Cyber Resilience Evaluation Using Cyber Resilience Review Framework at University XYZ
DOI:
https://doi.org/10.12928/ijemi.v3i2.5794Keywords:
CRR Assessment, Cyber Recilience, Cyber Reciliance Evaluation, University XYZAbstract
Cyber resilience is about protecting data and information owned by University XYZ and adapting business processes at University XYZ to ensure service continuity when cyber threats occur. However, University XYZ never evaluates its practices to implement security and data management. University XYZ needs to know its maturity level based on cyber resilience evaluation to improve its cyber resilience. Therefore, this research was carried out to evaluate cyber resilience at University XYZ using the Cyber Resilience Review (CRR) assessment by evaluating ten cyber resilience domains. The evaluation covers academic services that use the University XYZ academic information system. The evaluation process will be held through an interview with the process owner. The interview questions are based on CRR assessment. After the evaluation, we found that none of the domains in University XYZ had yet reached Maturity Indicator Level (MIL)-1. In addition, the overall performance percentage for each CRR domain had not yet reached 100%. An improvement
recommendation for each domain has also been made, containing guidance for implementing incomplete and noncommitted practices. University XYZ can implement cyber resilience practices according to recommendations so that the implementation process can run optimally, even though
cyber threats occur from time to time.
References
Adianto, T., Ali, Y., & Saptono, E. (2020). Penilaian Risiko Serangan Siber Sistem Manajemen Keamanan Informasi PT. UAV. Manajemen Pertahanan, 6(1), 52-72.
Alghamdi, W. N., & Rastogi, R. (2020). An efficient data flow material model (DFMM) for cyber security risk assessment in a real-time server. Materials Today: Proceedings.
Annarelli, A., Nonino, F., & Palombi, G. (2020). Understanding the Management of Cyber Resilience Systems. Computers & Industrial Engineering.
Arianto, A. R. (2017). Cyber Security: Geometri Politik dan Dimensi Pembangunan Keamanan Dunia Era Horizontal Abad 21. Jurnal PIR, 1(2), 108-118.
Björck, F., Henkel, M., Stirna, J., & Zdravkovic, J. (2015). New contributions in information systems and technologies. In Cyber resilience–fundamentals for a definition (pp. 311-316). Cham: Springer.
Chang, L. Y., & Coppel, N. (2020). Building cyber security awareness in a developing country: Lessons from Myanmar. Computers & Security, 97.
Choudhury, S., Rodriguez, L., Curtis, D., Oler, K., Nordquist, P., Chen, P.-Y., & Ray, I. (2015). Action Recommendation for Cyber Resilience. In Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense.
Cybersecurity and Infrastructure Security Agency. (2020). Cyber Resilience Review: Method Description and Self-Assessment User Guide. Carnegie Mellon University.
Hagen, J. (2018). Building resilience against cyber threats in the energy sector. International journal of critical infrastructure protection, 20, 26-27.
Haque, M. A., Shetty, S., & Krishnappa, B. (2019). ICS-CRAT: A Cyber Resilience Assessment Tool for Industrial Control System. Washington DC: The 4th IEEE International Conference on Intelligent Data and Security.
Haque, M. A., Teyou, G. K., Shetty, S., & Krishnappa, B. (2018). Cyber Resilience Framework for Industrial Control Systems: Concepts, Metrics, and Insights. IEEE.
Koelemeijer, D. (2018). Enhancing the Cyber Resilience of Critical Infrastructures through an Evaluation Methodology Based on Assurance Cases. Elsevier.
Linkov, I., & Kott, A. (2019). Cyber Resilience of Systems and Networks. In Fundamental Concepts of Cyber Resilience: Introduction and Overview (pp. 1-25). Cham: Springer.
NIAC. (2009). Critical Infrastructure Resilience Final Report and Recommendations. National Infrastructure Advisory Council.
NIST. (2018). Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1 ed.). National Institute of Standards and Technology.
Perdani, M. D., Widyawan, & Santosa, P. I. (2018). Blockchain untuk keamanan transaksi elektronik perusahaan financial technology. Yogyakarta: Universitas AMIKOM Yogyakarta.
Rahmawati, I. (2017). Analisis Manajemen Risiko Ancaman Kejahatan Siber (Cyber Crime) Dalam Peningkatan Cyber Defense. Jurnal Pertahanan & Bela Negara, 7(2), 51-66.
Rehak, D., Senovsky, P., Hromada, M., & Lovecek, T. (2019). Complex approach to assessing the resilience of critical infrastructure elements. International journal of critical infrastructure protection, 25, 125-138.
Sep´ulveda-Estay, D. A., Sahay, R., Barfod, M. B., & Jensen, C. D. (2020). A Systematic Review of Cyber-Resilience Assessment Frameworks. Computers & Security.
Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards, and recommendations. Future Generation Computer Systems, 92, 178-188.
Tonhauser, M., & Ristvej, J. (2019). Disruptive Acts in Cyberspace, Steps to Improve Cyber Resilience at National Level. Slovak Republic: Elsevier.
Western Australia: Proceedings of the 1st International Cyber Resilience Conference.
Williams, P. A., & Manheke, R. J. (2010). Small Business - A Cyber Resilience Vulnerability. Perth
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2022 Universitas Ahmad Dahlan
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
The copyright to this article is transferred to Universitas Ahmad Dahlan (UAD) if and when the article is accepted for publication. The undersigned hereby transfers any rights in and to the paper including without limitation all copyrights to UAD. The undersigned hereby represents and warrants that the paper is original and that he/she is the author of the paper, except for material that is identified as to its source, with permission notices from the copyright owners where required. The undersigned represents that he/she has the power and authority to make and execute this assignment.
We declare that:
This paper has not been published in the same form elsewhere.
It will not be submitted anywhere else for publication before acceptance/rejection by this Journal.
Copyright permission is obtained for materials published elsewhere and which require this permission for reproduction.
Furthermore, I/We hereby transfer the unlimited rights of publication of the above-mentioned paper in whole to UAD. The copyright transfer covers the exclusive right to reproduce and distribute the article, including reprints, translations, photographic reproductions, microform, electronic form (offline, online), or any other reproductions of similar nature.
The corresponding author signs for and accepts responsibility for releasing this material on behalf of any and all co-authors. This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s) where applicable. After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted.
Retained Rights/Terms and Conditions
Authors retain all proprietary rights in any process, procedure, or article of manufacture described in the Work.
Authors may reproduce or authorize others to reproduce the Work or derivative works for the authors' personal use or for company use, provided that the source and the UAD copyright notice are indicated, the copies are not used in any way that implies UAD endorsement of a product or service of any employer, and the copies themselves are not offered for sale.
Although authors are permitted to re-use all or portions of the Work in other works, this does not include granting third-party requests for reprinting, republishing, or other types of re-use.