Search Results (25)

Objectives: The persistent evolution of software vulnerabilities—spanning novel zero-day exploits to logic-level flaws—continues to challenge conventional cybersecurity mechanisms. Static rule-based scanners and opaque deep learning models often lack the precision and contextual understanding required for both accurate detection and analyst interpretability. This paper presents a hybrid framework for real-time vulnerability detection that improves both robustness and explainability. Methods: The framework integrates semantic encoding via Bidirectional Encoder Representations from Transformers (BERTs), structural analysis using Deep Graph Convolutional Neural Networks (DGCNNs), and lightweight prioritization through Kernel Extreme Learning Machines (KELMs). The architecture incorporates Minimum Intermediate Representation (MIR) learning to reduce false positives and fuses multi-modal data (source code, execution traces, textual metadata) for robust, scalable performance. Explainable Artificial Intelligence (XAI) visualizations—combining SHAP-based attributions and CVSS-aligned pair plots—serve as an analyst-facing interpretability layer. The framework is evaluated on benchmark datasets, including VulnDetect and the NIST Software Reference Library (NSRL, version 2024.12.1, used strictly as a benign baseline for false positive estimation). Results: Our evaluation reports that precision, recall, AUPRC, MCC, and calibration (ECE/Brier score) demonstrated improved robustness and reduced false positives compared to baselines. An internal interpretability validation was conducted to align SHAP/GNNExplainer outputs with known vulnerability features; formal usability testing with practitioners is left as future work. Conclusions: The framework, Designed with DevSecOps integration in mind, the system is packaged in containerized modules (Docker/Kubernetes) and outputs SIEM-compatible alerts, enabling potential compatibility with Splunk, GitLab CI/CD, and similar tools. While full enterprise deployment was not performed, these deployment-oriented design choices support scalability and practical adoption. Full article

This paper introduces the Automated Zero Trust Risk Management with DevSecOps Integration (AZTRM-D) framework, a novel approach that embeds security throughout the entire Secure Software and System Development Life Cycle (S-SDLC). AZTRM-D strategically unifies three established methodologies: DevSecOps practices, the NIST Risk Management Framework (RMF), and the Zero Trust (ZT) model. It then significantly augments their capabilities through the pervasive application of Artificial Intelligence (AI). This integration shifts traditional, often fragmented, security paradigms towards a proactive, automated, and continuously adaptive security posture. AI serves as the foundational enabler, providing real-time threat intelligence, automating critical security controls, facilitating continuous vulnerability detection, and enabling dynamic policy enforcement from initial code development through operational deployment. By automating key security functions and providing continuous oversight, AZTRM-D enhances risk mitigation, reduces vulnerabilities, streamlines compliance, and significantly strengthens the overall security posture of software systems, thereby addressing the complexities of modern cyber threats and accelerating the delivery of secure software. Full article

The increased occurrence and severity of cyber-attacks on critical infrastructure have underscored the need to embrace systematic and prospective approaches to resilience. The current research takes as its hypothesis that the InfraGuard Cybersecurity Framework—a capability model that measures the maturity of cyber resilience through three functional pillars, Cyber as a Shield, Cyber as a Space, and Cyber as a Sword—is an implementable and understandable means to proceed with. The model treats the significant aspects of situational awareness, active defense, risk management, and recovery from incidents and is measured using globally standardized maturity models like ISO/IEC 15504, NIST CSF, and COBIT. The contributions include multidimensional measurements of resilience, a scored scale of capability (0–5), and domain-based classification enabling organizations to assess and enhance their cybersecurity situation in a formalized manner. The framework’s applicability is illustrated in three exploratory settings of power grids, healthcare systems, and airports, each constituting various levels of maturity in resilience. This study provides down-to-earth recommendations to policymakers through the translation of the attributes of resilience into concrete assessment indicators, promoting policymaking, investment planning, and global cyber defense collaboration. Full article

This study investigates the cybersecurity landscape of Aotearoa-New Zealand through a culturally grounded lens, focusing on the integration of Indigenous Māori values into cybersecurity frameworks. In response to escalating cyber threats, the research adopts a mixed-methods and interdisciplinary approach—combining surveys, focus groups, and case studies—to explore how cultural principles such as whanaungatanga (collective responsibility) and manaakitanga (care and respect) influence digital safety practices. The findings demonstrate that culturally informed strategies enhance trust, resilience, and community engagement, particularly in rural and underserved Māori communities. Quantitative analysis revealed that 63% of urban participants correctly identified phishing attempts compared to 38% of rural participants, highlighting a significant urban–rural awareness gap. Additionally, over 72% of Māori respondents indicated that cybersecurity messaging was more effective when delivered through familiar cultural channels, such as marae networks or iwi-led training programmes. Focus groups reinforced this, with participants noting stronger retention and behavioural change when cyber risks were communicated using Māori metaphors, language, or values-based analogies. The study also confirms that culturally grounded interventions—such as incorporating Māori motifs (e.g., koru, poutama) into secure interface design and using iwi structures to disseminate best practices—can align with international standards like NIST CSF and ISO 27001. This compatibility enhances stakeholder buy-in and demonstrates universal applicability in multicultural contexts. Key challenges identified include a cybersecurity talent shortage in remote areas, difficulties integrating Indigenous perspectives into mainstream policy, and persistent barriers from the digital divide. The research advocates for cross-sector collaboration among government, private industry, and Indigenous communities to co-develop inclusive, resilient cybersecurity ecosystems. Based on the UTAUT and New Zealand’s cybersecurity vision “Secure Together—Tō Tātou Korowai Manaaki 2023–2028,” this study provides a model for small nations and multicultural societies to create robust, inclusive cybersecurity frameworks. Full article

Cybersecurity is an essential component for preserving the integrity of healthcare systems, particularly in the face of the increasing adoption of interconnected medical devices, which significantly expands cyber risk exposure. A critical issue in this context is the fragmentation of knowledge regarding the security of these devices. The absence of a unified framework hampers the systematic identification of vulnerabilities and the effective implementation of protective measures. This study highlights such fragmentation by requiring the integration of seven ISO standards, nine NIST controls, one HIPAA regulation, one ENISA directive, one GDPR regulation, and one HITRUST framework, along with the review of 47 scientific articles and analysis of 27 documented vulnerabilities (CVEs). The need to consult this broad range of sources reflects both the complexity of the regulatory landscape and the lack of standardization in medical device security. Based on this review, key pillars were defined to support an integral and adaptable security model. This model provides a practical tool to strengthen digital healthcare infrastructures, facilitate continuous audits, and mitigate emerging threats, all while aligning with international standards. Furthermore, it promotes the consolidation of fragmented knowledge, helping to close security gaps and enhance the resilience of healthcare systems in a globalized environment. Full article

As cyber threats escalate in scale and sophistication, the imperative to secure public data through theoretically grounded and practically viable frameworks becomes increasingly urgent. This review investigates whether and how criminology theories have effectively informed the development and implementation of information security management frameworks (ISMFs) to prevent cybercrime and fortify the digital ecosystem’s resilience. Anchored in a comprehensive bibliometric analysis of 617 peer-reviewed records extracted from Scopus and Web of Science, the study employs Multiple Correspondence Analysis (MCA), conceptual co-word mapping, and citation coupling to systematically chart the intellectual landscape bridging criminology and cybersecurity. The review reveals those foundational criminology theories—particularly routine activity theory, rational choice theory, and deterrence theory—have been progressively adapted to cyber contexts, offering novel insights into offender behaviour, target vulnerability, and systemic guardianship. In parallel, the study critically engages with global cybersecurity standards such as National Institute of Standards and Technology (NIST) and ISO, to evaluate how criminological principles are embedded in practice. Using data from the Global Cybersecurity Index (GCI), the paper introduces an innovative visual mapping of the divergence between cybersecurity preparedness and digital development across 170+ countries, revealing strategic gaps and overperformers. This paper ultimately argues for an interdisciplinary convergence between criminology and cybersecurity governance, proposing that the integration of criminological logic into cybersecurity frameworks can enhance risk anticipation, attacker deterrence, and the overall security posture of digital public infrastructures. Full article

Anomaly-based attack detection methods depend on some form of machine learning to detect data falsification attacks in smart living cyber–physical systems. However, there is a lack of studies that consider the presence of attacks during the training phase and their effect on detection and false alarm performance. To improve the robustness of time series learning for anomaly detection, we propose a framework by modifying design choices such as regression error type and loss function type while learning the thresholds for an anomaly detection framework during the training phase. Specifically, we offer theoretical proofs on the relationship between poisoning attack strengths and how that informs the choice of loss functions used to learn the detection thresholds. This, in turn, leads to explainability of why and when our framework mitigates data poisoning and the trade-offs associated with such design changes. The theoretical results are backed by experimental results that prove attack mitigation performance with NIST-specified metrics for CPS, using real data collected from a smart metering infrastructure as a proof of concept. Thus, the contribution is a framework that guarantees security of ML and ML for security simultaneously. Full article

The objective of this research was to propose a conceptual cybersecurity framework aimed at guiding developers in generating and implementing technological solutions for Edge Computing and Internet of Things (IoT) environments. The framework integrates NIST standards and SecDevOps practices, and was developed based on an extensive literature review, synthesizing evidence-based knowledge to offer a comprehensive perspective on actions necessary to address cybersecurity challenges in these environments. The core element of the framework, Govern, led to four primary components: Identity, Protect, Detect, and Respond and Recover. Each component outlines specific actions for identifying cybersecurity vulnerabilities, implementing strategies, and prioritizing privacy and integrity requirements. In order to establish a solid theoretical foundation of the proposal, the framework was conceptually validated through a qualitative method for collecting feedback from a panel of 35 experts from industry, government, and academia. Evaluators confirmed the framework’s relevance, highlighting its integration of NIST standards and SecDevOps practices. This combination is regarded as offering a modular and effective approach for aligning cybersecurity practices with governance principles, addressing cybersecurity challenges, enhancing compliance readiness, supporting secure development, and fostering resilient architectures in IoT and Edge Computing environments. The findings of this evaluation are perceived as promising, since the proposal is considered potentially beneficial to the field of cybersecurity by providing a structured practical framework that could serve as a foundational tool for strengthening security practices in Edge Computing and IoT environments. Full article

The digital transformation of manufacturing through OT, IoT, and AI integration has created extensive networked sensor ecosystems, introducing critical cybersecurity vulnerabilities at IT-OT interfaces. This might particularly challenge the detection component of the NIST cybersecurity framework. To address this concern, the authors designed a diverse machine learning-based intrusion detection system framework for industrial control systems (DICS). DICS implements a sophisticated dual-module architecture. The screening analysis module initially categorizes network traffic as either unidentifiable or recognized packets, while the classification analysis module subsequently determines specific attack types for identifiable traffic. When unrecognized zero-day attack traffic accumulates in a buffer and reaches a predetermined threshold, the agile training module incorporates these patterns into the system, which enables continuous adaptation. During experimental validation, the authors rigorously assess dataset industrial relevance and strategically divide the datasets into four distinct groups to accurately simulate diverse network traffic patterns characteristic of real industrial environments. Moreover, the authors highlight the system’s alignment with IEC 62443 requirements for industrial control system security. In conclusion, the comprehensive analysis demonstrates that DICS delivers superior detection capabilities for malicious network traffic in industrial settings. Full article

While security frameworks like the NIST CSF and ISO 27001 provide organizations with standardized best practices for cybersecurity, these practices must be implemented in organizations by people with the necessary skills and knowledge and be supported by effective technological solutions. This article explores the challenges and opportunities of building sustainable cybersecurity capabilities in resource-constrained organizations, specifically Norwegian municipalities. The research introduces the concept of sustainable cybersecurity capabilities, emphasizing the importance of a socio-technical approach that integrates technology, people, and organizational structure. A mixed-methods study was employed, combining document analysis of relevant cybersecurity frameworks with a modified Delphi study and semi-structured interviews with municipal cybersecurity practitioners. Findings highlight six core cybersecurity capabilities within municipalities, along with key challenges in implementing and sustaining these capabilities. These challenges include ambiguities in role formalization, skills gaps, difficulties in deploying advanced security technologies, and communication barriers between central IT and functional areas. Furthermore, the potential of artificial intelligence and cooperative strategies to enhance municipal cybersecurity is considered. Ultimately, the study highlights the need for a holistic perspective in developing sustainable cybersecurity capabilities, offering implications for both research and practice within municipalities and local government. Full article

Cybersecurity is critical for mitigating the economic and reputational impacts of cyberattacks. To address these risks, frameworks like the NIST Cybersecurity Framework (NIST CSF) provide standardized guidelines for managing and reducing cybersecurity threats. This paper presents a maturity assessment approach aligned with the NIST CSF, incorporating a dual-survey methodology. The first survey engages cybersecurity experts to calibrate question importance, while the second targets organizations across management, IT staff, and other roles. The approach employs algorithms to deliver consistent evaluations and facilitate cross-organization comparisons. Results from case studies illustrate cybersecurity maturity levels for each NIST CSF function and highlight priority controls for enhancing organizational cybersecurity. Full article

With ongoing cyber threats stemming from persistent hacking attempts, relentless efforts are being made to prevent such threats at their source. Recently, the concept of “zero trust”, introduced by the United States National Institute of Standards and Technology (NIST), has emerged as a promising approach in this regard. Zero Trust (ZT) is not a standalone security solution but rather a framework of concepts aimed at achieving a higher level of security. It provides a paradigm that outlines the fundamental philosophy, core principles, and operational guidelines for enhanced security. While the guiding principle of “Never Trust, Always Verify” has gained widespread acceptance, many corporate security managers remain uncertain about how to implement ZT effectively. To address this challenge, this paper presents a security network designed to align with the corporate sector’s concept of security architecture based on the principles of ZT. Furthermore, it proposes and verifies a method to strengthen security using Secure Sockets Layer (SSL) and Digital Rights Management (DRM). These technologies were selected because, among the various principles of Zero Trust architecture (ZTA), they effectively support centralized policy management and access control. This paper is expected to be effective in preventing related risks and contribute to building a more effective information security system that helps organizations combat increasingly sophisticated cyber threats. Full article

The sophistication of cyberthreats demands more efficient and intelligent tools to support Security Operations Centers (SOCs) in managing and mitigating incidents. To address this, we developed the Security Event Response Copilot (SERC), a system designed to assist analysts in responding to and mitigating security breaches more effectively. SERC integrates two core components: (1) security event data extraction using Retrieval-Augmented Generation (RAG) methods, and (2) LLM-based incident response guidance. This paper specifically utilizes Wazuh, an open-source Security Information and Event Management (SIEM) platform, as the foundation for capturing, analyzing, and correlating security events from endpoints. SERC leverages Wazuh’s capabilities to collect real-time event data and applies a RAG approach to retrieve context-specific insights from three vectorized data collections: incident response knowledge, the MITRE ATT&CK framework, and the NIST Cybersecurity Framework (CSF) 2.0. This integration bridges strategic risk management and tactical intelligence, enabling precise identification of adversarial tactics and techniques while adhering to best practices in cybersecurity. The results demonstrate the potential of combining structured threat intelligence frameworks with AI-driven models, empowered by Wazuh’s robust SIEM capabilities, to address the dynamic challenges faced by SOCs in today’s complex cybersecurity environment. Full article

The growing prevalence of cybersecurity threats is a significant concern for railway systems, which rely on an extensive network of onboard and trackside sensors. These threats have the potential to compromise the safety of railway operations and the integrity of the railway infrastructure itself. This paper aims to examine the current cybersecurity measures in use, identify the key vulnerabilities that they address, and propose solutions for enhancing the security of railway infrastructures. The report evaluates the effectiveness of existing security protocols by reviewing current standards, including IEC62443 and NIST, as well as case histories of recent rail cyberattacks. Significant gaps have been identified, especially where modern and legacy systems need to be integrated. Weaknesses in communication protocols such as MVB, CAN and TCP/IP are identified. To address these challenges, the paper proposes a layered security framework specific to railways that incorporate continuous monitoring, risk-based cybersecurity modeling, AI-assisted threat detection, and stronger authentication methodologies. The aim of these recommendations is to improve the resilience of railway networks and ensure a safer, more secure infrastructure for future operations. Full article

In addressing the challenges of cyber threats in the South African construction sector, the study employed a quantitative methodology involving a questionnaire retrieved from 86 of the study’s respondents. It employed tools like mean item score (MIS), standard deviation (SD), and the pattern matrix of exploratory factor analysis (EFA). The findings revealed critical cybersecurity measures, including adherence to international information security standards such as the General Data Protection Regulation (GDPR), ISO 27001, or the Cybersecurity Framework by NIST, two-factor authentication, and strategic planning. The implications of these findings underscore the importance of robust cybersecurity frameworks and heightened awareness. This research contributes insights for enhancing cyber resilience in the construction industry, urging stakeholders to prioritize protective measures against cyber risks. Full article