Addressing insider attacks via forensic-ready risk management

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F23%3A00130246" target="_blank" >RIV/00216224:14330/23:00130246 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.sciencedirect.com/science/article/pii/S2214212623000182" target="_blank" >https://www.sciencedirect.com/science/article/pii/S2214212623000182</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1016/j.jisa.2023.103433" target="_blank" >10.1016/j.jisa.2023.103433</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Addressing insider attacks via forensic-ready risk management

Popis výsledku v původním jazyce

Cyberattacks perpetrated by insiders are difficult to prevent using traditional security approaches. Often, such attackers misuse legitimate access to the system to conduct an attack, or an external attacker manipulates or masquerades as an insider to gain access, bypassing the security controls. A possible solution to this problem are forensic-ready software systems that support the eventual forensic investigation. For example, assuring that appropriate evidence of an attack would be generated and assessable if needed. While not primarily aimed at prevention, the controls of forensic-ready systems can be used to ensure reliable post-incident investigation in the case of an insider attack. Currently, however, there is a gap in adequate methods for identifying requirements and assessment of such systems. Therefore, we propose FR-ISSRM, a risk management approach to derive the forensic readiness requirements addressing insider attacks. The requirements, once implemented, assist in the reliable uncovering culprit, root cause, damage of the attack, and overall improvement of security posture. The approach is then demonstrated in three cases covering typical insider attacks.

Název v anglickém jazyce

Addressing insider attacks via forensic-ready risk management

Popis výsledku anglicky

Cyberattacks perpetrated by insiders are difficult to prevent using traditional security approaches. Often, such attackers misuse legitimate access to the system to conduct an attack, or an external attacker manipulates or masquerades as an insider to gain access, bypassing the security controls. A possible solution to this problem are forensic-ready software systems that support the eventual forensic investigation. For example, assuring that appropriate evidence of an attack would be generated and assessable if needed. While not primarily aimed at prevention, the controls of forensic-ready systems can be used to ensure reliable post-incident investigation in the case of an insider attack. Currently, however, there is a gap in adequate methods for identifying requirements and assessment of such systems. Therefore, we propose FR-ISSRM, a risk management approach to derive the forensic readiness requirements addressing insider attacks. The requirements, once implemented, assist in the reliable uncovering culprit, root cause, damage of the attack, and overall improvement of security posture. The approach is then demonstrated in three cases covering typical insider attacks.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

<a href="/cs/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

JOURNAL OF INFORMATION SECURITY AND APPLICATIONS

ISSN

2214-2126

e-ISSN

2214-2134

Svazek periodika

73

Číslo periodika v rámci svazku

March 2023

Stát vydavatele periodika

NL - Nizozemsko

Počet stran výsledku

17

Strana od-do

103433

Kód UT WoS článku

000926717100001

EID výsledku v databázi Scopus

2-s2.0-85147247466