On the Complexity of Cybersecurity Exercises Proportional to Preparedness
- 27 September 2017
- journal article
- Published by Fuji Technology Press Ltd. in Journal of Disaster Research
- Vol. 12 (5), 1081-1090
- https://doi.org/10.20965/jdr.2017.p1081
Abstract
The purpose of this study is to illustrate how exercises can play the role of a driving power to improve an organization’s cyber security preparedness. The degree of cyber security preparedness varies significantly among organizations. This implies that training and exercises must be tailored to specific capabilities. In this paper, we review the National Institute of Standards and Technology (NIST) cybersecurity framework that formalizes the concept of tier, which measures the degree of preparedness. Subsequently, we examine the types of exercises available in the literature and propose guidelines that assign specific exercise types, aims, and participants to each level of preparedness. The proposed guideline should facilitate the reinforcement of cybersecurity risk management practices, reduce resource misuse, and lead to a smooth improvement of capabilities.Keywords
This publication has 6 references indexed in Scilit:
- Manage Everything or Anything? Possible Ways Towards Generic Emergency Management CapabilitiesJournal of Disaster Research, 2015
- Preparing for Critical Infrastructure Breakdowns: The Limits of Crisis Management and the Need for ResilienceJournal of Contingencies and Crisis Management, 2007
- Guide to test, training, and exercise programs for IT plans and capabilitiesPublished by National Institute of Standards and Technology (NIST) ,2006
- Identifying, understanding, and analyzing critical infrastructure interdependenciesIEEE Control Systems, 2001
- Emergency response training: strategies for enhancing real-world performanceJournal of Hazardous Materials, 2000
- Skills, rules, and knowledge; signals, signs, and symbols, and other distinctions in human performance modelsIEEE Transactions on Systems, Man, and Cybernetics, 1983