Un modelo integral de auditoría de ciberseguridad para mejorar la garantía de la ciberseguridad: El modelo de auditoría de ciberseguridad (CSAM)

Regner Sabillon, Jordi Serra-Ruiz, Victor Cavaller, Jeimy Cano

Resultado de la investigación: Contribución a libro /Tipo informe o reporteContribución en conferencia

Resumen

Hoy en día, las empresas privadas y las instituciones públicas se enfrentan a constantes y sofisticadas ciberamenazas y ciberataques. Como advertencia general, las organizaciones deben crear y desarrollar una cultura y una conciencia de ciberseguridad para defenderse de los ciberdelincuentes. Las auditorías de Tecnología de la Información (TI) y Seguridad de la Información (InfoSec) que fueron eficientes en el pasado, están tratando de converger en auditorías de ciberseguridad para abordar las amenazas cibernéticas, los riesgos cibernéticos y los ciberataques que evolucionan en un agresivo panorama cibernético. Sin embargo, el aumento del número y la complejidad de los ciberataques y el complicado panorama de las ciberamenazas está desafiando los modelos de auditoría de ciberseguridad en funcionamiento y poniendo en evidencia la necesidad crítica de un nuevo modelo de auditoría de ciberseguridad. Este artículo revisa las mejores prácticas y metodologías de los líderes mundiales en el ámbito de la seguridad cibernética y la auditoría. Mediante el análisis de los enfoques actuales y de los antecedentes teóricos, se ponen de relieve su alcance real, sus puntos fuertes y débiles, con vistas a una síntesis lo más eficaz y coherente posible. Como resultado, este artículo presenta un modelo de auditoría de ciberseguridad original y completo como propuesta para ser utilizada en la realización de auditorías de ciberseguridad en organizaciones y Estados Nacionales. El Modelo de Auditoría de Ciberseguridad (CSAM) evalúa y valida los controles de auditoría, preventivos, forenses y detectives para todas las áreas funcionales de la organización. El CSAM ha sido probado, implementado y validado junto con el Modelo de Formación de Concienciación sobre Ciberseguridad (CATRAM) en una institución de educación superior canadiense. Se está llevando a cabo un estudio de caso de investigación para validar ambos modelos y los resultados se publicarán en consecuencia.
Título traducido de la contribuciónUn modelo integral de auditoría de ciberseguridad para mejorar la garantía de la ciberseguridad: El modelo de auditoría de ciberseguridad (CSAM)
IdiomaEnglish (US)
Título de la publicación alojadaProceedings - 2017 International Conference on Information Systems and Computer Science, INCISCOS 2017
EditorialInstitute of Electrical and Electronics Engineers Inc.
Páginas253-259
Número de páginas7
Volumen2017-November
ISBN (versión digital)9781538626443
DOI
EstadoPublished - mar 29 2018
Evento2nd International Conference on Information Systems and Computer Science, INCISCOS 2017 - Quito
Duración: nov 23 2017nov 25 2017

Conference

Conference2nd International Conference on Information Systems and Computer Science, INCISCOS 2017
PaísEcuador
CiudadQuito
Período11/23/1711/25/17

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Artificial Intelligence
  • Energy Engineering and Power Technology
  • Control and Optimization

Citar esto

Sabillon, R., Serra-Ruiz, J., Cavaller, V., & Cano, J. (2018). A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM). En Proceedings - 2017 International Conference on Information Systems and Computer Science, INCISCOS 2017 (Vol. 2017-November, pp. 253-259). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/INCISCOS.2017.20
Sabillon, Regner ; Serra-Ruiz, Jordi ; Cavaller, Victor ; Cano, Jeimy. / A comprehensive cybersecurity audit model to improve cybersecurity assurance : The cybersecurity audit model (CSAM). Proceedings - 2017 International Conference on Information Systems and Computer Science, INCISCOS 2017. Vol. 2017-November Institute of Electrical and Electronics Engineers Inc., 2018. pp. 253-259
@inproceedings{7556de38424a460389f9e94c8a6c5d7c,
title = "A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM)",
abstract = "Nowadays, private corporations and public institutions are dealing with constant and sophisticated cyberthreats and cyberattacks. As a general warning, organizations must build and develop a cybersecurity culture and awareness in order to defend against cybercriminals. Information Technology (IT) and Information Security (InfoSec) audits that were efficient in the past, are trying to converge into cybersecurity audits to address cyber threats, cyber risks and cyberattacks that evolve in an aggressive cyber landscape. However, the increase in number and complexity of cyberattacks and the convoluted cyberthreat landscape is challenging the running cybersecurity audit models and putting in evidence the critical need for a new cybersecurity audit model. This article reviews the best practices and methodologies of global leaders in the cybersecurity assurance and audit arena. By means of the analysis of the current approaches and theoretical background, their real scope, strengths and weaknesses are highlighted looking forward a most efficient and cohesive synthesis. As a resut, this article presents an original and comprehensive cybersecurity audit model as a proposal to be utilized for conducting cybersecurity audits in organizations and Nation States. The CyberSecurity Audit Model (CSAM) evaluates and validates audit, preventive, forensic and detective controls for all organizational functional areas. CSAM has been tested, implemented and validated along with the Cybersecurity Awareness TRAining Model (CATRAM) in a Canadian higher education institution. A research case study is being conducted to validate both models and the findings will be published accordingly.",
author = "Regner Sabillon and Jordi Serra-Ruiz and Victor Cavaller and Jeimy Cano",
year = "2018",
month = "3",
day = "29",
doi = "10.1109/INCISCOS.2017.20",
language = "English (US)",
volume = "2017-November",
pages = "253--259",
booktitle = "Proceedings - 2017 International Conference on Information Systems and Computer Science, INCISCOS 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

Sabillon, R, Serra-Ruiz, J, Cavaller, V & Cano, J 2018, A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM). En Proceedings - 2017 International Conference on Information Systems and Computer Science, INCISCOS 2017. vol. 2017-November, Institute of Electrical and Electronics Engineers Inc., pp. 253-259, Quito, 11/23/17. https://doi.org/10.1109/INCISCOS.2017.20

A comprehensive cybersecurity audit model to improve cybersecurity assurance : The cybersecurity audit model (CSAM). / Sabillon, Regner; Serra-Ruiz, Jordi; Cavaller, Victor; Cano, Jeimy.

Proceedings - 2017 International Conference on Information Systems and Computer Science, INCISCOS 2017. Vol. 2017-November Institute of Electrical and Electronics Engineers Inc., 2018. p. 253-259.

Resultado de la investigación: Contribución a libro /Tipo informe o reporteContribución en conferencia

TY - GEN

T1 - A comprehensive cybersecurity audit model to improve cybersecurity assurance

T2 - The cybersecurity audit model (CSAM)

AU - Sabillon, Regner

AU - Serra-Ruiz, Jordi

AU - Cavaller, Victor

AU - Cano, Jeimy

PY - 2018/3/29

Y1 - 2018/3/29

N2 - Nowadays, private corporations and public institutions are dealing with constant and sophisticated cyberthreats and cyberattacks. As a general warning, organizations must build and develop a cybersecurity culture and awareness in order to defend against cybercriminals. Information Technology (IT) and Information Security (InfoSec) audits that were efficient in the past, are trying to converge into cybersecurity audits to address cyber threats, cyber risks and cyberattacks that evolve in an aggressive cyber landscape. However, the increase in number and complexity of cyberattacks and the convoluted cyberthreat landscape is challenging the running cybersecurity audit models and putting in evidence the critical need for a new cybersecurity audit model. This article reviews the best practices and methodologies of global leaders in the cybersecurity assurance and audit arena. By means of the analysis of the current approaches and theoretical background, their real scope, strengths and weaknesses are highlighted looking forward a most efficient and cohesive synthesis. As a resut, this article presents an original and comprehensive cybersecurity audit model as a proposal to be utilized for conducting cybersecurity audits in organizations and Nation States. The CyberSecurity Audit Model (CSAM) evaluates and validates audit, preventive, forensic and detective controls for all organizational functional areas. CSAM has been tested, implemented and validated along with the Cybersecurity Awareness TRAining Model (CATRAM) in a Canadian higher education institution. A research case study is being conducted to validate both models and the findings will be published accordingly.

AB - Nowadays, private corporations and public institutions are dealing with constant and sophisticated cyberthreats and cyberattacks. As a general warning, organizations must build and develop a cybersecurity culture and awareness in order to defend against cybercriminals. Information Technology (IT) and Information Security (InfoSec) audits that were efficient in the past, are trying to converge into cybersecurity audits to address cyber threats, cyber risks and cyberattacks that evolve in an aggressive cyber landscape. However, the increase in number and complexity of cyberattacks and the convoluted cyberthreat landscape is challenging the running cybersecurity audit models and putting in evidence the critical need for a new cybersecurity audit model. This article reviews the best practices and methodologies of global leaders in the cybersecurity assurance and audit arena. By means of the analysis of the current approaches and theoretical background, their real scope, strengths and weaknesses are highlighted looking forward a most efficient and cohesive synthesis. As a resut, this article presents an original and comprehensive cybersecurity audit model as a proposal to be utilized for conducting cybersecurity audits in organizations and Nation States. The CyberSecurity Audit Model (CSAM) evaluates and validates audit, preventive, forensic and detective controls for all organizational functional areas. CSAM has been tested, implemented and validated along with the Cybersecurity Awareness TRAining Model (CATRAM) in a Canadian higher education institution. A research case study is being conducted to validate both models and the findings will be published accordingly.

UR - http://www.scopus.com/inward/record.url?scp=85050981578&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050981578&partnerID=8YFLogxK

U2 - 10.1109/INCISCOS.2017.20

DO - 10.1109/INCISCOS.2017.20

M3 - Conference contribution

VL - 2017-November

SP - 253

EP - 259

BT - Proceedings - 2017 International Conference on Information Systems and Computer Science, INCISCOS 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Sabillon R, Serra-Ruiz J, Cavaller V, Cano J. A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM). En Proceedings - 2017 International Conference on Information Systems and Computer Science, INCISCOS 2017. Vol. 2017-November. Institute of Electrical and Electronics Engineers Inc. 2018. p. 253-259 https://doi.org/10.1109/INCISCOS.2017.20