Resumen
Crypto-ransomware are malicious programs that encrypt the data of an infected machine, making it a hostage until the owner of the device decides to pay the fee to recover their information. This has become a complex cybersecurity problem causing more and more economic damage. Crypto-ransomware has rendered cybersecurity models not adequate since they do not establish specific guidelines for the design of countermeasures. This paper proposes a method for the design of countermeasures related to crypto-ransomware attacks based on the NIST 800–53 revision 4 standard and the Information Security Maturity Model published by ISACA in the COBIT Focus magazine. The model consists of five phases: identify vulnerabilities, assess vulnerabilities, propose countermeasures, implement countermeasures, and evaluate countermeasures. This allows an organization to measure its current cybersecurity state, know cybersecurity measures oriented to crypto-ransomware and its prioritization through criticality indexes in a simple, adaptive and easy to implement way. A case study in a Peruvian company shows the simplicity and ease of use of the method, which allows the design of countermeasures with which the level of cybersecurity can be improved by 55.6%.
Idioma original | Inglés |
---|---|
Título de la publicación alojada | Networking, Intelligent Systems and Security - Proceedings of NISS 2021 |
Editores | Mohamed Ben Ahmed, Horia-Nicolai L. Teodorescu, Tomader Mazri, Parthasarathy Subashini, Anouar Abdelhakim Boudhir |
Editorial | Springer Science and Business Media Deutschland GmbH |
Páginas | 365-380 |
Número de páginas | 16 |
ISBN (versión impresa) | 9789811636363 |
DOI | |
Estado | Publicada - 2022 |
Publicado de forma externa | Sí |
Evento | 4th International Conference on Networking, Intelligent Systems and Security, NISS 2021 - Kenitra, Marruecos Duración: 1 abr. 2020 → 2 abr. 2020 |
Serie de la publicación
Nombre | Smart Innovation, Systems and Technologies |
---|---|
Volumen | 237 |
ISSN (versión impresa) | 2190-3018 |
ISSN (versión digital) | 2190-3026 |
Conferencia
Conferencia | 4th International Conference on Networking, Intelligent Systems and Security, NISS 2021 |
---|---|
País/Territorio | Marruecos |
Ciudad | Kenitra |
Período | 1/04/20 → 2/04/20 |
Nota bibliográfica
Publisher Copyright:© 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.