CNR Institutional Research Information System

Cyber-physical security of financial institutions is a critical and sensitive topic. In this context, the FINSEC project aims to design and build a reference architecture for the integrated physical and cyber security of financial institutions. To make feasible, the interactions among the different services of the FINSEC platform, a proper data model defining the exchanged information semantic is fundamental. One of the objectives of the FINSEC project is to integrate cyber and physical security measures in the financial services industry. To do so, the data model must consider both cyber and physical systems. In this paper, the authors present FINSTIX, namely the data model adopted in the FINSEC platform. In particular, they extended the Structured Threat Information eXpression (STIX) standard creating custom objects to describe the financial organization's infrastructure and then to integrate cyber and physical security measures. The paper also reports an example of the use of FINSTIX in a relevant use case scenario.

FINSTIX: a Cyber-Physical Data Model for Financial Critical Infrastructures

M Aiello;I Vaccari;E Cambiaso;
2020

Abstract

Cyber-physical security of financial institutions is a critical and sensitive topic. In this context, the FINSEC project aims to design and build a reference architecture for the integrated physical and cyber security of financial institutions. To make feasible, the interactions among the different services of the FINSEC platform, a proper data model defining the exchanged information semantic is fundamental. One of the objectives of the FINSEC project is to integrate cyber and physical security measures in the financial services industry. To do so, the data model must consider both cyber and physical systems. In this paper, the authors present FINSTIX, namely the data model adopted in the FINSEC platform. In particular, they extended the Structured Threat Information eXpression (STIX) standard creating custom objects to describe the financial organization's infrastructure and then to integrate cyber and physical security measures. The paper also reports an example of the use of FINSTIX in a relevant use case scenario.
2020
Istituto di Elettronica e di Ingegneria dell'Informazione e delle Telecomunicazioni - IEIIT
Inglese
First International Workshop, CPS4CIP 2020, Guildford, UK, September 18, 2020, Revised Selected Papers
Sì, ma tipo non specificato
18/09/2020
Virtual Conference
Data model
FINSEC
STIX
Cyber-Physical Threat Intelligence
3
none
G. Gazzarata; E. Troiano; L. Verderame; M. Aiello; I. Vaccari; E. Cambiaso;A. Merlo
273
info:eu-repo/semantics/conferenceObject
04 Contributo in convegno::04.01 Contributo in Atti di convegno
   Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures
   FINSEC
   H2020
   786727
04.01 Contributo in Atti di convegno
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/427764
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact