| 1. |
- Al Sabbagh, Bilal, 1978-
(författare)
-
Cybersecurity Incident Response : A Socio-Technical Approach
- 2019
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- This thesis examines the cybersecurity incident response problem using a socio-technical approach. The motivation of this work is the need to bridge the knowledge and practise gap that exists because of the increasing complexity of cybersecurity threats and our limited capability of applying cybersecurity controls necessary to adequately respond to these threats. Throughout this thesis, knowledge from Systems Theory, Soft Systems Methodology and Socio-Technical Systems is applied to examine and document the socio-technical properties of cybersecurity incident response process. The holistic modelling of cybersecurity incident response process developed concepts and methods tested to improve the socio-technical security controls and minimise the existing gap in security controls.The scientific enquiry of this thesis is based on pragmatism as the underpinning research philosophy. The thesis uses a design science research approach and embeds multiple research methods to develop five artefacts (concept, model, method, framework and instantiation) outlined in nine peer-reviewed publications. The instantiated artefact embraces the knowledge developed during this research to provide a prototype for a socio-technical security information and event management system (ST-SIEM) integrated with an open source SIEM tool. The artefact relevance was validated through a panel of cybersecurity experts using a Delphi method. The Delphi method indicated the artefact can improve the efficacy of handling cybersecurity incidents.
|
|
| 2. |
- Holm, Hannes
(författare)
-
A Framework and Calculation Engine for Modeling and Predicting the Cyber Security of Enterprise Architectures
- 2014
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Information Technology (IT) is a cornerstone of our modern society and essential for governments' management of public services, economic growth and national security. Consequently, it is of importance that IT systems are kept in a dependable and secure state. Unfortunately, as modern IT systems typically are composed of numerous interconnected components, including personnel and processes that use or support it (often referred to as an enterprise architecture), this is not a simple endeavor. To make matters worse, there are malicious actors who seek to exploit vulnerabilities in the enterprise architecture to conduct unauthorized activity within it. Various models have been proposed by academia and industry to identify and mitigate vulnerabilities in enterprise architectures, however, so far none has provided a sufficiently comprehensive scope.The contribution of this thesis is a modeling framework and calculation engine that can be used as support by enterprise decision makers in regard to cyber security matters, e.g., chief information security officers. In summary, the contribution can be used to model and analyze the vulnerability of enterprise architectures, and provide mitigation suggestions based on the resulting estimates. The contribution has been tested in real-world cases and has been validated on both a component level and system level; the results of these studies show that it is adequate in terms of supporting enterprise decision making.This thesis is a composite thesis of eight papers. Paper 1 describes a method and dataset that can be used to validate the contribution described in this thesis and models similar to it. Paper 2 presents what statistical distributions that are best fit for modeling the time required to compromise computer systems. Paper 3 describes estimates on the effort required to discover novel web application vulnerabilities. Paper 4 describes estimates on the possibility of circumventing web application firewalls. Paper 5 describes a study of the time required by an attacker to obtain critical vulnerabilities and exploits for compiled software. Paper 6 presents the effectiveness of seven commonly used automated network vulnerability scanners. Paper 7 describes the ability of the signature-based intrusion detection system Snort at detecting attacks that are more novel, or older than its rule set. Finally, paper 8 describes a tool that can be used to estimate the vulnerability of enterprise architectures; this tool is founded upon the results presented in papers 1-7.
|
|
| 3. |
- El-Mekawy, Mohamed Sobaih, 1977-
(författare)
-
FROM SOCIETAL TO ORGANISATIONAL CULTURE : THE IMPACT ON BUSINESS-IT ALIGNMENT
- 2012
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Business-IT alignment (BITA) has clearly become more important over the last decade. However, considerable difficulties remain when attempting to achieve a mature level of BITA. Therefore, research efforts which have resulted in a number of theoretical models have been able to help in devising and applying supportive tools for assessing different components of BITA. However, most of these efforts have either been produced in Anglo-Saxon countries or have been based on specific experiences in those countries. Consequently, they have tended to ignore a number of factors which differ in nature due to variations in cultural contexts. However, organisational culture has been given little consideration. Societal and organisational cultural aspects of BITA are particularly important because the majority of BITA models tend to focus more on the efficiency and effectiveness of BITA components rather than on trying to create ways in which how BITA can be achieved or maintained in different contexts. Therefore, the purpose of this thesis is to investigate the impact of societal and organisational culture on achieving BITA and influencing its maturity. The main result is an extended BITA model developed originally by Luftman, known as; Luftman’s Strategic Alignment Maturity Model (SAM), which is influenced by the organisational culture perspective. The research method and process advocated by Peffers et al. (2007) is used in the thesis to design the extended-SAM, consisting of six activities. The first of these activities involves identifying specific problems. This is achieved by an extensive literature survey of theories related to BITA, an explorative study of the impact of organisational culture on BITA and a classification of the general limitations of BITA. The second activity concerns the requirement for definitions of the designed artifact. The third activity is then specified in terms of designing the artifact; i.e. an extended-SAM. The design is based on constructed hypotheses of the potential impact of organisational culture elements (based on Smit et al.’s model (2008) on BITA attributes (based on SAM), and followed by an empirical study of 6 multinational organisations, for testing the hypotheses. Following that, in the fourth activity, various processes for extending SAM are demonstrated in different seminars within the IT management group at DSV, in conference papers and in different seminars of the Swedish research School of Management and Information Technology (MIT) (Forskarskolan Management och IT. In the fifth activity, the extended-SAM model is evaluated in 5 multinational organisations to test its practicality and utility. In the last activity, a journal paper (Paper III in the thesis) is presented to summarise all the processes. The communication is also carried out through pre-licentiate and the licentiate seminars. The extended-SAM shows in the result of the thesis that organisational culture is a clear factor that should be considered while assessing and studying BITA maturity. In addition, by considering organisational culture, assessing BITA is clearly shown as being more accurate and as reflecting a more detailed picture of the organisation’s BITA.
|
|
| 4. |
- Per, Närman, 1979-
(författare)
-
Enterprise Architecture for Information System Analysis : Modeling and assessing data accuracy, availability, performance and application usage
- 2012
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Decisions concerning IT systems are often made without adequate decision-support. This has led to unnecessary IT costs and failures to realize business benefits. The present thesis presents a framework for analysis of four information systems properties relevant to IT decision-making. The work is founded on enterprise architecture, a model-based IT and business management discipline. Based on the existing ArchiMate framework, a new enterprise architecture framework has been developed and implemented in a software tool. The framework supports modeling and analysis of data accuracy, service performance, service availability and application usage. To analyze data accuracy, data flows are modeled, the service availability analysis uses fault tree analysis, the performance analysis employs queuing networks and the application usage analysis combines the Technology Acceptance Model and Task-Technology Fit model. The accuracy of the framework's estimates was empirically tested. Data accuracy and service performance were evaluated in studies at the same power utility. Service availability was tested in multiple studies at banks and power utilities. Data was collected through interviews with system development or maintenance staff. The application usage model was tested in the maintenance management domain. Here, data was collected by means of a survey answered by 55 respondents from three power utilities, one manufacturing company and one nuclear power plant. The service availability studies provided estimates that were accurate within a few hours of logged yearly downtime. The data accuracy estimate was correct within a percentage point when compared to a sample of data objects. Deviations for four out of five service performance estimates were within 15 % from measured values. The application usage analysis explained a high degree of variation in application usage when applied to the maintenance management domain. During the studies of data accuracy, service performance and service availability, records were kept concerning the required modeling and analysis effort. The estimates were obtained with a total effort of about 20 man-hours per estimate. In summary the framework should be useful for IT decision-makers requiring fairly accurate, but not too expensive, estimates of the four properties.
|
|
| 5. |
- Rocha Flores, Waldo
(författare)
-
Shaping information security behaviors related to social engineering attacks
- 2016
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Today, few companies would manage to continuously stay competitive without the proper utilization of information technology (IT). This has increased companies’ dependency of IT and created new threats that need to be addressed to mitigate risks to daily business operations. A large extent of these IT-related threats includes hackers attempting to gain unauthorized access to internal computer networks by exploiting vulnerabilities in the behaviors of employees. A common way to exploit human vulnerabilities is to deceive and manipulate employees through the use of social engineering. Although researchers have attempted to understand social engineering, there is a lack of empirical research capturing multilevel factors explaining what drives employees’ existing behaviors and how these behaviors can be improved. This is addressed in this thesis.The contribution of this thesis includes (i) an instrument to measure security behaviors and its multilevel determinants, (ii) identification of multilevel variables that significantly influence employees’ intent for behavior change, (iii) identification of what behavioral governance factors that lay the foundation for behavior change, (iv) identification that national culture has a significant effect on how organizations cope with behavioral information security threats, and (v) a strategy to ensure adequate information security behaviors throughout an organization.This thesis is a composite thesis of eight papers. Paper 1 describes the instrument measuring multilevel determinants. Paper 2 and 3 describes how security knowledge is established in organizations, and the effect on employee information security awareness. In Paper 4 the root cause of employees’ intention to change their behaviors and resist social engineering is described. Paper 5 and 8 describes how the instrument to measure social engineering security behaviors was developed and validated through scenario-based surveys and phishing experiments. Paper 6 and 7 describes experiments performed to understand reason to why employees fall for social engineering. Finally, paper 2, 5 and 6 examines the moderating effect of national culture.
|
|
| 6. |
- Sommestad, Teodor
(författare)
-
A framework and theory for cyber security assessments
- 2012
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Information technology (IT) is critical and valuable to our society. An important type of IT system is Supervisor Control And Data Acquisition (SCADA) systems. These systems are used to control and monitor physical industrial processes like electrical power supply, water supply and railroad transport. Since our society is heavily dependent on these industrial processes we are also dependent on the behavior of our SCADA systems. SCADA systems have become (and continue to be) integrated with other IT systems they are thereby becoming increasingly vulnerable to cyber threats. Decision makers need to assess the security that a SCADA system’s architecture offers in order to make informed decisions concerning its appropriateness. However, data collection costs often restrict how much information that can be collected about the SCADA system’s architecture and it is difficult for a decision maker to know how important different variables are or what their value mean for the SCADA system’s security.The contribution of this thesis is a modeling framework and a theory to support cyber security vulnerability assessments. It has a particular focus on SCADA systems. The thesis is a composite of six papers. Paper A describes a template stating how probabilistic relational models can be used to connect architecture models with cyber security theory. Papers B through E contribute with theory on operational security. More precisely, they contribute with theory on: discovery of software vulnerabilities (paper B), remote arbitrary code exploits (paper C), intrusion detection (paper D) and denial-of-service attacks (paper E). Paper F describes how the contribution of paper A is combined with the contributions of papers B through E and other operationalized cyber security theory. The result is a decision support tool called the Cyber Security Modeling Language (CySeMoL). This tool produces a vulnerability assessment for a system based on an architecture model of it.
|
|
