Diego Staino

Este trabajo plantea un enfoque educativo para la ciberseguridad basado en estrategias de gamificación, entendida como la integración por diseño de componentes lúdicos en el proceso de aprendizaje. Mediante la revisión de la literatura, se categorizaron conjuntos de dinámicas según las aproximaciones y sus cualidades, lo que constituye nuestro primer aporte. Luego se realizó un mapeo entre las categorías propuestas, un conjunto de temáticas propias de la ciberseguridad y habilidades laborales… Mostrar más

Este trabajo plantea un enfoque educativo para la ciberseguridad basado en estrategias de gamificación, entendida como la integración por diseño de componentes lúdicos en el proceso de aprendizaje. Mediante la revisión de la literatura, se categorizaron conjuntos de dinámicas según las aproximaciones y sus cualidades, lo que constituye nuestro primer aporte. Luego se realizó un mapeo entre las categorías propuestas, un conjunto de temáticas propias de la ciberseguridad y habilidades laborales relevantes para el sector, lo que permite identificar en qué ámbitos tiene más sentido implementarlas, lo que constituye el segundo aporte. Por último, se describen tres categorías de gamificación poco exploradas en el ambiente y con potencial desarrollo. Mostrar menos

This work presents a methodical and minimalist approach for the implementation of cyber deception strategies that, without compromising effectiveness, seeks to limit its impact on operations, derived from the limitations of its integration in productive infrastructures and the complexity of the subject. To this end, a cyclical and continuous process is proposed, adaptable to environments of different sizes, which allows obtaining most of the benefits associated with complete cyber deception… Mostrar más

This work presents a methodical and minimalist approach for the implementation of cyber deception strategies that, without compromising effectiveness, seeks to limit its impact on operations, derived from the limitations of its integration in productive infrastructures and the complexity of the subject. To this end, a cyclical and continuous process is proposed, adaptable to environments of different sizes, which allows obtaining most of the benefits associated with complete cyber deception operations, using the least number of elements and through flexible tactics. This approach arose in response to observations detected in experiences working with organizations. To facilitate the implementation of this proposal, and as an additional contribution, a free software tool created for this purpose is provided, which allows its open experimentation and use in production, both for professional and educational environments. Mostrar menos

The field of exposure management in cybersecurity represents a novel area of study within the discipline of active cyber defense. Its objective is to apply the concept of exposure from the domain of organizational risk management. The approach extends the ideas and practices of vulnerability and threat management to provide a more generalized and comprehensive approach, which allows for the interpretation of the whole through the lens of risks. This paper examines the current state of the art… Mostrar más

The field of exposure management in cybersecurity represents a novel area of study within the discipline of active cyber defense. Its objective is to apply the concept of exposure from the domain of organizational risk management. The approach extends the ideas and practices of vulnerability and threat management to provide a more generalized and comprehensive approach, which allows for the interpretation of the whole through the lens of risks. This paper examines the current state of the art of concepts and applications of exposure management in cybersecurity and presents an approach for their applicability in organizations. The proposed contribution addresses the paucity of academic content on the subject, given its recent emergence. Mostrar menos

This paper proposes a model for the development and quantification of improvements in cybersecurity incident response preparedness in organizations based on tabletop simulation exercises. It consists of a progressive process of four stages: initial evaluation, exercise, work on results, and final evaluation to contrast indicators. The proposed model is based on the "Maturity Assessment Methodology for CSIRTs" (ENISA) whose parameters are weighted according to the "Cybersecurity Incident… Mostrar más

This paper proposes a model for the development and quantification of improvements in cybersecurity incident response preparedness in organizations based on tabletop simulation exercises. It consists of a progressive process of four stages: initial evaluation, exercise, work on results, and final evaluation to contrast indicators. The proposed model is based on the "Maturity Assessment Methodology for CSIRTs" (ENISA) whose parameters are weighted according to the "Cybersecurity Incident Management Guide" (NIST). Simulation exercises are designed based on the parameters, according to the mapping proposed in this work. Mostrar menos

This paper presents a methodology for cybersecurity incident response tabletop exercises. It is based on a combination of industry best practices, and experience in conducting these exercises. The objective is to allow organizations of any size and complexity to plan, design, and execute simulations in an orderly, repeatable, and efficient manner, allowing them to assess their ability to respond to incidents, identify areas for improvement, and develop action plans to increase their response… Mostrar más

This paper presents a methodology for cybersecurity incident response tabletop exercises. It is based on a combination of industry best practices, and experience in conducting these exercises. The objective is to allow organizations of any size and complexity to plan, design, and execute simulations in an orderly, repeatable, and efficient manner, allowing them to assess their ability to respond to incidents, identify areas for improvement, and develop action plans to increase their response capacities. The methodology is divided into several stages that go from planning and preparation to the execution and evaluation of the activity. Additionally, practical guidance is provided on how to approach each stage effectively, and a proposal for metrics aimed at continuous improvement. Mostrar menos