Exploring Current Trends and Challenges in Cybersecurity: A Comprehensive Survey

Cyber security is the process of preventing unauthorized access, theft, damage, and interruption to computers, servers, networks, and data. It entails putting policies into place to guarantee the availability, confidentiality, and integrity of information and information systems. Cyber security seeks to protect against a variety of dangers, including as hacking, data breaches, malware infections, and other nefarious actions.  Cyber security has grown to be a major worry as a result of the quick development of digital technology and the growing interconnection of our contemporary society. In order to gain insight into the constantly changing world of digital threats and the countermeasures put in place to address them, this survey seeks to study current trends and issues in the area of cyber security. The study includes responses from end users, business executives, IT administrators, and experts across a wide variety of businesses and sectors. The survey gives insight on important problems such the sorts of cyber threats encountered, the efficacy of current security solutions, future technology influencing cyber security, and the human elements leading to vulnerabilities via a thorough analysis of the replies. The most important conclusions include an evaluation of the most common cyber dangers, such as malware, phishing scams, ransom ware, and data breaches, as well as an investigation of the methods and tools used to counter these threats. The survey explores the significance of staff education and awareness in bolstering cyber security defenses and pinpoints opportunities for development in this area. The survey also sheds insight on how cutting-edge technologies like cloud computing, artificial intelligence, and the Internet of Things (IoT) are affecting cyber security practices. It analyses the advantages and disadvantages of using these technologies while taking into account issues like data privacy, infrastructure security, and the need for specialized skills. The survey also looks at the compliance environment, assessing how industry norms and regulatory frameworks affect cyber security procedures. The survey studies the obstacles organizations encounter in attaining compliance and assesses the degree of knowledge and commitment to these requirements. The results of this cyber security survey help to better understand the current status of cyber security and provide organizations and individual’s useful information for creating effective policies to protect digital assets. This study seeks to promote a proactive approach to cyber security, allowing stakeholders to stay ahead of threats and build a safe digital environment by identifying relevant trends and concerns

Cyber Security Classification Model Evaluation and Comparison

Cyber incidents can be defined as violations of explicit or implied policies that can include unauthorized access, disruption, unauthorized use, or changes to systems, networks, hardware, and software (US Cert, 2018). This description does not account for all possibilities and cyber incidents continue to evolve and increase in visibility for organizations (Pescatore, 2017). Cyber incidents can have real costs associated with them to governments, companies, and individuals. For instance, in December of 2013 Target Corp. reported a data breach of 40 million credit card accounts (Krebs, 2013). According to their 2016 SEC filings, it cost the company $291 million and hurt their reputation in the market (Herberger, 2016). Another great example would be the StuxNet attack where a worm was able to physically damage lab equipment required to develop nuclear weapons in Iran. The costs of lost national security, development time, and cost of the equipment were huge, but are not easily calculated (Kushner, 2013). Further the recent cyber incident at Equifax, where on September 7th of 2017 an estimated 143 million U.S. consumers’ data was breached at Equifax. While this is costly to the organization it had larger implications for consumers and the economy (DeMarco, 2018)

Cyber Defense Capability Model: A Foundation Taxonomy

Cyber attacks have significantly increased over the last few years, where the attackers are highly skilled, more organized and supported by other powerful actors to devise attacks towards specific targets. To aid the development of a strategic plan to defend against emerging attacks, we present a high-level taxonomy along with a cyber defense model to address the interaction and relationships between taxonomy elements. A cyber-kinetic reference model which is used widely by U.S Air Force is adopted as a baseline for the model and taxonomy development. Asset, Cyber Capability, and Preparation Process are the three high-level elements that are presented for the cyber defense capability model. The Cyber Capability, as the focal point of the study, uses three classifiers to characterize the strategic cyber defense mechanisms, which are classified by active, passive and collaborative defense. To achieve a proper cyber defense strategy, the key actors, assets and associated preparation procedure are identified. Finally, the proposed taxonomy is extensible so that additional dimensions or classifications can be added to future needs

Emerging Risks in the Marine Transportation System (MTS), 2001- 2021

How has maritime security evolved since 2001, and what challenges exist moving forward? This report provides an overview of the current state of maritime security with an emphasis on port security. It examines new risks that have arisen over the last twenty years, the different types of security challenges these risks pose, and how practitioners can better navigate these challenges. Building on interviews with 37 individuals immersed in maritime security protocols, we identify five major challenges in the modern maritime security environment: (1) new domains for exploitation, (2) big data and information processing, (3) attribution challenges, (4) technological innovations, and (5) globalization. We explore how these challenges increase the risk of small-scale, high-probability incidents against an increasingly vulnerable Marine Transportation System (MTS). We conclude by summarizing several measures that can improve resilience-building and mitigate these risks

Tabletop Exercise For Cybersecurity Educational Training; Theoretical Grounding And Development

Haridus- ja treeningaspektid on riiklike küberturvalisuse strateegiate vitaalsed komponendid, et kujundada, tugevdada ning proovile panna otsustajate valmisolekut nii aktuaalsete kui võimalike tulevaste küberväljakutsete ees. Küberkaitses ja -julgeolekus on otsuste langetamisel üliolulised kriisijuhtimisoskused, et suuta adekvaatselt vastata juhtumitele, mil era- või avalik heaolu ja turvalisus on ohustatud. Selle magistritöö eesmärk on välja pakkuda küberjulgeoleku strateegiate hariduslike komponentide võimalike ning teadaolevate nõrkuste parandamine, arutledes teadlikkuse väljaõpete mudeleid märkimisväärse mõjuga osavõtjatele, fookusega strateegilise otsustamisvõimega personalil, mis võiks osaleda küberjuhtumis. Töö toetab simulatsioonil põhinevate stsenaariumite kasutamist ning keskendub mudelõppuste kujundamisele. Käesolev töö näitab, kuidas mudelõpe võib olla tõhus viis küberjuhtumites strateegiliste otsuste langetamisel teadlikkuse, mõistmise ja ettevalmistuse kujundamiseks, parandamiseks ning proovilepanemiseks. Lõputöö tugineb ditsiplinaarsel ja kontseptuaalsel õpinguteooriate integratsioonil mängustamisel põhinevate ajenditega ning juhtimisteooriatega. Stsenaariumil põhinev treening pakub turvalist ja paindlikku keskkonda, kus osavõtja on pandud kriitilisse situatsiooni, säilitades realistlikku ülevaate küberkriisi tunnustest ning võimalikest ohtudest. Simulatsioon väljendab võimalikke väljakutseid, nõudes kriisijuhtimisoskusi ning kohast reaktsiooni. Mudelõppused võimaldavad andragoogilise kasu ja hariduslike eesmärkide realiseerimist innovatiivsel ja kaasaval meetodil. Selle treeningmudeli tulemused mõõdetakse kasutades Bloomi õppe-kasvatustöö eesmärkide liigituse kontrollitud taksonoomiat, arvesse võttes kogemusõppe ja paiknevustunnetuse elemente. VOOT-tsükkel pakub läbimõeldud otsustusprotsessi, mis samuti sobib antud ettepaneku dünaamikasse. Lisaks panustab töö originaalse modulaarse juhendiga, mida treenijad ning õppejõud saavad kasutada mudelõppe teostamiseks küberjulgeolekus. Riikliku ja rahvusvahelise tasandi mudelõppuste kogemus ja osavõtt sai empiirilist tuge teoreetilisele integratsioonile ning teadustas modulaarse juhendi arengut. Töö on kvalitatiivne. Lõputöö panustab asjakohasesse akadeemilisse dialoogi selle teoreetiliste alustega. Samuti praktiliselt, kuna pakub vahendeid simulatsioonipõhise mudelõppe läbiviimiseks.Education and training aspects are vital components of national cybersecurity strategies, to shape, enhance and test the decision maker’s level of preparedness before current and future challenges that can arise from a cyber incident. Decision-making processes in cyber defense and security require crucial crisis management competences capable of generating a comprehensive response where safety, well-being and other public and private assets could be put at stake. The purpose of this thesis is to suggest the improvement of potential and perceived weaknesses on the educational components of cyber security strategies, discussing awareness-training models with significant impact on the participants, focusing on strategic decision-making level personnel that could partake of cyber related incidents. The work supports the use of simulation-based scenarios, and concentrates on the design of Tabletop exercises. This thesis shows when a tabletop exercise could be an effective mechanism to shape, enhance and test the awareness, understanding and preparation for strategic decision makers in cyber related incidents. The thesis draws from a disciplinary integration of learning, human computer interaction, and management theories. A scenario-based training provides a safe and flexible environment where the participant is placed into a critical situation while maintaining a realistic insight into the characteristics of cyber crisis and the threats and attacks that may take place. The simulation represents possible challenges, demanding crisis management capacity and an appropriate response. Tabletop exercises permits that andragogical benefits and educational purposes be realized through an innovative and engaging method. Considering elements from experiential learning and situated cognition the learning outcomes of this training model will be measured, using Bloom’s revised taxonomy of educational objectives. The OODA Loop will suggest a thoughtful decision making process that also fits well the dynamic of the current proposal. Additionally, the thesis will contribute with an original modular guide that trainers and educators can use for the implementation of a Tabletop exercise on cyber security. National and international level tabletop exercises experience and participation provided empirical support to the theoretical contribution on theory integration, and informed the modular guide development. The work is qualitative and therefore seeks to observe, interpret and understand, by using documental analysis, and observation methods. The work contributes to the relevant academic dialog on its theoretical grounds and also in practical terms, by providing with tools readily applicable to the creation of simulation based tabletop exercises

Improving Information Sharing: Local Fusion Centers and Their Role in the Intelligence Cycle

Abstract My Master’s Project focuses on local fusion centers and the need for improved information sharing practices among law enforcement partners. After the tragic event of September 11th in 2001, the Department of Homeland Security and the Department of Justice recognized a communication gap between law enforcement agencies and a lack of effective information sharing efforts. Fusion centers play a significant role in supporting both criminal and terrorist investigations due to their ability to act as a conduit between various law enforcement partners. Due to their important responsibilities as information sharing hubs that provide valuable analysis and dissemination of information and intelligence, it is essential to enhance information practices among the centers. My Master’s Project details a strategy that will assist in advancing information sharing capabilities among local fusion centers to better detect, investigate, mitigate, and avert threats. Specifically, this paper proposes a two-part strategy that entails strengthening current partnerships among fusion centers and law enforcement agencies and developing and implementing a standardized training program for intelligence analysts. Through improved collaborative efforts, fusion centers will be able to better identify, mitigate, and prevent threats to ensure public safety and the security of the country

Cyber Babel: Finding the Lingua Franca in Cybersecurity Regulation

Cybersecurity regulations have proliferated over the past few years as the significance of the threat has drawn more attention. With breaches making headlines, the public and their representatives are imposing requirements on those that hold sensitive data with renewed vigor. As high-value targets that hold large amounts of sensitive data, financial institutions are among the most heavily regulated. Regulations are necessary. However, regulations also come with costs that impact both large and small companies, their customers, and local, national, and international economies. As the regulations have proliferated so have those costs. The regulations will inevitably and justifiably diverge where different governments view the needs of their citizens differently. However, that should not prevent regulators from recognizing areas of agreement. This Note examines the regulatory regimes governing the data and cybersecurity practices of financial institutions implemented by the Securities and Exchange Commission, the New York Department of Financial Services, and the General Data Protection Regulations of the European Union to identify areas where requirements overlap, with the goal of suggesting implementations that promote consistency, clarity, and cost reduction

A Dynamic Framework Enhancing Situational Awareness in Cybersecurity SOC—IR

Organizations today face a significant challenge in protecting their valuable IT assets. Cyber criminals unlimited to physical boundaries are able to disrupt and destroy cyber infrastructure, deny organizations access to IT services and steal sensitive data. With the purpose of employing socio-technical systems to detect, analyze and respond to these threats, enterprises organize security operations centres at the heart of their entities. As the environment constantly shifts (i.e., in 2020 the corona virus triggered a digital upheaval creating new attack surfaces; today the Ukrainian war have triggered cyber-conflict) the dependency on these systems increases the need for situational awareness. Essentially, having the capability to gather relevant information from the environment, the means to understand the gathered information, and reflecting that gained understanding for the current environment. This exploratory study examines how such capabilities are operationalized in leading Managed security service providers (MSSPs) providing cybersecurity operations and incident response, and looks at how situation awareness knowledge is constructed through the organizational levels of the enterprise detection & response. In this context, situational awareness span over different levels in the organization starting from team personnel, ending at top management. Thus, providing situational awareness at the different organizational levels is considered a complex process involving various sources of information, different levels of perspective, and different interpretations which trigger a complex set of decision-making processes. To explore this, we constructed a theory-informed narrative using a theoretical lens that resulted in the formulation of a conceptual framework. Thus, through interviews with practitioners from across the organizational levels of two leading MSSPs; parallel to inquiring about general aspects surrounding the subject of enterprise response, the conceptual frame-work was validated. The interview responses were then coded using categorization. The analysis informed the development of the conceptual framework, and so the framework was adjusted to account for the findings. Through interpretation of empirical evidence, the result is a final validated framework which models how cybersecurity operations are operationalized in the enterprise detection & response of leading MSSPs. With emphasis on situation awareness, the framework shows how technology, people and processes either support or engage in the perception, comprehension and projection of situation awareness knowledge in order to make informed decisions. Consequently, the framework takes into account the activities held post-incident to reflect upon the response, which we argue allows for the construction of team situation awareness. Our work contributes to situation awareness theory in the context of cybersecurity operations and incident response by advancing the understanding of the organizational capabilities of MSSPs to develop awareness of the cyber-threat landscape and the broader operational dynamics. By introducing the dynamic framework enhancing situation awareness in cybersecurity SOC—IR we expand on the models of Endsley (1995) and Ahmad et al. (2021) by combining elements of existing work with empirical findings to reflect best practices applied in MSSPs

A Dynamic Framework Enhancing Situational Awareness in Cybersecurity SOC—IR

Organizations today face a significant challenge in protecting their valuable IT assets. Cyber criminals unlimited to physical boundaries are able to disrupt and destroy cyber infrastructure, deny organizations access to IT services and steal sensitive data. With the purpose of employing socio-technical systems to detect, analyze and respond to these threats, enterprises organize security operations centres at the heart of their entities. As the environment constantly shifts (i.e., in 2020 the corona virus triggered a digital upheaval creating new attack surfaces; today the Ukrainian war have triggered cyber-conflict) the dependency on these systems increases the need for situational awareness. Essentially, having the capability to gather relevant information from the environment, the means to understand the gathered information, and reflecting that gained understanding for the current environment.This exploratory study examines how such capabilities are operationalized in leading Managed security service providers (MSSPs) providing cybersecurity operations and incident response, and looks at how situation awareness knowledge is constructed through the organizational levels of the enterprise detection & response. In this context, situational awareness span over different levels in the organization starting from team personnel, ending at top management. Thus, providing situational awareness at the different organizational levels is considered a complex process involving various sources of information, different levels of perspective, and different interpretations which trigger a complex set of decision-making processes. To explore this, we constructed a theory-informed narrative using a theoretical lens that resulted in the formulation of a conceptual framework. Thus, through interviews with practitioners from across the organizational levels of two leading MSSPs; parallel to inquiring about general aspects surrounding the subject of enterprise response, the conceptual framework was validated. The interview responses were then coded using categorization. The analysis informed the development of the conceptual framework, and so the framework was adjusted to account for the findings. Through interpretation of empirical evidence, the result is a final validated framework which models how cybersecurity operations are operationalized in the enterprise detection & response of leading MSSPs. With emphasis on situation awareness, the framework shows how technology, people and processes either support or engage in the perception, comprehension and projection of situation awareness knowledge in order to make informed decisions. Consequently, the framework takes into account the activities held post-incident to reflect upon the response, which we argue allows for the construction of team situation awareness. Our work contributes to situation awareness theory in the context of cybersecurity operations and incident response by advancing the understanding of the organizational capabilities of MSSPs to develop awareness of the cyber-threat landscape and the broader operational dynamics. By introducing the dynamic framework enhancing situation awareness in cybersecurity SOC—IR we expand on the models of Endsley (1995) and Ahmad et al. (2021) by combining elements of existing work with empirical findings to reflect best practices applied in MSSPs