8,187 research outputs found
Cyber Threat Observatory: Design and Evaluation of an Interactive Dashboard for Computer Emergency Response Teams
Computer emergency response teams (CERTs) of the public sector provide preventive and reactive cybersecurity services for authorities, citizens, and enterprises. However, their tasks of monitoring, analyzing, and communicating threats to establish cyber situational awareness are getting more complex due to the increasing information volume disseminated through public channels. Besides the time-consuming data collection for incident handling and daily reporting, CERTs are often confronted with irrelevant, redundant, or incredible information, exacerbating the time-critical prevention of and response to cyber threats. Thus, this design science research paper presents the user-centered design and evaluation of the Cyber Threat Observatory, which is an automatic, cross-platform and real-time cybersecurity dashboard. Based on expert scenario-based walkthroughs and semi-structured interviews (N=12), it discusses six design implications, including customizability and filtering, data source modularity, cross-platform interrelations, content assessment algorithms, integration with existing software, as well as export and communication capabilities
ECHO Information sharing models
As part of the ECHO project, the Early Warning System (EWS) is one of four technologies under development. The E-EWS will provide the capability to share information to provide up to date information to all constituents involved in the E-EWS. The development of the E-EWS will be rooted in a comprehensive review of information sharing and trust models from within the cyber domain as well as models from other domains
Two Heads are Better than One: A Theoretical Model for Cybersecurity Intelligence Sharing (CIS) between Organisations
So-called ‘social bots’ have garnered a lot of attention lately. Previous research showed that they attempted to influence political events such as the Brexit referendum and the US presidential elections. It remains, however, somewhat unclear what exactly can be understood by the term ‘social bot’. This paper addresses the need to better understand the intentions of bots on social media and to develop a shared understanding of how ‘social’ bots differ from other types of bots. We thus describe a systematic review of publications that researched bot accounts on social media. Based on the results of this literature review, we propose a scheme for categorising bot accounts on social media sites. Our scheme groups bot accounts by two dimensions – Imitation of human behaviour and Intent
Towards Building National Cybersecurity Awareness
The paper depicts a complex, distributed information system aimed at promoting cybersecurity awareness at the national level. The system, that is built in accordance with the Act on National Cybersecurity, passed by the Polish Parliament, enables collecting and processing in near-real time available information on the security status of essential services and digital services and, also, provides for assessment of negative impact of the identified threats concerned with the provision of those services. Advanced access control and dissemination mechanisms, for secure information sharing within the system, are provided in order to aggregate distributed knowledge and use this information for on-line security risk analysis and for generation and distribution of early warnings
Think twice before you click! : exploring the role of human factors in cybersecurity and privacy within healthcare organizations
The urgent need to protect sensitive patient data and preserve the integrity of
healthcare services has propelled the exploration of cybersecurity and privacy within
healthcare organizations [1]. Recognizing that advanced technology and robust security
measures alone are insufficient [2], our research focuses on the often-overlooked
human element that significantly influences the efficacy of these safeguards. Our
motivation stems from the realization that individual behaviors, decision-making
processes, and organizational culture can be both the weakest link and the most potent
tool in achieving a secure environment. Understanding these human dimensions is
paramount as even the most sophisticated protocols can be undone by a single lapse in
judgment. This research explores the impact of human behavior on cybersecurity and
privacy within healthcare organizations and presents a new methodological approach
for measuring and raising awareness among healthcare employees. Understanding the
human influence in cybersecurity and privacy is critical for mitigating risks and
strengthening overall security posture. Moreover, the thesis aims to place emphasis on
the human aspects focusing more on the often-overlooked factors that can shape the
effectiveness of cybersecurity and privacy measures within healthcare organizations.
We have highlighted factors such as employee awareness, knowledge, and behavior that
play a pivotal role in preventing security incidents and data breaches [1]. By focusing on
how social engineering attacks exploit human vulnerabilities, we underline the necessity
to address these human influenced aspects. The existing literature highlights the crucial
role that human factors and awareness training play in strengthening cyber resilience,
especially within the healthcare sector [1]. Developing well-customized training
programs, along with fostering a robust organizational culture, is vital for encouraging a
secure and protected digital healthcare setting [3]. Building on the recognized
significance of human influence in cybersecurity within healthcare organizations, a
systematic literature review became indispensable. The existing body of research might
not have fully captured all ways in which human factors, such as psychology, behavior,
and organizational culture, intertwined with technological aspects. A systematic
literature review served as a robust foundation to collate, analyze, and synthesize
existing knowledge, and to identify gaps where further research was needed. In
complement to our systematic literature review and investigation of human factors, our
research introduced a new methodological approach through a concept study based on
an exploratory survey [4]. Recognizing the need to uncover intricate human behavior and
psychology in the context of cybersecurity, we designed this survey to probe the
multifaceted dimensions of cybersecurity awareness. The exploratory nature of the
survey allowed us to explore cognitive, emotional, and behavioral aspects, capturing
information that is often overlooked in conventional analyses. By employing this tailored
survey, we were able to collect insights that provided a more textured understanding of how individuals within healthcare organizations perceive and engage with cybersecurity measures
- …