Top

Published in:

2022 | OriginalPaper | Chapter

1. A Case for Cybersecurity Awareness Systems

Authors : Thomas Schaberreiter, Gerald Quirchmayr, Alexandros Papanikolaou

Published in: Cybersecurity Awareness

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This Chapter intends to provide the context and environment leading to the development of the CS-AWARE cybersecurity awareness solution, which was comprehensively piloted and evaluated in the local public administration (LPA) use case during the CS-AWARE H2020 European research and innovation project. The Chapter assesses the main factors driving cybersecurity from a holistic multi-angle perspective, and reviews the currently actively developing European legislative cybersecurity environment, which is introducing a multi-level cybersecurity framework centred around awareness and cooperation/collaboration. Furthermore, this Chapter highlights in more detail the specific cybersecurity requirements for LPAs, which is heavily focused on the critical data they manage, and emphasizes why cybersecurity awareness plays such a crucial role in future collaborative cybersecurity in Europe, and why significant cybersecurity gains can be achieved by introducing awareness and collaboration in the context of cybersecurity management in organizations like LPAs. In the conclusion of this Chapter, we provide a brief outlook on the following chapters, which present the key aspects of the CS-AWARE cybersecurity awareness solution in greater detail.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

next chapter The Socio-Technical Approach to Cybersecurity Awareness

https://www.enisa.europa.eu/topics/csirts-in-europe/csirts-network.

Having regard to the state of the art, those measures shall ensure a level of security of network and information systems appropriate to the risk posed […] (Article 16 (1) NIS Directive).

GDR Article 30 “Notification of a personal data breach to the supervisory authority”; GDPR Article 31 “Communication of a personal data breach to the data subject”.

NIS Directive Article 14 “Security requirements and incident notification”.

CC1. (2017). Common Criteria for Information Technology Security Evaluation Part 1: Introduction and general model April 2017 Version 3.1 Revision 5 (CCMB-2017-04-001). Retrieved from https://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R5.pdf

CC2. (2017). Common Criteria for Information Technology Security Evaluation Part 2: Security functional components April 2017 Version 3.1 Revision 5. Retrieved from https://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R5.pdf

CC3. (2017). Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components April 2017 Version 3.1 Revision 5 (CCMB-2017-04-003). Retrieved from https://www.commoncriteriaportal.org/files/ccfiles/CCPART3V3.1R5.pdf

Commission of the European Communities. (2006). COMMUNICATION FROM THE COMMISSION on a European Programme for Critical Infrastructure Protection (COM(2006) 786 final).

Coppolino, L., D’Antonio, S., Mazzeo, G., Romano, L., & Sgaglione, L. (2018). How to protect public administration from cybersecurity threats: The COMPACT project. In 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA) (pp. 573–578). https://doi.org/10.1109/WAINA.2018.00147CrossRef

ENISA. (2019). ENISA threat landscape report 2018: 15 top cyberthreats and trends. https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018/at_download/fullReport

ENISA. (2020). Cybersecurity certification. EUCC, a candidate cybersecurity certification scheme to serve as a successor to the existing SOG-IS (No. V1.0, 01/07/2020; p. 283). European Union Agency for Cybersecurity.

European Commission. (2013). Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning measures to ensure a high common level of network and information security across the Union (Brussels, 7.2.2013 COM(2013) 48 final 2013/0027 (COD)). European Commission. Retrieved from https://edps.europa.eu/data-protection/our-work/publications/opinions/cyber-security-strategy-european-union-open-safe-and_en

European Commission. (2020a). Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148 (COM(2020) 823 final, 2020/0359 (COD)).

European Commission. (2020b). Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on THE resilience of critical entities (2020/0365 (COD)).

European Parliament. (2016a). Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Official Journal of the European Union, L194/1.

European Parliament. (2016b). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L119/1. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

European Parliament. (2018). Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code (Recast)Text with EEA relevance. Official Journal of the European Union, L321(36), 179.

European Parliament. (2019). Regulation 2019/881 of the European Parliament and of the Council on ENISA and on information and communication technology cybersecurity certification. Official journal of the European Union, L151/15.

Europol. (2019). Internet organised crime threat assessment 2019. European Union Agency for Law Enforcement Cooperation.

Europol. (2021). Internet organised crime threat assessment 2021. European Union Agency for Law Enforcement Cooperation.

GovCERT.ch. (2016). APT case RUAG technical report. GovCERT.ch. https://www.govcert.ch/downloads/whitepapers/Report_Ruag-Espionage-Case.pdf

Hsiao, S.-C., & Kao, D.-Y. (2018). The static analysis of WannaCry ransomware. International Conference on Advanced Communications Technology (ICACT), 153–158.

Hybrid CoE. (2021). Hybrid CoE’s key themes and approaches to countering hybrid threats in 2021. The European Centre of Excellence for Countering Hybrid Threats. https://www.hybridcoe.fi/wp-content/uploads/2021/04/Workplan2021_summary_rgb.pdf.

ISO. (2013). ISO/IEC 27001:2013 information technology—Security techniques—Information security management systems—Requirements. ISO. https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/05/45/54534.html

Lamba, A., Singh, S., Singh, B., Dutta, N., & Muni, S. S. R. (2017). Analyzing and fixing cyber security threats for supply chain management. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3492687

NIST. (2018). Framework for improving Critical Infrastructure Cybersecurity, Version 1.1 (NIST CSWP 04162018; p. NIST CSWP 04162018). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.CSWP.04162018

Touhill, G. J., & Touhill, C. J. (2014). Cybersecurity for executives: A practical guide. John Wiley & Sons.CrossRef

Title: A Case for Cybersecurity Awareness Systems
Authors: Thomas Schaberreiter
Gerald Quirchmayr
Alexandros Papanikolaou
Publisher: Springer International Publishing
Book: Cybersecurity Awareness
Print ISBN: 978-3-031-04226-3

Electronic ISBN: 978-3-031-04227-0

Copyright Year: 2022
DOI: https://doi.org/10.1007/978-3-031-04227-0_1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner