A Social Dimensional Cyber Threat Model with Formal Concept Analysis and Fact-Proposition Inference

Cyberspace has increasingly become a medium to express outrage, conduct protests, take revenge, spread opinions, and stir up issues. Many cyber attacks can be linked to current and historic events in the social, political, economic, and cultural (SPEC) dimensions of human conflicts in the physical world. These SPEC factors are often the root cause of many cyber attacks. Understanding the relationships between past and current SPEC events and cyber attacks can help understand and better prepare people for impending cyber attacks. The focus of this paper is to analyze these attacks in social dimensions and build a threat model based on past and current social events. A reasoning technique based on a novel combination of Formal Concept Analysis (FCA) and hierarchical fact-proposition space (FPS) inference is applied to build the model

An Evidence Quality Assessment Model for Cyber Security Policymaking

A key factor underpinning a state’s capacity to respond to cyber security policy challenges is the quality of evidence that supports decision making. As part of this process, policy advisers, essentially a diverse group that includes everyone from civil servants to elected policy makers, are required to assess evidence from a mix of sources. In time-critical scenarios where relevant expertise is limited or not available, assessing threats, risk and proportionate response based on official briefings, academic sources and industry threat reports can be very challenging. This chapter presents a model for assessing the quality of evidence used in policymaking. The utility of the model is illustrated using a sample of evidence sources and it is demonstrated how different attributes may be used for comparing evidence quality. The ultimate goal is to help resolve potential conflicts and weigh findings and opinions in a systematic manner

Operational Decision Making under Uncertainty: Inferential, Sequential, and Adversarial Approaches

Modern security threats are characterized by a stochastic, dynamic, partially observable, and ambiguous operational environment. This dissertation addresses such complex security threats using operations research techniques for decision making under uncertainty in operations planning, analysis, and assessment. First, this research develops a new method for robust queue inference with partially observable, stochastic arrival and departure times, motivated by cybersecurity and terrorism applications. In the dynamic setting, this work develops a new variant of Markov decision processes and an algorithm for robust information collection in dynamic, partially observable and ambiguous environments, with an application to a cybersecurity detection problem. In the adversarial setting, this work presents a new application of counterfactual regret minimization and robust optimization to a multi-domain cyber and air defense problem in a partially observable environment

When organisational effectiveness fails: business continuity management and the paradox of performance

Purpose: The aim of the paper is to consider the nature of the business continuity management (BCM) process and to frame it within wider literature on the performance of socio-technical systems. Despite the growth in BCM activities in organisations, some questions remain as to whether academic research has helped to drive this process. The paper seeks to stimulate discussion within this journal of the interplay between organisational performance and BCM and to frame it within the context of the potential tensions between effectiveness and efficiency. Design/methodology/approach: The paper considers how BCM is defined within the professional and academic communities that work in the area. It deconstructs these definitions in order to and set out the key elements of BCM that emerge from the definitions and considers how the various elements of BCM can interact with each other in the context of organisational performance. Findings: The relationships between academic research in the area of crisis management and the practice-based approaches to business continuity remain somewhat disjointed. In addition, recent work in the safety management literature on the relationships between success and failure can be seen to offer some interesting challenges for the practice of business continuity. Practical implications: The paper draws on some of the practice-based definitions of BCM and highlights the limitations and challenges associated with the construct. The paper sets out challenges for BCM based upon theoretical challenges arising in cognate areas of research. The aim is to ensure that BCM is integrated with emerging concepts in other aspects of the management of uncertainty and to do so in a strategic context. Originality/value: Academic research on performance reflects both the variety and the multi-disciplinary nature of the issues around measuring and managing performance. Failures in organisational performance have also invariably attracted considerable attention due to the nature of a range of disruptive events. The paper reveals some of the inherent paradoxes that sit at the core of the BCM process and its relationships with organisational performance

Physical security professional’s body of knowledge: A cultural domain analysis of physical security’s knowledge structure

The study undertook a cultural domain analysis to articulate physical security’s knowledge system, isolating the fundamental knowledge units and building their structure. This applied a multiphase approach, (a) a literature critique, (b) expert interviews, (c) quantitative validation, and (d) focus group analysis. Findings demonstrate this knowledge comprises a broad matrix of task related knowledge categories, ranging from diagnosing risk, professional inference using security theories and principles, to treatment via engineering knowledge supported by professional attributes

Mitigating the Risk of Knowledge Leakage in Knowledge Intensive Organizations: a Mobile Device Perspective

In the current knowledge economy, knowledge represents the most strategically significant resource of organizations. Knowledge-intensive activities advance innovation and create and sustain economic rent and competitive advantage. In order to sustain competitive advantage, organizations must protect knowledge from leakage to third parties, particularly competitors. However, the number and scale of leakage incidents reported in news media as well as industry whitepapers suggests that modern organizations struggle with the protection of sensitive data and organizational knowledge. The increasing use of mobile devices and technologies by knowledge workers across the organizational perimeter has dramatically increased the attack surface of organizations, and the corresponding level of risk exposure. While much of the literature has focused on technology risks that lead to information leakage, human risks that lead to knowledge leakage are relatively understudied. Further, not much is known about strategies to mitigate the risk of knowledge leakage using mobile devices, especially considering the human aspect. Specifically, this research study identified three gaps in the current literature (1) lack of in-depth studies that provide specific strategies for knowledge-intensive organizations based on their varied risk levels. Most of the analysed studies provide high-level strategies that are presented in a generalised manner and fail to identify specific strategies for different organizations and risk levels. (2) lack of research into management of knowledge in the context of mobile devices. And (3) lack of research into the tacit dimension of knowledge as the majority of the literature focuses on formal and informal strategies to protect explicit (codified) knowledge.Comment: The University of Melbourne PhD Thesi

Analyzing Global Cyber Attack Correlates Through an Open Database

As humanity becomes more reliant on digital storage and communication for every aspect of life, cyber attacks pose a growing threat. However, cyber attacks are generally understood as individual incidents reported in technological circles, sometimes tied to a particular vulnerability. They are not generally understood through the macroscopic lens of statistical analysis spanning years over several countries and sectors, leaving researchers largely ignorant of the larger trends and correlates between attacks. This is large part due to the lack of a coherent and open database of prominent attacks. Most data about cyber attacks has been captured using a repository of common vulnerabilities and exposures (CVE’s), and \honey pots , unsecured internet-connected devices which record attacks as they occur against them. These approaches help in the process of identifying vulnerabilities, but they do not capture the real world impact these attacks achieve. Therefore, in this thesis I create a database of 4,000 cyber attacks using a semi-open data source, and perform analytical queries on it to gather insights into how cyber attack volume varies among countries and sectors, and the correlates of cyber attack victims. From here, it is also possible to relate socio-economic data such as GDP and World Happiness Index to cyber attack volume. The end result is an open database of cyber attacks that allows researchers to understand the larger underlying forces which propel cyber attacks