Abstract
Crypto-ransomware are malicious programs that encrypt the data of an infected machine, making it a hostage until the owner of the device decides to pay the fee to recover their information. This has become a complex cybersecurity problem causing more and more economic damage. Crypto-ransomware has rendered cybersecurity models not adequate since they do not establish specific guidelines for the design of countermeasures. This paper proposes a method for the design of countermeasures related to crypto-ransomware attacks based on the NIST 800–53 revision 4 standard and the Information Security Maturity Model published by ISACA in the COBIT Focus magazine. The model consists of five phases: identify vulnerabilities, assess vulnerabilities, propose countermeasures, implement countermeasures, and evaluate countermeasures. This allows an organization to measure its current cybersecurity state, know cybersecurity measures oriented to crypto-ransomware and its prioritization through criticality indexes in a simple, adaptive and easy to implement way. A case study in a Peruvian company shows the simplicity and ease of use of the method, which allows the design of countermeasures with which the level of cybersecurity can be improved by 55.6%.
Original language | English |
---|---|
Title of host publication | Networking, Intelligent Systems and Security - Proceedings of NISS 2021 |
Editors | Mohamed Ben Ahmed, Horia-Nicolai L. Teodorescu, Tomader Mazri, Parthasarathy Subashini, Anouar Abdelhakim Boudhir |
Publisher | Springer Science and Business Media Deutschland GmbH |
Pages | 365-380 |
Number of pages | 16 |
ISBN (Print) | 9789811636363 |
DOIs | |
State | Published - 2022 |
Externally published | Yes |
Event | 4th International Conference on Networking, Intelligent Systems and Security, NISS 2021 - Kenitra, Morocco Duration: 1 Apr 2020 → 2 Apr 2020 |
Publication series
Name | Smart Innovation, Systems and Technologies |
---|---|
Volume | 237 |
ISSN (Print) | 2190-3018 |
ISSN (Electronic) | 2190-3026 |
Conference
Conference | 4th International Conference on Networking, Intelligent Systems and Security, NISS 2021 |
---|---|
Country/Territory | Morocco |
City | Kenitra |
Period | 1/04/20 → 2/04/20 |
Bibliographical note
Publisher Copyright:© 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
Keywords
- Crypto-ransomware
- Cybersecurity
- Method
- NIST
- Security Policies