The Community Cybersecurity Maturity Model (CCSMM)

2021 ◽  
pp. 1-31
Keyword(s):  
Information Sharing ◽  
Cyber Security ◽  
Lessons Learned ◽  
Maturity Model ◽  
Awareness Information

Lessons learned from the community cyber security exercises showed common threads each community needed to focus on in order to improve the community's cyber security posture. These similarities were grouped into four areas of improvement called dimensions. The dimensions are awareness, information sharing, policies, and planning. The methods in which communities can implement improvement are called implementation mechanisms. These mechanisms are common approaches used every day such as establishing metrics, implementing technologies, creating processes and procedures, and conducting training and assessments.

Information Sharing

2021 ◽  
pp. 104-130
Keyword(s):  
Information Sharing ◽  
Cyber Security ◽  
San Antonio ◽  
Maturity Model ◽  
Security Framework ◽  
Group Information Sharing ◽  
Group Information ◽  
Geographic Regions ◽  
Program Information

From the first community cybersecurity exercise the CIAS at UTSA conducted in San Antonio in 2002, information sharing has been a key element of the community cybersecurity program. Information sharing is essential in the protection and detection aspects of programs such as the NIST cyber security framework. Information sharing helps to alert other organizations to ongoing reconnaissance and attack efforts by attackers. When it comes to cybersecurity, organizations are not in competition with each other but instead are partners in a mutual defense against attackers. This has not been an easy lesson to learn, and it has taken time, but today, there are many robust information sharing programs that help various sectors and geographic regions to band together to help each other in efforts to thwart attacks against any member of the group. Information sharing is an integral part of the community cyber security maturity model and can in fact help provide a catalyst to launch an overall cybersecurity program for a community.

International and Multidisciplinary Experiences in Engineering Courses at UNAM

2012 ◽  
Author(s):  
Vicente Borja ◽  
Alejandro Ramírez-Reivich ◽  
Marcelo López-Parra ◽  
Arturo Treviño Arizmendi ◽  
Luis F. Equihua Zamora
Keyword(s):  
Information Sharing ◽  
Product Innovation ◽  
Lessons Learned ◽  
Faculty Members ◽  
University Of California ◽  
Focal Points ◽  
User Centered Design ◽  
University Of Munich ◽  
Design Students ◽  
The University

A team of faculty members from the Universidad Nacional Autónoma de México (UNAM) has coordinated multidisciplinary courses in collaboration with universities from other countries. The team, who is composed by faculty from the School of Engineering and the School of Architecture, coordinates with pairs of Stanford University, the University of California at Berkeley, and the Technical University of Munich; to teach three particular design courses. All three courses are related to product innovation but they have different emphasis depending on the collaborating partner. The focal points of each of the three courses are: (1) innovation, (2) user centered design and sustainability and (3) transport in megacities of the future. Engineering and industrial design students are involved in the courses. They are organized in teams that include participants from the two collaborating universities. During the courses teams carry out projects working mostly at a distance; they use different means of communication and information sharing and also pay reciprocal visits between the universities involved in the collaboration. This paper describes each of the three courses highlighting their particular characteristics. The outcomes and results of the courses and specific projects are commented. In the end of the paper lessons learned are discussed and final remarks are presented.

The Community Cyber Security Maturity Model

2016 ◽  
pp. 161-183
Author(s):  
Natalie Sjelin ◽  
Gregory White
Keyword(s):  
Cyber Security ◽  
Maturity Model

Cooperation and Free Riding in Cyber Security Information-Sharing Programs

2018 ◽  
pp. 309-324 ◽  
Author(s):  
Asmeret Bier Naugle ◽  
Austin Silva ◽  
Munaf Aamir
Keyword(s):  
Information Sharing ◽  
Cyber Security ◽  
Low Cost ◽  
Cost Savings ◽  
Free Riding ◽  
Cyber Attacks ◽  
Defense Strategies ◽  
Shared Information ◽  
Substantial Investment ◽  
Human Decision

Even with substantial investment in cyber defense, the risk of harm from cyber attacks is significant for many organizations. Multi-organization information-sharing programs have the potential to improve cyber security at relatively low cost by allowing organizations that face similar threats to share information on vulnerabilities, attacks, and defense strategies. The dynamics of an information-sharing program are likely to depend heavily on interactions between human decision makers. This article describes a system dynamics model of an information-sharing program. The model incorporates decision-making strategies of managers and cyber defenders in each participating organization. The model was used to assess how free-riding behavior is likely to affect the success of a multi-organization information-sharing program. Results shows that free riding may make information sharing more volatile and less beneficial early on, but other factors, including cost savings and the perceived utility of shared information, are likely to create success later in the time horizon.

The Two-Dimensional CCSMM

2021 ◽  
pp. 32-54
Keyword(s):  
Cyber Security ◽  
Phase 1 ◽  
Maturity Model ◽  
Two Dimensional ◽  
Four Dimensions ◽  
Level 1 ◽  
Level 2

The community cyber security maturity model (CCSMM) defines four dimensions and five implementation mechanisms in describing the relative maturity of an organization or an SLTT's cybersecurity program. These are used in defining levels of maturity and the cybersecurity characteristics of an organization or SLTT at each level. In order to progress from one level to the next, a variety of activities should take place, and these are defined in terms of five different mechanisms. In between two levels are a variety of activities that should take place to help the entity to advance from one level to the next. These groups of activities describe four phases, each of which takes place between two levels. Thus, Phase 1 defines the activities that should occur for an entity to advance from Level 1 to Level 2.

Integration of ICTs in Radio Programs (II-RP) for Environmental Awareness for Peasant Farmers of Rural Zambia

2021 ◽  
pp. 243-262
Author(s):  
Tracy Chisanga ◽  
Jameson Mbale
Keyword(s):  
Information Sharing ◽  
Mobile Phones ◽  
Environmental Awareness ◽  
Remote Areas ◽  
Awareness Information ◽  
Crop Diseases ◽  
Radio Programs ◽  
Rural Zambia ◽  
Peasant Farmers

The radio was the most and only reliable media capable of disseminating remedial information for methods of curing and preventing the outbreak of animal and crop diseases. However, this mode of media faced the challenges of majority of peasant farmers not owning radios, and as a result, they did not access such services. In addition, the distance among the peasant farmers hindered people sharing such resources. Nevertheless, the mushrooming owning of mobile phones by the majority of peasant farmers made information sharing possible. It was in view of that that the integration of ICTs on radio programs, in this work abbreviated as II-RP, was envisaged to disseminate remedial information to peasant farmers in remote areas of Zambia. The II-RP, a mobile built system, allowed farmers and agriculture officers to share the awareness information and sensitization of methods of farming.

Key Topics in the Ethics and Economics of Cyber Security

2009 ◽  
pp. 78-89
Author(s):  
Sattar J. Aboud
Keyword(s):  
Information Security ◽  
Information Sharing ◽  
Cyber Security ◽  
The Internet ◽  
Significant Issue ◽  
Ethics And Economics ◽  
Key Topics ◽  
Manufactured Goods ◽  
Security Concerns ◽  
Considerable Damage

Cyber security is the significant issue for customers, sellers, and discipliners since hackers who utilize vulnerabilities can make considerable damage. In this chapter, we study key topics in a nascent literature on a cyber security. We first concentrate on how inducements influence the major topics in information security. Three significant topics pertinent for a cyber security concerns are: an exterior security, the internet consequence and information sharing which make effect in the information security. The budding literature has started to study the relationships between vulnerability revelation, patching, manufactured goods prices and profits.

Tensions in Collaborative Cyber Security and how They Affect Incident Detection and Response

2010 ◽  
pp. 34-63 ◽  
Author(s):  
Glenn Fink ◽  
David McKinnon ◽  
Samuel Clements ◽  
Deborah Frincke
Keyword(s):  
Case Studies ◽  
Cyber Security ◽  
Lessons Learned ◽  
General Nature ◽  
Incident Detection ◽  
Multiple Stakeholders ◽  
The U.S ◽  
Regulatory Challenges

Security often requires collaboration, but when multiple stakeholders are involved, it is typical for their priorities to differ or even conflict with one another. In today’s increasingly networked world, cyber security collaborations may span organizations and countries. In this chapter, the authors address collaboration tensions, their effects on incident detection and response, and how these tensions may potentially be resolved. The authors present three case studies of collaborative cyber security within the U.S. government and discuss technical, social, and regulatory challenges to collaborative cyber security. They suggest possible solutions and present lessons learned from conflicts. Finally, the authors compare collaborative solutions from other domains and apply them to cyber security collaboration. Although they concentrate their analysis on collaborations whose purpose is to achieve cyber security, the authors believe this work applies readily to security tensions found in collaborations of a general nature as well.

Sign in / Sign up

Export Citation Format

Share Document