An Integrated Approach in Risk Management Process for Identifying Information Security Threats using Medical Research Design

In this paper, we attempt to introduce a new method for performing risk analysis studies by effectively adopting and adapting medical research design namely a prospective cohort study based survival analysis approach into risk management process framework. Under survival analysis approach, a method which is known as Cox Proportional Hazards (PH) Model will be applied in order to identify potential information security threats. The risk management process in this research will be based on Australian/New Zealand Standard for Risk Management (AS/NZS ISO 31000:2009). AS/NZS ISO 31000:2009 provides a sequencing of the core part of the risk management process namely establishing the context, risk identification, risk analysis, risk evaluation and risk treatment. Moreover, it seems that the integration of risk management process with medical approach indeed brings very useful new insights. Thus, the contribution of the paper will be introducing a new method for performing a risk analysis studies in information security domain

Perception on Cyber Terrorism: A Focus Group Discussion Approach

Focus group discussion is an exploratory research technique used to collect data through group interaction. This tech-nique provides the opportunity to observe interaction among participants on a topic under this study. This paper con-tributes to an understanding on the cyber terrorism conceptual framework through the analysis of focus group discus-sion. The proposed cyber terrorism conceptual framework which was obtained during the qualitative study by the au-thors has been used as a basis for discussion in the focus group discussion. Thirty (30) participants took part in the focus group discussion. The overall results suggest that the proposed cyber terrorism framework is acceptable by the partici-pants. The present study supports our initial research that the cyber terrorism conceptual framework constitutes the fol-lowing components: target, motivation, tools of attack, domain, methods of attack and impac

A Dynamic Cyber Terrorism Framework

Abstract—Many nations all over the world have increased their dependency on cyberspace by maximizing the use of Information and Communication Technology (ICT). In this digital age, the concept of cyber terrorism or the use of cyberspace to carry out terrorist activities has emerged. Interestingly, there are many concepts of cyber terrorism provided by researchers, policy makers and individuals. This paper proposes a framework describing the core components of cyber terrorism. The authors have analyzed the data by using a grounded theory approach, in which the framework is drawn. The framework defines cyber terrorism from six perspectives: Target, motivation, method of attack, domain, action by perpetrator, and impact. In addition, the proposed framework provides a dynamic way in defining cyber terrorism as well as describing its influential considerations. Continued research in this area can be further conducted, which may lead to the development of strategic and technological framework to counter cyber terrorism

The Application of Mixed Method in Developing a Cyber Terrorism Framework

Mixed method research has becoming an increasingly popular approach in the discipline of sociology, psychology, education, health science and social science. The purpose of this paper is to describe the application of mixed method in developing a cyber terrorism framework. This project has two primary goals: firstly is to discover the theory and then develop a conceptual framework that describes the phenomena, and secondly is to verify the conceptual framework that describes the phenomena. In order to achieve conclusive findings of the study, a mixed method research is recommended: qualitative data and quantitative data are collected and analyzed respectively in a separate phase. The mixed method approach improves the rigor and explanation of the research results, thus bring conclusive findings to the study outcome. By utilizing qualitative and quantitative techniques within the same study, we are able to incorporate the strength of both methodologies and fit together the insights into a workable solution

A Security Analysis of IoT Encryption: Side-channel Cube Attack on Simeck32/64

Simeck, a lightweight block cipher has been proposed to be one of the encryption that can be employed in the Internet of Things (IoT) applications. Therefore, this paper presents the security of the Simeck32/64 block cipher against side-channel cube attack. We exhibit our attack against Simeck32/64 using the Hamming weight leakage assumption to extract linearly independent equations in key bits. We have been able to find 32 linearly independent equations in 32 key variables by only considering the second bit from the LSB of the Hamming weight leakage of the internal state on the fourth round of the cipher. This enables our attack to improve previous attacks on Simeck32/64 within side-channel attack model with better time and data complexity of 2^35 and 2^11.29 respectively.Comment: 12 pages, 6 figures, 4 tables, International Journal of Computer Networks & Communication

Resilience and survivability in MANET: Discipline, issue and challenge

The wireless technology has become essential part in modern life, and thus the consequences of network disruption is becoming severe.It is widely known that wireless network is not sufficiently resilience, survive and dependable and significant research and development is necessary to improve the situation. This paper provide a survey of vast disciplines in MANET, a resilience strategy is also presented on how to defend, detect and countermeasures malicious node. Current issues and challenges to achieve resilience and survivability is also presented for future direction

Development of Cybersecurity Competency and Professional Talent for Cyber Ummah

The world is facing with threats in digital transformation. Cyber threats become trending as reported by my countries. Developed countries like Britain, America, Europe and Japan already prepared countermeasures for various incidents on computer threats since Internet was introduced. They formulated and developed a successful model to produce computer security expert and highly skilled talent at various level diploma, bachelor and professional. University and College established academic program in computer and internet security at bachelor and postgraduate level. Industries at those countries introduced certification program in computer and internet security. Throughout our studies, limited initiatives related to talent development in combating computer security issues including cyber threats. Previous studies showed development of cybersecurity talent in Muslim countries is critical. Malaysia needs 20000 cybersecurity professional in 2025 and only achieved 2500 at present. This study presents our experience in developing cybersecurity competencies and professional talent for OIC-Country. We collaborated virtually with OIC-CERT (OIC Centre for Emergency and Response Team) in knowledge exchange, proposed appropriate competency model and participate in professional certification development. We presented the eight years active involvement with OIC-CERT activities.  All initiatives established by OIC-CERT has produced outstanding impact to OIC Countries. One of the impactful initiatives known GlobalAce, it getting serious attention by many muslim countries. We also get benefit of other programs such as  training for risks analysis, incident management and policy development. Our students be able to participate with Virtual Lecture on Combating Insider Threats, Cyber Threats Drill, and Security Audit. OIC-CERT also introduce the first Industry Journal in Cybersecurity known as OIC-CERT Journal of Cybersecurity.   

Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard

Technical security metrics provide measurements in ensuring the effectiveness of technical security controls or technology devices/objects that are used in protecting the information systems. However, lack of understanding and method to develop the technical security metrics may lead to unachievable security control objectives and inefficient implementation. This paper proposes a model of technical security metrics to measure the effectiveness of network security management. The measurement is based on the security performance for (1) network security controls such as firewall, Intrusion Detection Prevention System (IDPS), switch, wireless access point and network architecture; and (2) network services such as Hypertext Transfer Protocol Secure (HTTPS) and virtual private network (VPN). The methodology used is Plan-Do-Check-Act process model. The proposed technical security metrics provide guidance for organizations in complying with requirements of ISO/IEC 27001 Information Security Management System (ISMS) standard. The proposed model should also be able to provide a comprehensive measurement and guide to use ISO/IEC 27004 ISMS Measurement standard