A technological analysis of Colombia’s cybersecurity capacity : a systemic perspective from an organizational point of view
Introduction: This paper is a product of the research Project “A technological analysis of Colombia’s cybersecurity capacity: a systemic perspective from an organizational point of view” developed at the Universidad Pontificia Bolivariana in the year 2018.
Objective: Starting from the dynamics system paradigm, this study considers the technological dimension with respect to cybersecurity for incident response and critical infrastructure protection, making reference to the Cybersecurity Capability Maturity Model and the best practices defined by the National Institute of Standards and Technology - NIST.
Methodology: The research starts from the dynamics hypothesis and using the representation of a formal simulation model as its input so as to analyze different scenarios and the development of future policy in this field.
Conclusions: The risk at the organizational level represents a fundamental element for management of incidents and the protection of critical infrastructures, since it allows defining the necessary strategies, in terms of policies, guidelines, business rules, technology and other elements that allow the country to face the threats derived from interconnectivity. It is therefore necessary to develop policies aimed at organizational sensitivity in terms of cybersecurity risks.
Originality: The scenarios that we propose should assist decision makers in making investments in favor of the development and evolution of Cybersecurity in Colombia and, therefore, of the organizations that contribute to the development of the country.
Restrictions: The data we used to conclude this study, was obtained from an organization that is classified as critical to infrastructure, so it is important to obtain access to the information of the main organization in Colombia in charge of cybersecurity and other companies.