1 |
Measuring Cybersecurity Competency: An Exploratory Investigation of the Cybersecurity Knowledge, Skills, and Abilities Necessary for Organizational Network Access PrivilegesNilsen, Richard 01 January 2017 (has links)
Organizational information system users (OISU) that are victimized by cyber threats are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, it has been argued that cybersecurity competency is critical for advancing economic prosperity and maintaining national security. The fact remains that technical cybersecurity controls may be rendered useless due to a lack of cybersecurity competency of OISUs. All OISUs, from accountants to cybersecurity forensics experts, can place organizational assets at risk. However, that risk is increased when OISUs do not have the cybersecurity competency necessary for operating an information system (IS). The main goal of this research study was to propose and validate, using subject matter experts (SME), a reliable hands-on prototype assessment tool for measuring the cybersecurity competency of an OISU. To perform this assessment, SMEs validated the critical knowledge, skills, and abilities (KSA) that comprise the cybersecurity competency of OISUs. Primarily using the Delphi approach, this study implemented four phases of data collection using cybersecurity SMEs for proposing and validating OISU: KSAs, KSA measures, KSA measure weights, and cybersecurity competency threshold. A fifth phase of data collection occurred measuring the cybersecurity competency of 54 participants. Phase 1 of this study performed five semi-structured SME interviews before using the Delphi method and anonymous online surveys of 30 cybersecurity SMEs to validate OISU cybersecurity KSAs found in literature and United States government (USG) documents. The results of Phase 1 proposed and validated three OISU cybersecurity abilities, 23 OISU cybersecurity knowledge units (KU), and 22 OISU cybersecurity skill areas (SA). In Phase 2, two rounds of the Delphi method with anonymous online surveys of 15 SMEs were used to propose and validate OISU cybersecurity KSA measures. The results of Phase 2 proposed and validated 90 KSA measures for 47 knowledge topics (KT) and 43 skill tasks (ST). In Phase 3, using the Delphi method with anonymous online surveys, a group of 15 SMEs were used to propose and validate OISU cybersecurity KSA weights. The results of Phase 3 proposed and validated the weights for four knowledge categories (KC) and four skill categories (SC). When Phase 3 was completed, the MyCyberKSAsTM prototype assessment tool was developed using the results of Phases 1-3, and Phase 4 was initiated. In Phase 4, using the Delphi method with anonymous online surveys, a group of 15 SMEs were used to propose and validate an OISU cybersecurity competency threshold (index score) of 80%, which was then integrated into the MyCyberKSAsTM prototype tool. Before initiating Phase 5, the MyCyberKSAsTM prototype tool was fully tested by 10 independent testers to verify the accuracy of data recording by the tool. After testing of the MyCyberKSAsTM prototype tool was completed, Phase 5 of this study was initiated. Phase 5 of this study measured the cybersecurity competency of 54 OISUs using the MyCyberKSAsTM prototype tool. Upon completion of Phase 5, data analysis of the cybersecurity competency results of the 54 OISUs was conducted. Data analysis was conducted in Phase 5 by computing levels of dispersion and one-way analysis of variance (ANOVA). The results of the ANOVA data analysis from Phase 5 revealed that annual cybersecurity training and job function are significant, showing differences in OISU cybersecurity competency. Additionally, ANOVA data analysis from Phase 5 showed that age, cybersecurity certification, gender, and time with company were not significant thus showing no difference in OISU cybersecurity competency. The results of this research study were validated by SMEs as well as the MyCyberKSAsTM prototype tool; and proved that the tool is capable of assessing the cybersecurity competency of an OISU. The ability for organizations to measure the cybersecurity competency of OISUs is critical to lowering risks that could be exploited by cyber threats. Moreover, the ability for organizations to continually measure the cybersecurity competency of OISUs is critical for assessing workforce susceptibility to emerging cyber threats. Furthermore, the ability for organizations to measure the cybersecurity competency of OISUs allows organizations to identify specific weaknesses of OISUs that may require additional training or supervision, thus lowering risks of being exploited by cyber threats.
|
2 |
Empirical study of cultural dimensions and cybersecurity developmentOnumo, Aristotle, Cullen, Andrea J., Awan, Irfan U. 05 1900 (has links)
yes / This study seeks to investigate how the development of e-government services impacts on cybersecurity. The study uses the methods of correlation and multiple regression to analyse two sets of global data, the e-government development index of the 2015 United Nations e-government survey and the 2015 Inter-national Telecommunication Union global cybersecurity develop-ment index (GCI 2015). After analysing the various contextual factors affecting e-government development , the study found that, various composite measures of e-government development are significantly correlated with cybersecurity development. The therefore study contributes to the understanding of the relation-ship between e-government and cybersecurity development. The authors developed a model to highlight this relationship and have validated the model using empirical data. This is expected to provide guidance on specific dimensions of e-government services that will stimulate the development of cybersecurity. The study provided the basis for understanding the patterns in cybersecurity development and has implication for policy makers in developing trust and confidence for the adoption e-government services. / National Information Technology Development Agency, Nigeria.
|
3 |
Anomaly detection with applications in environmental and cyber securityLocke, Ronald Taylor January 2012 (has links)
Thesis (Ph.D.)--Boston University / PLEASE NOTE: Boston University Libraries did not receive an Authorization To Manage form for this thesis or dissertation. It is therefore not openly accessible, though it may be available by request. If you are the author or principal advisor of this work and would like to request open access for it, please contact us at open-help@bu.edu. Thank you. / Two approaches to detecting anomalous behavior within a sequence of random observations are presented. One approach is stochastic in nature, using large deviations techniques to form a Hoeffding decision test. Scenarios in which sequential observations can be considered independent and identically distributed (iid) or adhere to a first-order Markov chain are both considered. The Markovian case is explored further and asymptotic performance results are developed for using the generalized likelihood ratio test (GLRT) to identify a Markov source. After a presentation of binary and multi-class Support Vector Machines (SVM), a deterministic anomaly detection method based on the so-called one-class SVM is also presented.
The presented methodologies are then applied to detection and localization of Chemical, Biological, Radiological, or Nuclear (CBRN) events in an urban area using a network of sensors. In contrast to earlier work, these approaches do not solve an inverse dispersion problem but rely on data obtained from a simulation of the CBRN dispersion to obtain descriptors of sensor measurements under a variety of CBRN release scenarios. To assess the problem of environmental monitoring, CBRN event-free conditions are assumed to be iid and a corresponding stochastic anomaly detector is relied on to detect a CBRN event. Conditional on such an event, subsequent sensor observations are assumed to follow a Markov process. Accordingly, the presented Markov source identification methodology is used to map sensor observations to a source location chosen out of a discrete set of possible locations. A multi-class SVM approach to CBRN localization is also developed, and the two techniques are compared using three-dimensional CBRN release simulations. Also addressed is the problem of optimally placing sensors to minimize the localization probability of error.
The anomaly detection approaches are then applied to detection of data exfiltration-style attempts on a network server. Two one-class SVM approaches are presented. In both, data packet transmissions are captured and compiled into network flows. In a flow-by-flow network anomaly detector, features are extracted from individual flows and their novelty is tested. If a flows features differ too greatly from nominal flow features, as determined by the SVM, that flow is declared an anomaly. In a network-wide anomaly detector, the novelty of a time sequence of flows is tested. The stochastic anomaly detectors are applied to sequences of flows as well, under the contexts of subsequent network flows either being iid or following a Markov process. These techniques are evaluated on simulated network traffic. / 2031-01-01
|
4 |
Taiwan's security in cyberspace : a critical perspectiveYau, Hon-Min January 2018 (has links)
This thesis investigates the interplay between international politics and cyberspace, and explains how Taiwan's cybersecurity policy was formed prior to 2016. It examines how politics can shape or reshape the future direction of technologies. By using Taiwan as the object of the case study, the central research question is, "How is Taiwan counterbalancing China's rising power in cyberspace and what are the implications?" The investigation for the first part of the research question provides a general account of issues affecting Taiwan's practice of cybersecurity policy via a constructivist approach. While I do not deny the technology determinist's logic that new technology can drive the way of politics, the empirical observations from Taiwan focus our attention on a different perspective, that politics can still reshape future direction and the use of technology. It explains to us through the case of Taiwan how politics trump both technical decisions and direction of technology, and further exposes the underlying knowledge structure within Taiwanese policy makers' "world." While this knowledge structure, as a form of theory, constitutes the world we live in, the second part of the research question scrutinizes this taken-for-granted knowledge structure. I challenge well-accepted assumptions regarding cyberwarfare to investigate its limitations and explore its problematic effects within the context of Taiwan. By using the principles of Critical Security Studies, I argue that an alternative conceptualization of cybersecurity can still embrace the security end that Taiwan intends to achieve, and propose a critical strategy to engage Taiwan's security challenge while avoiding adverse consequences from cyberwarfare. Looking closely at the case of Taiwan's cybersecurity contributes to the broader International Relations (IR) literature concerning the effects of norms and interest, and extends a constructivist approach to the domain of cyberspace. It also allows knowledge in Cybersecurity Studies to establish a dialogue with IR literature, and reduces the knowledge gap of Taiwan's cybersecurity in Taiwan studies. This project was conducted via interdisciplinary approaches situated at the intersection of IR, Cybersecurity Studies, and Taiwan Studies, and is a timely reminder of the need to examine Taiwan's security with a more contemporary, localized, and theoretically-grounded framework that will help policymakers understand the new challenges that they face in the 21st Century. It is a discourse of resistance to the current discussions that centre on cyberwarfare and instead turns our attention to true cybersecurity.
|
5 |
Security test and evaluation of cross domain systemsLoughry, Joe January 2014 (has links)
In practicable multi-level secure systems it is necessary occasionally to transfer information in violation of security policy. Machines for doing this reliably and securely are called cross domain solutions; systems incorporating them are cross domain systems. Data owners, especially in classified environments, tend to distrust other data owners, other systems and networks, their own users, and developers of cross domain solutions. Hence, data owners demand rigorous testing before they will allow their information into a cross domain system. The interests of data owners are represented by certifiers and accreditors, who test newly developed cross domain solutions and newly installed cross domain systems, respectively. Accreditors have the authority to grant approval to operate and the responsibility for accepting residual risk. Certification and accreditation have always been expensive and time consuming, but there are hidden inefficiencies and unexploited opportunities to predict the actions of accreditors and to control the cost of certification. Some case studies of successful and unsuccessful security certifications and accreditations were analysed using grounded theory methodology. It was discovered that inefficiency arises from conflation of the principle of defence in depth with the practice of independent verification and validation, resulting in an irresistible appearance of cost savings to managers with a possible explanation in the relative maturity of different levels of software engineering organisations with respect to policy, process, and procedures. It was discovered that there is a simple rule relating certifier findings to developer responses that predicts the duration of penetration testing and can be used to bound the schedule. An abstract model of cross domain system accreditation was developed that is sufficiently powerful to reason about collateral, compartmented, and international installations. It was discovered that the behaviour of accreditors satisfies the criteria for reliable signalling in the presence of asymmetric information due to Akerlof, Spence, and Stiglitz.
|
6 |
Correlating Easily and Unobtrusively Queried Computer Characteristics to Number and Severity of VulnerabilitiesMercado, Jonathan M 01 November 2018 (has links)
Cybersecurity has become a top-of-mind concern as the threat landscape expands and organizations continue to undergo digital transformation. As the industry confronts this growth, tools designed to evaluate the security posture of a network must improve to provide better value. Current agent-based and network scanning tools are resource intensive, expensive, and require thorough testing before implementation in order to ensure seamless integration. While surfacing specific vulnerability information is imperative to securing network assets, there are ways to predict the security status of a network without taking exact measurements. These methods may inform security professionals as to where the weakest points of the network lie quickly, unobtrusively, and cost-effectively. This thesis proposes a methodology for identifying correlations between host configuration and vulnerability, then specifically examines easily queried characteristics within the Microsoft Windows operating system that may be vulnerability predictors. After taking measurements of forty hosts, it was discovered that there is a strong (r > 0.80) correlation between several metrics and total number of vulnerabilities as measured by the Tenable Nessus network scanner. Specifically, total number of open TCP ports (r = 0.82), total number of programs installed (r = 0.90), days since last restart (r = 0.97), and days since last windows update (r = 0.93) were found to be strong candidates for identifying high-risk machines. A significant correlation was also found when measuring the total number of logged in users (r = 0.68). Correlations were not as strong when considering subsets of hosts in similar environments. These findings can be used in tooling which will quickly evaluate the security posture of network hosts.
|
7 |
The Design of Virtual Reality Based Data Visualization and User Interface Design in a Semi-Automated Cyber-Security Research ApplicationTipparach, Santipab January 2019 (has links)
Virtual Reality is currently an affordable and consumer ready technology used by many in the games and interactive media industry, however unlike the user interface standards in mobile, PCs, and Macs, VR UI design can vary in complexity and usability. VR has many times been linked in films, TV shows, and animation as a method for navigating through cyberspace. It has been portrayed to be involved in the process of hacking a computer on some network. This study will look at approaches to developing a UI system using cyber-security research applications as a basis for designing a framework. Throughout, this research will analyze the different approaches to UI design and data visualization, extract relevant information, and find out what approaches will help improve the VR software front end design.
|
8 |
Using Offline Activities to Enhance Online Cybersecurity EducationPadlipsky, Sarah 01 December 2018 (has links)
Since the beginning of the 21st century, the United States has experienced the impact of a technological revolution. One effect of this technological revolution is the creation of entirely new careers related to the field of technology, including cybersecurity. Continued growth in the cybersecurity industry means a greater number of jobs will be created, adding to the existing number of jobs that are challenging an under-educated and under-trained workforce. The goal of this thesis is to increase the effectiveness of cybersecurity education. This thesis studies whether an online course in cybersecurity can be enhanced by offline, in-person activities that mirror traditional classroom methods. To validate the research, two groups of high school students participated in an online course with only one group participating in offline activities. The results showed that the group that participated in both the online and offline portions of the course had a higher percentage of student retention, a more positive mindset towards cybersecurity, and an improved performance in the course.
|
9 |
Efficient Secure E-Voting and its Application in Cybersecurity EducationSwearingen, Nathan 05 1900 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / As the need for large elections increases and computer networking becomes more widely used, e-voting has become a major topic of interest in the field of cryptography. However, lack of cryptography knowledge among the general public is one obstacle to widespread deployment. In this paper, we present an e-voting scheme based on an existing scheme. Our scheme features an efficient location anonymization technique built on homomorphic encryption. This technique does not require any participation from the voter other than receiving and summing location shares. Moreover, our scheme is simplified and offers more protection against misbehaving parties. We also give an in-depth security analysis, present performance results, compare our scheme with existing schemes, and describe how our research can be used to enhance cybersecurity education.
|
10 |
Denial of convenience attack to smartphones using a fake wi-fi access pointDondyk, Erich 01 May 2012 (has links)
In this thesis, we consider a novel denial of service attack targeted at popular smartphone operating systems. This type of attack, which we call a Denial of Convenience (DoC) attack, prevents non-technical savvy victims from utilizing data services by exploiting the connectivity management protocol of smartphones' operating systems when encountered with a Wi-Fi access point. By setting up a fake Wi-Fi access point without Internet access (using simple devices such as a laptop), an adversary can prompt a smartphone with enabled Wi-Fi features to automatically terminate a valid mobile broadband connection and connect to this fake Wi-Fi access point. This, as a result, prevents the targeted smartphone from having any type of Internet connection unless the victim is capable of diagnosing the problem and disabling the Wi-Fi features manually. For the majority of smartphone users that have little networking knowledge, this can be a challenging task. We demonstrate that most current smartphones, including iPhone and Android phones, are vulnerable to this DoC attack. To address this attack, we propose implementing a novel Internet-access validation protocol to validate a Wi-Fi access point by taking advantage of the cellular network channel. It first uses the cellular network to send a secret to an Internet validation server, and tries to retrieve this secret via the newly established Wi-Fi channel to validate the connection of the Wi-Fi channel.
|
Page generated in 0.0364 seconds