Abstract
Abstract In current socio-economic processes, info-communication services play a determining role, modifying the activities of certain actors. The growing dependence that has developed over the past two decades has imposed the need to give political will to security, which has led to an iterative evolution of the regulatory environment. Therefore, the regulatory framework requires certain entities to develop safeguards including controls that enhance both prevention and response in a manner commensurate with the business value of the information to be protected. However, due to the nature of cybersecurity, developing such countermeasures is not the task of a standalone organization but all entities in cyberspace in a wide range, from individuals to the public sector. Therefore, each entity involved must design protection capabilities in a manner commensurate with the risk, which requires strategic tools and methods and drives organizations to learn from their security incidents. Following our previous paper “Business strategy analysis of cybersecurity incidents” (Bederna et al.) on the topic, this paper reviews the essential formal security strategy formulation tools applied in the cases of Yahoo! and Estonia. Both are based on publicly available information. The analysis confirms the importance of managements’ or the government’s attitude and support for solving cybersecurity challenges.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
