Using Fuzzy Cognitive Maps (FCMs) to Evaluate the Vulnerabilities with ICT Assets Disposal Policies

Abstract-- This paper evaluates the possible vulnerabilities of ICT assets disposal policies and the associated impact that can affect the SMEs. A poorly implemented policy or unenforced policy is “potentially the weakest link ” in the cyber-security chain. Do SMEs have an idea of vulnerabilities or threats due to assets disposal? In the event of breaches, the SMEs pay for the cost of notifying the concerned stakeholders, compensate affected parties, invest in improved mitigation technologies and also may be subjected to unwarranted public scrutiny. ICT assets at the end-of-useful life span usually have data left on the hard disk drives or storage media, which is a source of data confidentiality vulnerability. SMEs were surveyed in developing economies on their assets disposal policies. The perceived correlations were analyzed using fuzzy cognitive maps (FCMs) to ascertain if any cyber-security vulnerabilities inherent in a particular policy have implications on others. The study endeavored to show that, SMEs ought to have appropriate assets disposal policies in place. Then, these policies ought to be signed off by all stakeholders as a matter of responsibility. By employing the FCM approach with fuzzy matrix operations, the results indicate positive correlations exist amongst the policy constructs. Thus, vulnerabilities with one policy have implications on others

Cyber threat intelligence for improving cyber supply chain security

Cyber supply chain (CSC) systems provide operational efficiency and business continuity due to the integrated nature of various network system nodes. Such integration has made the overall system vulnerable to various cyber attacks and malware propagation is one of the common attacks for CSC. Cyber threat intelligence (CTI) provides an organization the capability to identify, gather, analyze threats and the associated risks so that CSC organization can forecast the existing and future threat trends and manage the cybersecurity risk in a proactive manner. A threat actor may attack the system and propagate a malware. The purpose is to manipulate, alter, or change delivery mechanisms. It is imperative to integrate CTI into the existing cybersecurity practice to detect and understand the threat actor's intents and motive. In our previous paper, we used threat analysis gathering to provide us an understanding of the adversaries' capabilities, actions, and intents. This paper contributes to improving the cybersecurity of CSC by using CTI. In particular, we extend our previous work which identifies and analysis CSC attacks and adopts CTI approach to understand the attack trends so that appropriate control can determine proactively. We use the malware a smart grid case study as CSC context to demonstrate our approach. The result demonstrations how CTI approach is applied to assist in preventing cyberattacks and to disseminate threat information sharing

Relativism Digital Forensics Investigations Model: A Case for the Emerging Economies

Digital forensic investigations (DFI) is a process of investigating computers and its associated media to determine whether it has been used to commit a crime or gain unauthorized access. cyberattacks and cybercrimes can be committed globally but reported locally. However, DFI processes vary relative to a particular jurisdiction. Relativism is the perception of universal norms of what is right and wrong or legal and illegal. Although cybercrimes are illegal, what constitutes illegal is relative to a jurisdiction. Cyber espionage attacks may be considered legal or illegal based on economic advantage for someone or as target for attack based on motive and intent. Further, following legal procedures in evidence gathering at a digital crime scene is critical for prosecution. However, there are challenges in gathering evidence using the existing DFI models on all attacks. UNODC, report on the globalization of cybercrimes highlighted the challenges of cybercrime and ranked some emerging economies among the first 10 offending nations globally. There are existing models that are specific to certain jurisdictions and assist the judiciary, law enforcement agencies, and forensic experts. Consequently, presenting digital forensic evidence in court has proved to be challenging, due to a lack of procedures and DFI models specific to emerging economies. In this paper, we identify the phase that is relevant and could facilitate DFI processes from emerging economies' perspective. Further, we review some existing models to determine their relative procedures. This paper does not negate existing models, rather derives a relative model from existing models. We propose a model that will improve the DFI process from the result of the evaluation with inference from international standards