Method for Designing Countermeasures for Crypto-Ransomware Based on the NIST CSF

Hector Torres-Calderon, Marco Velasquez, David Mauricio

Producción científica: Capítulo del libro/informe/acta de congresoContribución a la conferenciarevisión exhaustiva

Resumen

Crypto-ransomware are malicious programs that encrypt the data of an infected machine, making it a hostage until the owner of the device decides to pay the fee to recover their information. This has become a complex cybersecurity problem causing more and more economic damage. Crypto-ransomware has rendered cybersecurity models not adequate since they do not establish specific guidelines for the design of countermeasures. This paper proposes a method for the design of countermeasures related to crypto-ransomware attacks based on the NIST 800–53 revision 4 standard and the Information Security Maturity Model published by ISACA in the COBIT Focus magazine. The model consists of five phases: identify vulnerabilities, assess vulnerabilities, propose countermeasures, implement countermeasures, and evaluate countermeasures. This allows an organization to measure its current cybersecurity state, know cybersecurity measures oriented to crypto-ransomware and its prioritization through criticality indexes in a simple, adaptive and easy to implement way. A case study in a Peruvian company shows the simplicity and ease of use of the method, which allows the design of countermeasures with which the level of cybersecurity can be improved by 55.6%.

Idioma originalInglés
Título de la publicación alojadaNetworking, Intelligent Systems and Security - Proceedings of NISS 2021
EditoresMohamed Ben Ahmed, Horia-Nicolai L. Teodorescu, Tomader Mazri, Parthasarathy Subashini, Anouar Abdelhakim Boudhir
EditorialSpringer Science and Business Media Deutschland GmbH
Páginas365-380
Número de páginas16
ISBN (versión impresa)9789811636363
DOI
EstadoPublicada - 2022
Publicado de forma externa
Evento4th International Conference on Networking, Intelligent Systems and Security, NISS 2021 - Kenitra, Marruecos
Duración: 1 abr. 20202 abr. 2020

Serie de la publicación

NombreSmart Innovation, Systems and Technologies
Volumen237
ISSN (versión impresa)2190-3018
ISSN (versión digital)2190-3026

Conferencia

Conferencia4th International Conference on Networking, Intelligent Systems and Security, NISS 2021
País/TerritorioMarruecos
CiudadKenitra
Período1/04/202/04/20

Nota bibliográfica

Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

Huella

Profundice en los temas de investigación de 'Method for Designing Countermeasures for Crypto-Ransomware Based on the NIST CSF'. En conjunto forman una huella única.

Citar esto