利用分类法工程实现国际监管框架中的安全基线合规性

IF 2.8 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Future Internet Pub Date : 2023-10-07 DOI:10.3390/fi15100330
Šarūnas Grigaliūnas, Michael Schmidt, Rasa Brūzgienė, Panayiota Smyrli, Vladislav Bidikov
{"title":"利用分类法工程实现国际监管框架中的安全基线合规性","authors":"Šarūnas Grigaliūnas, Michael Schmidt, Rasa Brūzgienė, Panayiota Smyrli, Vladislav Bidikov","doi":"10.3390/fi15100330","DOIUrl":null,"url":null,"abstract":"A surge in successful Information Security (IS) breaches targeting Research and Education (R&E) institutions highlights a pressing need for enhanced protection. Addressing this, a consortium of European National Research and Education Network (NREN) organizations has developed a unified IS framework. This paper aims to introduce the Security Baseline for NRENs and a security maturity model tailored for R&E entities, derived from established security best practices to meet the specific needs of NRENs, universities, and various research institutions. The models currently in existence do not possess a system to smoothly correlate varying requirement tiers with distinct user groups or scenarios, baseline standards, and existing legislative actions. This segmentation poses a significant hurdle to the community’s capacity to guarantee consistency, congruency, and thorough compliance with a cohesive array of security standards and regulations. By employing taxonomical engineering principles, a mapping of baseline requirements to other security frameworks and regulations has been established. This reveals a correlation across most regulations impacting R&E institutions and uncovers an overlap in the high-level requirements, which is beneficial for the implementation of multiple standards. Consequently, organizations can systematically compare diverse security requirements, pinpoint gaps in their strategy, and formulate a roadmap to bolster their security initiatives.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":"19 1","pages":"0"},"PeriodicalIF":2.8000,"publicationDate":"2023-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Leveraging Taxonomical Engineering for Security Baseline Compliance in International Regulatory Frameworks\",\"authors\":\"Šarūnas Grigaliūnas, Michael Schmidt, Rasa Brūzgienė, Panayiota Smyrli, Vladislav Bidikov\",\"doi\":\"10.3390/fi15100330\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A surge in successful Information Security (IS) breaches targeting Research and Education (R&E) institutions highlights a pressing need for enhanced protection. Addressing this, a consortium of European National Research and Education Network (NREN) organizations has developed a unified IS framework. This paper aims to introduce the Security Baseline for NRENs and a security maturity model tailored for R&E entities, derived from established security best practices to meet the specific needs of NRENs, universities, and various research institutions. The models currently in existence do not possess a system to smoothly correlate varying requirement tiers with distinct user groups or scenarios, baseline standards, and existing legislative actions. This segmentation poses a significant hurdle to the community’s capacity to guarantee consistency, congruency, and thorough compliance with a cohesive array of security standards and regulations. By employing taxonomical engineering principles, a mapping of baseline requirements to other security frameworks and regulations has been established. This reveals a correlation across most regulations impacting R&E institutions and uncovers an overlap in the high-level requirements, which is beneficial for the implementation of multiple standards. Consequently, organizations can systematically compare diverse security requirements, pinpoint gaps in their strategy, and formulate a roadmap to bolster their security initiatives.\",\"PeriodicalId\":37982,\"journal\":{\"name\":\"Future Internet\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":2.8000,\"publicationDate\":\"2023-10-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Future Internet\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.3390/fi15100330\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Internet","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/fi15100330","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

针对研究和教育机构的信息安全(IS)攻击事件的激增凸显了加强保护的迫切需求。为了解决这个问题,一个由欧洲国家研究和教育网络(NREN)组织组成的联盟开发了一个统一的信息系统框架。本文旨在介绍nren的安全基线和为研发实体量身定制的安全成熟度模型,该模型源自已建立的安全最佳实践,以满足nren、大学和各种研究机构的特定需求。目前存在的模型不具备一个系统,可以将不同的需求层与不同的用户组或场景、基线标准和现有的立法行动顺利地关联起来。这种分割对社区保证一致性、一致性和完全遵守安全标准和法规的能力构成了重大障碍。通过采用分类法工程原则,已经建立了基线需求到其他安全框架和法规的映射。这揭示了影响研发机构的大多数法规之间的相关性,并揭示了高层需求中的重叠,这对多个标准的实现是有益的。因此,组织可以系统地比较不同的安全需求,查明其策略中的差距,并制定路线图来支持其安全计划。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Leveraging Taxonomical Engineering for Security Baseline Compliance in International Regulatory Frameworks
A surge in successful Information Security (IS) breaches targeting Research and Education (R&E) institutions highlights a pressing need for enhanced protection. Addressing this, a consortium of European National Research and Education Network (NREN) organizations has developed a unified IS framework. This paper aims to introduce the Security Baseline for NRENs and a security maturity model tailored for R&E entities, derived from established security best practices to meet the specific needs of NRENs, universities, and various research institutions. The models currently in existence do not possess a system to smoothly correlate varying requirement tiers with distinct user groups or scenarios, baseline standards, and existing legislative actions. This segmentation poses a significant hurdle to the community’s capacity to guarantee consistency, congruency, and thorough compliance with a cohesive array of security standards and regulations. By employing taxonomical engineering principles, a mapping of baseline requirements to other security frameworks and regulations has been established. This reveals a correlation across most regulations impacting R&E institutions and uncovers an overlap in the high-level requirements, which is beneficial for the implementation of multiple standards. Consequently, organizations can systematically compare diverse security requirements, pinpoint gaps in their strategy, and formulate a roadmap to bolster their security initiatives.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Future Internet
Future Internet Computer Science-Computer Networks and Communications
CiteScore
7.10
自引率
5.90%
发文量
303
审稿时长
11 weeks
期刊介绍: Future Internet is a scholarly open access journal which provides an advanced forum for science and research concerned with evolution of Internet technologies and related smart systems for “Net-Living” development. The general reference subject is therefore the evolution towards the future internet ecosystem, which is feeding a continuous, intensive, artificial transformation of the lived environment, for a widespread and significant improvement of well-being in all spheres of human life (private, public, professional). Included topics are: • advanced communications network infrastructures • evolution of internet basic services • internet of things • netted peripheral sensors • industrial internet • centralized and distributed data centers • embedded computing • cloud computing • software defined network functions and network virtualization • cloud-let and fog-computing • big data, open data and analytical tools • cyber-physical systems • network and distributed operating systems • web services • semantic structures and related software tools • artificial and augmented intelligence • augmented reality • system interoperability and flexible service composition • smart mission-critical system architectures • smart terminals and applications • pro-sumer tools for application design and development • cyber security compliance • privacy compliance • reliability compliance • dependability compliance • accountability compliance • trust compliance • technical quality of basic services.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信