Towards a platform to visualize the state of South Africa's information security

Attacks via the Internet infrastructure is increasingly becoming a daily occurrence and South Africa is no exception. In response, certain governments have published strategies pertaining to information security on a national level. These policies aim to ensure that critical infrastructure is protected, and that there is a move towards a greater state of information security readiness. This is also the case for South Africa where a variety of policy initiatives have started to gain momentum. While establishing strategy and policy is essential, ensuring its implementation is often difficult and dependent on the availability of resources. This is even more so in the case of information security since virtually all standardized security improvement processes start off with specifying that a proper inventory is required of all hardware, software, people and processes. While this may be possible to achieve at an organizational level, it is far more challenging on a national level. In this paper, the authors examine the possibility of making use of available data sources to achieve inventory of infrastructure on a national level and to visualize the state of a country's information security in at least a partial manner.

[1]  Felix C. Freiling,et al.  On Metrics and Measurements , 2005, Dependability Metrics.

[2]  Louise Leenen,et al.  Implementation of a Cyber Security Policy in South Africa: Reflection on Progress and the Way Forward , 2012, HCC.

[3]  Gary Hinson Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement , 2011 .

[4]  Trent Jaeger,et al.  Integrity walls: finding attack surfaces from mandatory access control policies , 2012, ASIACCS '12.

[5]  Sandra Mariana Maat Cyber crime: a comparative law analysis , 2009 .

[6]  James B. D. Joshi,et al.  IPv6 Security Challenges , 2009, Computer.

[7]  Dan Geer,et al.  Measuring vs. Modeling , 2013, login Usenix Mag..

[8]  Aaron J. Burstein Amending the ECPA to Enable a Culture of Cybersecurity Research , 2008 .

[9]  Herbert J. Mattord,et al.  The enemy is still at the gates: threats to information security revisited , 2010, InfoSecCD.

[10]  Barry Irwin,et al.  Classification of Security Operation Centers , 2013, 2013 Information Security for South Africa.

[11]  Ning Lu,et al.  Smart-grid security issues , 2010, IEEE Security & Privacy.

[12]  Graeme Shanks,et al.  Towards an intelligence-driven information security risk management process for organisations , 2013 .

[13]  Tyler Moore,et al.  Measuring the Cost of Cybercrime , 2012, WEIS.

[14]  Raffael Marty,et al.  Applied Security Visualization , 2008 .

[15]  Anne Marsden,et al.  International Organization for Standardization , 2014 .