Global adversarial capability modeling

Spring, Jonathan M.; Kern, Sarah; Summers, Alec

doi:10.1109/ecrime.2015.7120797

Cited by 6 publications

(4 citation statements)

References 9 publications

(8 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…MITRE Corporation [126] on whether cybersecurity is a science is not within our current, relatively narrow scope. However, since CSIR is an important subset of cybersecurity, whether security investigations are a kind 23 As a convenient sample, one of the authors has presented at Anti-Phishing Working Group (APWG) [161,164] and attended InfraGuard meetings, and does not expect there would be significant benefit in expanding the scope to include them. Likewise, the same author has interacted with several Information Sharing and Analysis Centers (ISACs), and reviewed their available materials (Research and Education Networking ISAC (REN-ISAC) and Financial Services ISAC (FS-ISAC) especially) and does not believe they have any documents of importance to our topic.…”

Section: Documents Referenced By First As Tablementioning

confidence: 99%

Review of Human Decision-making during Computer Security Incident Analysis

Spring

Illari

2021

Digital Threats

View full text Add to dashboard Cite

We review practical advice on decision-making during computer security incident response. Scope includes standards from the IETF, ISO, FIRST, and the US intelligence community. To focus on human decision-making, the scope is the evidence collection, analysis, and reporting phases of response, which includes human decision-making within and connecting these phases. The results indicate both strengths and gaps. A strength is available advice on how to accomplish many specific tasks. However, there is little guidance on how to prioritize tasks in limited time or how to interpret, generalize, and convincingly report results. Future work should focus on these gaps in explication and specification of decision-making during incident analysis.

show abstract

Section: Documents Referenced By First As Tablementioning

confidence: 99%

Review of Human Decision-making during Computer Security Incident Analysis

Spring

Illari

2021

Digital Threats

View full text Add to dashboard Cite

show abstract

“…One example cited by respondents is malware attacks to ATMs, and another case recently reported by the international press is malware attack to conduct fraud by using the SWIFT network [39]. These two cases as well as the ongoing global development of adversarial cyber capabilities [40] suggest that the Ecuadorian financial sector necessitates preparation for even more aggressive attacks than those confronted so far. As part of such an endeavor, financial institutions could benefit from applying models such as the "adversarial capability chain" to support prediction of threats' movements and their proficiencies [40].…”

Section: Externalitiesmentioning

confidence: 99%

“…Lockheed Martin's cyber kill chain (CKC) allows us to recognize the stages taken by advanced adversaries' during cyber intrusions and helps identify discrete attacks connected to intrusive campaigns [92]. The "global adversarial capability chain model" intends to expand the time-frame in which security analysts can investigate and predict adversaries behavior against a particular software system [40]. The diamond model for intrusion analysis [93] identifies and analyzes granular, essential elements (e.g.…”

Section: Information Sharing Programmentioning

confidence: 99%

Cybersecurity incident response capabilities in the Ecuadorian financial sector

Catota

Morgan

Sicker

2018

Journal of Cybersecurity

View full text Add to dashboard Cite

Cyber-threats have been successfully targeting the financial sector worldwide. While much of the efforts and resources to address the risk imposed by these cyber threats are directed at developed economies, far less attention has been devoted to developing nations. Because many of these nations have modest cyber capabilities, their ability to respond to cyber-attacks can be limited, yet they need to respond to these attacks to protect their critical financial infrastructure. This study explores the challenges that the Ecuadorian financial industry confronts when dealing with cybersecurity incidents and examines two potential strategies often applied in the developed world-"Computer Security Incident Response Teams (CSIRT)" and "information sharing"-to improve the sector's cybersecurity capabilities to respond to the associated risk. Thirty-three semistructured interviews with multiple stakeholders (financial security managers and security officers, authorities, and managers at Internet service providers) were conducted using both structured and open-ended questions, and two cyber-attacks scenarios. Based upon a qualitative text analysis, this work reports on experiences with security incidents, barriers to responding to threats, and stakeholders' desired responses. We find that the Ecuadorian financial sector already confronts cybersecurity risks, driven by both outsiders and insiders, which result in fraud and operational failures. The sector faces constraints imposed by computer users' lack of awareness, scarcity of financial and technical resources, and challenges imposed by the ecosystem, such as little community support and weaknesses in the legal framework that has only recently been somewhat strengthened. In the pursuit of improvement, stakeholders' postures suggest that there is an opportunity to establish better incident response strategies for the Ecuadorian financial services through the creation of a CSIRT and an information-sharing program. To decrease uncertainty about threats, stakeholders are more likely to share technical information as opposed to quantitative information about security incidents.

show abstract

“…As a convenient sample, I have presented at APWG(Spring, 2013;Spring et al, 2015) and attended InfraGuard meetings, and I do not expect there would be significant benefit in expanding the scope to include them. Likewise, I have interacted with several ISACs, and reviewed their available materials (Research and Education Networking Information Sharing and Analysis Center (ISAC) (REN-ISAC) and Financial Services Information Sharing and Analysis Center (ISAC) (FS-ISAC) especially) and do not believe they have any documents of importance to our topic.…”

mentioning

confidence: 99%

Review of human decision-making during computer security incident analysis

Spring¹,

Illari²

2019

Preprint

View full text Add to dashboard Cite

We review practical advice on decision-making during computer security incident response. Scope includes standards from the IETF, ISO, FIRST, and the US intelligence community. To focus on human decisionmaking, the scope is the evidence collection, analysis, and reporting phases of response. The results indicate both strengths and gaps. A strength is available advice on how to accomplish many specific tasks. However, there is little guidance on how to prioritize tasks in limited time or how to interpret, generalize, and convincingly report results. Future work should focus on these gaps in explication and specification of decision-making during incident analysis.2 See also:"The question you must accept is not whether security incidents will occur, but rather how quickly they can be identified and resolved." https://www.gartner.com/smarterwithgartner/prepare-for-the-inevitable-security-incident/

show abstract

Global adversarial capability modeling

Cited by 6 publications

References 9 publications

Review of Human Decision-making during Computer Security Incident Analysis

Review of Human Decision-making during Computer Security Incident Analysis

Cybersecurity incident response capabilities in the Ecuadorian financial sector

Review of human decision-making during computer security incident analysis

Contact Info

Product

Resources

About