Ανάπτυξη πλατφόρμας αξιολόγησης και καταγραφής επιπέδου ωριμότητας οργανισμών σε θέματα κυβερνοασφάλειας και κυβερνοάμυνας
Development of a cybersecurity and cyberdefence maturity assessment and documentation platform for organizations
Ιn the era of digitalization, cyber threats represent an important risk for every organization. The organizations are forced to assess these threats against the impact they can cause on their digital assets and implement the necessary countermeasures. Risk Analysis is a common and effective practice which an organization must execute in frequent time frames in order to mitigate the relevant cyber risks. Regardless of the Risk Assessment a frequently executed Cybersecurity Maturity Assessment based on global Cybersecurity frameworks, standards and best practices, can assist an organization to prepare and evolve against cyberthreats.The Cybersecurity Maturity Assessment is a short procedure. It can be performed from a single person expert of the IT infrastructure of the assessed organization, such as the IT Director, the Information Security Officer or the IT Compliance Officer but it must be performed as a circular process (GAP assessment) and should set/meet higher targets in each cycle. The Cybersecurity Maturity Assessment Tool developed in this thesis can serve SME and large organizations to perform these kind of assessments. The Tool is based on the CIS Controls and uses the CIS CDM to implement the MITRE Attack Framework. he tool provides 4 different maturity assessment scores: o Based on the CIS controls, a high-level approach which could also serve as a compliance report against these controls. o CIS Community Defense Model1, Master Mapping approach. During this maturity assessment each CIS control takes the value of the amount of all MITRE Attack (sub)techniques it mitigates. o NIST2 Security Functions based assessment scores, provides a bigger picture of the implemented controls and the role they serve. o CIS Community Defense Model Reverse Mapping security score. Based on the CDM study the score o results from the efficiency to mitigate the Top5 Threads, which are Malware, Ransomware, Web Application Hacking, Insider Privilege Misuse, Targeted Intrusion. Based on the above scores, the tool provides the corresponding rule-based recommendations so that the organization can take the necessary measures.