This paper proposes a holistic cybersecurity online tool to support implementation activities of the “National Framework for Cybersecurity & Data Protection”, one of its contextualizations, as well as the fifteen “Essential Cybersecurity Controls”. It also aims at promoting its wide dissemination by SMEs. All the regulations, standards and national/international laws mentioned as “Informative References” for each Subcategory in the Framework Core are, in fact, made available through a web application where they can be consulted with a few clicks, guiding even less experienced users in the creation of their cybersecurity compliance projects. The research and analysis activities conducted with a systematic, global and conceptual approach - consistent with the original document - have been aimed at highlighting the substantial differences between IT/OT cybersecurity requirements in order to increase, through a comparative analysis, the cyber resilience of national critical infrastructures. Meanwhile, since an important step towards cyberspace security is a global increase in the level of cyber risk awareness, the tool aims to be used for education and training programs too, both at the corporate and academic levels, in order to bridge the skills gap in the job market between job seekers and employers. For this purpose, some of the main reference standards used for auditing, vulnerability assessment and risk management activities have been included.

OT Cyber Security Frameworks Comparison Tool (CSFCTool)

Giuseppina Murino;Marina Ribaudo;Armando Tacchella
2021-01-01

Abstract

This paper proposes a holistic cybersecurity online tool to support implementation activities of the “National Framework for Cybersecurity & Data Protection”, one of its contextualizations, as well as the fifteen “Essential Cybersecurity Controls”. It also aims at promoting its wide dissemination by SMEs. All the regulations, standards and national/international laws mentioned as “Informative References” for each Subcategory in the Framework Core are, in fact, made available through a web application where they can be consulted with a few clicks, guiding even less experienced users in the creation of their cybersecurity compliance projects. The research and analysis activities conducted with a systematic, global and conceptual approach - consistent with the original document - have been aimed at highlighting the substantial differences between IT/OT cybersecurity requirements in order to increase, through a comparative analysis, the cyber resilience of national critical infrastructures. Meanwhile, since an important step towards cyberspace security is a global increase in the level of cyber risk awareness, the tool aims to be used for education and training programs too, both at the corporate and academic levels, in order to bridge the skills gap in the job market between job seekers and employers. For this purpose, some of the main reference standards used for auditing, vulnerability assessment and risk management activities have been included.
File in questo prodotto:
File Dimensione Formato  
paper.pdf

accesso aperto

Descrizione: Contributo in atti di convegno
Tipologia: Documento in Post-print
Dimensione 2.96 MB
Formato Adobe PDF
2.96 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11567/1071300
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? ND
social impact