Cyber exercises used to assess the preparedness of a
community against cyber crises, technology failures and Critical
Information Infrastructure (CII) incidents. The cyber exercises also
called cyber crisis exercise or cyber drill, involved partnerships or
collaboration of public and private agencies from several sectors.
This study investigates Organisation Cyber Resilience (OCR) of
participation sectors in cyber exercise called X Maya in Malaysia.
This study used a principal based cyber resilience survey called CSuite
Executive checklist developed by World Economic Forum in
2012. To ensure suitability of the survey to investigate the OCR, the
reliability test was conducted on C-Suite Executive checklist items.
The research further investigates the differences of OCR in ten
Critical National Infrastructure Information (CNII) sectors
participated in the cyber exercise. The One Way ANOVA test result
showed a statistically significant difference of OCR among ten CNII
sectors participated in the cyber exercise.
[1] Hashim, M. S. Malaysia’s National Cyber Security Policy
[2] Bodeau, D., & Graubart, R. (2013, November). Intended effects of cyber
resiliency techniques on adversary activities. In Technologies for
Homeland Security (HST), 2013 IEEE International Conference on (pp.
7-11). IEEE.
[3] Bodeau, D., & Graubart, R. (2011). Cyber Resiliency Engineering
Framework.
[4] Boin, A., & McConnell, A. (2007). Preparing for critical infrastructure
breakdowns: the limits of crisis management and the need for resilience.
Journal of Contingencies and Crisis Management, 15(1), 50-59
[5] Caralli, R. A., Allen, J. H., Curtis, P. D., White, D. W., & Young, L. R.
(2010, August). Improving Operational Resilience Processes: The CERT
Resilience Management Model. In Social Computing (SocialCom), 2010
IEEE Second International Conference on (pp. 1165-1170). IEEE.
[6] Cavelty, M. D. (2007). Critical information infrastructure:
vulnerabilities, threats and responses. In Disarmament Forum (Vol. 3,
pp. 15-22).
[7] Conklin, A., & White, G. B. (2006, January). E-government and cyber
security: the role of cyber security exercises. In System Sciences, 2006.
HICSS'06. Proceedings of the 39th Annual Hawaii International
Conference on (Vol. 4, pp. 79b-79b). IEEE.
[8] Dzazali, S., Sulaiman, A., & Zolait, A. H. (2009). Information security
landscape and maturity level: Case study of Malaysian Public Service
(MPS) organizations. Government Information Quarterly, 26(4), 584-
593. [9] Glorioso, A., & Servida, A. (2012). Infrastructure sectors and the
information infrastructure. In Critical Infrastructure Protection (pp. 39-
51). Springer Berlin Heidelberg.
[10] Government Launches National Cyber Crisis Management Policy and
Mechanism, http://vsdaily.com/tag/x-maya-5/.Accessed January 18,
2013).
[11] Hernantes, J., Lauge, A., Labaka, L., Rich, E., Sveen, F. O., Sarriegi, J.
M., & Gonzalez, J. J. (2011, January). Collaborative modeling of
awareness in Critical Infrastructure Protection. In System Sciences
(HICSS), 2011 44th Hawaii International Conference on (pp. 1-10).
IEEE.
[12] Kwak, Y. H., Chih, Y., & Ibbs, C. W. (2009). Towards a comprehensive
understanding of public private partnerships for infrastructure
development. California Management Review, 51(2), 51-78.
[13] Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P., Allen, J., &
Kott, A. (2013). Resilience metrics for cyber systems. Environment
Systems and Decisions, 33(4), 471-476.
[14] Pallant, J. (2013). SPSS survival manual. McGraw-Hill International.
[15] Santos, J. R. A. (1999). Cronbach’s alpha: A tool for assessing the
reliability of scales. Journal of extension, 37(2), 1-5.
[16] Setola, R., De Porcellinis, S., & Sforna, M. (2009). Critical
infrastructure dependency assessment using the input–output
inoperability model. International Journal of Critical Infrastructure
Protection, 2(4), 170-178.
[17] Solansky, S. T., & Beck, T. E. (2009). Enhancing community safety and
security through understanding interagency collaboration in cyberterrorism
exercises. Administration & Society, 40(8), 852-875.
[18] White, G. B., Dietrich, G., & Goles, T. (2004, January). Cyber security
exercises: testing an organization's ability to prevent, detect, and respond
to cyber security events. In System Sciences, 2004. Proceedings of the
37th Annual Hawaii International Conference on (pp. 10-pp). IEEE.
[19] World Economic Forum, Partnering for Cyber Resilience, Risk and
Responsibility in a Hyper connected World, March 2012
[20] X Maya 3: Benchmarking the National Cyber Crisis Management Plan.
http://www.cybersecurity.my/en/knowledge_bank/news/2010/main/detai
l/1906/index.htm. (Accessed in February 12, 2013).
[21] Yunos, Z., Hafidz Suid, S., Ahmad, R., & Ismail, Z. (2010, August).
Safeguarding Malaysia's critical national information infrastructure
(CNII) against cyber terrorism: Towards development of a policy
framework. In Information Assurance and Security (IAS), 2010 Sixth
International Conference on (pp. 21-27). IEEE.
[1] Hashim, M. S. Malaysia’s National Cyber Security Policy
[2] Bodeau, D., & Graubart, R. (2013, November). Intended effects of cyber
resiliency techniques on adversary activities. In Technologies for
Homeland Security (HST), 2013 IEEE International Conference on (pp.
7-11). IEEE.
[3] Bodeau, D., & Graubart, R. (2011). Cyber Resiliency Engineering
Framework.
[4] Boin, A., & McConnell, A. (2007). Preparing for critical infrastructure
breakdowns: the limits of crisis management and the need for resilience.
Journal of Contingencies and Crisis Management, 15(1), 50-59
[5] Caralli, R. A., Allen, J. H., Curtis, P. D., White, D. W., & Young, L. R.
(2010, August). Improving Operational Resilience Processes: The CERT
Resilience Management Model. In Social Computing (SocialCom), 2010
IEEE Second International Conference on (pp. 1165-1170). IEEE.
[6] Cavelty, M. D. (2007). Critical information infrastructure:
vulnerabilities, threats and responses. In Disarmament Forum (Vol. 3,
pp. 15-22).
[7] Conklin, A., & White, G. B. (2006, January). E-government and cyber
security: the role of cyber security exercises. In System Sciences, 2006.
HICSS'06. Proceedings of the 39th Annual Hawaii International
Conference on (Vol. 4, pp. 79b-79b). IEEE.
[8] Dzazali, S., Sulaiman, A., & Zolait, A. H. (2009). Information security
landscape and maturity level: Case study of Malaysian Public Service
(MPS) organizations. Government Information Quarterly, 26(4), 584-
593. [9] Glorioso, A., & Servida, A. (2012). Infrastructure sectors and the
information infrastructure. In Critical Infrastructure Protection (pp. 39-
51). Springer Berlin Heidelberg.
[10] Government Launches National Cyber Crisis Management Policy and
Mechanism, http://vsdaily.com/tag/x-maya-5/.Accessed January 18,
2013).
[11] Hernantes, J., Lauge, A., Labaka, L., Rich, E., Sveen, F. O., Sarriegi, J.
M., & Gonzalez, J. J. (2011, January). Collaborative modeling of
awareness in Critical Infrastructure Protection. In System Sciences
(HICSS), 2011 44th Hawaii International Conference on (pp. 1-10).
IEEE.
[12] Kwak, Y. H., Chih, Y., & Ibbs, C. W. (2009). Towards a comprehensive
understanding of public private partnerships for infrastructure
development. California Management Review, 51(2), 51-78.
[13] Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P., Allen, J., &
Kott, A. (2013). Resilience metrics for cyber systems. Environment
Systems and Decisions, 33(4), 471-476.
[14] Pallant, J. (2013). SPSS survival manual. McGraw-Hill International.
[15] Santos, J. R. A. (1999). Cronbach’s alpha: A tool for assessing the
reliability of scales. Journal of extension, 37(2), 1-5.
[16] Setola, R., De Porcellinis, S., & Sforna, M. (2009). Critical
infrastructure dependency assessment using the input–output
inoperability model. International Journal of Critical Infrastructure
Protection, 2(4), 170-178.
[17] Solansky, S. T., & Beck, T. E. (2009). Enhancing community safety and
security through understanding interagency collaboration in cyberterrorism
exercises. Administration & Society, 40(8), 852-875.
[18] White, G. B., Dietrich, G., & Goles, T. (2004, January). Cyber security
exercises: testing an organization's ability to prevent, detect, and respond
to cyber security events. In System Sciences, 2004. Proceedings of the
37th Annual Hawaii International Conference on (pp. 10-pp). IEEE.
[19] World Economic Forum, Partnering for Cyber Resilience, Risk and
Responsibility in a Hyper connected World, March 2012
[20] X Maya 3: Benchmarking the National Cyber Crisis Management Plan.
http://www.cybersecurity.my/en/knowledge_bank/news/2010/main/detai
l/1906/index.htm. (Accessed in February 12, 2013).
[21] Yunos, Z., Hafidz Suid, S., Ahmad, R., & Ismail, Z. (2010, August).
Safeguarding Malaysia's critical national information infrastructure
(CNII) against cyber terrorism: Towards development of a policy
framework. In Information Assurance and Security (IAS), 2010 Sixth
International Conference on (pp. 21-27). IEEE.
@article{"International Journal of Information, Control and Computer Sciences:70515", author = "Arniyati Ahmad and Christopher Johnson and Timothy Storer", title = "An Investigation on Organisation Cyber Resilience", abstract = "Cyber exercises used to assess the preparedness of a
community against cyber crises, technology failures and Critical
Information Infrastructure (CII) incidents. The cyber exercises also
called cyber crisis exercise or cyber drill, involved partnerships or
collaboration of public and private agencies from several sectors.
This study investigates Organisation Cyber Resilience (OCR) of
participation sectors in cyber exercise called X Maya in Malaysia.
This study used a principal based cyber resilience survey called CSuite
Executive checklist developed by World Economic Forum in
2012. To ensure suitability of the survey to investigate the OCR, the
reliability test was conducted on C-Suite Executive checklist items.
The research further investigates the differences of OCR in ten
Critical National Infrastructure Information (CNII) sectors
participated in the cyber exercise. The One Way ANOVA test result
showed a statistically significant difference of OCR among ten CNII
sectors participated in the cyber exercise.", keywords = "Critical Information Infrastructure, Cyber
Resilience, Organisation Cyber Resilience, Reliability Test.", volume = "9", number = "7", pages = "1703-6", }
