OVERVIEW OF BASIC RECOMMENDATIONS FOR PREVENTING INFORMATION SECURITY INCIDENTS UNDER REMOTE WORK AND SELF-ISOLATION MODE

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR.

Download Full-text

Prevention of Information Security Incidents in Automated Information System

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2020-05-45-51 ◽

2020 ◽

pp. 45-51

Author(s):

Igor Butusov ◽

◽

Aleksandr Romanov ◽

Keyword(s):

Information System ◽

Information Security ◽

Theoretical Computer Science ◽

Structured Data ◽

Fuzzy Information ◽

Security Incident ◽

Automated Information System ◽

Computer Attacks ◽

Stored Information ◽

Security Incidents

The purpose of the article is to support the processes of preventing information security incidents in conditions of high uncertainty. Method: methods of mathematical (theoretical) computer science and fuzzy set theory. Result: an information security Incident, including a computer incident, is considered as a violation or termination of the functioning of an automated information system and (or) a violation of information stored and processed in this system, including those caused by a computer attack. Information descriptions are presented in the form of structured data about signs of computer attacks. Structured data is the final sequence of strings of symbols in a formal language. The Damerau-Levenstein editorial rule is proposed as a metric for measuring the distance between strings of characters from a particular alphabet. The possibility of presenting the semantics of information descriptions of attack features in the form of fuzzy sets is proved. Thresholds (degrees) of separation of fuzzy information descriptions are defined. The influence of semantic certainty of information descriptions of features (degrees of blurring of fuzzy information descriptions) on the decision-making about their identity (similarity) is evaluated. It is shown that the semantic component of information descriptions of signs of computer attacks presupposes the presence of some semantic metric (for its measurement and interpretation), which, as a rule, is formally poorly defined, ambiguously interpreted and characterized by uncertainty of the type of fuzziness, the presence of semantic information and the inability to directly apply a probabilistic measure to determine the degree of similarity of input and stored information descriptions of signs. An approach is proposed to identify fuzzy information descriptions of computer attacks and to apply methods for separating elements of reference sets on which these information descriptions are defined. It is shown that the results of the procedure for identifying fuzzy information descriptions of computer attacks depend on the degree of separation of the reference sets and on the indicators of semantic uncertainty of these descriptions

Download Full-text

Turning Weakness into Strength

Censorship, Surveillance, and Privacy ◽

10.4018/978-1-5225-7113-1.ch011 ◽

2019 ◽

pp. 177-198

Author(s):

Randy L. Burkhead

Keyword(s):

Information Security ◽

Phenomenological Model ◽

Incident Management ◽

Incident Response ◽

After Action Review ◽

Human Aspects ◽

Interview Guide ◽

The Common ◽

Security Incidents ◽

Management Cycle

In today's culture organizations have come to expect that information security incidents and breaches are no longer a matter of if but when. This shifting paradigm has brought increased attention, not to the defenses in place to prevent an incident but, to how companies manage the aftermath. Using a phenomenological model, organizations can reconstruct events focused on the human aspects of security with forensic technology providing supporting information. This can be achieved by conducting an after action review for incidents using a phenomenological model. Through this approach the researcher can discover the common incident management cycle attributes and how these attributes have been applied in the organization. An interview guide and six steps are presented to accomplish this type of review. By understanding what happened, how it happened, and why it happened during incident response, organizations can turn their moment of weakness into a pillar of strength.

Download Full-text

The Formation of Legal Measures to Counter Information Security Incidents in the Use and Application of Cyber-Physical Systems

Communications in Computer and Information Science - Futuristic Trends in Network and Communication Technologies ◽

10.1007/978-981-16-1480-4_9 ◽

2021 ◽

pp. 100-110

Author(s):

Vlada M. Zhernova ◽

Aleksey V. Minbaleev

Keyword(s):

Information Security ◽

Cyber Physical Systems ◽

Physical Systems ◽

Security Incidents

Download Full-text

Analyzing Human Factors for an Effective Information Security Management System

Standards and Standardization ◽

10.4018/978-1-4666-8111-8.ch060 ◽

2015 ◽

pp. 1253-1278

Author(s):

Reza Alavi ◽

Shareeful Islam ◽

Hamid Jahankhani ◽

Ameer Al-Nemrat

Keyword(s):

Information Security ◽

Human Factors ◽

Management System ◽

Organizational Context ◽

Technical Problem ◽

Security Management ◽

Information Security Management ◽

Information Security Management System ◽

Secure Environment ◽

Security Incidents

Managing security is essential for organizations doing business in a globally networked environment and for organizations that are at the same time seeking to achieve their missions and goals. However, numerous technical advancements do not always produce a more secure environment. All kinds of human factors can deeply affect the management of security in an organizational context. Therefore, security is not solely a technical problem; rather, the authors need to understand human factors, which need adequate attention to achieve an effective information security management system practice. This paper identifies direct and indirect human factors that have impact on information security. These factors were analyzed through the study of two security incidents of the UK's financial organizations using the SWOT (Strength, Weaknesses, Opportunities, and Threats) technique. The study's results show that human factors are the main causes for these security incidents. Factors such as training, awareness, and security culture influence organizational strength and opportunity relating to information security. People's irrational behavior and errors are the main weaknesses highlighted in security incidents, which pose threats such as poor reputation and high costs.

Download Full-text

Turning Weakness into Strength

Handbook of Research on Individualism and Identity in the Globalized Digital Age - Advances in Human and Social Aspects of Technology ◽

10.4018/978-1-5225-0522-8.ch006 ◽

2017 ◽

pp. 118-139

Author(s):

Randy L. Burkhead

Keyword(s):

Information Security ◽

Phenomenological Model ◽

Incident Management ◽

Incident Response ◽

After Action Review ◽

Human Aspects ◽

Interview Guide ◽

The Common ◽

Security Incidents ◽

Management Cycle

In today's culture organizations have come to expect that information security incidents and breaches are no longer a matter of if but when. This shifting paradigm has brought increased attention, not to the defenses in place to prevent an incident but, to how companies manage the aftermath. Using a phenomenological model, organizations can reconstruct events focused on the human aspects of security with forensic technology providing supporting information. This can be achieved by conducting an after action review for incidents using a phenomenological model. Through this approach the researcher can discover the common incident management cycle attributes and how these attributes have been applied in the organization. An interview guide and six steps are presented to accomplish this type of review. By understanding what happened, how it happened, and why it happened during incident response, organizations can turn their moment of weakness into a pillar of strength.

Download Full-text

Organizational Information Security Management for Sustainable Information Systems: An Unethical Employee Information Security Behavior Perspective

Sustainability ◽

10.3390/su12083163 ◽

2020 ◽

Vol 12 (8) ◽

pp. 3163

Author(s):

Amanda M. Y. Chu ◽

Mike K. P. So

Keyword(s):

Information Systems ◽

Information Security ◽

Security Management ◽

Information Security Management ◽

Information Security Behavior ◽

Security Behavior ◽

Different Types ◽

Employee Information ◽

Willingness To Report ◽

Security Incidents

This article examines the occurrences of four types of unethical employee information security behavior—misbehavior in networks/applications, dangerous Web use, omissive security behavior, and poor access control—and their relationships with employees’ information security management efforts to maintain sustainable information systems in the workplace. In terms of theoretical contributions, this article identifies and develops reliable and valid instruments to measure different types of unethical employee information security behavior. In addition, it investigates factors affecting different types of such behavior and how such behavior can be used to predict employees’ willingness to report information security incidents. In terms of managerial contributions, the article suggests that information security awareness programs and perceived punishment have differential effects on the four types of unethical behavior and that certain types of unethical information security behavior exert negative effects on employees’ willingness to report information security incidents. The findings will help managers to derive better security rules and policies, which are important for business continuity.

Download Full-text

Examining the side effects of organizational Internet monitoring on employees

Internet Research ◽

10.1108/intr-08-2019-0360 ◽

2020 ◽

Vol 30 (6) ◽

pp. 1613-1630 ◽

Cited By ~ 1

Author(s):

Hemin Jiang ◽

Aggeliki Tsohou ◽

Mikko Siponen ◽

Ying Li

Keyword(s):

Organizational Commitment ◽

Side Effects ◽

Information Security ◽

Design Methodology ◽

Work Motivation ◽

Internet Usage ◽

Affective Organizational Commitment ◽

Content Type ◽

Employees Satisfaction ◽

Security Incidents

PurposeInternet monitoring in organizations can be used to monitor risks associated with Internet usage and information systems in organizations, such as employees' cyberloafing behavior and information security incidents. Extant research has mainly discussed the effect of Internet monitoring in achieving the targeted goals (e.g. mitigating cyberloafing behavior and information security incidents), but little attention has been paid to the possible side effects of Internet monitoring. Drawing on affective events theory, the authors attempt to reveal that Internet monitoring may cause side effects on employees' Internet usage policy satisfaction, intrinsic work motivation and affective organizational commitment.Design/methodology/approachThe authors conducted a field experiment in a software development company. In total, 70 employees participated in the study. Mann–Whitney U test was employed to analyze the data.FindingsThe results suggest that Internet monitoring decreased employees' satisfaction with the Internet usage policy, intrinsic work motivation, as well as affective organizational commitment.Originality/valueThis study contributes to the literature by examining the side effects of Internet monitoring on employees. It also has implications for organizations to make appropriate decisions regarding whether to implement Internet monitoring.

Download Full-text