This post is about our recently published paper that describes how strategies for implementing international cybersecurity best practice should account for five factors: technology profile, laws and regulations, law enforcement, culture and subcultures, and corruption.
To write the paper, we needed cybersecurity best practices to analyze with respect to these five dimensions. We used practices from one recent publication that focuses on insider threat. The CERT Program recommends nineteen best practices for preventing, detecting, and responding to insider threats in the Common Sense Guide to Mitigating Insider Threats, 4th Edition. The guide’s implementation recommendations are based on an analysis of primarily U.S.-based insider threat cases.
With our coauthors Randy Trzeciak, and Palma Buttles, we mapped the best practices to the five factors that affect practice implementation internationally, in the report Best Practices against Insider Threats in All Nations. Each practice is analyzed with respect to the five factors. Analysis was conducted both generally and with respect to potential implications of examples from various countries. This paper is an initial exploration of the effects of the international landscape on the implementation of cybersecurity best practices.