امنیت سایبری

The country's cyberspace is a living and dynamic environment or a large ecosystem in which various actors are present. Most of the country's economic, cultural, social and governance activities and interactions are carried out in this ecosystem. Various and complex vulnerabilities, threats and attacks are directed at the cyber ecosystem. Cyber defense is the use of all the non-aggressive cyber and non-cyber facilities of the country in order to create deterrence, prevention, prevention, timely detection, effective and deterrence against any cyber attack on the country's national cyber assets. In recent years, the lack of a scientific view and an integrated approach to cyber defense issues and little attention to the diverse circles of the cyber defense ecosystem have caused challenges in the country. Therefore, the main goal of this research is to identify the key actors of the cyber defense ecosystem of the country's vital and sensitive infrastructures and determine their role. This research is of developmental-applied type and was done with descriptive-analytical method. Sample t-test, normality test and network analysis tests are among the methods used to analyze and describe statistical data. After conducting theoretical studies and interviewing experts and distributing questionnaires, based on the data analysis of 44 people in the sample community, the number of 28 key actors of this ecosystem at two strategic and operational-executive levels and 25 major roles for actors were counted. Using social network analysis software, the relationship between actors and roles in the ecosystem has been determined and drawn.

Peace and security in the national and international dimensions had different meanings for states and the world community in successive periods, and due to this reason there are different approaches to them. With the arrival of new areas such as cyberspace and today artificial intelligence, these classic definitions have undergone changes. Terrorism is known as disrupting international order, peace and security. Considering the characteristics of the cyber space, cyber terrorism raises the need to recreate concepts such as digital security, regularizing the use of artificial intelligence technology, and most importantly, human security.This research was written using library documents and sources on descriptive-analytical method.Cyber threat is one of the most serious threats against national interests and international security. Due to the serious destruction of vital infrastructure, some countries have declared that they consider it as a military attack and will respond to it militarily. Cyber space and artificial intelligence have questioned all common and traditional understandings of the concept of national security. Therefore, these concepts need to be redefined in the light of international custom resulting from the decisions of organizations such as the United Nations and NATO.The technological opportunities created by cyberspace and artificial intelligence shape the future, but do not determine it. In order to manage the challenges ahead, states should put a national strategy on how to use the benefits of cyberspace and artificial intelligence while reducing its harmful effects by adopting measures based on international cooperation.

While the classical view (in the form of Realism and its branches) considered power limited to objective fields, the emergence of new technologies, including Information and Communication Technology, has enabled both the creation of power through knowledge and the generation of wealth through cyberspace and has opened a new arena for everyone. Today, the importance of cyberspace is so great that it has affected strategic interactions at international system and has transformed the political economy system of the world. Increasing the depth of the role of the cyber agent has made countries face security risks. Therefore, in order to achieve national power, the countries have formulated their macro-policies in the cyber field with a strategic view and are trying to extract benefits of this new field and simultaneously, face its security problems correctly. The main question of the research is, “what kind of policy and structuring will maximize the exploitation of the cyber space”? Research studies show that fully exploiting the potential of cyberspace is a special form of acting that has not been successful in the Islamic Republic of Iran. The theoretical framework of the research is the political economy approach and the research has used the descriptive-analytical method to achieve its goals. Data collection is through library, internet and documentary studies and process analysis will be done theoretically.

In recent years, the recognition of cyberspace as an emerging military domain has prompted significant changes in the approaches of countries and organizations to the concept of cyber defense. NATO, as an international military organization, has also been impacted by this process and has undertaken the task of updating and redesigning its cyber defense strategy for nearly a decade. The purpose of this article is to investigate the impact of identifying cyberspace as a new military domain on NATO's cyber defense strategy and to analyze these effects descriptively. The findings of this research indicate that recognizing cyberspace as a new military domain has significantly influenced NATO's cyber defense strategy in recent years. NATO has developed new policies and frameworks to address cyber threats and has substantially increased its investments in strengthening cyber defense capabilities. Moreover, ensuring the security of cyberspace, as a fundamental aspect of creating an effective cyber defense strategy, has played a prominent role in realizing the principle of NATO's collective defense in the cyber domain. Given the importance and necessity of updating cyber defense strategies based on current requirements and complexities in this field, the results of this research can be a valuable resource for policymakers, military commanders, and researchers active in the field of cyber defense in the Islamic Republic of Iran to make innovative decisions and develop effective strategies in this area.

The special features of cyberspace, such as universality, providing the possibility of anonymity and rapid changes, along with its great impact on individual and collective life, make its policymaking and regulation challenging. The security and resilience of cyberspace as one of the complex aspects of cyberspace policymaking and the intersection point of technical, security, cultural and social points of view has also been considered in upstream documents and Tadbir No. 15 of the document of the Islamic-Iranian model of progress is dedicated to the security and resilience of cyberspace and the need to use local knowledge and global partnerships in it. An issue that seems to have been left aside in many policies and practical decisions related to cyberspace in favor of a non-specialist security perspective. This article based on qualitative research methodology and analytical-descriptive research method, by examining some of the most important challenges of cyberspace and its security and resilience in Iran and comparison with similar global samples, tries to provide suggestions for policy regarding cyberspace in Iran. Staying away from the security discourse in everyday life issues, reducing criminalization, improving the conditions and attracting foreign companies in the field of cyberspace instead of repelling them, improving the economic and cultural conditions for the non-immigration of specialists in this field, leaving space for popular regulation of cyberspace away from governmental interventions and attention to upstream documents, including the Islamic-Iranian Model document, are the progress of some of the solutions and policy proposals presented in this article.

Today, cyber space has been turned into one of the most important dimensions of security in our world. With the development and growth of cyber technology, we face an increase in threats of this arena. According to their goals, governmental and non- governmental actors have taken actions against U.S national security. Therefore, change and evolution in the national security with considering cyberspace and its possible threats, from George W. Bush time, has borne different characteristics. The paper tries to review the characteristics of policy and strategies of the U.S presidents against the threats. To answer the paper`s central question, we show that the U.S cyber strategy, under Bush, was defensive and marginal; had domestic and international development under Obama; and was openly offensive under Trump. This paper has been written by library resources and documents in content analysis method and descriptive approach.Keywords: Cyber security, US, Bush, Obama, Trump

Security is the most important component in the political authority of governments and the cyber world violates it by acknowledging its valuable achievements. Therefore, developing an effective preventive criminal policy against cyber security violation is so important that neglecting it can cause the criminal system to face irreparable challenges. Despite the approval of the international document on cyber security, this paper, using the method of document analysis and a descriptive analytical method, seeks to read the strategies of Iran's cyber security order in the upstream laws and documents and examine the state of social preventive criminal policy in the laws of other countries. It seems that criminal policymaking in Iran can play a significant role, especially in the field of social preventive measures against cyber security violations. In this way, different countries have adopted several security approaches to prevent cyber security violations. Based on the findings of this research, although Iran has considered different strategies in strengthening the security foundations of cyber encounters, due to the lack of appropriate differential policy, it has not yet succeeded in adopting centralized social preventive mechanisms and efficiency in preventing cyber security violations has not been considered and the measures applied are often non-technical in nature, such as training and promotion of digital Knowledge.

the need for a cyber security maturity model of telecom operators will be inevitable. In this regard, Firstly, 350 indicators were extracted from about 100 theoretical literatures. Secondly, all components of 17 security maturity models like: C2M2, CySAFE, COBIT-IS, Forrester, etc were studied and 16 common components of those are ranked.The 350 extracted indicators were then mapped in the 16 components. About 40 indicators were not included in these components. So 5 new components (as innovation of proposed model), were added and the remaining 40 indicators located in those, as follows: Architecture and process, emerging technologies, stakeholder management, life cycle management, uncertainty.Thirdly, 4 widely used security maturity models in ICT businesses were selected. Then, component / indicators of the proposed maturity model were mapped on the 4 selected models to be sure the correspondence of each of the components/ indicators of the proposed model with 4 selected maturity models ones. In addition, by reviewing the theoretical literature and field and library studies, 4 dimensions include: human, process, technology, and data, and 5 maturity levels were selected for proposed model. Finally, a total of 4 dimensions, 18 components, 99 indicators, and 5 maturity levels were obtained as proposed model.

Cyber attacks are a global problem that now pose great threats to the world security. Every day we see cyber attacks around the world in such a way that currently no part of the world is immune to these attacks. Capacities and potentials that The cyberspace has brought about human society has led countries to exploit these capacities and potentials for their own political and economic purposes that this has disrupted global cybersecurity. The only thing that can help solve this problem in the world is the cooperation of States at the international level to strengthen their cyber security. In this study , the question which arises is that What is the need for states to work together to strengthen their cyber security? Using the descriptive – analytical method , this question has been answered that because all aspect of human life has got dependent on cyber technologies and such a level of dependence leads to the abuse of some states in carrying out cyber attacks on the vital infrastructures of states , it is necessary that in order to strengthen cyber security , states should cooperate globally.

Cyber ​​threats are a global phenomenon that is becoming increasingly complex and influential despite advances in technology and cybersecurity performance. Cybersecurity issues depend on a variety of factors: the growing reliance on information technology for various functions, the behavioral characteristics of political actors that lead to conflict and war, and the vulnerabilities of information technology that disrupt performance. This article addresses this fundamental question: Given the main sources of cyber insecurity in the region, how have states responded to this challenge? Relying on a realistic approach and a descriptive-analytical approach, this paper seeks to confirm the hypothesis that regional governments, as key players, have responded differently to cyber insecurity. At the national level, some states have sought to increase cybersecurity capacity, prioritizing important institutional and administrative changes such as digital defense and integration into military capabilities. At the international level, some countries in the region have also participated in negotiations on international cyber norms, while others in the region are outside the process. The results of this paper are based on several recommendations at the national policy level and also on cyber changes in the region.

The strategic position of the Islamic Republic of Iran in the region and the international system and the failure of the domination system in the field of severe and costly threats has changed the strategy of the enemies of the Islamic system and the use of existing capacities in cyberspace to confront the Islamic Republic of Iran.  Cybersecurity is one of the components of national security that should be seriously considered and evaluated on an ongoing basis. Proper assessment of cyber security identifies the strengths and weaknesses of countries in various fields and by planning and providing the necessary strategies, ultimately leads to its promotion. In this regard, the purpose of this study is to achieve a native model of cyber security assessment of the Islamic Republic of Iran. Based on the orders and measures of the Supreme Leader, upstream documents in the field of cyber and documents of global institutions and using the clustering technique in content analysis and Delphi method, five concepts of governance, legal, empowerment and capacity Construction, defense-security and socio-cultural were identified as the main dimensions of the cyber security assessment model and then the components and stakeholders of each of these dimensions were extracted and finally the cyber security assessment model of the Islamic Republic of Iran was presented after approval by cyber experts.

The development of science and technology, while having positive and peaceful effects, can also be used for military and non-peaceful purposes, and can challenge international peace and security. In the conflict between different approaches to national security and international security, the competition between disarmament and deterrence continues. One of the factors influencing the continuation of this is scientific and technological advances that, while contributing to development in various dimensions and levels, like many other phenomena in national security discourses in general and in disarmament circles in particular. The present article tries to examine the effects of the application of scientific and technological advances such as artificial intelligence, cyber, electromagnetism, aerospace, materials technology and finally the chemical and biological field in weapons and methods of warfare on the one hand and the relevant views and positions in Explain the form of disarmament and arms control on the other hand.

In recent decades, as the Internet and cyberspace have increased, a range of governments have redesigned and revised policies to protect their infrastructure and citizens from potential and actual cyber threats. One of the most important of these measures is to identify the capabilities of the required cyber security organizations to fulfill their tasks and missions. Therefore, in this research, we have designed the cyber security organizational capability model as the main goal of the research.

from the objective point of view, the present study is applied-developmental and is also a quantitative research in terms of data collection and analysis. based on the results of exploratory studies and by extracting 45 indicators, 23 components and 7 dimensions, a conceptual model was designed. In the second stage, the face validity and reliability of the model components were examined by consulting 8 experts. In the third stage, based on the opinions of 43 scientific and executive experts in the field of cyber security, the desirability of the model components was evaluated using SPSS and PLS software.

Based on these findings, the model of organizational capabilities in the field of cyber security includes seven dimensions of dynamic human resource, jihad culture, cyber resilience, Organizational Ambidexterity, organizational capital, Transformational leaders and powerful cyber responsive teams.

The current research was conducted with the aim of designing and constructing a tool for the evaluation of cyber security culture and awareness in 1401 in a mixed (qualitative-quantitative) method to answer the question of what items the cyber security culture and awareness evaluation tool consists of? In the qualitative part, the upstream texts of the last three years and the opinions of the experts in this field were used to get the basic structure of the tool, and in the quantitative part, the basic structure of the tool was given to a small sample of the target community to determine the validity and reliability of the tool based on the obtained data. In order to check the validity, content validity, discriminant validity and internal consistency and intra-cluster correlation were used to check the validity of the data. The error percentage of the identification algorithm was 4%, which was calculated with the Holstie coefficient. The findings from the qualitative part showed the number of 75 effective components in cyber security culture and awareness, based on which the initial pool was prepared with 98 items. After placing the initial pool of items at the disposal of the experts, the findings of the content validity check showed that 56 items did not have the required quality and were removed. Examining the differential power showed that the power was higher than 1 for all the items, except item number 41. The validity results showed that item number 8 lacked acceptable correlation, so it was removed from the final form. The upper limit of the ICC confidence interval also indicated a very good agreement between the judges. In general, it can be said that Form 41 of the prepared questionnaires has acceptable content validity and reliability, therefore, it has the necessary conditions for examination at the level of the main sample of the target group and it can be used in a large sample of the target group, in order to achieve the final structure and Norm scores were used..

In contrast to more traditional forms of cyberattack, cyber operations today target people within a society, influencing their beliefs as well as behaviors, and diminishing trust in the government. Islamic Republic of Iran adversaries now seeks to control and exploit the Social Media capacities to harm national interests, discredit public and private institutions, and sow domestic strife. This imperceptible operation represents a relatively novel and increasingly dangerous means of persuasion within social media. Thus, instead of attacking the military or economic infrastructure, state and non-state actors outside Iran can access streams of online information via social media to menace the social cybersecurity of Iran. This research study the quiddity of social cybersecurity and its differences with cybersecurity. Based on the results, social cybersecurity in terms of nature, tools, and goals is different from cybersecurity. Social media due to two important factors; “Decentralization” and “Physical presence not required” provide space for creation and spread Harmful content like fake news and threat social cybersecurity.

 With the development and expansion of cyberspace, various aspects of citizens' lives are clearly intertwined with this space, and any insecurity and challenges in this space will directly or indirectly affect the lives and behavior of citizens. Therefore, cybersecurity is one of the components of national security that should be seriously considered and evaluated on an ongoing basis. Proper assessment of cyber security identifies the strengths and weaknesses of systems and networks in various areas, and by planning and providing the necessary strategies, ultimately promotes cyber security. Accordingly, we need to explain and use indicators to perform the evaluation. Comparative study of cyber security evaluation indicators can be used in compiling local indicators of cyber security evaluation in our country, while developing the literature and promoting common knowledge and understanding of their dimensions and components and enumerating their characteristics. In this regard, the purpose of this study is to conduct a comparative study to provide the most important indicators of cyber security assessment in the world and the region. This research is of applied type and using the method of comparative study and citing library resources, has reviewed the reports provided by reputable international authorities in the field of cyber security evaluation and finally by selecting seven valid evaluation models and Comparative comparison of their criteria such as focus, objectives, dimensions and approach of the results are presented in the form of a set of cyber security evaluation indicators.

War game is a method and a tool that enables commanders and managers to make optimal decisions. The role of playing war in different fields (military, economic, political, social and cultural, etc.) is to choose the best internal solutions against threats, or in other words, to make a good decision. The aim and findings of this article is to present a process model of the war game in command and control and to create a standard method for unanimity in doing this. Undoubtedly, decision-making and planning, which are considered critical steps in command and control, will be effective and desirable when they use the war game method. The research method in this article was library and documentary study and using reliable scientific sources, the experiences of experts in this field through in-depth interviews.

Cyber security has become a major problem in the world, and ASEAN has taken urgent steps to address cybersecurity. Security measures and other efforts to combat cyber incidents at the regional and national levels demonstrate ASEAN's awareness of the importance of a robust cyber approach that can be achieved by examining cyber security indicators with defense issues. Defense against innovative cyber-attacks, strategies against cyber security threats, government policies and protection of privacy, protection of computer infrastructure in government and legal and ethical issues in cyberspace are the objectives of this research with a descriptive-analytical approach. It comes to mind that the ASEAN countries have based their cyber security study axes on achieving a robust cyber approach, and how much research has been done on these indicators so far? The findings show that there has been limited research on cybersecurity research indicators, particularly government policies and privacy protection in some ASEAN countries, which is directly related to the increase in cybercrime.

Due to the increasing development of information technology, researchers estimate that in the near future, organizational structures will act hastily for fear of backwardness. Without sufficient attention to the security dimensions, they ignore the need for intelligent security simply by emphasizing cyberization and allocating large costs for preparing the technical infrastructure. In this regard, by observing the security dimensions, our research tries to identify and prioritize the drivers that have the most ability to provide cyber services.

Our research is descriptive-analytical. The data collection is done theoretically in accordance with library studies; its tool is analytically questionnaire and data analysis is conducted by SPSS and Mic-Mac software.

Considering the security dimensions according to experts, we identified 12 drivers with the highest potential to provide cyber services and prioritized them in 4 areas. Next, by considering the two parameters of action and reaction, we explored the relationships between the drivers. Finally, we tried to bring the system closer to stability by prescribing an appropriate procedure.

According to the results of the research, in order to provide cyber services, the government should consider the degree of the organization's action and reaction and avoid making sporadic decisions that do not have a specific priority. In the realization of its cyber services, it should also pay special attention to the security dimension.

In recent decades, as the Internet and cyberspace have increased, a range of governments have redesigned and revised policies to protect their infrastructure and citizens from potential and actual cyber threats. They have developed their structures and strategies in the military and security fieldsCompetency models are leverage points of effective and efficient human resources management in the field of cyber security. Therefore, in this research, we have designed the cyber security personnel competency model as the main goal of the research. From the objective point of view, the present study is applied-developmental and is also a quantitative research in terms of data collection and analysis. In In order to achieve the research objectives in the first stage after extracting 24 indicators from exploratory studies a conceptual model of research was designed in the form and structure of the iceberg model. In the second stage, a questionnaire was developed based on the model components. The validity and reliability of this questionnaire were evaluated by a survey of 8 experts. In the third stage, according to the opinions of 43 experts in the field of cyber security, the utility and relationships of model components were evaluated using SPSS and PLS software. Based on the results of the research, the model of personnel competence includes two dimensions of technical and professional competencies and general competencies. Technical and professional competencies consist of knowledge and skills. General competencies include self-conceptual components, personality traits, and motivations.