Evaluating practitioner cyber-security attack graph configuration preferences

Attack graphs and attack trees are a popular method of mathematically and visually rep- resenting the sequence of events that lead to a successful cyber-attack. Despite their popularity, there is no standardised attack graph or attack tree visual syntax configuration, and more than seventy self-nominated attack graph and twenty attack tree configurations have been described in the literature - each of which presents attributes such as preconditions and exploits in a different way. This research proposes a practitioner-preferred attack graph visual syntax configuration which can be used to effectively present cyber-attacks. Comprehensive data on participant ( n=212 ) preferences was obtained through a choice based conjoint design in which participants scored attack graph configuration based on their visual syntax preferences. Data was obtained from multiple participant groups which included lecturers, students and industry practitioners with cyber-security specific or general computer science backgrounds. The overall analysis recommends a winning representation with the following attributes. The flow of events is represented top-down as in a flow diagram - as opposed to a fault tree or attack tree where it is presented bottom-up, preconditions - the conditions required for a successful exploit, are represented as ellipses and exploits are represented as rectangles. These results were consistent across the multiple groups and across scenarios which differed according to their attack complexity. The research tested a number of bottom-up approaches - similar to that used in attack trees. The bottom-up designs received the lowest practitioner preference score indicating that attack trees - which also utilise the bottom-up method, are not a preferred design amongst practitioners - when presented with an alternative top-down design. Practitioner preferences are important for any method or framework to become accepted, and this is the first time that an attack modelling technique has been developed and tested for practitioner preferences

The HORM Diagramming Tool: A Domain-Specific Modelling Tool for SME Cybersecurity Awareness

Improving security posture while addressing human errors made by employees are among the most challenging tasks for SMEs concerning cybersecurity risk management. To facilitate these measures, a domain-specific modelling tool for visualising cybersecurity-related user journeys, called the HORM Diagramming Tool (HORM-DT), is introduced. By visualising SMEs’ cybersecurity practices, HORM-DT aims to raise their cybersecurity awareness by highlighting the related gaps, thereby ultimately informing new or updated cyber-risk strategies. HORM-DT’s target group consists of SMEs’ employees with various areas of technical expertise and different backgrounds. The tool was developed as part of the Human and Organisational Risk Modelling (HORM) framework, and the underlying formalism is based on the Customer Journey Modelling Language (CJML) as extended by elements of the CORAS language to cover cybersecurity-related user journeys. HORM-DT is a fork of the open-source Diagrams.net software, which was modified to facilitate the creation of cybersecurity-related diagrams. To evaluate the tool, a usability study following a within-subject design was conducted with 29 participants. HORM-DT achieved a satisfactory system usability scale score of 80.69, and no statistically significant differences were found between participants with diverse diagramming tool experience. The tool’s usability was also praised by participants, although there were negative comments regarding its functionality of connecting elements with lines.publishedVersio

Getting the best outcomes from epilepsy surgery.

Neurosurgery is an underutilized treatment that can potentially cure drug-refractory epilepsy. Careful, multidisciplinary presurgical evaluation is vital for selecting patients and to ensure optimal outcomes. Advances in neuroimaging have improved diagnosis and guided surgical intervention. Invasive electroencephalography allows the evaluation of complex patients who would otherwise not be candidates for neurosurgery. We review the current state of the assessment and selection of patients and consider established and novel surgical procedures and associated outcome data. We aim to dispel myths that may inhibit physicians from referring and patients from considering neurosurgical intervention for drug-refractory focal epilepsies. Ann Neurol 2018;83:676-690

Formalised approach to the management of risk

Taking a pragmatic, systems engineering approach, this thesis identifies a number of fundamental issues that presently arise in risk management, primarily as a result of the overly complex and somewhat outdated approach conventionally taken in process definition and a lack of coherence within the current risk management vocabulary. It is suggested that many recent developments in systems engineering have largely been ignored by the risk management community. The objective of this work is to develop a formalised approach to the management of risk using a model based approach this will enable a fundamental simplification of the risk management process, resulting - amongst other things - in an improved understanding of the associated terminology. An object oriented modelling approach, now widely exploited in systems engineering, has been used to provide an insight into many existing risk management standards considering the approaches they present and terminology used. It has also been used to derive both a set of processes for risk management and a methodology for implementation. Alongside this, a consistent, inter-related terminology as been proposed for use with these processes. The outcome of this work is a formalised but pragmatic approach to risk management including the definition of processes, ontology for risk management and a pragmatic methodology for the application of the processes. This approach has been validated in a number of case studies of varying depth and breadth, covering health & safety, business, project and individual needs, showing that the proposed processes and terminology can be used effectively in different organisations and industries.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

A review of attack graph and attack tree visual syntax in cyber security

Perceiving and understanding cyber-attacks can be a difficult task, and more effective techniques are needed to aid cyber-attack perception. Attack modelling techniques (AMTs) - such as attack graphs, attack trees and fault trees, are a popular method of mathematically and visually representing the sequence of events that lead to a successful cyber-attack. These methods are useful visual aids that can aid cyber-attack perception. This survey paper describes the fundamental theory of cyber-attack before describing how important elements of a cyber-attack are represented in attack graphs and attack trees. The key focus of the paper is to present empirical research aimed at analysing more than 180 attack graphs and attack trees to identify how attack graphs and attack trees present cyber-attacks in terms of their visual syntax. There is little empirical or comparative research which evaluates the effectiveness of these methods. Furthermore, despite their popularity, there is no standardised attack graph visual syntax configuration, and more than seventy self-nominated attack graph and twenty attack tree configurations have been described in the literature - each of which presents attributes such as preconditions and exploits in a different way. The survey demonstrates that there is no standard method of representing attack graphs or attack trees and that more research is needed to standardise the representation

Cyber resilience meta-modelling: The railway communication case study

Recent times have demonstrated how much the modern critical infrastructures (e.g., energy, essential services, people and goods transportation) depend from the global communication networks. However, in the current Cyber-Physical World convergence, sophisticated attacks to the cyber layer can provoke severe damages to both physical structures and the operations of infrastructure affecting not only its functionality and safety, but also triggering cascade effects in other systems because of the tight interdependence of the systems that characterises the modern society. Hence, critical infrastructure must integrate the current cyber-security approach based on risk avoidance with a broader perspective provided by the emerging cyber-resilience paradigm. Cyber resilience is aimed as a way absorb the consequences of these attacks and to recover the functionality quickly and safely through adaptation. Several high-level frameworks and conceptualisations have been proposed but a formal definition capable of translating cyber resilience into an operational tool for decision makers considering all aspects of such a multifaceted concept is still missing. To this end, the present paper aims at providing an operational formalisation for cyber resilience starting from the Cyber Resilience Ontology presented in a previous work using model-driven principles. A domain model is defined to cope with the different aspects and “resilience-assurance” processes that it can be valid in various application domains. In this respect, an application case based on critical transportation communications systems, namely the railway communication system, is provided to prove the feasibility of the proposed approach and to identify future improvements

A Graphical Approach to Security Risk Analysis

"The CORAS language is a graphical modeling language used to support the security analysis process with its customized diagrams. The language has been developed within the research project "SECURIS" (SINTEF ICT/University of Oslo), where it has been applied and evaluated in seven major industrial field trials. Experiences from the field trials show that the CORAS language has contributed to a more actively involvement of the participants, and it has eased the communication within the analysis group. The language has been found easy to understand and suitable for presentation purposes. With time we have become more and more dependent on various kinds of computerized systems. When the complexity of the systems increases, the number of security risks is likely to increase. Security analyses are often considered complicated and time consuming. A well developed security analysis method should support the analysis process by simplifying communication, interaction and understanding between the participants in the analysis. This thesis describes the development of the CORAS language that is particularly suited for security analyses where "structured brainstorming" is part of the process. Important design decisions are based on empirical investigations. The thesis has resulted in the following artifacts: - A modeling guideline that explains how to draw the different kind of diagrams for each step of the analysis. - Rules for translation which enables consistent translation from graphical diagrams to text. - Concept definitions that contributes to a consistent use of security analysis terms. - An evaluation framework to evaluate and compare the quality of security analysis modeling languages.

A formalised approach to the management of risk

Taking a pragmatic, systems engineering approach, this thesis identifies a number of fundamental issues that presently arise in risk management, primarily as a result of the overly complex and somewhat outdated approach conventionally taken in process definition and a lack of coherence within the current risk management vocabulary. It is suggested that many recent developments in systems engineering have largely been ignored by the risk management community. The objective of this work is to develop a formalised approach to the management of risk using a model based approach this will enable a fundamental simplification of the risk management process, resulting - amongst other things - in an improved understanding of the associated terminology. An object oriented modelling approach, now widely exploited in systems engineering, has been used to provide an insight into many existing risk management standards considering the approaches they present and terminology used. It has also been used to derive both a set of processes for risk management and a methodology for implementation. Alongside this, a consistent, inter-related terminology as been proposed for use with these processes. The outcome of this work is a formalised but pragmatic approach to risk management including the definition of processes, ontology for risk management and a pragmatic methodology for the application of the processes. This approach has been validated in a number of case studies of varying depth and breadth, covering health & safety, business, project and individual needs, showing that the proposed processes and terminology can be used effectively in different organisations and industries