Skip to main content

Cybernetic Risk Management for Methodological Model of NIST-Based to Prevent Cybercrime Approach in Organizations

  • Conference paper
  • First Online:
Proceedings of the Future Technologies Conference (FTC) 2022, Volume 2 (FTC 2022 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 560))

Included in the following conference series:

  • 550 Accesses

Abstract

The activities focused on the implementation of standards related to Cybersecurity and Digital Security has involved not understanding the allocation of physical, logical and electronic controls to devices of digital nature that have elements of criticality identification of information assets and their incorporation in the evaluation of the policies of organizations. This paper proposes a methodological model to implement it in an organization that has threats related to Cybercrime and solve the complexity of analysis among digital security professionals.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Cyberterrorism: It is the action that involves the negative use of a Technology, Technique or tool to generate fear, anxiety, fear or damage to a computer system before a collective right (Victims) in the Cyberspace environment. It can affect a Critically Vulnerable Infrastructure connected to an indispensable service. Term retrieved from the United States Department of Justice and improved under the theory of the Geometry of Cybercrime.

  2. 2.

    Data: A data is a symbolic representation (numerical, alphabetical, algorithmic, spatial, etc.) of a quantitative or qualitative attribute or variable. https://es.wikipedia.org/wiki/Dato, connect expanded by applying it to the proposed article.

  3. 3.

    Attack: In cryptography, a brute force attack is a way of recovering a key by trying all possible combinations until the one that allows access is found https://es.wikipedia.org/wiki/Ataque_de_fuerza_bruta

  4. 4.

    Consumer: the person (undetermined) or company (undetermined) connected through cyberspace by means of a technological platform, which has the tools to carry out transactions for a particular interest, for example: a purchase, a service, etc. (Concept elaborate by the author).

References

  1. NIST: Contingency Planning Guide for Federal Information Systems, NIST Special Publication 800-34 Rev. 1, California (2020)

    Google Scholar 

  2. E. 2. ISO IECP: Intranet Bogotá, 18 Febrero 2020. [En línea]. http://intranet.bogotaturismo.gov.co/sites/intranet.bogotaturismo.gov.co/files/file/NTC-ISO-IEC%2027001.pdf

  3. Ruiz, E.E.O.: LIBRO SOBRE A APLICAO PRACTICA DA INVESTIGACAO CRIMINAL TECNOLOGICA. Brasil, Juspodivm (2020)

    Google Scholar 

  4. RedCiber: RedCiber Blog, [En línea]. https://www.redciber.org/post/gestion-ramsonware

  5. NIST: NIST, 18 02 2020. [En línea]. https://www.nist.gov/about-nist

  6. I. 2. Icontec: ISECAUDITORES, 29 04 2020. [En línea]. https://www.isecauditors.com/consultoria-csf-iso-27032

  7. Franco, D.C., Guerrero, C.D.: Sistema de Administración de Controles de Seguridad Informática basado en ISO/IEC 27002 (2013)

    Google Scholar 

  8. Ridley, G., Young, J., Carroll, P.: COBIT and its utilization: a framework from the literature. In: 37th Annual Hawaii International Conference on System Sciences, p. 8 (2004)

    Google Scholar 

  9. Comité ISACA: Fundamentos de Ciberseguridad, ISBN 978-1-60420-772–9 ed., CSX, p. 194

    Google Scholar 

  10. Debnath, J., Lorga, M., Kumar, A., Huang, Y.: A user-interactive cyber security architecture tool based on NIST-compliance security controls for risk management. In: 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), p. 11 (2019)

    Google Scholar 

  11. Blank, R.M., Gallagher, P.D.: Security and Privacy Controls for Federal Information Systems. National Institute of Standards and Technology (2013)

    Google Scholar 

  12. Abrams, D.M., Weiss, J.: Malicious Control System Cyber Security Attack Case Study: Maroochy Water Services, MITRE, Vols. %1 de %2https://www.mitre.org/publications/technical-papers/malicious-control-system-cyber-security-attack-case-study-maroochy-water-services-australia, nº NIST SP800-53, p. 15 (2008)

  13. Evans, D., Phillip, J.B.: Standards for Security Categorization of Federal Information and Information Systems, FIPS PUB 199, p. 12 (2003)

    Google Scholar 

  14. CISA – NIST: Defending Against Software Supply Chain Attacks, [En línea]. https://www.cisa.gov/sites/default/files/publications/defending_against_software_supply_chain_attacks_508_1.pdf

  15. Iftekhar Ahmed, T.N.S.U.: DLACM (2020). [En línea]. https://dl.acm.org/doi/abs/https://doi.org/10.1145/3377049.3377114

  16. GOV, CISA, 21 Enero 2021. [En línea]. https://www.cisa.gov/news/2021/01/21/cisa-launches-campaign-reduce-risk-ransomware

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to E. Ortiz Ruiz .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ruiz, E.O. (2023). Cybernetic Risk Management for Methodological Model of NIST-Based to Prevent Cybercrime Approach in Organizations. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2022, Volume 2. FTC 2022 2022. Lecture Notes in Networks and Systems, vol 560. Springer, Cham. https://doi.org/10.1007/978-3-031-18458-1_22

Download citation

Publish with us

Policies and ethics