Data Presentation in Security Operations Centres: Exploring the Potential for Sonification to Enhance Existing Practice

Security practitioners working in Security Operations Centres (SOCs) are responsible for detecting and mitigating malicious computer-network activity. This work requires both automated tools that detect and prevent attacks, and data-presentation tools that can present pertinent network-security monitoring information to practitioners in an efficient and comprehensible manner. In recent years, advances have been made in the development of visual approaches to data presentation, with some uptake of advanced security visualization tools in SOCs. Sonification, in which data is represented as sound, is said to have potential as an approach that could work alongside existing visual data-presentation approaches to address some of the unique challenges faced by SOCs. For example, sonification has been shown to enable peripheral monitoring of processes, which could aid practitioners multitasking in busy SOCs. The perspectives of security practitioners on incorporating sonification into their actual working environments have not yet been examined, however. The aim of this paper therefore is to address this gap by exploring attitudes to using sonification in SOCs, and identifying the data-presentation approaches currently used. We report on the results of a study consisting of an online survey (N=20) and interviews (N=21) with security practitioners working in a range of different SOCs. Our contributions are (1) a refined appreciation of the contexts in which sonification could aid in SOC working practice, (2) an understanding of the areas in which sonification may not be beneficial or may even be problematic, (3) an analysis of the critical requirements for the design of sonification systems and their integration into the SOC setting, and (4) evidence of the visual data-presentation techniques currently used and identification of how sonification might work alongside and address challenges to using them. Our findings clarify insights into the potential benefits and challenges of introducing sonification to support work in this vital security-monitoring environment. Participants saw potential value in using sonification systems to aid in anomaly-detection tasks in SOCs (such as retrospective hunting), as well as in situations in which peripheral monitoring is desirable: while multitasking with multiple work tasks, or while outside of the SOC

A capability-oriented approach to assessing privacy risk in smart home ecosystems

Smart devices are increasingly ubiquitous; the multitude of risks they pose to user privacy continues to grow, but assessing such risks has proven difficult. In this paper, we discuss three factors which complicate the assessment of privacy risks in the context of the smart home. Firstly, smart devices are highly heterogeneous and hard to categorise, so top-down, taxonomy-oriented approaches to risk assessment do not fit well. Secondly, the threat landscape is vast, varied, and growing. Thirdly, the chief asset, personal information, is difficult to value-especially given that its value can be hugely affected by aggregation. To address these factors, we propose a novel, bottom-up approach in which the smart home ecosystem is reduced to its data-collecting capabilities (such as sensors and apps) and then privacy risk is assessed based on the information that the user exposes. We define a capability-oriented model which is system-neutral, extensible, and therefore well-suited to the fast-evolving nature of the smart home

“I don't think we're there yet”: The practices and challenges of organisational learning from cyber security incidents

Learning from cyber incidents is crucial for organisations to enhance their cyber resilience and effectively respond to evolving threats. This study employs neo-institutional and organisational learning theories to examine how organisations learn from incidents and gain insights into the challenges they face. Drawing on qualitative research methods, interviews were conducted with 34 security practitioners from organisations operating in the UK spanning a range of industries. The findings highlight the importance of consciously evaluating learning practices and creating a culture of openness to hear about incidents from employees, customers and suppliers. Deciding which incidents to learn from, as well as who should participate in the learning process, emerged as critical considerations. Overcoming defensiveness and addressing systemic causes were recognised as barriers to effective learning. The study emphasises the need to assess the value and impact of identified lessons and to avoid superficial reviews that treat symptoms rather than underlying causes to improve resilience. While progress has been made in learning from incidents, further enhancements are needed. Practical recommendations have been proposed to suggest how organisations may gain valuable insights for maximising the benefits derived from incident learning. This research contributes to the existing knowledge on organisational learning and informs future studies exploring the social and political influences on the learning process. By considering the suggested recommendations, organisations may strengthen their cyber security, foster a culture of continuous improvement, and respond effectively to the dynamic cyber security landscape

If you can't understand it, you can't properly assess it! The reality of assessing security risks in Internet of Things systems

Security risk assessment methods have served us well over the last two decades. As the complexity, pervasiveness and automation of technology systems increases, particularly with the Internet of Things (IoT), there is a convincing argument that we will need new approaches to assess risk and build system trust. In this article, we report on a series of scoping workshops and interviews with industry professionals (experts in enterprise systems, IoT and risk) conducted to investigate the validity of this argument. Additionally, our research aims to consult with these professionals to understand two crucial aspects. Firstly, we seek to identify the wider concerns in adopting IoT systems into a corporate environment, be it a smart manufacturing shop floor or a smart office. Secondly, we investigate the key challenges for approaches in industry that attempt to effectively and efficiently assess cyber-risk in the IoT

An Ethics Framework for Research into Heterogeneous Systems

Heterogeneous systems often found in the Internet of Things (IoT) have a wide range of challenges in ethics and law. Any device with an IP address can potentially collect, process, store and share data and make automated decisions in unpredictable ways. When conducting research and development in IoT, it is necessary to have a comprehensive socio-technical understanding of decision-making and data-handling, as well as procedures in place to pre-empt and address unforeseen consequences. In this paper we propose a comprehensive conceptual-modelling approach to help researchers systematically identify, consider and respond to challenges in ethics and law when conducting research and development of heterogeneous systems. Our framework is a six-layered model that addresses these concerns with regards to proximity to the data and actions in question. Using our framework, researchers should be able to deliver use-case scenarios that should be peer-reviewed by a large number of experts in dissimilar domains with the aim of identifying issues to why the research and development proposed is not done responsibly, so researchers can address these concerns. Finally, we explore a IoT use-case scenario, and we propose future directions for this work

Integration of Cyber Security Frameworks, Models and Approaches for Building Design Principles for the Internet-of-Things in Industry 4.0

This research article reports the results of a qualitative case study that correlates academic literature with five Industry 4.0 cyber trends, seven cyber risk frameworks and two cyber risk models. While there is a strong interest in industry and academia to standardise existing cyber risk frameworks, models and methodologies, an attempt to combine these approaches has not been done until present. We apply the grounded theory approach to derive with integration criteria for the reviewed frameworks, models and methodologies. Then, we propose a new architecture for the integration of the reviewed frameworks, models and methodologies. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of a holistic economic impact assessment model for IoT cyber risk

Cyber Security Framework for the Internet-of-Things in Industry 4.0

This research article reports the results of a qualitative case study that correlates academic literature with five Industry 4.0 cyber trends, seven cyber risk frameworks and two cyber risk models. While there is a strong interest in industry and academia to standardise existing cyber risk frameworks, models and methodologies, an attempt to combine these approaches has not been done until present. We apply the grounded theory approach to derive with integration criteria for the reviewed frameworks, models and methodologies. Then, we propose a new architecture for the integration of the reviewed frameworks, models and methodologies. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of a holistic economic impact assessment model for IoT cyber risk

Cyber Security Framework for the Internet-of-Things in Industry 4.0

This research article reports the results of a qualitative case study that correlates academic literature with five Industry 4.0 cyber trends, seven cyber risk frameworks and two cyber risk models. While there is a strong interest in industry and academia to standardise existing cyber risk frameworks, models and methodologies, an attempt to combine these approaches has not been done until present. We apply the grounded theory approach to derive with integration criteria for the reviewed frameworks, models and methodologies. Then, we propose a new architecture for the integration of the reviewed frameworks, models and methodologies. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of a holistic economic impact assessment model for IoT cyber risk