Cybersecurity and the Evolution of the Customer-Centric Service Desk

Cybersecurity is now seen as a central function of the modern IT Service Desk. This article examines two case studies of Helpdesk or Service Desk operations in different technology eras, and highlights the recent emergence of Cybersecurity as a critical area of Service Desk responsibilities. The article profiles the Helpdesk operations at Glaxo Pharmaceuticals in the late 1980s and the Service Desk functions at the University of Gloucestershire in 2019. Comparative analysis shows that whilst the range of technologies requiring support has increased markedly, this has been counter-balanced somewhat by the emergence of standards and dominant products in many technology categories. Cybersecurity, however, has emerged as a key concern that permeates all fields of Service Desk support. It also finds that the role of the end-user has evolved significantly in a rapidly changing technology landscape

Targeted attack detection by means of free and open source solutions

Compliance requirements are part of everyday business requirements for various areas, such as retail and medical services. As part of compliance it may be required to have infrastructure in place to monitor the activities in the environment to ensure that the relevant data and environment is sufficiently protected. At the core of such monitoring solutions one would find some type of data repository, or database, to store and ultimately correlate the captured events. Such solutions are commonly called Security Information and Event Management, or SIEM for short. Larger companies have been known to use commercial solutions such as IBM's Qradar, Logrythm, or Splunk. However, these come at significant cost and arent suitable for smaller businesses with limited budgets. These solutions require manual configuration of event correlation for detection of activities that place the environment in danger. This usually requires vendor implementation assistance that also would come at a cost. Alternatively, there are open source solutions that provide the required functionality. This research will demonstrate building an open source solution, with minimal to no cost for hardware or software, while still maintaining the capability of detecting targeted attacks. The solution presented in this research includes Wazuh, which is a combination of OSSEC and the ELK stack, integrated with an Network Intrusion Detection System (NIDS). The success of the integration, is determined by measuring postive attack detection based on each different configuration options. To perform the testing, a deliberately vulnerable platform named Metasploitable will be used as a victim host. The victim host vulnerabilities were created specifically to serve as target for Metasploit. The attacks were generated by utilising Metasploit Framework on a prebuilt Kali Linux host

Cybersecurity and the Evolution of the Customer-Centric Service Desk

Cybersecurity is now seen as a central function of the modern IT Service Desk. This article examines two case studies of Helpdesk or Service Desk operations in different technology eras, and highlights the recent emergence of Cybersecurity as a critical area of Service Desk responsibilities. The article profiles the Helpdesk operations at Glaxo Pharmaceuticals in the late 1980s and the Service Desk functions at the University of Gloucestershire in 2019. Comparative analysis shows that whilst the range of technologies requiring support has increased markedly, this has been counter-balanced somewhat by the emergence of standards and dominant products in many technology categories. Cybersecurity, however, has emerged as a key concern that permeates all fields of Service Desk support. It also finds that the role of the end-user has evolved significantly in a rapidly changing technology landscape

Autonomous Incident Response

Trabalho de Projeto de Mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de CiênciasInformation security is a must-have for any organization willing to stay relevant and grow, it plays an important role as a business enabler, be it from a regulatory perspective or a reputation perspective. Having people, process, and technology to solve the ever growing number of security incidents as fast as possible and with the least amount of impact is a challenge for small and big companies. To address this challenge, companies started investing in Security Orchestration, Automation, and Response (SOAR) [39, 68, 70]. Security orchestration is the planning, integration, cooperation, and coordination of the activities of security tools and experts to produce and automate required actions in response to any security incident across multiple technology paradigms [40]. In other words, the use of SOAR is a way to translate the manual procedures followed by the security analysts into automated actions, making the process faster and scalable while saving on human resources budget. This project proposes a low-cost cloud native SOAR platform that is based on serverless computing, presenting the underlying details of its design. The performance of the proposed solution was evaluated through 364 real-world incidents related to 11 use cases in a large multinational enterprise. The results show that the solution is able to decrease the duration of the tasks by an average of 98.81% while having an operating expense of less than $65/month. Prior to the SOAR, it took the analyst 75.84 hours to perform manual tasks related to the 11 use cases. Additionally, an estimated 450 hours of the analyst’s time would be used to run the Update threat intelligence database use case. After the SOAR, the same tasks were automatically ran in 31.2 minutes and the Update threat intelligence database use case ran 9.000 times in 5.3 hours

Organisation and Communication Problems in Automotive Requirements Engineering

Project success in the automotive industry is highly influenced by Requirements Engineering (RE), for which communication and organisation structure play a major role, much due to the scale and distribution of these projects. However, empirical research is scarce on these aspects of automotive RE and warrants closer examination. Therefore, the purpose of this paper is to identify problems or challenges in automotive RE with respect to communication and organisation structure. Using a multiple-case study approach, we collected data via 14 semi-structured interviews at one car manufacturer and one supplier. We tested our findings from the case study with a questionnaire distributed to practitioners in the automotive industry. Our results indicate that it is difficult but increasingly important to establish communication channels outside the fixed organisation structure and that responsibilities are often unclear. Product knowledge during early requirements elicitation and context knowledge later on is lacking. Furthermore, abstraction gaps between requirements on different abstraction levels leads to inconsistencies. For academia, we formulate a concrete agenda for future research. Practitioners can use the findings to broaden their understanding of how the problems manifest and to improve their organisations

An Empirical Investigation of Using Models During Requirements Engineering in the Automotive Industry

Context:The automotive industry is undergoing a major transformation from a manufacturing industry towards an industry that relies heavily on software. As one of the main factors for project success, requirements engineering (RE) plays a major role in this transition. Similar to other areas of automotive engineering, the use of models during RE has been suggested to increase productivity and tackle increasing complexity by means of abstraction. Existing modelling frameworks often prescribe a variety of different, formal models for RE, trying to maximise the benefit obtained from model-based engineering (MBE). However, these frameworks are typically based on assumptions from anecdotal evidence and experience, without empirical data supporting these assumptions.Objective:The overall aim of our research is to investigate the potential benefits and drawbacks of using model-based RE in an automotive environment based on empirical evidence. To do so, we present an investigation of the current industrial practice of MBE in the automotive industry, existing challenges in automotive RE, and potential use cases for model-based RE. Furthermore, we explore two use cases for model-based RE, namely the creation of behavioural requirements models for validation and verification purposes and the use of existing trace models to support communication.Method:We address the aims of this thesis using three empirical strategies: case study, design science and survey. We collected quantitative and qualitative data using interviews as well as questionnaires.Results:Our results show that using models during automotive RE can be beneficial, if restricted to certain aspects of RE. In particular, models supporting communication and stakeholder interaction are promising. We show that the use of abstract models of behavioural requirements are considered beneficial for system testing purposes, even though they abstract from the detailed functional requirements. Furthermore, we demonstrate that existing data can be understood as a model to uncover dependencies between stakeholders. Conclusions:Our results question the feasibility to construct and maintain large amounts of formal models for RE. Instead, models during RE should be used for a few, important use cases. Additionally, MBE can be used as a means to understand existing problems in software engineering

Remedying Security Concerns at an Internet Scale

The state of security across the Internet is poor, and it has been so since the advent of the modern Internet. While the research community has made tremendous progress over the years in learning how to design and build secure computer systems, network protocols, and algorithms, we are far from a world where we can truly trust the security of deployed Internet systems. In reality, we may never reach such a world. Security concerns continue to be identified at scale through-out the software ecosystem, with thousands of vulnerabilities discovered each year. Meanwhile, attacks have become ever more frequent and consequential.As Internet systems will continue to be inevitably affected by newly found security concerns, the research community must develop more effective ways to remedy these issues. To that end, in this dissertation, we conduct extensive empirical measurements to understand how remediation occurs in practice for Internet systems, and explore methods for spurring improved remediation behavior. This dissertation provides a treatment of the complete remediation life cycle, investigating the creation, dissemination, and deployment of remedies. We start by focusing on security patches that address vulnerabilities, and analyze at scale their creation process, characteristics of the resulting fixes, and how these impact vulnerability remediation. We then investigate and systematize how administrators of Internet systems deploy software updates which patch vulnerabilities across the many machines they manage on behalf of organizations. Finally, we conduct the first systematic exploration of Internet-scale outreach efforts to disseminate information about security concerns and their remedies to system administrators, with an aim of driving their remediation decisions. Our results show that such outreach campaigns can effectively galvanize positive reactions.Improving remediation, particularly at scale, is challenging, as the problem space exhibits many dimensions beyond traditional computer technical considerations, including human, social, organizational, economic, and policy facets. To make meaningful progress, this work uses a diversity of empirical methods, from software data mining to user studies to Internet-wide network measurements, to systematically collect and evaluate large-scale datasets. Ultimately, this dissertation establishes broad empirical grounding on security remediation in practice today, as well as new approaches for improved remediation at an Internet scale

XXIII Congreso Argentino de Ciencias de la Computación - CACIC 2017 : Libro de actas

Trabajos presentados en el XXIII Congreso Argentino de Ciencias de la Computación (CACIC), celebrado en la ciudad de La Plata los días 9 al 13 de octubre de 2017, organizado por la Red de Universidades con Carreras en Informática (RedUNCI) y la Facultad de Informática de la Universidad Nacional de La Plata (UNLP).Red de Universidades con Carreras en Informática (RedUNCI