Dr Yulia Cherdantseva
(she/her)
Reader in Cyber Security and Information Systems
School of Computer Science and Informatics
- Available for postgraduate supervision
Overview
Dr Yulia Cherdantseva is a Reader at the School of Computer Science & Informatics at Cardiff University. She is the Director of Cardiff University’s Academic Centre of Excellence in Cyber Security Education (ACE-CSE).
Dr Cherdantseva is a co-director of the Digital Transformation University Innovation Institute (DTUII) alongside Prof Pete Burnap (COMSC) and Prof Tim Edwards (CARBS).
Dr Cherdantseva is a member of the Executive/Editorial Board of the CyBOK project, a national project funded by the National Cyber Security Programme focused on codifying the cyber security knowledge.
Dr Cherdantseva is an active member of the Cardiff Centre for Cyber Security Research, which is recognised by NCSC and EPSRC as an Academic Centre of Excellence in Cyber Security Research. In 2015-2016, she worked as a lead researcher on the project “Supervisory Control and Data Acquisition Systems Cyber Security Lifecycle (SCADA-CSL)” funded by the Airbus Group Endeavr Wales and the Welsh Assembly Government, where she developed a novel SCADA Cyber Security, Safety and Risk (SCADA CSSR) graphical extension for BPMN 2.0 and a configurable dependency model of a SCADA system. In 2020-2021, she led an NCSC and RISCS-funded project focused on cyber-security decision-making for SMEs which resulted in the development of the Best Practice Guide for SMEs in Cyber Security Investment Decision-Making (available in English and Welsh). In 2021, she was awarded an EPSRC grant for developing a framework for risk-informed and metrics-enriched cyber security playbooks for enhancing CNI resilience. The prototype of the tool developed in this project which supports the design of cyber security playbooks is available for public review.
Dr Cherdantseva is actively interested in cyber security education and training at all levels – secondary schools, undergraduate and postgraduate degree programmes, PhD research projects and Continues Professional Development courses – she has been involved and led initiatives across all these levels. Dr Cherdantseva is passionate about equality, diversity and inclusion in cyber security – she is a member of the CIISec’s Steering Committee “Women in Cyber” and of the CREST’s working group on Diversity. Recent publications on EDI in cyber include 'How you can help more women study cyber security' in SC Magazine and 'More Women in Cyber Security: The Whys and the Hows' in CIISec's Pulse magazine (2020).
Publication
2024
- Williams, L., Anthi, E., Cherdantseva, Y. and Javed, A. 2024. Leveraging gamification and game-based learning in cybersecurity education: Engaging and inspiring non-cyber students. Journal of The Colloquium for Information Systems Security Education 11(1) (10.53735/cisse.v11i1.186)
2023
- Shaked, A., Cherdantseva, Y., Burnap, P. and Maynard, P. 2023. Operations-informed incident response playbooks. Computers and Security 134, article number: 103454. (10.1016/j.cose.2023.103454)
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2023. A systematic method for measuring the performance of a cyber security operations centre analyst. Computers and Security 124, article number: 102959. (10.1016/j.cose.2022.102959)
2022
- Shaked, A., Cherdantseva, Y. and Burnap, P. 2022. Model-based incident response playbooks. Presented at: 17th International Conference on Availability, Reliability and Security, Vienna, Austia, 23-26 August 2022ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security. ACM pp. 1-7., (10.1145/3538969.3538976)
- Shaked, A., Cherdantseva, Y. and Burnap, P. 2022. Model-based incident response playbooks. Presented at: ARES 2022: The 17th International Conference on Availability, Reliability and Security, 23-26 August 2022ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security. New York: Association for Computing Machinery, (10.1145/3538969.3538976)
- Cherdantseva, Y., Burnap, P., Nadjm-Tehrani, S. and Jones, K. 2022. A configurable dependency model of a SCADA system for goal-oriented risk assessment. Applied Sciences 12(10), article number: 4880. (10.3390/app12104880)
2020
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2020. Cyber security operations centre concepts and implementation. In: Yaokumah, W. et al. eds. Modern Theories and Practices for Cyber Ethics and Security Compliance. IGI Global, pp. 88-104., (10.4018/978-1-7998-3149-5.ch006)
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2020. Challenges and performance metrics for security operations center analysts: a systematic review. Journal of Cyber Security Technology 4(3), pp. 125-152. (10.1080/23742917.2019.1698178)
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2020. Towards a framework for measuring the performance of a security operations center analyst. Presented at: IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020), Dublin, Ireland, 15-17 June 2020.
2018
- De Ribaupierre, H., Jones, K., Loizides, F. and Cherdantseva, Y. 2018. Towards gender equality in software engineering: the NSA approach. Presented at: GE’18:IEEE/ACM 1st International Workshop on Gender Equality in Software Engineering, Gothenburg, Sweden, 28 May 2018GE’18: GE’18:IEEE/ACM 1st International Workshop on Gender Equality in Software Engineering. New York: ACM pp. 10-13., (10.1145/3195570.3195579)
2017
- Eden, P., Blyth, A., Jones, K., Soulsby, H., Burnap, P., Cherdantseva, Y. and Stoddart, K. 2017. SCADA system forensic analysis within IIoT. In: Thames, L. and Schaefer, D. eds. Cybersecurity for Industry 4.0: Analysis for Design and Manufacturing. Springer Series in Advanced Manufacturing, pp. 73-101., (10.1007/978-3-319-50660-9_4)
- Burnap, P., Cherdantseva, Y., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K. 2017. Determining and sharing risk data in distributed interdependent systems. IEEE Computer 50(4), pp. 72-79. (10.1109/MC.2017.108)
2016
- Cherdantseva, Y., Rana, O., Ivins, W. and Hilton, J. 2016. A multifaceted evaluation of the reference model of information assurance and security. Computers and Security 63, pp. 45-66. (10.1016/j.cose.2016.09.007)
- Eden, P., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K., Soulsby, H. and Stoddart, K. 2016. Forensic readiness for SCADA/ICS incident response. Presented at: 4th International Symposium for ICS & SCADA Cyber Security Research, Queen's University Belfast, Belfast, UK, 23-25 August 2016.
- Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K. 2016. A review of cyber security risk assessment methods for SCADA systems. Computers and Security 56, pp. 1-27. (10.1016/j.cose.2015.09.009)
2015
- Eden, P., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K., Hugh, S. and Kristan, S. 2015. A cyber forensic taxonomy for SCADA systems in critical infrastructure. Presented at: The 10th International Conference on Critical Information Infrastructures Security 2015 (CRITIS 2015), Berlin, Germany, 5-7 October 2015.
2014
- Cherdantseva, Y. 2014. Secure*BPMN - a graphical extension for BPMN 2.0 based on a reference model of information assurance & security. PhD Thesis, Cardiff University.
2012
- Cherdantseva, Y., Hilton, J. C. and Rana, O. F. 2012. Towards SecureBPMN - Aligning BPMN with the information assurance and security domain. Presented at: 4th International Workshop, BPMN 2012,, Vienna, Austria, 12-13 September 2012 Presented at Mendling, J. and Weidlich, M. eds.Business Process Model and Notation: 4th International Workshop, BPMN 2012, Vienna, Austria, September 12-13, 2012. Proceedings, Vol. 125. Lecture Notes in Business Information Processing Springer pp. 107-115., (10.1007/978-3-642-33155-8_9)
Articles
- Williams, L., Anthi, E., Cherdantseva, Y. and Javed, A. 2024. Leveraging gamification and game-based learning in cybersecurity education: Engaging and inspiring non-cyber students. Journal of The Colloquium for Information Systems Security Education 11(1) (10.53735/cisse.v11i1.186)
- Shaked, A., Cherdantseva, Y., Burnap, P. and Maynard, P. 2023. Operations-informed incident response playbooks. Computers and Security 134, article number: 103454. (10.1016/j.cose.2023.103454)
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2023. A systematic method for measuring the performance of a cyber security operations centre analyst. Computers and Security 124, article number: 102959. (10.1016/j.cose.2022.102959)
- Cherdantseva, Y., Burnap, P., Nadjm-Tehrani, S. and Jones, K. 2022. A configurable dependency model of a SCADA system for goal-oriented risk assessment. Applied Sciences 12(10), article number: 4880. (10.3390/app12104880)
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2020. Challenges and performance metrics for security operations center analysts: a systematic review. Journal of Cyber Security Technology 4(3), pp. 125-152. (10.1080/23742917.2019.1698178)
- Burnap, P., Cherdantseva, Y., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K. 2017. Determining and sharing risk data in distributed interdependent systems. IEEE Computer 50(4), pp. 72-79. (10.1109/MC.2017.108)
- Cherdantseva, Y., Rana, O., Ivins, W. and Hilton, J. 2016. A multifaceted evaluation of the reference model of information assurance and security. Computers and Security 63, pp. 45-66. (10.1016/j.cose.2016.09.007)
- Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K. 2016. A review of cyber security risk assessment methods for SCADA systems. Computers and Security 56, pp. 1-27. (10.1016/j.cose.2015.09.009)
Book sections
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2020. Cyber security operations centre concepts and implementation. In: Yaokumah, W. et al. eds. Modern Theories and Practices for Cyber Ethics and Security Compliance. IGI Global, pp. 88-104., (10.4018/978-1-7998-3149-5.ch006)
- Eden, P., Blyth, A., Jones, K., Soulsby, H., Burnap, P., Cherdantseva, Y. and Stoddart, K. 2017. SCADA system forensic analysis within IIoT. In: Thames, L. and Schaefer, D. eds. Cybersecurity for Industry 4.0: Analysis for Design and Manufacturing. Springer Series in Advanced Manufacturing, pp. 73-101., (10.1007/978-3-319-50660-9_4)
Conferences
- Shaked, A., Cherdantseva, Y. and Burnap, P. 2022. Model-based incident response playbooks. Presented at: 17th International Conference on Availability, Reliability and Security, Vienna, Austia, 23-26 August 2022ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security. ACM pp. 1-7., (10.1145/3538969.3538976)
- Shaked, A., Cherdantseva, Y. and Burnap, P. 2022. Model-based incident response playbooks. Presented at: ARES 2022: The 17th International Conference on Availability, Reliability and Security, 23-26 August 2022ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security. New York: Association for Computing Machinery, (10.1145/3538969.3538976)
- Agyepong, E., Cherdantseva, Y., Reinecke, P. and Burnap, P. 2020. Towards a framework for measuring the performance of a security operations center analyst. Presented at: IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020), Dublin, Ireland, 15-17 June 2020.
- De Ribaupierre, H., Jones, K., Loizides, F. and Cherdantseva, Y. 2018. Towards gender equality in software engineering: the NSA approach. Presented at: GE’18:IEEE/ACM 1st International Workshop on Gender Equality in Software Engineering, Gothenburg, Sweden, 28 May 2018GE’18: GE’18:IEEE/ACM 1st International Workshop on Gender Equality in Software Engineering. New York: ACM pp. 10-13., (10.1145/3195570.3195579)
- Eden, P., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K., Soulsby, H. and Stoddart, K. 2016. Forensic readiness for SCADA/ICS incident response. Presented at: 4th International Symposium for ICS & SCADA Cyber Security Research, Queen's University Belfast, Belfast, UK, 23-25 August 2016.
- Eden, P., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K., Hugh, S. and Kristan, S. 2015. A cyber forensic taxonomy for SCADA systems in critical infrastructure. Presented at: The 10th International Conference on Critical Information Infrastructures Security 2015 (CRITIS 2015), Berlin, Germany, 5-7 October 2015.
- Cherdantseva, Y., Hilton, J. C. and Rana, O. F. 2012. Towards SecureBPMN - Aligning BPMN with the information assurance and security domain. Presented at: 4th International Workshop, BPMN 2012,, Vienna, Austria, 12-13 September 2012 Presented at Mendling, J. and Weidlich, M. eds.Business Process Model and Notation: 4th International Workshop, BPMN 2012, Vienna, Austria, September 12-13, 2012. Proceedings, Vol. 125. Lecture Notes in Business Information Processing Springer pp. 107-115., (10.1007/978-3-642-33155-8_9)
Thesis
- Cherdantseva, Y. 2014. Secure*BPMN - a graphical extension for BPMN 2.0 based on a reference model of information assurance & security. PhD Thesis, Cardiff University.
Research
My main research interest is in the design of secure information systems. More specifically, I am interested in the modelling of secure intra- and inter-organisational business processes. I also research SCADA/ICS cyber security and risk assessment methodologies.
My other research interests are:
- Cyber Security Incident Response
- Cyber Security Risk Assessment, Management and Governance
- Business Process Modelling
- Complex Inter-Organisational Business Processes
- Integration of Security, Safety and Risk information into Business Process Models
- Cyber Security of SCADA and ICS systems
- Cyber Security Educations
- Gender Equality in Computer Science, Software Engineering and Cyber Security
Funded research projects
- 2021-2023 Research project on cyber security incident management and playbooks design for Critical National Infrastructure. Engineering and Physical Sciences Research Council (EPSRC) (£500K).
- 2020-2021 Research project on cyber security decision-making at Small and Medium-sized Enterprises (SMEs). Funding body: National Cyber Security Centre (NCSC) and Research Centre for Socio-Technical Cyber Security (RISCS) (£60K).
- 2010 -2014: Full PhD scholarship on Design of Secure Business Processes. Funding body: School of Computer Science & Informatics, Cardiff University.
Teaching
I am an experienced lecturer in web-application security; database systems and database systems security, cyber security risk assessment, management and governance; system design and modelling; secure process design; business continuity and transformation.
In 2022-23 academic year, I am involved in the following modules:
CM1301 – Principles, Tools and Techniques for Secure Software Engineering
CMT308 – Business Continuity and Transformation
CMT400 – MSc Dissertation
CM3203 – One Semester Individual Project
Biography
Education
- FHEA
- PhD in Computer Science & Informatics, Cardiff University, UK
- MSc (Hons) in Business Information Systems Design
Honours and awards
- Outstanding Contribution Award, Cardiff University, 2022
- MSc Cyber Security and Technology, Best Academic Programme of the Year Award, FinTech Wales Awards, 2022
- Outstanding Contribution Award, Cardiff University, 2021
Wales Technology Award ‘Trailblazer of the Year’ Awarded to the National Software Academy team, 2017
PhD scholarship from the School of Computer Science & Informatics, Cardiff University, 2010 -2014
Supervisions
Current supervision
Iryna Bernyk
Graduate Demonstrator