Predictors of Ransomware from Binary Analysis

Otis, Aaron M

01 September 2019

Ransomware, a type of malware that extorts payment from a victim by encrypting her data, is a growing threat that is becoming more sophisticated with each generation. Attackers have shifted from targeting individuals to entire organizations, raising extortions from hundreds of dollars to hundreds of thousands of dollars. In this work, we analyze a variety of ransomware and benign software binaries in order to identify indicators that may be used to detect ransomware. We find that several combinations of strings, cryptographic constants, and a large number loops are key indicators useful for detecting ransomware.

Binary Analysis

Ransomware

Information Security

Reducing Incongruity of Perceptions Related to Information Risk: Dialogical Action Research in Organizations

Sedlack, Derek J.

01 January 2012

A critical overreliance on the technical dimension of information security has recently shifted toward more robust, organizationally focused information security methods to countermand $54 billion lost from computer security incidents. Developing a more balanced approach is required since protecting information is not an all or nothing proposition. Inaccurate tradeoffs resulting from misidentified risk severity based on organizational group perceptions related to information risk form information security gaps. This dissertation applies dialogical action research to study the information security gap created by incongruent perceptions of organizational members related to information risk among different stakeholder communities. A new model, the Information Security Improvement model, based on Technological Frames of Reference (TFR), is proposed and tested to improve information security through reduced member incongruity. The model proved useful in realigning incongruent perceptions related to information risk within the studied organization. A process for identifying disparate information characteristics and potential influencing factors is also presented. The research suggested that the model is flexible and extensible, within the organizational context, and may be used to study incongruent individual perceptions (micro) or larger groups such as departments or divisions.

information

information security

information security improvement

information security strategy

information systems

technological frames of reference

Computer Sciences

The economics of information security

Dlamini, Moses Thandokuhle

20 September 2010

In the year 2008, world markets suffered a huge economic crisis. The extent of the economic crisis has been so severe and has had a global impact. As a contingency strategy, governments of wealthy nations have resorted to extensive bailouts and rescue packages to stop organisations from going bankrupt. A skyrocketing amount of money has been spent on rescue packages and bailouts for the tumbling organisations. However, this could not stop some of the world’s wealthiest financial institutions e.g. Lehman Brothers, Northern Rock, etc from collapsing. Most of the surviving organisations froze their expenditure, implemented cost-cutting measures and in the process, numerous employees lost their jobs. Executives were compelled to ‘achieve more with less’ in order to save their organisations from going bankrupt. It is on this premise that this research proposed the BC3I (Broad Control Category Cost Indicators) model, which is a step towards ‘achieving more with less’ within information security budgeting. The tumbling world markets and increased requirements for legal and regulatory compliance have made this a timely and relevant research that addressed a current, spot-on and global problem. The BC3I model as the main outcome of this research has indeed come at the right time. The BC3I model as proposed in this research makes a real contribution towards assisting information security managers as they make informed decisions regarding the optimal and cost-effective allocation of financial resources to information security activities. The proposed model can be argued to be a good start towards the selection of appropriate controls to optimally and cost-effectively protect organisations’ information assets and simultaneously achieve compliance with legal and regulatory mandates. As a proof of concept, the practicality of the BC3I model has been demonstrated in three different scenarios. The model has been illustrated for an organisation chosen from the financial sector; being the hardest hit by the economic crisis. Furthermore, the financial sector is chosen because of its high reliance on information security for the most obvious reasons that of dealing with money and confidential customer information. Finally and for acceptance purposes, the model has been discussed and reviewed by industry experts from the financial sector. Copyright / Dissertation (MSc)--University of Pretoria, 2010. / Computer Science / unrestricted

Broad control categories

Information security standards

Budget constraints

Information security

Information security investment

Information security budget

Information security controls

UCTD

Studies on Employees’ Information Security Awareness

Häußinger, Felix

13 May 2015

No description available.

330

Information Security Awareness

Information Security Behahavior

Information Systems Security

Antecedents of Information Security

Endogenous Motivation

Wirtschaftswissenschaften (PPN621567140)

Explaining policy differences as a function of diverse governance institutions

Flowers, Jim David

27 May 2016

This study asks the question: “How does the structure of cybersecurity policy relate to differences in structure of policy governance of universities and colleges?” The study has three objectives. First, the study seeks to add to the body of knowledge concerning the relationship between the structure of cybersecurity policy processes and the security policies developed by those processes. Second, the study seeks to demonstrate the usefulness of the Institutional Grammar Tool, Rules Configurations, and other methods employed to analyze institutional configurations. Third, the study seeks to provide pragmatic suggestions for cybersecurity practitioners to systematically identify deficiencies in policy structure that contribute to less than optimum outcomes. Research on this question is necessary as no integrative framework exists for describing or predicting how organizations adopt and implement cyber security policy. The study proposes such a framework by integrating an ideal model for cyber security governance with the principles of the Institutional Analysis and Design framework (IAD). Four research universities of the University System of Georgia are subjected to a cross-case comparison of information security policies. Interviews and policy documents provide a database of institutional statements that are analyzed using IAD methods and tools. Prior research suggests that elements of policy structure, such as how the policy fits the organization’s objectives and culture, are linked to policy effectiveness. Research also suggests that how those elements of policy structure reflect external threats and organizational factors are determined by how the cybersecurity policy development is integrated into the governance of university wide policy. In addition to demonstrating the utility of an integrated approach to studying the problem of creating effective policy, findings demonstrate how a well-integrated cybersecurity governance structure provides better fit, constructs policies of appropriate scope, and is more likely to include the components of governance necessary for policy effectiveness. Findings also suggest that policy form, the readability of policy, may be improved if the documents are analyzed using the institutional grammar tools suggested by the IAD and if collaboration with users and managers to construct policy is encouraged. The capability of the methods employed by the study to identify deficiencies in cyber security governance structure that are manifested in less effective policy outcomes may aid policy makers as they strive to develop policy solutions to an ever changing security threat

Public policy

Institutional analysis

Information security

Non-intrusive continuous user authentication for mobile devices

Karatzouni, Sevasti

January 2014

The modern mobile device has become an everyday tool for users and business. Technological advancements in the device itself and the networks that connect them have enabled a range of services and data access which have introduced a subsequent increased security risk. Given the latter, the security requirements need to be re-evaluated and authentication is a key countermeasure in this regard. However, it has traditionally been poorly served and would benefit from research to better understand how authentication can be provided to establish sufficient trust. This thesis investigates the security requirements of mobile devices through literature as well as acquiring the user’s perspectives. Given the findings it proposes biometric authentication as a means to establish a more trustworthy approach to user authentication and considers the applicability and topology considerations. Given the different risk and requirements, an authentication framework that offers transparent and continuous is developed. A thorough end-user evaluation of the model demonstrates many positive aspects of transparent authentication. The technical evaluation however, does raise a number of operational challenges that are difficult to achieve in a practical deployment. The research continues to model and simulate the operation of the framework in an controlled environment seeking to identify and correlate the key attributes of the system. Based upon these results and a number of novel adaptations are proposed to overcome the operational challenges and improve upon the impostor detection rate. The new approach to the framework simplifies the approach significantly and improves upon the security of the system, whilst maintaining an acceptable level of usability.

005.8

An analysis of the impact of emerging technology on organisations’ internal controls

11 September 2013

M.Comm. (Computer Auditing) / This study presents an evaluation of emerging information communication technology (ICT) solutions to the security internal control systems in South African organisations. Information systems have enabled companies to communicate more efficiently, gain competitive advantage and get a larger market share. These information systems therefore need to be protected securely as they are the vehicles and containers for critical information assets in decision-making processes. Therefore, this research study seeks to provide an overview of the emerging ICT solutions used to conduct business transactions, and share and communicate information. It identifies and analyses the new security risk associated with the emerging technology, and, finally, outlines the ICT security frameworks that can be used to identify, assess and evaluate organisations‟ security internal controls.

Computer auditing

Information security

Computer security

Categorization of Large Corpora of Malicious Software

Kura, Deekshit

20 December 2013

Malware is computer software written by someone with mischievous or, more usually, malicious and/or criminal intent and specifically designed to damage data, hosts or networks. The variety of malware is increasing proportionally with the increase in computers and we are not aware of newly emerging malware. Tools are needed to categorize families of malware, so that analysts can compare new malware samples to ones that have been previously analyzed and determine steps to detect and prevent malware infections. In this thesis, I developed a technique to catalog and characterize the behavior of malware, so that malware families, the level of potential threat, and the effects of malware can be identified. Combinations of complementary techniques, including third-party tools, are integrated to scan and illustrate how malware may harm a target machine, search for related malware behavior, and organize malware into families, based on a number of characteristics.

Malware Analysis

Information Security

Other Computer Sciences

Informationssäkerhet : en undersökning om säkerhetsarbetet bland företag i Dals-Ed

Bengtsson, Jenny, Olsson, Jenny

January 2003

No description available.

Informationssäkerhet

Datasäkerhet

Säkerhetspolicy

Information security management

Säkerhetslösningar

Secret sharing using artificial neural network

Alkharobi, Talal M.

15 November 2004

Secret sharing is a fundamental notion for secure cryptographic design. In a secret sharing scheme, a set of participants shares a secret among them such that only pre-specified subsets of these shares can get together to recover the secret. This dissertation introduces a neural network approach to solve the problem of secret sharing for any given access structure. Other approaches have been used to solve this problem. However, the yet known approaches result in exponential increase in the amount of data that every participant need to keep. This amount is measured by the secret sharing scheme information rate. This work is intended to solve the problem with better information rate.

Secret sharing

artificial neural network

information security