Insider Threat Mitigation Models Based on Thresholds and Dependencies

Insider threat causes great damage to data in any organization and is considered a serious issue. In spite of the presence of threat prevention mechanisms, sophisticated insiders still continue to attack a database with new techniques. One such technique which remains an advantage for insiders to attack databases is the dependency relationship among data items. This thesis investigates the ways by which an authorized insider detects dependencies in order to perform malicious write operations. The goal is to monitor malicious write operations performed by an insider by taking advantage of dependencies. A term called `threshold\u27 is associated with every data item, which defines the limit and constraints to which changes could be made to a data item by a write operation. Having threshold as the key factor, the thesis proposes two different attack prevention systems which involve log and dependency graphs that aid in monitoring malicious activities and ultimately secure the data items in a database. The proposed systems continuously monitors all the data items to prevent malicious operations, but the priority is to secure the most sensitive data items first, since any damage to them can hinder the functions of critical applications that use the database. By prioritizing the data items, delay in the transaction execution time is reduced in addition to mitigating insider threats arising from write operations. The developed algorithms have been implemented on a simulated database and the results show that the models mitigate insider threats arising from write operations effectively

Modelling Socio-Technical Aspects of Organisational Security

Identification of threats to organisations and risk assessment often take into consideration the pure technical aspects, overlooking the vulnerabilities originating from attacks on a social level, for example social engineering, and abstracting away the physical infrastructure. However, attacks on organisations are far from being purely technical. After all, organisations consist of employees. Often the human factor appears to be the weakest point in the security of organisations. It may be easier to break through a system using a social engineering attack rather than a pure technological one. The StuxNet attack is only one of the many examples showing that vulnerabilities of organisations are increasingly exploited on different levels including the human factor. There is an urgent need for integration between the technical and social aspects of systems in assessing their security. Such an integration would close this gap, however, it would also result in complicating the formal treatment and automatic identification of attacks. This dissertation shows that applying a system modelling approach to sociotechnical systems can be used for identifying attacks on organisations, which exploit various levels of the vulnerabilities of the systems. In support of this claim we present a modelling framework, which combines many features. Based on a graph, the framework presents the physical infrastructure of an organisation, where actors and data are modelled as nodes in this graph. Based on the semantics of the underlying process calculus, we develop a formal analytical approach that generates attack trees from the model. The overall goal of the framework is to predict, prioritise and minimise the vulnerabilities in organisations by prohibiting the overall attack or at least increasing the difficulty and cost of fulfilling it. We validate our approach using scenarios from IPTV and Cloud Infrastructure case studies

Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures

In recent years, the use of information technologies in Critical Infrastructures is gradually increasing. Although this brings benefits, it also increases the possibility of security attacks. Despite the availability of various advanced incident handling techniques and tools, there is still no easy, structured, standardized and trusted way to manage and forecast interrelated cybersecurity incidents. This paper introduces CyberSANE, a novel dynamic and collaborative, warning and response system, which supports security officers and operators to recognize, identify, dynamically analyse, forecast, treat and respond to security threats and risks and and it guides them to handle effectively cyber incidents. The components of CyberSANE are described along with a description of the CyberSANE data flow. The main novelty of the CyberSANE system is the fact that it enables the combination of active incident handling approaches with reactive approaches to support incidents of compound, highly dependent Critical Information Infrastructures. The benefits and added value of using CyberSANE is described with the aid of a set of cyber-attack scenarios

Corporate Governance and the Shareholder: Asymmetry, Confidence, and Decision-Making

In the decade following the ten-plus percent stockmarket collapse of 2000, regulators enacted a myriad of regulations in response to increasing angst experienced by U.S. capital market retail investors. Systemic asymmetric disclosures have fractured investor confidence prompting many commentators to characterize the relationship between Wall Street and the investment community on main street as dire. Though copious works exist on the phenomenon of corporate behaviors, especially matters of shareholder welfare, weak boards, pervious governance mechanisms, and managerial excess, current literature has revealed a dearth in corporate governance praxis specific to the question and effects of asymmetric disseminations and its principal impact on the retail/noninstitutional accredited investor\u27s (NIAI) confidence and decision-making propensities. This phenomenological study is purposed to bridging the gap between the effects of governance disclosure and the confidence and decision-making inclinations of NIAIs. Conceptual frameworks of Akerlof\u27s information theory and Verstegen Ryan and Buchholtz\u27s trust/risk decision making model undergirded the study. A nonrandom purposive sampling method was used to select 21 NIAI informants. Analysis of interview data revealed epistemological patterns/themes confirming the deleterious effects of asymmetrical disseminations on participants\u27 investment decision-making and trust behaviors. Findings may help academicians, investors, policy makers, and practitioners better comprehend the phenomenon and possibly contribute to operating efficiencies in the capital markets. Proaction and greater assertiveness in the investor/activist community may provide an impetus for continued regulatory reforms, improved transparency, and a revitalization of public trust as positive social change outcomes