risks, necessitating robust cybersecurity measures. This research introduces a cybersecurity resilience framework specifically designed to enhance the cybersecurity posture of SMEs through collaborative efforts. Drawing upon principles of collective intelligence, shared resources, and shared responsibility, the proposed framework promotes a holistic approach that merges advanced technological solutions with collaborative practices among SMEs, industry stakeholders, and governmental entities. By enabling SMEs to pool their cybersecurity resources and capabilities, the framework aims to provide a comprehensive defence against cyber threats that could not be achieved by individual entities alone. The research delves into key collaborative literature to ground the framework in proven strategies and existing successful models of collaboration. It highlights how collective action can be a powerful tool in overcoming the inherent vulnerabilities of SMEs to cyber threats. To validate the effectiveness and applicability of the framework, it went through an expert review process involving cybersecurity professionals and stakeholders in the SME sector. This study not only underscores the necessity for SMEs to adapt to the evolving cybersecurity landscape but also provides a practical blueprint for collective defence. The framework’s emphasis on shared responsibility and mutual aid presents a shift from traditional, isolated cybersecurity approaches to a more integrated and cooperative strategy. This has the potential to significantly enhance the resilience of SMEs against cyber threats, safeguarding their operations and contributing to the overall stability of the digital economy. Future research directions include the application of the framework across various industries and global contexts to evaluate its versatility and impact under different regulatory and threat environments.
42
Turk, Žiga, Muammer Semih Sonkor, and Robert Klinc. "CYBERSECURITY ASSESSMENT OF BIM/CDE DESIGN ENVIRONMENT USING CYBER ASSESSMENT FRAMEWORK." JOURNAL OF CIVIL ENGINEERING AND MANAGEMENT 28, no. 5 (2022): 349–64. http://dx.doi.org/10.3846/jcem.2022.16682.
Full textAbstract:
Digitalisation of the construction industry is exposing it to cybersecurity risks. All phases of construction can be affected. Particularly vulnerable are information-intensive phases such as building design and building operation. Construction is among the last industries that are discovering its cybersecurity risks and can rely on frameworks developed for other contexts. In this paper, we evaluate the cybersecurity risks of the design phase of construction using the Cyber Assessment Framework from the National Cybersecurity Centre (NCSC) of the UK. The goal of this study is twofold. First, to examine cybersecurity risks themselves, and second, to evaluate the applicability of the NCSC framework for construction to see if and how construction is specific. The analysis shows that the cybersecurity risks follow the information impact curve that has been motivating the introduction of Building Information Modelling (BIM). The framework is applicable but is weak in addressing the specifics of the construction industrial ecosystem, which involves a multitude of dynamically connected actors, their overlapping authorities, and conflicting motives. It is suggested that a specialized constructionrelated framework should be developed.
43
GRAMMATOPOULOS, Athanasios Vasileios, and Fabio DI FRANCO. "Building a Career Path Through Training Programmes Using ECSF." International Journal of Information Security and Cybercrime 12, no. 1 (2023): 11–17. http://dx.doi.org/10.19107/ijisc.2023.01.01.
Full textAbstract:
Although more and more services are moving into the digital space, there are not enough professionals to cover all the cybersecurity-related positions needed to ensure the security and resilience of organisations. The problem, known as the “cybersecurity skills gap and workforce shortage”, was highlighted even more during the COVID-19 pandemic and is affecting organisations worldwide. The European Union Agency for Cybersecurity (ENISA) recently released the European Cybersecurity Skills Framework (ECSF), a cybersecurity framework defining 12 cybersecurity role profiles, along with the main tasks, skills, and knowledge associated with each one. In this work, we will look into how individuals can leverage ECSF to skill up and plan their careers in cybersecurity. We will explain how professionals can associate their target cybersecurity-related job role with the ECSF roles profiles and how they can develop skills and knowledge for their next career steps. These steps can be used by new cybersecurity professionals joining the workforce, cybersecurity professionals already working in the field as well as professionals (usually from a related sector) wanting to shift careers to cybersecurity.
44
Gajewski, Tomasz. "TOWARDS RESILIENCE. EUROPEAN CYBERSECURITY STRATEGIC FRAMEWORK." Ante Portas - Studia nad bezpieczeństwem 1(14)/2020, no. 1(14)/2020 (2020): 103–22. http://dx.doi.org/10.33674/3201911.
Full textAbstract:
Cyberspace has become critical domain of contemporary societies and states. Growing presence and dense network of various activities have resulted in transformation of strictly technical dimension into nervous system of the world. Naturally, with humans’ immersion in cyberspace, the catalogue of threats is growing exponentially - from risks to individuals’ security through hazards to corporate, government entities to threats to complex social systems. Resilience of the latter depends on cyberspace. The aim of the paper is to analyse EU’s approach to growing dangers, with European Cybersecurity Strategy as main research field. Document will be employed to conduct the study.
45
Chen, Jim Q. "A Framework for Cybersecurity Strategy Formation." International Journal of Cyber Warfare and Terrorism 4, no. 3 (2014): 1–10. http://dx.doi.org/10.4018/ijcwt.2014070101.
Full textAbstract:
A good cybersecurity strategy consists of the most effective and the most optimal course of actions available at the moment of operation in order to ensure the success of a cyber operation. How to form such a strategy is always a challenge. The current literature does not have much discussion about this topic. This paper intends to explore this process, which supports decision-makers in the cyber domain. It applies the Cybersecurity Formation Framework proposed in Chen and Duvall (2014), and shows how it can integrate varied actions into a systematic and consolidated course of actions to guarantee the success in a mission. This paper also suggests areas for future studies.
46
Formosa, Paul, Michael Wilson, and Deborah Richards. "A principlist framework for cybersecurity ethics." Computers & Security 109 (October 2021): 102382. http://dx.doi.org/10.1016/j.cose.2021.102382.
Full text
47
Ekstedt, Mathias, Zeeshan Afzal, Preetam Mukherjee, Simon Hacks, and Robert Lagerström. "Yet Another Cybersecurity Risk Assessment Framework." International Journal of Comparative Studies in International Relations and Development 10, no. 1 (2024): 84–93. http://dx.doi.org/10.48028/iiprds/ijcsird.v10.i1.07.
Full textAbstract:
IT systems pervade our society more and more, and we become heavily dependent on them. At the same time, these systems are increasingly targeted in cyberattacks, making us vulnerable. Enterprise and cybersecurity responsible face the problem of defining techniques that raise the level of security. They need to decide which mechanism provides the most efficient defense with limited resources. Basically, the risks need to be assessed to determine the best cost-to-benefit ratio. One way to achieve this is through threat modeling; however, threat modeling is not commonly used in the enterprise IT risk domain. Furthermore, the existing threat modeling methods have shortcomings. This paper introduces a metamodel-based approach named Yet Another Cybersecurity Risk Assessment Framework (Yacraf). Yacraf aims to enable comprehensive risk assessment for organizations with more decision support. The paper includes a risk calculation formalization and also an example showing how an organization can use and benefit from Yacraf.
48
Kumar, Keshav. "Artificial Intelligence for Improving Cybersecurity Framework." INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 09, no. 05 (2025): 1–9. https://doi.org/10.55041/ijsrem48949.
Full textAbstract:
Abstract As the attack types become more sophisticated, the ones in use today are losing their touch due to various reasons. Chief among these include zero-day exploits, AI-driven phishing, and polymorphic malware. This study explores incorporating artificial intelligence (AI) in cyber security frameworks to counter such threats, thereby proposing to shift the focus from reactive to proactive and adaptive mechanisms. It employs machine learning (ML) algorithms, neural networks, and natural language processing (NLP) to show how AI can better threat detection, automate incident response, and predict vulnerabilities in real-time. A new AI-based framework marries supervised learning for anomaly detection, reinforcement learning for adaptive protocol optimization, and generative adversarial networks (GANS) to simulate and counter advanced persistent threats (APTs).A set of examples is provided that validates the real-life functionality of the proposed framework in NIDS and cloud security environments and reveals a 40% speed improvement in threat identification and a 35% decrease in false positives compared to rule-based systems. Simultaneously, the study also deals with other ethical and operational issues such as adversarial attacks on AI models, privacy of valid data, and the "black box" problem of ML in decision-making. Using explainable AI (XAI) techniques and federated learning for distributed data processing, the proposed framework contends with the balancing act between transparency and robust security.This study presents the potential of AI to craft self-healing, context-sensitive cyber security infrastructures and summons standard regulatory guidelines governing AI on critical systems. The findings performed aim to empower departments to adopt intelligent, scale able defenses as the cyber warfare continues escalating. Keywords: AI-Driven Cyber security, Proactive Threat Detection, Adaptive Security Frameworks, Explainable AI (XAI), Machine Learning in Intrusion Detection
49
Komane, Kagiso, Lucas Khoza, and Fani Radebe. "A Conceptual Framework for Cybersecurity Awareness." Journal of Cyber Security 7, no. 1 (2025): 79–108. https://doi.org/10.32604/jcs.2025.059712.
Full text
50
Matheu-García, Sara Nieves, José Luis Hernández-Ramos, Antonio Skarmeta, and Gianmarco Baldini. "A Survey of Cybersecurity Certification for the Internet of Things." ACM Computing Surveys 53, no. 5 (2020): 1–36. https://doi.org/10.1145/3410160.
Full textAbstract:
In recent years, cybersecurity certification is gaining momentum as the baseline to build a structured approach to mitigate cybersecurity risks in the Internet of Things (IoT). This initiative is driven by industry, governmental institutions, and research communities, which have the goal to make IoT more secure for the end-users. In this survey, we analyze the current cybersecurity certification schemes, as well as the potential challenges to make them applicable for the IoT ecosystem. We also examine current efforts related to risk assessment and testing processes, which are widely recognized as the processes to build a cybersecurity certification framework. Our work provides a multidisciplinary perspective of a possible IoT cybersecurity certification framework by integrating research and technical tools and processes with policies and governance structures, which are analyzed against a set of identified challenges. This survey is intended to give a comprehensive overview of cybersecurity certification to facilitate the definition of a framework that fits in emerging scenarios, such as the IoT paradigm.