Abstract
The activities focused on the implementation of standards related to Cybersecurity and Digital Security has involved not understanding the allocation of physical, logical and electronic controls to devices of digital nature that have elements of criticality identification of information assets and their incorporation in the evaluation of the policies of organizations. This paper proposes a methodological model to implement it in an organization that has threats related to Cybercrime and solve the complexity of analysis among digital security professionals.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Cyberterrorism: It is the action that involves the negative use of a Technology, Technique or tool to generate fear, anxiety, fear or damage to a computer system before a collective right (Victims) in the Cyberspace environment. It can affect a Critically Vulnerable Infrastructure connected to an indispensable service. Term retrieved from the United States Department of Justice and improved under the theory of the Geometry of Cybercrime.
- 2.
Data: A data is a symbolic representation (numerical, alphabetical, algorithmic, spatial, etc.) of a quantitative or qualitative attribute or variable. https://es.wikipedia.org/wiki/Dato, connect expanded by applying it to the proposed article.
- 3.
Attack: In cryptography, a brute force attack is a way of recovering a key by trying all possible combinations until the one that allows access is found https://es.wikipedia.org/wiki/Ataque_de_fuerza_bruta
- 4.
Consumer: the person (undetermined) or company (undetermined) connected through cyberspace by means of a technological platform, which has the tools to carry out transactions for a particular interest, for example: a purchase, a service, etc. (Concept elaborate by the author).
References
NIST: Contingency Planning Guide for Federal Information Systems, NIST Special Publication 800-34 Rev. 1, California (2020)
E. 2. ISO IECP: Intranet Bogotá, 18 Febrero 2020. [En lÃnea]. http://intranet.bogotaturismo.gov.co/sites/intranet.bogotaturismo.gov.co/files/file/NTC-ISO-IEC%2027001.pdf
Ruiz, E.E.O.: LIBRO SOBRE A APLICAO PRACTICA DA INVESTIGACAO CRIMINAL TECNOLOGICA. Brasil, Juspodivm (2020)
RedCiber: RedCiber Blog, [En lÃnea]. https://www.redciber.org/post/gestion-ramsonware
NIST: NIST, 18 02 2020. [En lÃnea]. https://www.nist.gov/about-nist
I. 2. Icontec: ISECAUDITORES, 29 04 2020. [En lÃnea]. https://www.isecauditors.com/consultoria-csf-iso-27032
Franco, D.C., Guerrero, C.D.: Sistema de Administración de Controles de Seguridad Informática basado en ISO/IEC 27002 (2013)
Ridley, G., Young, J., Carroll, P.: COBIT and its utilization: a framework from the literature. In: 37th Annual Hawaii International Conference on System Sciences, p. 8 (2004)
Comité ISACA: Fundamentos de Ciberseguridad, ISBN 978-1-60420-772–9 ed., CSX, p. 194
Debnath, J., Lorga, M., Kumar, A., Huang, Y.: A user-interactive cyber security architecture tool based on NIST-compliance security controls for risk management. In: 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), p. 11 (2019)
Blank, R.M., Gallagher, P.D.: Security and Privacy Controls for Federal Information Systems. National Institute of Standards and Technology (2013)
Abrams, D.M., Weiss, J.: Malicious Control System Cyber Security Attack Case Study: Maroochy Water Services, MITRE, Vols. %1 de %2https://www.mitre.org/publications/technical-papers/malicious-control-system-cyber-security-attack-case-study-maroochy-water-services-australia, nº NIST SP800-53, p. 15 (2008)
Evans, D., Phillip, J.B.: Standards for Security Categorization of Federal Information and Information Systems, FIPS PUB 199, p. 12 (2003)
CISA – NIST: Defending Against Software Supply Chain Attacks, [En lÃnea]. https://www.cisa.gov/sites/default/files/publications/defending_against_software_supply_chain_attacks_508_1.pdf
Iftekhar Ahmed, T.N.S.U.: DLACM (2020). [En lÃnea]. https://dl.acm.org/doi/abs/https://doi.org/10.1145/3377049.3377114
GOV, CISA, 21 Enero 2021. [En lÃnea]. https://www.cisa.gov/news/2021/01/21/cisa-launches-campaign-reduce-risk-ransomware
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ruiz, E.O. (2023). Cybernetic Risk Management for Methodological Model of NIST-Based to Prevent Cybercrime Approach in Organizations. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2022, Volume 2. FTC 2022 2022. Lecture Notes in Networks and Systems, vol 560. Springer, Cham. https://doi.org/10.1007/978-3-031-18458-1_22
Download citation
DOI: https://doi.org/10.1007/978-3-031-18458-1_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-18457-4
Online ISBN: 978-3-031-18458-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)