Cyber Evaluation and Management Toolkit (CEMT): Face Validity of Model-Based Cybersecurity Decision Making-Reference-Cited by-同舟云学术

Cyber Evaluation and Management Toolkit (CEMT): Face Validity of Model-Based Cybersecurity Decision Making

Published:2024-07-01 Issue:7 Volume:12 Page:238
ISSN:2079-8954
Container-title:Systems
language:en
Short-container-title:Systems

Author:

Fowler Stuart¹,Joiner Keith²^ORCID,Ma Siqi¹

Affiliation:

1. School of Systems and Computing, University of New South Wales, Canberra 2600, Australia

2. Capability Systems Centre, University of New South Wales, Canberra 2600, Australia

Abstract

The Cyber Evaluation and Management Toolkit (CEMT) is an open-source university research-based plugin for commercial digital model-based systems engineering tools that streamlines conducting cybersecurity risk evaluations for complex cyber-physical systems. The authors developed this research tool to assist the Australian Defence Force (ADF) with the cybersecurity evaluation of complicated systems operating in an increasingly contested and complex cyber environment. This paper briefly outlines the functionality of the CEMT including the inputs, methodology, and outputs required to apply the toolkit using a sample model of the process applied to a generic insider threat attack. A face validity trial was conducted on the CEMT, surveying subject-matter experts in the field of complex cybersecurity analysis and risk assessment to present the generic case study and gather data on the expected benefits of a real-world implementation of the process. The results of the face validity broadly supports the effectiveness and usability of the CEMT, providing justification for industry research trials of the CEMT.

Publisher

MDPI AG

Link

https://www.mdpi.com/2079-8954/12/7/238/pdf

Reference70 articles.

1. (2024, April 25). Australian Government—Department of Home Affairs, Protective Security Policy Framework, Available online: https://www.protectivesecurity.gov.au.

2. (2024, April 25). National Institute of Standards and Technology (NIST) Computer Security Resource Center (CSRC), NIST Risk Management Framework (RMF), Available online: https://csrc.nist.gov/projects/risk-management/about-rmf.

3. (2024, April 25). Australian Government—Australian Signals Directorate, Information Security Manual (ISM), Available online: https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism.

4. (2024, April 25). National Institute of Standards and Technology (NIST) Computer Security Resource Center (CSRC), NIST Special Publication 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations, Available online: https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final.

5. (2024, April 25). U.S. Department of Navy; Cyber Strategy, November 2023. Available online: https://dvidshub.net/r/irstzr.