Crypto-ransomware are malicious programs that encrypt the data of an infected machine, making it a hostage until the owner of the device decides to pay the fee to recover their information. This has become a complex cybersecurity problem causing more and more economic damage. Crypto-ransomware has rendered cybersecurity models not adequate since they do not establish specific guidelines for the design of countermeasures. This paper proposes a method for the design of countermeasures related to crypto-ransomware attacks based on the NIST 800–53 revision 4 standard and the Information Security Maturity Model published by ISACA in the COBIT Focus magazine. The model consists of five phases: identify vulnerabilities, assess vulnerabilities, propose countermeasures, implement countermeasures, and evaluate countermeasures. This allows an organization to measure its current cybersecurity state, know cybersecurity measures oriented to crypto-ransomware and its prioritization through criticality indexes in a simple, adaptive and easy to implement way. A case study in a Peruvian company shows the simplicity and ease of use of the method, which allows the design of countermeasures with which the level of cybersecurity can be improved by 55.6%.
|Title of host publication
|Networking, Intelligent Systems and Security - Proceedings of NISS 2021
|Mohamed Ben Ahmed, Horia-Nicolai L. Teodorescu, Tomader Mazri, Parthasarathy Subashini, Anouar Abdelhakim Boudhir
|Springer Science and Business Media Deutschland GmbH
|Number of pages
|Published - 2022
|4th International Conference on Networking, Intelligent Systems and Security, NISS 2021 - Kenitra, Morocco
Duration: 1 Apr 2020 → 2 Apr 2020
|Smart Innovation, Systems and Technologies
|4th International Conference on Networking, Intelligent Systems and Security, NISS 2021
|1/04/20 → 2/04/20
Bibliographical notePublisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
- Security Policies