Centre of Expertise Cyber Security

Kenniscentrum Cyber Security, IT-engineers werken in een datacenter
Contact us

About

The importance of digital security has become indispensable for the world we live in. The mission of the Centre of Expertise Cyber Security is to strengthen the cyber resilience of public and private organisations that are themselves less equipped to deal with cyber threats. 

Cyber resilience represents the ability of organisations to recognise cyber threats and respond to them appropriately. The focus on cyber resilience stems from the observation that organisations will all have to deal with cyber incidents sooner or later and therefore need to focus not only on preventive measures, but also, for example, on detection and response.

Infographic 2023 Cyber Security

In order to gain a better understanding of how to realise cyber resilience, our research focuses on three sub-areas:

  1. People: which behavioural and attitudinal aspects influence cyber resilience and how can organisations improve these aspects for cyber resilience?
  2. Organisation: which organisational aspects influence cyber resilience and how can organisations improve these aspects for cyber resilience?
  3. Technology: which technical aspects influence cyber resilience and how can organisations improve these aspects for cyber resilience?

Since its establishment in 2015, the Centre of Expertise Cyber Security has grown rapidly, and a great deal of practice-oriented research has been completed. We remain committed to sustaining previous successes and creating synergies between practice-oriented research, education and professional practice.

Projects

Cybersecurity Living Lab: Co-creating Cybersecurity)

The Cybersecurity Living Lab is an experimental working environment where students, researchers, companies, public institutions, and end-users collaborate to develop, test, and evaluate new ideas, products, and services in cybersecurity.
Read more

Project C-SIDE: Cyber Security by Integrated Design

The primary objective of C-SIDE is to develop a methodology for designing secure software systems.
Read more

Factors contributing to negotiation, payment, and reporting by ransomware victims

Ransomware is currently considered one of the primary online threats. However, little is known about the extent of ransomware victimization among citizens and entrepreneurs.
Read more

News

20 September 2024

Research

Cyber risk management should primarily become shared risk management

Peter Roelofsma new professor of Risk Management & Cyber Security
Read more

14 September 2023

Research

Rutger Leukfeldt receives ERC Starting Grant

Rutger Leukfeldt has received this prestigious European grant for his research proposal titled "Cybercrime…
Read more

29 March 2023

Research

Municipalities suffer from digital cold feet

Municipalities should do more to tackle cybercrime. After all, it claims many victims and the impact on victims is…
Read more
View All

Research groups

Team

 

Meet our team

Team Cyber Security

Publications

Information security education based on job profiles and the e-CF

The information security field requires standardised education. This could be based on generic job profiles and a standard competence framework. The question is whether this is possible and feasible. To find out, the author did a case study: developing an information security master curriculum based on a generic PVIB job profile and the underlying competence framework e-CF.

Read more

Cyber crises require anticipation and improvisation

The ransomware attack on Maastricht University (2019) and the wiperware attack on Maersk (2017) painfully demonstrated that major incidents cannot be prevented and can even turn into cyber crises. The extent to which organisations can limit the impact of cyber crises is determined, among other things, by their business continuity and crisis management. How do you adequately organise these control measures, however?

Download article (PDF)

Secure Naming for Distributing Computing using the Condensed Graph Model

Implementing a distributed computation architecture has several basis functional requirements, such as load balancing, fault tolerance and security. The challenge is in how you manage these requirements as a whole. Security is a specific problem in that it is made up of a number of important aspects, such as confidentiality, integrity and availability. Each of these aspects is vital in a distributed system.One important aspect of security is access control. The central premise of this thesis is: “If you can name it, you can control access to it”.This dissertation examines the security requirements of the WebCom distributed computing environment and develops the security architecture for WebCom, primarily to provide a systematic access control mechanism for condensed graph applications.The flexibility of this architecture is demonstrated with a number of case studies, including a micropayment architecture for distributed computations, an automated administration architecture for Grid and an activity based secure workflow architecture.

T.B. Quillinan. Secure Naming for Distributing Computing using the Condensed Graph Model. Ph.D. Thesis. University College Cork, Cork, Ireland. July 2006.

Cloud-Based Intelligence Aquisition and Processing for Crisis Management

Contemporary crisis management has to deal with complex socio-technical environments involving many interdependent elements. Many dependencies in such settings result in complex cascading processes that can have adverse effects on the population, environment, and economy. Adequate situation awareness and the capability to
predict the development of a crisis situation under different circumstances is a critical element of effective, and timely, crisis management and response.

de Oude, Patrick; Pavlin, Gregor;  Quillinan, Thomas; Jeraj, Julij, and Abouhafc, Abdelhaq. (2017). Cloud-Based Intelligence Aquisition and Processing for Crisis Management. 133-153. 10.1007/978-3-319-52419-1_9

Article

Information security education based on job profiles and the e-CF

The information security field requires standardised education. This could be based on generic job profiles and a standard competence framework. The question is whether this is possible and feasible.

Article

Cyber crises require anticipation and improvisation

The ransomware attack on Maastricht University (2019) and the wiperware attack on Maersk (2017) painfully demonstrated that major incidents cannot be prevented and can even turn into cyber crises.

Article

Leading a cyber incident response team

Jelle Groenendaal and Ira Helsloot present a model of cyber incident command that aims to support leaders by providing practical and applicable insights into decision-making under challenging conditions.

Download PDF

Thesis

Secure Naming for Distributing Computing using the Condensed Graph Model

Implementing a distributed computation architecture has several basis functional requirements, such as load balancing, fault tolerance and security. The challenge is in how you manage these requirements as a...

Article

Cloud-Based Intelligence Aquisition and Processing for Crisis Management

Contemporary crisis management has to deal with complex socio-technical environments involving many interdependent elements. Many dependencies in such settings result in complex cascading processes that can...