Enhancing cybersecurity in the judiciary: Integrating additional controls into the CIS framework

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-06-25 DOI:10.1016/j.cose.2025.104584

Renato Solimar Alves , Jady Pamella Barbacena da Silva , Luiz Antonio Ribeiro Junior , Rafael Rabelo Nunes

{"title":"Enhancing cybersecurity in the judiciary: Integrating additional controls into the CIS framework","authors":"Renato Solimar Alves , Jady Pamella Barbacena da Silva , Luiz Antonio Ribeiro Junior , Rafael Rabelo Nunes","doi":"10.1016/j.cose.2025.104584","DOIUrl":null,"url":null,"abstract":"<div><div>The Judiciary faces considerable challenges protecting its critical operations from cyber threats in an increasingly digital and vulnerable landscape. This article explores the need to enhance information security practices beyond basic security controls to address operational and technological risks targeting the Judiciary. Intending to propose an expansion of the security controls suggested by the CIS Controls framework, this article focuses on critical areas such as information security management, personnel management, and technological requirements specific to the judicial context. Through qualitative analysis and consultations with experts in the field, preventive and corrective measures were identified, encompassing effective communication practices, mental health programs, and a strong culture of integrity complemented by advanced cybersecurity technologies. The results highlight the need for additional, comprehensive controls ranging from physical security to digital protection, promoting an integrated approach to risk management. The contributions of this article extend to establishing a strengthened foundation for security controls, creating a more effective defense mechanism against emerging threats, and ensuring the sustainability and efficiency of court operations. This article contributes to the evolution of security strategies in the Judiciary, with direct practical implications for risk mitigation and the protection of information assets. The work contributes to the debate on information security in the Judiciary and how to adapt and expand the application of the CIS framework.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104584"},"PeriodicalIF":5.4000,"publicationDate":"2025-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825002731","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The Judiciary faces considerable challenges protecting its critical operations from cyber threats in an increasingly digital and vulnerable landscape. This article explores the need to enhance information security practices beyond basic security controls to address operational and technological risks targeting the Judiciary. Intending to propose an expansion of the security controls suggested by the CIS Controls framework, this article focuses on critical areas such as information security management, personnel management, and technological requirements specific to the judicial context. Through qualitative analysis and consultations with experts in the field, preventive and corrective measures were identified, encompassing effective communication practices, mental health programs, and a strong culture of integrity complemented by advanced cybersecurity technologies. The results highlight the need for additional, comprehensive controls ranging from physical security to digital protection, promoting an integrated approach to risk management. The contributions of this article extend to establishing a strengthened foundation for security controls, creating a more effective defense mechanism against emerging threats, and ensuring the sustainability and efficiency of court operations. This article contributes to the evolution of security strategies in the Judiciary, with direct practical implications for risk mitigation and the protection of information assets. The work contributes to the debate on information security in the Judiciary and how to adapt and expand the application of the CIS framework.

查看原文本刊更多论文

加强司法机构的网络安全：将额外的控制纳入CIS框架

在日益数字化和脆弱的环境中，司法机构在保护其关键业务免受网络威胁方面面临着相当大的挑战。本文探讨在基本保安管制之外，加强资讯保安措施的必要性，以应付针对司法机构的操作和技术风险。为了对CIS controls框架所建议的安全控制进行扩展，本文将重点关注关键领域，如信息安全管理、人员管理和特定于司法环境的技术需求。通过定性分析和咨询该领域的专家，确定了预防和纠正措施，包括有效的沟通实践、心理健康计划和强大的诚信文化，并辅以先进的网络安全技术。调查结果强调了从物理安全到数字保护的额外全面控制的必要性，促进了风险管理的综合方法。本文的贡献扩展到为安全控制建立一个加强的基础，创建一个针对新出现的威胁的更有效的防御机制，并确保法院运作的可持续性和效率。本文有助于司法机构保安策略的演变，对降低风险和保护信息资产具有直接的实际意义。这项工作有助于就司法机构内的资讯保安，以及如何适应和扩展资讯系统架构的应用展开辩论。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.