A Methodological Approach towards Cyber Risk Management in Land Administrations Systems
Abstract
:1. Introduction
2. Related Work
3. Methodology
3.1. BPMN: Elicitation Techniques and Data Collection
3.2. Scope of Study and Security Baseline: Data Collected
4. Results
4.1. Results of Step 1: BPMN Identification of Potential Risks/Threats/Vulnerabilities
- Most events (actions) were performed in the survey topographic cadastral section of the BPMN pool (cf. BPMN in the Appendix B).
- The head of the Local Land Office makes the final decision on data modification.
- PUSDATIN, via its GeoKKP, is essential for the operability of input and output data during land transaction subdivisions.
- Risk of the unauthorised modification of data during the parcel subdivision process with malicious intent (cyberattack). This risk could corrupt the integrity of the spatial cadastral data.
- Risk of the loss or deterioration of data during successive transfers and processing between different departments and systems (GeoKKP, Section of Survey, etc.).
- The risk that changes made to geospatial data are not logged and traceable makes it impossible to detect and correct alterations.
- Risk of fraud or the falsification of data by malicious internal actors by exploiting their privileged access.
- External threats: cybercriminals seeking to falsify land transactions, hackers, hacktivists, Script Kiddies.
- Internal threats due to malicious or negligent employees within departments handling cadastral data.
- Threats linked to external partners with access to data, such as private surveyors or notaries (PPAT); although the latter is not involved in the land subdivision process in Indonesia.
- Threats arising from the systems and software used to process the data if vulnerabilities are present (e.g., security flaws in GeoKKP).
- Processes based largely on analogue (non-digital automated) actions carried out by human operators in the survey section.
- Lack of systematic data checks and anomaly detection after each processing operation.
- The final data check is carried out by the Head of Local Office Service and can therefore represent a human “point of failure” if he is compromised.
- Data access and manipulation by multiple departments and actors, making traceability more complex.
- Depending on the GeoKKP system, security may not be fully controlled and could represent a point of entry. GeoKKP can represent a “point of failure”.
- Lack of monitoring and detailed event logs on data access and modification at each stage.
4.2. Results of Step 2: Scope of Study and Security Baseline
4.3. Main Findings and Results
5. Discussion
- A clear vision of the business processes studied for workshop participants.
- A link to compliance in the absence of any mapping of the existing information system within the LAS undergoing digital transition.
- A reusable workflow repository for LAS wishing to deploy Security Orchestration, Automation, and Response capabilities.
6. Conclusions
Author Contributions
Funding
Data Availability Statement
Acknowledgments
Conflicts of Interest
Appendix A
Appendix B
References
- UN-GGIM. Framework for Effective Land Administration—A Reference for Developing, Reforming, Renewing, Strengthening, Modernizing, and Monitoring Land Administration; United Nations Committee of Experts on Global Geospatial Information Management (UN-GGIM): New York, NY, USA, 2020. [Google Scholar]
- Hilhorst, T.; Zevenbergen, J.; Deininger, K. Land Governance and Tenure Security at Scale: Lessons from the Field. Land Use Policy 2021, 110, 105451. [Google Scholar] [CrossRef]
- Grant, D.; Enemark, S.; Zevenbergen, J.; Mitchell, D.; McCamley, G. The Cadastral Triangular Model. Land Use Policy 2020, 97, 104758. [Google Scholar] [CrossRef]
- Enemark, S.; McLaren, R.; Lemmen, C. Gestion Foncière Adaptée Au Contexte-Lignes Directrices Pour La Mise En Œuvre Dans Les Pays: Fit-For-Purpose Land Administration-Guiding Principles for Country Implementation. 2022. Available online: https://vbn.aau.dk/en/publications/gestion-fonci%C3%A8re-adapt%C3%A9e-au-contexte-lignes-directrices-pour-la-m (accessed on 10 December 2023).
- Olfat, H.; Shojaei, D.; Briffa, M.; Maley, S.; Rajabifard, A. Strategic Actions for Increasing the Submission of Digital Cadastral Data by the Surveying Industry Based on Lessons Learned from Victoria, Australia. ISPRS Int. J. Geoinf. 2018, 7, 47. [Google Scholar] [CrossRef]
- Guler, D.; van Oosterom, P.; Yomralioglu, T. How to Exploit BIM/IFC for 3D Registration of Ownership Rights in Multi-Storey Buildings: An Evidence from Turkey. Geocarto Int. 2022, 37, 18418–18447. [Google Scholar] [CrossRef]
- Kalogianni, E.; van Oosterom, P.; Dimopoulou, E.; Lemmen, C. 3D Land Administration: A Review and a Future Vision in the Context of the Spatial Development Lifecycle. ISPRS Int. J. Geoinf. 2020, 9, 107. [Google Scholar] [CrossRef]
- Ying, S.; Xu, Y.; Li, C.; Guo, R.; Li, L. Easement Spatialization with Two Cases Based on LADM and BIM. Land Use Policy 2021, 109, 105641. [Google Scholar] [CrossRef]
- Jafary, P.; Shojaei, D.; Rajabifard, A.; Ngo, T. BIM and Real Estate Valuation: Challenges, Potentials and Lessons for Future Directions. Eng. Constr. Archit. Manag. 2022. [Google Scholar] [CrossRef]
- Ramlakhan, R.; Kalogianni, E.; van Oosterom, P.; Atazadeh, B. Modelling the Legal Spaces of 3D Underground Objects in 3D Land Administration Systems. Land Use Policy 2023, 127, 106537. [Google Scholar] [CrossRef]
- Williamson, I.; Feeney, M.-E. Land Administration and Spatial Data Infrastructures–Trends and Developments. In Proceedings of the FIG XXII International Congress, Washington, DC, USA, 19–26 April 2002; pp. 19–26. [Google Scholar]
- Bennett, R.M.; Donovan, J.; Masli, E.; Riekkinen, K. Land Administration As-A-Service: Relevance, Applications, and Models. Land 2023, 12, 241. [Google Scholar] [CrossRef]
- Delville, P.L. Qu’est-ce que la Sécurité Fonciere et Comment la Renforcer: Des Fiches Pédagogiques pour Comprendre, se Poser de Bonnes Questions et Agir sur le Foncier en Afrique de l’Ouest; Comité Technique Foncier & Développement: Montpellier, France, 2017. [Google Scholar]
- Bennett, R.; Asiama, K.; Zevenbergen, J.; Juliens, S. The Intelligent Cadastre. In Proceedings of the FIG Commission 7/3 Workshop on Crowdsourcing of Land Information, St Juliens, Malta, 16–20 November 2015. [Google Scholar]
- Radosevic, N.; Duckham, M.; Saiedur Rahaman, M.; Ho, S.; Williams, K.; Hashem, T.; Tao, Y. Spatial Data Trusts: An Emerging Governance Framework for Sharing Spatial Data. Int. J. Digit. Earth 2023, 16, 1607–1639. [Google Scholar] [CrossRef]
- Duckham, M.; Sun (Chayn), Q.; Worboys, M.F. GIS; CRC Press: Boca Raton, FL, USA, 2023; ISBN 9780429168093. [Google Scholar]
- Saeidian, B.; Rajabifard, A.; Atazadeh, B.; Kalantari, M. Data Lifecycle of Underground Land Administration: A Systematic Literature Review. Surv. Rev. 2022, 55, 396–415. [Google Scholar] [CrossRef]
- Olfat, H.; Atazadeh, B.; Badiee, F.; Chen, Y.; Shojaei, D.; Rajabifard, A. A Proposal for Streamlining 3D Digital Cadastral Data Lifecycle. Land 2021, 10, 642. [Google Scholar] [CrossRef]
- Kalogianni, E.; Janečka, K.; Kalantari, M.; Dimopoulou, E.; Bydłosz, J.; Radulović, A.; Vučić, N.; Sladić, D.; Govedarica, M.; Lemmen, C.; et al. Methodology for the Development of LADM Country Profiles. Land Use Policy 2021, 105, 105380. [Google Scholar] [CrossRef]
- Selvaratnam, T.; Haselbach, L.; Eren-Tokgoz, B.; Gummelt, G.; Boudreaux, K.; Williams, B.D.; Pyne, M.I.; Linkov, I. Establishing a Regional Interdisciplinary Resilience Center: A Bottom-up Approach. Environ. Syst. Decis. 2023, 43, 191–199. [Google Scholar] [CrossRef] [PubMed]
- Galinec, D. Cyber Security and Cyber Defense: Challenges and Building of Cyber Resilience Conceptual Model. Int. J. Appl. Sci. Dev. 2023, 1, 83–88. [Google Scholar] [CrossRef]
- Linkov, I.; Kott, A. Fundamental Concepts of Cyber Resilience: Introduction and Overview. In Cyber Resilience of Systems and Networks; Springer: Cham, Switzerland, 2018; pp. 1–25. [Google Scholar]
- Geiger, M.; Harrer, S.; Lenhard, J.; Wirtz, G. BPMN 2.0: The State of Support and Implementation. Future Gener. Comput. Syst. 2018, 80, 250–262. [Google Scholar] [CrossRef]
- Esselin, F. Ebios Risk Manager: Une Méthode Accessible Pour Sécuriser La Transformation Numérique. Les Notes CREOGN 2021, 62. [Google Scholar]
- Ding, L.; Xiao, G.; Pano, A.; Fumagalli, M.; Chen, D.; Feng, Y.; Calvanese, D.; Fan, H.; Meng, L. Integrating 3D City Data through Knowledge Graphs. arXiv 2023, arXiv:2310.11555. [Google Scholar] [CrossRef]
- Zareen, S.; Akram, A.; Ahmad Khan, S. Security Requirements Engineering Framework with BPMN 2.0.2 Extension Model for Development of Information Systems. Appl. Sci. 2020, 10, 4981. [Google Scholar] [CrossRef]
- Vranić, S.; Matijević, H.; Roić, M. Application of Workflow Management System to the Modelling of Processes in Land Administration Systems. In Proceedings of the 7th International FIG Workshop on the Land Administration Domain Model 2018, Zagreb, Croatia, 12–13 April 2018. [Google Scholar] [CrossRef]
- Vranić, S.; Matijević, H.; Roić, M.; Vučić, N. Extending LADM to Support Workflows and Process Models. Land Use Policy 2021, 104, 105358. [Google Scholar] [CrossRef]
- Lamiri, A.; Gueraoui, K.; Zeggwagh, G. Risk Analysis of Bitcoin Security Using Ebios Method. Int. Rev. Civ. Eng. (IRECE) 2018, 9, 63. [Google Scholar] [CrossRef]
- Shokry, M.; Awad, A.I.; Abd-Ellah, M.K.; Khalaf, A.A.M. Evaluating Potential Security Risks of Advanced Metering Infrastructure Using EBIOS Risk Assessment Method. In Proceedings of the 2023 International Telecommunications Conference (ITC-Egypt), Alexandria, Egypt, 18 July 2023; IEEE: New York, NY, USA, 2023; pp. 145–150. [Google Scholar]
- ENISA; Papadatos, K.; Rantos, K.; Makrygeorgou, A.; Koulouris, K.; Klontza, S.; Lambrinoudakis, C.; Gritzalis, S.; Xenakis, C.; Katsikas, S.; et al. Interoperable EU Risk Management Toolbox; ENISA (European Union Agency for Cybersecurity): Athens, Greece, 2023.
- ENISA. INTEROPERABLE EU RISK Methodology for and Assessment of Interoperability; ENISA: Athens, Greece, 2022; ISBN 9789292045531.
- ENISA; Lambrinoudakis, C.; Gritzalis, S.; Xenakis, C.; Katsikas, S.; Karyda, M.; Tsochou, A.; Papadatos, K.; Rantos, K.; Pavlosoglou, Y.; et al. Interoperable EU Risk Management Framework: Methodology for and Assessment of Interoperability among Risk Management Frameworks and Methodologies; European Union Agency for Cybersecurity: Athens, Greece, 2022.
- Bennett, R.M.; Unger, E.-M.; Lemmen, C.; Dijkstra, P. Land Administration Maintenance: A Review of the Persistent Problem and Emerging Fit-for-Purpose Solutions. Land 2021, 10, 509. [Google Scholar] [CrossRef]
- Olfat, H.; Atazadeh, B.; Shojaei, D.; Rajabifard, A. The Feasibility of a BIM-Driven Approach to Support Building Subdivision Workflows—Case Study of Victoria, Australia. ISPRS Int. J. Geo-Inf. 2019, 8, 499. [Google Scholar] [CrossRef]
- Shojaei, D.; Olfat, H.; Rajabifard, A.; Darvill, A.; Briffa, M. Assessment of the Australian Digital Cadastre Protocol (EPlan) in Terms of Supporting 3D Building Subdivisions. Land Use Policy 2016, 56, 112–124. [Google Scholar] [CrossRef]
- Hacks, S.; Lagerstrom, R.; Ritter, D. Towards Automated Attack Simulations of BPMN-Based Processes. In Proceedings of the 2021 IEEE 25th International Enterprise Distributed Object Computing Conference, EDOC 2021, Gold Coast, Australia, 25–29 October 2021; pp. 182–191. [Google Scholar] [CrossRef]
- Asim, M.; Yautsiukhin, A.; Brucker, A.D.; Baker, T.; Shi, Q.; Lempereur, B. Security Policy Monitoring of BPMN-Based Service Compositions. J. Softw. Evol. Process 2018, 30, e1944. [Google Scholar] [CrossRef]
- IACD. Enriched BPMN Workflows; IACD: Laurel, MD, USA, 2021. [Google Scholar]
- FIAN. International Disruption or Déjà Vu? Digitalization, Land and Human Rights Mapping of Digitalization and Blockchain Projects in the Land Sector; FIAN: Heidelberg, Germany, 2020. [Google Scholar]
- Bennett, R.M.; Pickering, M.; Sargent, J. Transformations, Transitions, or Tall Tales? A Global Review of the Uptake and Impact of NoSQL, Blockchain, and Big Data Analytics on the Land Administration Sector. Land Use Policy 2019, 83, 435–448. [Google Scholar] [CrossRef]
- Potts, K.E.; Rajabifard, A.; Bennett, R.M. Supporting the Risk Management Process with Land Information: A Case Study of Australia. Disasters 2017, 41, 352–364. [Google Scholar] [CrossRef]
- OECD. Working Digitalisation Challenges and Opportunities for Subnational Governments|OECD Working Papers on Fiscal Federalism|OECD ILibrary; OECD: Paris, France, 2020. [Google Scholar]
- Riekkinen, K.; Toivonen, S.; Krigsholm, P.; Hiironen, J.; Kolis, K. Future Themes in the Operational Environment of the Finnish Cadastral System. Land Use Policy 2016, 57, 702–708. [Google Scholar] [CrossRef]
- Latruffe, L.; Minviel, J.-J.; Salanié, J. The Role of Environmental and Land Transaction Regulations on Agricultural Land Price: The Example of Brittany. Ph.D. Thesis, Institut National de la recherche Agronomique (INRA), Paris, France, 2013; 19p. [Google Scholar]
- Colin, J.-P. Securing Rural Land Transactions in Africa. An Ivorian Perspective. Land Use Policy 2013, 31, 430–440. [Google Scholar] [CrossRef]
- Chen, X.; Biljecki, F. Mining Real Estate Ads and Property Transactions for Building and Amenity Data Acquisition. Urban Inform. 2022, 1, 12. [Google Scholar] [CrossRef]
- Wu, A.N.; Biljecki, F. GANmapper: Geographical Data Translation. Int. J. Geogr. Inf. Sci. 2022, 36, 1394–1422. [Google Scholar] [CrossRef]
- Shavrov, S.; Batura, O.; Slabodich, K.; Kobasa, M. Legislation to Support the Digital Transformation of Land Governance and Land Administration. In Proceedings of the FIG Working Week 2019, Hanoi, Vietnam, 22–26 April 2019. [Google Scholar]
- Camillo, M. Cybersecurity: Risks and Management of Risks for Global Banks and Financial Institutions. J. Risk Manag. Financ. Inst. 2017, 10, 196–200. [Google Scholar]
- Cawthra, J.L.; Wang, S.S.; Hodges, B.J.; Zheng, K.; Williams, R.T.; Kuruvilla, J.J.; Peloquin, C.L.; Littlefield, K.; Neimeyer, B. Securing Picture Archiving and Communication System (PACS) Cybersecurity for the Healthcare Sector; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2020. [CrossRef]
- Ottens, M.; Stubkjær, E. A Socio-Technical Analysis of Cadastral Systems. In Real Property Transactions. Procedures, Transaction Costs and Models; IOP Press: Amsterdam, The Netherlands, 2008; pp. 143–166. ISBN 9781586035815. [Google Scholar]
- Krigsholm, P.; Riekkinen, K.; Ståhle, P. Pathways for a Future Cadastral System: A Socio-Technical Approach. Land Use Policy 2020, 94, 104504. [Google Scholar] [CrossRef]
- Wang, S.; Wang, H. A Sociotechnical Systems Analysis of Knowledge Management for Cybersecurity. Int. J. Sociotechnol. Knowl. Dev. 2021, 13, 77–94. [Google Scholar] [CrossRef]
- Chhetri, I.T. Cybersecurity and Governance, Risk and Compliance (GRC). Aust. J. Wirel. Technol. Mobil. Secur. 2022, 1, 36. [Google Scholar]
- Goh, C.; Kusnadi, Y.; Pan, G.; Seow, P.-S. Governance, Risk and Compliance (GRC) in Digital Transformation: Investor Views. SSRN Electron. J. 2022, 21, 200–223. [Google Scholar] [CrossRef]
- Kiesow Cortez, E.; Dekker, M. A Corporate Governance Approach to Cybersecurity Risk Disclosure. Eur. J. Risk Regul. 2022, 13, 443–463. [Google Scholar] [CrossRef]
- Yomralioglu, T.; Cete, M. Cadastre or Land Administration: A Case Study of Turkey. In Proceedings of the World Cadastre Summit, Istanbul, Turkey, 20–24 April 2015. [Google Scholar]
- Uddin, M.H.; Ali, M.H.; Hassan, M.K. Cybersecurity Hazards and Financial System Vulnerability: A Synthesis of Literature. Risk Manag. 2020, 22, 239–309. [Google Scholar] [CrossRef]
- Lemieux, V.L. Evaluating the Use of Blockchain in Land Transactions: An Archival Science Perspective. Eur. Prop. Law J. 2017, 6, 392–440. [Google Scholar] [CrossRef]
- Njoroge, T.G. Use of Blockchain to Digitize Land Records and Track Land Transfer Transactions in Kenya. Ph.D. Thesis, University of Nairobi, Nairobi, Kenya, 2019. [Google Scholar]
- Ansah, B.O.; Voss, W.; Asiama, K.O.; Wuni, I.Y. A Systematic Review of the Institutional Success Factors for Blockchain-Based Land Administration. Land Use Policy 2023, 125, 106473. [Google Scholar] [CrossRef]
- Shuaib, M.; Alam, S.; Daud, S.M. Improving the Authenticity of Real Estate Land Transaction Data Using Blockchain-Based Security Scheme. In Communications in Computer and Information Science; Springer: Singapore, 2021; Volume 1347, pp. 3–10. [Google Scholar]
- Saeidian, B.; Rajabifard, A.; Atazadeh, B.; Kalantari, M. Managing Underground Legal Boundaries in 3D—Extending the CityGML Standard. Undergr. Space 2023, 14, 239–262. [Google Scholar] [CrossRef]
- Mango, J.; Li, X.; Mango, J.; Claramunt, C.; Ngondo, J.; Zhang, D.; Xu, D.; Colak, E.H.; Li, X. Multipurpose Temporal GIS Model for Cadastral Data Management. Int. J. Geogr. Inf. Sci. 2021, 36, 1205–1230. [Google Scholar] [CrossRef]
- Shojaei, D.; Badiee, F.; Olfat, H.; Rajabifard, A.; Atazadeh, B. Requirements of a Data Storage Infrastructure for Effective Land Administration Systems: Case Study of Victoria, Australia. J. Spat. Sci. 2022, 68, 431–449. [Google Scholar] [CrossRef]
- Atazadeh, B.; Olfat, H.; Rajabifard, A.; Saeidian, B. Evaluation of the International 3D Geospatial Data Models and IFC Standard for Implementing an LADM-Based 3D Digital Cadastre. In Proceedings of the 10th International FIG workshop on the Land Administration Domain Model 2022, Dubrovnik, Croatia, 31 March–2 April 2022. [Google Scholar] [CrossRef]
- République et Canton de Genève. Etude de La Norme LADM, Potentiel Modèle Pour Le Cadastre Suisse et Français? Le Territoire Genevois à La Carte: Ferney-Voltaire, France; Grand Saconnex, Switzerland, 2020. [Google Scholar]
- Yliselä, P. Finland to Have the Most Innovative and the Safest Geospatial Ecosystem in the World; ICC 2019 SPECIAL ISSUE; International Cartographic Association: Bern, Switzerland, 2019. [Google Scholar]
- Krigsholm, P.; Zavialova, S.; Riekkinen, K.; Ståhle, P.; Viitanen, K. Understanding the Future of the Finnish Cadastral System—A Delphi Study. Land Use Policy 2017, 68, 133–140. [Google Scholar] [CrossRef]
- De Vries, W.T. Trends in The Adoption of New Geospatial Technologies for Spatial Planning and Land Management in 2021. Geoplan. J. Geomat. Plan. 2022, 8, 85–98. [Google Scholar] [CrossRef]
- Nyandwi, E.; Koeva, M.; Kohli, D.; Bennett, R. Comparing Human Versus Machine-Driven Cadastral Boundary Feature Extraction. Remote Sens. 2019, 11, 1662. [Google Scholar] [CrossRef]
- Chaturvedi, K.; Matheus, A.; Nguyen, S.H.; Kolbe, T.H. Securing Spatial Data Infrastructures for Distributed Smart City Applications and Services. Future Gener. Comput. Syst. 2019, 101, 723–736. [Google Scholar] [CrossRef]
- Coetzee, S.; Gould, M.; McCormack, B. Towards a Sustainable Geospatial Ecosystem beyond SDIs 1; EUROGI: Druento, Italy; UN-GGIM: New York, NY, USA, 2021; pp. 1–33. [Google Scholar]
- ISO/IEC Standard No. 19510:2013; Information Technology—Object Management Group Business Process Model and Notation. ISO: Geneva, Switzerland, 2013.
- ISO Standard No. 31000:2018; Risk Management—Guidelines. ISO: Geneva, Switzerland, 2018.
- ISO/IEC Standard No. 27005:2022; Information Technology—Security Techniques—Information Security Risk Management. ISO/IEC: Geneva, Switzerland, 2022.
- Katsigarakis, K.; Lilis, G.; Rovas, D.; González-Gerpe, S.; Bernardos, S.; Cimmino, A.; Poveda-Villalón, M.; García-Castro, R. A Digital Twin Platform Generating Knowledge Graphs for Construction Projects. In Proceedings of the Third International Workshop On Semantic Digital Twins (SeDiT 2022), Co-Located with the 19th European Semantic Web Conference (ESWC 2022), Hersonissos, Greece, 29 May 2022. [Google Scholar]
- Firmansyah, M.; Yuswanto, A. Knowledge Management for Information Security Incident Handling at Security Operation Center of Jakarta Provincial Government. Monas J. Inov. Apar. 2022, 4, 441–452. [Google Scholar] [CrossRef]
- Paul, S.; Naouar, D.; Gureghian, E. Obérisk: Cybersecurity Requirements Elicitation through Agile Remote or Face-to-Face Risk Management Brainstorming Sessions. Information 2021, 12, 349. [Google Scholar] [CrossRef]
- Naouar, D.; El Hachem, J.; Voirin, J.-L.; Foisil, J.; Kermarrec, Y. Towards the Integration of Cybersecurity Risk Assessment into Model-Based Requirements Engineering. In Proceedings of the 2021 IEEE 29th International Requirements Engineering Conference (RE), Notre Dame, IN, USA, 18 September 2021; IEEE: New York, NY, USA, 2021; pp. 334–344. [Google Scholar]
- Choubey, S.; Bhargava, A. Significance of ISO/IEC 27001 in the Implementation of Governance, Risk and Compliance. Int. J. Sci. Res. Netw. Secur. Commun. 2018, 6, 30–33. [Google Scholar]
- Paul, S. OBÉRISK: A Tooled-Up Obeya-like Approach to Risk Management; Club EBIOS: Paris, France, 2020. [Google Scholar]
- Mendling, J.; Reijers, H.A.; Recker, J. Activity Labeling in Process Modeling: Empirical Insights and Recommendations. Inf. Syst. 2010, 35, 467–482. [Google Scholar] [CrossRef]
- Dumas, M.; La Rosa, M.; Mendling, J.; Reijers, H.A. Fundamentals of Business Process Management; Springer: Berlin Heidelberg, Germany, 2018; ISBN 978-3-662-56508-7. [Google Scholar]
- ISO/IEC Standard No. 27001:2022; Information Security, Cybersecurity and Privacy Protection—Information Security Management Systems—Requirements. ISO/IEC: Geneva, Switzerland, 2022.
- Windayana, S.; Syamsul Ma’arif, M.; Arkeman, Y.; Hermadi, I. Design of blockchain system for land services at the ministry of agrarian and spatial planning national land agency. Seybold Rep. 2023, 18, 2451–2466. [Google Scholar] [CrossRef]
- Sadlek, L.; Celeda, P.; Tovarnak, D. Identification of Attack Paths Using Kill Chain and Attack Graphs. In Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022: Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022, Budapest, Hungary, 25–29 April 2022. [Google Scholar] [CrossRef]
- Xiong, W.; Legrand, E.; Åberg, O.; Lagerström, R. Cyber Security Threat Modeling Based on the MITRE Enterprise ATT&CK Matrix. Softw. Syst. Model. 2022, 21, 157–177. [Google Scholar] [CrossRef]
- Belfadel, A.; Boyer, M.; Letailleur, J.; Petiot, Y.; Yaich, R. Towards a Security Impact Analysis Framework: A Risk-Based and MITRE Attack Approach. In Computer Security—ESORICS 2022 International Workshops (ESORICS 2022); Lecture Notes in Computer Science; Springer: Cham, Switzerland, 2023; Volume 13785, pp. 212–227. [Google Scholar] [CrossRef]
- FAO; UNECE; FIG. Digital Transformation and Land Administration; FAO: Rome, Italy; UNECE (United Nations Economic Commission for Europe): Geneva, Switzerland, 2022; ISBN 978-92-5-136837-4. [Google Scholar]
- United Nations Economic Commission for Europe. Scenario Study on Future Land Administration in the UNECE Region; United Nations: New York, NY, USA, 2022; ISBN 9789210011204.
- Trachtman, J. Developing Multistakeholder Structures for Cybersecurity Norms: Learning from Experience. In Building an International Cybersecurity Regime; Edward Elgar Publishing: Cheltenham, UK, 2023; pp. 85–110. [Google Scholar]
Sources | Experimentation | Corpus | Analysis |
---|---|---|---|
BPMN elicitation survey | Online survey | 4 participants from PUSDATIN | lexicometric analysis |
cybersecurity checklist survey | Online survey | 4 participants from PUSDATIN | exploratory statistics |
on-site PUSDATIN internship | Interviews documentary analysis | corpus of 50 documents from the PUSDATIN | exploratory analysis |
“scope of study & security baseline” workshop | focus-group | 6 participants | quantitative and qualitative analysis grids |
audio recordings | audio recording of the workshop | 2 recordings with 2 microphones | CAQDAS |
Policy | Regulation | Standard | |
---|---|---|---|
Scope | Specific to the LAS | Applicable to all organisations processing personal data | Applicable to any organisation wishing to implement an information security management system |
Elaboration | Established by the LAS | Established by a government authority or regulatory entity | Prepared by the International Organization for Standardization (ISO) |
Constraint | Internal to the LAS, subject to internal adaptations | Mandatory, must be legally respected | Voluntary, can be used to demonstrate compliance or adoption of good practices |
Sanctions | Usually LAS disciplinary measures | Fines, penalties, or legal sanctions | No formal sanction, but can be used as a benchmark or evaluation criterion |
Examples | An LAS password management policy | Regulation on the protection of personal data (e.g., GDPR) | ISO 27001 Standard [86] for Information Security Management |
BPMN 2.0 | Helpful (to Achieving the Objective) | Harmful (to Achieving the Objective) |
---|---|---|
internal |
|
|
|
| |
|
| |
|
| |
external |
|
|
|
| |
|
|
Scope of Study and Security Base |
Helpful (to Achieving the Objective) |
Harmful (to Achieving the Objective) |
---|---|---|
internal |
|
|
|
| |
|
| |
external |
|
|
|
| |
|
|
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Blin, P.-F.; Aditya, T.; Santosa, P.B.; Claramunt, C. A Methodological Approach towards Cyber Risk Management in Land Administrations Systems. Land 2024, 13, 19. https://doi.org/10.3390/land13010019
Blin P-F, Aditya T, Santosa PB, Claramunt C. A Methodological Approach towards Cyber Risk Management in Land Administrations Systems. Land. 2024; 13(1):19. https://doi.org/10.3390/land13010019
Chicago/Turabian StyleBlin, Pierre-François, Trias Aditya, Purnama Budi Santosa, and Christophe Claramunt. 2024. "A Methodological Approach towards Cyber Risk Management in Land Administrations Systems" Land 13, no. 1: 19. https://doi.org/10.3390/land13010019
APA StyleBlin, P. -F., Aditya, T., Santosa, P. B., & Claramunt, C. (2024). A Methodological Approach towards Cyber Risk Management in Land Administrations Systems. Land, 13(1), 19. https://doi.org/10.3390/land13010019