Number of Pages : 52 leaves
Adviser : Prof. Paolo Noel G. Paje
Abstract
The study aims to recommend a cybersecurity framework that best fits the 954th Cyberspace Operations Squadron of the Philippine Air Force. The 954th COS is the team responsible for managing all the cyberspace operations related services of the PAF. In addition, it formulates and implements policies related to cyberspace operations and cascades them to all the different units of the PAF. It is also responsible in providing sound advice to the Group Commander, 950th CEISG for all matters pertaining to cybersecurity. On a daily basis, the squadron ensures that the confidentiality, integrity and availability of data within the PAF cyberspace are safeguarded.
The study further highlights the strategies and frameworks that are commonly used by advanced countries in cybersecurity and some of those in the ASEAN region. Most commonly used frameworks are the "ISO 27001 Information Security Management Systems" developed by the International Organization for Standardization and the "Framework for Improving Critical Infrastructure Cybersecurity" developed by the National Institute of Standards and Technology (NIST). In the process, the elements that constitute a sound framework were identified. In addition, a risk assessment of the 954th COS is conducted and mapped against the above mentioned frameworks. Finally, the framework that is suited to the organizational requirements is recommended for adoption.
ISO 27001 is a management framework where a sound risk management approach is implemented to ensure the confidentiality, integrity and availability of an organization's critical information. Specifically, this is done through identification of information risks and application of appropriate controls to mitigate the risks. It is a globally recognized certification in information security, that is used by organizations whether in government and private sectors. On the other hand, NIST Cybersecurity Framework is a voluntary guidance, based on existing standards, guidelines and practices for organizations to better manage and reduce cybersecurity risk. It is designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.
The adoption of an industry standard framework enables the organization to determine its current posture and its desired state as far as information security is concerned. The results may be used for strategic management and further empower the organization towards accomplishing its mission and realizing its vision.
The study further highlights the strategies and frameworks that are commonly used by advanced countries in cybersecurity and some of those in the ASEAN region. Most commonly used frameworks are the "ISO 27001 Information Security Management Systems" developed by the International Organization for Standardization and the "Framework for Improving Critical Infrastructure Cybersecurity" developed by the National Institute of Standards and Technology (NIST). In the process, the elements that constitute a sound framework were identified. In addition, a risk assessment of the 954th COS is conducted and mapped against the above mentioned frameworks. Finally, the framework that is suited to the organizational requirements is recommended for adoption.
ISO 27001 is a management framework where a sound risk management approach is implemented to ensure the confidentiality, integrity and availability of an organization's critical information. Specifically, this is done through identification of information risks and application of appropriate controls to mitigate the risks. It is a globally recognized certification in information security, that is used by organizations whether in government and private sectors. On the other hand, NIST Cybersecurity Framework is a voluntary guidance, based on existing standards, guidelines and practices for organizations to better manage and reduce cybersecurity risk. It is designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.
The adoption of an industry standard framework enables the organization to determine its current posture and its desired state as far as information security is concerned. The results may be used for strategic management and further empower the organization towards accomplishing its mission and realizing its vision.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.