Two Heads are Better than One: A Theoretical Model for Cybersecurity Intelligence Sharing (CIS) between Organisations

So-called ‘social bots’ have garnered a lot of attention lately. Previous research showed that they attempted to influence political events such as the Brexit referendum and the US presidential elections. It remains, however, somewhat unclear what exactly can be understood by the term ‘social bot’. This paper addresses the need to better understand the intentions of bots on social media and to develop a shared understanding of how ‘social’ bots differ from other types of bots. We thus describe a systematic review of publications that researched bot accounts on social media. Based on the results of this literature review, we propose a scheme for categorising bot accounts on social media sites. Our scheme groups bot accounts by two dimensions – Imitation of human behaviour and Intent

Clustering and Topic Modelling: A New Approach for Analysis of National Cyber security Strategies

The consequences of cybersecurity attacks can be severe for nation states and their people. Recently many nations have revisited their national cybersecurity strategies (NCSs) to ensure that their cybersecurity capabilities is sufficient to protect their citizens and cyberspace. This study is an initial attempt to compare NCSs by using clustering and topic modelling methods to investigate the similarity and differences between them. We also aimed to identify underlying topics that are appeared in NCSs. We have collected and examined 60 NCSs that have been developed during 2003-2016. By relying on institutional theories, we found that memberships in the international intuitions could be a determinant factor for harmonization and integration between NCSs. By applying hierarchical clustering method, we noticed a stronger similarities between NCSs that are developed by the EU or NATO members. We also found that public-private partnerships, protection of critical infrastructure, and defending citizen and public IT systems are among those topics that have been received considerable attention in the majority of NCSs. We also argue that topic modeling method, LDA, can be used as an automated technique for analysis and understanding of textual documents by policy makers and governments during the development and reviewing of national strategies and policies

Cyber Defense Capability Model: A Foundation Taxonomy

Cyber attacks have significantly increased over the last few years, where the attackers are highly skilled, more organized and supported by other powerful actors to devise attacks towards specific targets. To aid the development of a strategic plan to defend against emerging attacks, we present a high-level taxonomy along with a cyber defense model to address the interaction and relationships between taxonomy elements. A cyber-kinetic reference model which is used widely by U.S Air Force is adopted as a baseline for the model and taxonomy development. Asset, Cyber Capability, and Preparation Process are the three high-level elements that are presented for the cyber defense capability model. The Cyber Capability, as the focal point of the study, uses three classifiers to characterize the strategic cyber defense mechanisms, which are classified by active, passive and collaborative defense. To achieve a proper cyber defense strategy, the key actors, assets and associated preparation procedure are identified. Finally, the proposed taxonomy is extensible so that additional dimensions or classifications can be added to future needs

Exploring Incentives and Challenges for Cybersecurity Intelligence Sharing (CIS) across Organizations: A Systematic Review

Cybersecurity intelligence sharing (CIS) has gained significance as an organizational function to protect critical information assets, manage cybersecurity risks, and improve cybersecurity operations. However, few studies have synthesized accumulated scholarly knowledge on CIS practices across disciplines. Synthesizing the pertinent literature through a structured literature review, we investigated the incentives and challenges that influence organizations around adopting CIS practices. We used the overarching TOE framework to categorize these factors and propose a theoretical framework to establish common ground for future studies. We also developed a holistic and inclusive definition for cybersecurity intelligence that we present in the paper. We found 46 papers on CIS in different disciplines and analyzed them to answer our research questions. We identified 35 factors that we classified according to the TOE framework. With this paper, we facilitate further theory development by overviewing theories that researchers can use as a basis for CIS studies, suggesting future directions, providing a reference source, and developing a reference CIS framework for IS scholars