A Graphical Adversarial Risk Analysis Model for Oil and Gas Drilling Cybersecurity

Oil and gas drilling is based, increasingly, on operational technology, whose cybersecurity is complicated by several challenges. We propose a graphical model for cybersecurity risk assessment based on Adversarial Risk Analysis to face those challenges. We also provide an example of the model in the context of an offshore drilling rig. The proposed model provides a more formal and comprehensive analysis of risks, still using the standard business language based on decisions, risks, and value.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Behavioural Evidence Analysis Applied to Digital Forensics: An Empirical Analysis of Child Pornography Cases using P2P Networks

The utility of Behavioural Evidence Analysis (BEA) has gained attention in the field of Digital Forensics in recent years. It has been recognized that, along with technical examination of digital evidence, it is important to learn as much as possible about the individuals behind an offence, the victim(s) and the dynamics of a crime. This can assist the investigator in producing a more accurate and complete reconstruction of the crime, in interpreting associated digital evidence, and with the description of investigative findings. Despite these potential benefits, the literature shows limited use of BEA for the investigation of cases of the possession and dissemination of Sexually Exploitative Imagery of Children (SEIC). This paper represents a step towards filling this gap. It reports on the forensic analysis of 15 SEIC cases involving P2P filesharing networks, obtained from the Dubai Police. Results confirmed the predicted benefits and indicate that BEA can assist digital forensic practitioners and prosecutors

Crime scripting: A systematic review

The file attached to this record is the author's final peer reviewed version.More than two decades after the publication of Cornish’s seminal work about the script-theoretic approach to crime analysis, this article examines how the concept has been applied in our community. The study provides evidence confirming that the approach is increasingly popular; and takes stock of crime scripting practices through a systematic review of over one hundred scripts published between 1994 and 2018. The results offer the first comprehensive picture of this approach, and highlights new directions for those interested in using data from cyber-systems and the Internet of Things to develop effective situational crime prevention measures

A New Profiling Framework In Identifying Cyber Violent Extremism Attack

Violent extremism has become a serious issue and an area of interest to government as it could leave difficult conditions to the nation. Violent extremism happens when someone chooses to carry out violent method and intent to cause harm to other. These groups of extremists aim to cause as much damage as possible when they intent to create harm to the target. Internet as the medium of communication has led to the formation of cyber communities which attracts violent extremism group. Recently, the violent extremism group uses the Internet as their platform to form online communities and launch their attack, these activities known as Cyber Violent Extremism (Cyber-VE). The ongoing increase in online activities by violent extremist groups along with the lack of mechanisms that can be used to identify violent extremism activity could be considered as a major problem. The threat of Cyber-VE is still on the rise and the existing mechanism do not seem to be reducing this attack. Therefore, the aim of this research is to develop a new profiling framework to help forensic investigators in identifying any activities that related to Cyber-VE attack. This done by integrating the classification of the Cyber-VE traces and the components of criminology theory. Prior to that, an analysis of the exiting profiling process is conducted to identify the process requirements in order to develop the profiling framework. After completing the analysis, an experimental design was setup to generate Cyber-VE traces classification. Traces classification is generated through the process of identifying, extracting and classifying traces. In order to identify the causes that leading to criminal behaviors, two types of criminology theory are used which are social learning theory and space transition theory. A combination of Social Learning Theory and Space Transition Theory was used to explain and identify the criminal behavior in which the criminal behavior will refer to Cyber-VE behavior. Then, both traces classification and criminology theory are integrated in order to develop the profiling framework. The proposed Cyber-VE profiling framework consists of three main processes which are data extraction and classification, Cyber-VE behavior identification, and Cyber-VE profile construction. This profiling framework is evaluated and validated to verify its capabilities in profiling Cyber-VE activities. In the experimental approach, the results from the dataset showed that profiling framework is capable to profile Cyber-VE activities using the proposed profiling framework. In expert view, the results showed that the proposed profiling framework is able to identify the activities that related to Cyber-VE attack

利用者の行動パターンの検知を通じた機密情報とコミュニケーションの内部統制に関する研究

国立大学法人長岡技術科学大

The Cybercrime Triangle

Information technology can increase the convergence of three dimensions of the crime triangle due to the spatial and temporal confluence in the virtual world. In other words, its advancement can lead to facilitating criminals with more chances to commit a crime against suitable targets living in different real-world time zones without temporal and spatial orders. However, within this mechanism, cybercrime can be discouraged “…if the cyber-adversary is handled, the target/victim is guarded, or the place is effectively managed” (Wilcox & Cullen, 2018, p. 134). In fact, Madensen and Eck (2013) assert that only one effective controller is enough to prevent a crime. Given this condition of the crime triangle, it must be noted that each of these components (the offender, the target, and the place) or controllers (i.e., handler, guardian, and manager) can play a pivotal role in reducing cybercrime. To date, scholars and professionals have analyzed the phenomenon of cybercrime and developed cybercrime prevention strategies relying predominantly on cybercrime victimization (suitable targets) but have yet to utilize the broader framework of the crime triangle commonly used in the analysis and prevention of crime. More specifically, the dimensions of cybercrime offenders, places, or controllers have been absent in prior scientific research and in guiding the establishment and examination of cybercrime prevention strategies. Given this gap, much remains to be known as to how these conceptual entities operate in the virtual realm and whether they share similarities with what we know about other crimes in the physical world. Thus, the purpose of this study is to extend the application of the “Crime Triangle,” a derivative of Routine Activity Theory, to crime events in the digital realm to provide scholars, practitioners, and policy makers a more complete lens to improve understanding and prevention of cybercrime incidents. In other words, this dissertation will endeavor to devise a comprehensive framework for our society to use to form cybersecurity policies to implement a secure and stable digital environment that supports continued economic growth as well as national security. The findings of this study suggest that both criminological and technical perspectives are crucial in comprehending cybercrime incidents. This dissertation attempts to independently explore these three components in order to portray the characteristics of cybercriminals, cybercrime victims, and place management. Specifically, this study first explores the characteristics of cybercriminals via a criminal profiling method primarily using court criminal record documents (indictments/complaints) provided by the FIU law library website. Second, the associations between cybercrime victims, digital capable guardianship, perceived risks of cybercrime, and online activity are examined using Eurobarometer survey data. Third, the associations between place management activities and cybercrime prevention are examined using “Phishing Campaign” and “Cybersecurity Awareness Training Program” data derived from FIU’s Division of Information Technology

INTEGRATION OF INTELLIGENCE TECHNIQUES ON THE EXECUTION OF PENETRATION TESTS (iPENTEST)

Penetration Tests (Pentests) identify potential vulnerabilities in the security of computer systems via security assessment. However, it should also benefit from widely recognized methodologies and recommendations within this field, as the Penetration Testing Execution Standard (PTES). The objective of this research is to explore PTES, particularly the three initial phases: 1. Pre-Engagement Interactions; 2. Intelligence Gathering; 3. Threat Modeling; and ultimately to apply Intelligence techniques to the Threat Modeling phase. To achieve this, we will use open-source and/or commercial tools to structure a process to clarify how the results were reached using the research inductive methodology. The following steps were implemented: i) critical review of the “Penetration Testing Execution Standard (PTES)”; ii) critical review of Intelligence Production Process; iii) specification and classification of contexts in which Intelligence could be applied; iv) definition of a methodology to apply Intelligence Techniques to the specified contexts; v) application and evaluation of the proposed methodology to real case study as proof of concept. This research has the ambition to develop a model grounded on Intelligence techniques to be applied on PTES Threat Modeling phase