Organizational Cybersecurity: Advanced Cyber Defense, Cyber Analytics, and Security Operations

Permanent URI for this collection


Recent Submissions

Now showing 1 - 7 of 7
  • Item
    Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications
    ( 2022-01-04) Cram, W. Alec ; Mouajou-Kenfack, Rissaile
    The growing frequency of cybersecurity incidents commonly requires organizations to notify customers of ongoing events. However, the content contained within these notifications varies widely, including differences in the level of detail, apportioning of blame, compensation, and corrective action. This study seeks to identify patterns contained within cybersecurity incident notifications by constructing a typology of organizational responses. Based on a detailed review of 465 global cybersecurity incidents that occurred during the first half of 2020, we obtained and qualitatively analyzed 187 customer notifications. Our results reveal three distinct organizational response types associated with the level of detail contained within the notification (full transparency, guarded, opacity), as well as three additional response types associated with the benefitting party (customer interest, balanced interest, company interest). This work extends past classifications of cybersecurity incident notifications and provides a template of possible notification approaches that could be adopted by organizations.
  • Item
    Overcoming Cloud Concerns with Trusted Execution Environments? Exploring the Organizational Perception of a Novel Security Technology in Regulated Swiss Companies
    ( 2022-01-04) Geppert, Tim ; Anderegg, Jan ; Frei, Leoncio ; Moeller, Simon ; Deml, Stefan ; Sturzenegger, David ; Ebert, Nico
    Trusted execution environments are a new approach for isolating data, specific parts of code, or an entire application within untrusted cloud environments. This emerging security technology could also enable the migration to cloud infrastructures for organizations working with highly sensitive data. As current research does not address the organizational perception of trusted execution environments (TEEs), we conducted an explorative study to clarify the technological, environmental, and organizational views on this technology by health care, life sciences, and banking companies in Switzerland. The interview findings show that in these industries, missing technological knowledge as well as privacy and process regulation are perceived to be the most critical driver for organizational adoption of TEEs. The identified low intrinsic motivation to adopt novel technologies permits us to conclude that clarifying the regulatory impact of TEEs could drive future adoption by organizations.
  • Item
    New Insights into the Justifiability of Organizational Information Security Policy Noncompliance: A Case Study
    ( 2022-01-04) Soliman, Wael ; Mohammadnazar, Hojat
    Information security policies as apparatus for communicating security principles with employees are the cornerstone of organizational information security. Resultantly, extant literature has looked at different theories to better understand the noncompliance problem. Neutralization theory is emerging as one of the most popular approaches, not only as an explanation but also as a solution. In this in-depth qualitative study, we ask the question ‘how do employees justify violating the ISP’? Our findings reveal nine rationalizing techniques, three of which have not been recognized in previous research. We label them ‘I follow my own rules’, ‘matter of mere legality’ and ‘defense of uniqueness’. But more importantly, our in-depth insights point to the danger of taking these rationalizations out of context, since without context, it becomes impossible to judge whether the behavior or the rule, needs correcting, reflecting a dilemma recognized in the original writing of neutralization theory, which has since been forgotten.
  • Item
    Network Inspection Using Heterogeneous Sensors for Detecting Strategic Attacks
    ( 2022-01-04) Mccann, Bobak ; Dahan, Mathieu
    We consider a two-player network inspection game, in which a defender positions heterogeneous sensors according to a probability distribution in order to detect multiple attacks caused by a strategic attacker. We assume the defender has access to multiple types of sensors that can potentially differ in their accuracy. The objective of the defender (resp. attacker) is to minimize (resp. maximize) the expected number of undetected attacks. We derive a Nash equilibrium of this zero-sum game under the assumption that each component in the network can be monitored from a unique sensor location. We then leverage our constructed Nash equilibrium to provide approximate solutions to the general case by solving a minimum set cover problem. Our results illustrate the performance and computational advantage of our solution approach, as well as the value of strategically leveraging heterogeneous sensors to protect critical networks against attacks.
  • Item
    Cyber Security vs. Digital Innovation: A Trade-off for Logistics Companies?
    ( 2022-01-04) Heierhoff, Sebastian ; Hoffmann, Nils
    Digital innovations are essential for companies in the 21st century. However, due to their reliance on (new) technologies, they are associated with cybersecurity risks. As the reduction of these can negatively affect an organization’s innovation capability, a trade-off might result. This trade-off has, to our knowledge, not yet been sufficiently researched. Our paper contributes to closing this research gap using semi-structured interviews with 14 digital innovation and cybersecurity experts in the German logistics industry. Findings from these interviews suggest that there are different types of tensions between digital innovation and cybersecurity capabilities detrimentally influencing innovations in three ways: by slowing down (temporally), requiring more resources (economically), or restricting innovative freedom (functionally). Furthermore, we were able to identify triggering and resolving factors. Thereby, our paper offers valuable contributions from both a theoretical as well as practical perspective.
  • Item
    Actionable Intelligence-Oriented Cyber Threat Modeling Framework
    ( 2022-01-04) Shin, Bongsik ; Elkins, Aaron ; Larson, Lance ; Cameron, Lance ; Perez, Marc
    Amid the growing challenges of cybersecurity, the new paradigm of cyber threat intelligence (or CTI) has gained momentum to better deal with cyber threats. There, however, has been one fundamental and very practical problem of information overload organizations face in constructing an effective CTI program. We developed a cyber threat intelligence prototype that automatically and dynamically performs the correlation of business assets, vulnerabilities, and cyber threat information in a scoped setting to remediate the challenge of information overload. Conveniently called TIME (for Threat Intelligence Modeling Environment), it repeats the cycle of: (1) collect internal asset data; (2) gather vulnerability and threat data; (3) correlate vulnerabilities with assets; and (4) derive CTI and alerts significant internal asset-related vulnerabilities in a timely manner. For this, it takes advantage of CTI reports produced by online sites and several NIST standards intended to formalize vulnerability and threat management.
  • Item
    Introduction to the Minitrack on Organizational Cybersecurity: Advanced Cyber Defense, Cyber Analytics, and Security Operations
    ( 2022-01-04) Shepherd, Morgan ; Steiner, Stuart ; Conte De Leon, Daniel ; Plachkinova, Miloslava