Top

Published in:

2019 | OriginalPaper | Chapter

A Cybersecurity Model for Electronic Governance and Open Society

Authors : Nuno Lopes, José Faria

Published in: Electronic Governance and Open Society: Challenges in Eurasia

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This paper starts by presenting the research landscape of the vulnerabilities of cyberspace; afterwards, it classifies the cyber vulnerabilities identified in the literature; finally, it proposes a cybersecurity model to tackle the cyberspace vulnerabilities found. The proposed model is grounded in three main pillars: a cybersecurity governance approach, cybersecurity capabilities, and cybersecurity best practices. The research methodology used to conduct this study is based on a quantitative and qualitative analysis of the literature on the field. The paper concludes that the model can be a useful tool for preventing and mitigating cyberattacks in public and private organizations.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Personal Data and Privacy Barriers to E-Government Adoption, Implementation and Development in Sub-Saharan Africa

next chapter Person, Organization, or Personage: Towards User Account Type Prediction in Microblogs

Abraham, S., Nair, S.: A novel architecture for predictive cybersecurity using non-homogenous markov models, vol. 1, pp. 774–781 (2015)

Abraham, S.M.: Estimating mean time to compromise using non-homogenous continuous-time markov models, vol. 2, pp. 467–472 (2016)

Achuthan, K., Sudharavi, S., Kumar, R., Raman, R.: Security vulnerabilities in open source projects: an India perspective, pp. 18–23 (2014)

Aissa, A.B., Abercrombie, R.K., Sheldon, F.T., Mili, A.: Defining and computing a value based cyber security measure. Inf. Syst. E-Bus. Manag. 10(4), 433–453 (2011)CrossRef

Allodi, L., Massacci, F.: Security events and vulnerability data for cybersecurity risk estimation. Risk Anal. 37(8), 1606–1627 (2017)CrossRef

Anand, P.: Overview of root causes of software vulnerabilities-technical and user-side perspectives. In: 2016 International Conference on Software Security and Assurance (ICSSA), pp. 70–74. IEEE (2016)

Anwar, M., He, W., Yuan, X.: Employment status and cybersecurity behaviors (2017)

Arabo, A.: Mobile app collusions and its cyber security implications, pp. 178–183 (2016)

Armstrong, R.C., Mayo, J.R.: Leveraging complexity in software for cybersecurity (2009)

10.

Ashenden, D.: Information security management: a human challenge? Inf. Secur. Tech. Rep. 13(4), 195–201 (2008)CrossRef

11.

Ashok, A., Sridhar, S., McKinnon, A.D., Wang, P., Govindarasu, M.: Testbed-based performance evaluation of attack resilient control for AGC, pp. 125–129 (2016)

12.

Auffret, J.-P., et al.: Cybersecurity leadership: competencies governance, and technologies for industrial control systems. J. Interconnect. Netw. 17(1), 1740001 (2017)CrossRef

13.

Baldwin, R., Hofecker, T., Carter, G.: Who’s in control? Securing commercial unmanned aerial systems command and control a methodology and way ahead. J. Air Traffic Control 57(4) (2015)

14.

Benjamin, V., Li, W., Holt, T., Chen, H.: Exploring threats and vulnerabilities in hacker web: Forums, IRC and carding shops, pp. 85–90, August 2015

15.

Biswas, B., Pal, S., Mukhopadhyay, A.: AVICS-Ecoframework: an approach to attack prediction and vulnerability assessment in a cyber ecosystem (2016)

16.

Carter, W.A., Sofio, D.G.: Cybersecurity legislation and critical infrastructure vulnerabilities (2017)CrossRef

17.

Chatfield, A.T., Reddick, C.G.: Cybersecurity innovation in government: a case study of U.S. pentagon’s vulnerability reward program, volume Part F128275, pp. 64–73 (2017)

18.

Costello, P.J.: Identifying and exploiting vulnerabilities in civilian unmanned aerial vehicle systems and evaluating and countering potential threats against the United States airspace, pp. 761–762 (2017)

19.

Dalton, W., Van Vuuren, J.J., Westcott, J.: Building cybersecurity resilience in Africa, pp. 112–120 (2017)

20.

Mancoridis, S., Prevelakis, V., Dacosta, D., Dahn, C.: Characterizing the ‘security vulnerability likelihood’ of software functions

21.

Flores, F., Paredes, R., Meza, F.: Procedures for mitigating cybersecurity risk in a Chilean government ministry. IEEE Lat. Am. Trans. 14(6), 2947–2950 (2016)CrossRef

22.

Fox, S.J.: Flying challenges for the future: aviation preparedness – in the face of cyber-terrorism. J. Transp. Secur. 9(3–4), 191–218 (2016)CrossRef

23.

Gisladottir, V., Ganin, A.A., Keisler, J.M., Kepner, J., Linkov, I.: Resilience of cyber systems with over and under regulation. Risk Anal. 37(9), 1644–1651 (2017)CrossRef

24.

Goppert, J., Shull, A., Sathyamoorthy, N., Liu, W., Hwang, I., Aldridge, H.: Software/hardware-in the-loop analysis of cyberattacks on unmanned aerial systems. J. Aerosp. Inf. Syst. 11(5), 337–343 (2014)

25.

Graham, J., Hieb, J., Naber, J.: Improving cybersecurity for industrial control systems, pp. 618–623, November 2016

26.

Herrera, A.V., Ron, M., Rabadao, C.: National cyber-security policies oriented to BYOD (bring your own device): systematic review (2017)

27.

Hoffman, L.J., Rosenberg, T., Dodge, R., Ragsdale, D.: Exploring a national cybersecurity exercise for universities. IEEE Secur. Priv. 3(5), 27–33 (2005)CrossRef

28.

Huang, H.-C., Zhang, Z.-K., Cheng, H.-W., Shieh, S.W.: Web application security: threats, counter measures and pitfalls. Computer 50(6), 81–85 (2017)CrossRef

29.

Ismail, S., Sitnikova, E., Slay, J.: SCADA systems cyber security for critical infrastructures: case studies in the transport sector, pp. 425–433 (2015)

30.

Jang-Jaccard, J., Nepal, S.: A survey of emerging threats in cybersecurity. J. Comput. Syst. Sci. 80(5), 973–993 (2014)MathSciNetCrossRef

31.

Jillepalli, A.A., Sheldon, F.T., De Leon, D.C., Haney, M., Abercrombie, R.K.: Security management of cyber physical control systems using NIST SP 800-82r2 (2017)

32.

Jøsang, A., Miralabé, L., Dallot, L.: It’s not a bug, it’s a feature: 25 years of mobile network insecurity, pp. 129–136, January 2015

33.

Kamhoua, C., Martin, A., Tosh, D.K., Kwiat, K.A., Heitzenrater, C., Sengupta, S.: Cyber-threats information sharing in cloud computing: a game theoretic approach (2016)

34.

Khatoun, R., Zeadally, S.: Cybersecurity and privacy solutions in smart cities. IEEE Commun. Mag. 55(3), 51–59 (2017)CrossRef

35.

Khera, M.: Think like a hacker: insights on the latest attack vectors (and security controls) for medical device applications. J. Diabetes Sci. Technol. 11(2), 207–212 (2017)CrossRef

36.

Kim, C.: Cyber-resilient industrial control system with diversified architecture and bus monitoring, pp. 11–16 (2017)

37.

Kothari, S., Tamrawi, A., Mathews, J.: Rethinking verification: accuracy, efficiency and scalability through human-machine collaboration, pp. 885–886 (2016)

38.

Lam, A., Fernandez J., Frank, R.: Cyberterrorists bringing down airplanes: will it happen soon? pp. 210–219 (2017)

39.

Last, D.: Using historical software vulnerability data to forecast future vulnerabilities, pp. 120–126 (2015)

40.

Liu, Z., Gupta, B.: A multifaceted assay on cybersecurity: the concerted effort to thwart threats, pp. 123–129 (2016)

41.

Dekker, M.A.C.: Critical cloud computing-a CIIP perspective on cloud computing services—ENISA (2012)

42.

McGraw, G.: Silver bullet talks with Katie Moussouris. IEEE Secur. Priv. 13(4), 7–9 (2015)CrossRef

43.

Mejia-Miranda, J., Melchor-Velasquez, R.E., Munoz-Mata, M.A.: Vulnerability detection in smartphones: a systematic literature review [detección de vulnerabilidades en smartphones: Una revisión sistemática de la literatura] (2017)

44.

Meszaros, J., Buchalcevova, A.: Introducing OSSF: a framework for online service cybersecurity risk management. Comput. Secur. 65, 300–313 (2017)CrossRef

45.

Mtsweni, J.: Analyzing the security posture of South African websites, September 2015

46.

Mtsweni, J., Shozi, N.A., Matenche, K., Mutemwa, M., Mkhonto, N., Van Vuuren, J.J.: Development of a semantic-enabled cybersecurity threat intelligence sharing model, pp. 244–252 (2016)

47.

Murray, A., Begna, G., Nwafor, E., Blackstone, J., Patterson, W.: Cloud service security & application vulnerability, June 2015

48.

Muñoz, F.R., Vega, E.A.A., Villalba, L.J.G.: Analyzing the traffic of penetration testing tools with anids. J. Supercomput. 1–16 (2016)

49.

Nagurney, A., Shukla, S.: Multifirm models of cybersecurity investment competition vs. cooperation and network vulnerability. Eur. J. Oper. Res. 260(2), 588–600 (2017)MathSciNetCrossRef

50.

Neuhaus, S., Plattner, B.: Software security economics: theory, in practice (2013)CrossRef

51.

Norris, D., Joshi, A., Finin, T.: Cybersecurity challenges to American state and local governments, pp. 196–202, January 2015

52.

Ortiz, E.C., Reinerman-Jones, L.: Theoretical foundations for developing cybersecurity training. In: Shumaker, R., Lackey, S. (eds.) VAMR 2015. LNCS, vol. 9179, pp. 480–487. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21067-4_49CrossRef

53.

Pereira, T., Santos, H., Mendes, I.: Challenges and reflections in designing cyber security curriculum, pp. 47–51 (2017)

54.

Rahman, S.S.M., May, Y.V.: Wireless security vulnerabilities and countermeasures for an airport, pp. 431–436 (2015)

55.

Sabillon, R., Cavaller, V., Cano, J., Serra-Ruiz, J.: Cybercriminals, cyberattacks and cybercrime (2016)

56.

Smeets, M.: A matter of time: on the transitory nature of cyber weapons. J. Strat. Stud. 41, 1–28 (2017)

57.

Song, J., Alves-Foss, J.: The Darpa cyber grand challenge: a competitor’s perspective, part 2. IEEE Secur. Priv. 14(1), 76–81 (2016)CrossRef

58.

Takahashi, T., Miyamoto, D., Nakao, K.: Toward automated vulnerability monitoring using open information and standardized tools (2016)

59.

Tevis, J.-E.J., Hamilton, J.A.: Methods for the prevention, detection and removal of software security vulnerabilities. In: Proceedings of the 42nd Annual Southeast Regional Conference, ACM-SE 42, pp. 197–202. ACM, New York (2004)

60.

Tweneboah-Koduah, S., Skouby, K.E., Tadayoni, R.: Cyber security threats to IoT applications and service domains. Wirel. Pers. Commun. 95(1), 169–185 (2017)CrossRef

61.

Van Devender, M.S., Campbell, M., Glisson, W.B., Finan, M.A.: Identifying opportunities to compromise medical environments (2016)

62.

Vassilev, A., Celi, C.: Avoiding cyberspace catastrophes through smarter testing. Computer 47(10), 102–106 (2014)CrossRef

63.

Wang, Y., Yang, J.P.: Ethical hacking and network defense: choose your best network vulnerability scanning tool, pp. 110–113 (2017)

64.

Watkins, L., Hurley, J.: Enhancing cybersecurity by defeating the attack lifecycle, pp. 320–327 (2016)

65.

Williams, P.A.H., Woodward, A.J.: Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Med. Dev. Evid. Res. 8, 305–316 (2015)CrossRef

66.

Wolff, J.: Perverse effects in defense of computer systems: when more is less. J. Manag. Inf. Syst. 33(2), 597–620 (2016)CrossRef

67.

Wolff, J.: Perverse effects in defense of computer systems: when more is less, pp. 4823–4831, March 2016

68.

Wu, W., Kang, R., Li, Z.: Risk assessment method for cybersecurity of cyber-physical systems based on inter-dependency of vulnerabilities, pp. 1618–1622, January 2016

69.

Yang, J., Wang, Y., Reddington, T.: Integrate hacking technique into information assurance education, pp. 381–387 (2016)

70.

Yang, Y., Xu, H.-Q., Gao, L., Yuan, Y.-B., McLaughlin, K., Sezer, S.: Multidimensional intrusion detection system for IEC 61850-based SCADA networks. IEEE Trans. Power Deliv. 32(2), 1068–1078 (2017)CrossRef

71.

Yoo, H., Shon, T.: Challenges and research directions for heterogeneous cyber-physical system based on IEC61850: vulnerabilities, security requirements, and security architecture. Future Gener. Comput. Syst. 61, 128–136 (2016)CrossRef

72.

Yoo, H., Shon, T.: Challenges and research directions for heterogeneous cyber–physical system based on IEC 61850: vulnerabilities, security requirements, and security architecture. Future Gener. Comput. Syst. 61(Supplement C), 128–136 (2016)CrossRef

73.

Zetter, K.: Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. Crown Publishing Group, New York (2014)

74.

Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)CrossRef

Title: A Cybersecurity Model for Electronic Governance and Open Society
Authors: Nuno Lopes
José Faria
Publisher: Springer International Publishing
Book: Electronic Governance and Open Society: Challenges in Eurasia
Print ISBN: 978-3-030-13282-8

Electronic ISBN: 978-3-030-13283-5

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-13283-5_8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner