The THREAT-ARREST Cyber-Security Training Platform

Cyber security is always a main concern for critical infrastructures and nation-wide safety and sustainability. Thus, advanced cyber ranges and security training is becoming imperative for the involved organizations. This paper presets a cyber security training platform, called THREAT-ARREST. The various platform modules can analyze an organization’s system, identify the most critical threats, and tailor a training program to its personnel needs. Then, different training programmes are created based on the trainee types (i.e. administrator, simple operator, etc.), providing several teaching procedures and accomplishing diverse learning goals. One of the main novelties of THREAT-ARREST is the modelling of these programmes along with the runtime monitoring, management, and evaluation operations. The platform is generic. Nevertheless, its applicability in a smart energy case study is detailed

Cyber Threat Observatory: Design and Evaluation of an Interactive Dashboard for Computer Emergency Response Teams

Computer emergency response teams (CERTs) of the public sector provide preventive and reactive cybersecurity services for authorities, citizens, and enterprises. However, their tasks of monitoring, analyzing, and communicating threats to establish cyber situational awareness are getting more complex due to the increasing information volume disseminated through public channels. Besides the time-consuming data collection for incident handling and daily reporting, CERTs are often confronted with irrelevant, redundant, or incredible information, exacerbating the time-critical prevention of and response to cyber threats. Thus, this design science research paper presents the user-centered design and evaluation of the Cyber Threat Observatory, which is an automatic, cross-platform and real-time cybersecurity dashboard. Based on expert scenario-based walkthroughs and semi-structured interviews (N=12), it discusses six design implications, including customizability and filtering, data source modularity, cross-platform interrelations, content assessment algorithms, integration with existing software, as well as export and communication capabilities

Old Keys May Not Open New Doors: The Necessity of Agility in Cybersecurity Policymaking

The volatile and dynamic nature of cyberspace has raised concerns over security and organisations are trying to make policies to protect their digital assets. However, policymaking in this field is still using traditional methods, which are slow and incompatible with the pace of change in the environment. Thus, it is vital to increase the speed of policy development in an agile and flexible manner. The question is, what does agility mean here and why is it important for organisations? To answer these questions, this study uses a systematic literature review approach and investigates 42 selected papers. By analysing the selected papers, a definition of cybersecurity policymaking agility is provided, and its importance in combating new cyberthreats is discussed. Building on and extending the organisational agility, policymaking and cybersecurity management research streams, the findings of this study propose new research opportunities for future studies

The importance to manage data protection in the right way: Problems and solutions

Information and communication technology (ICT) has made remarkable impact on the society, especially on companies and organizations. The use of computers, databases, servers, and other technologies has made an evolution on the way of storing, processing, and transferring data. However, companies access and share their data on internet or intranet, thus there is a critical need to protect this data from destructive forces and from the unwanted actions of unauthorized users. This thesis groups a set of solutions proposed, from a company point of view, to reach the goal of \u201cManaging data protection\u201d. The work presented in this thesis represents a set of security solutions, which focuses on the management of data protection taking into account both the organizational and technological side. The work achieved can be divided into set of goals that are obtained particularly from the needs of the research community. This thesis handles the issue of managing data protection in a systematic way, through proposing a Data protection management approach, aiming to protect the data from both the organizational and the technological side, which was inspired by the ISO 27001 requirements. An Information Security Management System (ISMS) is then presented implementing this approach, an ISMS consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization\u2019s information security to achieve business objectives, The goal of ISMS is to minimize risk and ensure continuity by pro-actively limiting the impact of a security breach. To be well-prepared to the potential threats that could occur to an organization, it is important to adopt an ISMS that helps in managing the data protection process, and in saving time and effort, minimizes cost of any loss. After that, a comprehensive framework is designed for the security risk management of Cyber Physical Systems (CPSs), this framework represents the strategy used to manage the security risk management, and it falls inside the ISMS as a security strategy. Traditional IT risk assessment methods can do the job (security risk management for a CPS); however, and because of the characteristics of a CPS, it is more efficient to adopt a solution that is wider than a method that addresses the type, functionalities and complexity of a CPS. Therefore, there is a critical need to follow a solution that breaks the restriction to a traditional risk assessment method, and so a high-level framework is proposed, it encompasses wider set of procedures and gives a great attention to the cybersecurity of these systems, which consequently leads to the safety of the physical world. In addition, inside the ISMS, another part of the work takes place, suggesting the guidelines to select an applicable Security Incident and Event Management (SIEM) solution. It also proposes an approach that aims to support companies seeking to adopt SIEM systems into their environments, suggesting suitable answers to preferred requirements that are believed to be valuable prerequisites a SIEM system should have; and to suggest criteria to judge SIEM systems using an evaluation process composed of quantitative and qualitative methods. This approach, unlike others, is customer driven which means that customer needs are taken into account when following the whole approach, specifically when defining the requirements and then evaluating the suppliers\u2019 solutions. At the end, a research activity was carried out aiming classify web attacks on the network level, since any information about the attackers might be helpful and worth a lot to the cyber security analysts. And so, using network statistical fingerprints and machine learning techniques, a two-layers classification system is designed to detect the type of the web attack and the type of software used by the attackers

Cybersecurity Incident Response in Organisations: A Meta-level Framework for Scenario-based Training

Cybersecurity Incident Response (IR) teams mitigate the impact of adverse cyber-related events in organisations. Field studies of IR teams suggest that at present the process of IR is underdeveloped with a focus on the technological dimension with little consideration of practice capability. To improve IR capabilities, we develop a scenario-based training approach to assist organisations to overcome socio-technical barriers to IR. The training approach is informed by a comprehensive list of socio-technical barriers compiled from a review of the literature. Our primary contribution is a novel meta-level framework to generate scenarios specifically targeting socio-technical issues. As a first step towards demonstrating the utility of the framework, a proof-of-concept scenario is presented

A Novel Cyber Resilience Framework – Strategies and Best Practices for Today's Organizations

Cyber resilience refers to an organization's ability to maintain its essential functions, services despite cyber-attacks and swiftly recover from any disruptions. It involves proactive measures like gathering threat intelligence and managing risks, as well as reactive measures such as incident response planning, data backup and recovery. To achieve cyber resilience, organizations must implement robust cyber security measures, regularly update their incident response plans, and educate employees on safe online practices. Furthermore, having a comprehensive backup and recovery strategy in place is crucial to swiftly restore critical systems and data in the event of an attack. Overall, the proposed framework emphasizes cyber resilience as a continuous and proactive approach for managing cyber security risks and safeguarding against the growing threat of cyber-attacks

Dynamic Capabilities in Cybersecurity Intelligence: A Meta-Synthesis to Enhance Protection Against Cyber Threats

Advanced cybersecurity threats with automated capabilities are on the rise in industries such as finance, healthcare, technology, retail, telecoms, and transportation, as well as government. It is necessary to conduct analyses of cybersecurity-related resources and capabilities to build cybersecurity intelligence (CI). The purpose of this paper is to suggest a dynamic capability in a cybersecurity intelligence (DCCI) model based on existing literature that helped firms reduce risks of cyber violations and advance the development of systems and the life cycle of firms. Through a meta-synthesis, an abduction and induction approach through eight methodological steps analyzed in forty-seven case studies the presence of cybersecurity capabilities to build CI. Combining theoretical and practical information security maturity models as a foundation, we understand capabilities building to improve the predictability of cyber incidents. The results evidenced four second-order dimensions to build CI named doing, enabling, improving, and managing cybersecurity, and eight first-order outcomes to represent the DCCI model. This research makes an unprecedented contribution to international and national scenarios, as it will allow firms to innovate their resource management processes and abilities to enable better cybersecurity projects and reduce the impacts of potential cyberattacks with the probability of eradicating vulnerabilities