Designing and Evaluating an Automatic Forensic Model for Fast Response of Cross-border E-commerce Security Incidents

The rapid development of cross-border e-commerce over the past decade has accelerated the integration of the global economy. At the same time, cross-border e-commerce has increased the prevalence of cybercrime, and the future success of e-commerce depends on enhanced online privacy and security. However, investigating security incidents is time- and cost-intensive as identifying telltale anomalies and the source of attacks requires the use of multiple forensic tools and technologies and security domain knowledge. Prompt responses to cyber-attacks are important to reduce damage and loss and to improve the security of cross-border e-commerce. This article proposes a digital forensic model for first incident responders to identify suspicious system behaviors. A prototype system is developed and evaluated by incident response handlers. The model and system are proven to help reduce time and effort in investigating cyberattacks. The proposed model is expected to enhance security incident handling efficiency for cross-border e-commerce.

Designing and Evaluating an Automatic Forensic Model for Fast Response of Cross-Border E-Commerce Security Incidents

The rapid development of cross-border e-commerce over the past decade has accelerated the integration of the global economy. At the same time, cross-border e-commerce has increased the prevalence of cybercrime, and the future success of e-commerce depends on enhanced online privacy and security. However, investigating security incidents is time- and cost-intensive as identifying telltale anomalies and the source of attacks requires the use of multiple forensic tools and technologies and security domain knowledge. Prompt responses to cyber-attacks are important to reduce damage and loss and to improve the security of cross-border e-commerce. This article proposes a digital forensic model for first incident responders to identify suspicious system behaviors. A prototype system is developed and evaluated by incident response handlers. The model and system are proven to help reduce time and effort in investigating cyberattacks. The proposed model is expected to enhance security incident handling efficiency for cross-border e-commerce.

Security Assurance in Agile Software Development Methods

Agile software development was introduced in the beginning of the 2000s to increase the visibility and efficiency software projects. Since then it has become as an industry standard. However, fitting sequential security engineering development models into iterative and incremental development practices in agile methods has caused difficulties in defining, implementing, and verifying the security properties of software. In addition, agile methods have also been criticized for decreased quality of documentation, resulting in decreased security assurance necessary for regulative purposes and security measurement. As a consequence, lack of security assurance can complicate security incident management, thus increasing the software's potential lifetime cost. This chapter clarifies the requirements for software security assurance by using an evaluation framework to analyze the compatibility of established agile security development methods: XP, Scrum, and Kanban. The results show that the agile methods are not inherently incompatible with security engineering requirements.

Introducing Serious Games as a Master Course in Information Security Management Programs

In this chapter, the authors outline their process for introducing serious games as a course in an Information Security Master Course Program at the Norwegian University of Science and Technology. The process is built on the author's experiences from both participating, coaching, judging, and even arranging serious games and cyber security challenges. With the lack of cultural recipes (or shared experiences) in information and cyber security from previous generations, these recipes must be learned in other environments. Given the efficiency of using exercises for incident response training, the authors suggest that information and cyber security incident response can be learned efficiently through serious games as one type of exercise. The authors suggest that serious games give relevant learning experiences from both developing them and participating in them, and they suggest these learning experiences as part of the course, in addition to necessary instructions.

Assessing the Actual Impact of a Cryptojacking Attack on Individual IT Systems and Measuring Legal Responses

Mining cryptocurrencies is much more profitable if one is not paying for equipment or the electricity used for the mining. This is the main reason why cryptojacking has become so prevalent as one of the predominant cybersecurity threats facing Europe today. While the robustness of an organisation is important, one should also know what to do following a security incident or breach. Whilst post-incident analyses are important, an organization should also ascertain their legal standing as well as any possible ways forward after the damage has been done. In order to have a better idea of such a situation, we conducted an in-depth analysis of what a cryptojacking attack would do to our computer network. We did not do that to better protect ourselves, but rather to assess what management can do after an attack happens. Furthermore, we present areas that should be taken into account when assessing damage and propose legal measures effective at the European Union level, relying on criminal, civil and data protection provisions.

What Risk Resilience Measures Can I Use?

The question “What resilience measures can I use?” addresses how to reduce the impact and consequences of successful cyberattacks. The chapter begins with a case study analyzing how Capital One recovered after being hacked and highlighting how your organization can use planning to facilitate cyber resilience. It illuminates the technical means for enabling resilience from an attack, including virtualization and maintaining backups. It defines a ten-step process for responding to cyberattacks: prevention, planning, preparation, detection, analysis, containment, communication, eradication, recovery, and post-event analysis. The chapter explains how an organization can build a computer security incident response team (CSIRT) to facilitate this process, and what role a cyber crisis communication plan should play. The chapter concludes with Rosenbach’s Embedded Endurance strategy experience supporting the White House in crafting a national cyberattack resilience and response plan.

Research on internal network data security monitoring method based on NB-IOT

In order to overcome the problems of poor data classification accuracy and effectiveness of traditional data monitoring methods, this paper designs a data security monitoring method based on narrow-band Internet of things. Firstly, the model of network data acquisition and sensor node’s optimal configuration is established to collect intranet data. Based on the analysis of data characteristics, dynamic intranet data analysis indexes are designed from three aspects: establishing security incident quantity index, establishing address entropy index and data diversion. According to the above-mentioned narrow-band data aggregation rate, the security index of the Internet of things is calculated to realize the security of monitoring data. The experimental results show that: whether the network attack exists or not, the accuracy rate of the method is always higher than 90%, the classification time is less than 4 s, and the energy consumption of monitoring process is always less than 150 J, which fully proves that the method achieves the design expectation.

Stepping out of the Shadow

After the discovery of the Morris Worm in November 1988, the first Computer Emergency Response Team (CERT) was established. During the following years, other CERTs or Computer Security Incident Response Teams (CSIRTs) were established in different parts of the globe. Now, three decades later, CSIRTs have become an integral part of the cyber security ecosystem. This chapter aims to provide an insight into the evolution of CSIRTs by describing their historical background, their different types and services, as well as the challenges they are encountering as the topic of cyber security becomes more pertinent and political.