Measuring Psychosocial and Behavioural Factors Improves Attack Potential Estimates

Cyber risk assessment standards and methodologies do not consider psychological, social and behavioural parameters in their classifications of the attackers' types, profiles, and competencies. In this paper, we present a holistic, multidimensional approach to examine the likelihood for an attackers' behaviour to occur by considering all influential factors (e.g., technical, social, behavioural, psychological). Furthermore, the quantification of the attackers' behaviours may lead to better estimate attacks' potential

Securing small and medium ports and their supply chain services

This paper argues that small and medium sized ports (SMPs) are as important as larger ones in terms of supply chain service (SCS) management and security, as they can become the weakest links for national and European Union (EU) resilience and security. It focuses on explaining key concepts about SMPs, their characteristics (e.g., size, operational field, infrastructure), potential threats (e.g., interception of sensitive information, illegal access, terrorism) and attacks (cyber, cyber-physical), as well as basic security concepts (e.g., attack path, attack vector, risk). Three SCS attack scenarios for SMPs are described based on different types of threats, which could cause catastrophic impacts, even paralyzing an SMP propagated in its SCS. Finally, a risk management methodology for SCSs that can be used by SMPs, named CYSMET, is presented considering their capabilities, needs and constraints

A Socio-Technical Approach to Cyber Risk Assessment

Evaluating the levels of cyber-security risks within an enterprise is most important in protecting its information system, services and all its digital assets against security incidents (e.g. accidents, malicious acts, massive cyber-attacks). The existing risk assessment methodologies (e.g. eBIOS, OCTAVE, CRAMM, NIST-800) adopt a technical approach considering as attack factors only the capability, intention and target of the attacker, and not paying attention to the attacker’s psychological profile and personality traits. In this paper, a socio-technical approach is proposed in cyber risk assessment, in order to achieve more realistic risk estimates by considering the personality traits of the attackers. In particular, based upon principles from investigative psychology and behavioural science, a multi-dimensional, extended, quantifiable model for an attacker’s profile is developed, which becomes an additional factor in the cyber risk level calculation

European Cybersecurity Centres of Expertise Map - Definitions and Taxonomy

The Commission made a commitment in the Communication adopted in September to launch a pilot phase under Horizon 2020 to help bring national cybersecurity centres together into a network. In this context, the goal of this document is that of aligning the cybersecurity terminologies, definitions and domains into a coherent and comprehensive taxonomy to facilitate the categorisation of EU cybersecurity competencies.JRC.E.3-Cyber and Digital Citizens' Securit

A Proposal for a European Cybersecurity Taxonomy

The Commission made a commitment in the Communication adopted in September 2018 (COM(2018) 630 final) to launch a pilot phase under Horizon 2020 to help bring national cybersecurity centres together into a network. In this context, the goal of this document is that of aligning the cybersecurity terminologies, definitions and domains into a coherent and comprehensive taxonomy to facilitate the categorisation of EU cybersecurity competencies.JRC.E.3-Cyber and Digital Citizens' Securit

Psychosocial Approach to Cyber Threat Intelligence

Cyber attackers continuously show new levels of intention by performing more sophisticated attacks on networks and important infrastructures (e.g., hospitals). This is an urgent situation calling for a swift improvement for cyber defenders. Hence, a paradigm shift is necessary to ameliorate the effectiveness of current practices. Behavioural, social and psychological related information about the attackers is considered in this paper, important elements of the Cyber Threat Intelligence (CTI) that improve cyber defense practices. The aims of this paper are to firstly provide a review of relevant behavioural and social theories and models that can be used for better capturing the attackers’ characteristics and then to utilize them by giving insights on more realistic security measurements

Collaborative, Trusted and Privacy-Aware e/m-Services: 12th IFIP WG 6.11 Conference on e-Business, e-Services, and e-Society, I3E 2013, Athens, Greece, April 25-26, 2013

International audienceBook Front Matter of AICT 39