Cybersecurity Management System: Defense and Response

Huang, Chenxiang

19 January 2023

Cybersecurity attacks such as phishing, malware, and ransomware have become a major concern in recent years, with many individuals and organizations suffering financial losses as a result. Most people are unaware of the different types of cybersecurity attacks and have not seen examples of them. To address this problem, we developed the Cybersecurity Management System: Defense and Response (CMSDR) cloud software application. It provides both the "Defense" and "Response" to cybersecurity attacks, with educational materials and examples to help users learn about different types of cybersecurity attacks, and a computer-aided reporting and notification system to help organizations respond to ongoing incidents. CMSDR is a universal application that can be used on any platform with a web browser. Any company or organization can effectively run CMSDR on their own server computer for cybersecurity defense and response. / Master of Science / Cybersecurity has become a major concern in recent years as many individuals and organizations have suffered financially from cybersecurity attacks like phishing, malware, and ransomware. This thesis seeks to provide a solution to the emerging number of cybersecurity breaches by introducing Cybersecurity Management System: Defense and Response (CMSDR) cloud software application that features "Defense" and "Response" to cybersecurity attacks. For "Defense", it aims to guide the users of the common types of cybersecurity attacks following the pedagogy "Learning by Examples" by providing cybersecurity examples to support the learning. For "Response", it aims to provide a system that features computer-aided reporting and notification of cybersecurity breaches in a company or organization. The software application is universally usable on any platform with a web browser. With the help of CMSDR, users receive proper education of the types of cybersecurity attacks to raise awareness. Organizations can report and notify ongoing cybersecurity breach incidents to their members easily and effectively.

Cloud software engineering

cybersecurity breach response

cybersecurity defense

cybersecurity education

cybersecurity management

Towards eXplainable Artificial Intelligence (XAI) in cybersecurity

Lopez, Eduardo

January 2024

A 2023 cybersecurity research study highlighted the risk of increased technology investment not being matched by a proportional investment in cybersecurity, exposing organizations to greater cyber identity compromise vulnerabilities and risk. The result is that a survey of security professionals found that 240\% expected growth in digital identities, 68\% were concerned about insider threats from employee layoffs and churn, 99\% expect identity compromise due to financial cutbacks, geopolitical factors, cloud adoption and hybrid work, while 74\% were concerned about confidential data loss through employees, ex-employees and third party vendors. In the light of continuing growth of this type of criminal activity, those responsible for keeping such risks under control have no alternative than to use continually more defensive measures to prevent them from happening and causing unnecessary businesses losses. This research project explores a real-life case study: an Artificial Intelligence (AI) information systems solution implemented in a mid-size organization facing significant cybersecurity threats. A holistic approach was taken, where AI was complemented with key non-technical elements such as organizational structures, business processes, standard operating documentation and training - oriented towards driving behaviours conducive to a strong cybersecurity posture for the organization. Using Design Science Research (DSR) guidelines, the process for conceptualizing, designing, planning and implementing the AI project was richly described from both a technical and information systems perspective. In alignment with DSR, key artifacts are documented in this research, such as a model for AI implementation that can create significant value for practitioners. The research results illustrate how an iterative, data-driven approach to development and operations is essential, with explainability and interpretability taking centre stage in driving adoption and trust. This case study highlighted how critical communication, training and cost-containment strategies can be to the success of an AI project in a mid-size organization. / Thesis / Doctor of Science (PhD) / Artificial Intelligence (AI) is now pervasive in our lives, intertwined with myriad other technology elements in the fabric of society and organizations. Instant translations, complex fraud detection and AI assistants are not the fodder of science fiction any longer. However, realizing its bene fits in an organization can be challenging. Current AI implementations are different from traditional information systems development. AI models need to be trained with large amounts of data, iteratively focusing on outcomes rather than business requirements. AI projects may require an atypical set of skills and significant financial resources, while creating risks such as bias, security, interpretability, and privacy. The research explores a real-life case study in a mid-size organization using Generative AI to improve its cybersecurity posture. A model for successful AI implementations is proposed, including the non-technical elements that practitioners should consider when pursuing AI in their organizations.

XAI cybersecurity IT governance

MARCS: Mobile Augmented Reality for Cybersecurity

Mattina, Brendan Casey

19 June 2017

Network analysts have long used two-dimensional security visualizations to make sense of network data. As networks grow larger and more complex, two-dimensional visualizations become more convoluted, potentially compromising user situational awareness of cyber threats. To combat this problem, augmented reality (AR) can be employed to visualize data within a cyber-physical context to restore user perception and improve comprehension; thereby, enhancing cyber situational awareness. Multiple generations of prototypes, known collectively as Mobile Augmented Reality for Cyber Security, or MARCS, were developed to study the impact of AR on cyber situational awareness. First generation prototypes were subjected to a formative pilot study of 44 participants, to generate user-centric performance data and feedback, which motivated the design and development of second generation prototypes and provided initial insight into the potentially beneficial impact of AR on cyber situational awareness. Second generation prototypes were subjected to a summative secondary study by 50 participants, to compare the impact of AR and non-AR visualizations on cyber situational awareness. Results of the secondary study suggest that employing AR to visualize cyber threats in a cyber-physical context collectively improves user threat perception and comprehension, indicating that, in some cases, AR security visualizations improve user cyber situational awareness over non-AR security visualizations. / Master of Science

Augmented Reality

Cybersecurity

Visualization

The institutionalization of cybersecurity management at the EU-Level : 2013-2016

Backman, Sarah

January 2016

International cybersecurity is arguably one of the most serious, complex and recent security-issues of our time. The connectivity between EU member states regarding cybersecurity due to the borderless nature of cyber, together with increasing threat-levels, has made the need for a common response widely acknowledged in the EU for several years. Even so, a common EU cybersecurity response involves problems such as reluctance of member states to share information, that cybersecurity management is linked to national security and therefore touches upon sovereignty, and different levels of cybersecurity development between member states. Despite this, the Network and Information Security Directive was adopted by the European Council in May 2016, involving EU-wide binding rules on cybersecurity. This thesis examines and explains, through a neo-functionalistic approach, how and why this development towards supranational management of cybersecurity in the EU has happened. The author finds that cybersecurity management seems to have institutionalized from a nascent phase during 2013, moving towards an ascendant phase during the end of 2013 and 2014, to end up between an ascendant and a mature phase during 2015 and 2016 – which makes the adoption of the NIS-directive logical. The neo-functionalistic explanation to the development of supranational cybersecurity management in the EU highlights the role of the Commission as a ‘policy entrepreneur’ and the publication of the EU cybersecurity strategy, accompanied by the proposal for the NISdirective in 2013. These regulatory outputs sparked further institutionalization by providing many opportunities and venues for member states to interact and build networks on cybersecurity issues, by initiatives with normative impact to foster an EU ‘cybersecurity community’, by the continuous strengthening of supranational cybersecurity actors such as ENISA, and by supranational cybersecurity cooperation platforms, such as the NIS-platform and the European Private Public Partnership on cybersecurity. Between 2013 and 2016, 21 EU Member States published national cybersecurity strategies, almost all referring clearly to their commitment to EU cybersecurity initiatives. This provides an indicator of a high level of legitimacy of supranational cybersecurity management. However, the thesis also finds that the strongest supporters of EU cybersecurity management are not the most powerful member states but rather the smaller ones. While not expressing a strong commitment to EU initiatives in cyber policy documents, the most powerful member states still agreed to the NIS-directive. This supports the neo-functionalist notion about the “stickiness” of an institutionalization-process, and the possibility that powerful states might have double paths, committing to EU regulation and institutionalization while still continuing their own way.

EU cybersecurity management

EU

cybersecurity

institutionalization

neofunctionalism

the NIS-Directive

THE RELATIONSHIP BETWEEN ENGAGMENT LEVELS AND PLAYERS’ INTENDED BEHAVIORS IN GAME-BASED TRAINING FOR CYBERSECURITY.

Salameh, Rana

01 December 2019

The purpose of this quantitative exploratory experimental design study was to examine the effects of end-user’s multi-dimension engagement (cognitive, affective, and behavioral) on their cybersecurity intended behaviors (coping and threat appraisals). Additionally, this study is an effort to understand how end-users’ engagement levels changed over multiple playing sessions. There were two research questions: (1) “Do engagement levels have a relationship with the players’ intended behaviors in a cybersecurity serious game?” and (2) “Does playing more sessions of cybersecurity serious game affect players’ engagement?” The protection motivation theory (PMT) was used to assess users’ intended behaviors for two factors: (a) coping appraisal, and (b) threat appraisal. While, the multi-dimension factors of engagement (MDFE) instrument was used to assess users’ multi-dimensions engagement levels (cognitive, affective, and behavior).A total of 122 participants fully completed the (a) pre_knowledge initial survey, (b) assigned training sessions, and (c) post-training surveys (MDFE and PMT). Descriptive analysis was used to assess participants’ background as age, gender, and pre-knowledge. A multiple linear regression analysis was conducted to determine whether a linear combination of the multi-dimensional engagement factors: cognitive, affective, and behavior (as predictors) could predict coping appraisal and threat appraisal as factors of intended behaviors. Also, an independent samples t-test was used to determine whether there would be statistically significant differences in the engagement levels (cognitive, affective, and behavior) between group A and group B that underwent three and five training sessions of gameplay, respectively.The result showed cognitive engagement (i.e., challenge, graphics, and attainable goals) was as significant predictor for end-users’ intended behaviors for both coping and threat appraisals. However, affective and behavioral engagement were not significant predictors for end-users’ intended behaviors (for both coping and threat appraisals). Moreover, the analysis showed that end-users’ engagement levels changed over multiple playing sessions. Group B, who underwent more training sessions, showed more engagement levels. These results have implications on cybersecurity serious game design to include cognitive activities (i.e., challenge, graphics, attainable goals) to assure participants’ engagement levels remain high. Similarly, incorporate activities to enhance players’ confidence and autonomy to assure participants are affectively engaged. And finally, multiple-players game design is recommended to achieve social engagement. Also, findings would be helpful in implementing how often to prescribe the training session. Finally, several implications have been suggested to serious games designers.

Cybersecurity intended behavior

Cybersecurity training

Engagement

Game-based learning

Impacts of Cybersecurity Practices on Cyberattack Damage and Protection Among Small and Medium Enterprises in Thailand

Thamrongthanakit, Thanintorn

January 2023

Small and medium enterprises (SMEs) are a significant factor that drives the global economy, especially in developing countries such as Thailand, where SMEs contribute more than one-third of the Thai GDP. With digital transformation allowing businesses to access new technologies easily, most SMEs have shifted from traditional businesses to digital businesses. However, adopting technologies without any protections could make SMEs become a target of cyberattacks. This study, therefore, aims to explore cyber securities that are used to protect against cyberattacks in Thai SMEs and also the challenges of implementing cybersecurity frameworks and controls in SMEs. The research questions of this study are “How do SMEs in Thailand protect their organization from cyberattacks?” and “What challenges do SMEs in Thailand face during implementing cybersecurity frameworks or controls?” A mixed method combining surveys for quantitative data and interviews for qualitative data was used in this study. The online survey questionnaires were used to find out the overview of cybersecurity in SMEs, followed by the semi-structured interview to investigate the challenges of implementing cybersecurity in SMEs. There were 75 SMEs participating in the survey along with three respondents working for SMEs and an IT consultant for SMEs participating in in-depth interviews. The quantitative data were analyzed with descriptive statistics, while the thematic analysis was used to analyze the quantitative data. The findings indicate that SMEs in Thailand implement some cybersecurity controls to protect their organization instead of complying with the cybersecurity standards or frameworks, such as ISO2700X series, NIST, and PCI DSS. However, SMEs are also concerned about the laws, including Thailand’s PDPA, Computer Crime Act, and Personal Information Act, to which they have to comply. In addition, the biggest challenge of implementing cybersecurity frameworks and controls in SMEs is lack of financial resources, as cybersecurity frameworks and controls require a lot of budget, tools, and also experts or consultants to implement.

SMEs in Thailand

Cybersecurity Frameworks

Cybersecurity Contols

Computer Sciences

Datavetenskap (datalogi)

End-User Security & Privacy Behaviour on Social Media: Exploring Posture, Proficiency & Practice

Akbari Koochaksaraee, Amir

14 June 2019

Security and privacy practices of end-users on social media are an important area of research, as well as a top-of-mind concern for individuals as well as organizations. In recent years, we have seen a sharp increase in data breaches and cyber security threats that have targeted social media users. Hence, it is imperative that we try to better understand factors that affect an end-user’s adoption of effective security safeguards and privacy protection practices. In this research, we propose and validate a theoretical model that posits several determinants of end-user security and privacy practices on social media. We hypothesize relationships among various cognitive, affective and behavioral factors identified under the themes of posture, proficiency, and practices. These constructs and hypotheses are validated through empirical research comprising an online survey questionnaire, and structural equation modeling (SEM) analysis. The key findings of this study highlight the importance of cyber threat awareness and social media security and privacy self-efficacy, which have a direct impact on end-user security and privacy practices. Additionally, our research shows that use of general technology applications for security and privacy impacts the adoption of security and privacy practices on social media. In totality, our research findings indicate that proficiency is a better predictor or security and privacy practices as compared to the posture of an end-user. Factors such as privacy disposition, privacy concerns, and perceived risk of privacy violations do not have as significant or direct effect on security and privacy practices. Based on our research findings, we provide some key take-aways in the form of theoretical contributions, suggestions for future research, as well as recommendations for organizational security awareness training programs.

Cybersecurity

Social Media

End-users

In search of a cyber Manhattan Project : assorted thoughts on U.S. cyberattack by

Civins, Braden Eph

21 December 2011

National discourse on cyberconflict has largely focused on defensive concerns, or protecting “critical infrastructure” from cyber threats. By contrast, the U.S. government’s employment of cyberattack is shrouded in secrecy and receives scant public attention. The seminal study on U.S. cyberattack, published by the National Academy of Sciences in 2009, noted that the clandestine nature of U.S. cyber operations hinders “widespread understanding and debate about the nature and implications of U.S. cyberattack.” This secrecy has contributed to a policy and legal framework for cyberattack that the NRC-NAS Report called “ill-formed, underdeveloped and highly uncertain.” Since the NRC-NAS Report was published, the U.S. government has signaled an unprecedented seriousness of purpose in addressing cyberconflict. It has marshaled its cyber resources under the leadership of a single “Cyber Command” and attempted to articulate formal “cyberstrategy.” Media reports from 2010-11 provide rare insight into cyberattack decision-making, and describe gradual development of policy and process for a specific type of cyberattack. The topic of U.S. cyberattack merits revisiting. This Report surveys the current international environment regarding cyberconflict, traces the development of “cyberstrategy” by the Executive Office of the President (EoP) and the Department of Defense (DoD) to make general points about the U.S. approach to cyberattack, and examines the statutory framework applicable to U.S. cyberattack in a narrow set of cases. This Report draws on news media reports about a series of cyberattack incidents to examine the dynamics of the cyberattack policy-making process, discusses recent attempts to address these issues, and summarizes lessons learned. / text

Cyberattack

Cybersecurity

Defense

National security

Statistical Assessment of Peer-to-Peer Botnet Features

Godkin, Teghan

17 April 2013

Botnets are collections of compromised machines which are controlled by a remotely located adversary. Botnets are of signi cant interest to cybersecurity researchers as they are a core mechanism that allows adversarial groups to gain control over large scale computing resources. Recent botnets have become increasingly complex, relying on Peer-to-Peer (P2P) protocols for botnet command and control (C&C). In this work, a packet-level simulation of a Kademlia-based P2P botnet is used in conjunction with a statistical analysis framework to investigate how measured botnet features change over time and across an ensemble of simulations. The simulation results include non-stationary and non-ergodic behaviours illustrating the complex nature of botnet operation and highlighting the need for rigorous statistical analysis as part of the engineering process. / Graduate / 0984, 0537, 0544

botnets

machines

cybersecurity

statistical analysis

Comparative Analysis of Interface Usability for Cybersecurity Applications

Andrews, Wyly West

January 2021

In cybersecurity, understanding the technologies and the best ways to interface with them is paramount for staying ahead of growing cyberthreats. Developers of cybersecurity software will benefit greatly from a greater understanding of how users prefer to interact with cybersecurity technology. In the modern world, two primary interface methods are currently used: the command-line interface (CLI) and the graphical user interface (GUI). This study is a survey and introspective into what benefits and drawbacks that each method has when in the hands of users who do not have a comprehensive background in cybersecurity. Untrained individuals showed proficiency when working with GUI systems, showing that developing modern cybersecurity systems with GUIs would improve ease of use for such individuals. Additionally, the CLI was favorable for more complex operations but was difficult for users who were not accustomed to the CLI.

cybersecurity

gamification

usability

user interfaces