Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
9.1
Journals
JCP
Special Issues
Building Community of Good Practice in Cybersecurity
share announcement

Building Community of Good Practice in Cybersecurity

A special issue of Journal of Cybersecurity and Privacy (ISSN 2624-800X). This special issue belongs to the section "Security Engineering & Applications".

Deadline for manuscript submissions: closed (31 December 2025) | Viewed by 66708

Special Issue Editors

Dr. Martin Gilje Jaatun

E-Mail Website
Guest Editor
Department of Electrical Engineering and Computer Science, University of Stavanger, 4021 Stavanger, Norway
Interests: software security; cloud security; critical infrastructure security
Special Issues, Collections and Topics in MDPI journals
Dr. Hanan Hindy

E-Mail Website
Guest Editor
Computer Science Department, Faculty of Computer and Information Sciences, Ain Shams University, Cairo 11566, Egypt
Interests: cyber security; intrusion detection systems; artificial intelligence; machine learning; IoT security
Special Issues, Collections and Topics in MDPI journals
Dr. Aunshul Rege

E-Mail Website
Guest Editor
Department of Criminal Justice, Temple University, Philadelphia, PA 19122, USA
Interests: social engineering; adversarial behavior, decision-making and group dynamics; critical infrastructure; ransomware; cybersecurity education
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Cybersecurity has arguably an important impact on different parts of society. Recent events such as the ransomware attack on the UK National Health Service (NHS), power outages in Ukraine due to cyber attacks, and disruptions to world logistics networks due to unauthorized access to computer networks have reminded us of the central role that cybersecurity plays in our lives.

This Special Issue intends to advance the principles, methods, and applications of cybersecurity, situational awareness, and social media. The purpose of a community of good practice in cybersecurity is to build bridges between academia and industry, and to encourage the interplay of different cultures. We invite researchers and industry practitioners to submit original papers that encompass principles, analysis, design, methods, and applications.

Suggested topics include, but are not limited to, the following:

  • Cyber Situational Awareness;
  • Security in Artificial Intelligence and Robotics;
  • Human Factor Cognition and Security;
  • Security in Blockchain Technologies;
  • STEM and Cyber Security Education;
  • Social Media, Wearable, and Web Analytics Security;
  • Cyber Security;
  • Application Container Platform Security;
  • Cyber Incident Response.

Prof. Dr. Martin Gilje Jaatun
Dr. Hanan Hindy
Dr. Aunshul Rege
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 250 words) can be sent to the Editorial Office for assessment.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Journal of Cybersecurity and Privacy is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1200 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • cyber situational awareness
  • security in artificial intelligence and robotics
  • human factor cognition and security
  • security in blockchain technologies
  • STEM and cyber security education
  • social media, wearable, and web analytics security
  • cyber security
  • application container platform security
  • cyber incident response

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • Reprint: MDPI Books provides the opportunity to republish successful Special Issues in book format, both online and in print.

Further information on MDPI's Special Issue policies can be found here.

Related Special Issue

Published Papers (14 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

Jump to: Review

29 pages, 1206 KB  
Article
An Evidence-Based Architecture for Trustworthy Asset Discovery in Cybersecurity-Critical IT Environments
by Ivana Ogrizek Biškupić, Mislav Balković and Ivan Bencarić
J. Cybersecur. Priv. 2026, 6(2), 67; https://doi.org/10.3390/jcp6020067 - 7 Apr 2026
Viewed by 456
Abstract
Asset discovery is a fundamental but inherently flawed capability in cybersecurity, as current methodologies frequently confuse preliminary discovery observations with definitive asset inventories, thereby obscuring uncertainty, restricting auditability, and eroding trust in security-critical decision-making. This work addresses the issue of inconsistent asset identification [...] Read more.
Asset discovery is a fundamental but inherently flawed capability in cybersecurity, as current methodologies frequently confuse preliminary discovery observations with definitive asset inventories, thereby obscuring uncertainty, restricting auditability, and eroding trust in security-critical decision-making. This work addresses the issue of inconsistent asset identification in dynamic IT settings by presenting an evidence-based architectural paradigm that clearly distinguishes observation, identity resolution, and inventory representation. The principal research aim is to develop and authenticate an architecture that maintains discovery evidence, facilitates deterministic, verifiable identity resolution, and supports interpretable inventory derivation. In contrast to state-centric and model-driven methodologies, the proposed architecture enhances (i) traceability through the preservation of time-scoped, method-attributed observations, (ii) identity continuity amidst dynamic conditions such as IP reassignment and infrastructure modifications, and (iii) auditability by facilitating the reconstruction of inventory claims from foundational evidence. An examined proof-of-concept implementation in a controlled yet realistic network environment shows superior identity stability, greater discovery traceability, and retention of historical context relative to traditional inventory models. The results validate the practicality and architectural benefits of the strategy; nevertheless, the evaluation is constrained by a lack of formalised performance indicators and adversarial robustness, which are recognised as priorities for further investigation. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

21 pages, 1172 KB  
Article
An Examination of LPWAN Security in Maritime Applications
by Zachary Larkin and Chuck Easttom
J. Cybersecur. Priv. 2026, 6(2), 65; https://doi.org/10.3390/jcp6020065 - 3 Apr 2026
Viewed by 436
Abstract
LoRaWAN’s role in global maritime logistics has allowed for efficient monitoring of ships and cargo, but it also comes with critical cybersecurity vulnerabilities. Experimental validation of three attack vectors—replay attacks, narrowband jamming and metadata inference—is conducted using a reproducible digital-twin LoRaWAN dataset reflecting [...] Read more.
LoRaWAN’s role in global maritime logistics has allowed for efficient monitoring of ships and cargo, but it also comes with critical cybersecurity vulnerabilities. Experimental validation of three attack vectors—replay attacks, narrowband jamming and metadata inference—is conducted using a reproducible digital-twin LoRaWAN dataset reflecting Rotterdam port-like operational patterns (N = 20,000 baseline transmissions). Using controlled simulations and Kolmogorov–Smirnov statistical analysis, we show that: (1) replay attacks are feasible under Activation by Personalization (ABP) configurations lacking enforced frame-counter validation and exhibit no univariate separation from legitimate traffic under Kolmogorov–Smirnov analysis (p > 0.46 for all evaluated radio features); (2) narrowband jamming leads to significant SNR degradation (p = 2.36 × 10−5) on targeted channels without inducing broad distributional anomalies across other radio features; and (3) metadata-only analysis supports elevated metadata-based re-identification susceptibility (median Rd=0.834), indicating high predictability under passive observation which can reveal operationally relevant signals even when AES-128 is employed. Our proposed layered mitigation framework consists of mandatory Over-the-Air Activation (OTAA), cryptographic key rotation, channel diversity incorporating Adaptive Data Rate (ADR), gateway hardening, and protocol-level enforcement considerations, customized for maritime LPWAN scenarios. We provide experiment-backed evidence and actionable recommendations to connect academic LPWAN security research to that of industrial maritime practice. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

26 pages, 1444 KB  
Article
Evaluating the Operational Impact of Automated Endpoint Compliance and Security Monitoring in Linux Environments
by Zlatan Morić, Mislav Balković and Donis Isić
J. Cybersecur. Priv. 2026, 6(2), 61; https://doi.org/10.3390/jcp6020061 - 2 Apr 2026
Viewed by 550
Abstract
Ensuring ongoing endpoint security compliance across diverse, hybrid IT infrastructures poses a continual operational challenge, especially in enterprise Linux systems, where manual verification methods are difficult to scale and prone to inconsistency. This study offers an empirical assessment of an automated methodology for [...] Read more.
Ensuring ongoing endpoint security compliance across diverse, hybrid IT infrastructures poses a continual operational challenge, especially in enterprise Linux systems, where manual verification methods are difficult to scale and prone to inconsistency. This study offers an empirical assessment of an automated methodology for monitoring endpoint compliance and security, applied within a mid-sized IT consulting firm. The suggested methodology incorporates automated compliance scanning, malware detection, endpoint verification, and remediation utilising open-source technology, all orchestrated through centralised automation and reporting systems. The evaluation follows an observational comparative methodology, contrasting manual compliance operations with automated enforcement across 60 Linux endpoints (30 Fedora and 30 Ubuntu systems) over two equivalent eight-week operational periods. The analysis emphasises operational parameters such as administrative workload, configuration uniformity, and audit preparedness. The findings demonstrate that automation reduced manual compliance-related tasks by roughly 70–80%, enhanced configuration consistency across endpoints through continuous enforcement, and enabled automated production of audit-ready compliance reports. The findings provide concrete evidence that operational security automation can markedly improve endpoint compliance management in business Linux and hybrid IT environments. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

20 pages, 1014 KB  
Article
Blockchain as a Cybersecurity Enabler in Federated Networks for Resilience and Interoperability
by Jorge Álvaro González, Ana María Saiz García and Victor Monzon Baeza
J. Cybersecur. Priv. 2026, 6(2), 54; https://doi.org/10.3390/jcp6020054 - 13 Mar 2026
Viewed by 700
Abstract
In increasingly interconnected tactical environments, cybersecurity, trust, and interoperability must evolve in tandem. Federated Coalition Networks (FCNs) enable multinational cooperation while preserving national sovereignty; however, the secure management of identities, policies, and configurations across coalition domains remains a critical challenge, particularly under adversarial [...] Read more.
In increasingly interconnected tactical environments, cybersecurity, trust, and interoperability must evolve in tandem. Federated Coalition Networks (FCNs) enable multinational cooperation while preserving national sovereignty; however, the secure management of identities, policies, and configurations across coalition domains remains a critical challenge, particularly under adversarial and resource-constrained conditions. This paper proposes a blockchain-enabled management framework aligned with the defense-in-depth paradigm, focusing on management-plane functions such as policy enforcement, public key infrastructure (PKI) management, and auditable governance, rather than time-critical tactical communications. The solution relies on a permissioned blockchain architecture with Byzantine Fault Tolerant consensus, avoiding energy-intensive Proof-of-Work mechanisms and supporting operation under Disconnected, Intermittent, and Low-bandwidth (DIL) conditions. A coalition-level trust-and-governance model is introduced to prevent unilateral control while preserving national autonomy. A realistic use case and a proof-of-concept implementation demonstrate the feasibility of the approach, showing bounded latency, limited energy overhead, and sufficient throughput for FCN management. These results indicate that appropriately tailored blockchain solutions can effectively enhance resilience, trust, and compliance in federated defense networks. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

23 pages, 831 KB  
Article
Security Aspects of Zones and Conduits in IEC 62443
by Martin Gilje Jaatun, Mary Ann Lundteigen, Christoph Thieme, Lars Halvdan Flå, Karin Bernsmed, Roald Lygre and Fredrik Gratte
J. Cybersecur. Priv. 2026, 6(2), 52; https://doi.org/10.3390/jcp6020052 - 12 Mar 2026
Cited by 1 | Viewed by 1566
Abstract
The IEC 62443 standard defines that, based on risk assessment, different parts of an Industrial Automation and Control System (IACS) may have different security levels, and that parts with the same security level can be designated as separate zones. Furthermore, communication between different [...] Read more.
The IEC 62443 standard defines that, based on risk assessment, different parts of an Industrial Automation and Control System (IACS) may have different security levels, and that parts with the same security level can be designated as separate zones. Furthermore, communication between different zones, both intra-IACS and inter-IACS, can be done via conduits. In this article, we argue that zones and particularly conduits can benefit from more detailed discussions of their architecture and implementation. Consequently, as novel contributions we (1) describe detailed principles for implementing conduits; (2) outline a process for connecting zones with potentially different Security Levels (SLs), expressed in the form of a flow chart; and (3) discuss challenges related to the application of zones and conduits in practice. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

13 pages, 481 KB  
Article
A Conceptual Framework for a Morphological Scenario Library and Playbook Mapping in Cognitive Warfare Defense
by Dojin Ryu
J. Cybersecur. Priv. 2026, 6(2), 46; https://doi.org/10.3390/jcp6020046 - 3 Mar 2026
Viewed by 818
Abstract
Cognitive warfare is a hybrid threat that combines information manipulation with psychological influence, often amplified by digital platforms and synthetic media. Conventional cybersecurity tooling is optimized for technical intrusion and offers limited support for anticipating and responding to influence operations. This paper presents [...] Read more.
Cognitive warfare is a hybrid threat that combines information manipulation with psychological influence, often amplified by digital platforms and synthetic media. Conventional cybersecurity tooling is optimized for technical intrusion and offers limited support for anticipating and responding to influence operations. This paper presents a conceptual framework that structures cognitive warfare threats with General Morphological Analysis (GMA) and links plausible configurations to indicator profiles and response playbooks. We first conduct a PRISMA-informed literature review (2018–2025) to derive a five-dimensional taxonomy (actor, tactic, medium, target, objective). We then apply cross-consistency assessment to remove implausible state-pair combinations and obtain a reduced library of internally consistent scenarios. To support analyst-guided triage, we outline an AI-enabled workflow that maps observable signals to taxonomy states, matches events to scenarios, and prioritizes responses via an auditable, policy-set risk score. Finally, we illustrate the framework on three publicly documented cases and show how each case maps to scenario vectors, indicators, and playbooks. No end-to-end system implementation or performance metrics are reported; the contribution is the structured scenario library and the traceable mapping from observations to response guidance. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

29 pages, 1253 KB  
Article
Enhancing Federated Data Trading via Trustworthy Identity and Access Management Framework
by Kyriakos Stefanidis, Vasilis Bekos and Dimitris Karadimas
J. Cybersecur. Priv. 2026, 6(2), 41; https://doi.org/10.3390/jcp6020041 - 28 Feb 2026
Viewed by 845
Abstract
Trustworthy Identity and Access Management (IAM) is a foundational requirement for federated data trading platforms, yet existing solutions often rely on centralized Identity Providers (IdPs), lack cross-border interoperability, and offer limited support for user-friendly authorization management. These limitations hinder secure onboarding, fine-grained access [...] Read more.
Trustworthy Identity and Access Management (IAM) is a foundational requirement for federated data trading platforms, yet existing solutions often rely on centralized Identity Providers (IdPs), lack cross-border interoperability, and offer limited support for user-friendly authorization management. These limitations hinder secure onboarding, fine-grained access control, and regulatory compliance, especially within European Union (EU) data spaces governed by the Electronic Identification, Authentication, and Trust Services (eIDAS) 2.0 framework. This work presents a comprehensive IAM framework designed for federated data trading environments, developed within the EU-funded PISTIS project. The framework is based on Keycloak IAM and offers three major capabilities: (i) a novel IAM architecture tailored to distributed data trading scenarios; (ii) full integration of eIDAS-compliant cross-border authentication and initial support for European Digital Identity (EUDI) Wallets; and (iii) a standalone, web-based Access Policy Editor (APE) that abstracts Keycloak’s policy engine and enables non-technical users to define fine-grained, owner-driven access rules. The approach is evaluated across real-world mobility, energy, and automotive industry pilots, demonstrating its effectiveness in enhancing trust, interoperability, and usability within regulated data-sharing ecosystems. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

33 pages, 5249 KB  
Article
Privacy Risks of Cybersquatting Attacks
by Jack Kolenbrander, Elliott Rheault and Alan J. Michaels
J. Cybersecur. Priv. 2026, 6(1), 38; https://doi.org/10.3390/jcp6010038 - 19 Feb 2026
Viewed by 813
Abstract
Cybersquatting is a collection of methods commonly used by malicious actors to mislead or trick internet users into accessing fraudulent or malicious content. Much of the current research has concentrated on the specific techniques used by attackers in this domain, such as typosquatting, [...] Read more.
Cybersquatting is a collection of methods commonly used by malicious actors to mislead or trick internet users into accessing fraudulent or malicious content. Much of the current research has concentrated on the specific techniques used by attackers in this domain, such as typosquatting, combosquatting, and sound squatting. Some research has explored the financial and time impacts of cybersquatting; however, an understanding of user privacy impacts is limited. Prior research into privacy implications has primarily relied on passive techniques such as analyzing DNS records, HTML content, and domain registrations. These passive approaches limit the ability to interact with these domains and track the downstream impact of sharing personally identifiable information (PII). This research develops an active open-source intelligence (OSINT) collection system capable of rapidly collecting and analyzing squatting domains through both passive and active techniques, with a particular emphasis on identifying those that solicit user information. Synthetic identities are then registered with these domains, and their associated communications are collected and analyzed to identify privacy-related risks and determine whether shared PII propagates. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

20 pages, 676 KB  
Article
A Human–AI Collaborative Framework for Cybersecurity Consulting in Capstone Projects for Small Businesses
by Ka Ching Chan, Raj Gururajan and Fabrizio Carmignani
J. Cybersecur. Priv. 2025, 5(2), 21; https://doi.org/10.3390/jcp5020021 - 7 May 2025
Cited by 2 | Viewed by 3122
Abstract
This paper proposes a Human-AI collaborative framework for cybersecurity consulting tailored to the needs of small businesses, designed and implemented within a Master of Cybersecurity capstone program. The framework outlines a structured four-stage development model that integrates students into real-world consulting tasks while [...] Read more.
This paper proposes a Human-AI collaborative framework for cybersecurity consulting tailored to the needs of small businesses, designed and implemented within a Master of Cybersecurity capstone program. The framework outlines a structured four-stage development model that integrates students into real-world consulting tasks while aligning with academic and industry objectives. Human–AI collaboration is embedded throughout the process, combining generative AI tools and domain-specific AI agents with human expertise to support the design, delivery, and refinement of consulting resources. The four stages include (1) AI agent development; (2) cybersecurity roadmap creation; (3) resource development; and (4) industry application. Each stage supports both development-oriented outputs—such as templates, training materials, and client deliverables—and research-oriented projects that explore design practices, collaboration models, and consulting strategies. This dual-track structure enables iterative learning and improvement while addressing educational standards and the evolving cybersecurity landscape for small businesses. This framework provides a scalable foundation for capstone-based consulting initiatives that bridge academic learning and industry impact through Human–AI collaboration. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

22 pages, 3553 KB  
Article
Use and Abuse of Personal Information, Part I: Design of a Scalable OSINT Collection Engine
by Elliott Rheault, Mary Nerayo, Jaden Leonard, Jack Kolenbrander, Christopher Henshaw, Madison Boswell and Alan J. Michaels
J. Cybersecur. Priv. 2024, 4(3), 572-593; https://doi.org/10.3390/jcp4030027 - 13 Aug 2024
Cited by 5 | Viewed by 5102
Abstract
In most open-source intelligence (OSINT) research efforts, the collection of information is performed in an entirely passive manner as an observer to third-party communication streams. This paper describes ongoing work that seeks to insert itself into that communication loop, fusing openly available data [...] Read more.
In most open-source intelligence (OSINT) research efforts, the collection of information is performed in an entirely passive manner as an observer to third-party communication streams. This paper describes ongoing work that seeks to insert itself into that communication loop, fusing openly available data with requested content that is representative of what is sent to second parties. The mechanism for performing this is based on the sharing of falsified personal information through one-time online transactions that facilitate signup for newsletters, establish online accounts, or otherwise interact with resources on the Internet. The work has resulted in the real-time Use and Abuse of Personal Information OSINT collection engine that can ingest email, SMS text, and voicemail content at an enterprise scale. Foundations of this OSINT collection infrastructure are also laid to incorporate an artificial intelligence (AI)-driven interaction engine that shifts collection from a passive process to one that can effectively engage with different classes of content for improved real-world privacy experimentation and quantitative social science research. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

26 pages, 3408 KB  
Article
Use & Abuse of Personal Information, Part II: Robust Generation of Fake IDs for Privacy Experimentation
by Jack Kolenbrander, Ethan Husmann, Christopher Henshaw, Elliott Rheault, Madison Boswell and Alan J. Michaels
J. Cybersecur. Priv. 2024, 4(3), 546-571; https://doi.org/10.3390/jcp4030026 - 11 Aug 2024
Cited by 4 | Viewed by 18670
Abstract
When personal information is shared across the Internet, we have limited confidence that the designated second party will safeguard it as we would prefer. Privacy policies offer insight into the best practices and intent of the organization, yet most are written so loosely [...] Read more.
When personal information is shared across the Internet, we have limited confidence that the designated second party will safeguard it as we would prefer. Privacy policies offer insight into the best practices and intent of the organization, yet most are written so loosely that sharing with undefined third parties is to be anticipated. Tracking these sharing behaviors and identifying the source of unwanted content is exceedingly difficult when personal information is shared with multiple such second parties. This paper formulates a model for realistic fake identities, constructs a robust fake identity generator, and outlines management methods targeted towards online transactions (email, phone, text) that pass both cursory machine and human examination for use in personal privacy experimentation. This fake ID generator, combined with a custom account signup engine, are the core front-end components of our larger Use and Abuse of Personal Information system that performs one-time transactions that, similar to a cryptographic one-time pad, ensure that we can attribute the sharing back to the single one-time transaction and/or specific second party. The flexibility and richness of the fake IDs also serve as a foundational set of control variables for a wide range of social science research questions revolving around personal information. Collectively, these fake identity models address multiple inter-disciplinary areas of common interest and serve as a foundation for eliciting and quantifying personal information-sharing behaviors. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

24 pages, 884 KB  
Article
Data Privacy and Ethical Considerations in Database Management
by Eduardo Pina, José Ramos, Henrique Jorge, Paulo Váz, José Silva, Cristina Wanzeller, Maryam Abbasi and Pedro Martins
J. Cybersecur. Priv. 2024, 4(3), 494-517; https://doi.org/10.3390/jcp4030024 - 29 Jul 2024
Cited by 23 | Viewed by 29303
Abstract
Data privacy and ethical considerations ensure the security of databases by respecting individual rights while upholding ethical considerations when collecting, managing, and using information. Nowadays, despite having regulations that help to protect citizens and organizations, we have been presented with thousands of instances [...] Read more.
Data privacy and ethical considerations ensure the security of databases by respecting individual rights while upholding ethical considerations when collecting, managing, and using information. Nowadays, despite having regulations that help to protect citizens and organizations, we have been presented with thousands of instances of data breaches, unauthorized access, and misuse of data related to such individuals and organizations. In this paper, we propose ethical considerations and best practices associated with critical data and the role of the database administrator who helps protect data. First, we suggest best practices for database administrators regarding data minimization, anonymization, pseudonymization and encryption, access controls, data retention guidelines, and stakeholder communication. Then, we present a case study that illustrates the application of these ethical implementations and best practices in a real-world scenario, showing the approach in action and the benefits of privacy. Finally, the study highlights the importance of a comprehensive approach to deal with data protection challenges and provides valuable insights for future research and developments in this field. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

Review

Jump to: Research

39 pages, 1831 KB  
Review
Enhancing EV Charging Resilience: A Review of Blockchain and Cybersecurity Applications
by Gonesh Chandra Saha, Ahmed Afif Monrat and Karl Andersson
J. Cybersecur. Priv. 2026, 6(1), 33; https://doi.org/10.3390/jcp6010033 - 12 Feb 2026
Cited by 1 | Viewed by 998
Abstract
The rapid expansion of electric vehicles (EVs) has added complexity to the resilience and security challenges to the EV charging systems, especially owing to the exposure to the cyber–physical threats and the reliance on centrally coordinated systems. Although the previous literature has discussed [...] Read more.
The rapid expansion of electric vehicles (EVs) has added complexity to the resilience and security challenges to the EV charging systems, especially owing to the exposure to the cyber–physical threats and the reliance on centrally coordinated systems. Although the previous literature has discussed the use of blockchain in the context of smart grids and mobility services; its implementation to improve the resilience of EV charging, particularly when integrated with cybersecurity systems, is still insufficiently synthesized. Despite these issues, critical gaps persist in terms of scalability, interoperability, and cybersecurity enforcement. This study presents an exploratory literature review that examines the intersection of blockchain and cybersecurity enabled applications and introduces a comparative framework evaluating the conventional security controls with blockchain based cybersecurity solutions to improve the resilience of EV charging infrastructure. The authors analyzed 70 studies published between 2018 and 2025 to determine the security weaknesses and map them to decentralized solutions. Reported threats, security mechanisms, architectural decisions, and levels of validation were grouped and reviewed critically in the patterns of limitations with respect to scalability, interoperability, and deployment maturity. Through the synthesis of fragmented results in cross disciplinary research, the paper finds the main gaps in research and comparative research results that could be used as a comprehensive reference in future studies and system design in resilient EV charging infrastructures. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Graphical abstract

25 pages, 878 KB  
Review
Addressing the Cybersecurity Skills Shortage in Lithuania: Policy Insights from the United Kingdom
by Carlene Campbell, Sergio Jofre, Giedre Sabaliauskaite, Carolyne Obonyo and Odayne Haughton
J. Cybersecur. Priv. 2026, 6(1), 29; https://doi.org/10.3390/jcp6010029 - 8 Feb 2026
Viewed by 1166
Abstract
Cybersecurity has become a critical challenge to policy as cyber threats continue to increase in frequency, sophistication, and societal impact, exposing the growing vulnerability of the critical infrastructure supporting vital societal functions. Globally, these risks are heightened by a persistent shortage of skilled [...] Read more.
Cybersecurity has become a critical challenge to policy as cyber threats continue to increase in frequency, sophistication, and societal impact, exposing the growing vulnerability of the critical infrastructure supporting vital societal functions. Globally, these risks are heightened by a persistent shortage of skilled cybersecurity professionals, which, in Europe, threatens the effective implementation of the Union’s Network and Information Security Directive 2 (NIS2) concerned with the enhancement and harmonization of the cybersecurity level across Member States, notably in terms of their critical infrastructure and involved entities. This article examines the cybersecurity skills landscape across the European Union (EU), with a specific focus on Lithuania, using the United Kingdom (UK) as a strategic benchmark subject. Adopting a comparative case study approach, the study explores and discusses governance arrangements, education and training pathways, labour-market dynamics, and quality-assurance mechanisms shaping cybersecurity workforce development. Technical, organisational, and transversal skills required to prepare an effective cybersecurity workforce in a rapidly evolving labour landscape are also discussed. Findings reveal that Lithuania faces an acute shortage of advanced practitioners and limited alignment between education provision, labour-market needs, and regulatory requirements. In response, the article proposes policy-informed strategies adapted from the UK’s structured and professionalised cybersecurity skills model, explicitly mapped to NIS2 workforce and capability requirements. Identified strategies emphasise the need of coordinated action across schools, higher education institutions, government, industry, and the wider community. Potential enablers and constraints for the operationalization of the identified strategies are further analysed and discussed. The study aims to contribute to ongoing policy debates by demonstrating how a strategic context-sensitive selection and adaptation of key components in established skills frameworks can support the development of a sustainable national cybersecurity skills ecosystem and enhance long-term digital resilience, not only in Lithuania but also in other Member States across the EU. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-14
Back to TopTop