Dr Yulia Cherdantseva
Senior Lecturer
Yr Ysgol Cyfrifiadureg a Gwybodeg
- Ar gael fel goruchwyliwr ôl-raddedig
Trosolwyg
OVERVIEW
I am a young enthusiastic researcher specialising in Cyber Security and Secure Business Process Design, and with experience in commercial software development. My research interests include (1) Cyber Security in Corporate Information Systems and in Industrial Control Systems (ICS) and SCADA systems, (2) Information Assurance and Security, (3) Design/Modelling of Safe and Secure Systems, (4) Domain-Specific Extensions of Business Process Modelling Languages, (5) Security, Risk and Safety Modelling in Business Processes, (6) Risk Management and Risk Assessment, (7) and Cyber Security Knowledge Representation and Visualisation. My education and research skills are reinforced by my diverse work experience.
In my PhD research project, I developed a Reference Model of Information Assurance & Security (RMIAS), which captures the inter-dependencies between information, people, processes, legal factors, risks and control actions. The RMIAS is used by the research community independently of myself for framing information security in the research on secure business process modelling and SCADA systems, it is also used in training matrials on information security.
Based on the RMIAS, I developed a security modelling extension for BPMN 2.0 titled Secure*BPMN. The extension enables the depiction in business process models of such information as security goals and their criticality (risks), control actions/countermeasures, information characteristics and access permissions. The extension is designed to facilitate the communication about security in multi-disciplinary teams including business, technical, legal, HR and other domain experts. The extension is supported by stencils for Microsoft Visio and OmniGraffle.
Cyhoeddiad
2023
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2023. A systematic method for measuring the performance of a cyber security operations centre analyst. Computers and Security 124, article number: 102959. (10.1016/j.cose.2022.102959)
2022
- Cherdantseva, Y., Burnap, P., Nadjm-Tehrani, S. and Jones, K. 2022. A configurable dependency model of a SCADA system for goal-oriented risk assessment. Applied Sciences 12(10), article number: 4880. (10.3390/app12104880)
2020
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2020. Cyber security operations centre concepts and implementation. In: Yaokumah, W. et al. eds. Modern Theories and Practices for Cyber Ethics and Security Compliance. IGI Global, pp. 88-104., (10.4018/978-1-7998-3149-5.ch006)
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2020. Challenges and performance metrics for security operations center analysts: a systematic review. Journal of Cyber Security Technology 4(3), pp. 125-152. (10.1080/23742917.2019.1698178)
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2020. Towards a framework for measuring the performance of a security operations center analyst. Presented at: IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020), Dublin, Ireland, 15-17 June 2020.
2018
- De Ribaupierre, H., Jones, K., Loizides, F. and Cherdantseva, Y. 2018. Towards gender equality in software engineering: the NSA approach. Presented at: GE’18:IEEE/ACM 1st International Workshop on Gender Equality in Software Engineering, Gothenburg, Sweden, 28 May 2018GE’18: GE’18:IEEE/ACM 1st International Workshop on Gender Equality in Software Engineering. New York: ACM pp. 10-13., (10.1145/3195570.3195579)
2017
- Eden, P., Blyth, A., Jones, K., Soulsby, H., Burnap, P., Cherdantseva, Y. and Stoddart, K. 2017. SCADA system forensic analysis within IIoT. In: Thames, L. and Schaefer, D. eds. Cybersecurity for Industry 4.0: Analysis for Design and Manufacturing. Springer Series in Advanced Manufacturing, pp. 73-101., (10.1007/978-3-319-50660-9_4)
- Burnap, P., Cherdantseva, Y., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K. 2017. Determining and sharing risk data in distributed interdependent systems. IEEE Computer 50(4), pp. 72-79. (10.1109/MC.2017.108)
2016
- Cherdantseva, Y., Rana, O., Ivins, W. and Hilton, J. 2016. A multifaceted evaluation of the reference model of information assurance and security. Computers and Security 63, pp. 45-66. (10.1016/j.cose.2016.09.007)
- Eden, P., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K., Soulsby, H. and Stoddart, K. 2016. Forensic readiness for SCADA/ICS incident response. Presented at: 4th International Symposium for ICS & SCADA Cyber Security Research, Queen's University Belfast, Belfast, UK, 23-25 August 2016.
- Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K. 2016. A review of cyber security risk assessment methods for SCADA systems. Computers and Security 56, pp. 1-27. (10.1016/j.cose.2015.09.009)
2015
- Eden, P., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K., Hugh, S. and Kristan, S. 2015. A cyber forensic taxonomy for SCADA systems in critical infrastructure. Presented at: The 10th International Conference on Critical Information Infrastructures Security 2015 (CRITIS 2015), Berlin, Germany, 5-7 October 2015.
2014
- Cherdantseva, Y. 2014. Secure*BPMN - a graphical extension for BPMN 2.0 based on a reference model of information assurance & security. PhD Thesis, Cardiff University.
2012
- Cherdantseva, Y., Hilton, J. C. and Rana, O. F. 2012. Towards SecureBPMN - Aligning BPMN with the information assurance and security domain. Presented at: 4th International Workshop, BPMN 2012,, Vienna, Austria, 12-13 September 2012 Presented at Mendling, J. and Weidlich, M. eds.Business Process Model and Notation: 4th International Workshop, BPMN 2012, Vienna, Austria, September 12-13, 2012. Proceedings, Vol. 125. Lecture Notes in Business Information Processing Springer pp. 107-115., (10.1007/978-3-642-33155-8_9)
Articles
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2023. A systematic method for measuring the performance of a cyber security operations centre analyst. Computers and Security 124, article number: 102959. (10.1016/j.cose.2022.102959)
- Cherdantseva, Y., Burnap, P., Nadjm-Tehrani, S. and Jones, K. 2022. A configurable dependency model of a SCADA system for goal-oriented risk assessment. Applied Sciences 12(10), article number: 4880. (10.3390/app12104880)
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2020. Challenges and performance metrics for security operations center analysts: a systematic review. Journal of Cyber Security Technology 4(3), pp. 125-152. (10.1080/23742917.2019.1698178)
- Burnap, P., Cherdantseva, Y., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K. 2017. Determining and sharing risk data in distributed interdependent systems. IEEE Computer 50(4), pp. 72-79. (10.1109/MC.2017.108)
- Cherdantseva, Y., Rana, O., Ivins, W. and Hilton, J. 2016. A multifaceted evaluation of the reference model of information assurance and security. Computers and Security 63, pp. 45-66. (10.1016/j.cose.2016.09.007)
- Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K. 2016. A review of cyber security risk assessment methods for SCADA systems. Computers and Security 56, pp. 1-27. (10.1016/j.cose.2015.09.009)
Book sections
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2020. Cyber security operations centre concepts and implementation. In: Yaokumah, W. et al. eds. Modern Theories and Practices for Cyber Ethics and Security Compliance. IGI Global, pp. 88-104., (10.4018/978-1-7998-3149-5.ch006)
- Eden, P., Blyth, A., Jones, K., Soulsby, H., Burnap, P., Cherdantseva, Y. and Stoddart, K. 2017. SCADA system forensic analysis within IIoT. In: Thames, L. and Schaefer, D. eds. Cybersecurity for Industry 4.0: Analysis for Design and Manufacturing. Springer Series in Advanced Manufacturing, pp. 73-101., (10.1007/978-3-319-50660-9_4)
Conferences
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2020. Towards a framework for measuring the performance of a security operations center analyst. Presented at: IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020), Dublin, Ireland, 15-17 June 2020.
- De Ribaupierre, H., Jones, K., Loizides, F. and Cherdantseva, Y. 2018. Towards gender equality in software engineering: the NSA approach. Presented at: GE’18:IEEE/ACM 1st International Workshop on Gender Equality in Software Engineering, Gothenburg, Sweden, 28 May 2018GE’18: GE’18:IEEE/ACM 1st International Workshop on Gender Equality in Software Engineering. New York: ACM pp. 10-13., (10.1145/3195570.3195579)
- Eden, P., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K., Soulsby, H. and Stoddart, K. 2016. Forensic readiness for SCADA/ICS incident response. Presented at: 4th International Symposium for ICS & SCADA Cyber Security Research, Queen's University Belfast, Belfast, UK, 23-25 August 2016.
- Eden, P., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K., Hugh, S. and Kristan, S. 2015. A cyber forensic taxonomy for SCADA systems in critical infrastructure. Presented at: The 10th International Conference on Critical Information Infrastructures Security 2015 (CRITIS 2015), Berlin, Germany, 5-7 October 2015.
- Cherdantseva, Y., Hilton, J. C. and Rana, O. F. 2012. Towards SecureBPMN - Aligning BPMN with the information assurance and security domain. Presented at: 4th International Workshop, BPMN 2012,, Vienna, Austria, 12-13 September 2012 Presented at Mendling, J. and Weidlich, M. eds.Business Process Model and Notation: 4th International Workshop, BPMN 2012, Vienna, Austria, September 12-13, 2012. Proceedings, Vol. 125. Lecture Notes in Business Information Processing Springer pp. 107-115., (10.1007/978-3-642-33155-8_9)
Thesis
- Cherdantseva, Y. 2014. Secure*BPMN - a graphical extension for BPMN 2.0 based on a reference model of information assurance & security. PhD Thesis, Cardiff University.
Ymchwil
Research Interests
My main research interest is in the design of secure information systems. More specifically, I am interested in the modelling of secure intra- and inter-organisational business processes. I also research SCADA/ICS cyber security and risk assessment methodologies.
My other research interests are:
- Conceptual and Reference Models of Information Security and Information Assurance
- Evolution of Conceptual and Reference Models of Information Security/Assurance
- Definitions of Information Security/Assurance
- Business Process Modelling (BPMN, UML, IDEF)
- Complex Inter-Organisational Business Processes
- Incorporation of Security, Safety and Risk information into Business Process Models
- Cyber Security in SCADA and ICS systems
Addysgu
Teaching Duties
I am not teaching at the moment, but I have been enjoying teaching in 2010-2014, when I assisted with the following modules:
- CMT602 - SQL
- CMO1102 - Web Applications
- CMO240 - System Design (Group Project)
- CMO206 - Software Engineering
- CMO383 - Management Decision Making
- CMO381 - Information Assurance
Bywgraffiad
EDUCATION
- PhD in Computer Science & Informatics, Cardiff University, UK
- MSc (Hons) in Business Information Systems Design, Russia
Anrhydeddau a dyfarniadau
- PhD scholarship from the School of Computer Science & Informatics, Cardiff University, 2010 -2014