The Cybersecurity Awareness Training Model (CATRAM)

This chapter presents the outcome of one empirical research study that assess the implementation and validation of the cybersecurity awareness training model (CATRAM), designed as a multiple-case study in a Canadian higher education institution. Information security awareness programs have become unsuccessful to change people's attitudes in recognizing, stopping, or reporting cyberthreats within their corporate environment. Therefore, human errors and actions continue to demonstrate that we as humans are the weakest links in cybersecurity. The chapter studies the most recent cybersecurity awareness programs and its attributes. Furthermore, the authors compiled recent awareness methodologies, frameworks, and approaches. The cybersecurity awareness training model (CATRAM) has been created to deliver training to different corporate audiences, each of these organizational units with peculiar content and detached objectives. They concluded their study by addressing the necessity of future research to target new approaches to keep cybersecurity awareness focused on the everchanging cyberthreat landscape.

The CyberSecurity Audit Model (CSAM)

This chapter presents the outcome of two empirical research studies that assess the implementation and validation of the cybersecurity audit model (CSAM), designed as a multiple-case study in two different Canadian higher education institution. CSAM can be applied for undertaking cybersecurity audits in any organization or nation state in order to evaluate and measure the cybersecurity assurance, maturity, and cyber readiness. The architecture of CSAM is explained in central sections. CSAM has been examined, implemented, and established under three research scenarios: (1) cybersecurity audit of all model domains, (2) cybersecurity audit of numerous domains, and (3) a single cybersecurity domain audit. The chapter concludes by showing how the implementation of the model permits one to report relevant information for future decision making in order to correct cybersecurity weaknesses or to improve cybersecurity domains and controls; thus, the model can be implemented and sufficiently tested at any organization.

Cybercrime and Cybercriminals

The rising expansion and diversification in the cybercrime arena have become difficult obstacles in order both to understand the extent of embedded risks and to define efficient policies of prevention for corporations, institutions, and agencies. The present study represents a comprehensive review of the origin, typologies, and developments of cybercrime and hacker subculture. This chapter confronts the issues by describing and discussing different criteria of classification in the field and by providing a broad list of definitions and an analysis of the cybercrime practices. A conceptual taxonomy of cybercrime is described as well. Common categories include the digital device is the target to commit the crime, the digital device is used as a tool to perpetrate the felony, or a digital device is an incidental condition to the execution of a crime. The authors complete their study by analyzing lessons learned and future actions that can be undertaken to tackle cybercrime and harden cybersecurity at all levels.

Audits in Cybersecurity

The objective of this chapter is to provision a comprehensive literature review of the most relevant approaches for conducting cybersecurity audits. The study includes auditing perspectives for specific scopes and the best practices that many leading organizations are providing for security and auditing professionals to follow. The chapter reviews relevant features for auditing approaches in the following order: ISO/IEC 27001:2013, ISO/IEC 27002:2013, Control Objectives for Information and Related Technology (COBIT) 2019, Information Technology Infrastructure Library (ITIL) 4, AICPA, ISACA, NIST SP 800-53, NIST CSF v1.1, IIA, PCI DSS, ITAF, COSO, ENISA, NERC CIP, and CSAM.

Digital Forensics of Cybercrimes and the Use of Cyber Forensics Tools to Obtain Digital Evidence

This chapter evaluates the most relevant methodologies and best practices for conducting digital investigations, preserving digital forensic evidence and following chain of custody (CoC) of cybercrimes. Cybercriminals are assuming new strategies to launch their sophisticated cyberattacks within the ever-changing digital ecosystems. The authors recommend that digital investigations must continually shift to tackle cybercrimes and prosecute cybercriminals to increase international collaboration networks, to share prevention knowledge, and to analyze lessons learned. They also establish a cyber forensics model for miscellaneous ecosystems called cyber forensics model in digital ecosystems (CFMDE). This chapter also reviews the most important categories of tools to conduct digital investigations. Nevertheless, as the cybercrime sophistication keeps improving, it is also necessary to harden technologies, techniques, methodologies, and tools to acquire digital evidence in order to support and make cyber investigation cases stronger.

National Cybersecurity Strategies

This chapter studies the phases to unify our national cybersecurity strategy model (NCSSM) in any nation cyber strategy that is either under development or improvement stages. This methodology consists of developing international cybersecurity strategies, alliances, and cooperation with different stakeholders at all possible levels. The research evaluated the best practices of 10 leading countries and five intergovernmental organizations in terms of developing effective cybersecurity strategies and policies. The authors also assessed a series of cybersecurity best practices that can be aligned with cyber governance and cyber law when countries wish to develop or enhance national cyber strategies. Furthermore, they propose guidelines to audit the national cyber strategies by utilizing their cybersecurity audit model (CSAM). CSAM could be considered for conducting cybersecurity audits in any nation state in pursuance of reviewing and measuring the cybersecurity assurance, maturity, and cyber readiness and to detect the needs to increase cyber awareness to defend and protect critical cyber assets.

Cyber Warfare and the Challenges That Exist in the Cyber Domain

This chapter studies the cyber warfare phenomenon in all its dimensions in order to provide a wide conceptualization of factors and elements, strategies, generations, and theoretical models. On the second part of the chapter, a set of definitions is introduced in order to gain a common field of conceptual agreement for the explanation of the main theoretical models that have been developed for the cyber domain. The third section presents the dual cyber warfare model applicable to military and corporate environments. The authors conclude that cyber warfare is perhaps the most radical consequence of the knowledge era and must be systematically analyzed from both perspectives: empirical-practical and theoretical-conceptual.

Electronic Discovery (E-Discovery)

The objective of this chapter is to review the concept of electronic discovery(e-discovery) paying special attention to the legally established procedures for consideration as digital evidence, to the computer tools developed for obtaining them, as well as to the historical background that frame its origin. The authors review techniques and functionalities associated with advanced information systems and describe the possibilities and limits for the evaluation and exploitation of electronic discoveries in the cloud, in social networks, as well as in bring your own device (BYOD), big data, or business intelligence settings. It also includes a review of the reference frameworks, standards, and resources associated with the EDRM model (electronic discovery reference model).

Cybersecurity Incident Response and Management

This chapter presents a systematic literature review on best practices regarding cybersecurity incident response handling and incident management. The study identifies incident handling models that are used worldwide when responding to any type of cybersecurity incident. The authors highlight the importance of understanding the current cyber threat landscape in any incident response team and their standard operations procedures. The chapter provides guidelines for building a cybersecurity incident team in terms of incident categorization, capabilities, tasks, incident cost calculation, and metrics.