Security Operations Centers: A Holistic View on Problems and Solutions

Since Security Operations Centers (SOCs) were first implemented, they have strived to protect the organization and constituency they serve from all manner of Information Technology (IT) security threats. As SOCs have evolved over time to become as effective and efficient at this as possible, they have struggled with changes and upgrades to their foundational elements of people, processes, and technology in pursuit of this mission. While most relevant literature focuses on one challenge a SOC faces, or one aspect of one problem, the authors of this paper performed a literature review to identify and discuss the top current and future challenges that SOCs face in addition to the top current and future solutions to these problems

Military and Security Applications: Cybersecurity (Encyclopedia of Optimization, Third Edition)

The domain of cybersecurity is growing as part of broader military and security applications, and the capabilities and processes in this realm have qualities and characteristics that warrant using solution methods in mathematical optimization. Problems of interest may involve continuous or discrete variables, a convex or non-convex decision space, differing levels of uncertainty, and constrained or unconstrained frameworks. Cyberattacks, for example, can be modeled using hierarchical threat structures and may involve decision strategies from both an organization or individual and the adversary. Network traffic flow, intrusion detection and prevention systems, interconnected human-machine interfaces, and automated systems – these all require higher levels of complexity in mathematical optimization modeling and analysis. Attributes such as cyber resiliency, network adaptability, security capability, and information technology flexibility – these require the measurement of multiple characteristics, many of which may involve both quantitative and qualitative interpretations. And for nearly every organization that is invested in some cybersecurity practice, decisions must be made that involve the competing objectives of cost, risk, and performance. As such, mathematical optimization has been widely used and accepted to model important and complex decision problems, providing analytical evidence for helping drive decision outcomes in cybersecurity applications. In the paragraphs that follow, this chapter highlights some of the recent mathematical optimization research in the body of knowledge applied to the cybersecurity space. The subsequent literature discussed fits within a broader cybersecurity domain taxonomy considering the categories of analyze, collect and operate, investigate, operate and maintain, oversee and govern, protect and defend, and securely provision. Further, the paragraphs are structured around generalized mathematical optimization categories to provide a lens to summarize the existing literature, including uncertainty (stochastic programming, robust optimization, etc.), discrete (integer programming, multiobjective, etc.), continuous-unconstrained (nonlinear least squares, etc.), continuous-constrained (global optimization, etc.), and continuous-constrained (nonlinear programming, network optimization, linear programming, etc.). At the conclusion of this chapter, research implications and extensions are offered to the reader that desires to pursue further mathematical optimization research for cybersecurity within a broader military and security applications context

Outsourcing and its Influence on Cybersecurity in SMEs: An Exploratory Study in Norwegian Context

Outsourcing IT services to a third party is a trend that is becoming more common, and the majority of those who do not, are considering it. By outsourcing these services, companies do not have to take care of IT themselves and can expect that the provider ensures safety in the solutions. But exactly how cybersecurity is influenced by this in Norwegian small and medium-sized companies is the purpose of this qualitative study. A purposive sampling method was used to recruit participants who had first-hand experience with outsourcing and the potential to provide us with the insight we sought. Semi-structured interviews were conducted with personnel responsible for managing IT in companies with less than 250 employees. Data from the interviews were transcribed and analyzed by using the qualitative data analysis software NVivo 12 Pro. The study found several different ways in which outsourcing influences cybersecurity. The most prominent security benefits that were identified were quality improvement and increased capacity. Loss of data control, communication issues, dependency and supply chain attacks were the main security challenges found in the study. To address these difficulties, mitigation measures such as control competency, contract with SLA, and a focus on business continuity were discovered. The findings of this study can be used by organizations that consider an outsourcing strategy to be better prepared and make correct choices at an early stage. In addition, it gives companies that already outsource a valuable insight into which measures others have applied to mitigate known challenges. Keywords: Outsourcing, Small and medium-sized enterprises, Managed service provider, Challenges, Benefits, Mitigation technique

Outsourcing and its Influence on Cybersecurity in SMEs: An Exploratory Study in Norwegian Context

Outsourcing IT services to a third party is a trend that is becoming more common, and the majority of those who do not, are considering it. By outsourcing these services, companies do not have to take care of IT themselves and can expect that the provider ensures safety in the solutions. But exactly how cybersecurity is influenced by this in Norwegian small and medium-sized companies is the purpose of this qualitative study. A purposive sampling method was used to recruit participants who had first-hand experience with outsourcing and the potential to provide us with the insight we sought. Semi-structured interviews were conducted with personnel responsible for managing IT in companies with less than 250 employees. Data from the interviews were transcribed and analyzed by using the qualitative data analysis software NVivo 12 Pro. The study found several different ways in which outsourcing influences cybersecurity. The most prominent security benefits that were identified were quality improvement and increased capacity. Loss of data control, communication issues, dependency and supply chain attacks were the main security challenges found in the study. To address these difficulties, mitigation measures such as control competency, contract with SLA, and a focus on business continuity were discovered. The findings of this study can be used by organizations that consider an outsourcing strategy to be better prepared and make correct choices at an early stage. In addition, it gives companies that already outsource a valuable insight into which measures others have applied to mitigate known challenges. Keywords: Outsourcing, Small and medium-sized enterprises, Managed service provider, Challenges, Benefits, Mitigation technique

Organizational Interaction Mechanisms Affecting Strategic Decision-Making During Cybercrime Investigations

Antud lõputöö eesmärk on mõista ja selgitada organisatsioonide vahelist suhtlust õiguskorra tagamisel otsuste langetamise valdkondades kui nähtust, mis hõlmab koostöö ja teabe jagamise kontseptsioone ning viise, mis mõjutavad küberkuritegevuse uurimise protsesse. Uurimisobjekti probleem tuleneb ebapiisavast interdistsiplinaarsest tööst ja teoreetilistest sotsiaalteaduste arengutest tehnika vallas ning täpsemalt kavandatud lahenduste puudumisest, mis võiks suunata küberkuritegevuse uurimisega seotud juhtimisfunktsioone. Selle tulemusena seisavad õiguskaitsebürood (ÕKBd) silmitsi üha kasvavate raskustega, mis puudutavad nii protsesse, kommunikatsiooni kui koostööd, mis tulenevad keerulise teabe jagamise vajadusest. Eelkõige tekitavad raskusi küsimusi õigeaegne teabevahetus ja usaldamatus. Lõputöös on liigitatud takistused, mis võivad pidurdada uurimisprotsesse ja mõju strateegiliste otsuste langetamisel. Samuti püüab lõputöö sõnastada tingimused, mis on vajalikud optimaalse ja koostööl põhineva teabevahetuskeskkonna loomiseks, et võidelda küberkuritegevuse vastu.\n\rMetoodiline lähenemine hõlmab kvalitatiivset sisuanalüüsi, uuringud, juhtumikirjeldust ja teiseste andmete kasutamist. Esiteks, määratleb töö terminid ja eristab mõisted tõlgenduste kaudu, et aidata luua täpne olukorra kaardistus küberkuritegevuse ökosüsteemis. Antud kaardistus hõlmab ökosüsteemi sidusrühmade vaatepunktist ja määratleb nende koostoime mehhanismid. Seejärel määratletakse lõputöös põhilised takistused ja vajadused, mille uuriv protsess paljastab, ja tehakse ettepanek uue optimeeritud küberkuritegevuse uurimise analüüsi mudeliks. See analüütiline tööriist saab teavitada ja raporteerida protsessi etappidest, mis vajaks suuremat uurimist. Viimasena uuritakse Kolumbia politsei küberkuritegevuskeskuse (KKT) juhtumit, et näitlikustada, kuidas uuritud perspektiive saaks rakendada. \n\rTöö tulemused soovitavad, et funktsionaalseid aspekte saaks parandada, kui lisada juhtimise elemente uurimisprotsessi ettevalmistavasse järku. Ühtlasi saab hõlbustada kriminaalmenetluse uurimisel ka suhtlust sidusrühmadega ja teabe varustamisega. Veelgi enam, läbi haldusmenetlusprotsesside saab parandada nii usaldussuhteid kui teabe liikumise mustreid ja lõpuks suurendada organisatsioonide tõhusust võitluses küberkuritegevusega.\n\rSee lõputöö panustab teoreetilise baasi arendamisse, selgitab põhimõisted, mis tulenevad interdistsiplinaarsest kontseptsioonide ja teooriate integratsioonist. Samuti esitleb lõputöö praktilisi vahendeid, mida saab kohaldada juhtimisorganisatsioonide koostoimemehhanismidele küberkuritegevuse uurimisel. Töös esitletakse vajaduste analüüsi tulemusi, parimate praktikate rakendamise suuniseid ning ettepanekut optimeeritud uurimismudeli ellurakendamiseks, mis lähtub organisatsiooni suhtluse vajadustest. Eelnimetatud moodustavad tööriistkasti praktilistest vahenditest, mida rakendada juhtimistehnikates, et suurendada tõhusust ja toetada otsuste tegemist võitluses küberkuritegevusega.The aim of this thesis is to understand and explain organizational interaction in law enforcement decision-making spheres, as a phenomenon that involves the concepts of collaboration, cooperation and information sharing, and the way that these affect cybercrime investigation processes. The problem research steams from the insufficient interdisciplinary work and theoretical developments of social sciences within technical fields and more specifically the lack of conceptualizations that could guide managerial functions related to cyber crime investigations. As a result, Law Enforcement Agencies (LEAs) face increasing difficulties concerning processes, communication, and collaboration derived from complex information sharing needs, and in particular, issues of timely delivery and mistrust. The thesis is concerned with a classification of impediments that may obstruct investigation processes and impact strategic decision-making, and with the formulation of the necessary conditions to generate an optimal and collaborative information-sharing environment for fighting against cybercrime. \n\r\n\rThe methodological approach includes qualitative content analysis, surveys, a case study and the use of secondary data. First, the work defines terms and differentiates concepts via interpretation, to help to establish an accurate mapping of the current situation within a cybercrime ecosystem from the stakeholders’ point of view and determine their interaction mechanisms. Then, it progresses onto the identification of the main obstacles and needs that the investigative process reveals, and proposes a new optimized model of cybercrime investigations analysis. This analytical tool can inform and report on the stages of the process that would require greater intervention. Last, the case of the Police Cybercrime Center (CCP) of Colombia is studied; to illustrate how these perspectives may apply.\n\r\n\rThe results of this work suggest that by including management elements at the preparatory stage of the investigative process, functional aspects could be improved, and the interaction with stakeholders and the provision of information to support the criminal investigation can be facilitated. Furthermore, that via administrative procedures, trust relationships can be improved as well as information flow patterns and ultimately increase organizational efficiency in the fight against cybercrime. \n\r\n\rThis thesis contributes with theoretical development, clarification of key terms resulting from the interdisciplinary integration of concepts and theories, and practical instruments applicable to guide managerial organizational interaction mechanisms in cybercrime investigations. Other contributions of meaningful implications are the results of the analysis of needs, the guidelines for the implementation of best practices, and the proposal of implementation of an optimized model of investigation based on the need of organizational interaction. Those conform a toolbox of practical instruments for the implementation of managerial techniques to enhance effectiveness and support decision-making in combating cybercrime

Ransomware and Academic International Medicine

Healthcare is among the leading industries targeted by cyber-criminals. Ransomware exploits vulnerabilities to hijack target information technology (IT) infrastructures for monetary gain. Due to the nature and value of information, access to medical information enables cyber-criminals to commit identity theft, medical fraud, and extortion, and illegally obtain controlled substances. The utility and versatility of medical information, extensive centralized storage of medical information, relatively weak IT security systems, and the expanding use of healthcare IT infrastructure all contribute to an increase in cyber-attacks on healthcare entities. Research suggests that an individual’s medical information is 20–50 times more valuable to cyber-criminals than personal financial information. As such, cyber-attacks targeting medical information are increasing 22% per year. This chapter explores the history of ransomware attacks in healthcare, ransomware types, ransom payment, healthcare vulnerabilities, implications for international health security, and means of institutional protection

Performance of Machine Learning and Big Data Analytics paradigms in Cybersecurity and Cloud Computing Platforms

The purpose of the research is to evaluate Machine Learning and Big Data Analytics paradigms for use in Cybersecurity. Cybersecurity refers to a combination of technologies, processes and operations that are framed to protect information systems, computers, devices, programs, data and networks from internal or external threats, harm, damage, attacks or unauthorized access. The main characteristic of Machine Learning (ML) is the automatic data analysis of large data sets and production of models for the general relationships found among data. ML algorithms, as part of Artificial Intelligence, can be clustered into supervised, unsupervised, semi-supervised, and reinforcement learning algorithms

Privacy Regulations in the Context of Finance: Comparison Between Developing and Developed Countries

Information security and privacy regulation are significant areas of legislation in the financial and micro-finance sectors in the world. There are significant disparities between the developed and developing countries concerning adoption and application of the data protection laws. The developed world has exemplified its laws in the General Data Protection Regulation (GDPR) clause of the European Union that comes into effect on May 18, 2018. In the US, the main law has been the Gramm-Leach-Bliley Act (GLBA) of the late 1990s. The developing countries, on the other hand, exhibit slow drafting of new finance and micro-finance privacy laws and still use policies of the 1990s. The purpose of the study is, therefore, to examine the effectiveness of privacy and data protection laws in finance and micro-finance sectors in the developed and developing parts of the world in the current technological era. The method of the study is a mixed qualitative and quantitative assessment of case studies of recent literature on the subject. Each case study will feature the variables of the presence of privacy laws and information security regulations, and the level of enforcement of those regulations that inform the statistics. The other variable will be the level of effectiveness of the application of privacy and information security laws in developed and developing nations based on case study outcomes. The results indicate that out of 10 examined cases, six show failures of the laws in developing nations while 1 shows failure in a developed nation (South Korea) and 1, in the US, presents mixed results. The recommendations include the adoption of international laws that govern data security in the financial sector, such as the current GDPR of the European of Union

Mitigating Cyber Risk in IT Supply Chains

This note argues that the United States needs to utilize current federal agencies to begin introducing cyber supply chain risk management regulation for IT supply chains. Cyber supply chain risk management is a critical area of cybersecurity that has barely been recognized by the United States government. The globalization of the digital world has introduced a new spectrum of risk management issues that affect the products exchanged by businesses and consumed by individuals and government agencies. While there have been some initiatives toward the promotion of tighter cybersecurity regulation, most initiatives only concern the public sector, leaving the private sector vulnerable. This note argues that the United States needs to redeploy existing federal agencies to begin introducing cyber supply chain risk management regulation for IT supply chains

Mitigating Cyber Risk in IT Supply Chains

This note argues that the United States needs to utilize current federal agencies to begin introducing cyber supply chain risk management regulation for IT supply chains. Cyber supply chain risk management is a critical area of cybersecurity that has barely been recognized by the United States government. The globalization of the digital world has introduced a new spectrum of risk management issues that affect the products exchanged by businesses and consumed by individuals and government agencies. While there have been some initiatives toward the promotion of tighter cybersecurity regulation, most initiatives only concern the public sector, leaving the private sector vulnerable. This note argues that the United States needs to redeploy existing federal agencies to begin introducing cyber supply chain risk management regulation for IT supply chains