Assessing cyber threats for storyless systems

Meland, Per Håkon; Nesheim, Dag Atle; Bernsmed, Karin; Sindre, Guttorm

doi:10.1016/j.jisa.2021.103050

Cited by 16 publications

(12 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Through converting information into intelligence and developing cyber security knowledge, a formalized approach to cyber threat intelligence (CTI) will materialize. Hence, threat actors need to be identified and categorized and this can be conducted by means of a threat template that outlines the opportunities in relation to the selected threat actors [64] (p. 6). By establishing the motivations of threat actors and linking through with their intended actions, it should be possible to understand the nature of the threat(s) and how matters escalate and an impact occurs [64] (p. 8).…”

Section: Discussionmentioning

confidence: 99%

Combining Sociocultural Intelligence with Artificial Intelligence to Increase Organizational Cyber Security Provision through Enhanced Resilience

Trim

Lee

2022

BDCC

View full text Add to dashboard Cite

Although artificial intelligence (AI) and machine learning (ML) can be deployed to improve cyber security management, not all managers understand the different types of AI/ML and how they are to be deployed alongside the benefits associated with sociocultural intelligence. The aim of this paper was to provide a context within which managers can better appreciate the role that sociocultural intelligence plays so that they can better utilize AI/ML to facilitate cyber threat intelligence (CTI). We focused our attention on explaining how different approaches to intelligence (i.e., the intelligence cycle (IC) and the critical thinking process (CTP)) can be combined and linked with cyber threat intelligence (CTI) so that AI/ML is used effectively. A small group interview was undertaken with five senior security managers based in a range of companies, all of whom had extensive security knowledge and industry experience. The findings suggest that organizational learning, transformational leadership, organizational restructuring, crisis management, and corporate intelligence are fundamental components of threat intelligence and provide a basis upon which a cyber threat intelligence cycle process (CTICP) can be developed to aid the resilience building process. The benefit of this is to increase organizational resilience by more firmly integrating the intelligence activities of the business so that a proactive approach to cyber security management is achieved.

show abstract

Section: Discussionmentioning

confidence: 99%

Combining Sociocultural Intelligence with Artificial Intelligence to Increase Organizational Cyber Security Provision through Enhanced Resilience

Trim

Lee

2022

BDCC

View full text Add to dashboard Cite

show abstract

“…The Open Web Application Security Project (OWASP) also uses technical and perspective to determine the level of threat [16], [17]. That perspective is represented by metrics such as financial loss, reputation damage, number of affected users, loss of CIA (Confidentiality, Integrity, Availability) factors, etc.…”

Section: Fig 1 the Metrics Of Cvssmentioning

confidence: 99%

The Reliability Analysis for Information Security Metrics in Academic Environment

Ibnugraha

Satria

Nagari

et al. 2023

JOIV : Int. J. Inform. Visualization

View full text Add to dashboard Cite

Today, academic institution involves digital data to support the educational process. It has advantages, especially related to ease of access and process. However, security problems appear related to digital data. There were several information security incidents in the academic environment. In order to mitigate the problem, metrics identification is required to determine the risk of incidents. There are many risks model and metrics to estimate the risk, such as DREAD, OWASP, CVSS, etc. However, specific metrics are required to obtain appropriate risk values. Therefore, this study aims to define metrics for an academic institution. The proposed metrics are obtained from The Family Educational Rights and Privacy Act (FERPA) regulation. It consists of directory information, educational information, personally identifiable information, and risk of information leakage. In order to achieve the objective, this study involves survey and reliability analysis to result in output. The survey is conducted by involving 90 respondents with various levels of education and jobs. The Cronbach's alpha and Test-retest are methods to determine this study's reliability. According to reliability analysis, the Cronbach's alpha method results in coefficients for the metrics between 0.730 - 0.911, while the Test-retest method results in coefficients between 0.630 - 0.797. These coefficients have a reliable category, so the proposed metrics are adequate for determining risk of information security incidents in academic environments. The reliable metrics will be developed as variables of the risk assessment model for the academic environment in the future study.

show abstract

“…We extend the UMLmodels from the SCT descriptions with attack scenarios, as depicted in the lock system example in figure 10. Once we have explored the attack space, we can give a qualitative likelihood estimation [15], [16] for the threats based on based on weighted averages of 1) the size of the group of potential threat actors, 2) how favorable the circumstances are for an attack, e.g., spatial opportunity (is the location of…”

Section: Safety and Security Analysismentioning

confidence: 99%

Structured Description of Autonomous Inland Waterway Barge Operations

Hagaseth,

Meland,

Wille

2023

J. Phys.: Conf. Ser.

View full text Add to dashboard Cite

Autonomous and unmanned shipping is revolutionizing the maritime industry by introducing a paradigm shift on how to design the vessels and supporting land-side infrastructure. Currently, there is a lack of formalisms on how to plan for such operations, determining the varying degrees of autonomy and human responsibility, whilst ensuring safety and security. This paper describes fundamental concepts of autonomy in the context of ships. These are then applied in a methodology used to create systematic and structured descriptions for the operation of autonomous ship systems. The examples we use are based on ongoing efforts related to a planned autonomous inland waterway (IWW) barge operation. Finally, we show how the descriptions can be used in conjunction with existing safety and security analysis techniques. Our experience with this methodology is that it allows for a smooth transition from the autonomous ship system design phase to the assessment of the same system using UML notations. We believe that the same methodology can be easily applied to the other use cases and similar systems elsewhere.

show abstract

Assessing cyber threats for storyless systems

Cited by 16 publications

References 24 publications

Combining Sociocultural Intelligence with Artificial Intelligence to Increase Organizational Cyber Security Provision through Enhanced Resilience

Combining Sociocultural Intelligence with Artificial Intelligence to Increase Organizational Cyber Security Provision through Enhanced Resilience

The Reliability Analysis for Information Security Metrics in Academic Environment

Structured Description of Autonomous Inland Waterway Barge Operations

Contact Info

Product

Resources

About