Data Governance to Counter Hybrid Threats against Critical Infrastructures

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

Hello Authors, 

Thank you for submitting your manuscript for review. I have looked at your work and it does present some merits in the domain; however, there are some areas the must be retouched in order to achieve the quality needed to publish.

Abstract: You don't need to identify each section, such as, introduction: xxx, method: xxx, ..etc. Abstract is an important element in the paper that needs clarification on the problem before jumping into the study. Please clarify in your revised version how the following statements in the abstract are relevant to the study: Implementing robust frameworks enhances resilience against hybrid threats, establishes trusted information exchange, and promotes stakeholder collaboration for emergency response. Integrating data governance with Infosec strengthens security measures, enabling proactive monitoring, mitigating threats, and safeguarding critical infrastructure from cyber attacks and other malicious activities.

In introduction section, please provide a table showing other studies that discussed that topic and check what areas and domains have been covered or uncovered and show at the end your study and tell the readers what domains and areas you are covering to demonstrate the originality of the paper. At the end of section 1, please write a paragraph to discuss how the paper is structured and what are you covering, such as, the remainder of this paper is as follows: section 2, cover materials and methods of ...

In table 1, add: mitigation strategies, and impact severity, and the reference. 

Reference 24 is a great value in this paper. Please find more papers similar. 

You need some extra references from governments' reports and case studies to demonstrate the originality as the paper does not sepcify particular country. 

 

Overall, good effort and with the work done on the revised version, it can be ready for publishing. 

Best of luck.

Comments on the Quality of English Language

English quality is good, but needs minor proofreading to improve the clarity the statements' structure.

Author Response

Comment 1: ... Please clarify in your revised version how the following statements in the abstract are relevant to the study: Implementing robust frameworks enhances resilience against hybrid threats, establishes trusted information exchange, and promotes stakeholder collaboration for emergency response. Integrating data governance with Infosec strengthens security measures, enabling proactive monitoring, mitigating threats, and safeguarding critical infrastructure from cyber attacks and other malicious activities.

Response1: we proceeded as recommended and tried to clarify how the proposed framework enhances resilience against hybrid threats. The revised version is marked with changes in Yellow.

 

Comment 2: In introduction section, please provide a table showing other studies that discussed that topic and check what areas and domains have been covered or uncovered and show at the end your study and tell the readers what domains and areas you are covering to demonstrate the originality of the paper. At the end of section 1, please write a paragraph to discuss how the paper is structured and what are you covering, such as, the remainder of this paper is as follows: section 2, cover materials and methods of ...

Response 2: we proceeded as recommended and added additional paragraphs as suggested. The revised version is marked with changes in Yellow.

 

Comment 3: Reference 24 is a great value in this paper. Please find more papers similar. 

Response 3: we proceeded as recommended and added 6 new references with great value to this paper.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

Could you provide more detailed insights into the methodological framework you used for analyzing hybrid threats? Specifically, how does the integration of the Business Process Model and Notation (BPMN) enhance the response actions to these threats, and what unique advantages does it offer over other methodologies?

 

The paper emphasizes the importance of integrating data governance with business process management. Could you elaborate on the specific data governance strategies implemented in the case study, particularly how they address internal and external hybrid threats?

 

You mention using IoCs and IoAs in the Infosec Dashboard to monitor and respond to incidents. Could you provide specific examples of how these indicators have been utilized in real-world scenarios to prevent or mitigate hybrid threats, particularly in critical infrastructure like airports?

 

The response phase of the Infosec lifecycle involves swift actions to contain and neutralize threats. Could you discuss any challenges encountered during the implementation of these response strategies and their effectiveness in real-world applications, especially in complex systems like airports?

 

Comments on the Quality of English Language

Minor editing of English language required

Author Response

Comment 1: Could you provide more detailed insights into the methodological framework you used for analyzing hybrid threats? Specifically, how does the integration of the Business Process Model and Notation (BPMN) enhance the response actions to these threats, and what unique advantages does it offer over other methodologies?

Response1: we proceeded as recommended and tried to clarify how BPMN contributes to enhancing the response actions to these threats. The revised version is marked with changes in Yellow.

 

Comment 2: The paper emphasizes the importance of integrating data governance with business process management. Could you elaborate on the specific data governance strategies implemented in the case study, particularly how they address internal and external hybrid threats?

Response 2: we proceeded as recommended and tried to clarify the importance of integrating data governance with business process management. The revised version is marked with changes in Yellow.

 

Comment 3: You mention using IoCs and IoAs in the Infosec Dashboard to monitor and respond to incidents. Could you provide specific examples of how these indicators have been utilized in real-world scenarios to prevent or mitigate hybrid threats, particularly in critical infrastructure like airports?

Response 3: we proceeded as recommended and tried to provide examples of the suggested indicators. The revised version is marked with changes in Yellow.

 

Comment 4: The response phase of the Infosec lifecycle involves swift actions to contain and neutralize threats. Could you discuss any challenges encountered during the implementation of these response strategies and their effectiveness in real-world applications, especially in complex systems like airports?

Response 4: we proceeded as recommended and tried to provide information on the challenges of implementing response strategies in the Infosec lifecycle. The revised version is marked with changes in Yellow.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

Comments and Suggestions for Authors

The authors have addressed all the concerns.

Comments on the Quality of English Language

Minor editing of English language required