Rethinking Security Incident Response: The Integration of Agile Principles

In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over incident learning. While previous security incident response research focused on best practice development, linear plan-driven approaches and the technical aspects of security incident response, very little research investigates the integration of agile principles and practices into the security incident response process. This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization's security incident response posture.Comment: Paper presented at the 20th Americas Conference on Information Systems (AMCIS 2014), Savannah, Georgi

IT-based Fraud Management Approaches in Small and Medium Enterprises – A Multivocal Literature Review

Fraud, particularly cybercrime, is an emerging worldwide risk. Despite this, the risk of fraud appears underestimated in discussions of fraud mitigation and risk management in the context of SMEs. This multivocal literature review discusses ways of minimizing fraud for SMEs and IT-supported concepts that are currently proposed in literature. The present review shows that existing concepts often focus on specific or internal fraud risks and organizational countermeasures, but rarely cover newer fraud risks or suggest IT-supported measures to reduce the risk of fraud for SMEs. However, some IT security approaches have been proposed to mitigate fraud, but the area of internal control concepts of compliance and governance appears unconnected to IS approaches. This review identifies a lack of integrated fraud-management concepts, which is surprising due to the omnipresence of ICT, it found limitations in existing concepts and suggests areas for future IS research and academic discussion

A process model for implementing information systems security governance

Purpose; ; ; ; ; The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of security governance controls by organizations. The purpose of this paper, thus, is to construct and empirically validate an information security governance (ISG) process model through the plan “do “check “act (PDCA) cycle model of Deming.; ; ; ; ; Design/methodology/approach; ; ; ; ; This descriptive research using an interpretive paradigm follows a qualitative methodology using expert interviews of five respondents working in the ISG domain in United Arab Emirates (UAE) to validate the theoretical model.; ; ; ; ; Findings; ; ; ; ; The findings of this paper suggest the primacy of the PDCA Deming cycle for initiating ISG through a risk-based approach assisted by industry-wide best practices in ISG. Regarding selection of ISG frameworks, respondents preferred to have ISO 27K supported by NIST as the core framework with other relevant ISG frameworks/standards forming the peripheral layer. The implementation focus of the ISG model is on mapping ISO 27K/NIST IT controls relevant IT controls selected from ISG frameworks from a horizontal and vertical perspective. Respondents asserted the automation of measurement and control mechanism through automation to assist in the feedback loop of the PDCA cycle.; ; ; ; ; Originality/value; ; ; ; ; The validated model helps academics and practitioners gain insight into the methodology of the phased implementation of an information systems governance process through the PDCA model, as well as the positioning of ITG and ITG frameworks in ISG. Practitioners can glean valuable insights from the empirical section of the research where experts detail the success factors, the sequential steps and justification of these factors in the ISG implementation process

A Survey on Forensics and Compliance Auditing for Critical Infrastructure Protection

The broadening dependency and reliance that modern societies have on essential services provided by Critical Infrastructures is increasing the relevance of their trustworthiness. However, Critical Infrastructures are attractive targets for cyberattacks, due to the potential for considerable impact, not just at the economic level but also in terms of physical damage and even loss of human life. Complementing traditional security mechanisms, forensics and compliance audit processes play an important role in ensuring Critical Infrastructure trustworthiness. Compliance auditing contributes to checking if security measures are in place and compliant with standards and internal policies. Forensics assist the investigation of past security incidents. Since these two areas significantly overlap, in terms of data sources, tools and techniques, they can be merged into unified Forensics and Compliance Auditing (FCA) frameworks. In this paper, we survey the latest developments, methodologies, challenges, and solutions addressing forensics and compliance auditing in the scope of Critical Infrastructure Protection. This survey focuses on relevant contributions, capable of tackling the requirements imposed by massively distributed and complex Industrial Automation and Control Systems, in terms of handling large volumes of heterogeneous data (that can be noisy, ambiguous, and redundant) for analytic purposes, with adequate performance and reliability. The achieved results produced a taxonomy in the field of FCA whose key categories denote the relevant topics in the literature. Also, the collected knowledge resulted in the establishment of a reference FCA architecture, proposed as a generic template for a converged platform. These results are intended to guide future research on forensics and compliance auditing for Critical Infrastructure Protection.info:eu-repo/semantics/publishedVersio

Towards a Cybersecurity Skills Framework for South Africa

Cybersecurity is an ever-growing area of concern both globally and in South Africa. The increasing number of cyberattacks daily has had a large effect on individuals, organisations, governments, and society at large. The growing need to combat cybercrime is accompanied by the increased need for skilled IT professionals to assist in protecting against cybercrime. Currently, there is a worldwide cybersecurity skills gap and a lack of IT professionals with the requisite cybersecurity skills. Many countries have developed their own taxonomies and common lexicons for IT and cybersecurity work, specifically for their context. This type of common lexicon is important to help assist in the development of skills. However, South Africa does not yet have its own cybersecurity skills framework to serve as a common lexicon for the South African context. Hence, the problem defined for this study is that, without a common lexicon of the cybersecurity knowledge, skills, abilities, and tasks (KSATs) required of IT professionals as they relate to specific IT job roles in South Africa, the cybersecurity skills gap cannot be sufficiently addressed. Such a lexicon could help drive the development of skills in South Africa and, in so doing assist in alleviating the cybersecurity skills gap. This study therefore presents a common lexicon by collecting job postings over a four-month period from 1 October 2020 to 31 January 2021. These job postings were analysed using a thematic content analysis. The results identified 20 common IT job roles, together with the specific KSATs relating to each job role identified. As a result, these job roles form part of a proposed cybersecurity skills framework for South Africa (CSFwSA) which could help and guide South Africa towards more targeted cybersecurity skills development. The proposed framework could also be useful in guiding tertiary educational facilities in the creation of cybersecurity curricula that represent the real-world expectations. This, in turn, could help South Africa to address the cybersecurity skills gap by better preparing IT professionals and ensuring that they are trained and skilled in cybersecurity.Thesis (MIT) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 202

Towards a Cybersecurity Skills Framework for South Africa

Cybersecurity is an ever-growing area of concern both globally and in South Africa. The increasing number of cyberattacks daily has had a large effect on individuals, organisations, governments, and society at large. The growing need to combat cybercrime is accompanied by the increased need for skilled IT professionals to assist in protecting against cybercrime. Currently, there is a worldwide cybersecurity skills gap and a lack of IT professionals with the requisite cybersecurity skills. Many countries have developed their own taxonomies and common lexicons for IT and cybersecurity work, specifically for their context. This type of common lexicon is important to help assist in the development of skills. However, South Africa does not yet have its own cybersecurity skills framework to serve as a common lexicon for the South African context. Hence, the problem defined for this study is that, without a common lexicon of the cybersecurity knowledge, skills, abilities, and tasks (KSATs) required of IT professionals as they relate to specific IT job roles in South Africa, the cybersecurity skills gap cannot be sufficiently addressed. Such a lexicon could help drive the development of skills in South Africa and, in so doing assist in alleviating the cybersecurity skills gap. This study therefore presents a common lexicon by collecting job postings over a four-month period from 1 October 2020 to 31 January 2021. These job postings were analysed using a thematic content analysis. The results identified 20 common IT job roles, together with the specific KSATs relating to each job role identified. As a result, these job roles form part of a proposed cybersecurity skills framework for South Africa (CSFwSA) which could help and guide South Africa towards more targeted cybersecurity skills development. The proposed framework could also be useful in guiding tertiary educational facilities in the creation of cybersecurity curricula that represent the real-world expectations. This, in turn, could help South Africa to address the cybersecurity skills gap by better preparing IT professionals and ensuring that they are trained and skilled in cybersecurity.Thesis (MIT) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 202

A process model for implementing information systems security governance.

Purpose: The frequent and increasingly potent cyber-attacks due to lack of an optimal mix of technical as well as non-technical IT controls, has led to increased adoption of security governance controls by organizations. The paper thus seeks to construct and empirically validate an information security governance process model through the Plan-Do-Check-Act cycle model of Deming. Design/methodology/approach: This descriptive research using an interpretive paradigm follows a qualitative methodology using expert interviews of five respondents working in the information security governance (ISG) domain in United Arab Emirates to validate the theoretical model. Findings: Our findings suggest the primacy of the Plan-Do-Check-Act Deming cycle for initiating ISG through a risk-based approach assisted by industry-wide best practices in ISG. Regarding selection of ISG frameworks, respondents preferred to have ISO 27K supported by NIST as the core framework with other relevant ISG frameworks/standards forming the peripheral layer. The implementation focus of the ISG model is on mapping ISO 27 K/NIST IT controls relevant IT controls selected from ISG frameworks from a horizontal and vertical perspective. Respondents asserted the automation of measurement and control mechanism through automation to assist in the feedback loop of the PDCA cycle. Originality/value: The validated model helps academics and practitioners gain insight into the methodology of the phased implementation of an information systems governance process through the PDCA model, as well as the positioning of ITG and ITG frameworks in ISG. Practitioners can glean valuable insights from the empirical section of the research where experts detail the success factors, the sequential steps, and justification of these factors in the ISG implementation process

Security aspects of SCADA and DCS environments

Abstract SCADA Systems can be seen as a fundamental component in Critical Infrastructures, having an impact in the overall performance of other Critical Infrastructures interconnected. Currently, these systems include in their network designs different types of Information and Communication Technology systems (such as the Internet and wireless technologies), not only to modernize operational processes but also to ensure automation and real-time control. Nonetheless, the use of these new technologies will bring new security challenges, which will have a significant impact on both the business process and home users. Therefore, the main purpose of this Chapter is to address these issues and to analyze the interdependencies of Process Control Systems with ICT systems, to discuss some security aspects and to offer some possible solutions and recommendations

Cyber security incident handling, warning and response system for the european critical information infrastructures (cyberSANE)

This paper aims to enhance the security and resilience of Critical Information Infrastructures (CIIs) by providing a dynamic collaborative, warning and response system (CyberSANE system) supporting and guiding security officers and operators (e.g. Incident Response professionals) to recognize, identify, dynamically analyse, forecast, treat and respond to their threats and risks and handle their daily cyber incidents. The proposed solution provides a first of a kind approach for handling cyber security incidents in the digital environments with highly interconnected, complex and diverse nature

Integrated management model of the corporate digital forensic investigation

Metrici indikatora ključnih performansi (KPI) treba uspostaviti u upravljačkom sustavu procesa korporativne digitalne forenzičke (DF) istrage, kako bi se ohrabrilo poboljšanje efektivnosti i efikasnosti performansi procesa. Oni trebaju omogućiti kvantitativnu procjenu dobiti u ciljevima DF istrage, kao što su izgradnja čvrstih digitalnih dokaza (DE), redukcija troškova i ciklusa DF istrage itd. Metrici KPI trebaju uključiti usklađivanje s DF principima i standardima, standardnim operativnim procedurama (SOP), forenzičkim i legalnim zahtjevima, smanjenjem troškova, kvalitetom DE, zadovoljstvom relevantnih sudionika i pravosudnom prihvatljivosti DE. Kao alat za poboljšanje kvaliteta procesa DF istrage, metrici KPI trebaju biti dobro definirani i shvaćena te da ih svi relevantni sudionici uvode u proces DF istrage. Autori ovog rada sugeriraju jedan integrirani model upravljanja procesom korporacijske DF istrage, koji obuhvaća ključne aktivnosti, resurse, ciljeve performansi, rizike i metrike KPI. Model je relevantan za razvoj i upravljanje efektivnim procesima DF istrage.Metrics of the key performances indicators (KPIs) should be established into corporate digital forensic (DF) investigation process management to encourage performances effectiveness and efficiency improvement. The KPIs should lead to a quantitative assessment of gains in the DF investigation objectives, such as creating proved digital evidence (DE), reducing costs and DF investigation cycle time, etc. The KPIs metrics should address alignment with DF principles and standard operating procedures (SOP), forensic and legal requirements, digital evidence (DE) quality, stakeholder satisfaction and digital evidence legal admissibility. As a tool for quality improvement of the DF investigation processes, the KPIs metrics should be well defined and understood, and introduced by all stakeholders in the DF investigation process. The authors of this article suggested an integrated model of the corporate DF investigation management process. The model includes key activities, resources, performances objectives, risks and the KPIs metric. It is relevant for the development and management of the effective corporate DF investigation processes