A NIS Directive compliant Cybersecurity Maturity Model

The EU NIS Directive introduces obligations related to the security of the network and information systems for Operators of Essential Services and for Digital Service Providers. Moreover, National Competent Authorities for cybersecurity are required to assess compliance with these obligations. This paper describes a novel Cybersecurity Maturity Assessment Framework (CMAF) that is tailored to the NIS Directive requirements. CMAF can be used either as a self-assessment tool from Operators of Essential Services and Digital Service Providers or as an audit tool from the National Competent Authorities for cybersecurity

BIBLIOMETRIC ANALYSIS ON CYBERSPACE SECURITY - NIS DIRECTIVES

The impact of security in cyberspace has been increasing, motivating companies to reconsider their security strategies. In addition, people from various countries who are aware of this growth are seeking to present studies in various journals that allow them to identify elements that contribute to the consolidation of the concept of security in cyberspace. With this reality in mind, this study, supported by a bibliometric analysis of security in cyberspace based on articles published in the last eight years, aims to analyze the evolution of scientific research, identify the most influential scientific publications on topics related to cyberspace security, and detect research opportunities in the field. The study also discusses the implementation of the legal framework for security in cyberspace and the NIS Directive, aspects that European companies should consider in their cybersecurity strategy. The study's conclusions highlight the multifaceted nature of cybersecurity challenges and the need for a holistic and collaborative approach to strengthening digital resilience, with an emphasis on promoting a culture of awareness encouraged at the organizational and social level by policymakers, industry leaders, and researchers.info:eu-repo/semantics/publishedVersio

BIBLIOMETRIC ANALYSIS ON CYBERSPACE SECURITY - NIS DIRECTIVES

The impact of security in cyberspace has been increasing, motivating companies to reconsider their security strategies. In addition, people from various countries who are aware of this growth are seeking to present studies in various journals that allow them to identify elements that contribute to the consolidation of the concept of security in cyberspace. With this reality in mind, this study, supported by a bibliometric analysis of security in cyberspace based on articles published in the last eight years, aims to analyze the evolution of scientific research, identify the most influential scientific publications on topics related to cyberspace security, and detect research opportunities in the field. The study also discusses the implementation of the legal framework for security in cyberspace and the NIS Directive, aspects that European companies should consider in their cybersecurity strategy. The study's conclusions highlight the multifaceted nature of cybersecurity challenges and the need for a holistic and collaborative approach to strengthening digital resilience, with an emphasis on promoting a culture of awareness encouraged at the organizational and social level by policymakers, industry leaders, and researchers.info:eu-repo/semantics/publishedVersio

Bibliometric Analysis on Cyberspace Security - NIS Directives

The impact of security in cyberspace has been increasing, motivating companies to reconsider their security strategies. In addition, people from various countries who are aware of this growth are seeking to present studies in various journals that allow them to identify elements that contribute to the consolidation of the concept of security in cyberspace. With this reality in mind, this study, supported by a bibliometric analysis of security in cyberspace based on articles published in the last eight years, aims to analyze the evolution of scientific research, identify the most influential scientific publications on topics related to cyberspace security, and detect research opportunities in the field. The study also discusses the implementation of the legal framework for security in cyberspace and the NIS Directive, aspects that European companies should consider in their cybersecurity strategy. The study's conclusions highlight the multifaceted nature of cybersecurity challenges and the need for a holistic and collaborative approach to strengthening digital resilience, with an emphasis on promoting a culture of awareness encouraged at the organizational and social level by policymakers, industry leaders, and researchers.info:eu-repo/semantics/publishedVersio

Does the NIS implementation strategy effectively address cyber security risks in the UK?

This research explored how cyber security risks are managed across UK Critical National Infrastructure (CNI) sectors following implementation of the 2018 Networks and Information Security (NIS) legislation. Being in its infancy, there has been limited study into the effectiveness of this national framework for cyber risk management. The analysis of data gathered through interviews with key stakeholders against the NIS objectives indicated a collaborative implementation approach to improve cyber-risk management capabilities in CNI sectors. However, more work is required to bridge the gaps in the NIS framework to ensure holistic security across cyber spaces as well as non-cyber elements: cyber-physical security, cross-sector CNI service security measures, outcome-based regulatory assessments and risks due to connected smart technology implementations alongside legacy systems. This paper proposes ten key recommendations to counter the danger of not meeting the NIS key strategic objectives. In particular, it recommends that the approach to NIS implementation needs further alignment with its objectives, such as bringing a step-change in the cyber-security risk management capabilities of the CNI sectors

Implementing the NIS Directive, Driving Cybersecurity Improvements for Essential Services

A review by the National Audit Office of the National Cyber Security Programme recommended a more robust performance framework, to understand the impact of the Programme and to focus activities going forward. The Directive on security of network and information systems (the NIS Directive) has placed responsibility for essential aspects of supply chains on Operators of Essential Services (OES). Our dependence on international supply chains also requires a performance framework to assist cybersecurity improvements in this area. The following sections describe work to investigate the implementation of the NIS Directive by Competent Authorities (CA) and OES and proposes a framework to monitor performance across interdependencies. This is to enable development of a more effective set of performance metrics to guide interventions and improvements in cybersecurity for critical infrastructure

Interorganizational cooperation in supply chain cybersecurity: a cross-industry study of the effectiveness of the UK implementation of the NIS Directive

The transposition of the EU Directive on Network and Information Security (NIS) by EU Member States involved assigning a set of responsibilities to operators, regulators and policy makers within a national cybersecurity strategy, in order to improve cybersecurity levels across critical infrastructures. This research investigates the perspectives and experiences of organisations affected by the NIS Directive focussing on three different sectors (Energy, Water & Aviation). The authors evaluate the response of different actors to NIS interventions and their challenges in meeting their assigned responsibilities, in particular their ability to oversee supply chain cybersecurity. It proposes further support for partnerships and cooperation across organisations to increase the effectiveness of NIS implementation. Based on results from semi-structured interviews and observations of industry working groups, an approach to supply chain oversight to achieve a balance between control and cooperation is recommended, to improve cybersecurity within industry sectors and across critical national infrastructures. Although our initial focus has been on working mainly with UK stakeholders, we argue that our recommendations have a more general application beyond those countries directly affected by the Directive

National cyber security strategies: management, unification and assessment

Cyber security has become an important issue both on the EU and the national level. Cyber security is now perceived as a part of national security. The newly emerging cyber security policy, comprising national cyber security strategies as an important constituent part, has been recently paid considerable attention. Speaking of national cyber security strategies, a positive thing is that the majority of EU member states have already approved such strategies. However, the approved strategies differ considerably in terms of their content and implementation. The present article aims at identifying reasons for differences in individual national strategies and analyses aspects of their unifications in expectation to find out an optimum balance between the degree of unification and the need to retain differences arising from intrinsic national singularities. To this end, the article analyses the issue of national cyber security on the basis of Lithuania's cyber security strategy as a sample in the context of ENISA good practices for the development of cyber security strategies and by application of ENISA developed KPIs and testing ENISA cyber security strategy evaluation tool. Finally, the article suggests recommendations on further development of national cyber security strategies in terms of their unification and national singularities

The Role of the Chief Information Security Officer (CISO) in Organizations

In an increasingly connected and digital world, information is seen as a business enabler and source of sustained competitive advantage. Thus, information security is becoming critical to protect these information assets, which is why organizations’ information security strategy has been aligning with their strategic goals. This paper aims to study organizations’ general information security environment, analyse the CISO’s role in them and understand where they should be positioned on the organizational structure. Interviews were conducted on experienced information security consultants, information systems and information security directors, which allowed to conclude that organizations in Portugal still need to increase their maturity when it comes to information security, and that this may be due to the absence of an established security culture in the country. On the other hand, the CISO’s role has been increasing in relevance, being considered that it should have a close and independent relationship with organizations’ boards