Cyber Defense eMagazine August Edition for 2022
Cyber Defense eMagazine August Edition for 2022 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine August Edition for 2022 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
The ASSURE process<br />
The aviation sector has quietly but steadily been strengthening its resilience over the past two years.<br />
Here in the UK, the Civil Aviation Authority (CAA) launched its ASSURE cybersecurity scheme in January<br />
2020 which applies to all those organisations deemed in scope of CAP 1753, such as airlines, airport<br />
operating firms and air navigation service providers.<br />
The <strong>Cyber</strong> Security Oversight Process <strong>for</strong> Aviation comprises a six-step process: Engagement, critical<br />
systems scoping, cyber self-assessment <strong>for</strong> aviation, the ASSURE cyber audit, the provisional statement<br />
of assurance and the final statement and certificate of compliance.<br />
Mandated organisations are required to identify their critical systems (using guidance under CAP 1849)<br />
and to then assess these systems against the <strong>Cyber</strong> Assessment Framework (CAF) <strong>for</strong> Aviation (using<br />
guidance under CAP 1850).<br />
The CAF <strong>for</strong> Aviation has been adapted from the CAF devised by the National <strong>Cyber</strong> Security Centre to<br />
assess critical infrastructure so is well respected and provides an outcome-based assessment based on<br />
14 principles and four key objectives: managing security risk, protecting against cyber-attack, detecting<br />
cyber security events and minimising the impact of cyber security incidents. These <strong>for</strong>m the basis of the<br />
assessment that precedes the ASSURE audit which determines if the organisation has sufficiently met<br />
the requirements of the CAF.<br />
Where it adds value<br />
It’s this third party assessment that has proven to be so effective. Carried out by cyber professionals that<br />
specialise in at least one of three key areas – cyber audit and risk management, technical cyber security<br />
or Industrial Control Systems (ICS)/Operational Technology – who are accredited by either the IASME<br />
or CREST, these assessors are up to speed on the latest security threats and able to advise on how to<br />
comply with the regulations effectively. An assessor can be brought on to help with the self-assessment<br />
and to add value at this stage although this then means another assessor must be used <strong>for</strong> the audit<br />
proper.<br />
<strong>Cyber</strong>security is unfamiliar ground <strong>for</strong> many of those navigating the CAF and the self-assessment stage<br />
can be lengthy, requiring various <strong>for</strong>ms of evidence to be gathered and recorded, such as documents,<br />
manuals, observations and interviews. As the The World Economic Forum’s Pathways towards a <strong>Cyber</strong><br />
Resilient Aviation Industry report attests, the aviation ecosystem can be complex, leading to fragmented<br />
approaches to compliance, lack of transparency and visibility, and ambiguous accountability. If, <strong>for</strong><br />
example, there are separate parties <strong>for</strong> the operational training or maintenance of a system, things can<br />
get very complicated because the airport has no direct contract or oversight and there<strong>for</strong>e no evidence<br />
to draw upon.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>August</strong> <strong>2022</strong> <strong>Edition</strong> 44<br />
Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.