Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/emerald-publishing/obtaining-reasonable-assurance-on-cyber-resilience-Ca8x1Hjuwm
References (28)
-
D. Milea (2017)
Hypothesis in threat hunting -
R. Solms, J. Niekerk (2013)
From information security to cyber securityComput. Secur., 38
-
Daniele Bertoglio, A. Zorzo (2017)
Overview and open issues on penetration testJournal of the Brazilian Computer Society, 23
-
Kenneth Geers (2010)
Live Fire Exercise: Preparing for Cyber WarJournal of Homeland Security and Emergency Management, 7
-
Anna Ståhlbröst, Josefin Lassinantti (2015)
Leveraging Living Lab Innovation Processes through CrowdsourcingTechnology Innovation Management Review, 5
-
Filip Caron, J. Vanthienen, B. Baesens (2013)
Comprehensive rule-based compliance checking and risk management with process miningDecis. Support Syst., 54
-
Md. Miazi, Mir Pritom, Mohamed Shehab, Bill Chu, Jinpeng Wei (2017)
The Design of Cyber Threat Hunting Games: A Case Study2017 26th International Conference on Computer Communication and Networks (ICCCN)
-
Gerald Brown, W. Carlyle, J. Salmerón, Kevin Wood (2005)
Analyzing the Vulnerability of Critical Infrastructure to Attack and Planning Defenses -
(2006)
Fixing the problem of analytical mindsets -
S. Granger (2001)
Social engineering fundamentals, part I hacker tactics -
M. Granåsen, Dennis Andersson (2016)
Measuring team effectiveness in cyber-defense exercises: a cross-disciplinary case studyCognition, Technology & Work, 18
-
Anuja Arora (2012)
Web Application Testing: A Review on Techniques, Tools and State of Art -
H. Boyes (2015)
Cybersecurity and Cyber-Resilient Supply ChainsTechnology Innovation Management Review, 5
-
A. Saad, Ali Al-Ghamdi (2013)
A Survey on Software Security Testing Techniques -
Sajad Homayoun, A. Dehghantanha, Marzieh Ahmadzadeh, S. Hashemi, R. Khayami (2018)
Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and IntelligenceIEEE Transactions on Emerging Topics in Computing, 8
-
M. Imran, S. Badshah (2012)
Vibration Analysis of an Ocean Current Turbine BladeInternational journal of scientific and engineering research, 3
-
Vagner Gonçalves, M. Delamaro, Fátima Nunes (2017)
Applying graphical oracles to evaluate image segmentation resultsJournal of the Brazilian Computer Society, 23
-
J. Stevens (2015)
Hunting for the undefined threat: advanced analytics and visualization -
Defense Sciences Board (2003)
10.21236/ADA430100 -
(2017)
XSS to root in apache jira incident -
Achim Brucker, U. Sodan (2014)
Deploying Static Application Security Testing on a Large Scale -
(2018)
Emerging software testing technologies -
M. Bishop (2007)
About Penetration TestingIEEE Security & Privacy, 5
-
Ola Surakhi, A. Hudaib, M. Alshraideh, Mohammad Khanafseh (2017)
A Survey on Design Methods for Secure Software Development, 16
-
Didier Stevens (2011)
Malicious PDF Documents ExplainedIEEE Security & Privacy, 9
-
(2016)
iso/IEC 27000:2016 -
(2016)
Fuzzing -
J. Diamant (2011)
Resilient Security Architecture: A Complementary Approach to Reducing VulnerabilitiesIEEE Security & Privacy, 9
- Publisher
- Emerald Publishing
- Copyright
- © Emerald Publishing Limited
- ISSN
- 0268-6902
- DOI
- 10.1108/maj-11-2017-1690
- Publisher site
- See Article on Publisher Site
Abstract
The purpose of this paper is to highlight the potential of cyber-testing techniques in assessing the effectiveness of cyber-security controls and obtaining audit evidence.Design/methodology/approachThe paper starts with an identification of the applicable cyber-testing techniques and evaluates their applicability to generally accepted assurance schemes and cyber-security guidelines.FindingsCyber-testing techniques are providing insight in the effectiveness of the actual implementation of cyber-security controls, which may significantly deviate from the conceptual designs of these controls. Furthermore, cyber-testing techniques could provide concise input for cyber-risk management and improvement recommendations.Originality/valueThe presented cyber-testing techniques could complement traditional process-oriented assurance techniques with specialized technical analyses of real-world implementations that focus on the adversaries’ viewpoint.
Journal
Managerial Auditing Journal – Emerald Publishing
Published: May 12, 2021
Keywords: Cyber risk; Cyber security; IT audit; Cyber assurance; Cyber resilience; Cyber security testing