How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond
Cyber assurance, which is the ability to operate under the onslaught of cyber attacks and other unexpected events, is essential for organizations facing inundating security threats on a daily basis. Organizations usually employ multiple strategies to conduct risk management to achieve cyber assuranc...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2022-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9810315/ |
| _version_ | 1811292255150931968 |
|---|---|
| author | Nan Sun Chang-Tsun Li Hin Chan Md Zahidul Islam Md Rafiqul Islam Warren Armstrong |
| author_facet | Nan Sun Chang-Tsun Li Hin Chan Md Zahidul Islam Md Rafiqul Islam Warren Armstrong |
| author_sort | Nan Sun |
| collection | DOAJ |
| description | Cyber assurance, which is the ability to operate under the onslaught of cyber attacks and other unexpected events, is essential for organizations facing inundating security threats on a daily basis. Organizations usually employ multiple strategies to conduct risk management to achieve cyber assurance. Utilizing cybersecurity standards and certifications can provide guidance for vendors to design and manufacture secure Information and Communication Technology (ICT) products as well as provide a level of assurance of the security functionality of the products for consumers. Hence, employing security standards and certifications is an effective strategy for risk management and cyber assurance. In this work, we begin with investigating the adoption of cybersecurity standards and certifications by surveying 258 participants from organizations across various countries and sectors. Specifically, we identify adoption barriers of the Common Criteria through the designed questionnaire. Taking into account the seven identified adoption barriers, we show the recommendations for promoting cybersecurity standards and certifications. Moreover, beyond cybersecurity standards and certifications, we shed light on other risk management strategies devised by our participants, which provides directions on cybersecurity approaches for enhancing cyber assurance in organizations. |
| first_indexed | 2024-04-13T04:42:41Z |
| format | Article |
| id | doaj.art-c3c4e61c0d054a989ae52d1853939946 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-04-13T04:42:41Z |
| publishDate | 2022-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-c3c4e61c0d054a989ae52d18539399462022-12-22T03:01:57ZengIEEEIEEE Access2169-35362022-01-0110717497176310.1109/ACCESS.2022.31872119810315How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and BeyondNan Sun0https://orcid.org/0000-0001-9123-9022Chang-Tsun Li1https://orcid.org/0000-0003-4735-6138Hin Chan2Md Zahidul Islam3Md Rafiqul Islam4https://orcid.org/0000-0001-8317-5727Warren Armstrong5https://orcid.org/0000-0002-0798-1409School of Engineering and Information Technology, University of New South Wales, Canberra, ACT, AustraliaSchool of Information Technology, Deakin University, Waurn Ponds, VIC, AustraliaAustralian Cyber Security Centre, Kingston, ACT, AustraliaSchool of Computing, Mathematics and Engineering, Charles Sturt University, Bathurst, NSW, AustraliaSchool of Computing, Mathematics and Engineering, Charles Sturt University, Albury, NSW, AustraliaQuintessenceLabs Pty Ltd., Canberra, ACT, AustraliaCyber assurance, which is the ability to operate under the onslaught of cyber attacks and other unexpected events, is essential for organizations facing inundating security threats on a daily basis. Organizations usually employ multiple strategies to conduct risk management to achieve cyber assurance. Utilizing cybersecurity standards and certifications can provide guidance for vendors to design and manufacture secure Information and Communication Technology (ICT) products as well as provide a level of assurance of the security functionality of the products for consumers. Hence, employing security standards and certifications is an effective strategy for risk management and cyber assurance. In this work, we begin with investigating the adoption of cybersecurity standards and certifications by surveying 258 participants from organizations across various countries and sectors. Specifically, we identify adoption barriers of the Common Criteria through the designed questionnaire. Taking into account the seven identified adoption barriers, we show the recommendations for promoting cybersecurity standards and certifications. Moreover, beyond cybersecurity standards and certifications, we shed light on other risk management strategies devised by our participants, which provides directions on cybersecurity approaches for enhancing cyber assurance in organizations.https://ieeexplore.ieee.org/document/9810315/Common criteriacyber securityprotection profilesecurity standard and certificationtrusted system |
| spellingShingle | Nan Sun Chang-Tsun Li Hin Chan Md Zahidul Islam Md Rafiqul Islam Warren Armstrong How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond IEEE Access Common criteria cyber security protection profile security standard and certification trusted system |
| title | How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond |
| title_full | How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond |
| title_fullStr | How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond |
| title_full_unstemmed | How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond |
| title_short | How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond |
| title_sort | how do organizations seek cyber assurance investigations on the adoption of the common criteria and beyond |
| topic | Common criteria cyber security protection profile security standard and certification trusted system |
| url | https://ieeexplore.ieee.org/document/9810315/ |
| work_keys_str_mv | AT nansun howdoorganizationsseekcyberassuranceinvestigationsontheadoptionofthecommoncriteriaandbeyond AT changtsunli howdoorganizationsseekcyberassuranceinvestigationsontheadoptionofthecommoncriteriaandbeyond AT hinchan howdoorganizationsseekcyberassuranceinvestigationsontheadoptionofthecommoncriteriaandbeyond AT mdzahidulislam howdoorganizationsseekcyberassuranceinvestigationsontheadoptionofthecommoncriteriaandbeyond AT mdrafiqulislam howdoorganizationsseekcyberassuranceinvestigationsontheadoptionofthecommoncriteriaandbeyond AT warrenarmstrong howdoorganizationsseekcyberassuranceinvestigationsontheadoptionofthecommoncriteriaandbeyond |