<?xml version="1.0" encoding="UTF-8"?><xml><records><record><source-app name="Biblio" version="7.x">Drupal-Biblio</source-app><ref-type>17</ref-type><contributors><authors><author><style face="normal" font="default" size="100%">Philipp Fluri</style></author><author><style face="normal" font="default" size="100%">Todor Tagarev</style></author></authors></contributors><titles><title><style face="normal" font="default" size="100%">The Concept of Resilience: Security Implications and Implementation Challenges</style></title><secondary-title><style face="normal" font="default" size="100%">Connections: The Quarterly Journal</style></secondary-title></titles><keywords><keyword><style  face="normal" font="default" size="100%">concept</style></keyword><keyword><style  face="normal" font="default" size="100%">crisis management</style></keyword><keyword><style  face="normal" font="default" size="100%">Critical Infrastructure</style></keyword><keyword><style  face="normal" font="default" size="100%">Cybersecurity</style></keyword><keyword><style  face="normal" font="default" size="100%">disaster risk</style></keyword><keyword><style  face="normal" font="default" size="100%">European Union</style></keyword><keyword><style  face="normal" font="default" size="100%">Hybrid threats</style></keyword><keyword><style  face="normal" font="default" size="100%">institutions</style></keyword><keyword><style  face="normal" font="default" size="100%">maturity</style></keyword><keyword><style  face="normal" font="default" size="100%">NATO</style></keyword><keyword><style  face="normal" font="default" size="100%">peacebuilding</style></keyword><keyword><style  face="normal" font="default" size="100%">police force</style></keyword><keyword><style  face="normal" font="default" size="100%">postconflict reconstruction</style></keyword><keyword><style  face="normal" font="default" size="100%">resilience</style></keyword><keyword><style  face="normal" font="default" size="100%">Sendai Framework</style></keyword><keyword><style  face="normal" font="default" size="100%">stabilization</style></keyword><keyword><style  face="normal" font="default" size="100%">theory</style></keyword></keywords><dates><year><style  face="normal" font="default" size="100%">2020</style></year><pub-dates><date><style  face="normal" font="default" size="100%">Summer 2020</style></date></pub-dates></dates><volume><style face="normal" font="default" size="100%">19</style></volume><pages><style face="normal" font="default" size="100%">5-12</style></pages><language><style face="normal" font="default" size="100%">eng</style></language><abstract><style face="normal" font="default" size="100%">Aiming for a more effective and efficient response to diverse and multidimensional threats, an increasing number of defense and security organizations, the United Nations, NATO, and the EU embrace the concept of resilience in their security strategies and policies. This article provides a brief overview of the concept, a sample of definitions used in policy documents, and the types of problems they seek to resolve. Then we introduce the reader to the 15 articles published in the Summer and Fall 2020 issues of Connections that present the evolution of the concept of resilience and its implementation by and within political, defense, and law enforcement organizations, as well as its anticipated contribution to cybersecurity, disaster preparedness, peacebuilding, post-conflict restoration and countering hybrid threats.</style></abstract><issue><style face="normal" font="default" size="100%">3</style></issue><section><style face="normal" font="default" size="100%">5</style></section></record><record><source-app name="Biblio" version="7.x">Drupal-Biblio</source-app><ref-type>17</ref-type><contributors><authors><author><style face="normal" font="default" size="100%">Todor Tagarev</style></author><author><style face="normal" font="default" size="100%">George Sharkov</style></author><author><style face="normal" font="default" size="100%">Andon Lazarov</style></author></authors></contributors><titles><title><style face="normal" font="default" size="100%">Cyber Protection of Critical Infrastructures, Novel Big Data and Artificial Intelligence Solutions</style></title><secondary-title><style face="normal" font="default" size="100%">Information &amp; Security: An International Journal</style></secondary-title></titles><keywords><keyword><style  face="normal" font="default" size="100%">artificial intelligence</style></keyword><keyword><style  face="normal" font="default" size="100%">big data</style></keyword><keyword><style  face="normal" font="default" size="100%">Critical Infrastructure Protection</style></keyword><keyword><style  face="normal" font="default" size="100%">Cybersecurity</style></keyword><keyword><style  face="normal" font="default" size="100%">ICT security</style></keyword><keyword><style  face="normal" font="default" size="100%">IoT</style></keyword><keyword><style  face="normal" font="default" size="100%">machine learning</style></keyword><keyword><style  face="normal" font="default" size="100%">resilience</style></keyword></keywords><dates><year><style  face="normal" font="default" size="100%">2020</style></year><pub-dates><date><style  face="normal" font="default" size="100%">2020</style></date></pub-dates></dates><volume><style face="normal" font="default" size="100%">47</style></volume><pages><style face="normal" font="default" size="100%">7-10</style></pages><language><style face="normal" font="default" size="100%">eng</style></language><abstract><style face="normal" font="default" size="100%">This editorial article introduces the reader to the Second International Scientific Conference “Digital Transformation, Cyber Security and Resilience,” DIGILIENCE 2020, and summarises the results from five of its sessions: Protecting Critical Infrastructures from Cyberattacks; Security Implications and Solutions for IoT Systems; Big Data and Artificial Intelligence for Cybersecurity; Secure Communication and Information Protection; and Advanced ICT Security Solutions.</style></abstract><issue><style face="normal" font="default" size="100%">1</style></issue><section><style face="normal" font="default" size="100%">7</style></section></record><record><source-app name="Biblio" version="7.x">Drupal-Biblio</source-app><ref-type>17</ref-type><contributors><authors><author><style face="normal" font="default" size="100%">Todor Tagarev</style></author><author><style face="normal" font="default" size="100%">Salvatore Marco Pappalardo</style></author><author><style face="normal" font="default" size="100%">Nikolai Stoianov</style></author></authors></contributors><titles><title><style face="normal" font="default" size="100%">A Logical Model for Multi-Sector Cyber Risk Management</style></title><secondary-title><style face="normal" font="default" size="100%">Information &amp; Security: An International Journal</style></secondary-title></titles><keywords><keyword><style  face="normal" font="default" size="100%">Critical Infrastructure</style></keyword><keyword><style  face="normal" font="default" size="100%">cyber risk assessment</style></keyword><keyword><style  face="normal" font="default" size="100%">Cybersecurity</style></keyword><keyword><style  face="normal" font="default" size="100%">E-MAF</style></keyword><keyword><style  face="normal" font="default" size="100%">ECHO project</style></keyword><keyword><style  face="normal" font="default" size="100%">essential services</style></keyword><keyword><style  face="normal" font="default" size="100%">interdependencies</style></keyword></keywords><dates><year><style  face="normal" font="default" size="100%">2020</style></year><pub-dates><date><style  face="normal" font="default" size="100%">2020</style></date></pub-dates></dates><volume><style face="normal" font="default" size="100%">47</style></volume><pages><style face="normal" font="default" size="100%">13-26</style></pages><abstract><style face="normal" font="default" size="100%">&lt;p&gt;The increasing reliance on digital infrastructures makes whole sectors of the economy and public services vulnerable to attacks through cyberspace. Some progress has been made in understanding vulnerabilities and ways of reducing cyber risk at the sub-sectoral level. While the sectoral level remains a significant challenge, this study goes beyond, also addressing cyber risk resulting from the cross- and multi-sectoral interdependencies in a consistent logical model. The paper presents the scope of this logical model, outlines the problem of risk assessment, structured around the triplet &amp;ldquo;Threats &amp;ndash; Vulnerabilities &amp;ndash; Impact,&amp;rdquo; and the structuring of risk mitigation around types of risk reduction measures, the objective of decision-making on risk treatment, and the modalities of application. We provide examples of the implementation of the logical model, underlying the ECHO Multi-sector Assessment Framework, and conclude by emphasising the advantages the logical model and the framework provide.&lt;/p&gt;</style></abstract><issue><style face="normal" font="default" size="100%">1</style></issue><section><style face="normal" font="default" size="100%">13</style></section></record><record><source-app name="Biblio" version="7.x">Drupal-Biblio</source-app><ref-type>10</ref-type><contributors><authors><author><style face="normal" font="default" size="100%">Todor Tagarev</style></author><author><style face="normal" font="default" size="100%">George Sharkov</style></author></authors></contributors><titles><title><style face="normal" font="default" size="100%">Computationally intensive functions in designing and operating distributed cyber secure and resilient systems</style></title><secondary-title><style face="normal" font="default" size="100%">20th International Conference on Computer Systems and Technologies, CompSysTech 2019</style></secondary-title></titles><keywords><keyword><style  face="normal" font="default" size="100%">agility</style></keyword><keyword><style  face="normal" font="default" size="100%">Cybersecurity</style></keyword><keyword><style  face="normal" font="default" size="100%">distributed systems</style></keyword><keyword><style  face="normal" font="default" size="100%">high-performance computing</style></keyword><keyword><style  face="normal" font="default" size="100%">operations</style></keyword><keyword><style  face="normal" font="default" size="100%">policy</style></keyword><keyword><style  face="normal" font="default" size="100%">resilience</style></keyword><keyword><style  face="normal" font="default" size="100%">risk management</style></keyword></keywords><dates><year><style  face="normal" font="default" size="100%">2019</style></year><pub-dates><date><style  face="normal" font="default" size="100%"> 21 June 2019</style></date></pub-dates></dates><publisher><style face="normal" font="default" size="100%">University of RuseRuse</style></publisher><pub-location><style face="normal" font="default" size="100%">Bulgaria</style></pub-location><volume><style face="normal" font="default" size="100%">ACM International Conference Proceeding Series</style></volume><pages><style face="normal" font="default" size="100%"> 8-18</style></pages><language><style face="normal" font="default" size="100%">eng</style></language><abstract><style face="normal" font="default" size="100%">&lt;p&gt;Increasing incorporation of advanced information technologies makes business and public organisations more effective and efficient, while often introducing exploitable vulnerabilities. The efficient provision of security of interconnected, and interdependent, processes and sectors against cyberattacks requires deep understanding of vulnerabilities, exposure, potential negative impact, as well as the contribution existing and emerging organisational and technological solutions will potentially have on preventing attacks, reducing vulnerabilities, protecting digital infrastructures, response and recovery, and resilience. Such understanding will allow minimisation of risks against a spectrum of plausible cyber threats and reducing negative consequences of one or a series of cyberattacks.&lt;/p&gt;&lt;p&gt;Due to the complexity of the problem, the effective implementation of a number of functions and tasks in designing and operating distributed cyber secure and resilient systems require significant computational resources. This paper outlines six high-level, computationally demanding functions. The first three relate to the formulation and implementation of cybersecurity policy: understanding risk; planning and implementing cybersecurity measures; and continuous adaptation to the changing technological, threat and policy landscape. The other three functions are operational: situational awareness, including detection of cyberattacks and hybrid malicious activities; operational decision making, e.g. selecting a course of action under attack; and cyber forensics.&lt;/p&gt;</style></abstract></record><record><source-app name="Biblio" version="7.x">Drupal-Biblio</source-app><ref-type>17</ref-type><contributors><authors><author><style face="normal" font="default" size="100%">Todor Tagarev</style></author></authors></contributors><titles><title><style face="normal" font="default" size="100%">DIGILIENCE - A Platform for Digital Transformation,  Cyber Security and Resilience</style></title><secondary-title><style face="normal" font="default" size="100%">Information &amp; Security: An International Journal</style></secondary-title></titles><keywords><keyword><style  face="normal" font="default" size="100%">artificial intelligence</style></keyword><keyword><style  face="normal" font="default" size="100%">cooperation</style></keyword><keyword><style  face="normal" font="default" size="100%">cyber resilience</style></keyword><keyword><style  face="normal" font="default" size="100%">Cybersecurity</style></keyword><keyword><style  face="normal" font="default" size="100%">DIGILIENCE</style></keyword><keyword><style  face="normal" font="default" size="100%">digital transformation</style></keyword><keyword><style  face="normal" font="default" size="100%">emerging technologies</style></keyword><keyword><style  face="normal" font="default" size="100%">human factors</style></keyword><keyword><style  face="normal" font="default" size="100%">hybrid influence</style></keyword><keyword><style  face="normal" font="default" size="100%">industry 4.0</style></keyword><keyword><style  face="normal" font="default" size="100%">information sharing</style></keyword><keyword><style  face="normal" font="default" size="100%">intuitionist fuzzy logic</style></keyword><keyword><style  face="normal" font="default" size="100%">social networks</style></keyword></keywords><dates><year><style  face="normal" font="default" size="100%">2019</style></year></dates><volume><style face="normal" font="default" size="100%">43</style></volume><pages><style face="normal" font="default" size="100%">7-10</style></pages><language><style face="normal" font="default" size="100%">eng</style></language><abstract><style face="normal" font="default" size="100%">&lt;p&gt;The ongoing digital transformation requires significant investments and innovation to provide security of cyberspace and variety of critical infrastructures and essential services that increasingly depend on the digital infrastructure, as well as to enhance the resilience of organizations, communities, industries, nations, and alliances in the face of malicious use of cyberspace.&lt;/p&gt;&lt;p&gt;This volume presents 28 of the papers, accepted for presentation at the DIGILIENCE 2019 conference, dealing with cyber information sharing and situational awareness, the benefits and challenges of emerging technologies, such as artificial intelligence, the human factor, education and training for cyber security and resilience, the need to incorporate the cybersecurity efforts into the search for effective and efficient exploitation of information technologies, policies and solutions for security and resilience of Industry 4.0 and critical infrastructures, analysing and countering hybrid influence through social networks and more traditional media. The DIGILIENCE series of conferences will promote the sharing of knowledge and experience and facilitate the spread of good practice in IT governance, cyber security and resilience.&lt;/p&gt;</style></abstract><issue><style face="normal" font="default" size="100%">1</style></issue></record><record><source-app name="Biblio" version="7.x">Drupal-Biblio</source-app><ref-type>10</ref-type><contributors><authors><author><style face="normal" font="default" size="100%">Todor Tagarev</style></author><author><style face="normal" font="default" size="100%">Dimitrina Polimirova</style></author></authors></contributors><titles><title><style face="normal" font="default" size="100%">Main considerations in elaborating organizational information security policies</style></title><secondary-title><style face="normal" font="default" size="100%">20th International Conference on Computer Systems and Technologies, CompSysTech 2019</style></secondary-title></titles><keywords><keyword><style  face="normal" font="default" size="100%">Cybersecurity</style></keyword><keyword><style  face="normal" font="default" size="100%">Information Security</style></keyword><keyword><style  face="normal" font="default" size="100%">information security management</style></keyword><keyword><style  face="normal" font="default" size="100%">policy</style></keyword></keywords><dates><year><style  face="normal" font="default" size="100%">2019</style></year><pub-dates><date><style  face="normal" font="default" size="100%">21 June 2019</style></date></pub-dates></dates><publisher><style face="normal" font="default" size="100%">University of RuseRuse</style></publisher><pub-location><style face="normal" font="default" size="100%">Bulgaria</style></pub-location><volume><style face="normal" font="default" size="100%">ACM International Conference Proceeding Series</style></volume><pages><style face="normal" font="default" size="100%">68-73</style></pages><language><style face="normal" font="default" size="100%">eng</style></language><abstract><style face="normal" font="default" size="100%">&lt;p&gt;With the increasing reliance on information technologies, cloud services and internet as communications media, businesses, public and societal organizations face growing threats from cyberspace and, respectively, demands to protect sensitive data and information they collect, use, and disseminate. This paper elaborates on the key considerations organisations with more limited resources, such as schools, universities, research institutes and public organizations need to take into account in designing and implementing a respective information security policy. We start with a description of context and definition of the scope of information security policy, in particular delineating &amp;#39;information&amp;#39; and &amp;#39;cyber&amp;#39; security, and provide an overview of the most prominent frameworks and standards. On that basis we elaborate and structure the main areas of an information security policy, the main implementation challenges, and the need to review and amend the policy in a continuous cycle and comprehensive risk management framework. Depending of the specifics of their work, any school, university, institute and municipality may use this elaboration as a starting point in devising its own information security policy.&lt;/p&gt;</style></abstract></record><record><source-app name="Biblio" version="7.x">Drupal-Biblio</source-app><ref-type>17</ref-type><contributors><authors><author><style face="normal" font="default" size="100%">Todor Tagarev</style></author><author><style face="normal" font="default" size="100%">George Sharkov</style></author><author><style face="normal" font="default" size="100%">Nikolai Stoianov</style></author></authors></contributors><titles><title><style face="normal" font="default" size="100%">Cyber Security and Resilience of Modern Societies: A Research Management Architecture</style></title><secondary-title><style face="normal" font="default" size="100%">Information &amp; Security: An International Journal</style></secondary-title></titles><keywords><keyword><style  face="normal" font="default" size="100%">bio-integrated systems</style></keyword><keyword><style  face="normal" font="default" size="100%">Comprehensive approach</style></keyword><keyword><style  face="normal" font="default" size="100%">Cybersecurity</style></keyword><keyword><style  face="normal" font="default" size="100%">drone</style></keyword><keyword><style  face="normal" font="default" size="100%">ERP</style></keyword><keyword><style  face="normal" font="default" size="100%">industrial control systems</style></keyword><keyword><style  face="normal" font="default" size="100%">R&amp;T management</style></keyword><keyword><style  face="normal" font="default" size="100%">resilience</style></keyword><keyword><style  face="normal" font="default" size="100%">systems of systems</style></keyword><keyword><style  face="normal" font="default" size="100%">UxVs</style></keyword></keywords><dates><year><style  face="normal" font="default" size="100%">2017</style></year></dates><volume><style face="normal" font="default" size="100%">38</style></volume><pages><style face="normal" font="default" size="100%">93-108</style></pages><language><style face="normal" font="default" size="100%">eng</style></language><abstract><style face="normal" font="default" size="100%">Advanced information and communications technologies (ICT) facilitate the increase of effectiveness and efficiency of defence and security organizations, governmental services, the economy, and quality of life, while at the same time providing opportunities for malicious actors to cause significant damage without exercising physical coercion. Policies for security and resilience of modern societies to threats and risks from the cyberspace account for foreseen cyber threats, their immediate impact on ICT infrastructure, consequent effects on critical services, as well as cascading effects across systems and infrastructures. This paper presents the architecture used to plan and, consequently, manage cybersecurity research in Bulgaria. It covers five application areas (information management systems; industrial control systems; unmanned and remotely piloted vehicles; bio-integrated systems; and cognitive processes and decision-making), the study of systems of systems, and support to the formulation and implementation of cybersecurity policy.</style></abstract><section><style face="normal" font="default" size="100%">93</style></section></record><record><source-app name="Biblio" version="7.x">Drupal-Biblio</source-app><ref-type>10</ref-type><contributors><authors><author><style face="normal" font="default" size="100%">Lachezar Petrov</style></author><author><style face="normal" font="default" size="100%">Nikolai Stoianov</style></author><author><style face="normal" font="default" size="100%">Todor Tagarev</style></author></authors></contributors><titles><title><style face="normal" font="default" size="100%">Critical Information Infrastructure Protection Model and Methodology, Based on National and NATO Study</style></title><secondary-title><style face="normal" font="default" size="100%">Advances in Dependability Engineering of Complex Systems, Proceedings of the Twelfth International Conference on Dependability Problems and Complex Systems DepCoS-RELCOMEX</style></secondary-title></titles><keywords><keyword><style  face="normal" font="default" size="100%">critical information infrastructure</style></keyword><keyword><style  face="normal" font="default" size="100%">cyber model</style></keyword><keyword><style  face="normal" font="default" size="100%">cyber security</style></keyword><keyword><style  face="normal" font="default" size="100%">Cybersecurity</style></keyword></keywords><dates><year><style  face="normal" font="default" size="100%">2016</style></year><pub-dates><date><style  face="normal" font="default" size="100%">July 2-6, 2016</style></date></pub-dates></dates><pub-location><style face="normal" font="default" size="100%">Brunow, Poland</style></pub-location><language><style face="normal" font="default" size="100%">eng</style></language><abstract><style face="normal" font="default" size="100%">National and international security, our financial, industrial as well as economic prosperity, healthcare system and national well-being as a whole are dependent on critical infrastructures, which could be described as highly interdependent. Many examples are available such as the national electrical grid, oil and natural gas systems, telecommunication and information networks, transportation networks, water systems, and banking and financial systems. Keeping them in reliable and secure state and study their dependencies is paramount for every government or organization. There is an urgent need of their classification. Creation and development of model and methodology which could describe their behaviors is going to make this world safer. The presented here model and based on it study and initial results are steps toward reliable and secure critical information infrastructure.</style></abstract></record><record><source-app name="Biblio" version="7.x">Drupal-Biblio</source-app><ref-type>17</ref-type><contributors><authors><author><style face="normal" font="default" size="100%">Todor Tagarev</style></author></authors></contributors><titles><title><style face="normal" font="default" size="100%">A Generic Reference Curriculum on Cybersecurity</style></title><secondary-title><style face="normal" font="default" size="100%">Information &amp; Security: An International Journal</style></secondary-title></titles><keywords><keyword><style  face="normal" font="default" size="100%">competence framework</style></keyword><keyword><style  face="normal" font="default" size="100%">Cybersecurity</style></keyword><keyword><style  face="normal" font="default" size="100%">Education</style></keyword><keyword><style  face="normal" font="default" size="100%">policy-making</style></keyword><keyword><style  face="normal" font="default" size="100%">technical expertise</style></keyword><keyword><style  face="normal" font="default" size="100%">training</style></keyword></keywords><dates><year><style  face="normal" font="default" size="100%">2016</style></year></dates><volume><style face="normal" font="default" size="100%">35</style></volume><pages><style face="normal" font="default" size="100%">181-184</style></pages><language><style face="normal" font="default" size="100%">eng</style></language><abstract><style face="normal" font="default" size="100%">A volunteer group of academics and practitioners embarked on a two-year project to develop a generic reference curriculum on cybersecurity on behalf of NATO and the Partnership for Peace Consortium. This paper provides a brief overview of the result of this work - a curriculum that is recommended as a starting point for any university or training organization considering a program in the field of cybersecurity. </style></abstract><issue><style face="normal" font="default" size="100%">2</style></issue><section><style face="normal" font="default" size="100%">181</style></section></record></records></xml>