Status : Verified
| Personal Name | Esporlas, Louise D. |
|---|---|
| Resource Title | Cybersecurity resilience: assessing the IC eCTPL API System against attacks using MITRE ATT&CK Framework and OWASP API Security Top 10 |
| Date Issued | 18 September 2023 |
| Abstract | The Insurance Commission (IC) is a key financial regulatory agency in the Philippines responsible for overseeing the insurance, pre-need, and health maintenance organization industries. The IC eCTPL API System is a critical component of its operations, as it handles sensitive financial information. This study aims to evaluate the cybersecurity resilience of the IC eCTPL API System by utilizing the MITRE ATT&CK Framework and the OWASP API Security Top 10. The research begins with a comprehensive analysis of the system's infrastructure, architecture, and functionalities. It assesses the effectiveness of the current cybersecurity measures implemented by the IC and identifies any existing vulnerabilities. The OWASP API Security Top 10 is utilized as a checklist to evaluate the system's security measures. Furthermore, the MITRE ATT&CK Framework is employed to identify various attack techniques and tactics that could be exploited. The research develops mitigation strategies to enhance the system's cyber resilience based on the analysis and assessment. These strategies address the identified vulnerabilities and strengthen the system's security measures. The study's findings are significant to the Philippine economy, the government, the Insurance Commission, and the IC eCTPL API System stakeholders. The study's significance lies in its potential to protect the Philippine economy by ensuring the integrity of the insurance industry. It contributes to the government's efforts to enhance the country's cybersecurity posture and strengthens the Insurance Commission's ability to safeguard sensitive data and information. Additionally, the research provides valuable insights for stakeholders, assuring them that their information is processed through a secure and resilient system. It is essential to acknowledge the study's limitations, such as time constraints and the dynamic nature of the cybersecurity landscape. The scope of the research is focused on the IC eCTPL AP |
| Degree Course | Master of Technology Management |
| Language | English |
| Keyword | Application programming interface, Cybersecurity, Information security, MITRE ATT&CK Framework, OWASP API Top 10, Vulnerability assessment |
| Material Type | Thesis/Dissertation |
Preliminary Pages
272.32 Kb
Category : C - Confidential information of a third-party is embedded.
Access Permission : Limited Access