Advances in Cybersecurity Management

Human and system behaviors, as they relate to information security, are facets that have always been hard to measure. Simply put, there are too many factors to account for when considering the knowledge, experiences, and relationships of individuals. And when these are coupled with information systems, their complexities rise to several levels of magnitude. Given the absence of empirical data, we argue for the utilization of an agent-based modeling and simulation system toward gaining an understanding of entity behavior in cyber space. In this chapter, we report the results of an ongoing research project, which utilizes agent-based models and scenarios to simulate the effect of user trust, adversary sophistication, user training, and system defenses on cybersecurity. These independent simulations utilize software agents that assume certain predefined attributes to emulate their physical counterparts on an environment that represents the cyber space.

Remote health monitoring can benefit a large number of stake holders in healthcare industry, and it has the potential to make healthcare facilities available to a large number of masses at a reduced cost. Wireless Body Area networks (WBAN) comprising of sensors, capable of capturing and transferring physiological parameters of patients, provide an efficient and cost-effective solution for remote health monitoring. Data security is one among the major concerns preventing the widespread adoption of this technology by patients and healthcare sector. This chapter on remote health monitoring, presents a biometric-based authentication protocol. The work also proposes a multiparty mutual authentication protocol for authenticating the entities, such as users, sensors, personal devices, and medical gateway, participating in a WBAN. In the proposed protocol, a verifier table is not required to store the password of users. Formal security analysis and verification of the discussed protocols are performed using Scyther tool, and the results reveal that the protocols are resistant to privileged-administrator resilience attack, man-in-the-middle attack, replay attack, and impersonation attack.

During the COVID-19 pandemic, fake news has increased considerably. Although fake news is a social problem that has existed for a long time, in the COVID-19 context, it has put people’s lives at risk. Nowadays, a massive amount of information is available, and organizations attempt to send official statements to citizens. However, some factors can support people’s decision to accept an idea as real even though it will be risky. This study is exploratory and descriptive research that aims to establish the human factors that make the standard user susceptible to cyber-attacks in times of pandemic. A literature review of cybersecurity attacks and conflict scenarios registered during the COVID-19 pandemic was first applied during the investigation. After coding them, the Diamond Model was applied, representing the analysis of cybersecurity intrusions, which emphasizes the relationships and features of the four main elements of an intrusion: adversary, infrastructure, capacity, and victim. With this input, several innovative strategies are proposed to minimize attacks by advanced threat actors and their impact on users. These strategies are useful for governments to improve communication with citizens and develop critical thinking on citizens to face fake news.

The emergence of connected and autonomous vehicles at an unprecedented pace ushered several state-sponsored initiatives to start planning and building a transportation information network that utilizes intelligent sensors and sophisticated communication systems. Peripheral sensors that are used to assist the human operator in lane changing, obstacle avoidance, and parking are slowly being integrated in modern automotive vehicles. Although this newly found convenience is a boon to the society, both socially and economically, it presents security challenges that are endemic to connected technologies. These challenges underscore the need to look closely at the state of automotive vehicle network security. Consequently, security metrics must be developed in order to measure the state of vehicle network security. As a major component of continuous improvement, quantitative and qualitative measures must be devised to be able to make a full appreciation of the process. This chapter describes vehicle network security metrics and derives sample attack calculations to illustrate their applicability.

Visualization of cyberattacks is gaining popularity as an intuitive technique to present attack data, without overwhelming the average user. However, a security analyst needs to be presented with advanced features, allowing the correlation of the collected data in order to yield interesting findings about the attack methodology itself and utilize the newly acquired knowledge to improve the security processes of an administrative domain. Meaningful cyber security situational awareness leverages security management as it provides the global security state of the administrative domain that allows for informed decision-making on security matters. This chapter presents VizAttack, an extensible, open-source visualization framework for data generated by various security technologies. Not only it integrates and visualizes data from heterogeneous security data sources in a single framework, but it also reconstructs the steps followed during an attack execution. Furthermore, VizAttack supports on-demand queries that are constructed on the fly during the investigation of these attack profiles.

Large industries usually imply geographically dispersed supply chains composed of facilities localized in diverse regions. These facilities commonly involve operational technology (OT) (i.e., industrial control systems—ICS) and information technology (IT) infrastructures, which require integration to enable information processing. Such integration, achieved through cyber-physical systems, and leveraged by the Industry 4.0 emergence, may transform the industry and facilitate the transformation of vast data volumes into valuable information. Security risks posed by dispersed cyber-physical systems may be substantial, and dealing with cybersecurity issues in such context could be very expensive. This study reviews directives regarding cybersecurity risks in companies with dispersed supply chains and also applicable international cybersecurity standards and regulations to derive a strategy to manage cybersecurity in integrated industrial networks. The strategy proposes centralized services, optimized perimeter segregation, and data flow policies among OT and IT networks to balance the trade-off between a high level of protection with cost-effectiveness.

Blockchain is a disruptive technology that impacted businesses, industries, and economies. Blockchain’s success is mainly due to its multi-role technology that can be applied to a wide variety of fields, such as in data storage services, financial services, and security services. In the security domain, it poses new challenges that should be faced by cybersecurity managers and exposes new attack footprints that must be addressed to maintain a secure computer network. On the other side, blockchain offers a breakthrough that solves many cybersecurity issues that were open for years. In this chapter, we introduce blockchain’s impact on each of the cybersecurity domains and recommend directions to be followed by cybersecurity managers.

Many organizations continue to struggle with the implementation of cybersecurity risk assessment and management programs. Navigating the evolving cybersecurity landscape and trends in technology commercialization require an understanding of the relational organizational context within which cybersecurity risks are rooted. While several existing cybersecurity risk management frameworks discuss the importance of identifying a context for cyber risks, they do not provide much guidance on “how” that should be done. Leaning on systems theory, this chapter advances the notion that a business and IT alignment approach can be leveraged to inform and drive subsequent cybersecurity risk management and assessment efforts. We outline a holistic roadmap through the incorporation of multiple interconnected dimensions as the underpinning of cybersecurity risk identification and mitigation. We introduce a novel framework that identifies practical organizational drivers and priorities to improve cyber resiliency within the organizational perspective.

Biometrics are unique human characteristics, such as an individual’s face, fingerprints, and voice, that can be used for identification and authentication. Today, companies are turning to biometrics to mitigate security risks. The goal of this chapter is to help security managers to better understand the role of biometrics in enterprise security and the challenges and opportunities of deploying biometric enterprise solutions. Specifically, we provide a brief introduction to risk analysis and the basics of biometric technologies, discuss the challenges and opportunities of using biometrics for enterprise security, and conclude with a case study of how biometrics can be used to address security risks during the COVID-19 era.

Cybersecurity management involves securing data, privileges, and integrity while being accessed over the Internet. Web application vulnerability is taking newer forms in terms of attacking methods. The most common and simple attack that is more vulnerable in the category of web application attacks is the SQL (Structured Query Language) injection attack. The background and various types of SQL injection attacks are given with a focus on mitigation strategies.

Security frameworks are used to determine the approach to managing a network that may be under attack. The DREAD model from Microsoft, for example, promotes a strategy that is defined according to the impact of the attack on Damage, Reproducibility, Exploitability, Affected users, and Discoverability (DREAD). Each DREAD metric is scored, and the subsequent priorities are used to influence a reaction to the attack. In the event that an identified attack is being carried out by a security auditor, otherwise known as a white hat hacker whose intention is not malicious, the attack may not contribute significant Damage when considered according to DREAD yet may be consuming resources and causing challenges for the network service provider in terms of their ability to fulfil all customer service-level agreements (SLAs). This is therefore an operational event that needs to be responded to when managing the network load yet not necessarily from a cybersecurity perspective—it could, however, be managed from perspective of either performance or security. As an element of a Fault, Configuration, Accounting, Performance and Security (FCAPS) management approach, a response to such an event may involve reacting to a potential performance compromise occurring for security reasons. The network operator or service provider does not need to know the reason why the network is heavily loaded and only needs to ensure sufficient resources to fulfil all SLAs. However, it is recognised that there is an opportunity to pre-emptively identify that the network may become loaded in portions due to the tendencies of people operating within the network, specifically from a cybersecurity perspective and in relation to their intentions. This is in recognition of the fact that people who attack networks have a propensity towards commonalities in their personal characteristics and that these factors can be the drivers behind their attacking of a network. In addition to categorising attackers according to their intention (i.e., black hat and malicious, grey hat and not malicious but may violate laws, or white hat and friendly), a further degree of categorisation is proposed in terms of those who: (1) have some personal pressure which is influencing their desire to carry out malevolent actions online, (2) are naturally highly intelligent and inquisitive, and (3) those who are mentally ill. In this chapter, an approach is proposed to manage the network by profiling the characteristics of users residing across it according to their propensity to carry out a cyber-attack. Furthermore, it is suggested to use this information to pre-empt their activity such that the SLAs for all customers will continue to be achieved throughout the SLA lifetime. This process will be facilitated through the way in which the SLAs are defined and the information collected during the service setup procedure.

A developer must have a knowledge of secure coding to make an application secure. A secure coding knowledge is based on the integration of various techniques about exploitation and prevention of common malicious inputs to vulnerabilities of an application. The purpose of this chapter is to review recent techniques and security tools about exploitation and prevention of common malicious inputs to online apps implemented by PHP script for a developer to improve the security of web pages. This chapter supports vulnerabilities management for securing online apps.

This chapter examines the importance of information technology risk management and summarizes the prominent risk management frameworks used to mitigate risks in information technology systems. It explores the risk management life cycle, starting from the threat identification to the quantitative and qualitative risk analysis and moving toward the risk mitigation strategies. With the soaring security incidents and financial damage associated with them, it has become a prerequisite to identify unforeseen threats along with known vulnerabilities to create preventive and corrective risk response controls. Moreover, assessing the risks to the most accurate value is essential to prioritize high-severity risks over low-severity risks. This chapter also outlines the emerging trends in information technology risk management that seek the attention of the risk management team to incorporate cognitive technology and behavioral sciences in the risk management process.

Effective cybersecurity risk management hinges on a strategic blend of people, processes, and technology working together to recognize and prevent attacks; mitigate and minimize negative impacts should attacks succeed; and resume operations after recovery. Ideally, risk management involves processes that engage the entire organization continually and holistically—not just episodic reactions by a few key personnel in times of crisis. The translation of lessons learned into implemented and validated improvements may be a missing or underutilized best practice. This chapter explores ways gaming can be used as a complement to authoritative standards and frameworks to optimize an organization’s cybersecurity posture and preparedness. A variety of gamified approaches are described and presented as useful tools with differentiating value at multiple stages in an ongoing cybersecurity risk management cycle. State-of-the-practice exemplars and successes are cited as are approaches to adapting games to both assess and improve an organization’s cybersecurity posture. The chapter concludes with some speculations about how games focused on cybersecurity can be expected to evolve and gain greater traction for risk management in light of emergent technologies and increasingly complex threat and defense landscapes.

Social media networks have grown rapidly as a key platform for communicating and sharing information. Millions of users are actively accessing its features and making connections. Normally, the only point of analyzing user authentication is for scrutinizing online details and posted information; however, this is sometimes morphed by cyber criminals to support fraudulent activities. Cybercrimes in online platforms also are moving toward fraud by continuously monitoring for open profiles, making friends, offering opportunities, and asking for favors. Examples include cash deposits, lotteries, click baiting, fake job offers, fraudulent fundraising, post re-sharing, card details sharing, and software downloads. Vulnerable nodes must be located to identify criminals’ details and account information. Social network analysis (SNA) finds such links using concepts from network and graph theory. SNA is well suited for the identification of friends involved in cyber fraud, epidemic transmission analysis, radicalization posts, and similar crimes. SNA-based approaches are presented that many be useful for managing efforts aimed at identifying suspicious and criminal activities in social media platforms.

The explosive growth of internet users and connected devices increased the threat vector surface. However, there is no single website or a search engine that provides information on vulnerabilities, threats, attacks, controls, etc. Ambiguity, bias and lack of credibility are some of the alarming issues while dealing with generic search engines on sensitive topics such as ‘Health’ and ‘Information Security’. A dedicated information security specific search engine benefits various stakeholders including security professionals, researchers, government, regulators and others. We implemented a fine grained approach that identifies sub-domains of information security, extracts related URLs and content and assesses search results credibility to enhance adoption of information security specific search engine.

To identify sub-domains and extract seed and child URLs, a fine grained approach that extends an efficient Artificial Bee Colony algorithm was implemented. About 34,007 seed URLs and 400,726 child URLs of various sub-domains of the information security were extracted. The results of the proposed approach identified more URLs (seed and child) of sub-domains as compared to existing approaches while consuming less computing resources.

The research literature on web page ranking and credibility identified a need for fine grained assessment of search results based on surface, content and off-page features. Furthermore, the fine grained web page features were classified into genres using a Gradient Boosted Decision Tree algorithm with an accuracy of 88.75%. Based on features and genres, a FACT score was formulated to rank the web pages based on credibility. An open-source WEBCred framework was developed to calculate the FACT score of 10,429 URLs in information security domain. The results compared against Web of Trust score and Alexa ranking are promising.

A Security Information and Extraction eNgine (SIREN) was developed and hosted to demonstrate the proposed approaches. The SIREN is expected to be integrated into Indian Banks’ Centre for Analysis of Risks and Threats platform so that banks can use it for threat intelligence.

Risk analysis and management are of fundamental importance in cybersecurity. The core elements of risk are threat, vulnerability, and impact. Risk management has a basis in cybersecurity technical policies, procedures, and practices. Dimensions of risk are also at higher levels, with major interconnections in issues of international relations and trade, safety, economic vitality, health, and human life. The work of this paper is focused on risk and closely related concepts. Details and analyses that pertain to security of cyber-physical systems and the role of intrusion detection and machine learning methodologies are included.

The cultural and technological impacts of the COVID-19 pandemic will be long lasting, and one of the major impacts has been the increased uptake in cloud usage. Even if organizations have not been able to make the move to cloud so far, it is part of the near-term business goals for many. In the social context, the cloud has a significant effect on human interactions; we are also saving more and more of our personal (and confidential) data on the cloud. During the first global lockdown in March 2020, the uptake in social media increased dramatically. It is predicted that the ‘new normal’ will involve a continued use of social media sites such as Facebook and Instagram as well as conferencing tools such as Zoom and Microsoft Teams. In fact, the cloud is seen to be more crucial to everyday life now more than ever before. While good from a revenue-generating perspective for cloud operators and service providers, this is a challenging situation to manage. The post-COVID-19 cloud represents a nexus of critical drivers including cyber-security, reliability, efficiency and cost that could transform the way the cloud and its associated technologies operate. In this chapter, we therefore examine the inter-relationships between these qualities, giving specific attention to the achievement of privacy and security. A proposal is made to extend the original CIA triad, which defines the priorities that should be given when integrating security into an organization, with a focus on the achievement of confidentiality, integrity and availability; with the achievement of these, we argue that there is an overall focus on reliability. The proposed extension, which forms eCIA, advocates that network reliability be achieved in parallel with efficiency. When considered together, in a planned approach that is not applied as a bolt-on reaction to a breach, there is a careful balance to reach in the parallel achievement of all objectives. In this chapter, we consider potential ways in which the competing goals may be facilitated simultaneously.

People around the world stay in contact with their families, friends, and colleagues by exchanging text and multimedia data online. This would not be possible without digital identities, which in turn necessitates Identity and Access Management (I&AM). Each natural person, legal entity, and device can have several digital identities with different associated information, such as the credentials used for authentication. During the past 15 years, Federated Identity Management (FIM) has gained traction as it enables the use of one organization’s identities to access other organizations’ services, e.g. in business-to-business cooperation. It turned out to be a double-edged sword, as it improves the user experience and reduces the attack vector of password reuse on the one hand, but it comes with data quality issues and a larger impact of compromised accounts on the other hand. More recently, the privacy-by-design approach of user-centric identity management, which puts each user in full control over its digital identity data, finds a new home in Self-Sovereign Identity (SSI) management based on distributed ledger technology, also known as blockchain. This chapter gives an insight into the exciting world of digital human identities, time-tested as well as recent approaches to their professional management from a security perspective, and discusses closely related governance and compliance topics such as data protection and levels of assurance.

The main function of a security analyst is to protect and make the best decisions for preserving the integrity of computer systems within an organization. Typically, to provide a quick response, analysts usually depend on their good judgement, which should lead them to execute manual processes in a limited time. By dealing with too much information, responses should be executed efficiently and, sometimes, by properly prioritizing threats by criticality. Several approaches to guide analysts identifying attacks and possible solutions have been made. In this research, we propose a recommendation system prototype based on collaborative filtering, generating ratings of the worst cases with the best available recommendations based on expert judgements. The originality of our approach lies on how we build the knowledge base at the heart of the system. It was assembled from the information that some organizations have published on the Internet. As the recommendations proposed by the prototype are rated by analysts as they use the system, the recommendations provided are improved over time. This would allow to reduce problems linked with cold start and will allow to incorporate updated information. During tests, our prototype gets general positive reviews of chosen experts who judged it as a mechanism to reduce both subjectivity and response time.

This chapter examines the importance of security operations in cybersecurity and elaborates five prominent actions performed by a security operations team. It explores the generation of security operations over four decades, starting from malicious code injections to sophisticated destruction of service. With the paramount data being generated from every corner of an organization by using data capturing utilities and tools, it is essential to analyze not only the data but also the user behavior to successfully model threats, identify vulnerabilities, protect assets, report incidents, and manage risks. Even the best tools available now face the challenges of integrating such a huge amount of data and correlating it to segregate useful information to reduce false positives. This chapter also outlines the emerging technologies and tools needed to address challenges.