A security review of local government using NIST CSF: a case study

Evaluating cyber security risk is a challenging task regardless of an organisation’s nature of business or size, however, an essential activity. This paper uses the National Institute of Standards and Technology (NIST) cyber security framework (CSF) to assess the cyber security posture of a local go...

Full description

Saved in:
Bibliographic Details
Published inThe Journal of supercomputing Vol. 74; no. 10; pp. 5171 - 5186
Main Authors Ibrahim, Ahmed, Valli, Craig, McAteer, Ian, Chaudhry, Junaid
Format Journal Article
LanguageEnglish
Published New York Springer US 01.10.2018
Springer Nature B.V
Subjects
Compilers
Computer Science
Control systems
Cybersecurity
Interpreters
Local government
Processor Architectures
Programming Languages
Security programs
NIST cyber security framework
Local government
Cyber security
Risk assessment
Online AccessGet full text

Cover

Abstract Evaluating cyber security risk is a challenging task regardless of an organisation’s nature of business or size, however, an essential activity. This paper uses the National Institute of Standards and Technology (NIST) cyber security framework (CSF) to assess the cyber security posture of a local government organisation in Western Australia. Our approach enabled the quantification of risks for specific NIST CSF core functions and respective categories and allowed making recommendations to address the gaps discovered to attain the desired level of compliance. This has led the organisation to strategically target areas related to their people, processes, and technologies, thus mitigating current and future threats.
AbstractList Evaluating cyber security risk is a challenging task regardless of an organisation’s nature of business or size, however, an essential activity. This paper uses the National Institute of Standards and Technology (NIST) cyber security framework (CSF) to assess the cyber security posture of a local government organisation in Western Australia. Our approach enabled the quantification of risks for specific NIST CSF core functions and respective categories and allowed making recommendations to address the gaps discovered to attain the desired level of compliance. This has led the organisation to strategically target areas related to their people, processes, and technologies, thus mitigating current and future threats.
Author McAteer, Ian
Ibrahim, Ahmed
Chaudhry, Junaid
Valli, Craig
Author_xml – sequence: 1
  givenname: Ahmed
  orcidid: 0000-0002-4760-3533
  surname: Ibrahim
  fullname: Ibrahim, Ahmed
  email: ahmed.ibrahim@ecu.edu.au
  organization: Security Research Institute, School of Science, Edith Cowan University
– sequence: 2
  givenname: Craig
  surname: Valli
  fullname: Valli, Craig
  organization: Security Research Institute, School of Science, Edith Cowan University
– sequence: 3
  givenname: Ian
  surname: McAteer
  fullname: McAteer, Ian
  organization: Security Research Institute, School of Science, Edith Cowan University
– sequence: 4
  givenname: Junaid
  surname: Chaudhry
  fullname: Chaudhry, Junaid
  organization: College of Security and Intelligence, Embry-Riddle Aeronautical University
BookMark eNp9kMFKAzEQQIMo2FY_wFvAc3SSzTYbb7VYLRQ9tJ5DNpstW9qkJtlK_94tKwiCnuby3szwhujceWcRuqFwRwHEfaSUMUGAFoRxIQk7QwOai4wAL_g5GoBkQIqcs0s0jHEDADwT2QA9TnC0pg1NOuJgD439xL7GW2_0Fq_9wQa3sy7hNjZujV_nyxWeLmcPWGOjo8UxtdXxCl3Uehvt9fccoffZ02r6QhZvz_PpZEEMB5FIwUtT5lU5roXQVHJdZqLmhtXjSjMqhShlrqUVxhZQjUtJ8wryrKCaccuzCrIRuu337oP_aG1MauPb4LqTilEquMglyI4SPWWCjzHYWpkm6dR4l4JutoqCOgVTfTDVBVOnYIp1Jv1l7kOz0-H4r8N6J3asW9vw89Pf0hf2jH2A
CitedBy_id crossref_primary_10_1016_j_ugj_2024_12_010
crossref_primary_10_1080_23738871_2023_2178319
crossref_primary_10_3390_app14135501
crossref_primary_10_24246_aiti_v21i2_210_229
crossref_primary_10_60097_ACIG_190344
crossref_primary_10_1080_0960085X_2024_2345867
crossref_primary_10_1016_j_procs_2023_01_295
crossref_primary_10_1080_07352166_2020_1727295
crossref_primary_10_1007_s11227_020_03204_2
crossref_primary_10_20473_jisebi_8_2_207_217
crossref_primary_10_1016_j_jii_2024_100604
crossref_primary_10_1108_OCJ_09_2021_0025
crossref_primary_10_3390_systems11050218
crossref_primary_10_3390_info15060342
Cites_doi 10.1108/IMCS-01-2013-0005
10.1109/VIZSEC.2017.8062194
10.1108/09685221211267639
ContentType Journal Article
Copyright The Author(s) 2018. corrected publication 2019
Copyright Springer Nature B.V. 2018
Copyright_xml – notice: The Author(s) 2018. corrected publication 2019
– notice: Copyright Springer Nature B.V. 2018
DBID C6C
AAYXX
CITATION
DOI 10.1007/s11227-018-2479-2
DatabaseName Springer Nature OA Free Journals
CrossRef
DatabaseTitle CrossRef
DatabaseTitleList

CrossRef
Database_xml – sequence: 1
  dbid: C6C
  name: SpringerOpen Free (Free internet resource, activated by CARLI)
  url: http://www.springeropen.com/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1573-0484
EndPage 5186
ExternalDocumentID 10_1007_s11227_018_2479_2
GroupedDBID -4Z
-59
-5G
-BR
-EM
-Y2
-~C
.4S
.86
.DC
.VR
06D
0R~
0VY
123
199
1N0
1SB
2.D
203
28-
29L
2J2
2JN
2JY
2KG
2KM
2LR
2P1
2VQ
2~H
30V
4.4
406
408
409
40D
40E
5QI
5VS
67Z
6NX
78A
8TC
8UJ
95-
95.
95~
96X
AAAVM
AABHQ
AACDK
AAHNG
AAIAL
AAJBT
AAJKR
AANZL
AAOBN
AARHV
AARTL
AASML
AATNV
AATVU
AAUYE
AAWCG
AAYIU
AAYOK
AAYQN
AAYTO
AAYZH
ABAKF
ABBBX
ABBXA
ABDBF
ABDPE
ABDZT
ABECU
ABFTD
ABFTV
ABHLI
ABHQN
ABJNI
ABJOX
ABKCH
ABKTR
ABMNI
ABMQK
ABNWP
ABQBU
ABQSL
ABSXP
ABTEG
ABTHY
ABTKH
ABTMW
ABULA
ABWNU
ABXPI
ACAOD
ACBXY
ACDTI
ACGFS
ACHSB
ACHXU
ACKNC
ACMDZ
ACMLO
ACOKC
ACOMO
ACPIV
ACUHS
ACZOJ
ADHHG
ADHIR
ADIMF
ADINQ
ADKNI
ADKPE
ADMLS
ADQRH
ADRFC
ADTPH
ADURQ
ADYFF
ADZKW
AEBTG
AEFIE
AEFQL
AEGAL
AEGNC
AEJHL
AEJRE
AEKMD
AEMSY
AENEX
AEOHA
AEPYU
AESKC
AETLH
AEVLU
AEXYK
AFBBN
AFEXP
AFGCZ
AFLOW
AFQWF
AFWTZ
AFZKB
AGAYW
AGDGC
AGGDS
AGJBK
AGMZJ
AGQEE
AGQMX
AGRTI
AGWIL
AGWZB
AGYKE
AHAVH
AHBYD
AHSBF
AHYZX
AI.
AIAKS
AIGIU
AIIXL
AILAN
AITGF
AJBLW
AJRNO
AJZVZ
ALMA_UNASSIGNED_HOLDINGS
ALWAN
AMKLP
AMXSW
AMYLF
AMYQR
AOCGG
ARCSS
ARMRJ
ASPBG
AVWKF
AXYYD
AYJHY
AZFZN
B-.
B0M
BA0
BBWZM
BDATZ
BGNMA
BSONS
C6C
CAG
COF
CS3
CSCUP
DDRTE
DL5
DNIVK
DPUIP
DU5
EAD
EAP
EAS
EBD
EBLON
EBS
EDO
EIOEI
EJD
EMK
EPL
ESBYG
ESX
F5P
FEDTE
FERAY
FFXSO
FIGPU
FINBP
FNLPD
FRRFC
FSGXE
FWDCC
GGCAI
GGRSB
GJIRD
GNWQR
GQ6
GQ7
GQ8
GXS
H13
HF~
HG5
HG6
HMJXF
HQYDN
HRMNR
HVGLF
HZ~
H~9
I-F
I09
IHE
IJ-
IKXTQ
ITM
IWAJR
IXC
IZIGR
IZQ
I~X
I~Z
J-C
J0Z
JBSCW
JCJTX
JZLTJ
KDC
KOV
KOW
LAK
LLZTM
M4Y
MA-
N2Q
N9A
NB0
NDZJH
NPVJJ
NQJWS
NU0
O9-
O93
O9G
O9I
O9J
OAM
OVD
P19
P2P
P9O
PF0
PT4
PT5
QOK
QOS
R4E
R89
R9I
RHV
RNI
ROL
RPX
RSV
RZC
RZE
RZK
S16
S1Z
S26
S27
S28
S3B
SAP
SCJ
SCLPG
SCO
SDH
SDM
SHX
SISQX
SJYHP
SNE
SNPRN
SNX
SOHCF
SOJ
SPISZ
SRMVM
SSLCW
STPWE
SZN
T13
T16
TEORI
TSG
TSK
TSV
TUC
TUS
U2A
UG4
UOJIU
UTJUX
UZXMN
VC2
VFIZW
VH1
W23
W48
WH7
WK8
YLTOR
Z45
Z7R
Z7X
Z7Z
Z83
Z88
Z8M
Z8N
Z8R
Z8T
Z8W
Z92
ZMTXR
~8M
~EX
AAPKM
AAYXX
ABBRH
ABDBE
ABFSG
ACSTC
ADHKG
ADKFA
AEZWR
AFDZB
AFHIU
AFOHR
AGQPQ
AHPBZ
AHWEU
AIXLP
ATHPR
AYFIA
CITATION
ABRTQ
ID FETCH-LOGICAL-c407t-84bcb5db6f77a194ab37f4c2f6da21977b95a9e7ce80d6b915d05381a24e43d03
IEDL.DBID C6C
ISSN 0920-8542
IngestDate Sun Jul 13 02:58:35 EDT 2025
Tue Jul 01 03:04:28 EDT 2025
Thu Apr 24 23:03:37 EDT 2025
Fri Feb 21 02:27:37 EST 2025
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue 10
Keywords NIST cyber security framework
Local government
Cyber security
Risk assessment
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c407t-84bcb5db6f77a194ab37f4c2f6da21977b95a9e7ce80d6b915d05381a24e43d03
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0002-4760-3533
OpenAccessLink https://doi.org/10.1007/s11227-018-2479-2
PQID 2117475909
PQPubID 2043774
PageCount 16
ParticipantIDs proquest_journals_2117475909
crossref_citationtrail_10_1007_s11227_018_2479_2
crossref_primary_10_1007_s11227_018_2479_2
springer_journals_10_1007_s11227_018_2479_2
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 2018-10-01
PublicationDateYYYYMMDD 2018-10-01
PublicationDate_xml – month: 10
  year: 2018
  text: 2018-10-01
  day: 01
PublicationDecade 2010
PublicationPlace New York
PublicationPlace_xml – name: New York
PublicationSubtitle An International Journal of High-Performance Computer Design, Analysis, and Use
PublicationTitle The Journal of supercomputing
PublicationTitleAbbrev J Supercomput
PublicationYear 2018
Publisher Springer US
Springer Nature B.V
Publisher_xml – name: Springer US
– name: Springer Nature B.V
References ISA (2012) ANSI/ISA-62443-3-3 (99.03.03)-2013. http://www.icsdefender.ir/files/scadadefender-ir/paygahdanesh/standards/ISA-62443-3-3-Public.pdf. Accessed 13 Mar 2018
BSI Group (2013) Infoview case study. https://www.bsigroup.com/LocalFiles/EN-AU/_Case%20Studies/BSI%20Infoview%20Case%20Study.pdf. Accessed 15 Feb 2018
SABSA (2015) Project charter for the development of a SABSA enhanced nist cybersecurity framework. https://sabsa.org/sabsa-nist-framework-project/. Accessed 21 Mar 2018
Cabinet Office (2010) Gpg13: Protective monitoring controls. http://gpg13.com/executive-summary/. Accessed 13 Mar 2018
BSI Group (2013) Implementing best practice and improving client confidence with ISO/IEC 27001. https://www.bsigroup.com/Documents/iso-27001/case-studies/BSI-ISO-IEC-27001-case-study-Legal-Ombudsman-UK-EN.pdf. Accessed 15 Feb 2018
BSI Group (2014) Using ISO/IEC 27001 certification to increase resilience, reassure clients and gain a competitive edge. https://www.bsigroup.com/Documents/iso-27001/case-studies/BSI-ISO-IEC-27001-case-study-Capgemini-UK-EN.pdf. Accessed 15 Feb 2018
Information Security Forum (2016) The ISF standard of good practice for information security. https://www.securityforum.org/tool/the-isf-standardrmation-security/. Accessed 8 Mar 2018
ISO (2013) ISO/IEC 27001:2013. https://www.iso.org/standard/54534.html. Accessed 1 Feb 2018
COSO (2017) Guidance on enterprise risk management. https://www.coso.org/Pages/erm.aspx. Accessed 6 Mar 2018
HITRUST (2017) Introduction to the HITRUST CSF. https://hitrustalliance.net/documents/csf_rmf_related/v9/CSFv9Introduction.pdf. Accessed 21 Mar 2018
Casey T, Fiftal K, Landfield K, Miller J, Morgan D, Willis B (2015) The cybersecurity framework in action: an Intel use case. Intel Corporation, pp 1–10. https://supplier.intel.com/static/governance/documents/The-cybersecurity-framework-in-action-an-intel-use-case-brief.pdf. Accessed 30 Jan 2018
IASME Consortium (2014) About cyber essentials. https://www.iasme.co.uk/cyberessentials/about-cyber-essentials/. Accessed 07 Mar 2018
MontesinoRFenzSBalujaWSiem-based framework for security controls automationInf Manag Comput Secur201220424826310.1108/09685221211267639
IASCA (2012) Cobit 5. https://cobitonline.isaca.org/. Accessed 01 Feb 2018
OSA (2007) Osa landscape. http://www.opensecurityarchitecture.org/cms/foundations/osa-landscape. Accessed 15 Mar 2018
BSI Group (2015) Integrating management systems to improve business performance and achieve sustained competitive advantage. https://www.bsigroup.com/Documents/iso-22301/case-studies/Costain-case-study-UK-EN.pdf. Accessed 15 Feb 2018
ISA (2009) ANSI/ISA-99.02.01-2009. http://www.icsdefender.ir/files/scadadefender-ir/paygahdaHrBnesh/standards/ISA-62443-2-1-Public.pdfHrB. Accessed 13 Mar 2018
Sweeney S (2015) How the University of Pittsburgh is using the NIST cybersecurity framework. https://www.sei.cmu.edu/podcasts/podcast_episode.cfm?episodeid=445056&autostarter=1&wtpodcast=howtheuniversityofpittsburghisusingthenistcybersecurityframework. Accessed 1 Feb 2018
NIST (2014) Framework for improving critical infrastructure cybersecurity: Version 1.0. https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf. Accessed 30 Jan 2018
IETF (1997) Rfc 2196: site security handbook. https://www.ietf.org/rfc/rfc2196.txt. Accessed 8 Mar 2018
Abrams M, Weiss J (2008) Malicious control system cyber security attack case study: Maroochy water services, Australia. https://www.mitre.org/sites/default/files/pdf/08_1145.pdf. Accessed 29 Jan 2018
Angelini M, Lenti S, Santucci G (2017) Crumbs: a cyber security framework browser. In: 2017 IEEE Symposium on Visualization for Cyber Security (VizSec). IEEE, pp 1–8
ETSI (2017) Overview of cybersecurity. https://www.enisa.europa.eu/events/enisa-cscg-2017/presentations/brookson. Accessed 7 Mar 2018
NIST (2014) Assessing security and privacy controls in federal information systems and organizations. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar4.pdf. Accessed 1 Feb 2018
University of Chicago (2016) Applying the cybersecurity framework at the university of Chicago: an education case study. http://security.bsd.uchicago.edu/wp-content/uploads/sites/2/2016/04/BSD-Framework-Implementation-Case-Study_final_edition.pdf. Accessed 31 Jan 2018
Elkins V (2014) Summary of CIP version 5 standards. http://www.velaw.com/uploadedfiles/vesite/resources/summarycipversion5standards2014.pdf. Accessed 12 Feb 2018
Microsoft (2018) Power BI. https://powerbi.microsoft.com/en-us/. Accessed 12 Apr 2018
BSI Group (2013) Supporting business growth with ISO/IEC 27001. https://www.bsigroup.com/Documents/iso-27001/case-studies/BSI-ISO-IEC-27001-case-study-SVM-UK-EN.pdf. Accessed 15 Feb 2018
KimEBRecommendations for information security awareness training for college studentsInf Manag Comput Secur201422111512610.1108/IMCS-01-2013-0005
Center for Internet Security (2018) CIS controls. https://www.cisecurity.org/controls/. Accessed 6 Mar 2018
BSI Group (2012) How Fredrickson has reduced third party scrutiny and protected its reputation with ISO 27001 certification. https://www.bsigroup.com/Documents/iso-27001/case-studies/BSI-ISO-IEC-27001-case-study-Fredrickson-International-EN-UK.pdf?epslanguage=en-MY. Accessed 15 Feb 2018
BSI Group (2011) Case study Thames Security Shredding (TSS) Ltd. https://www.bsigroup.com/Documents/iso-27001/case-studies/BSI-ISO-IEC-27001-case-study-Thames-Security-UK-EN.pdf?epslanguage=en-MY. Accessed 15 Feb 2018
2479_CR28
2479_CR29
R Montesino (2479_CR26) 2012; 20
2479_CR20
2479_CR21
2479_CR22
2479_CR23
2479_CR25
2479_CR27
2479_CR2
2479_CR17
EB Kim (2479_CR24) 2014; 22
2479_CR3
2479_CR18
2479_CR4
2479_CR19
2479_CR5
2479_CR6
2479_CR7
2479_CR8
2479_CR9
2479_CR1
2479_CR30
2479_CR31
2479_CR10
2479_CR32
2479_CR11
2479_CR12
2479_CR13
2479_CR14
2479_CR15
2479_CR16
References_xml – reference: ISA (2012) ANSI/ISA-62443-3-3 (99.03.03)-2013. http://www.icsdefender.ir/files/scadadefender-ir/paygahdanesh/standards/ISA-62443-3-3-Public.pdf. Accessed 13 Mar 2018
– reference: MontesinoRFenzSBalujaWSiem-based framework for security controls automationInf Manag Comput Secur201220424826310.1108/09685221211267639
– reference: BSI Group (2014) Using ISO/IEC 27001 certification to increase resilience, reassure clients and gain a competitive edge. https://www.bsigroup.com/Documents/iso-27001/case-studies/BSI-ISO-IEC-27001-case-study-Capgemini-UK-EN.pdf. Accessed 15 Feb 2018
– reference: BSI Group (2013) Implementing best practice and improving client confidence with ISO/IEC 27001. https://www.bsigroup.com/Documents/iso-27001/case-studies/BSI-ISO-IEC-27001-case-study-Legal-Ombudsman-UK-EN.pdf. Accessed 15 Feb 2018
– reference: Cabinet Office (2010) Gpg13: Protective monitoring controls. http://gpg13.com/executive-summary/. Accessed 13 Mar 2018
– reference: KimEBRecommendations for information security awareness training for college studentsInf Manag Comput Secur201422111512610.1108/IMCS-01-2013-0005
– reference: Abrams M, Weiss J (2008) Malicious control system cyber security attack case study: Maroochy water services, Australia. https://www.mitre.org/sites/default/files/pdf/08_1145.pdf. Accessed 29 Jan 2018
– reference: HITRUST (2017) Introduction to the HITRUST CSF. https://hitrustalliance.net/documents/csf_rmf_related/v9/CSFv9Introduction.pdf. Accessed 21 Mar 2018
– reference: OSA (2007) Osa landscape. http://www.opensecurityarchitecture.org/cms/foundations/osa-landscape. Accessed 15 Mar 2018
– reference: Angelini M, Lenti S, Santucci G (2017) Crumbs: a cyber security framework browser. In: 2017 IEEE Symposium on Visualization for Cyber Security (VizSec). IEEE, pp 1–8
– reference: Sweeney S (2015) How the University of Pittsburgh is using the NIST cybersecurity framework. https://www.sei.cmu.edu/podcasts/podcast_episode.cfm?episodeid=445056&autostarter=1&wtpodcast=howtheuniversityofpittsburghisusingthenistcybersecurityframework. Accessed 1 Feb 2018
– reference: BSI Group (2012) How Fredrickson has reduced third party scrutiny and protected its reputation with ISO 27001 certification. https://www.bsigroup.com/Documents/iso-27001/case-studies/BSI-ISO-IEC-27001-case-study-Fredrickson-International-EN-UK.pdf?epslanguage=en-MY. Accessed 15 Feb 2018
– reference: Information Security Forum (2016) The ISF standard of good practice for information security. https://www.securityforum.org/tool/the-isf-standardrmation-security/. Accessed 8 Mar 2018
– reference: COSO (2017) Guidance on enterprise risk management. https://www.coso.org/Pages/erm.aspx. Accessed 6 Mar 2018
– reference: Casey T, Fiftal K, Landfield K, Miller J, Morgan D, Willis B (2015) The cybersecurity framework in action: an Intel use case. Intel Corporation, pp 1–10. https://supplier.intel.com/static/governance/documents/The-cybersecurity-framework-in-action-an-intel-use-case-brief.pdf. Accessed 30 Jan 2018
– reference: BSI Group (2011) Case study Thames Security Shredding (TSS) Ltd. https://www.bsigroup.com/Documents/iso-27001/case-studies/BSI-ISO-IEC-27001-case-study-Thames-Security-UK-EN.pdf?epslanguage=en-MY. Accessed 15 Feb 2018
– reference: BSI Group (2015) Integrating management systems to improve business performance and achieve sustained competitive advantage. https://www.bsigroup.com/Documents/iso-22301/case-studies/Costain-case-study-UK-EN.pdf. Accessed 15 Feb 2018
– reference: ISO (2013) ISO/IEC 27001:2013. https://www.iso.org/standard/54534.html. Accessed 1 Feb 2018
– reference: NIST (2014) Framework for improving critical infrastructure cybersecurity: Version 1.0. https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf. Accessed 30 Jan 2018
– reference: IASCA (2012) Cobit 5. https://cobitonline.isaca.org/. Accessed 01 Feb 2018
– reference: IASME Consortium (2014) About cyber essentials. https://www.iasme.co.uk/cyberessentials/about-cyber-essentials/. Accessed 07 Mar 2018
– reference: Microsoft (2018) Power BI. https://powerbi.microsoft.com/en-us/. Accessed 12 Apr 2018
– reference: ETSI (2017) Overview of cybersecurity. https://www.enisa.europa.eu/events/enisa-cscg-2017/presentations/brookson. Accessed 7 Mar 2018
– reference: IETF (1997) Rfc 2196: site security handbook. https://www.ietf.org/rfc/rfc2196.txt. Accessed 8 Mar 2018
– reference: ISA (2009) ANSI/ISA-99.02.01-2009. http://www.icsdefender.ir/files/scadadefender-ir/paygahdaHrBnesh/standards/ISA-62443-2-1-Public.pdfHrB. Accessed 13 Mar 2018
– reference: SABSA (2015) Project charter for the development of a SABSA enhanced nist cybersecurity framework. https://sabsa.org/sabsa-nist-framework-project/. Accessed 21 Mar 2018
– reference: NIST (2014) Assessing security and privacy controls in federal information systems and organizations. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar4.pdf. Accessed 1 Feb 2018
– reference: BSI Group (2013) Infoview case study. https://www.bsigroup.com/LocalFiles/EN-AU/_Case%20Studies/BSI%20Infoview%20Case%20Study.pdf. Accessed 15 Feb 2018
– reference: BSI Group (2013) Supporting business growth with ISO/IEC 27001. https://www.bsigroup.com/Documents/iso-27001/case-studies/BSI-ISO-IEC-27001-case-study-SVM-UK-EN.pdf. Accessed 15 Feb 2018
– reference: University of Chicago (2016) Applying the cybersecurity framework at the university of Chicago: an education case study. http://security.bsd.uchicago.edu/wp-content/uploads/sites/2/2016/04/BSD-Framework-Implementation-Case-Study_final_edition.pdf. Accessed 31 Jan 2018
– reference: Elkins V (2014) Summary of CIP version 5 standards. http://www.velaw.com/uploadedfiles/vesite/resources/summarycipversion5standards2014.pdf. Accessed 12 Feb 2018
– reference: Center for Internet Security (2018) CIS controls. https://www.cisecurity.org/controls/. Accessed 6 Mar 2018
– ident: 2479_CR8
– ident: 2479_CR20
– ident: 2479_CR22
– ident: 2479_CR28
– ident: 2479_CR1
– ident: 2479_CR13
– ident: 2479_CR3
– ident: 2479_CR7
– ident: 2479_CR19
– ident: 2479_CR32
– ident: 2479_CR5
– ident: 2479_CR11
– ident: 2479_CR30
– ident: 2479_CR15
– ident: 2479_CR17
– ident: 2479_CR9
– ident: 2479_CR21
– ident: 2479_CR23
– volume: 22
  start-page: 115
  issue: 1
  year: 2014
  ident: 2479_CR24
  publication-title: Inf Manag Comput Secur
  doi: 10.1108/IMCS-01-2013-0005
– ident: 2479_CR29
– ident: 2479_CR2
  doi: 10.1109/VIZSEC.2017.8062194
– ident: 2479_CR27
– ident: 2479_CR25
– ident: 2479_CR14
– ident: 2479_CR12
– ident: 2479_CR4
– ident: 2479_CR6
– ident: 2479_CR10
– volume: 20
  start-page: 248
  issue: 4
  year: 2012
  ident: 2479_CR26
  publication-title: Inf Manag Comput Secur
  doi: 10.1108/09685221211267639
– ident: 2479_CR18
– ident: 2479_CR31
– ident: 2479_CR16
SSID ssj0004373
Score 2.2823508
Snippet Evaluating cyber security risk is a challenging task regardless of an organisation’s nature of business or size, however, an essential activity. This paper...
SourceID proquest
crossref
springer
SourceType Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 5171
SubjectTerms Compilers
Computer Science
Control systems
Cybersecurity
Interpreters
Local government
Processor Architectures
Programming Languages
Security programs
Title A security review of local government using NIST CSF: a case study
URI https://link.springer.com/article/10.1007/s11227-018-2479-2
https://www.proquest.com/docview/2117475909
Volume 74
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07T8MwELYQXVh4Iwql8sAEskgcu47ZQmgpj3ZpK5Upsp24C2oRLf-fcx6NqACJJR5ie7iH70539x1Cl-CDp5paSSTIA2FaeCRUVhA_TBlVoTYmcP3Og2GnP2FPUz4twaJdL8xG_v5mCf4AdcWRwE8mJIHXtsH9QLgpDXEnrlsggyKZLCEaCjmjVQLzpyu-m6Dar9xIheYWprePdkvXEEcFLw_QVjY_RHvV2AVcauERuovwspw6h4vOE7ywODdKeLYenYtdRfsMDx9HYxyPerdYYQMWC-d4ssdo0uuO4z4pRyEQAxHXioRMG81dy5wQypdM6UBYZqjtpAreHCG05EpmwmShl3a09HkK2hX6irKMBakXnKDt-WKenSJMtWcNnGNcauYLCwwBH4EqlXFuRRA0kVdRJzElTrgbV_GW1AjHjqAJEDRxBE1oE12tj7wXIBl_bW5VJE9KfVkmEIYKhzzoySa6rthQ__71srN_7T5HO9SJQV6L10Lbq4_P7AJ8ipVuo0Z0P3gZufXh9bnbzqULvhMafQEwRcOU
linkProvider Springer Nature
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV07T8MwED5BGWDhjSgU8AALKFLiOHWMxFAKVUsfS1upW7CdpAtqES1C_B7-KOc8GoEAiaFzbCv6_J3vTvcCOEcbPFQ0FpZAPlhMcdvyZcwtxw8Zlb7S2jX1zt1etTlkDyNvtAIfeS1Mku2ehySTl7oodnMoNWmSeLOMC4tmmZTt6P0N_bTZTesOL_WC0sb9oN60slEClkaPZW75TGnlmZIzziX67VK5PGaaxtVQosxyroQnRcR15NthVQnHC5GdviMpi5gb2i6euwpraHv4RnSGtFYUX7ppGFugH-Z7jOah059--avyKyzab0HYRLc1tmEzM0pJLWXRDqxEk13Yygc-kEz-9-C2RmbZvDuS1ryQaUwSdUjGi6G9xOTSj0mv1R-Qer9xTSTRqCtJ0sl2H4ZLQe4ASpPpJDoEQpUda9zHPKGYw2OkAlonVMrI82LuumWwc3QCnXUoN4MynoKit7IBNEBAAwNoQMtwudjynLbn-GtxJYc8yCR1FqADzE3PQ1uU4Sq_huLzr4cd_Wv1Gaw3B91O0Gn12sewQQ0lkozACpTmL6_RCVo2c3WaMIvA47Kp_Al9EgDr
linkToPdf http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1NS8NAEB20gnjxW6xW3YNelGCy2XSzgodaLa3VItiCt7i7yfYiVWxF_FX-RWfzYVBU8NBzNkuYfZuZx8ybAdjHGDxW1AhHIB4cprjrhNJwxwtjRmWotPat3vm6V28P2OVdcDcD74UWJq12L1KSmabBdmkaTY6fYnNcCt88Sm3JJJ4y48KheVVlN3l7Rc42Pu2c4wEfUNq66DfbTj5WwNHIXiZOyJRWgZWfcS6Rw0vlc8M0NfVY4v3lXIlAioTrJHTjuhJeECNSQ09SljA_dn3cdxbmkBh5lu01681SiOlnKW2BnCwMGC3SqD998ldHWEa33xKyqZ9rLcNiHqCSRoaoFZhJRquwVAx_IPm_YA3OGmScz74jmf6FPBqSukYy_BzgS2xd_ZD0Ord90rxtnRBJNPpNkna1XYfBVCy3AZXR4yjZBEKVazS-xwKhmMcNwgIjFSplEgSG-34V3MI6kc67lduhGQ9R2WfZGjRCg0bWoBGtwuHnK09Zq46_FtcKk0f5rR1HSIa57X_oiiocFcdQPv51s61_rd6D-ZvzVnTV6XW3YYFaRKTFgTWoTJ5fkh0MciZqNwUWgftpI_kDyhsFEQ
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+security+review+of+local+government+using+NIST+CSF%3A+a+case+study&rft.jtitle=The+Journal+of+supercomputing&rft.au=Ibrahim%2C+Ahmed&rft.au=Valli%2C+Craig&rft.au=McAteer%2C+Ian&rft.au=Chaudhry%2C+Junaid&rft.date=2018-10-01&rft.pub=Springer+Nature+B.V&rft.issn=0920-8542&rft.eissn=1573-0484&rft.volume=74&rft.issue=10&rft.spage=5171&rft.epage=5186&rft_id=info:doi/10.1007%2Fs11227-018-2479-2&rft.externalDBID=NO_FULL_TEXT
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0920-8542&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0920-8542&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0920-8542&client=summon