S. Alshehri, Hashem Alaidaros, M. Arafah, S. H. Bakry
{"title":"一种新的专网网络安全评估框架","authors":"S. Alshehri, Hashem Alaidaros, M. Arafah, S. H. Bakry","doi":"10.1109/CICN56167.2022.10008317","DOIUrl":null,"url":null,"abstract":"Cybersecurity is becoming of increasing importance, as the use of cyberspace is growing, and as the security challenges facing it are rising. The purpose of this paper is to develop a new cybersecurity assessment framework that provides a quantitative measurement of the cybersecurity state of private networks of organizations and consequently enables its future improvement. The framework is based on considering five domains of private network cybersecurity protection controls on the one hand, and on the quantitative assessment of the implementation state of these controls on the other. On this base, the framework identifies the domains and their protection controls based on recent version of ISO 27002:2022, and considering other international and national cybersecurity standards. Each control is refined into a set of implementation questions that enable providing a quantitative measurement indicator for the state of the control implementation. For providing a multilevel structure of the assessment outcomes, the indicators of the controls are grouped to provide sub-indices for the domains, and an overall index for the cybersecurity implementation state of a targeted network. The framework provides quantitative benchmarks to guide the required improvements of assessed networks. The use of the framework is finally illustrated through an assessment of a Saudi private network in an organization as case study.","PeriodicalId":287589,"journal":{"name":"2022 14th International Conference on Computational Intelligence and Communication Networks (CICN)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A New Cybersecurity Assessment Framework for Private Networks\",\"authors\":\"S. Alshehri, Hashem Alaidaros, M. Arafah, S. H. Bakry\",\"doi\":\"10.1109/CICN56167.2022.10008317\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cybersecurity is becoming of increasing importance, as the use of cyberspace is growing, and as the security challenges facing it are rising. The purpose of this paper is to develop a new cybersecurity assessment framework that provides a quantitative measurement of the cybersecurity state of private networks of organizations and consequently enables its future improvement. The framework is based on considering five domains of private network cybersecurity protection controls on the one hand, and on the quantitative assessment of the implementation state of these controls on the other. On this base, the framework identifies the domains and their protection controls based on recent version of ISO 27002:2022, and considering other international and national cybersecurity standards. Each control is refined into a set of implementation questions that enable providing a quantitative measurement indicator for the state of the control implementation. For providing a multilevel structure of the assessment outcomes, the indicators of the controls are grouped to provide sub-indices for the domains, and an overall index for the cybersecurity implementation state of a targeted network. The framework provides quantitative benchmarks to guide the required improvements of assessed networks. The use of the framework is finally illustrated through an assessment of a Saudi private network in an organization as case study.\",\"PeriodicalId\":287589,\"journal\":{\"name\":\"2022 14th International Conference on Computational Intelligence and Communication Networks (CICN)\",\"volume\":\"26 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 14th International Conference on Computational Intelligence and Communication Networks (CICN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CICN56167.2022.10008317\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 14th International Conference on Computational Intelligence and Communication Networks (CICN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CICN56167.2022.10008317","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A New Cybersecurity Assessment Framework for Private Networks
Cybersecurity is becoming of increasing importance, as the use of cyberspace is growing, and as the security challenges facing it are rising. The purpose of this paper is to develop a new cybersecurity assessment framework that provides a quantitative measurement of the cybersecurity state of private networks of organizations and consequently enables its future improvement. The framework is based on considering five domains of private network cybersecurity protection controls on the one hand, and on the quantitative assessment of the implementation state of these controls on the other. On this base, the framework identifies the domains and their protection controls based on recent version of ISO 27002:2022, and considering other international and national cybersecurity standards. Each control is refined into a set of implementation questions that enable providing a quantitative measurement indicator for the state of the control implementation. For providing a multilevel structure of the assessment outcomes, the indicators of the controls are grouped to provide sub-indices for the domains, and an overall index for the cybersecurity implementation state of a targeted network. The framework provides quantitative benchmarks to guide the required improvements of assessed networks. The use of the framework is finally illustrated through an assessment of a Saudi private network in an organization as case study.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
