@article {901, title = {Editorial: Critical Infrastructures and Cybersecurity (June 2015)}, journal = {Technology Innovation Management Review}, volume = {5}, year = {2015}, month = {06/2015}, pages = {3-5}, publisher = {Talent First Network}, address = {Ottawa}, keywords = {botnet, club theory, critical infrastructure, cybersecurity, design principles, design science, healthcare, networked medical devices, project management maturity model}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/901}, url = {http://timreview.ca/article/901}, author = {Chris McPhee and Dan Craigen and Steven Muegge} } @article {860, title = {Editorial: Cybersecurity (January 2015)}, journal = {Technology Innovation Management Review}, volume = {5}, year = {2015}, month = {01/2015}, pages = {3-4}, publisher = {Talent First Network}, address = {Ottawa}, keywords = {automotive manufacturing, botnet takedowns, botnets, commercialization, critical infrastructure, cyber-attacks, cybersecurity, employee training, gamification, Internet, outsourcing, quantum key distribution}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/860}, url = {http://timreview.ca/article/860}, author = {Chris McPhee and Tony Bailetti} } @article {865, title = {Q\&A. Should the Internet Be Considered Critical Infrastructure?}, journal = {Technology Innovation Management Review}, volume = {5}, year = {2015}, month = {01/2015}, pages = {37-40}, publisher = {Talent First Network}, address = {Ottawa}, keywords = {communication networks, critical infrastructure, cyber-attacks, cybersecurity, information technology, Internet, vulnerabilities}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/865}, url = {http://timreview.ca/article/865}, author = {Walter Miron} } @article {837, title = {Cybersecurity Capability Maturity Models for Providers of Critical Infrastructure}, journal = {Technology Innovation Management Review}, volume = {4}, year = {2014}, month = {10/2014}, pages = {33-39}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {Critical infrastructure such as power generation and distribution systems, telecommunications networks, pipelines and pipeline control networks, transportation control networks, financial networks, and government information and communications technology (ICT) have increasingly become the target of cyber-attacks. The impact and cost of these threats, as well as regulatory pressure to mitigate them, have created an impetus to secure these critical infrastructures. Managers have many controls and models at their disposal to help them secure infrastructure technology, including cybersecurity capability maturity models to enable measurement and communication of cybersecurity readiness to top management teams, regulators, and customers, thereby facilitating regulatory compliance, corporate responsibility, and improved brand quality. However, information and awareness is lacking about which models are most appropriate for a given situation and how they should be deployed. This article examines relevant cybersecurity capability maturity models to identify the standards and controls available to providers of critical infrastructure in an effort to improve their level of security preparedness. These capability models are described and categorized by their relevance to different infrastructure domains, and then recommendations are provided on employing capability maturity models to measure and communicate readiness. This article will be relevant to regulators, critical infrastructure providers, and researchers. }, keywords = {adoption, bersecurity, capability maturity models, compliance, critical infrastructure, framework, municipalities, protection, regulation, standards}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/837}, url = {http://timreview.ca/article/837}, author = {Walter Miron and Kevin Muita} } @article {714, title = {Protecting Critical Infrastructure by Identifying Pathways of Exposure to Risk}, journal = {Technology Innovation Management Review}, volume = {3}, year = {2013}, month = {08/2013}, pages = {34-40}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {Increasingly, our critical infrastructure is managed and controlled by computers and the information networks that connect them. Cyber-terrorists and other malicious actors understand the economic and social impact that a successful attack on these systems could have. While it is imperative that we defend against such attacks, it is equally imperative that we realize how best to react to them. This article presents the strongest-path method of analyzing all potential pathways of exposure to risk {\textendash} no matter how indirect or circuitous they may be {\textendash} in a network model of infrastructure and operations. The method makes direct use of expert knowledge about entities and dependency relationships without the need for any simulation or any other models. By using path analysis in a directed graph model of critical infrastructure, planners can model and assess the effects of a potential attack and develop resilient responses. }, keywords = {critical infrastructure, cybersecurity, directed graph, modelling, path analysis, risk analysis, simulation, strongest-path method}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/714}, url = {http://timreview.ca/article/714}, author = {Philip O{\textquoteright}Neill} }