A cyber exercise post assessment framework: In Malaysia perspectives

Critical infrastructures are based on complex systems that provide vital services to the nation. The complexities of the interconnected networks, each managed by individual organisations, if not properly secured, could offer vulnerabilities that threaten other organisations’ systems that depend on their services. This thesis argues that the awareness of interdependencies among critical sectors needs to be increased. Managing and securing critical infrastructure is not isolated responsibility of a government or an individual organisation. There is a need for a strong collaboration among critical service providers of public and private organisations in protecting critical information infrastructure. Cyber exercises have been incorporated in national cyber security strategies as part of critical information infrastructure protection. However, organising a cyber exercise involved multi sectors is challenging due to the diversity of participants’ background, working environments and incidents response policies. How well the lessons learned from the cyber exercise and how it can be transferred to the participating organisations is still a looming question. In order to understand the implications of cyber exercises on what participants have learnt and how it benefits participants’ organisation, a Cyber Exercise Post Assessment (CEPA) framework was proposed in this research. The CEPA framework consists of two parts. The first part aims to investigate the lessons learnt by participants from a cyber exercise using the four levels of the Kirkpatrick Training Model to identify their perceptions on reaction, learning, behaviour and results of the exercise. The second part investigates the Organisation Cyber Resilience (OCR) of participating sectors. The framework was used to study the impact of the cyber exercise called X Maya in Malaysia. Data collected through interviews with X Maya 5 participants were coded and categorised based on four levels according to the Kirkpatrick Training Model, while online surveys distributed to ten Critical National Information Infrastructure (CNII) sectors participated in the exercise. The survey used the C-Suite Executive Checklist developed by World Economic Forum in 2012. To ensure the suitability of the tool used to investigate the OCR, a reliability test conducted on the survey items showed high internal consistency results. Finally, individual OCR scores were used to develop the OCR Maturity Model to provide the organisation cyber resilience perspectives of the ten CNII sectors

Preventing Web Browser From Cyber Attack

Web browser has become a widely used platform for connecting and interacting people or organization with cyberspace. By using the web browser, we can share all the information, and now we can make transaction and pay our bills online. To users, they have to be careful when using internet and web browser to make all the transactions involved money as we know there are some vulnerabilities appear in web browser. This paper provides the discussion of the vulnerabilities appear in Firefox and Internet Explorer browser. It begins by providing an overview of web browser and describes what it is, how it is works, most popular web browser and common vulnerabilities found in web browser that can be used by hackers to attack the system. The paper then proposes some countermeasures to prevent the web browser from cyber attack

IMPACT OF SCENARIO BASED EXERCISE ON ORGANISATION RESILIENCE IN CRITICAL INFRASTRUCTURE ORGANISATIONS

Critical infrastructures are organisations that deliver vital services like telecommunication, energy and water suppliers to the community. Today, threats on critical infrastructure are differs from natural disasters, technical failures, man-made and cyber-attacks. Any disruptions on critical infrastructures could create a catastrophic damage. Protecting critical infrastructures and cultivating resilience has become a main agenda in many countries. Collaboration effort between public and private in crisis management through Scenario Based Exercise (SBE) was part of the agenda. SBE also known as Scenario Based Training (SBT) is a management tool used to train decision makers in crisis situations. However crisis management exercises through SBE appear to produce indistinct learning results which very limited in applicability. Using benchmark tool developed by Resilient Organisations Research at the University of Canterbury in New Zealand, this paper attempt investigate how SBE reflects the organisation resilience and determine the correlations between SBE and organisation resilience in critical infrastructures organisations

Development of a single honeypot system interface

Networking is crucial to any organization which interconnecting systems all around the globe. However, networking is exposed to the increase of threats that have been detected which reducing the organization’s security level.Perpetrators of cybercrime will take this advantage to exploit other systems in their network.To enhance the security level of networking, Honeypot technology has been created to detect the unauthorized use of network.This paper focuses on development of batch files that execute a normal computer as a Honeypot. The main goal of this system is to capture information on every network attacks.Technically, this paper will guide user in Honeypot configuration process

DEVELOPMENT OF A SINGLE HONEYPOT SYSTEM INTERFACE

ABSTRACT. Networking is crucial to any organization which interconnecting systems all around the globe. However, networking is exposed to the increase of threats that have been detected which reducing the organization's security level. Perpetrators of cybercrime will take this advantage to exploit other systems in their network. To enhance the security level of networking, Honeypot technology has been created to detect the unauthorized use of network. This paper focuses on development of batch files that execute a normal computer as a Honeypot. The main goal of this system is to capture information on every network attacks. Technically, this paper will guide user in Honeypot configuration process