| 1. |
- Bendler, Daniel, et al.
(författare)
-
Competency Models for Information Security and Cybersecurity Professionals : Analysis of Existing Work and a New Model
- 2023
-
Ingår i: ACM Transactions on Computing Education. - : Association for Computing Machinery (ACM). - 1946-6226. ; 23:2
-
Tidskriftsartikel (refereegranskat)abstract
- Competency models are widely adopted frameworks that are used to improve human resource functions and education. However, the characteristics of competency models related to the information security and cybersecurity domains are not well understood. To bridge this gap, this study investigates the current state of competency models related to the security domain through qualitative content analysis. Additionally, based on the competency model analysis, an evidence-based competency model is proposed. Examining the content of 27 models, we found that the models can benefit target groups in many different ways, ranging from policymaking to performance management. Owing to their many uses, competency models can arguably help to narrow the skills gap from which the profession is suffering. Nonetheless, the models have their shortcomings. First, the models do not cover all of the topics specified by the Cybersecurity Body of Knowledge ( i.e., no model is complete). Second, by omitting social, personal, and methodological competencies, many models reduce the competency profile of a security expert to professional competencies. Addressing the limitations of previous work, the proposed competency model provides a holistic view of the competencies required by security professionals for job achievement and can potentially benefit both the education system and the labor market. To conclude, the implications of the competency model analysis and use cases of the proposed model are discussed.
|
|
| 2. |
- Sauerwein, Clemens, et al.
(författare)
-
An Analysis and Classification of Public Information Security Data Sources used in Research and Practice
- 2019
-
Ingår i: Computers & security (Print). - : Elsevier. - 0167-4048 .- 1872-6208. ; 82, s. 140-155
-
Tidskriftsartikel (refereegranskat)abstract
- In order to counteract today’s sophisticated and increasing number of cyber threats the timely acquisition of information regarding vulnerabilities, attacks, threats, countermeasures and risks is crucial. Therefore, employees tasked with information security risk management processes rely on a variety of information security data sources, ranging from inter-organizational threat intelligence sharing platforms to public information security data sources, such as mailing lists or expert blogs. However, research and practice lack a comprehensive overview about these public information security data sources, their characteristics and dependencies. Moreover, comprehensive knowledge about these sources would be beneficial to systematically use and integrate them to information security processes. In this paper, a triangulation study is conducted to identify and analyze public information security data sources. Furthermore, a taxonomy is introduced to classify and compare these data sources based on the following six dimensions: (1) Type of information, (2) Integrability, (3) Timeliness, (4) Originality, (5) Type of Source,and (6) Trustworthiness. In total, 68 public information security data sources were identified and classified. The investigations showed that research and practice rely on a large variety of heterogeneous information security data sources, which makes it more difficult to integrate and use them for information security and risk management processes.
|
|
| 3. |
- Bigdan, Andrii, et al.
(författare)
-
Detection of Cybersecurity Events Based on Entropy Analysis
- 2022
-
Ingår i: CEUR Workshop Proceedings. - : Technical University of Aachen.
-
Konferensbidrag (refereegranskat)abstract
- As a rule, modern approaches to protecting against cyberattacks do not guarantee the impossibility of compromising applications and operating systems. Therefore, detection and identification of vulnerabilities, and actions to avoid or mitigate their impact on businesses and cybersecurity processes are critical for the operation of information systems and the information security management system. To identify a possible attack vector, as a rule, the following methods could be applied: either those that allow detecting abuses or that allow detecting anomalies. This paper investigates the possibility of identifying the alleged attack vector based on the entropy analysis of cybersecurity events. The research results presented in the paper allow us to determine the required width of the sliding window and confirm that such entropy analysis detects exceeding security thresholds and anomalies in the operation of operating systems and applications and, accordingly, probable attack vectors. © 2022 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
|
|
| 4. |
- Ahmadi Mehri, Vida
(författare)
-
Towards Automated Context-aware Vulnerability Risk Management
- 2023
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The information security landscape continually evolves with increasing publicly known vulnerabilities (e.g., 25064 new vulnerabilities in 2022). Vulnerabilities play a prominent role in all types of security related attacks, including ransomware and data breaches. Vulnerability Risk Management (VRM) is an essential cyber defense mechanism to eliminate or reduce attack surfaces in information technology. VRM is a continuous procedure of identification, classification, evaluation, and remediation of vulnerabilities. The traditional VRM procedure is time-consuming as classification, evaluation, and remediation require skills and knowledge of specific computer systems, software, network, and security policies. Activities requiring human input slow down the VRM process, increasing the risk of exploiting a vulnerability.The thesis introduces the Automated Context-aware Vulnerability Risk Management (ACVRM) methodology to improve VRM procedures by automating the entire VRM cycle and reducing the procedure time and experts' intervention. ACVRM focuses on the challenging stages (i.e., classification, evaluation, and remediation) of VRM to support security experts in promptly prioritizing and patching the vulnerabilities. ACVRM concept is designed and implemented in a test environment for proof of concept. The efficiency of patch prioritization by ACVRM compared against a commercial vulnerability management tool (i.e., Rudder). ACVRM prioritized the vulnerability based on the patch score (i.e., the numeric representation of the vulnerability characteristic and the risk), the historical data, and dependencies. The experiments indicate that ACVRM could rank the vulnerabilities in the organization's context by weighting the criteria used in patch score calculation. The automated patch deployment is implemented with three use cases to investigate the impact of learning from historical events and dependencies on the success rate of the patch and human intervention. Our finding shows that ACVRM reduced the need for human actions, increased the ratio of successfully patched vulnerabilities, and decreased the cycle time of VRM process.
|
|
| 5. |
- Boldt, Martin, et al.
(författare)
-
Analysis and text classification of privacy policies from rogue and top-100 fortune global companies
- 2019
-
Ingår i: International Journal of Information Security and Privacy. - : IGI Global. - 1930-1650 .- 1930-1669. ; 13:2, s. 47-66
-
Tidskriftsartikel (refereegranskat)abstract
- In the present article, the authors investigate to what extent supervised binary classification can be used to distinguish between legitimate and rogue privacy policies posted on web pages. 15 classification algorithms are evaluated using a data set that consists of 100 privacy policies from legitimate websites (belonging to companies that top the Fortune Global 500 list) as well as 67 policies from rogue websites. A manual analysis of all policy content was performed and clear statistical differences in terms of both length and adherence to seven general privacy principles are found. Privacy policies from legitimate companies have a 98% adherence to the seven privacy principles, which is significantly higher than the 45% associated with rogue companies. Out of the 15 evaluated classification algorithms, Naïve Bayes Multinomial is the most suitable candidate to solve the problem at hand. Its models show the best performance, with an AUC measure of 0.90 (0.08), which outperforms most of the other candidates in the statistical tests used. Copyright © 2019, IGI Global.
|
|
| 6. |
- Boldt, Martin, et al.
(författare)
-
Exploring Spyware Effects
- 2007
-
Ingår i: Spyware. - Hyderabad : ICFAI University Press. - 9788131407264 ; , s. 39-58
-
Bokkapitel (övrigt vetenskapligt/konstnärligt)
|
|
| 7. |
- Boldt, Martin, et al.
(författare)
-
Preventing Privacy-Invasive Software using Online Reputations
- 2008
-
Konferensbidrag (refereegranskat)abstract
- Privacy-invasive software, loosely labeled spyware, is an increasingly common problem for today’s computer users, one to which there is no absolute cure. Most of the privacy-invasive software are positioned in a legal gray zone, as the user accepts the malicious behaviour when agreeing to the End User License Agreement. This paper proposes the use of a specialized reputation system to gather and share information regarding software behaviour between community users. A client application helps guide the user at the point of executing software on the local computer, displaying other users’ feedback about the expected behaviour of the software. We discuss important aspects to consider when constructing such a system, and propose possible solutions. Based on the observations made, we implemented a client/server based proof-of-concept tool, which allowed us to demonstrate how such a system would work. We also compare this solution to other, more conventional, protection methods such as anti-virus and anti-spyware software.
|
|
| 8. |
- Boldt, Martin
(författare)
-
Privacy-Invasive Software : Exploring Effects and Countermeasures
- 2007
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- As computers are increasingly more integrated into our daily lives, we need aiding mechanisms for separating legitimate software from their unwanted counterparts. We use the term Privacy-Invasive Software (PIS) to refer to such illegitimate software, sometimes loosely labelled as spyware. In this thesis, we include an introduction to PIS, and how it differs from both legitimate and traditionally malicious software. We also present empirical measurements indicating the effects that PIS have on infected computers and networks. An important contribution of this work is a classification of PIS in which we target both the level of user consent, as well as the degree of user consequences associated with PIS. These consequences, affecting both users and their computers, form a global problem that deteriorates a vast number of users’ computer experiences today. As a way to hinder, or at least mitigate, this development we argue for more user-oriented countermeasures that focus on informing users about the behaviour and consequences associated with using a particular software. In addition to current reactive countermeasures, we also need preventive tools dealing with the threat of PIS before it enters users’ computers. Collaborative reputation systems present an interesting way forward towards such preventive and user-oriented countermeasures against PIS. Moving the software reputations from old channels (such as computer magazines or friends’ recommendations) into an instantly fast reputation system would be beneficial for the users when distinguishing unwanted software from legitimate. It is important that such a reputation system is designed to address antagonistic intentions from both individual users and groups thereof, so that users could depend on the reputations. This would allow users to reach more informed decisions by taking the reported consequences into account when deciding whether they want a specific software to enter their computer or not.
|
|
| 9. |
- Nawaz, Omer, et al.
(författare)
-
Secure Mobile Social Networks using USIM in a Closed Environment
- 2012. - 13
-
Ingår i: 7th International Conference for Internet Technology and Secured Transactions. - London : IEEE. - 9781908320087 ; , s. 439-446
-
Konferensbidrag (refereegranskat)abstract
- Online social networking and corresponding mobile based applications are gaining popularity and now considered a well-integrated service within mobile devices. Basic security mechanisms normally based on passwords for the authentication of social-network users are widely deployed and poses a threat for the user security. In particular, for dedicated social groups with high confidentiality and privacy demands, stronger and user friendly principles for the authentication and identification of group members are needed. On the other hand, most of the mobile units already provide strong authentication procedures through the USIM/ISIM module. This paper explores how to build an architectural framework for secure enrollment and identification of group members in dedicated closed social groups using the USIM/SIM authentication and in particular, the 3GPP Generic Authentication Architecture (GAA), which is built upon the USIM/SIM capabilities. One part of the research is to identify the marketable use-cases with corresponding security challenges to fulfill the requirements that extend beyond the online connectivity. This paper proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have also implemented an initial proof of the concept prototype to simulate the secure identification procedure based on the proposed design. Our implementation has demonstrated the flexibility of the solution to be applied independently for applications requiring secure identification.
|
|
| 10. |
- Ding, Jianguo, et al.
(författare)
-
CPS-based Threat Modeling for Critical Infrastructure Protection
- 2017
-
Ingår i: Performance Evaluation Review. - : ACM Publications. - 0163-5999 .- 1557-9484. ; 45:2, s. 129-132
-
Tidskriftsartikel (refereegranskat)abstract
- Cyber-Physical Systems (CPSs) are augmenting traditionalCritical Infrastructures (CIs) with data-rich operations. Thisintegration creates complex interdependencies that exposeCIs and their components to new threats. A systematicapproach to threat modeling is necessary to assess CIs’ vulnerabilityto cyber, physical, or social attacks. We suggest anew threat modeling approach to systematically synthesizeknowledge about the safety management of complex CIs andsituational awareness that helps understanding the nature ofa threat and its potential cascading-effects implications.
|
|
