IT Security Trust Model - Securing the Human Perimeter

Vuuren, Ileen E. Van

doi:10.18178/ijssh.2016.v6.761

Cited by 3 publications

(2 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, from the perspective of the delivery path, we identify two main views for an organization security perimeter: the logical and the physical view. The human fact is a key piece in security that has been largely analyzed [59][60][61], and some even works [62][63][64] define a human perimeter for organizations. However, we will focus on the logical and physical perimeters: although many delivery techniques, such as spear phishing, rely on human vulnerabilities, the delivery itself has to be performed, breaking a logical or a physical protection.…”

Section: Our Proposalmentioning

confidence: 99%

A Taxonomy for Threat Actors’ Delivery Techniques

2022

View full text Add to dashboard Cite

The main contribution of this paper is to provide an accurate taxonomy for delivery techniques, which allows the detection of novel techniques and the identification of appropriate countermeasures. Delivery is a key stage for offensive cyber operations. During delivery, a threat actor tries to gain an initial foothold into the targeted infrastructure. It is the first step of an offensive cyber operation, where the threat actor interacts with its victim in a hostile way; thus, its success is mandatory for the global achievement of the operation. However, delivery techniques are not well structured among the literature, being in many cases a simple list of techniques with which, if one of them is slightly modified by the threat actor, its detection becomes very difficult. This situation hinders the modeling of hostile actors, a fact that makes it difficult to identify countermeasures to detect and neutralize their malicious activities. In this work, we analyze the current delivery techniques’ classification approaches and the problems linked to them. From this analysis, we propose a novel taxonomy that allows the accurate classification of techniques, overcoming the identified problems and allowing both the discovery of new techniques and the detection of gaps in deployed countermeasures. Our proposal significantly reduces the amount of effort needed to identify, analyze, and neutralize hostile activities from advanced threat actors, in particular their initial access stage. It follows a logical structure that can be easy to expand and adapt, and it can be directly used in the industry’s commonly accepted standards, such as MITRE ATT&CK.

show abstract

Section: Our Proposalmentioning

confidence: 99%

A Taxonomy for Threat Actors’ Delivery Techniques

2022

View full text Add to dashboard Cite

show abstract

“…Finally, from the perspective of the delivery path, we identify two main views for an organization security perimeter: the logical and the physical view. The human fact is a key piece in security that has been largely analyzed [36,147,240], and some even works [44,600,639] define a human perimeter for organizations. However, we will focus on the logical and physical perimeters: although many delivery techniques, such as spear phishing, rely on human vulnerabilities, the delivery itself has to be performed, breaking a logical or a physical protection.…”

Section: Our Proposalmentioning

confidence: 99%

Modeling of Advanced Threat Actors: Characterization, Categorization and Detection

Huerta¹

View full text Add to dashboard Cite

show abstract

A Model of Human Factors in Cyber Security

Ebrahimi

2022

Advances in Social Networking and Online Communities

View full text Add to dashboard Cite

Data has become the new trading currency in today's competitive environment. The human factor is still seen as a significant threat through social engineering channels, despite the advanced technological controls implemented by organizations. Companies can implement appropriate technical solutions, but they are still unable to control the human factor. The aim of the chapter is to better understand the role of human factors in information security. For this purpose, it provides a model that focuses on human-security elements including management commitment, skills, experiences, self-efficacy of human resources, and security culture and training as the vulnerable factors in information security issues. Quantitative methodology and statistical technique are used for analysis. Thus, the main contribution of this research is to present a model of human resource factors in information security that can be applied in several case studies, and the results can be compared.

show abstract

IT Security Trust Model - Securing the Human Perimeter

Cited by 3 publications

References 31 publications

A Taxonomy for Threat Actors’ Delivery Techniques

A Taxonomy for Threat Actors’ Delivery Techniques

Modeling of Advanced Threat Actors: Characterization, Categorization and Detection

A Model of Human Factors in Cyber Security

Contact Info

Product

Resources

About