An n-sided polygonal model to calculate the impact of cyber security events

This paper presents a model to represent graphically the impact of cyber events (e.g., attacks, countermeasures) in a polygonal systems of n-sides. The approach considers information about all entities composing an information system (e.g., users, IP addresses, communication protocols, physical and logical resources, etc.). Every axis is composed of entities that contribute to the execution of the security event. Each entity has an associated weighting factor that measures its contribution using a multi-criteria methodology named CARVER. The graphical representation of cyber events is depicted as straight lines (one dimension) or polygons (two or more dimensions). Geometrical operations are used to compute the size (i.e, length, perimeter, surface area) and thus the impact of each event. As a result, it is possible to identify and compare the magnitude of cyber events. A case study with multiple security events is presented as an illustration on how the model is built and computed.Comment: 16 pages, 5 figures, 2 tables, 11th International Conference on Risks and Security of Internet and Systems, (CRiSIS 2016), Roscoff, France, September 201

Cyber insurance of information systems: Security and privacy cyber insurance contracts for ICT and helathcare organizations

Nowadays, more-and-more aspects of our daily activities are digitalized. Data and assets in the cyber-space, both for individuals and organizations, must be safeguarded. Thus, the insurance sector must face the challenge of digital transformation in the 5G era with the right set of tools. In this paper, we present CyberSure-an insurance framework for information systems. CyberSure investigates the interplay between certification, risk management, and insurance of cyber processes. It promotes continuous monitoring as the new building block for cyber insurance in order to overcome the current obstacles of identifying in real-time contractual violations by the insured party and receiving early warning notifications prior the violation. Lightweight monitoring modules capture the status of the operating components and send data to the CyberSure backend system which performs the core decision making. Therefore, an insured system is certified dynamically, with the risk and insurance perspectives being evaluated at runtime as the system operation evolves. As new data become available, the risk management and the insurance policies are adjusted and fine-tuned. When an incident occurs, the insurance company possesses adequate information to assess the situation fast, estimate accurately the level of a potential loss, and decrease the required period for compensating the insured customer. The framework is applied in the ICT and healthcare domains, assessing the system of medium-size organizations. GDPR implications are also considered with the overall setting being effective and scalable

Using the Pattern-of-Life in Networks to Improve the Effectiveness of Intrusion Detection Systems

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.As the complexity of cyber-attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measureable network traffic, but also on the available high- level information related to the protected network to improve their detection results. We make use of the Pattern-of-Life (PoL) of a network as the main source of high-level information, which is correlated with the time of the day and the usage of the network resources. We propose the use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. The main aim of this work is to evidence the improved the detection performance of an IDS using an FCM to leverage on network related contextual information. The results that we present verify that the proposed method improves the effectiveness of our IDS by reducing the total number of false alarms; providing an improvement of 9.68% when all the considered metrics are combined and a peak improvement of up to 35.64%, depending on particular metric combination

Multistage Voting Model with Alternative Elimination

The voting process is formalized as a multistage voting model with successive alternative elimination. A finite number of agents vote for one of the alternatives each round subject to their preferences. If the number of votes given to the alternative is less than a threshold, it gets eliminated from the game. A special subclass of repeated games that always stop after a finite number of stages is considered. Threshold updating rule is proposed. A computer simulation is used to illustrate two properties of these voting games

The Evolution of Embedding Metadata in Blockchain Transactions

The use of blockchains is growing every day, and their utility has greatly expanded from sending and receiving crypto-coins to smart-contracts and decentralized autonomous organizations. Modern blockchains underpin a variety of applications: from designing a global identity to improving satellite connectivity. In our research we look at the ability of blockchains to store metadata in an increasing volume of transactions and with evolving focus of utilization. We further show that basic approaches to improving blockchain privacy also rely on embedding metadata. This paper identifies and classifies real-life blockchain transactions embedding metadata of a number of major protocols running essentially over the bitcoin blockchain. The empirical analysis here presents the evolution of metadata utilization in the recent years, and the discussion suggests steps towards preventing criminal use. Metadata are relevant to any blockchain, and our analysis considers primarily bitcoin as a case study. The paper concludes that simultaneously with both expanding legitimate utilization of embedded metadata and expanding blockchain functionality, the applied research on improving anonymity and security must also attempt to protect against blockchain abuse.Comment: 9 pages, 6 figures, 1 table, 2018 International Joint Conference on Neural Network

OPBUS: Risk-aware framework for the conformance of security-quality requirements in business processes

Several reports indicate that one of the most important business priorities is the improvement of business and IT management. Nowadays, business processes and in general service-based ones use other external services which are not under their jurisdiction. Organizations do not usually consider their exposition to security risks when business processes cross organizational boundaries. In this paper, we propose a risk aware framework for security-quality requirements in business processes management. This framework is focused on the inclusion of security issues from design to execution. The framework provides innovative mechanisms based on model-based diagnosis and constraint programming in order to carry out the risk assessment of business processes and the automatic check of the conformance of security requirements.Junta de Andalucía P08-TIC-04095Ministerio de Ciencia y Tecnología TIN2009-1371

Enhanced risk assessment equation for IPV6 deployment

Deploying IPv6 concomitant with the emerging technologies exposes the enterprise networks to the unforeseen threats as well as the existing threats.In mitigating the threats, calculating the risks value for each of the identified threats is vital. However, the existing equation for risk assessment is inappropriate to be applied in assessing the risks in IPv6 because of their limitation in asset determination.Therefore, this paper highlights the modification made in the existing risk assessment equation.The enhanced risk assessment equation is used to calculate the risk value for IPv6 deployment.The enhanced equation adapts three elements: confidentiality, integrity and availability in achieving security goals. The importance of having the enhanced equation is it enables the network administrator to calculate the potential risks for each of the potential IPv6 attack.Securing the enterprise networks is an iterative process that has no ended points. Hence, it is crucial to modify and adapt a proper equation when performing the risk assessment.In the future, more experiments will be conducted to test for feasibility of the equation

Impact of User Experience and Comprehension on Awareness Training

The human component of information systems is a target of cyberattacks. Firms address the threat using security awareness training, monitoring, controls, and enforcement. User security awareness as a part of the information system is key. Increasing telework, remote access, and collaborative technologies require user security hygiene. The problem is acute with small and mid-sized businesses, more likely to invest less in cybersecurity. This study seeks to assess the effectiveness of security awareness training at influencing user behaviors. The assessment includes the influence of training and culture on policy compliance via leadership prerogative and the moderating effect of user comprehension of security tool messaging. Security tools are integral to defense-in-depth. Little research has examined how security tools use affects user compliance intention. This study seeks to incorporate employee cognition of information from security tools into an understanding of factors that influence user attitudes toward security policy compliance