Method for Designing Countermeasures for Crypto-Ransomware Based on the NIST CSF

Hector Torres-Calderon, Marco Velasquez, David Mauricio

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Crypto-ransomware are malicious programs that encrypt the data of an infected machine, making it a hostage until the owner of the device decides to pay the fee to recover their information. This has become a complex cybersecurity problem causing more and more economic damage. Crypto-ransomware has rendered cybersecurity models not adequate since they do not establish specific guidelines for the design of countermeasures. This paper proposes a method for the design of countermeasures related to crypto-ransomware attacks based on the NIST 800–53 revision 4 standard and the Information Security Maturity Model published by ISACA in the COBIT Focus magazine. The model consists of five phases: identify vulnerabilities, assess vulnerabilities, propose countermeasures, implement countermeasures, and evaluate countermeasures. This allows an organization to measure its current cybersecurity state, know cybersecurity measures oriented to crypto-ransomware and its prioritization through criticality indexes in a simple, adaptive and easy to implement way. A case study in a Peruvian company shows the simplicity and ease of use of the method, which allows the design of countermeasures with which the level of cybersecurity can be improved by 55.6%.

Original languageEnglish
Title of host publicationNetworking, Intelligent Systems and Security - Proceedings of NISS 2021
EditorsMohamed Ben Ahmed, Horia-Nicolai L. Teodorescu, Tomader Mazri, Parthasarathy Subashini, Anouar Abdelhakim Boudhir
PublisherSpringer Science and Business Media Deutschland GmbH
Pages365-380
Number of pages16
ISBN (Print)9789811636363
DOIs
StatePublished - 2022
Externally publishedYes
Event4th International Conference on Networking, Intelligent Systems and Security, NISS 2021 - Kenitra, Morocco
Duration: 1 Apr 20202 Apr 2020

Publication series

NameSmart Innovation, Systems and Technologies
Volume237
ISSN (Print)2190-3018
ISSN (Electronic)2190-3026

Conference

Conference4th International Conference on Networking, Intelligent Systems and Security, NISS 2021
Country/TerritoryMorocco
CityKenitra
Period1/04/202/04/20

Bibliographical note

Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

Keywords

  • Crypto-ransomware
  • Cybersecurity
  • Method
  • NIST
  • Security Policies

Fingerprint

Dive into the research topics of 'Method for Designing Countermeasures for Crypto-Ransomware Based on the NIST CSF'. Together they form a unique fingerprint.

Cite this