Cyber Resilience Evaluation Using Cyber Resilience Review Framework at University XYZ

Authors

  • Ahmad Maulana Fikri Kalimantan Institute of Technology
  • Lovinta Happy Atrinawati Kalimantan Institute of Technology
  • Muhammad Gilvy Langgawan Putra Kalimantan Institute of Technology

DOI:

https://doi.org/10.12928/ijemi.v3i2.5794

Keywords:

CRR Assessment, Cyber Recilience, Cyber Reciliance Evaluation, University XYZ

Abstract

Cyber resilience is about protecting data and information owned by University XYZ and adapting business processes at University XYZ to ensure service continuity when cyber threats occur. However, University XYZ never evaluates its practices to implement security and data management. University XYZ needs to know its maturity level based on cyber resilience evaluation to improve its cyber resilience. Therefore, this research was carried out to evaluate cyber resilience at University XYZ using the Cyber Resilience Review (CRR) assessment by evaluating ten cyber resilience domains. The evaluation covers academic services that use the University XYZ academic information system. The evaluation process will be held through an interview with the process owner. The interview questions are based on CRR assessment. After the evaluation, we found that none of the domains in University XYZ had yet reached Maturity Indicator Level (MIL)-1. In addition, the overall performance percentage for each CRR domain had not yet reached 100%. An improvement
recommendation for each domain has also been made, containing guidance for implementing incomplete and noncommitted practices. University XYZ can implement cyber resilience practices according to recommendations so that the implementation process can run optimally, even though
cyber threats occur from time to time.

References

Adianto, T., Ali, Y., & Saptono, E. (2020). Penilaian Risiko Serangan Siber Sistem Manajemen Keamanan Informasi PT. UAV. Manajemen Pertahanan, 6(1), 52-72.

Alghamdi, W. N., & Rastogi, R. (2020). An efficient data flow material model (DFMM) for cyber security risk assessment in a real-time server. Materials Today: Proceedings.

Annarelli, A., Nonino, F., & Palombi, G. (2020). Understanding the Management of Cyber Resilience Systems. Computers & Industrial Engineering.

Arianto, A. R. (2017). Cyber Security: Geometri Politik dan Dimensi Pembangunan Keamanan Dunia Era Horizontal Abad 21. Jurnal PIR, 1(2), 108-118.

Björck, F., Henkel, M., Stirna, J., & Zdravkovic, J. (2015). New contributions in information systems and technologies. In Cyber resilience–fundamentals for a definition (pp. 311-316). Cham: Springer.

Chang, L. Y., & Coppel, N. (2020). Building cyber security awareness in a developing country: Lessons from Myanmar. Computers & Security, 97.

Choudhury, S., Rodriguez, L., Curtis, D., Oler, K., Nordquist, P., Chen, P.-Y., & Ray, I. (2015). Action Recommendation for Cyber Resilience. In Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense.

Cybersecurity and Infrastructure Security Agency. (2020). Cyber Resilience Review: Method Description and Self-Assessment User Guide. Carnegie Mellon University.

Hagen, J. (2018). Building resilience against cyber threats in the energy sector. International journal of critical infrastructure protection, 20, 26-27.

Haque, M. A., Shetty, S., & Krishnappa, B. (2019). ICS-CRAT: A Cyber Resilience Assessment Tool for Industrial Control System. Washington DC: The 4th IEEE International Conference on Intelligent Data and Security.

Haque, M. A., Teyou, G. K., Shetty, S., & Krishnappa, B. (2018). Cyber Resilience Framework for Industrial Control Systems: Concepts, Metrics, and Insights. IEEE.

Koelemeijer, D. (2018). Enhancing the Cyber Resilience of Critical Infrastructures through an Evaluation Methodology Based on Assurance Cases. Elsevier.

Linkov, I., & Kott, A. (2019). Cyber Resilience of Systems and Networks. In Fundamental Concepts of Cyber Resilience: Introduction and Overview (pp. 1-25). Cham: Springer.

NIAC. (2009). Critical Infrastructure Resilience Final Report and Recommendations. National Infrastructure Advisory Council.

NIST. (2018). Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1 ed.). National Institute of Standards and Technology.

Perdani, M. D., Widyawan, & Santosa, P. I. (2018). Blockchain untuk keamanan transaksi elektronik perusahaan financial technology. Yogyakarta: Universitas AMIKOM Yogyakarta.

Rahmawati, I. (2017). Analisis Manajemen Risiko Ancaman Kejahatan Siber (Cyber Crime) Dalam Peningkatan Cyber Defense. Jurnal Pertahanan & Bela Negara, 7(2), 51-66.

Rehak, D., Senovsky, P., Hromada, M., & Lovecek, T. (2019). Complex approach to assessing the resilience of critical infrastructure elements. International journal of critical infrastructure protection, 25, 125-138.

Sep´ulveda-Estay, D. A., Sahay, R., Barfod, M. B., & Jensen, C. D. (2020). A Systematic Review of Cyber-Resilience Assessment Frameworks. Computers & Security.

Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards, and recommendations. Future Generation Computer Systems, 92, 178-188.

Tonhauser, M., & Ristvej, J. (2019). Disruptive Acts in Cyberspace, Steps to Improve Cyber Resilience at National Level. Slovak Republic: Elsevier.

Western Australia: Proceedings of the 1st International Cyber Resilience Conference.

Williams, P. A., & Manheke, R. J. (2010). Small Business - A Cyber Resilience Vulnerability. Perth

Downloads

Published

2022-05-31

How to Cite

Fikri, A. M., Atrinawati, L. H., & Putra, M. G. L. (2022). Cyber Resilience Evaluation Using Cyber Resilience Review Framework at University XYZ. International Journal of Educational Management and Innovation, 3(2), 155–168. https://doi.org/10.12928/ijemi.v3i2.5794

Issue

Section

Articles