An Analytical Evaluation of Network Security Modelling Techniques Applied to Manage Threats

The current ubiquity of information coupled with the reliance on such data by businesses has led to a great deal of resources being deployed to ensure the security of this information. Threats can come from a number of sources and the dangers from those insiders closest to the source have increased significantly recently. This paper focuses on techniques used to identify and manage threats as well as the measures that every organisation should consider to put into action. A novel game-based onion skin model has been proposed, combining techniques used in theory-based and hardware-based hardening strategies

Self-Adaptive Role-Based Access Control for Business Processes

© 2017 IEEE. We present an approach for dynamically reconfiguring the role-based access control (RBAC) of information systems running business processes, to protect them against insider threats. The new approach uses business process execution traces and stochastic model checking to establish confidence intervals for key measurable attributes of user behaviour, and thus to identify and adaptively demote users who misuse their access permissions maliciously or accidentally. We implemented and evaluated the approach and its policy specification formalism for a real IT support business process, showing their ability to express and apply a broad range of self-adaptive RBAC policies

Attack tree analysis for insider threats on the IoT using Isabelle

The Internet-of-Things (IoT) aims at integrating small devices around humans. The threat from human insiders in “regular” organisations is real; in a fully-connected world of the IoT, organisations face a substantially more severe security challenge due to unexpected access possibilities and information flow. In this paper, we seek to illustrate and classify insider threats in relation to the IoT (by ‘smart insiders’), exhibiting attack vectors for their characterisation. To model the attacks we apply a method of formal modelling of Insider Threats in the interactive theorem prover Isabelle. On the classified IoT attack examples, we show how this logical approach can be used to make the models more precise and to analyse the previously identified Insider IoT attacks using Isabelle attack tree

A Comparison of Security Risk Analysis in the In-house IT Infrastructure and Cloud Infrastructure for the Payment Gateway System

Infrastruktuuri lahendused viiakse pilve tänu paremale juhtimisvõimekusele, seadmete tehnilisele arengule ning pilve lahenduste paindlikkusele ja kuluefektiivsetele võimalustele. Seetõttu muutub ettevõtte arhitektuur, kui süsteemid viiakse uude infrastruktuuri. Selliste muutuste tõttu võivad turvariskid suureneda või väheneda, avalduda uued riskid või suudetakse kõrvaldada mõned olemasolevad riskid. Ainult äriprotsesside modelleerimisele tugineva riskianalüüsi puhul, kus tuvastatakse ettevõtte varade väärtus, puudub IT-infrastruktuuri ja äriprotsesside omavahelise seose esindamine. Seega võib riskianalüüsis teatud infosüsteemi (IS) varasid hoopis eirata. Kahe infrastruktuuri turvariskide analüüsimisel tuleb arvestada ettevõtte arhitektuurilisi erinevusi, sest identifitseerimata IS varad võivad olla haavatavad ja kujutada ohtu käsitletavale organisatsioonile. Käesolevas töös tuvastatakse arhitektuuri modelleerimise kaudu varad, mis on vajalikud riskianalüüsi tegemiseks. Koostatud mudelid näitavad erinevusi, mis on seotud IS varadega organisatsiooni sisemise infrastruktuuri ja pilves vahel. Organisatsiooni arhitektuurist tulenevate IS varadega seotud turvariskide kindlaksmääramisel kasutatakse STRIDE taksonoomia põhist ohu modelleerimist.Selles uurimistöös esitletakse protseduuri, mis aitab organisatsioonidel tuvastada kahe infrastruktuuri IS varade muutusi ja mõista turvariskide erinevusi. Käesolevas uurimistöös kasutatud arhitektuuri modelleerimine illustreerib IS varade erinevusi ja näitab, kuidas äriprotsesse saab kaardistada tehnoloogia komponentidega. Seejärel võimaldab ohu modelleerimine struktuurselt määrata süsteemi ohtusid. Vastavad turvariskid kategoriseeritakse põhinedes uue infrastruktuuri olemasolule. Riskidega seotud muutused toovad esile ettevõtte sisemise infrastruktuuri ja pilve infrastruktuuri vahe. Selline lähenemisviis on kinnitatud ekspertide poolt. Käesolev uurimistöö põhineb juhtumiuuringul, mis käsitleb Põhja-Euroopas kasutatavat maksekanali süsteemi.In-house infrastructures are migrated to the cloud owing to the enhanced technical management capabilities, technical advancement as well as the flexibility and cost-effective options offered by the cloud. Moreover, an enterprise architecture changes when the sys-tems are moved into a different infrastructure. Due to such infrastructural changes, secu-rity risks can increase or decrease, while new risks can be introduced and some risks can be eliminated. Asset identification for risk analysis based only on business process mod-elling lacks the integration and representation of the interrelationship between IT infra-structure and business processes. Hence, certain information system (IS) assets can be neglected in the risk analysis. When analysing the security risk of two infrastructures, enterprise architectural differences need to be captured, since unidentified IS assets could be vulnerable and pose a security risk to the concerned organisation.In this thesis, assets are identified via architectural modelling to perform risk analysis. Furthermore, models present the differences pertaining to IS assets within in-house infra-structure and cloud infrastructure, in addition to the mapping to corresponding business processes. The STRIDE-based threat modelling is employed to determine the security risks concerning IS assets derived from enterprise architecture.To elaborate, this study will introduce a procedure that will help organisations identify IS asset changes of two different infrastructures and capture security risk changes. Moreover, architectural modelling applied in this research will illustrate the differences regard-ing IS assets and present the way in which business processes are mapped to technology components. Subsequently, a threat modelling method employed will provide a structural way to identify threats to the systems. The changes incorporated concerning the security risks will further present the security risk gap regarding in-house infrastructure and cloud infrastructure. Additionally, the validation of this approach is performed by domain experts. The enterprise architecture modelled in this thesis is based on a case study dealing with a payment gateway system used in North Europe

The effect of cyber-attacks on stock returns

A widely debated issue in recent years is cybercrime. Breaches in the security of accessibility, integrity and confidentiality of information involve potentially high explicit and implicit costs for firms. This paper investigates the impact of information security breaches on stock returns. Using event-study methodology, the study provides empirical evidence on the effect of announcements of cyber-attacks on the market value of firms from 1995 to 2015. Results show that substantial negative market returns occur following announcements of cyber-attacks. Financial entities often suffer greater negative effects than other companies and non-confidential cyber-attacks are the most dangerous, especially for the financial sector. Overall findings seem to show a link between cybercrime and insider trading

An Insider Threat Categorization Framework for Automated Manufacturing Execution System

Insider threats become one of the most dangerous threats in the cyber world as compared to outsider as the insiders have knowledge of assets. In addition, the threats itself considered in-visible and no one can predict what, when and how exactly the threat launched. Based on conducting literature, threat in Automated Manufacturing Execution Systems (AMESs) can be divided into three principle factors. Moreover, there is no standard framework to be referring which exist nowadays to categorize such factors in order to identify insider threats possible features. Therefore, from the conducted literature a standard theoretical categorization of insider threats framework for AMESs has been proposed. Hence, three principle factors, i.e. Human, Systems and Machine have considered as major categorization of insider threats. Consequently, the possible features for each factor identified based on previous researcher recommendations. Therefore, via identifying possible features and categorize it into principle factors or groups, a standard framework could be derived. These frameworks will contribute more benefit specifically in the manufacturing field as a reference to mitigate an insider threat.   Keywords—automated manufacturing execution systems insider threats, factors and features, insider threat categorization framework

Bring your own disclosure : analysing BYOD threats to corporate information

Mobile device consumerisation has introduced the Bring-Your-Own-Device (BYOD) trend to the organisational context, allowing employees to work using their personal devices. However, as personal mobile devices are perceived as less secure than those provided by the organisation, BYOD has risen security concerns about corporate information being accessed by mobile devices from inside and outside the corporate perimeter. Moreover, this uncontrolled mobile device activity makes it difficult to differentiate external (outsider) malicious activity from reckless/naive employee (insider) behaviour, preventing effective correlation of unauthorised actions with the perpetrators. In this paper, a STRIDE-based BYOD Threat Model is proposed to analyse BYOD Threat Interactions from inside and outside the corporate perimeter. Our research contributes to a better understanding and awareness about the influence of BYOD Threats on disclosure and contamination of corporate information, encouraging future work in the field of BYOD security and digital forensics in order to protect information and manage an increasing number of evidence sources

Under the corporate radar: examining insider business cybercrime victimization through an application of routine activities theory

Cybercrime is recognized as one of the top threats to UK economic security. On a daily basis, the computer networks of businesses suffer security breaches. A less explored dimension of this problem is cybercrimes committed by insiders. This paper provides a criminological analysis of corporate insider victimization. It begins by presenting reviews of insider criminal threats and routine activities theory as applied to cybercrime. Analysis of the nationally representative Cardiff University UK Business Cybercrime Survey then informs statistical models that predict the likelihood of businesses suffering insider cyber victimization, using routine activities and guardianship measures as predictors