学位论文详细信息
A cyber exercise post assessment framework: In Malaysia perspectives
AC Collections. Series. Collected works;HA Statistics;LG Individual institutions (Asia. Africa);T Technology (General)
Ahmad, Arniyati ; Johnson, Christopher
University:University of Glasgow
Department:School of Computing Science
关键词: Critical infrastructure protection, critical national information infrastructure, cyber exercise, cyber resilience, organisation resilience, Kirpatrick Training Model.;   
Others  :  http://theses.gla.ac.uk/7553/1/2016ArniyatiAphd.pdf
来源: University of Glasgow
PDF
【 摘 要 】

Critical infrastructures are based on complex systems that provide vital services to the nation. The complexities of the interconnected networks, each managed by individual organisations, if not properly secured, could offer vulnerabilities that threaten other organisations’ systems that depend on their services. This thesis argues that the awareness of interdependenciesamong critical sectors needs to be increased. Managing and securing critical infrastructure is not isolated responsibility of a government or an individual organisation. There is a need for a strong collaboration among critical service providers of public and private organisations in protecting critical information infrastructure. Cyber exercises have been incorporated in national cyber security strategies as part of critical information infrastructure protection. However, organising a cyber exercise involved multi sectors is challenging due to the diversity of participants’ background, working environments and incidents response policies. How well the lessons learned from the cyber exercise and how it can be transferred to the participating organisations is still a looming question. In order to understand the implications of cyber exercises on what participants have learnt and how it benefits participants’ organisation, a Cyber Exercise Post Assessment (CEPA) framework was proposed in this research. The CEPA framework consists of two parts. The first part aims to investigate the lessons learnt by participants from a cyber exercise using the four levels of the Kirkpatrick Training Model to identify their perceptions on reaction, learning, behaviour and results of the exercise. The second part investigates the Organisation Cyber Resilience (OCR) of participating sectors. The framework was used to study the impact of the cyber exercise called X Maya in Malaysia. Data collected through interviews with X Maya 5 participants were coded and categorised based on four levels according to the Kirkpatrick Training Model, while online surveys distributed to ten Critical National Information Infrastructure (CNII) sectors participatedin the exercise. The survey used the C-Suite Executive Checklist developed by World Economic Forum in 2012. To ensure the suitability of the tool used to investigate the OCR, a reliability test conducted on the survey items showed high internal consistency results. Finally, individual OCR scores were used to develop the OCR Maturity Model to provide the organisation cyber resilience perspectives of the ten CNII sectors.

【 预 览 】
附件列表
Files Size Format View
A cyber exercise post assessment framework: In Malaysia perspectives 3535KB PDF download
  文献评价指标  
  下载次数:19次 浏览次数:20次