Ahmad, Arniyati (2016) A cyber exercise post assessment framework: In Malaysia perspectives. PhD thesis, University of Glasgow.
Full text available as:
PDF
Download (3MB) |
Abstract
Critical infrastructures are based on complex systems that provide vital services to the nation. The complexities of the interconnected networks, each managed by individual organisations, if not properly secured, could offer vulnerabilities that threaten other organisations’ systems that depend on their services. This thesis argues that the awareness of interdependencies
among critical sectors needs to be increased. Managing and securing critical infrastructure is not isolated responsibility of a government or an individual organisation. There is a need for a strong collaboration among critical service providers of public and private organisations in protecting critical information infrastructure. Cyber exercises have been incorporated in national cyber security strategies as part of critical information infrastructure protection. However, organising a cyber exercise involved multi sectors is challenging due to the diversity of participants’ background, working environments and incidents response policies. How well the lessons learned from the cyber exercise and how it can be transferred to the participating organisations is still a looming question. In order to understand the implications of cyber exercises on what participants have learnt and how it benefits participants’ organisation, a Cyber Exercise Post Assessment (CEPA) framework was proposed in this research. The CEPA framework consists of two parts. The first part aims to investigate the lessons learnt by participants from a cyber exercise using the four levels of the Kirkpatrick Training Model to identify their perceptions on reaction, learning, behaviour and results of the exercise. The second part investigates the Organisation Cyber Resilience (OCR) of participating sectors. The framework was used to study the impact of the cyber exercise called X Maya in Malaysia. Data collected through interviews with X Maya 5 participants were coded and categorised based on four levels according to the Kirkpatrick Training Model, while online surveys distributed to ten Critical National Information Infrastructure (CNII) sectors participated
in the exercise. The survey used the C-Suite Executive Checklist developed by World Economic Forum in 2012. To ensure the suitability of the tool used to investigate the OCR, a reliability test conducted on the survey items showed high internal consistency results. Finally, individual OCR scores were used to develop the OCR Maturity Model to provide the organisation cyber resilience perspectives of the ten CNII sectors.
Item Type: | Thesis (PhD) |
---|---|
Qualification Level: | Doctoral |
Additional Information: | 1)Chapter 6 : A Preliminary Investigation on Organisation Resilience - has been published in Impact of Scenario Based Exercises on Organisation Resilience in Critical Infrastructure Organisations at 3rd International Conference on Technology Management, Business And Entrepreneurship Proceeding, 2014 at Malacca, Malaysia. 2) Chapter 7 has been published in Investigation on Organisation Cyber Resilience ,World Academy of Science, Engineering and Technology, International Science Index. Page 3762-3767. 17th International Conference on Information Systems Security Management (ICISSM 2015) Conference Proceeding .July, 29-30, 2015 at Istanbul, Turkey.2015. |
Keywords: | Critical infrastructure protection, critical national information infrastructure, cyber exercise, cyber resilience, organisation resilience, Kirpatrick Training Model. |
Subjects: | A General Works > AC Collections. Series. Collected works H Social Sciences > HA Statistics L Education > LG Individual institutions (Asia. Africa) T Technology > T Technology (General) |
Colleges/Schools: | College of Science and Engineering > School of Computing Science |
Supervisor's Name: | Johnson, Professor Christopher and Storer, Dr. Timothy |
Date of Award: | 2016 |
Depositing User: | Mrs Arniyati Ahmad |
Unique ID: | glathesis:2016-7553 |
Copyright: | Copyright of this thesis is held by the author. |
Date Deposited: | 05 Sep 2016 08:04 |
Last Modified: | 13 Oct 2016 12:05 |
URI: | https://theses.gla.ac.uk/id/eprint/7553 |
Actions (login required)
View Item |
Downloads
Downloads per month over past year