On the Complexity of Cybersecurity Exercises Proportional to Preparedness

27 September 2017

journal article
Published by Fuji Technology Press Ltd. in Journal of Disaster Research

Vol. 12 (5), 1081-1090
https://doi.org/10.20965/jdr.2017.p1081

Abstract

The purpose of this study is to illustrate how exercises can play the role of a driving power to improve an organization’s cyber security preparedness. The degree of cyber security preparedness varies significantly among organizations. This implies that training and exercises must be tailored to specific capabilities. In this paper, we review the National Institute of Standards and Technology (NIST) cybersecurity framework that formalizes the concept of tier, which measures the degree of preparedness. Subsequently, we examine the types of exercises available in the literature and propose guidelines that assign specific exercise types, aims, and participants to each level of preparedness. The proposed guideline should facilitate the reinforcement of cybersecurity risk management practices, reduce resource misuse, and lead to a smooth improvement of capabilities.

Keywords

This publication has 6 references indexed in Scilit:

Manage Everything or Anything? Possible Ways Towards Generic Emergency Management Capabilities
Journal of Disaster Research, 2015
Preparing for Critical Infrastructure Breakdowns: The Limits of Crisis Management and the Need for Resilience
Journal of Contingencies and Crisis Management, 2007
Guide to test, training, and exercise programs for IT plans and capabilities
Published by National Institute of Standards and Technology (NIST) ,2006
Identifying, understanding, and analyzing critical infrastructure interdependencies
IEEE Control Systems, 2001
Emergency response training: strategies for enhancing real-world performance
Journal of Hazardous Materials, 2000
Skills, rules, and knowledge; signals, signs, and symbols, and other distinctions in human performance models
IEEE Transactions on Systems, Man, and Cybernetics, 1983

Cited by 10 articles