Developing a Strategic Management Model for Cyberspace Security Based on Large Cyber Space Data

Document Type : Original Article

Author

PhD Student of Cyber ​​Security First Degree University of National Defense

Abstract

The intensity of the changes in cyberspace and its according  diversity of insecurity and the need to respond to the current threats of this space, especially the strategic position of the services and information available in this space, have necessitated the need for a model for strategic management of this space's security. On the other hand, having environmental information, both indoor and outdoor, especially with regard to the speed of their changes and the need for accurate information, allows us to manage security in the bigdata of this space. Understanding the environment for selecting the right strategies in all strategic management models is part of the model. Cyber-space bigdata, in addition to providing real-time cyber-space information, enables complete assessment and identification of the environment. In this study, the final model was implemented using ISO 31000 standard framework. In this standard, the risk assessment section was extracted with regard to the macro features of the data available in cyberspace. The risk values ​​in each of the extracted components of cyberspace security by using Bayesian conditional probability functions and using Poisson distribution modulated Markov model by combining Markov cycle with Poisson probability density function and its conditional functions in Bayesian network , Extracted from large cyberspace data, risk assessment was performed. The implementation of ISO 31000 standard was also completed in the formulation of risk management strategies by applying elements extracted from studies on strategic management and risk management models. Finally, the model is simulated with an example of a cyber threat scenario on social networks.

Keywords

References

  1. فهرست منابع ومآخذ

    الف. منابع فارسی

    1. جعفری، مجتبی (1385)، برنامه‌ راهبردی امنیت فضای تبادل اطلاعات وزارت ارتباطات و فناوری اطلاعات.
    2. جورج سادوسکای، جیمزاکس. دمپزی، آلن گرینبرگ، باربارا جی. مک، آلن شوارتز، (1384)، راهنمای امنیت فناوری اطلاعات.
    3. حقی مجید؛ فیروزآبادی ابوالحسن؛ خراشادی‌زاده محمدرضا (1398)، ارائه مدل مدیریت راهبردی امنیت فضای سایبر بر اساس ابرداده‎های فضای سایبر.
    4. خلیل پور رکن‌آبادی، ع؛ نورعلی وند (1391)، تهدیدات سایبری و تأثیر آن بر امنیت ملی، فصلنامه مطالعات راهبردی شماره ۵۶.
    5. دیوسالار، عبدالرسول (1391)، قدرت اطلاعات، تیسا.
    6.  سیاست‌های کلی نظام در امور «امنیت فضای تولید و تبادل اطلاعات و ارتباطات و سند راهبردی امنیت فضای تولید و تبادل اطلاعات».
    7. وامالا، فردریک (2011)، سند راهنمای اتحادیه بین‌المللی مخابرات در حوزه راهبرد ملی امنیت سایبری.

     

    الف. منابع لاتین

    1. Martin Elinga, Jan Hendrik Wirfs, (2015), Modelling and Management of Cyber Risk Institute of
    2. Insurance Economics, University of St. Gallen, Rosenbergstrasse 22, 9000 St. Gallen, Switzerland
    3. C.‌EVANS‌JR., (2016), ‌DATA GOVERNANCE FRAMEWORK IMPLEMENTATION PLAN.
    4. Neda Bazyar Shourabi & Richard Dean& Farzad Moazzami& Yacob Astatke, (2017), A MODEL FOR CYBER ATTACK RISKS IN TELEMETRY NETWORKS
    5. G. Bradley, (2011), A Guid To Risk Management.
    6. O. Kotevska, A. Lbath, and S. Bouzefrane, (2016), Toward a Real-Time Framework in Cloudlet-Based Architecture.
    7. Saurav K.Dutta, (2013),Statistical Techniques for Forensic Accounting Understanding the theory and Application of Data Analysis,
    8. Matthew A. Levin, MD, Jonathan P. Wanderer, MD, MPhil, and Jesse M. Ehrenfeld, MD, MPH, (2015), Data, Big Data, and Metadata in Anesthesiology
    9. Rauscher & Yaschenko (2011). bilateral on cybersecurity: Critical terminology foundations. New York: NY: East-West Institute.
    10. Lowe, Deidre. Metadata (1999), “8th International Dublin core metadata initiative workshop” (2000). Available at: http://www.ifla.org/udt/dc8/ (2007.50.29).
    11. Sabillon, Regner, cavaller, Victor, (2016), National Cyber Security Strategies: Global Trends in Cyberspace
    12. National Institute of Standards and Technology Attn: Computer Security Division, Information Technology Laboratory 100 Bureau Drive, (2011)

Files

History

  • Receive Date: 08 January 2019
  • Revise Date: 14 March 2020
  • Accept Date: 28 February 2019

Share

How to cite

Statistics