All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Addressing insider attacks via forensic-ready risk management

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F23%3A00130246" target="_blank" >RIV/00216224:14330/23:00130246 - isvavai.cz</a>

  • Result on the web

    <a href="https://www.sciencedirect.com/science/article/pii/S2214212623000182" target="_blank" >https://www.sciencedirect.com/science/article/pii/S2214212623000182</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1016/j.jisa.2023.103433" target="_blank" >10.1016/j.jisa.2023.103433</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Addressing insider attacks via forensic-ready risk management

  • Original language description

    Cyberattacks perpetrated by insiders are difficult to prevent using traditional security approaches. Often, such attackers misuse legitimate access to the system to conduct an attack, or an external attacker manipulates or masquerades as an insider to gain access, bypassing the security controls. A possible solution to this problem are forensic-ready software systems that support the eventual forensic investigation. For example, assuring that appropriate evidence of an attack would be generated and assessable if needed. While not primarily aimed at prevention, the controls of forensic-ready systems can be used to ensure reliable post-incident investigation in the case of an insider attack. Currently, however, there is a gap in adequate methods for identifying requirements and assessment of such systems. Therefore, we propose FR-ISSRM, a risk management approach to derive the forensic readiness requirements addressing insider attacks. The requirements, once implemented, assist in the reliable uncovering culprit, root cause, damage of the attack, and overall improvement of security posture. The approach is then demonstrated in three cases covering typical insider attacks.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    10200 - Computer and information sciences

Result continuities

  • Project

    <a href="/en/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2023

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    JOURNAL OF INFORMATION SECURITY AND APPLICATIONS

  • ISSN

    2214-2126

  • e-ISSN

    2214-2134

  • Volume of the periodical

    73

  • Issue of the periodical within the volume

    March 2023

  • Country of publishing house

    NL - THE KINGDOM OF THE NETHERLANDS

  • Number of pages

    17

  • Pages from-to

    103433

  • UT code for WoS article

    000926717100001

  • EID of the result in the Scopus database

    2-s2.0-85147247466

Similar results(10)

BPMN4FRSS: An BPMN Extension to Support Risk-Based Development of Forensic-Ready Software SystemsA Case Study on the Impact of Forensic-Ready Information Systems on the Security PostureForensic experts' view of forensic-ready software systems: A qualitative study