Journal
JOURNAL OF DISASTER RESEARCH
Volume 12, Issue 5, Pages 1081-1090Publisher
FUJI TECHNOLOGY PRESS LTD
DOI: 10.20965/jdr.2017.p1081
Keywords
cybersecurity; exercise; maturity model; business continuity management; critical infrastructure protection
Categories
Funding
- Ministry of Education, Science, Sports and Culture [16H01837]
- Grants-in-Aid for Scientific Research [16H01837] Funding Source: KAKEN
Ask authors/readers for more resources
The purpose of this study is to illustrate how exercises can play the role of a driving power to improve an organization's cyber security preparedness. The degree of cyber security preparedness varies significantly among organizations. This implies that training and exercises must be tailored to specific capabilities. In this paper, we review the National Institute of Standards and Technology (NIST) cybersecurity framework that formalizes the concept of tier, which measures the degree of preparedness. Subsequently, we examine the types of exercises available in the literature and propose guidelines that assign specific exercise types, aims, and participants to each level of preparedness. The proposed guideline should facilitate the reinforcement of cybersecurity risk management practices, reduce resource misuse, and lead to a smooth improvement of capabilities.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available