SecBot: a Business-Driven Conversational Agent for Cybersecurity Planning and Management

Businesses were moving during the past decades to-ward full digital models, which made companies face new threatsand cyberattacks affecting their services and, consequently, theirprofits. To avoid negative impacts, companies’ investments incybersecurity are increasing considerably. However, Small andMedium-sized Enterprises (SMEs) operate on small budgets,minimal technical expertise, and few personnel to address cy-bersecurity threats. In order to address such challenges, it isessential to promote novel approaches that can intuitively presentcybersecurity-related technical information.This paper introduces SecBot, a cybersecurity-driven conver-sational agent (i.e., chatbot) for the support of cybersecurityplanning and management. SecBot applies concepts of neuralnetworks and Natural Language Processing (NLP), to interactand extract information from a conversation. SecBot can(a)identify cyberattacks based on related symptoms,(b)indicatesolutions and configurations according to business demands,and(c)provide insightful information for the decision on cy-bersecurity investments and risks. A formal description hadbeen developed to describe states, transitions, a language, anda Proof-of-Concept (PoC) implementation. A case study and aperformance evaluation were conducted to provide evidence ofthe proposed solution’s feasibility and accurac

A novel privacy preserving user identification approach for network traffic

The prevalence of the Internet and cloud-based applications, alongside the technological evolution of smartphones, tablets and smartwatches, has resulted in users relying upon network connectivity more than ever before. This results in an increasingly voluminous footprint with respect to the network traffic that is created as a consequence. For network forensic examiners, this traffic represents a vital source of independent evidence in an environment where anti-forensics is increasingly challenging the validity of computer-based forensics. Performing network forensics today largely focuses upon an analysis based upon the Internet Protocol (IP) address – as this is the only characteristic available. More typically, however, investigators are not actually interested in the IP address but rather the associated user (whose account might have been compromised). However, given the range of devices (e.g., laptop, mobile, and tablet) that a user might be using and the widespread use of DHCP, IP is not a reliable and consistent means of understanding the traffic from a user. This paper presents a novel approach to the identification of users from network traffic using only the meta-data of the traffic (i.e. rather than payload) and the creation of application-level user interactions, which are proven to provide a far richer discriminatory feature set to enable more reliable identity verification. A study involving data collected from 46 users over a two-month period generated over 112 GBs of meta-data traffic was undertaken to examine the novel user-interaction based feature extraction algorithm. On an individual application basis, the approach can achieve recognition rates of 90%, with some users experiencing recognition performance of 100%. The consequence of this recognition is an enormous reduction in the volume of traffic an investigator has to analyse, allowing them to focus upon a particular suspect or enabling them to disregard traffic and focus upon what is left

2015 protected health information data breach report

The purpose of this study is to shed light on the problem of medical data loss—how it is disclosed, who is causing it and what can be done to combat it. This is a far-reaching problem that impacts not only organizations that are victims of these breaches, but also doctor-patient relationships. And it can have consequences that spread more broadly than just those directly affected by the incidents. For the purposes of this study, protected health information (PHI) is defined as personally identifiable health information collected from an individual, and covered under one of the state, federal or international data breach disclosure laws. PHI may be collected or created by a healthcare provider, health plan, employer, healthcare clearinghouse or other entity. The main criteria is whether there is a reasonable basis to believe the information could be used to identify an individual. In the U.S., the disclosure of this type of information would trigger a duty to report the breach under the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and one or more of the state laws