Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
The complexity of performing cyber audits in the space sector along the supply chain
Cyber Security: A Peer-Reviewed Journal,
4
(2),
111-121
(2020)
Abstract
Cyber audits are not at all easy to perform. The number of dependencies present in the modern systems makes the process truly complicated and the findings, when available, are difficult to interpret and understand. The increasing trend to subcontract large parts of a programme or project hides some of those dependencies and other details under a huge number of contracts and other legal documentation which, in some cases, obliges the auditor to become a real documentation archaeologist in search of the holy grail. The required security controls span across those documents and the responsibility of one or the other party in the supply chain within a complex programme is not always obvious. The mission is clear, however, and the auditor needs to ensure that the processes, controls and safeguards are in place as originally designed, regardless of the added complexity. In this paper, the authors will introduce the concept of cyber audits, explain some of the factors that contribute to the complexity of the projects in the space sector along the supply chain, and describe tools that can assist in the audit process, before concluding with some recommendations to be taken into account to facilitate the process.
Keywords: cyber audits; space; complexity; audit tools; supply chain
The full article is available to subscribers to the journal.
Author's Biography
Jose Ramon Coz Fernandez finished his PhD in economics at Complutense University (Madrid) (summa cum laude), additionally, he completed a second PhD in computer engineering at UNED University (Madrid) (summa cum laude). Jose holds a MSc in physics (University of Cantabria), a MSc in economics (Complutense University) and several graduate degrees in telecommunications and public management (Polytechnic University of Madrid). Jose also holds certifications in information technology including CISA, CISM, CGEIT, CRISC, COBIT, ITIL, PRINCE2, MSP, BPM, ISO20000, ISO27000 and others. Jose has more than 20 years’ experience in the field of information technology (IT), auditing and cyber security. Currently working as Cyber Internal Auditor for the European Space Agency, he is also a researcher in the Department of Applied Economics at Complutense University. He is professor at several institutions, universities and business schools. Jose collaborates as a reviewer for several international journals and he is member of various committees and IT associations.
Vicente José Pastor Pérez is one of the founder members of NATO’s Cyberspace Operations Centre (CyOC) where he heads the Situational Awareness Support Section, working among other areas in cyberspace threats intelligence, threats information sharing and cyberspace situational awareness. Vicente was also founder member of NCIRC, the NATO Computer Incident Response Capability, where he worked for more than 11 years from 2005. Prior to that, he was a military member of the Spanish Army and afterwards the Spanish Air Force where he held positions in diverse units. He holds a Computer Science Engineer Master’s degree from Universidad Nacional de Educación a Distancia (UNED) as well as an Advanced University Studies Diploma. He graduated from the NATO-wide Executive Development Programme (NEDP) in 2012, becoming part of the alumni. Vicente has several postgraduate diplomas, notably expert in information security and computer networks at UNED, expert in direction and management of information and related technologies at Universidad de Alcalá and professional expert in IT service management using of ITIL and ISO 20000 at UNED. He is currently a student on the PhD programme of industrial technologies at UNED, Spain. Regarding certifications, Vicente is, among others, Certified Information Systems Security Professional (CISSP), GIAC Certified Forensic Analyst (GCFA) and GIAC Certified Incident Handler (GCIH). He is also Information Security Management Systems (ISMS) Auditor, ISMS Specialist Implementor and Information Security Expert at AENOR.
