The Experts below are selected from a list of 360 Experts worldwide ranked by ideXlab platform
Richard L Baskerville - One of the best experts on this subject based on the ideXlab platform.
-
how can organizations develop situation awareness for incident response a case study of management practice
Computers & Security, 2021Co-Authors: Atif Ahmad, Sean B Maynard, Kevin C Desouza, James Kotsias, Monica T Whitty, Richard L BaskervilleAbstract:Abstract Organized, sophisticated and persistent cyber-Threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-Threat Landscape and the broad business context in incident response.
-
Cybersecurity Incident Response in Organizations: An Exploratory Case Study and Process Model of Situation Awareness
Computers & Security, 1Co-Authors: Atif Ahmad, Sean B Maynard, Kevin C Desouza, James Kotsias, Monica T Whitty, Richard L BaskervilleAbstract:Abstract Organized, sophisticated and persistent cyber-Threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-Threat Landscape and the broad business context in incident response.
Kimkwang Raymond Choo - One of the best experts on this subject based on the ideXlab platform.
-
comprehending the iot cyber Threat Landscape a data dimensionality reduction technique to infer and characterize internet scale iot probing campaigns
Digital Investigation, 2019Co-Authors: Morteza Safaei Pour, Elias Bouharb, Kavita Varma, Nataliia Neshenko, Dimitris A Pados, Kimkwang Raymond ChooAbstract:Abstract The resource-constrained and heterogeneous nature of Internet-of-Things (IoT) devices coupled with the placement of such devices in publicly accessible venues complicate efforts to secure these devices and the networks they are connected to. The Internet-wide deployment of IoT devices also makes it challenging to operate security solutions at strategic locations within the network or to identify orchestrated activities from seemingly independent malicious events from such devices. Therefore, in this paper, we initially seek to determine the magnitude of IoT exploitations by examining more than 1 TB of passive measurement data collected from a/8 network telescope and by correlating it with 400 GB of information from the Shodan service. In the second phase of the study, we conduct in-depth discussions with Internet Service Providers (ISPs) and backbone network operators, as well as leverage geolocation databases to not only attribute such exploitations to their hosting environment (ISPs, countries, etc.) but also to classify such inferred IoT devices based on their hosting sector type (financial, education, manufacturing, etc.) and most abused IoT manufacturers. In the third phase, we automate the task of alerting realms that are determined to be hosting exploited IoT devices. Additionally, to address the problem of inferring orchestrated IoT campaigns by solely observing their activities targeting the network telescope, we further introduce a theoretically sound technique based on L1-norm PCA, and validate the utility of the proposed data dimensionality reduction technique against the conventional L2-norm PCA. Specifically, we identify “in the wild” IoT coordinated probing campaigns that are targeting generic ports and campaigns specifically searching for open resolvers (for amplification purposes). The results reveal more than 120,000 Internet-scale exploited IoT devices, some of which are operating in critical infrastructure sectors such as health and manufacturing. We also infer 140 large-scale IoT-centric probing campaigns; a sample of which includes a worldwide distributed campaign where close to 40% of its population includes video surveillance cameras from a single manufacturer, and another very large inferred coordinated campaign consisting of more than 50,000 IoT devices. The reported findings highlight the insecurity of the IoT paradigm at large and thus demonstrate the importance of understanding such evolving Threat Landscape.
-
on reliability analysis of smart grids under topology attacks a stochastic petri net approach
ACM Transactions on Cyber-Physical Systems, 2019Co-Authors: Beibei Li, Kimkwang Raymond Choo, Rongxing Lu, Wei WangAbstract:Building an efficient, smart, and multifunctional power grid while maintaining high reliability and security is an extremely challenging task, particularly in the ever-evolving cyber Threat Landscape. The challenge is also compounded by the increasing complexity of power grids in both cyber and physical domains. In this article, we develop a stochastic Petri net based analytical model to assess and analyze the system reliability of smart grids, specifically against topology attacks under system countermeasures (i.e., intrusion detection systems and malfunction recovery techniques). Topology attacks, evolving from false data injection attacks, are growing security Threats to smart grids. In our analytical model, we define and consider both conservative and aggressive topology attacks, and two types of unreliable consequences (i.e., system disturbances and failures). The IEEE 14-bus power system is employed as a case study to clearly explain the model construction and parameterization process. The benefit of having this analytical model is the capability to measure the system reliability from both transient and steady-state analysis. Finally, intensive simulation experiments are conducted to demonstrate the feasibility and effectiveness of our proposed model.
-
the cyber Threat Landscape challenges and future research directions
Computers & Security, 2011Co-Authors: Kimkwang Raymond ChooAbstract:Cyber Threats are becoming more sophisticated with the blending of once distinct types of attack into more damaging forms. Increased variety and volume of attacks is inevitable given the desire of financially and criminally-motivated actors to obtain personal and confidential information, as highlighted in this paper. We describe how the Routine Activity Theory can be applied to mitigate these risks by reducing the opportunities for cyber crime to occur, making cyber crime more difficult to commit and by increasing the risks of detection and punishment associated with committing cyber crime. Potential research questions are also identified.
-
cyber Threat Landscape faced by financial and insurance industry
Trends and issues in crime and criminal justice, 2011Co-Authors: Kimkwang Raymond ChooAbstract:In 2008, the Australian Institute of Criminology (AIC) commissioned an Australia-wide survey of businesses to identify the prevalence, nature, costs and impacts of computer security incidents against Australian businesses during the 12 month period ending 30 June 2007 (Richards 2009). The Australian Business Assessment of Computer User Security (ABACUS) survey used a random sample of Australian businesses, stratified by industry sector and business size, to enable generalisations to be made about the entire population of Australian businesses - see Challice (2009) for a detailed discussion of the survey methodology. Of the 4,000 survey respondents (a response rate of 29%), 221 respondents were from the financial and insurance industry.
Atif Ahmad - One of the best experts on this subject based on the ideXlab platform.
-
how can organizations develop situation awareness for incident response a case study of management practice
Computers & Security, 2021Co-Authors: Atif Ahmad, Sean B Maynard, Kevin C Desouza, James Kotsias, Monica T Whitty, Richard L BaskervilleAbstract:Abstract Organized, sophisticated and persistent cyber-Threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-Threat Landscape and the broad business context in incident response.
-
Cybersecurity Incident Response in Organizations: An Exploratory Case Study and Process Model of Situation Awareness
Computers & Security, 1Co-Authors: Atif Ahmad, Sean B Maynard, Kevin C Desouza, James Kotsias, Monica T Whitty, Richard L BaskervilleAbstract:Abstract Organized, sophisticated and persistent cyber-Threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-Threat Landscape and the broad business context in incident response.
Monica T Whitty - One of the best experts on this subject based on the ideXlab platform.
-
how can organizations develop situation awareness for incident response a case study of management practice
Computers & Security, 2021Co-Authors: Atif Ahmad, Sean B Maynard, Kevin C Desouza, James Kotsias, Monica T Whitty, Richard L BaskervilleAbstract:Abstract Organized, sophisticated and persistent cyber-Threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-Threat Landscape and the broad business context in incident response.
-
Cybersecurity Incident Response in Organizations: An Exploratory Case Study and Process Model of Situation Awareness
Computers & Security, 1Co-Authors: Atif Ahmad, Sean B Maynard, Kevin C Desouza, James Kotsias, Monica T Whitty, Richard L BaskervilleAbstract:Abstract Organized, sophisticated and persistent cyber-Threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-Threat Landscape and the broad business context in incident response.
James Kotsias - One of the best experts on this subject based on the ideXlab platform.
-
how can organizations develop situation awareness for incident response a case study of management practice
Computers & Security, 2021Co-Authors: Atif Ahmad, Sean B Maynard, Kevin C Desouza, James Kotsias, Monica T Whitty, Richard L BaskervilleAbstract:Abstract Organized, sophisticated and persistent cyber-Threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-Threat Landscape and the broad business context in incident response.
-
Cybersecurity Incident Response in Organizations: An Exploratory Case Study and Process Model of Situation Awareness
Computers & Security, 1Co-Authors: Atif Ahmad, Sean B Maynard, Kevin C Desouza, James Kotsias, Monica T Whitty, Richard L BaskervilleAbstract:Abstract Organized, sophisticated and persistent cyber-Threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-Threat Landscape and the broad business context in incident response.
