Quotation Krumay, Barbara, Bernroider, Edward, Walser, Roman. 2018. Evaluation of Cybersecurity Management Controls and Metrics of Critical Infrastructures: A Literature Review Considering the NIST Cybersecurity Framework. In Proceedings of the 23rd Nordic Conference on Secure IT Systems, Hrsg. NordSEC (2018), 0-01. Oslo: None.


RIS


BibTeX

Abstract

In recent years, cybersecurity management has gained considerable attention due to a rising number and also increasing severity of cyberattacks in particular tar-geted at critical infrastructures of countries. Especially rapid digitization holds many vulnerabilities that can be easily exploited if not managed appropriately. Consequently, the European Union (EU) has enacted its first directive on cyber-security. It is based on the Cybersecurity Framework by the US National Institute of Standards and Technology (NIST) and requires critical infrastructure organiza-tions to regularly monitor and report their cybersecurity efforts. We investigated whether the academic body of knowledge in the area of cybersecurity metrics and controls has covered the constituent NIST functions, and also whether NIST shows any noticeable gaps in relation to literature. Our analysis revealed interest-ing results in both directions, pointing to imbalances in the academic discourse and underrepresented areas in the NIST framework. In terms of the former, we argue that future research should engage more into detecting, responding and re-covering from incidents. Regarding the latter, NIST could also benefit from ex-tending into a number of identified topic areas, for example, natural disasters, monetary aspects, and organizational climate.

Tags

Press 'enter' for creating the tag

Publication's profile

Status of publication Published
Affiliation WU
Type of publication Contribution to conference proceedings
Language English
Title Evaluation of Cybersecurity Management Controls and Metrics of Critical Infrastructures: A Literature Review Considering the NIST Cybersecurity Framework.
Title of whole publication Proceedings of the 23rd Nordic Conference on Secure IT Systems
Editor NordSEC (2018)
Page from 0
Page to 01
Location Oslo
Year 2018
URL http://securitylab.no/nordsec18/
Open Access N

Associations

People
Bernroider, Edward (Details)
Walser, Roman (Details)
External
Krumay, Barbara (JKU Linz, Austria)
Organization
Institute for Information Management and Control IN (Details)
Research areas (Ă–STAT Classification 'Statistik Austria')
1146 Management information systems (Details)
1925 Knowledge management (Details)
Google Scholar: Search