TY - JOUR
T1 - Cybersecurity Standards in the Context of Operating System
T2 - Practical Aspects, Analysis, and Comparisons
AU - Hamdani, Syed Wasif Abbas
AU - Abbas, Haider
AU - Janjua, Abdul Rehman
AU - Shahid, Waleed Bin
AU - Amjad, Muhammad Faisal
AU - Malik, Jahanzaib
AU - Murtaza, Malik Hamza
AU - Atiquzzaman, Mohammed
AU - Khan, Abdul Waheed
PY - 2021/5/8
Y1 - 2021/5/8
N2 - Cyber threats have been growing tremendously in recent years. There are significant advancements in the threat space that have led towards an essential need for the strengthening of digital infrastructure security. Better security can be achieved by fine-tuning system parameters to the best and optimized security levels. For the protection of infrastructure and information systems, several guidelines have been provided by well-known organizations in the form of cybersecurity standards. Since security vulnerabilities incur a very high degree of financial, reputational, informational, and organizational security compromise, it is imperative that a baseline for standard compliance be established. The selection of security standards and extracting requirements from those standards in an organizational context is a tedious task. This article presents a detailed literature review, a comprehensive analysis of various cybersecurity standards, and statistics of cyber-attacks related to operating systems (OS). In addition to that, an explicit comparison between the frameworks, tools, and software available for OS compliance testing is provided. An in-depth analysis of the most common software solutions ensuring compliance with certain cybersecurity standards is also presented. Finally, based on the cybersecurity standards under consideration, a comprehensive set of minimum requirements is proposed for OS hardening and a few open research challenges are discussed.
AB - Cyber threats have been growing tremendously in recent years. There are significant advancements in the threat space that have led towards an essential need for the strengthening of digital infrastructure security. Better security can be achieved by fine-tuning system parameters to the best and optimized security levels. For the protection of infrastructure and information systems, several guidelines have been provided by well-known organizations in the form of cybersecurity standards. Since security vulnerabilities incur a very high degree of financial, reputational, informational, and organizational security compromise, it is imperative that a baseline for standard compliance be established. The selection of security standards and extracting requirements from those standards in an organizational context is a tedious task. This article presents a detailed literature review, a comprehensive analysis of various cybersecurity standards, and statistics of cyber-attacks related to operating systems (OS). In addition to that, an explicit comparison between the frameworks, tools, and software available for OS compliance testing is provided. An in-depth analysis of the most common software solutions ensuring compliance with certain cybersecurity standards is also presented. Finally, based on the cybersecurity standards under consideration, a comprehensive set of minimum requirements is proposed for OS hardening and a few open research challenges are discussed.
KW - Cybersecurity
KW - security standards
KW - OS vulnerabilities
KW - NIST
KW - FIPS
KW - CC
KW - ISO
U2 - 10.1145/3442480
DO - 10.1145/3442480
M3 - Article
SN - 0360-0300
VL - 54
JO - ACM Computing Surveys
JF - ACM Computing Surveys
IS - 3
M1 - 57
ER -