Leveraging Taxonomical Engineering for Security Baseline Compliance in International Regulatory Frameworks-Reference-Cited by-同舟云学术

Leveraging Taxonomical Engineering for Security Baseline Compliance in International Regulatory Frameworks

Published:2023-10-07 Issue:10 Volume:15 Page:330
ISSN:1999-5903
Container-title:Future Internet
language:en
Short-container-title:Future Internet

Author:

Grigaliūnas Šarūnas¹^ORCID,Schmidt Michael²^ORCID,Brūzgienė Rasa¹^ORCID,Smyrli Panayiota³^ORCID,Bidikov Vladislav⁴^ORCID

Affiliation:

1. Department of Computer Sciences, Kaunas University of Technology, Studentu Str. 50, 51368 Kaunas, Lithuania

2. Leibniz Supercomputing Centre, Boltzmann Str. 1, 85748 Garching, Germany

3. Cyprus Research & Academic Network, 33 Neas Egkomis, Egkomi, Nicosia 2409, Cyprus

4. Faculty of Computer Science and Engineering, Ss. Cyril and Methodius University in Skopje, “Rugjer Boshkovikj” 16, P.O. Box 393, 1000 Skopje, North Macedonia

Abstract

A surge in successful Information Security (IS) breaches targeting Research and Education (R&E) institutions highlights a pressing need for enhanced protection. Addressing this, a consortium of European National Research and Education Network (NREN) organizations has developed a unified IS framework. This paper aims to introduce the Security Baseline for NRENs and a security maturity model tailored for R&E entities, derived from established security best practices to meet the specific needs of NRENs, universities, and various research institutions. The models currently in existence do not possess a system to smoothly correlate varying requirement tiers with distinct user groups or scenarios, baseline standards, and existing legislative actions. This segmentation poses a significant hurdle to the community’s capacity to guarantee consistency, congruency, and thorough compliance with a cohesive array of security standards and regulations. By employing taxonomical engineering principles, a mapping of baseline requirements to other security frameworks and regulations has been established. This reveals a correlation across most regulations impacting R&E institutions and uncovers an overlap in the high-level requirements, which is beneficial for the implementation of multiple standards. Consequently, organizations can systematically compare diverse security requirements, pinpoint gaps in their strategy, and formulate a roadmap to bolster their security initiatives.

Publisher

MDPI AG

Subject

Computer Networks and Communications

Link

https://www.mdpi.com/1999-5903/15/10/330/pdf

Reference30 articles.

1. European Commission (2023, August 12). General Data Protection Regulation. Regulation, The European Parliament and the Council of the European Union, 27 April 2016. Available online: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

2. European Commission (2023, August 10). Network and Information Security Directive. Nis2 Directive, The European Parliament and the Council of the European Union, 14 December 2022. Available online: https://eur-lex.europa.eu/eli/dir/2022/2555.

3. Wang, L., Near, J.P., Somani, N., Gao, P., Low, A., Dao, D., and Song, D. (2019, January 30). Data capsule: A new paradigm for automatic compliance with data privacy regulations. Proceedings of the Heterogeneous Data Management, Polystores, and Analytics for Healthcare: VLDB 2019 Workshops, Poly and DMAH, Los Angeles, CA, USA. Revised Selected Papers 5.

4. GDPR compliant information confidentiality preservation in big data processing;Caruccio;IEEE Access,2020

5. Renaud, K., and Shepherd, L.A. (2018, January 11–12). How to make privacy policies both GDPR-compliant and usable. Proceedings of the 2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), Glasgow, UK.