Purpose-The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing Digital Forensic Readiness (DFR) schemes by leveraging the capabilities of cyber threat information sharing. Design/methodology/approach-This paper employs a quantitative methodology to identify the most popular Cyber Threat Intelligence (CTI) elements and introduces a lightweight approach to correlate those with potential forensic value resulting in the quick and accurate triaging and identification of patterns of malicious activities. Findings-While threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the Digital Forensics (DF) domain. Originality/value-The proposed model can help organizations to improve their digital forensic readiness posture and thus minimize the time and cost of cybercrime incidents.
The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR.
In this article, a DFR framework is proposed focusing on the prioritization, triaging and selection of Indicators of Compromise (IoC) to be used when investigating of security incidents. A core component of the framework is the contextualization of the IoCs to the underlying organization, which can be achieved with the use of clustering and classification algorithms and a local IoC database.
Authorization decisions are a critical security concern in today's distributed large information systems. These authorizations are significantly different from those in centralized or smaller systems. Mobile agent technology on the other hand provides a useful tool to explore and facilitate information sharing in distributed systems. However, agents are often restricted by the security problems related to the large scale distributed systems and the multi-user operating system environments within they usually operate. This article provides a suitable framework for authorizing mobile agents where an outsized and dynamic set of principals forming a virtual organization (VO), with mutual mistrust between them, has to rely on pieces of application code which autonomously migrate and execute on consecutive hosts. The role based access control model (RBAC) is used for dynamically assigning security roles to visiting agents on each hosting platform. The proposed methodology is particularly suitable for handling authorizations in VOs.
With the increasing availability of networks and the advancements in their underlying infrastructure of mobile devices, access control and authorization issues will be enablers of future technologies in collaborative environments. Recent works demonstrate efforts to dynamically authorize users without prior knowledge and with no security configuration attributes or roles previously assigned to them. Moreover, current role-based engineering approaches construct role hierarchies without reflecting the organizational structure, since they do not take into account structural organizational characteristics. In this paper we propose an innovative role structure, not solely dependent on naming methods but also that takes into account organizational as well as functional characteristics to provide a practical role assignment methodology between organizations in a collaborative environment. More specifically, we argue that beyond the fact that a role represents a job assignment to perform certain function(s), it is also a composite element representing several organizational characteristics such as organizational function, organizational domain and level of authority. The proposed role structure enables role-to-role assignment as external nonlocal users request access in a particular information system (e.g., people on the move, users logged in from a collaborative organization) and acquire local role(s). A clear advantage in the proposed framework is its flexibility in the role assignment process, since the proposed role decomposition does not require an exact match of predefined credentials. The methodology is autonomous, as no prior trust establishment is required between interactive organizations, expendable as new organizations can join the collaboration without affecting the existing ones, flexible as it does not affect the local access control policy, scalable as the collaboration can increase arbitrary and efficient as the comparison methodology guarantees the selection of the appropriate local role, if such one exists.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.