Introduction - Syllabus

Cybersecurity risk management is a necessary tool for decision making for all management levels from tactical to strategic and creating a common understanding between people from diverse domains or having different priorities. This course adopts a multidisciplinary perspective. It creates a common understanding of risk for a diverse set of students which are coming from different disciplines such as technical, social, economics, law, and politics to remove communication barriers between strategic, operational, and tactical level decision makers. The course covers related government and industry regulations and standards along with best practices frequently used to assess, analyze and manage cyber risks, along with the fundamental methods of risk management. Also, applications of cybersecurity risk management on emerging topics such as Internet of things and cloud systems are discussed along with traditional applications areas

Cyber Security in Mental Health: An Assessment of Current Practice and Behavioral Intent

Mental health practitioners rely on digital systems to interact with and in some instances treat patients (Hydari, Telang, & Marella, 2015; Recupero, & Rainey, 2005). Yet, while widespread use of digital devices provides significant practical advantages, that same use exacerbates the possibility of a cyber breach (Guterman, 1999). This research describes mental health practitioners’ current cyber security practices and the factors influencing their behavioral intentions to implement cyber security within clinical mental health settings. Factors assessed included knowledge, self-efficacy, norms, threat awareness and penalties. Mental health practitioners (n = 210) from across the United States formed the sample population, received a Qualtrics on-line survey link through their affiliated professional organizations, and responded with the completed survey. Data was analyzed using structural equation modeling and SmartPLS. Results indicated although practitioners profess knowledge of legal and ethical requirements, actual behaviors do not reflect those assertions. Practitioners claimed knowledge of federal law (76.7%); knowledge of state law (70.5%); and knowledge of ethical guidelines (90.5%), yet only 32.4% of practitioners have conducted a risk assessment within the last year and more than 50% do not know how to conduct an assessment. Additionally, more than 20% of our colleagues believe professional liability insurance alone will prevent financial losses from a breach. Finally, 66% of our colleagues believe the cyber security threat is exaggerated. These findings suggest practitioner understanding of the requirements for addressing privacy and confidentiality risks in the use of digital systems fall short of desired standard

Framework For Modeling Attacker Capabilities with Deception

In this research we built a custom experimental range using opensource emulated and custom pure honeypots designed to detect or capture attacker activity. The focus is to test the effectiveness of a deception in its ability to evade detection coupled with attacker skill levels. The range consists of three zones accessible via virtual private networking. The first zone houses varying configurations of opensource emulated honeypots, custom built pure honeypots, and real SSH servers. The second zone acts as a point of presence for attackers. The third zone is for administration and monitoring. Using the range, both a control and participant-based experiment were conducted. We conducted control experiments to baseline and empirically explore honeypot detectability amongst other systems through adversarial testing. We executed a series of tests such as network service sweep, enumeration scanning, and finally manual execution. We also selected participants to serve as cyber attackers against the experiment range of varying skills having unique tactics, techniques and procedures in attempting to detect the honeypots. We have concluded the experiments and performed data analysis. We measure the anticipated threat by presenting the Attacker Bias Perception Profile model. Using this model, each participant is ranked based on their overall threat classification and impact. This model is applied to the results of the participants which helps align the threat to likelihood and impact of a honeypot being detected. The results indicate the pure honeypots are significantly difficult to detect. Emulated honeypots are grouped in different categories based on the detection and skills of the attackers. We developed a framework abstracting the deceptive process, the interaction with system elements, the use of intelligence, and the relationship with attackers. The framework is illustrated by our experiment case studies and the attacker actions, the effects on the system, and impact to the success

Quantifying the security risk of discovering and exploiting software vulnerabilities

2016 Summer.Includes bibliographical references.Most of the attacks on computer systems and networks are enabled by vulnerabilities in a software. Assessing the security risk associated with those vulnerabilities is important. Risk mod- els such as the Common Vulnerability Scoring System (CVSS), Open Web Application Security Project (OWASP) and Common Weakness Scoring System (CWSS) have been used to qualitatively assess the security risk presented by a vulnerability. CVSS metrics are the de facto standard and its metrics need to be independently evaluated. In this dissertation, we propose using a quantitative approach that uses an actual data, mathematical and statistical modeling, data analysis, and measurement. We have introduced a novel vulnerability discovery model, Folded model, that estimates the risk of vulnerability discovery based on the number of residual vulnerabilities in a given software. In addition to estimating the risk of vulnerabilities discovery of a whole system, this dissertation has furthermore introduced a novel metrics termed time to vulnerability discovery to assess the risk of an individual vulnerability discovery. We also have proposed a novel vulnerability exploitability risk measure termed Structural Severity. It is based on software properties, namely attack entry points, vulnerability location, the presence of the dangerous system calls, and reachability analysis. In addition to measurement, this dissertation has also proposed predicting vulnerability exploitability risk using internal software metrics. We have also proposed two approaches for evaluating CVSS Base metrics. Using the availability of exploits, we first have evaluated the performance of the CVSS Exploitability factor and have compared its performance to Microsoft (MS) rating system. The results showed that exploitability metrics of CVSS and MS have a high false positive rate. This finding has motivated us to conduct further investigation. To that end, we have introduced vulnerability reward programs (VRPs) as a novel ground truth to evaluate the CVSS Base scores. The results show that the notable lack of exploits for high severity vulnerabilities may be the result of prioritized fixing of vulnerabilities

Near-Real Time, Semi-Automated Threat Assessment of Information Environments

Threat assessment is a crucial process for monitoring and defending against potential threats in an organization’s information environment and business operations. Ensuring the security of information infrastructure requires effective information security practices. However, existing models and methodologies often fall short of addressing the dynamic and evolving nature of cyberattacks. Moreover, critical threat intelligence extracted from the threat agents lacks the ability to capture essential attributes such as motivation, opportunity, and capability (M, O, C). This contribution to knowledge clarification introduces a semi-automatic threat assessment model that can handle situational awareness data or live acquired data stream from networks, incorporating information security techniques, protocols, and real-time monitoring of specific network types. Additionally, it focuses on analysing and implementing network traffic within a specific real-time information environment. To develop the semi-automatic threat assessment model, the study identifies unique attributes of threat agents by analysing Packet Capture Application Programming Interface (PCAP) files and data stream collected between 2012 and 2019. The study utilizes both hypothetical and real-world examples of threat agents to evaluate the three key factors: motivation, opportunity, and capability. This evaluation serves as a basis for designing threat profiles, critical threat intelligence, and assessing the complexity of process. These aspects are currently overlooked in existing threat agent taxonomies, models, and methodologies. By addressing the limitations of traditional threat assessment approaches, this research contributes to advancing the field of cybersecurity. The proposed semi-automatic threat assessment model offers improved awareness and timely detection of threats, providing organizations with a more robust defence against evolving cyberattacks. This research enhances the understanding of threat agents’ attributes and assists in developing proactive strategies to mitigate the risks associated with cybersecurity in the modern information environment