Speretta, M. (2024, April), Statistical Word Analysis to support the Semiautomatic Implementation of the NIST 800-53 Cybersecurity Framework  Paper presented at 2024 ASEE North East Section, Fairfield, Connecticut. 10.18260/1-2--45783

\bibitem{asee_peer_45783}
  Speretta, M. (2024, April), \emph{Statistical Word Analysis to support the Semiautomatic Implementation of the NIST 800-53 Cybersecurity Framework}
  Paper presented at 2024 ASEE North East Section, Fairfield, Connecticut.
  10.18260/1-2--45783

Mirco Speretta.  "Statistical Word Analysis to support the Semiautomatic Implementation of the NIST 800-53 Cybersecurity Framework".  2024 ASEE North East Section, Fairfield, Connecticut, 2024, April.  ASEE Conferences, 2024.  https://peer.asee.org/45783 Internet.  15 Dec, 2024

\bibitem{asee_peer_45783}
  Mirco Speretta.
  "Statistical Word Analysis to support the Semiautomatic Implementation of the NIST 800-53 Cybersecurity Framework".
  \emph{2024 ASEE North East Section, Fairfield, Connecticut, 2024, April}.
  ASEE Conferences, 2024.
  https://peer.asee.org/45783 Internet.  15 Dec, 2024

@INPROCEEDINGS{asee_peer_45783
author = "Mirco Speretta"
title = "Statistical Word Analysis to support the Semiautomatic Implementation of the NIST 800-53 Cybersecurity Framework"
booktitle = "2024 ASEE North East Section"
year = "2024"
month = "April"
address = "Fairfield, Connecticut"
publisher = "ASEE Conferences"
note = {https://peer.asee.org/45783}
number = {10.18260/1-2--45783}
}

TY  - CPAPER
AB  - Cybersecurity frameworks such as NIST, CIS, and ISO, include a collection of families and controls that recommend security policies to organizations. They play a critical role in mitigating the risks of cyber attacks and breaches in organizations. Due to the manual process of selecting families and controls the implementation of these frameworks is very resource-intensive and time-consuming. This project addresses this challenge by investigating the feasibility of partially automating the process of selecting families. In this study, we developed an application in Java that applies statistical techniques such as TF-IDF and Cosine similarity to the families of the NIST cybersecurity framework. The framework is split into distinctive corpora of tokens representing each family. A corpus includes all the controls for a given family and is simplified to the list of tokens that are most representative of that family. We evaluated how accurately the corpora represented the framework by using both a qualitative and a quantitative approach. Considering the positive results of our tests, we believe that this approach could have a great impact on semi-automating the process of selecting controls within a family. This will reduce the resources and the cost needed for implementing cybersecurity frameworks. At the same time, it will increase the accuracy and consistency of the selection process.
AU  - Mirco Speretta
CY  - Fairfield, Connecticut
DA  - 2024/04/19
PB  - ASEE Conferences
TI  - Statistical Word Analysis to support the Semiautomatic Implementation of the NIST 800-53 Cybersecurity Framework
UR  - https://peer.asee.org/45783
DO  - 10.18260/1-2--45783
ER  -