Thesis Type |
|
Status |
Open |
Proposal on |
13/05/2025 1:00 pm |
Proposal room |
|
Supervisor(s) |
Stefan Decker |
Advisor(s) |
Mehdi Akbari G. Avikarsha Mandal |
Contact |
mehdi.akbari.gurabi@fit.fraunhofer.de avikarsha.mandal@fit.fraunhofer.de |
The thesis focuses on the new regulatory requirements imposed on companies by the NIS2 directive. It aims to systematically extract these requirements and align them with established industry standards that provide detailed guidance for implementation. This alignment is anticipated to result in a comprehensive set of requirements, coupled with corresponding passages from industry standards, thereby facilitating compliant behavior.
Building on this foundation, the thesis will develop proof-of-concept playbooks that address key NIS2 compliance requirements. During development, efforts will be made to enhance the semantics of the structured playbooks by enriching them, or even individual steps, with information regarding the specific regulatory requirements they address. This thorough documentation will later enable the calculation of coverage.
Additionally, the research contributes to exploring and improving the shareability of playbooks. The goal is to create generic playbooks that are transferable between organizations while effectively supporting individual use. This exploration may include ideas such as modularity, textual guidelines, or code-based playbook refinement. The requirements extraction will follow an established methodology, and the resulting playbooks will be evaluated against a pre-defined set of relevant factors, may be verified through expert interviews.
This work is particularly significant due to the introduction of directives like NIS2 and legislations such as the EU Cybersecurity Act, which emphasize the need for timely incident reporting and automation in response processes. The thesis will first focus on analyzing these directives and regulations, followed by implementing necessary components to achieve compliance. Exploring solutions such as Dataspace strategies may provide valuable insights, drawing from previous research on cyber threat intelligence sharing through data spaces. The emphasis will be on developing solutions that enhance playbook functionality and compliance efficacy.
Some references related to the topic:
- NIS2 Directive Overview: https://digital-strategy.ec.europa.eu/en/policies/nis2-directive
- https://www.dataguard.co.uk/blog/a-step-by-step-guide-for-nis2-directive
- The EU Cybersecurity Act: https://eur-lex.europa.eu/EN/legal-content/summary/the-eu-cybersecurity-act.html
- Requirements for Playbook-Assisted Cyber Incident Response, Reporting and Automation: https://dl.acm.org/doi/full/10.1145/3688810
- The EU’s cybersecurity framework: the interplay between the Cyber Resilience Act and the NIS 2 Directive: https://link.springer.com/article/10.1365/s43439-023-00084-z
- Cybersecurity in the EU: How the NIS2-directive stacks up against its predecessor: https://www.sciencedirect.com/science/article/pii/S0267364923001000
Prerequisites:
Basic knowledge in the domains of cyber incident response, requirement analysis, and system engineering.