Pub Date : 2017-06-01DOI: 10.1109/CyberSA.2017.8073388
Patrik Lif, M. Granåsen, T. Sommestad
Within the cyber security domain, specifically within the field of computer network defence, professional log analysts are employed to monitor organizations' networks in order to detect malicious activity and suggest necessary measures. A log analyst needs to perceive malicious activity, comprehend the impact and type of threat, and predict future consequences. In other words, they need good cyber situation awareness. Research about cyber situation awareness measurement is limited, especially when it comes to practical examples. The current paper describes the development and validation of a freeze-probe technique aiming to measure log analysts' situation awareness. Goal directed task analysis and hierarchical task analysis were used to develop a first version of a measurement technique. The measurement technique had the form of two questionnaires designed for the two different roles in log analysis. The validation was conducted in a realistic setting during an exercise involving five professionals, where the questionnaires were well received by the log analysts. Only smaller adjustments were suggested. The results suggest that the technique can be used to evaluate cyber situation awareness for log analysts, as well as function as a tool in log analysts' daily work to keep track of incidents.
{"title":"Development and validation of technique to measure cyber situation awareness","authors":"Patrik Lif, M. Granåsen, T. Sommestad","doi":"10.1109/CyberSA.2017.8073388","DOIUrl":"https://doi.org/10.1109/CyberSA.2017.8073388","url":null,"abstract":"Within the cyber security domain, specifically within the field of computer network defence, professional log analysts are employed to monitor organizations' networks in order to detect malicious activity and suggest necessary measures. A log analyst needs to perceive malicious activity, comprehend the impact and type of threat, and predict future consequences. In other words, they need good cyber situation awareness. Research about cyber situation awareness measurement is limited, especially when it comes to practical examples. The current paper describes the development and validation of a freeze-probe technique aiming to measure log analysts' situation awareness. Goal directed task analysis and hierarchical task analysis were used to develop a first version of a measurement technique. The measurement technique had the form of two questionnaires designed for the two different roles in log analysis. The validation was conducted in a realistic setting during an exercise involving five professionals, where the questionnaires were well received by the log analysts. Only smaller adjustments were suggested. The results suggest that the technique can be used to evaluate cyber situation awareness for log analysts, as well as function as a tool in log analysts' daily work to keep track of incidents.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116289122","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-01DOI: 10.1109/cyberincident.2017.8054636
Cyril Onwubiko
There have been longitudinal advances in both cybersecurity and cyber-threats in recent years. With cybersecurity, for instance, there are now mechanisms to geographically locate an entity; there are those that can intercept most forms of electronic communications, and those that can recover most types of hidden images and data in electronic devices. The pace of change and advancements has equally been astronomical and astonishing. Technology refresh cycles have been slashed, and are now estimated to between 12 to 18 months, while the number of cyber users or entities has quadrupled in the last five years. These continuous changes have left an ever increasing gap between cybersecurity, that is, control mechanisms (a.k.a. safeguards) that help protect, detect, respond and recover organisational or national cyber investment, and cyber-threats, that is, threats that aim to exploit, breach or circumvent the cyber controls. This gap between cybersecurity on one hand and cyber-threats on the other hand appears to widen even further in areas with far greater financial rewards for the criminals, or nation state political gains. Exploits are now common and frequent, and impacts far much greater than before. This situation is further exacerbated by the lack of adequate and well deployed security operations centres to monitor organizational cyber investments. In this research cyber security operations centre deployment models are proposed to provide better and enhanced situational awareness in order to detect common and frequent exploits, and also sophisticated and cross-channel exploits.
{"title":"Security operations centre: Situation awareness, threat intelligence and cybercrime","authors":"Cyril Onwubiko","doi":"10.1109/cyberincident.2017.8054636","DOIUrl":"https://doi.org/10.1109/cyberincident.2017.8054636","url":null,"abstract":"There have been longitudinal advances in both cybersecurity and cyber-threats in recent years. With cybersecurity, for instance, there are now mechanisms to geographically locate an entity; there are those that can intercept most forms of electronic communications, and those that can recover most types of hidden images and data in electronic devices. The pace of change and advancements has equally been astronomical and astonishing. Technology refresh cycles have been slashed, and are now estimated to between 12 to 18 months, while the number of cyber users or entities has quadrupled in the last five years. These continuous changes have left an ever increasing gap between cybersecurity, that is, control mechanisms (a.k.a. safeguards) that help protect, detect, respond and recover organisational or national cyber investment, and cyber-threats, that is, threats that aim to exploit, breach or circumvent the cyber controls. This gap between cybersecurity on one hand and cyber-threats on the other hand appears to widen even further in areas with far greater financial rewards for the criminals, or nation state political gains. Exploits are now common and frequent, and impacts far much greater than before. This situation is further exacerbated by the lack of adequate and well deployed security operations centres to monitor organizational cyber investments. In this research cyber security operations centre deployment models are proposed to provide better and enhanced situational awareness in order to detect common and frequent exploits, and also sophisticated and cross-channel exploits.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130851584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-01DOI: 10.1109/CyberSA.2017.8073407
F. Leitold, A. Arrott, W. Kam
Microsoft Office 365 user accounts were tested for the efficacy of anti-malware protection provided as part of the cloud-based components of Office 365 productivity software-as-aservice: Exchange, OneDrive, and SharePoint. Multiple threat types (malware binaries, infected documents, malicious hyperlinks) were applied through multiple attack vectors (e-mail, file transfers, social media posts). Cloud-based third party enhanced anti-malware protection is compared to the cloud-based self-protection provided by Microsoft Office 365. While the cloud-based user account self-protection provides protection comparable to endpoint-based anti-malware, the 3rd party protection is shown to provide significantly enhanced protection for file transfers to cloud-drives and for malicious links for all attack vectors.
{"title":"Measuring cloud-based anti-malware protection for office 365 user accounts","authors":"F. Leitold, A. Arrott, W. Kam","doi":"10.1109/CyberSA.2017.8073407","DOIUrl":"https://doi.org/10.1109/CyberSA.2017.8073407","url":null,"abstract":"Microsoft Office 365 user accounts were tested for the efficacy of anti-malware protection provided as part of the cloud-based components of Office 365 productivity software-as-aservice: Exchange, OneDrive, and SharePoint. Multiple threat types (malware binaries, infected documents, malicious hyperlinks) were applied through multiple attack vectors (e-mail, file transfers, social media posts). Cloud-based third party enhanced anti-malware protection is compared to the cloud-based self-protection provided by Microsoft Office 365. While the cloud-based user account self-protection provides protection comparable to endpoint-based anti-malware, the 3rd party protection is shown to provide significantly enhanced protection for file transfers to cloud-drives and for malicious links for all attack vectors.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125123438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-02-23DOI: 10.1109/CyberSA.2017.8073391
M. Junger, Lorena Montoya, P. Hartel, Maliheh Heydari
This study investigates the relationships between users' routine activities and socio-economic characteristics and three forms of cybercrime victimization of 1) online shopping fraud, 2) online banking fraud and 3) cyber-attacks (i.e. DDoS attacks). Data from the Eurobarometer, containing a sample of 17,811 online European citizens was analyzed. The results generally support the Routine Activities Theory. There were few differences by sex. Younger respondents were more at risk of online purchase fraud, but older respondents more of online banking fraud. Few economic characteristics were related to victimization. The three forms of victimization were interrelated relatively strongly. The characteristic of victims of online crime differ from those of traditional crime. We propose that digitalization leads to a ‘normalization of victims’ of cybercrime.
{"title":"Towards the normalization of cybercrime victimization: A routine activities analysis of cybercrime in europe","authors":"M. Junger, Lorena Montoya, P. Hartel, Maliheh Heydari","doi":"10.1109/CyberSA.2017.8073391","DOIUrl":"https://doi.org/10.1109/CyberSA.2017.8073391","url":null,"abstract":"This study investigates the relationships between users' routine activities and socio-economic characteristics and three forms of cybercrime victimization of 1) online shopping fraud, 2) online banking fraud and 3) cyber-attacks (i.e. DDoS attacks). Data from the Eurobarometer, containing a sample of 17,811 online European citizens was analyzed. The results generally support the Routine Activities Theory. There were few differences by sex. Younger respondents were more at risk of online purchase fraud, but older respondents more of online banking fraud. Few economic characteristics were related to victimization. The three forms of victimization were interrelated relatively strongly. The characteristic of victims of online crime differ from those of traditional crime. We propose that digitalization leads to a ‘normalization of victims’ of cybercrime.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124152315","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}