Next Article in Journal
Analysis of the Impact of Land Use Change on Grain Production in Jiangsu Province, China
Previous Article in Journal
Modeling the Impact of Land Use Optimization on Non-Point Source Pollution: Evidence from Chinese Reservoir Watershed
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

A Methodological Approach towards Cyber Risk Management in Land Administrations Systems

by
Pierre-François Blin
1,
Trias Aditya
1,
Purnama Budi Santosa
1,* and
Christophe Claramunt
2
1
Department of Geodetic Engineering, Universitas Gadjah Mada, Yogyakarta 55281, Indonesia
2
Naval Academy Research Institute, 29160 Lanvéoc, France
*
Author to whom correspondence should be addressed.
Land 2024, 13(1), 19; https://doi.org/10.3390/land13010019
Submission received: 4 November 2023 / Revised: 11 December 2023 / Accepted: 18 December 2023 / Published: 21 December 2023

Abstract

:
Cybersecurity risk management in land administration systems is crucial for maintaining the integrity of spatial cadastral data, which faces increasing threats owing to the digital transformation of LAS. This research validates the findings of this preliminary step in the form of a cyber risk management methodology that combines BPMN 2.0 with model business processes implemented by a compliance-based approach using EBIOS Risk Manager. A practical case of land parcel subdivision in Indonesia is analysed to serve as a proof of concept for our proposed methodology. Vulnerabilities are identified and are characterised by a concentration of manual tasks and the absence of systematic controls, resulting in significant risks to data integrity. These findings underscore the urgent need for a proactive approach to strengthen the cyber resilience of LAS. This study attempts to develop a fit-for-purpose reference methodology for cyber risk management specifically tailored to LAS to identify and treat vulnerabilities, threats, risks, and impacts.

1. Introduction

Land administration systems (LAS) are situated at the heart of land governance frameworks globally [1]. As one of its tasks is to be the depositary of cadastral data, LAS constitute a vital informational foundation underpinning property rights, land-use planning, dispute mediation, and sustainable development [2,3,4]. The multidimensional spatial cadastral data [5,6,7,8] contained in the LAS serve as the cornerstone of its essential functions, such as land valuation [9], taxation [10], spatial planning, and environmental monitoring [11]. This geographic information provides an authoritative mapping of land parcel boundaries and associated attributes that enable land markets [12], secured land tenure [2,13], and evidence-based policymaking [14]. However, the integrity and resilience of land information infrastructure now face acute risks in an increasingly digitised and interconnected era [15,16,17,18]. The need for innovative approaches tailored specifically to managing cyber risks within LAS organisations remains unfulfilled [19]. This study aims to address this gap by developing a methodology that combines international standards, time-tested risk analysis techniques, and collective intelligence to enhance cyber resilience [20,21,22] in LAS (Figure 1), to identify and treat vulnerabilities, threats, risks, and impacts in LAS.
This methodology integrates the Business Process Modeling Notation (BPMN) [23] analysis of land transaction workflows to reveal vulnerabilities, the Expression des Besoins et Identification des Objectifs de Sécurité Risk Manager (EBIOS RM) framework [24] to methodically identify and evaluate threats, and a participatory approach to foster organisational learning (Figure 2). BPMN was chosen over UML for modelling land transactions because of its readability and user-friendliness, facilitation of knowledge transfer [25], and acceleration of process understanding. This initiative aims to visually represent the workflow involved in updating cadastral data during land transactions. BPMN 2.0, as a business process modelling standard, is incorporated into our methodology with the primary objective of ensuring interoperability with other governance frameworks, such as ITIL and COBIT, in line with the recommendations of the United Nations Integrated Geospatial Information Framework (UN-IGIF) and the European Location Interoperability Solutions for e-Government (ELISE). This interoperability makes it easier to compare, illustrate, and optimise cybersecurity-related business processes between LAS [26,27,28].
EBIOS Risk Manager [24,29,30] is chosen because, according to ENISA, it is the only interoperable risk management framework combining both scenario-based (SB) and asset-based (AB) approaches and mixing qualitative and quantitative approaches [31,32,33].
Figure 2 depicts the six steps involved, each represented by a number arranged horizontally. The first line of each step serves as its title, followed by the problem question, approach, standard, elicitation input, and framework output, arranged vertically from top to bottom.
This is an initial feasability study with the aim of creating a proof-of-concept upon the completion of all phases of the methodology. The case study concerns a generic land transaction on a global scale but can be applied to any type of land transaction. This research focused on applying the first “perimeter of study” phase of the methodology to the case study of the maintenance of the integrity of spatial cadastral data [34] during the land transaction subdivision process [35,36] in existing certified freehold land parcels in Indonesia. This is followed by the risk assessment phase, and then the security continuous improvement plan (SCIP) phase (Figure 2).
Primary data collection includes organisational surveys, interviews, and participative workshops with the National Land Agency of Indonesia (BPN) and the Local Land Office of Jakarta Utara. Business process modelling uses BPMN 2.0 standards [37,38,39] to identify vulnerabilities related to processes within subdivision workflows, such as manual tasks. The EBIOS RM workshop “scope of study & security baseline” enabled the collective identification of feared events (FE), impact analysis, and an evaluation of the security baseline through standards compliance.

2. Related Work

Although LAS digitalisation [40,41] and online services [12] yield efficiency gains, they also expand the attack surface for malicious actors seeking to penetrate systems and exploit cyber vulnerabilities. Recent surveys reveal significant cybersecurity deficits in land agencies worldwide [42]. With land administration shifting towards e-government [43], threats to data integrity via cyberattacks and internal fraud intensify [44]. The breaches that corrupt cadastral data can cascade across dependent sectors, undermining property transactions [45,46], spatial planning [47,48], tax revenue, and governance [2,49]. However, current cyber risk assessment methods employed in sectors such as finance [50] and healthcare [51] demonstrate limited applicability to uniquely complex processes, dispersed datasets, and the myriad of stakeholders involved in LAS operations [16]. The authors call for better land governance due to rising cybersecurity issues for land agencies [2], and the value of socio-technical approaches [52,53] involving all stakeholders is also noted [54].
Nonetheless, concrete methodologies that integrate cyber risk management with land governance frameworks remain underdeveloped [55,56,57]. Although crucial, the cybersecurity of land administration systems (LAS) is the subject of limited research to date [58], and the existing literature focuses more heavily on securing financial transactions, which differs significantly from the complexity of land transactions [50,59]. Several studies explore the potential of blockchain technology to enhance the security of land transactions through disintermediation and distributed ledgers [60,61,62]. However, these studies examined blockchain applications in isolation, rather than integrating them into a comprehensive cyber risk management approach tailored to LAS [41,63].
Other studies have focused on modelling cadastral data in 3D and 4D to better represent Rights, Restrictions, and Responsibilities (RRRs) [64,65]. Although the utilisation of multidimensional cadastral objects provides a greater degree of insight, attendant digital risks and cyber threats are not adequately addressed. The adoption of international standards, such as LADM, enables the greater interoperability of cadastral data [66,67,68]. Ensuring cyber resilience in interconnected LAS represents an immense challenge that standards alone cannot address. Research specific to LAS cybersecurity and risk analysis methodologies is still in its infancy but is increasingly urgent as threats intensify with digital transformation [69,70] and new technologies [71]. In addition, mature LAS using GeoAI [67,68] and spatial computing [69,71] require cadastral data with 100% integrity to run their models. GeoAI and Spatial Computing algorithms depend on data to function. Utilising non-integrated cadastral data as an input for these algorithms carries a potential risk because it can generate non-integrated outputs that are then used in other government applications. This, in turn, can lead to the officialisation and legitimisation of inaccurate and corrupt data.
By elucidating the risks across the chain of custody for spatial cadastral data [72], designing adaptive controls, and promoting cybersecurity culture, this methodology enables LAS to address emerging challenges to data integrity. This approach aligns with Spatial Data Infrastructure (SDI) security efforts [73] from bodies such as the UN Committee of Experts on Global Geospatial Information Management [1] and the European Union [74]. Existing studies provide useful foundations, but developing dedicated cyber risk management approaches tailored to the unique nature of LAS represents a crucial methodological gap which warrants further research.
Current approaches remain compartmentalised and fragmentary and have failed to be integrated systemically to address the complex challenges facing cyber resilience in LAS. Our methodology offers an integrated perspective based on international standards, proven risk analysis techniques, and collective intelligence.

3. Methodology

This study introduces a cyber risk management methodology (Figure 2) composed of three phases: Perimeter of Study, Risk Assessment, and Security Continuous Improvement Plan. This paper develops the different components of the preliminary phase “Perimeter of Study” (Figure 3) applied to the case study of maintaining the integrity of spatial cadastral data during land subdivision transactions of freehold titles in Indonesia. Figure 3 shows the successive data collection and analysis carried out in this “perimeter of study” phase. The detailed data research method diagram is provided in the Appendix A, and each data analysis serves as a basis for the next. The creation of the BPMN diagram helps to construct the cybersecurity baseline survey in preparation for the “scope of study & security baseline” workshop. These preliminary data are also used to run the Obérisk workshop. Figure 3 illustrates the data research methodology for the “perimeter of study” phase of our methodology, which combines international standards (ISO 19510 [75], 31000 [76], 27005 [77]), proven risk analysis techniques (BPMN 2.0 and EBIOS RM), and collective intelligence (participative elicitation) to prepare the next “Risk Assessment” phase (Figure 2).
The Perimeter of Study phase aims to clearly define the boundaries and scope of cyber risk analysis through two steps: business process modelling with BPMN 2.0, and establishing the scope of the study and a security baseline, inspired by the EBIOS RM method from ANSSI (National Cybersecurity Agency of France), promoted by ENISA [31,32,33]. EBIOS Risk Manager is a structured framework for cyber risk analysis that combines both qualitative and quantitative approaches. This enables threats and their impacts to be assessed methodically.
The case study was conducted in 2023 in collaboration with the Data Centre (PUSDATIN) of the Indonesian National Land Agency (BPN). The corpus was composed of primary data collected via online surveys, a focus group workshop, and informal interviews during a 2-week on-site internship at PUSDATIN (Jakarta). Secondary data comprises over 50 internal documents, including regulations, standards, and policy papers, accessed after signing a confidentiality agreement (Table 1). In order to guarantee the protection of the data recorded during the workshops, a confidentiality agreement was signed by the first author of the paper to prevent any disclosure of information and to protect the confidentiality of the results.
Data analysis combines qualitative and quantitative techniques such as semiologic analysis and basic descriptive statistics for the following BPMN elicitation survey, and discourse analysis of audio recordings and quantitative analysis based on EBIOS RM grids for the subsequent Obérisk elicitation workshop. The data collection and analysis methodology aims to ensure replicability while protecting the confidentiality of sensitive information.

3.1. BPMN: Elicitation Techniques and Data Collection

This section discusses the integration of BPMN 2.0 within our research methodology, focusing on the underlying principles and results rather than on technical terms and acronyms. This integration method has several advantages.
The methodology begins with the use of BPMN 2.0, a globally recognised standard, to graphically represent business processes within land administration systems. This approach aims to facilitate the analysis, design, communication, and implementation, with knowledge management [78,79], of digital transformation strategies within LAS.
Our choice of BPMN 2.0 is based on considerations of readability and user-friendliness, enabling a better understanding of processes, communication within teams, and the promotion of a culture of cybersecurity within LAS, including the reuse of automated penetration tests. It is important to note that the Integrated Adaptive Cyber Defense (IACD) recommends the adoption of the BPMN 2.0 standard to address interoperability issues in Security Orchestration, Automation, and Response (SOAR) platforms. This initiative aims to encourage the adoption of BPMN 2.0 to improve collaboration in cyber defence.
The main objective of this initiative is to visually understand the workflow involved in updating spatial cadastral data during land transactions in Indonesia. This representation highlights the different departments involved, organisational hierarchies, stakeholders, and potential vulnerabilities that may arise during this process.
Data collection and BPMN 2.0 modelling are implemented using business analyst elicitation techniques. An online questionnaire, comprising 50 open-ended questions, to obtain the maximum amount of semiological and lexi-cometric information from the respondent; the questions were grouped according to BPMN 2.0 concepts, and the survey was administered to several cadastral data managers and relevant stakeholders. A BPMN 2.0 diagram was then drawn up using a free online tool such as https://camunda.com/ (accessed on 19 December 2023). This methodological approach is essential for conducting this study and obtaining meaningful results.

3.2. Scope of Study and Security Baseline: Data Collected

This step focuses on establishing the temporal and functional framework of the study and defining its business assets and technical scope. The objective is to identify feared events and their impact on the integrity of spatial cadastral data during land subdivision transactions. This study applies the principles of compliance (ISO 31000 standard [76]) to cyber risk management, as shown in the Cyber Risk Management Pyramid (Source: ANSSI). In the Cyber Risk Management Pyramid, the “compliance” approach corresponds to step 2 (Figure 2), while the “scenario” approach represents the next steps in our “risk assessment” phase.
Step 2 of our methodology initiates the analysis by defining the objectives of the study, the temporal and functional framework, and the participants and their roles. This step involves identifying the business assets and supporting assets needed to achieve the objectives of maintaining the integrity of spatial cadastral data during subdivision, as it lays the foundations for the subsequent analysis. A fear event is associated with assets that pose security problems. Stakeholders within the ecosystem may be potential targets of attack owing to their privileged digital access, vulnerabilities, or exposure to risk. Feared events related to business assets are assessed for their impact and severity. In addition, the security baseline is examined by eliminating obvious scenarios in a compliance approach [80,81]. The compliance approach serves as a bulwark against general cyber-attacks, providing 80% of the cybersecurity solutions [56,82]. The remaining 20%, including advanced persistent threats (APT), require a scenario-based approach in the following “Risk Assessment” phase.
For Step 2, the involvement of decision-makers is crucial, including risk management staff, department heads, external experts, and security managers. This is achieved through micro-workshops, interviews, and an analysis of internal documentation. Confidential internal documents provide details of the processes, requirements, and risks linked to land transactions. A questionnaire comprising 80 closed/open questions (Figure 3) on IT security is sent to participants before the workshop to obtain their perceptions of system security and involve them in the workshop. The EBIOS RM method (ISO 27005), complemented by the Obérisk elicitation approach, emphasises the involvement of decision-makers and the consideration of human factors in cyber risk management. Obérisk is a playful approach to participative elicitation that facilitates the emergence of collective intelligence in risk management [80]. Obérisk posters guide discussions and visually capture knowledge [83].
The BPMN diagram from Step 1 (In the Appendix B) is used to pinpoint the assets and actors in the land subdivision business process. Audio recordings of the focus groups are analysed using CAQDAS software Nvivo 12. CAQDAS (Computer Assisted Qualitative Data Analysis) software is used for qualitative analysis of focus group audio recordings. CAQDAS software is used to code, annotate, and analyse unstructured data. The focus group includes relevant participants, and Obérisk posters [80] facilitate discussions and the emergence of collective intelligence.

4. Results

4.1. Results of Step 1: BPMN Identification of Potential Risks/Threats/Vulnerabilities

A BPMN diagram is “non-executable” when it lacks technical details allowing for an automated execution by a BPMN engine [84]. Its purpose is to help humans understand the subdivision parcel process. These models use BPMN elements (activities, events, decisions, etc.) but may not include data exchange or precise business logic for automatic orchestration [85]. A non-executable diagram describes the processes that can be refined to create an executable BPMN diagram. Our BPMN diagram models the end-to-end workflow of a freehold land title (Sertifikat Hak Milik) subdivision, which is consistent with BPN processes. The parcel’s spatial cadastral data were updated and validated by BPN internal players during the subdivision stages, with no involvement from PPAT (land notary). The diagram shows the sequence of spatial cadastral data from surveying to certification, registration, and publication in the Indonesian cadastre.
The BPMN diagrams use symbols to illustrate the parcel subdivision process. Rounded rectangles denote activities such as digitisation, validation, or updating, whereas diamonds represent data conformity decisions. Paper sheets symbolise documents and messages, and pictograms show human interactions with the data.
The diagram divides the five stakeholders into three groups with different interests and objectives. Customers want effective land transaction subdivision, the Local Land Office runs it, and PUSDATIN wants to protect the spatial cadastral data.
We can observe a straight path as follows:
  • Most events (actions) were performed in the survey topographic cadastral section of the BPMN pool (cf. BPMN in the Appendix B).
  • The head of the Local Land Office makes the final decision on data modification.
  • PUSDATIN, via its GeoKKP, is essential for the operability of input and output data during land transaction subdivisions.
BPMN analysis revealed that the Local Land Office’s survey section conducted most of the actions. This section has privileged access to the spatial cadastral data. Some of the 13 events were automated. This manual process by human operators can be a vulnerability, particularly in a country ranked 110th in Transparency International’s Corruption Perceptions Index (CPI) in 2022.
The survey section used data from the GeoKKP system of the Land Data Center (PUSDATIN) on four occasions. Therefore, GeoKKP could represent a potential threat if vulnerabilities were exploited to compromise the integrity of cadastral data during the subdivision process. Several risks to the integrity of spatial cadastral data can potentially be identified by the risk manager in the BPMN diagram:
  • Risk of the unauthorised modification of data during the parcel subdivision process with malicious intent (cyberattack). This risk could corrupt the integrity of the spatial cadastral data.
  • Risk of the loss or deterioration of data during successive transfers and processing between different departments and systems (GeoKKP, Section of Survey, etc.).
  • The risk that changes made to geospatial data are not logged and traceable makes it impossible to detect and correct alterations.
  • Risk of fraud or the falsification of data by malicious internal actors by exploiting their privileged access.
There are several potential threats to the integrity of the spatial cadastral data:
  • External threats: cybercriminals seeking to falsify land transactions, hackers, hacktivists, Script Kiddies.
  • Internal threats due to malicious or negligent employees within departments handling cadastral data.
  • Threats linked to external partners with access to data, such as private surveyors or notaries (PPAT); although the latter is not involved in the land subdivision process in Indonesia.
  • Threats arising from the systems and software used to process the data if vulnerabilities are present (e.g., security flaws in GeoKKP).
Several vulnerabilities which could compromise the integrity of the spatial cadastral data can be identified by cyber risk managers in the process flow:
  • Processes based largely on analogue (non-digital automated) actions carried out by human operators in the survey section.
  • Lack of systematic data checks and anomaly detection after each processing operation.
  • The final data check is carried out by the Head of Local Office Service and can therefore represent a human “point of failure” if he is compromised.
  • Data access and manipulation by multiple departments and actors, making traceability more complex.
  • Depending on the GeoKKP system, security may not be fully controlled and could represent a point of entry. GeoKKP can represent a “point of failure”.
  • Lack of monitoring and detailed event logs on data access and modification at each stage.
The use of the BPMN 2.0 model to represent the business workflow of land transaction subdivisions in EBIOS RM facilitates the analysis of cyber risks by focusing on the “asset owners” in EBIOS RM. The model also provides a visual aid for classifying “support assets” in the “organisation” section of the third Obérisk Workshop Datasheet n°1 (Section 4) [80] as “main support assets”, complementing the functional architecture diagram in the ‘Information Technology’ section just below. The production of the BPMN diagram is useful because of its visual nature, allowing for notes to be made during the first semi-directed focus group EBIOS RM workshop, called “Scope of study & Security Baseline”.

4.2. Results of Step 2: Scope of Study and Security Baseline

Introducing the Scope of Study and Security Baseline workshop serves as the foundation for the EBIOS RM method. The primary objective of the workshop is to establish a temporal and technical framework for the system, identify its missions and security requirements, and develop a comprehensive cybersecurity engineering strategy. Participants in the workshop include key decision-makers from LAS, such as top managers, Governance–Risk–Compliance experts, Chief Information Security Officers (CISOs), Chief Data Officers (CDOs), and other relevant stakeholders.
The initial section of Workshop 1 is dedicated to capturing the study’s objectives (represented by pink sticky notes) and missions (represented by blue sticky notes). The workshop allows for up to three objectives, although fewer may suffice to maintain clarity. Furthermore, it is important to emphasise the definition of an analysis timeframe, considering that the EBIOS RM method involves two cycles: strategic and operational, each with its expected timeframe. In the subsequent section, we focus on business assets and asset owners. Asset owners, represented by yellow bubbles, exercise control over assets. The datasheet accommodates the grouping of asset owners by type, such as partners, subcontractors, and suppliers. This process simplifies the representation process.
The lower section of the second segment evaluates operational and business assets using light blue sticky notes positioned along the security necessity axis. These assets encompass critical elements, such as sensitive data, trade secrets, and confidential information, which are integral to LAS’s core business operations. Protecting these assets is paramount to business continuity and reputation. In this context, the primary focus is on process-type assets to streamline the assessment of the security needs. This approach minimises redundancy by ensuring that the security requirements for the processes and associated data are aligned with the Confidentiality–Integrity–Availability triad and privacy [83].We identify several key business and information assets and highlight the importance of integrity as a central security concern.
The third section of the Obérisk, the “Framing and Security Baseline” datasheet, outlines the existing regulatory safety controls and comprises two parts: a catalogue of relevant regulations, policies, and standards on the left, and a list of acronyms and initialisms on the right. Updating the list with pertinent items from the domain (Table 2) is crucial before brainstorming, because, according to the Pareto principle, compliance solves 80% of vulnerabilities, threats, and risks.
The objective is to foster cooperation and mutual understanding among stakeholders by ensuring that everyone, regardless of their involvement in the study, comprehends the terminology used. This section serves as an initial document which is accessible to all stakeholders and outlines the study’s objectives, affected parties, resource classification, and references to regulations, standards, and policies.
The second Obérisk datasheet for Workshop No.1, labelled ‘Business Impact Assessment’,” evaluates breach severity based on security infringement needs. Pink sticky notes signify feared events that violate security requirements. Each security requirement aligns with the corresponding feared event labelled accordingly. Impact statements, positioned vertically, are represented by orange sticky notes and are accompanied by a Business Impact Level (BIL) axis, ranging from low to high impact. While traditional risk management methods employ specific scales and values for impact levels, Obérisk prioritises the relative and absolute positions of the impacts along the BIL axis. This approach provides a comprehensive understanding of the significance of the impact in relation to other impacts.
The third Obérisk datasheet follows the first sheet and focuses on supporting assets, represented by light blue sticky notes, and their significance in the System Architecture and Existing Security Measures. Supporting assets encompass technological resources and information systems vital for processing, storing, or transmitting data related to business assets. These include servers, networks, databases, software, peripherals, and communication systems. To streamline the documentation process, we recommend utilising BPMN diagrams to illustrate organisational assets and functional architecture diagrams for IT/OT support assets. These visual aids facilitate asset identification and classification.
Additionally, we highlight the importance of documenting the structure and security measures in place. This step is crucial for planning or designing a cybersecurity-focused LAS, such as a digital LAS or a “cybersecurity by design” overhaul. It enables a comprehensive overview of the security of the system and is instrumental in evaluating the risk likelihood and assessing the effectiveness of security measures.

4.3. Main Findings and Results

As shown in Appendix B, creating a BPMN diagram allows for the easy identification of weak points in the workflow of a land transaction, aiding in reconnaissance and initial access. Additionally, the diagram can assist in identifying supporting assets during a workshop. By enriching the BPMN with openC2, it becomes executable and can be shared across Security Orchestration, Automation, and Response (SOAR) platforms, providing further advantages.
Elicitation by Obérisk enables the fast retrieval of inputs aligned with the EBIOS RM framework from key players in the land transaction workflow. This enjoyable method has the benefits of being cost-effective and simple to establish while increasing participants’ understanding of cybersecurity concerns.

5. Discussion

This preliminary research studies major vulnerabilities in the parcel subdivision process that could compromise the integrity of spatial cadastral data. These results show the urgent need for land administrations to develop proactive cyber risk management capabilities to maintain the quality of spatial cadastral data in the face of growing threats. The proposed methodological approach to cyber risk management differs from existing work in that it integrates three complementary dimensions in an innovative way (international standards, time-tested risk analysis techniques, and collective intelligence) to support the cyber resilience of land management organisations. Unlike studies that directly explore technological applications, such as blockchain [87], our methodology focuses first on the precise elucidation of risks through the data chain of custody. Many cyber risk management analyses are not optimal because the scope of the study is poorly defined from the outset. The contribution of our work is that it provides:
  • A clear vision of the business processes studied for workshop participants.
  • A link to compliance in the absence of any mapping of the existing information system within the LAS undergoing digital transition.
  • A reusable workflow repository for LAS wishing to deploy Security Orchestration, Automation, and Response capabilities.
The use of BPMN 2.0 to model land business processes, as well as EBIOS RM’s collaborative approach and Obérisk’s participative elicitation for risk analysis, are key strengths. This methodology paves the way for the development of a fit-for-purpose cyber risk analysis for land administrations, whose unique complexity requires a dedicated approach. To consolidate our approach, several areas for improvement (Table 3) are identified: reinforcing training in BPMN 2.0, setting up a dedicated BPMN manager to improve access to internal information via knowledge management, refining elicitation techniques, enriching BPMN diagrams with standards, such as openC2, and integrating BPMN into a PDCA approach aligned with ISO 27001 [86].
Methodological challenges remain, such as limited access to certain decision makers and internal documents (Table 4). The automation of data collection during participatory workshops can be explored. Despite these limitations, this study aimed to strengthen the cyber-resilience of land administrations in the face of growing threats.
The international validation of the methodology and the deepening of the cyber-security culture within land organisations are promising avenues. This research lays the methodological foundation for improving the resilience of land administration systems in the era of digital transformation.

6. Conclusions

Our approach in this cybersecurity risk management methodology for LAS is holistic. It links the three complementary dimensions (international standards, proven risk analysis techniques, and collective intelligence) for each of the methodological elements, BPMN 2.0, EBIOS Risk Manager, and Obérisk, to strengthen the cyber-resilience of LAS, and is supported by BPMN 2.0, EBIOS Risk Manager, and Obérisk; the value of which is demonstrated by the preliminary implementation of the Indonesian case study.
With this application, in the Indonesian case study, we developed a proof-of-concept to demonstrate the potential of this methodology. This revealed significant data integrity risks and gaps in the systematic validation during parcel subdivision transactions. This underscores the urgent need to develop proactive cyber risk management capacity as a strategic priority for LAS striving to maintain spatial data quality amid growing threats. This inaugural study makes three key contributions. First, it proposes a novel methodology that integrates three dimensions (international standards, proven risk analysis techniques, and collective intelligence) to support cyber resilience in LAS organisations. Second, it provides empirical evidence of subdivision process vulnerabilities that can compromise cadastral data integrity. Finally, it highlights the necessity of customised cybersecurity strategies for the LAS business process, which are distinct from other domains. Nonetheless, it should be highlighted that the limits of this method are the willingness of managers to execute it and consider the practical opinions of all participants, which may be in conflict with the perspectives enforced and communicated by the LAS.
Further research will focus on refining, validating, and expanding the methodology through diverse international implementations. Overall, this study lays the foundation for enhancing the cyber-resilience of LAS through a comprehensive and versatile cyber-risk methodology tailored to the specific technological and institutional dynamics of this vital yet overlooked domain.
In conclusion, this research has achieved its primary objective: the validation of the preliminary phase, the “perimeter of study”, of an innovative methodology dedicated to cyber risk management within the LAS. This inaugural phase, modelling business processes in BPMN 2.0, and the definition of the perimeter of study via the “Scope of study & security baseline” workshop in the EBIOS RM method, with the elicitative and collaborative Obérisk face-to-face approach, revealed major vulnerabilities in the fragmented subdivision flow chosen. These include the concentration of analogue tasks and the inadequacy of systematic distributed checks, exposing substantial risks to compromising the integrity of spatial land data. Simultaneously, the analysis of security compliance revealed significant gaps between the best practices defined and their operational applications within the examined LAS.
This study highlights the urgent need for a proactive approach to cyber risk management to strengthen cyber resilience within LAS. This paves the way for the development of a global methodology for analysing cyber risks. There are promising avenues for enhancing cyber risk management elicitation processes through a socio-technical approach and fostering a culture of cybersecurity within an organisation supported by a security operational centre (SOC) [79]. Avenues for expansion to international collaboration are essential to develop a common Cyber Threat Intelligence for cadastral data, with medium-term development of tactics, techniques, and procedures (TTP) [88] based on MITRE ATT&CK [89,90] and their sharing between LAS, and with the long-term goal of building dedicated regional and international Computer Security Incident Response Team (CSIRT) Land Administration, as advocated by UNECE [91,92], integrated in multi-stakeholder structure diplomacy for cybersecurity [93].
In short, this study aimed to enhance the cyber resilience of LAS in the face of growing cyber threats.

Author Contributions

Conceptualisation, P.-F.B.; methodology, P.-F.B.; software, All4Tec; validation, C.C., T.A. and P.B.S.; writing—original draft preparation, P.-F.B.; writing—review and editing, C.C. and T.A.; supervision, C.C., T.A. and P.B.S. All authors have read and agreed to the published version of the manuscript.

Funding

This research supported by UGM Scholarship for research and publication.

Data Availability Statement

The data presented in this study are available on request from the corresponding author. The data are not publicly available due to confidentiality statement with PUSDATIN ATR/BPN.

Acknowledgments

We would like to thank the UGM engineering scholarship and BPN/Pusdatin. Thank you to All4Tec for providing a licence for their Agile Risk Manager software.v1.0, https://www.all4tec.com/en/iso-27005-software/ accessed on 10 December 2023.

Conflicts of Interest

The authors declare no conflicts of interest.

Appendix A

Figure A1. Methodology for researching the perimeter of study.
Figure A1. Methodology for researching the perimeter of study.
Land 13 00019 g0a1

Appendix B

Figure A2. Workflow for the maintenance of spatial cadastral data of subdivision parcel freehold titles.
Figure A2. Workflow for the maintenance of spatial cadastral data of subdivision parcel freehold titles.
Land 13 00019 g0a2

References

  1. UN-GGIM. Framework for Effective Land Administration—A Reference for Developing, Reforming, Renewing, Strengthening, Modernizing, and Monitoring Land Administration; United Nations Committee of Experts on Global Geospatial Information Management (UN-GGIM): New York, NY, USA, 2020. [Google Scholar]
  2. Hilhorst, T.; Zevenbergen, J.; Deininger, K. Land Governance and Tenure Security at Scale: Lessons from the Field. Land Use Policy 2021, 110, 105451. [Google Scholar] [CrossRef]
  3. Grant, D.; Enemark, S.; Zevenbergen, J.; Mitchell, D.; McCamley, G. The Cadastral Triangular Model. Land Use Policy 2020, 97, 104758. [Google Scholar] [CrossRef]
  4. Enemark, S.; McLaren, R.; Lemmen, C. Gestion Foncière Adaptée Au Contexte-Lignes Directrices Pour La Mise En Œuvre Dans Les Pays: Fit-For-Purpose Land Administration-Guiding Principles for Country Implementation. 2022. Available online: https://vbn.aau.dk/en/publications/gestion-fonci%C3%A8re-adapt%C3%A9e-au-contexte-lignes-directrices-pour-la-m (accessed on 10 December 2023).
  5. Olfat, H.; Shojaei, D.; Briffa, M.; Maley, S.; Rajabifard, A. Strategic Actions for Increasing the Submission of Digital Cadastral Data by the Surveying Industry Based on Lessons Learned from Victoria, Australia. ISPRS Int. J. Geoinf. 2018, 7, 47. [Google Scholar] [CrossRef]
  6. Guler, D.; van Oosterom, P.; Yomralioglu, T. How to Exploit BIM/IFC for 3D Registration of Ownership Rights in Multi-Storey Buildings: An Evidence from Turkey. Geocarto Int. 2022, 37, 18418–18447. [Google Scholar] [CrossRef]
  7. Kalogianni, E.; van Oosterom, P.; Dimopoulou, E.; Lemmen, C. 3D Land Administration: A Review and a Future Vision in the Context of the Spatial Development Lifecycle. ISPRS Int. J. Geoinf. 2020, 9, 107. [Google Scholar] [CrossRef]
  8. Ying, S.; Xu, Y.; Li, C.; Guo, R.; Li, L. Easement Spatialization with Two Cases Based on LADM and BIM. Land Use Policy 2021, 109, 105641. [Google Scholar] [CrossRef]
  9. Jafary, P.; Shojaei, D.; Rajabifard, A.; Ngo, T. BIM and Real Estate Valuation: Challenges, Potentials and Lessons for Future Directions. Eng. Constr. Archit. Manag. 2022. [Google Scholar] [CrossRef]
  10. Ramlakhan, R.; Kalogianni, E.; van Oosterom, P.; Atazadeh, B. Modelling the Legal Spaces of 3D Underground Objects in 3D Land Administration Systems. Land Use Policy 2023, 127, 106537. [Google Scholar] [CrossRef]
  11. Williamson, I.; Feeney, M.-E. Land Administration and Spatial Data Infrastructures–Trends and Developments. In Proceedings of the FIG XXII International Congress, Washington, DC, USA, 19–26 April 2002; pp. 19–26. [Google Scholar]
  12. Bennett, R.M.; Donovan, J.; Masli, E.; Riekkinen, K. Land Administration As-A-Service: Relevance, Applications, and Models. Land 2023, 12, 241. [Google Scholar] [CrossRef]
  13. Delville, P.L. Qu’est-ce que la Sécurité Fonciere et Comment la Renforcer: Des Fiches Pédagogiques pour Comprendre, se Poser de Bonnes Questions et Agir sur le Foncier en Afrique de l’Ouest; Comité Technique Foncier & Développement: Montpellier, France, 2017. [Google Scholar]
  14. Bennett, R.; Asiama, K.; Zevenbergen, J.; Juliens, S. The Intelligent Cadastre. In Proceedings of the FIG Commission 7/3 Workshop on Crowdsourcing of Land Information, St Juliens, Malta, 16–20 November 2015. [Google Scholar]
  15. Radosevic, N.; Duckham, M.; Saiedur Rahaman, M.; Ho, S.; Williams, K.; Hashem, T.; Tao, Y. Spatial Data Trusts: An Emerging Governance Framework for Sharing Spatial Data. Int. J. Digit. Earth 2023, 16, 1607–1639. [Google Scholar] [CrossRef]
  16. Duckham, M.; Sun (Chayn), Q.; Worboys, M.F. GIS; CRC Press: Boca Raton, FL, USA, 2023; ISBN 9780429168093. [Google Scholar]
  17. Saeidian, B.; Rajabifard, A.; Atazadeh, B.; Kalantari, M. Data Lifecycle of Underground Land Administration: A Systematic Literature Review. Surv. Rev. 2022, 55, 396–415. [Google Scholar] [CrossRef]
  18. Olfat, H.; Atazadeh, B.; Badiee, F.; Chen, Y.; Shojaei, D.; Rajabifard, A. A Proposal for Streamlining 3D Digital Cadastral Data Lifecycle. Land 2021, 10, 642. [Google Scholar] [CrossRef]
  19. Kalogianni, E.; Janečka, K.; Kalantari, M.; Dimopoulou, E.; Bydłosz, J.; Radulović, A.; Vučić, N.; Sladić, D.; Govedarica, M.; Lemmen, C.; et al. Methodology for the Development of LADM Country Profiles. Land Use Policy 2021, 105, 105380. [Google Scholar] [CrossRef]
  20. Selvaratnam, T.; Haselbach, L.; Eren-Tokgoz, B.; Gummelt, G.; Boudreaux, K.; Williams, B.D.; Pyne, M.I.; Linkov, I. Establishing a Regional Interdisciplinary Resilience Center: A Bottom-up Approach. Environ. Syst. Decis. 2023, 43, 191–199. [Google Scholar] [CrossRef] [PubMed]
  21. Galinec, D. Cyber Security and Cyber Defense: Challenges and Building of Cyber Resilience Conceptual Model. Int. J. Appl. Sci. Dev. 2023, 1, 83–88. [Google Scholar] [CrossRef]
  22. Linkov, I.; Kott, A. Fundamental Concepts of Cyber Resilience: Introduction and Overview. In Cyber Resilience of Systems and Networks; Springer: Cham, Switzerland, 2018; pp. 1–25. [Google Scholar]
  23. Geiger, M.; Harrer, S.; Lenhard, J.; Wirtz, G. BPMN 2.0: The State of Support and Implementation. Future Gener. Comput. Syst. 2018, 80, 250–262. [Google Scholar] [CrossRef]
  24. Esselin, F. Ebios Risk Manager: Une Méthode Accessible Pour Sécuriser La Transformation Numérique. Les Notes CREOGN 2021, 62. [Google Scholar]
  25. Ding, L.; Xiao, G.; Pano, A.; Fumagalli, M.; Chen, D.; Feng, Y.; Calvanese, D.; Fan, H.; Meng, L. Integrating 3D City Data through Knowledge Graphs. arXiv 2023, arXiv:2310.11555. [Google Scholar] [CrossRef]
  26. Zareen, S.; Akram, A.; Ahmad Khan, S. Security Requirements Engineering Framework with BPMN 2.0.2 Extension Model for Development of Information Systems. Appl. Sci. 2020, 10, 4981. [Google Scholar] [CrossRef]
  27. Vranić, S.; Matijević, H.; Roić, M. Application of Workflow Management System to the Modelling of Processes in Land Administration Systems. In Proceedings of the 7th International FIG Workshop on the Land Administration Domain Model 2018, Zagreb, Croatia, 12–13 April 2018. [Google Scholar] [CrossRef]
  28. Vranić, S.; Matijević, H.; Roić, M.; Vučić, N. Extending LADM to Support Workflows and Process Models. Land Use Policy 2021, 104, 105358. [Google Scholar] [CrossRef]
  29. Lamiri, A.; Gueraoui, K.; Zeggwagh, G. Risk Analysis of Bitcoin Security Using Ebios Method. Int. Rev. Civ. Eng. (IRECE) 2018, 9, 63. [Google Scholar] [CrossRef]
  30. Shokry, M.; Awad, A.I.; Abd-Ellah, M.K.; Khalaf, A.A.M. Evaluating Potential Security Risks of Advanced Metering Infrastructure Using EBIOS Risk Assessment Method. In Proceedings of the 2023 International Telecommunications Conference (ITC-Egypt), Alexandria, Egypt, 18 July 2023; IEEE: New York, NY, USA, 2023; pp. 145–150. [Google Scholar]
  31. ENISA; Papadatos, K.; Rantos, K.; Makrygeorgou, A.; Koulouris, K.; Klontza, S.; Lambrinoudakis, C.; Gritzalis, S.; Xenakis, C.; Katsikas, S.; et al. Interoperable EU Risk Management Toolbox; ENISA (European Union Agency for Cybersecurity): Athens, Greece, 2023.
  32. ENISA. INTEROPERABLE EU RISK Methodology for and Assessment of Interoperability; ENISA: Athens, Greece, 2022; ISBN 9789292045531.
  33. ENISA; Lambrinoudakis, C.; Gritzalis, S.; Xenakis, C.; Katsikas, S.; Karyda, M.; Tsochou, A.; Papadatos, K.; Rantos, K.; Pavlosoglou, Y.; et al. Interoperable EU Risk Management Framework: Methodology for and Assessment of Interoperability among Risk Management Frameworks and Methodologies; European Union Agency for Cybersecurity: Athens, Greece, 2022.
  34. Bennett, R.M.; Unger, E.-M.; Lemmen, C.; Dijkstra, P. Land Administration Maintenance: A Review of the Persistent Problem and Emerging Fit-for-Purpose Solutions. Land 2021, 10, 509. [Google Scholar] [CrossRef]
  35. Olfat, H.; Atazadeh, B.; Shojaei, D.; Rajabifard, A. The Feasibility of a BIM-Driven Approach to Support Building Subdivision Workflows—Case Study of Victoria, Australia. ISPRS Int. J. Geo-Inf. 2019, 8, 499. [Google Scholar] [CrossRef]
  36. Shojaei, D.; Olfat, H.; Rajabifard, A.; Darvill, A.; Briffa, M. Assessment of the Australian Digital Cadastre Protocol (EPlan) in Terms of Supporting 3D Building Subdivisions. Land Use Policy 2016, 56, 112–124. [Google Scholar] [CrossRef]
  37. Hacks, S.; Lagerstrom, R.; Ritter, D. Towards Automated Attack Simulations of BPMN-Based Processes. In Proceedings of the 2021 IEEE 25th International Enterprise Distributed Object Computing Conference, EDOC 2021, Gold Coast, Australia, 25–29 October 2021; pp. 182–191. [Google Scholar] [CrossRef]
  38. Asim, M.; Yautsiukhin, A.; Brucker, A.D.; Baker, T.; Shi, Q.; Lempereur, B. Security Policy Monitoring of BPMN-Based Service Compositions. J. Softw. Evol. Process 2018, 30, e1944. [Google Scholar] [CrossRef]
  39. IACD. Enriched BPMN Workflows; IACD: Laurel, MD, USA, 2021. [Google Scholar]
  40. FIAN. International Disruption or Déjà Vu? Digitalization, Land and Human Rights Mapping of Digitalization and Blockchain Projects in the Land Sector; FIAN: Heidelberg, Germany, 2020. [Google Scholar]
  41. Bennett, R.M.; Pickering, M.; Sargent, J. Transformations, Transitions, or Tall Tales? A Global Review of the Uptake and Impact of NoSQL, Blockchain, and Big Data Analytics on the Land Administration Sector. Land Use Policy 2019, 83, 435–448. [Google Scholar] [CrossRef]
  42. Potts, K.E.; Rajabifard, A.; Bennett, R.M. Supporting the Risk Management Process with Land Information: A Case Study of Australia. Disasters 2017, 41, 352–364. [Google Scholar] [CrossRef]
  43. OECD. Working Digitalisation Challenges and Opportunities for Subnational Governments|OECD Working Papers on Fiscal Federalism|OECD ILibrary; OECD: Paris, France, 2020. [Google Scholar]
  44. Riekkinen, K.; Toivonen, S.; Krigsholm, P.; Hiironen, J.; Kolis, K. Future Themes in the Operational Environment of the Finnish Cadastral System. Land Use Policy 2016, 57, 702–708. [Google Scholar] [CrossRef]
  45. Latruffe, L.; Minviel, J.-J.; Salanié, J. The Role of Environmental and Land Transaction Regulations on Agricultural Land Price: The Example of Brittany. Ph.D. Thesis, Institut National de la recherche Agronomique (INRA), Paris, France, 2013; 19p. [Google Scholar]
  46. Colin, J.-P. Securing Rural Land Transactions in Africa. An Ivorian Perspective. Land Use Policy 2013, 31, 430–440. [Google Scholar] [CrossRef]
  47. Chen, X.; Biljecki, F. Mining Real Estate Ads and Property Transactions for Building and Amenity Data Acquisition. Urban Inform. 2022, 1, 12. [Google Scholar] [CrossRef]
  48. Wu, A.N.; Biljecki, F. GANmapper: Geographical Data Translation. Int. J. Geogr. Inf. Sci. 2022, 36, 1394–1422. [Google Scholar] [CrossRef]
  49. Shavrov, S.; Batura, O.; Slabodich, K.; Kobasa, M. Legislation to Support the Digital Transformation of Land Governance and Land Administration. In Proceedings of the FIG Working Week 2019, Hanoi, Vietnam, 22–26 April 2019. [Google Scholar]
  50. Camillo, M. Cybersecurity: Risks and Management of Risks for Global Banks and Financial Institutions. J. Risk Manag. Financ. Inst. 2017, 10, 196–200. [Google Scholar]
  51. Cawthra, J.L.; Wang, S.S.; Hodges, B.J.; Zheng, K.; Williams, R.T.; Kuruvilla, J.J.; Peloquin, C.L.; Littlefield, K.; Neimeyer, B. Securing Picture Archiving and Communication System (PACS) Cybersecurity for the Healthcare Sector; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2020. [CrossRef]
  52. Ottens, M.; Stubkjær, E. A Socio-Technical Analysis of Cadastral Systems. In Real Property Transactions. Procedures, Transaction Costs and Models; IOP Press: Amsterdam, The Netherlands, 2008; pp. 143–166. ISBN 9781586035815. [Google Scholar]
  53. Krigsholm, P.; Riekkinen, K.; Ståhle, P. Pathways for a Future Cadastral System: A Socio-Technical Approach. Land Use Policy 2020, 94, 104504. [Google Scholar] [CrossRef]
  54. Wang, S.; Wang, H. A Sociotechnical Systems Analysis of Knowledge Management for Cybersecurity. Int. J. Sociotechnol. Knowl. Dev. 2021, 13, 77–94. [Google Scholar] [CrossRef]
  55. Chhetri, I.T. Cybersecurity and Governance, Risk and Compliance (GRC). Aust. J. Wirel. Technol. Mobil. Secur. 2022, 1, 36. [Google Scholar]
  56. Goh, C.; Kusnadi, Y.; Pan, G.; Seow, P.-S. Governance, Risk and Compliance (GRC) in Digital Transformation: Investor Views. SSRN Electron. J. 2022, 21, 200–223. [Google Scholar] [CrossRef]
  57. Kiesow Cortez, E.; Dekker, M. A Corporate Governance Approach to Cybersecurity Risk Disclosure. Eur. J. Risk Regul. 2022, 13, 443–463. [Google Scholar] [CrossRef]
  58. Yomralioglu, T.; Cete, M. Cadastre or Land Administration: A Case Study of Turkey. In Proceedings of the World Cadastre Summit, Istanbul, Turkey, 20–24 April 2015. [Google Scholar]
  59. Uddin, M.H.; Ali, M.H.; Hassan, M.K. Cybersecurity Hazards and Financial System Vulnerability: A Synthesis of Literature. Risk Manag. 2020, 22, 239–309. [Google Scholar] [CrossRef]
  60. Lemieux, V.L. Evaluating the Use of Blockchain in Land Transactions: An Archival Science Perspective. Eur. Prop. Law J. 2017, 6, 392–440. [Google Scholar] [CrossRef]
  61. Njoroge, T.G. Use of Blockchain to Digitize Land Records and Track Land Transfer Transactions in Kenya. Ph.D. Thesis, University of Nairobi, Nairobi, Kenya, 2019. [Google Scholar]
  62. Ansah, B.O.; Voss, W.; Asiama, K.O.; Wuni, I.Y. A Systematic Review of the Institutional Success Factors for Blockchain-Based Land Administration. Land Use Policy 2023, 125, 106473. [Google Scholar] [CrossRef]
  63. Shuaib, M.; Alam, S.; Daud, S.M. Improving the Authenticity of Real Estate Land Transaction Data Using Blockchain-Based Security Scheme. In Communications in Computer and Information Science; Springer: Singapore, 2021; Volume 1347, pp. 3–10. [Google Scholar]
  64. Saeidian, B.; Rajabifard, A.; Atazadeh, B.; Kalantari, M. Managing Underground Legal Boundaries in 3D—Extending the CityGML Standard. Undergr. Space 2023, 14, 239–262. [Google Scholar] [CrossRef]
  65. Mango, J.; Li, X.; Mango, J.; Claramunt, C.; Ngondo, J.; Zhang, D.; Xu, D.; Colak, E.H.; Li, X. Multipurpose Temporal GIS Model for Cadastral Data Management. Int. J. Geogr. Inf. Sci. 2021, 36, 1205–1230. [Google Scholar] [CrossRef]
  66. Shojaei, D.; Badiee, F.; Olfat, H.; Rajabifard, A.; Atazadeh, B. Requirements of a Data Storage Infrastructure for Effective Land Administration Systems: Case Study of Victoria, Australia. J. Spat. Sci. 2022, 68, 431–449. [Google Scholar] [CrossRef]
  67. Atazadeh, B.; Olfat, H.; Rajabifard, A.; Saeidian, B. Evaluation of the International 3D Geospatial Data Models and IFC Standard for Implementing an LADM-Based 3D Digital Cadastre. In Proceedings of the 10th International FIG workshop on the Land Administration Domain Model 2022, Dubrovnik, Croatia, 31 March–2 April 2022. [Google Scholar] [CrossRef]
  68. République et Canton de Genève. Etude de La Norme LADM, Potentiel Modèle Pour Le Cadastre Suisse et Français? Le Territoire Genevois à La Carte: Ferney-Voltaire, France; Grand Saconnex, Switzerland, 2020. [Google Scholar]
  69. Yliselä, P. Finland to Have the Most Innovative and the Safest Geospatial Ecosystem in the World; ICC 2019 SPECIAL ISSUE; International Cartographic Association: Bern, Switzerland, 2019. [Google Scholar]
  70. Krigsholm, P.; Zavialova, S.; Riekkinen, K.; Ståhle, P.; Viitanen, K. Understanding the Future of the Finnish Cadastral System—A Delphi Study. Land Use Policy 2017, 68, 133–140. [Google Scholar] [CrossRef]
  71. De Vries, W.T. Trends in The Adoption of New Geospatial Technologies for Spatial Planning and Land Management in 2021. Geoplan. J. Geomat. Plan. 2022, 8, 85–98. [Google Scholar] [CrossRef]
  72. Nyandwi, E.; Koeva, M.; Kohli, D.; Bennett, R. Comparing Human Versus Machine-Driven Cadastral Boundary Feature Extraction. Remote Sens. 2019, 11, 1662. [Google Scholar] [CrossRef]
  73. Chaturvedi, K.; Matheus, A.; Nguyen, S.H.; Kolbe, T.H. Securing Spatial Data Infrastructures for Distributed Smart City Applications and Services. Future Gener. Comput. Syst. 2019, 101, 723–736. [Google Scholar] [CrossRef]
  74. Coetzee, S.; Gould, M.; McCormack, B. Towards a Sustainable Geospatial Ecosystem beyond SDIs 1; EUROGI: Druento, Italy; UN-GGIM: New York, NY, USA, 2021; pp. 1–33. [Google Scholar]
  75. ISO/IEC Standard No. 19510:2013; Information Technology—Object Management Group Business Process Model and Notation. ISO: Geneva, Switzerland, 2013.
  76. ISO Standard No. 31000:2018; Risk Management—Guidelines. ISO: Geneva, Switzerland, 2018.
  77. ISO/IEC Standard No. 27005:2022; Information Technology—Security Techniques—Information Security Risk Management. ISO/IEC: Geneva, Switzerland, 2022.
  78. Katsigarakis, K.; Lilis, G.; Rovas, D.; González-Gerpe, S.; Bernardos, S.; Cimmino, A.; Poveda-Villalón, M.; García-Castro, R. A Digital Twin Platform Generating Knowledge Graphs for Construction Projects. In Proceedings of the Third International Workshop On Semantic Digital Twins (SeDiT 2022), Co-Located with the 19th European Semantic Web Conference (ESWC 2022), Hersonissos, Greece, 29 May 2022. [Google Scholar]
  79. Firmansyah, M.; Yuswanto, A. Knowledge Management for Information Security Incident Handling at Security Operation Center of Jakarta Provincial Government. Monas J. Inov. Apar. 2022, 4, 441–452. [Google Scholar] [CrossRef]
  80. Paul, S.; Naouar, D.; Gureghian, E. Obérisk: Cybersecurity Requirements Elicitation through Agile Remote or Face-to-Face Risk Management Brainstorming Sessions. Information 2021, 12, 349. [Google Scholar] [CrossRef]
  81. Naouar, D.; El Hachem, J.; Voirin, J.-L.; Foisil, J.; Kermarrec, Y. Towards the Integration of Cybersecurity Risk Assessment into Model-Based Requirements Engineering. In Proceedings of the 2021 IEEE 29th International Requirements Engineering Conference (RE), Notre Dame, IN, USA, 18 September 2021; IEEE: New York, NY, USA, 2021; pp. 334–344. [Google Scholar]
  82. Choubey, S.; Bhargava, A. Significance of ISO/IEC 27001 in the Implementation of Governance, Risk and Compliance. Int. J. Sci. Res. Netw. Secur. Commun. 2018, 6, 30–33. [Google Scholar]
  83. Paul, S. OBÉRISK: A Tooled-Up Obeya-like Approach to Risk Management; Club EBIOS: Paris, France, 2020. [Google Scholar]
  84. Mendling, J.; Reijers, H.A.; Recker, J. Activity Labeling in Process Modeling: Empirical Insights and Recommendations. Inf. Syst. 2010, 35, 467–482. [Google Scholar] [CrossRef]
  85. Dumas, M.; La Rosa, M.; Mendling, J.; Reijers, H.A. Fundamentals of Business Process Management; Springer: Berlin Heidelberg, Germany, 2018; ISBN 978-3-662-56508-7. [Google Scholar]
  86. ISO/IEC Standard No. 27001:2022; Information Security, Cybersecurity and Privacy Protection—Information Security Management Systems—Requirements. ISO/IEC: Geneva, Switzerland, 2022.
  87. Windayana, S.; Syamsul Ma’arif, M.; Arkeman, Y.; Hermadi, I. Design of blockchain system for land services at the ministry of agrarian and spatial planning national land agency. Seybold Rep. 2023, 18, 2451–2466. [Google Scholar] [CrossRef]
  88. Sadlek, L.; Celeda, P.; Tovarnak, D. Identification of Attack Paths Using Kill Chain and Attack Graphs. In Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022: Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022, Budapest, Hungary, 25–29 April 2022. [Google Scholar] [CrossRef]
  89. Xiong, W.; Legrand, E.; Åberg, O.; Lagerström, R. Cyber Security Threat Modeling Based on the MITRE Enterprise ATT&CK Matrix. Softw. Syst. Model. 2022, 21, 157–177. [Google Scholar] [CrossRef]
  90. Belfadel, A.; Boyer, M.; Letailleur, J.; Petiot, Y.; Yaich, R. Towards a Security Impact Analysis Framework: A Risk-Based and MITRE Attack Approach. In Computer Security—ESORICS 2022 International Workshops (ESORICS 2022); Lecture Notes in Computer Science; Springer: Cham, Switzerland, 2023; Volume 13785, pp. 212–227. [Google Scholar] [CrossRef]
  91. FAO; UNECE; FIG. Digital Transformation and Land Administration; FAO: Rome, Italy; UNECE (United Nations Economic Commission for Europe): Geneva, Switzerland, 2022; ISBN 978-92-5-136837-4. [Google Scholar]
  92. United Nations Economic Commission for Europe. Scenario Study on Future Land Administration in the UNECE Region; United Nations: New York, NY, USA, 2022; ISBN 9789210011204.
  93. Trachtman, J. Developing Multistakeholder Structures for Cybersecurity Norms: Learning from Experience. In Building an International Cybersecurity Regime; Edward Elgar Publishing: Cheltenham, UK, 2023; pp. 85–110. [Google Scholar]
Figure 1. Dimensions of cyber-resilience in LAS.
Figure 1. Dimensions of cyber-resilience in LAS.
Land 13 00019 g001
Figure 2. Cyber Risk Management Methodology for LAS.
Figure 2. Cyber Risk Management Methodology for LAS.
Land 13 00019 g002
Figure 3. Methodology of the data research phase “perimeter of study”.
Figure 3. Methodology of the data research phase “perimeter of study”.
Land 13 00019 g003
Table 1. Corpus and materials.
Table 1. Corpus and materials.
SourcesExperimentationCorpusAnalysis
BPMN elicitation surveyOnline survey4 participants from PUSDATINlexicometric analysis
cybersecurity checklist surveyOnline survey4 participants from PUSDATINexploratory statistics
on-site PUSDATIN internshipInterviews
documentary analysis
corpus of 50 documents from the PUSDATINexploratory analysis
“scope of study & security baseline” workshopfocus-group6 participantsquantitative and qualitative analysis grids
audio recordingsaudio recording of the workshop2 recordings with 2 microphonesCAQDAS
Table 2. Table of the differences between policy, regulation, standard in LAS.
Table 2. Table of the differences between policy, regulation, standard in LAS.
PolicyRegulationStandard
ScopeSpecific to the LAS Applicable to all organisations processing personal dataApplicable to any organisation wishing to implement an information security management system
ElaborationEstablished by the LASEstablished by a government authority or regulatory entityPrepared by the International Organization for Standardization (ISO)
ConstraintInternal to the LAS, subject to internal adaptationsMandatory, must be legally respectedVoluntary, can be used to demonstrate compliance or adoption of good practices
SanctionsUsually LAS disciplinary measuresFines, penalties, or legal sanctionsNo formal sanction, but can be used as a benchmark or evaluation criterion
ExamplesAn LAS password management policyRegulation on the protection of personal data (e.g., GDPR)ISO 27001 Standard [86] for Information Security Management
Table 3. Synthetic interpretation of the results for the BPMN methodological brick.
Table 3. Synthetic interpretation of the results for the BPMN methodological brick.
BPMN 2.0Helpful
(to Achieving the Objective)
Harmful
(to Achieving the Objective)
internal
  • Clear and standardised visual representation of complex business processes
  • Difficulty accessing internal documentation for an external analyst
  • Model interoperability with XML
  • Depends on the quality of the information collected upstream
  • Helps involve operational teams and develop a cyber culture
  • Time-consuming, requires advanced elicitation techniques
  • Reusable in a PDCA (Plan–Do–Check–Adjust) cycle correlated with ISO 27001 [86]
  • BPMN learning curve
external
  • Free modeling tools and training available
  • Risk of errors if the level of detail is insufficient
  • Recommended by IACD for automated penetration testing
  • Complementary but not a substitute for in-depth analysis of architectures
  • Useful to clarify the scope of the study and prepare the “risk assessment” phase
  • Difficult to keep up to date without a dedicated manager
Table 4. Synthetic interpretation of the results for the workshop “Scope of study & security baseline”.
Table 4. Synthetic interpretation of the results for the workshop “Scope of study & security baseline”.
Scope of Study and Security Base Helpful
(to Achieving the Objective)
Harmful
(to Achieving the Objective)
internal
  • Participatory approach motivating stakeholders
  • Insufficient quality audio recordings
  • Visual and playful capture of knowledge with Obérisk
  • Number of participants and decision-makers limited
  • Clearly defines the organisational and spatio-temporal perimeters of the study
  • Limited access to IS architectures
external
  • Free supports available on the EBIOS RM and Obérisk method
  • Risk of superficiality if time is insufficient
  • Allows to involve decision-makers in the process
  • Requires rigorous preparation and framing
  • Values collective intelligence to prepare risk analysis
  • Depends on the quality of upstream IS information
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Blin, P.-F.; Aditya, T.; Santosa, P.B.; Claramunt, C. A Methodological Approach towards Cyber Risk Management in Land Administrations Systems. Land 2024, 13, 19. https://doi.org/10.3390/land13010019

AMA Style

Blin P-F, Aditya T, Santosa PB, Claramunt C. A Methodological Approach towards Cyber Risk Management in Land Administrations Systems. Land. 2024; 13(1):19. https://doi.org/10.3390/land13010019

Chicago/Turabian Style

Blin, Pierre-François, Trias Aditya, Purnama Budi Santosa, and Christophe Claramunt. 2024. "A Methodological Approach towards Cyber Risk Management in Land Administrations Systems" Land 13, no. 1: 19. https://doi.org/10.3390/land13010019

APA Style

Blin, P. -F., Aditya, T., Santosa, P. B., & Claramunt, C. (2024). A Methodological Approach towards Cyber Risk Management in Land Administrations Systems. Land, 13(1), 19. https://doi.org/10.3390/land13010019

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop