SYSTEMIC SECURITY FRAMEWORK FOR HEI’S

Authors: Alexei Arina
Affiliation: Technical University of Moldova

Category:

Keywords: cyber security, HEIs, management, framework, application
ABSTRACT. Ensuring cyber security is increasingly important for Higher Education Institutions (HEI’s), the development of security frameworks based on international standards in the field, developed according to a systemic and holistic approach, has become mandatory with the digitization of the academic field and the growing number of ICT security threats. The applications used for the management of cyber security automate the entire process and enable the joint use of security requirements and the overview of the process of securing university ICT, to achieve an optimal level of cyber security of academic electronic services. In this sense, the use of European directives, security standards, and scientific methods used for the development of security frameworks, but also of formal models for the development of security systems has an important and defining role, so that the solutions developed are applicable and based on evidence scientific.

References:

Alexei, Arina. 2021. “Network Security Threats to Higher Education Institutions.” In CEE E|Dem and E|Gov Days, 32333. Budapest. https://doi.org/10.24989/ocg.v341.24
Alexei Ar., Nistiriuc P., and Alexei An. 2022. “The Holistic Approach to Cybersecurity in Academia.” In CEEeGov '22: Proceedings of the Central and Eastern European eDem and eGov Days, edited by NY, USA ACM. New York. DOI: https://doi.org/10.1145/3551504.3551516
Ani, Uchenna Daniel, Hongmei He, and Ashutosh Tiwari. 2019. “Human Factor Security: Evaluating the Cybersecurity Capacity of the Industrial Workforce.” Journal of Systems and Information Technology 21 (1): 2–35. https://doi.org/10.1108/JSIT-02-2018-0028
Asosheh, Abbass, Parvaneh Hajinazari, and Hourieh Khodkari. 2013. “A Practical Implementation of ISMS.” In 7th International Conference on E-Commerce in Developing Countries:With Focus on e-Security. IEEE. https://doi.org/10.1109/ECDC.2013.6556730
Bolun, I. 2021. “Prioritization of Cybersecurity Measures.” In The 11th International Conference OnElectronics, Communications and Computing, 194–99. Chișinău
Cambridge University Press. 2022. “Cambridge Academic Content Dictionary.” 2022. https://dictionary.cambridge.org
Check Point Research. 2022. “Cyber Security Report.” https://www.checkpoint.com
Coventry, Lynne, and Dawn Branley. 2018. “Cybersecurity in Healthcare: A Narrative Review of Trends, Threats and Ways Forward.” Maturitas 113 (July):48–52. https://doi.org/10.1016/j.maturitas.2018.04.008
European Parliament, Council of the European Union. 2022. “Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on Measures for a High Common Level of Cybersecurity across the Union, Amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and Repealing Directive (EU) 2016/1148 (NIS 2 Directive).”
Fouad, Noran Shafik. 2021. “Securing Higher Education against Cyberthreats: From an Institutional Risk to a National Policy Challenge.” Journal of Cyber Policy 6 (2): 137–54. https://doi.org/10.1080/23738871.2021.1973526
Huang, X., P. Craig, H. Lin, and Z Yan. 2016. “SecIoT: A Security Framework for the Internet of Things.” Security and Communication Networks 9 (16): 3083–94
ISO/IEC 27001: INFORMATION SECURITY MANAGEMENT. International Organization for Standardization. Geneva, Switzerland, 2022
ISO/IEC 27005: Information technology – Security techniques – Information security risk management. International Organization for Standardization. Geneva, Switzerland, 2018
Jang-Jaccard, Julian, and Surya Nepal. 2014. “A Survey of Emerging Threats in Cybersecurity.” In Journal of Computer and System Sciences, 80:973–93. Academic Press Inc. https://doi.org/10.1016/j.jcss.2014.02.005
Joshi, Chanchala, and Umesh Kumar Singh. 2017. “Information Security Risks Management Framework – A Step towards Mitigating Security Risks in University Network.” Journal of Information Security and Applications 35 (August). https://doi.org/10.1016/j.jisa.2017.06.006
Lance J. Hoffman, and Don Clements. 1977. “FUZZY COMPUTER SECURITY METRICS: A PRELIMINARY REPORT.” Berkeley
Luo, X. 2016. “Security Protection to Industrial Control System Based on Defense-in- Depth Strategy.” WIT Transactions on Engineering Sciences 113:19–27
Mellado, Daniel, Eduardo Fernández-Medina, and Mario Piattini. 2006. “Applying a Security Requirements Engineering Process.” In , 192–206. https://doi.org/10.1007/11863908_13
Merchan-Lima, Jorge, Fabian Astudillo-Salinas, Luis Tello-Oquendo, Franklin Sanchez, Gabriel Lopez-Fonseca, and Dorys Quiroz. 2020. “Information Security Management Frameworks and Strategies in Higher Education Institutions: A Systematic Review.” Annals of Telecommunications, July. https://doi.org/10.1007/s12243-020-00783-2
Microsoft. 2023. “Microsoft Digital Defense Report.”
Panja, Biswajit, Dennis Fattaleh, Mark Mercado, Adam Robinson, and Priyanka Meharia. 2013. “Cybersecurity in Banking and Financial Sector: Security Analysis of a Mobile Banking Application.” In 2013 International Conference on Collaboration Technologies and Systems (CTS), 397–403. IEEE. https://doi.org/10.1109/CTS.2013.6567261
Rehman, Huma, Ashraf Masood, and Ahmad Raza Cheema. 2013. “Information Security Management in Academic Institutes of Pakistan.” In 2013 2nd National Conference on Information Assurance (NCIA). IEEE. https://doi.org/10.1109/NCIA.2013.6725323
Wang, Andy Ju An. 2005. “Information Security Models and Metrics.” In Proceedings of the 43rd Annual Southeast Regional Conference on - ACM-SE 43, 178. New York, New York, USA: ACM Press. https://doi.org/10.1145/1167253.1167295