This paper proposes a holistic cybersecurity online tool to support implementation activities of the “National Framework for Cybersecurity & Data Protection”, one of its contextualizations, as well as the fifteen “Essential Cybersecurity Controls”. It also aims at promoting its wide dissemination by SMEs. All the regulations, standards and national/international laws mentioned as “Informative References” for each Subcategory in the Framework Core are, in fact, made available through a web application where they can be consulted with a few clicks, guiding even less experienced users in the creation of their cybersecurity compliance projects. The research and analysis activities conducted with a systematic, global and conceptual approach - consistent with the original document - have been aimed at highlighting the substantial differences between IT/OT cybersecurity requirements in order to increase, through a comparative analysis, the cyber resilience of national critical infrastructures. Meanwhile, since an important step towards cyberspace security is a global increase in the level of cyber risk awareness, the tool aims to be used for education and training programs too, both at the corporate and academic levels, in order to bridge the skills gap in the job market between job seekers and employers. For this purpose, some of the main reference standards used for auditing, vulnerability assessment and risk management activities have been included.
OT cyber security frameworks comparison tool (CSFCTool) / Murino, G.; Ribaudo, M.; Romano, S. P.; Tacchella, A.. - 2940:(2021), pp. 9-22. (Intervento presentato al convegno 5th Italian Conference on Cybersecurity, ITASEC 2021 nel 2021).
OT cyber security frameworks comparison tool (CSFCTool)
Romano S. P.;
2021
Abstract
This paper proposes a holistic cybersecurity online tool to support implementation activities of the “National Framework for Cybersecurity & Data Protection”, one of its contextualizations, as well as the fifteen “Essential Cybersecurity Controls”. It also aims at promoting its wide dissemination by SMEs. All the regulations, standards and national/international laws mentioned as “Informative References” for each Subcategory in the Framework Core are, in fact, made available through a web application where they can be consulted with a few clicks, guiding even less experienced users in the creation of their cybersecurity compliance projects. The research and analysis activities conducted with a systematic, global and conceptual approach - consistent with the original document - have been aimed at highlighting the substantial differences between IT/OT cybersecurity requirements in order to increase, through a comparative analysis, the cyber resilience of national critical infrastructures. Meanwhile, since an important step towards cyberspace security is a global increase in the level of cyber risk awareness, the tool aims to be used for education and training programs too, both at the corporate and academic levels, in order to bridge the skills gap in the job market between job seekers and employers. For this purpose, some of the main reference standards used for auditing, vulnerability assessment and risk management activities have been included.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
