A collaborative approach for national cybersecurity incident management

Collaborative-based national cybersecurity incident management benefits from the huge size of incident information, large-scale information security devices and aggregation of security skills. However, no existing collaborative approach has been able to cater for multiple regulators, divergent incident views and incident reputation trust issues that national cybersecurity incident management presents. This paper aims to propose a collaborative approach to handle these issues cost-effectively. A collaborative-based national cybersecurity incident management architecture based on ITU-T X.1056 security incident management framework is proposed. It is composed of the cooperative regulatory unit with cooperative and third-party management strategies and an execution unit, with incident handling and response strategies. Novel collaborative incident prioritization and mitigation planning models that are fit for incident handling in national cybersecurity incident management are proposed. Use case depicting how the collaborative-based national cybersecurity incident management would function within a typical information and communication technology ecosystem is illustrated. The proposed collaborative approach is evaluated based on the performances of an experimental cyber-incident management system against two multistage attack scenarios. The results show that the proposed approach is more reliable compared to the existing ones based on descriptive statistics. The approach produces better incident impact scores and rankings than standard tools. The approach reduces the total response costs by 8.33% and false positive rate by 97.20% for the first attack scenario, while it reduces the total response costs by 26.67% and false positive rate by 78.83% for the second attack scenario.N/

Security readiness evaluation framework for Tonga e-government initiatives

The rapid expansion of the Information and Communication Technologies (ICTs) in the Pacific have reached the Kingdom of Tonga. The submarine fibre-optic cable which connects Tonga to Fiji and onward to a hub in Sydney went live 2013. Now the people of Tonga experience the high-speed impact of digital communication, fast international access, and social changes such as the government is implementing a digital society through e-government services. This study focuses on identifying the factors that will later become a vulnerability and a risk to the security of Tonga government e-government initiatives. Data was collected through interviews with three government officials, document analysis, and critical reflection on the theory context. Consequently, a security-readiness evaluation framework has been designed from the data analysis to inform the e-government initiatives. This study contributes a security-readiness evaluation framework for use in developing countries to guide the implementation of e-government initiatives

Combining Sociocultural Intelligence with Artificial Intelligence to Increase Organizational Cyber Security Provision through Enhanced Resilience

Although artificial intelligence (AI) and machine learning (ML) can be deployed to improve cyber security management, not all managers understand the different types of AI/ML and how they are to be deployed alongside the benefits associated with sociocultural intelligence. The aim of this paper was to provide a context within which managers can better appreciate the role that sociocultural intelligence plays so that they can better utilize AI/ML to facilitate cyber threat intelligence (CTI). We focused our attention on explaining how different approaches to intelligence (i.e., the intelligence cycle (IC) and the critical thinking process (CTP)) can be combined and linked with cyber threat intelligence (CTI) so that AI/ML is used effectively. A small group interview was undertaken with five senior security managers based in a range of companies, all of whom had extensive security knowledge and industry experience. The findings suggest that organizational learning, transformational leadership, organizational restructuring, crisis management, and corporate intelligence are fundamental components of threat intelligence and provide a basis upon which a cyber threat intelligence cycle process (CTICP) can be developed to aid the resilience building process. The benefit of this is to increase organizational resilience by more firmly integrating the intelligence activities of the business so that a proactive approach to cyber security management is achieved

Combining sociocultural intelligence with Artificial Intelligence to increase organizational cyber security provision through enhanced resilience

Although artificial intelligence (AI) and machine learning (ML) can be deployed to improve cyber security management, not all managers understand the different types of AI/ML and how they are to be deployed alongside the benefits associated with sociocultural intelligence. The aim of this paper was to provide a context within which managers can better appreciate the role that sociocultural intelligence plays so that they can better utilize AI/ML to facilitate cyber threat intelligence (CTI). We focused our attention on explaining how different approaches to intelligence (i.e., the intelligence cycle (IC) and the critical thinking process (CTP)) can be combined and linked with cyber threat intelligence (CTI) so that AI/ML is used effectively. A small group interview was undertaken with five senior security managers based in a range of companies, all of whom had extensive security knowledge and industry experience. The findings suggest that organizational learning, transformational leadership, organizational restructuring, crisis management, and corporate intelligence are fundamental components of threat intelligence and provide a basis upon which a cyber threat intelligence cycle process (CTICP) can be developed to aid the resilience building process. The benefit of this is to increase organizational resilience by more firmly integrating the intelligence activities of the business so that a proactive approach to cyber security management is achieved

A collaborative cyber incident management system for European interconnected critical infrastructures

Today's Industrial Control Systems (ICSs) operating in critical infrastructures (CIs) are becoming increasingly complex; moreover, they are extensively interconnected with corporate information systems for cost-efficient monitoring, management and maintenance. This exposes ICSs to modern advanced cyber threats. Existing security solutions try to prevent, detect, and react to cyber threats by employing security measures that typically do not cross the organization's boundaries. However, novel targeted multi-stage attacks such as Advanced Persistent Threats (APTs) take advantage of the interdependency between organizations. By exploiting vulnerabilities of various systems, APT campaigns intrude several organizations using them as stepping stones to reach the target infrastructure. A coordinated effort to timely reveal such attacks, and promptly deploy mitigation measures is therefore required. Organizations need to cooperatively exchange security-relevant information to obtain a broader knowledge on the current cyber threat landscape and subsequently obtain new insight into their infrastructures and timely react if necessary. Cyber security operation centers (SOCs), as proposed by the European NIS directive, are being established worldwide to achieve this goal. CI providers are asked to report to the responsible SOCs about security issues revealed in their networks. National SOCs correlate all the gathered data, analyze it and eventually provide support and mitigation strategies to the affiliated organizations. Although many of these tasks can be automated, human involvement is still necessary to enable SOCs to adequately take decisions on occurring incidents and quickly implement counteractions. In this paper we present a collaborative approach to cyber incident information management for gaining situational awareness on interconnected European CIs

Tackling the Challenges of Information Security Incident Reporting: A Decentralized Approach

Information security incident under-reporting is unambiguously a business problem, as identified by a variety of sources, such as ENISA (2012), Symantec (2016), Newman (2018) and more. This research project identified the underlying issues that cause this problem and proposed a solution, in the form of an innovative artefact, which confronts a number of these issues. This research project was conducted according to the requirements of the Design Science Research Methodology (DSRM) by Peffers et al (2007). The research question set at the beginning of this research project, probed the feasible formation of an incident reporting solution, which would increase the motivational level of users towards the reporting of incidents, by utilizing the positive features offered by existing solutions, on one hand, but also by providing added value to the users, on the other. The comprehensive literature review chapter set the stage, and identified the reasons for incident underreporting, while also evaluating the existing solutions and determining their advantages and disadvantages. The objectives of the proposed artefact were then set, and the artefact was designed and developed. The output of this development endeavour is “IRDA”, the first decentralized incident reporting application (DApp), built on “Quorum”, a permissioned blockchain implementation of Ethereum. Its effectiveness was demonstrated, when six organizations accepted to use the developed artefact and performed a series of pre-defined actions, in order to confirm the platform’s intended functionality. The platform was also evaluated using Venable et al’s (2012) evaluation framework for DSR projects. This research project contributes to knowledge in various ways. It investigates blockchain and incident reporting, two domains which have not been extensively examined and the available literature is rather limited. Furthermore, it also identifies, compares, and evaluates the conventional, reporting platforms, available, up to date. In line with previous findings (e.g Humphrey, 2017), it also confirms the lack of standard taxonomies for information security incidents. This work also contributes by creating a functional, practical artefact in the blockchain domain, a domain where, according to Taylor et al (2019), most studies are either experimental proposals, or theoretical concepts, with limited practicality in solving real-world problems. Through the evaluation activity, and by conducting a series of non-parametric significance tests, it also suggests that IRDA can potentially increase the motivational level of users towards the reporting of incidents. This thesis describes an original attempt in utilizing the newly emergent blockchain technology, and its inherent characteristics, for addressing those concerns which actively contribute to the business problem. To the best of the researcher’s knowledge, there is currently no other solution offering similar benefits to users/organizations for incident reporting purposes. Through the accomplishment of this project’s pre-set objectives, the developed artefact provides a positive answer to the research question. The artefact, featuring increased anonymity, availability, immutability and transparency levels, as well as an overall lower cost, has the potential to increase the motivational level of organizations towards the reporting of incidents, thus improving the currently dismaying statistics of incident under-reporting. The structure of this document follows the flow of activities described in the DSRM by Peffers et al (2007), while also borrowing some elements out of the nominal structure of an empirical research process, including the literature review chapter, the description of the selected research methodology, as well as the “discussion and conclusion” chapter

The Proceedings of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Australia

Conference Foreword The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fifteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The papers cover topics from vulnerabilities in “Internet of Things” protocols through to improvements in biometric identification algorithms and surveillance camera weaknesses. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Twenty two papers were submitted from Australia and overseas, of which eighteen were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conference. To our sponsors, also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference

Tailored Information Security Strategies for Financial Services Companies in Nigeria

Some financial institutions in Nigeria have not deployed strategies that mitigate cyber exploitation risks in the financial services industry. Financial institution leaders are concerned because cyber exploitation contributed to the reduction in the adult banking population to a low 38%. Grounded in the integrated systems theory of information security management, the purpose of this multiple case study was to explore strategies some financial institution leaders in Nigeria use to prevent cyber exploitations. The participants included 6 chief information security officers of 6 financial institutions. Data were collected from semistructured interviews and company and public documents. A thematic analysis identified themes to include the need to align information security plans of actions with corporate strategies, ensuring there are information security policies, processes, and procedures to guide disciplined efforts for information risk mitigation. A comprehensive risk management process can be used to determine information security strategies to ensure all risk areas are covered. This study may contribute to positive social change when a much more significant percentage of the Nigerian public use financial services because institutions adopt strategies to protect confidentiality, integrity, and availability of information

Developing a digital competence framework for UAE law enforcement agencies to enhance cyber security of Critical Physical Infrastructure (CPI)

Critical Physical Infrastructures (CPI) are assets and systems that are vital to the health, safety, security, and economic or social well-being of people, and have become increasingly vulnerable to cyberattacks that have the potential to cause severe debilitating and destructive impact on a nation’s economic security or public health and safety. The United Arab Emirates (UAE) has experienced a high level of cyberattacks targeted at its critical physical infrastructure which has also undergone rapid modernisation, digitisation and interconnection of systems that could expose it to potential vulnerabilities in cyberspace. This thesis addresses a major challenge in the capacity of law enforcement to address cyberattacks in respect of the digital capabilities that are necessary to maintain pace with technologies and respond effectively in a digital environment. The purpose of this study is to develop a digital competences framework for UAE law enforcement agencies to combat cyber security threats facing CPI. This identifies the key functions and role of law enforcement and prioritises primary domains and elements of digital competency for cyber security that are critical for law enforcement to perform its role in protecting CPI. A holistic case study design using multiple methods to generate qualitative and quantitative data is adopted. A Delphi method is applied over multiple stages aimed at achieving consensus among experts and professionals using open and semi-structured interviews, analytical hierarchy process (AHP), quantitative survey and group building methods. The sample consists of 25 experts from different law enforcement organisations and from different roles and different levels of the organisation. The findings present a digital competency framework for cybersecurity of CPI which models a holistic socio-technical approach and evaluation of digital competency requirements in line with the different functions and roles of law enforcement. Digital competency is conceptualised as an interplay of multiple interconnected dimensions including balance, type and relevance of training and future proofing. The highest ranked digital competencies for law enforcement to protect CPI are identified as Investigate, Analyse, Collect and Operate and Protect and Defend. The three highest ranked specialty areas are Cyber Investigation, Digital Forensics and All-Source Analysis. Cybercrime Investigator, Law Enforcement/Counterintelligence Forensics Analyst, and All-Source Analyst are the highest ranked work roles. The framework identifies knowledge skills and ability competencies for each of these domains. This study makes a novel contribution to theory of digital competency in identifying and prioritising key factors and processes for the design and implementation of digital competency development. The study prioritises the competences and speciality areas of digital competency and the associated knowledge, skills and abilities (KSAs) in the area of law enforcement for enhancing security of CPI