Digitala Vetenskapliga Arkivet

Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Cybersecurity Incident Response: A Socio-Technical Approach
Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.ORCID-id: 0000-0002-5701-2569
2019 (engelsk)Doktoravhandling, med artikler (Annet vitenskapelig)
Abstract [en]

This thesis examines the cybersecurity incident response problem using a socio-technical approach. The motivation of this work is the need to bridge the knowledge and practise gap that exists because of the increasing complexity of cybersecurity threats and our limited capability of applying cybersecurity controls necessary to adequately respond to these threats. Throughout this thesis, knowledge from Systems Theory, Soft Systems Methodology and Socio-Technical Systems is applied to examine and document the socio-technical properties of cybersecurity incident response process. The holistic modelling of cybersecurity incident response process developed concepts and methods tested to improve the socio-technical security controls and minimise the existing gap in security controls.

The scientific enquiry of this thesis is based on pragmatism as the underpinning research philosophy.  The thesis uses a design science research approach and embeds multiple research methods to develop five artefacts (concept, model, method, framework and instantiation) outlined in nine peer-reviewed publications. The instantiated artefact embraces the knowledge developed during this research to provide a prototype for a socio-technical security information and event management system (ST-SIEM) integrated with an open source SIEM tool. The artefact relevance was validated through a panel of cybersecurity experts using a Delphi method. The Delphi method indicated the artefact can improve the efficacy of handling cybersecurity incidents.

sted, utgiver, år, opplag, sider
Stockholm: Department of Computer and Systems Sciences, Stockholm University , 2019. , s. 133
Serie
Report Series / Department of Computer & Systems Sciences, ISSN 1101-8526 ; 19-007
Emneord [en]
cybersecurity incident response, SIEM, cybersecurity warning systems, socio-technical approach, organisation security culture
HSV kategori
Forskningsprogram
data- och systemvetenskap
Identifikatorer
URN: urn:nbn:se:su:diva-167873ISBN: 978-91-7797-715-5 (tryckt)ISBN: 978-91-7797-716-2 (digital)OAI: oai:DiVA.org:su-167873DiVA, id: diva2:1303567
Disputas
2019-06-07, L30, NOD-huset, Borgarfjordsgatan 12, Kista, 10:00 (engelsk)
Opponent
Veileder
Tilgjengelig fra: 2019-05-15 Laget: 2019-04-10 Sist oppdatert: 2022-02-26bibliografisk kontrollert
Delarbeid
1. A cultural adaption model for global cyber security warning systems: A socio-technical proposal
Åpne denne publikasjonen i ny fane eller vindu >>A cultural adaption model for global cyber security warning systems: A socio-technical proposal
2011 (engelsk)Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

In this paper we explore the problems of developing a cyber security warning system both from a theoretical and practical perspective. We review some of the current development in warning systems around the world and we also examine the security metrics area. We then expanded on a proposed socio-technical coordinate system for global cyber security alerts and adapted it to an information security culture framework.

sted, utgiver, år, opplag, sider
Mosharaka for Researches and Studies, 2011
Emneord
cyber security, alert systems, security metrics, socio-technical security systems
HSV kategori
Forskningsprogram
data- och systemvetenskap
Identifikatorer
urn:nbn:se:su:diva-153287 (URN)
Konferanse
MIC-CNIT 2011 - Mosharaka International Conference on Communications, Networking and Information Technology, Dubai, United Arab Emirates, 2011
Tilgjengelig fra: 2018-02-23 Laget: 2018-02-23 Sist oppdatert: 2022-02-28
2. Developing social metrics for security: modeling the security culture of it workers individuals (Case study)
Åpne denne publikasjonen i ny fane eller vindu >>Developing social metrics for security: modeling the security culture of it workers individuals (Case study)
2012 (engelsk)Inngår i: Proceedings of the 5th International Conference on Communications, Computers and Applications (MIC-CCA2012), IEEE, 2012, s. 112-118Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

In this short paper we present and discuss the findings of a case study aimed at developing social security metrics for modeling the security culture of certain individuals. Using these metrics we have modeled the security culture of IT workers individuals from Saudi Arabia. We suggest these metrics can be used for modeling and comparing different security cultures to develop a global security culture required for effective global response to cyber security issues. We start by reviewing the latest research on the social aspects of information security. Then we highlight the history of the under-development social security metrics. Afterward we discuss the setup of the case study and the methodology used. Finally, we discuss the experiment results and suggested further research work.

sted, utgiver, år, opplag, sider
IEEE, 2012
Serie
Mosharaka conference paper, E-ISSN 2227-331X
Emneord
Social Security Metrics, Security Mental Models, Security Culture, Risk Management, Security Controls
HSV kategori
Forskningsprogram
data- och systemvetenskap
Identifikatorer
urn:nbn:se:su:diva-100726 (URN)978-1-4673-5230-7 (ISBN)978-1-938302-07-7 (ISBN)
Konferanse
The 5th International Conference on Communications, Computers and Applications (MIC-CCA2012), Istanbul, Turkey, 12-14 October, 2012
Tilgjengelig fra: 2014-02-12 Laget: 2014-02-12 Sist oppdatert: 2022-02-24bibliografisk kontrollert
3. ST(CS)2 - Featuring socio-technical cyber security warning systems
Åpne denne publikasjonen i ny fane eller vindu >>ST(CS)2 - Featuring socio-technical cyber security warning systems
2012 (engelsk)Inngår i: Proceedings of the 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), IEEE, 2012, s. 312-316Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

In this short paper we propose a socio-technical framework for developing cyber security warning systems. We start by reviewing latest research and theories on socio-technical nature of information systems security. We then show the need to consider the social dimension of information systems security as recommended by number of global security consortiums. Afterward we review the development of some of the main currently existing global cyber security warning systems. Finally we present our suggested socio-technical coordination platform to feature socio-technical enabled cyber security warning systems.

sted, utgiver, år, opplag, sider
IEEE, 2012
Emneord
Security culture, Socio-technical cyber security warning systems, cyber security, security mental models
HSV kategori
Forskningsprogram
data- och systemvetenskap
Identifikatorer
urn:nbn:se:su:diva-100737 (URN)10.1109/CyberSec.2012.6246110 (DOI)978-1-4673-1425-1 (ISBN)978-1-4673-1426-8 (ISBN)
Konferanse
International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), Kuala Lumpur, Malaysia, 26-28 June, 2012
Tilgjengelig fra: 2014-02-12 Laget: 2014-02-12 Sist oppdatert: 2022-02-24bibliografisk kontrollert
4. The Impact of Business-IT Alignment on Information Security Process
Åpne denne publikasjonen i ny fane eller vindu >>The Impact of Business-IT Alignment on Information Security Process
2014 (engelsk)Inngår i: HCI in Business: Proceedings / [ed] Fiona Fui-Hoon Nah, Springer, 2014, s. 25-36Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Business-IT Alignment (BITA) has the potential to link with organi-zational issues that deal with business-IT relationships at strategic, tactical and operational levels. In such context, information security process (ISP) is one of the issues that can be influenced by BITA. However, the impact has yet not been researched. This paper investigates the BITA impact on ISP. For this in-vestigation, the relationships of elements of the Strategic Alignment Model and the components of Security Values Chain Model are considered. The research process is an in-depth literature survey followed by case study in two organiza-tions located in United States and the Middle East. The results show clear impact of BITA on how organizations would distribute allocated security budget and resources based on the needs and risk exposure. The results should support both practitioners and researchers to gain improved insights of the relationships between BITA and IT security components.

sted, utgiver, år, opplag, sider
Springer, 2014
Serie
Lecture Notes in Computer Science, ISSN 0302-9743 ; 8527
Emneord
Business-IT alignment, BITA, Information Security Process, Security Value Chain, Security Culture
HSV kategori
Forskningsprogram
data- och systemvetenskap
Identifikatorer
urn:nbn:se:su:diva-111860 (URN)10.1007/978-3-319-07293-7_3 (DOI)978-3-319-07292-0 (ISBN)978-3-319-07293-7 (ISBN)
Konferanse
First International Conference, HCIB 2014, Held as Part of HCI International 2014, Heraklion, Crete, Greece, June 22-27, 2014
Tilgjengelig fra: 2015-01-08 Laget: 2015-01-08 Sist oppdatert: 2022-02-23bibliografisk kontrollert
5. A Prototype For HI²Ping Information Security Culture and Awareness Training
Åpne denne publikasjonen i ny fane eller vindu >>A Prototype For HI²Ping Information Security Culture and Awareness Training
2012 (engelsk)Inngår i: 2012 International Conference on E-Learning and E-Technologies in Education (ICEEE), IEEE, 2012, s. 32-36Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

In this short paper, we propose a security culture and awareness training platform that suite different learning styles and preferences. The objective is to operationalize the platform for improving individuals security awareness and learn more about their security mental models as well as how their cultural background influence their perception of security. Useful application of the tool is to enhance the effectiveness of security knowledge transfer in a security incident response process management and to develop staff commitment to security policies at organizations. The tool can also help on enabling a global security culture by creating a common understanding of security best practices. Qualitative results show the tool can play a promising role in security education as it combines different mediums for communicating the required information to fit the audience different learning styles.

sted, utgiver, år, opplag, sider
IEEE, 2012
Emneord
Security Culture, Security Mental Models, Learning Styles, Security Awareness
HSV kategori
Forskningsprogram
data- och systemvetenskap
Identifikatorer
urn:nbn:se:su:diva-100722 (URN)10.1109/ICeLeTE.2012.6333397 (DOI)978-1-4673-1679-8 (ISBN)978-1-4673-1678-1 (ISBN)
Konferanse
2012 International Conference on e-Learning and e-Technologies in Education (ICEEE), Lodz, Poland, 24-26 September, 2012
Tilgjengelig fra: 2014-02-12 Laget: 2014-02-12 Sist oppdatert: 2022-02-24bibliografisk kontrollert
6. Security from a Systems Thinking Perspective - Applying Soft Systems Methodology to the Analysis of an Information Security Incident
Åpne denne publikasjonen i ny fane eller vindu >>Security from a Systems Thinking Perspective - Applying Soft Systems Methodology to the Analysis of an Information Security Incident
2014 (engelsk)Inngår i: Proceedings of the 58th Meeting of ISSS, Washington DC, USA, July 2014, International Society for the Systems Sciences (ISSS) , 2014Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Applying systems theory to information security enables security analysts to consider the socio-technical role of the security system instead of only focusing on the technical part. Systems theory can also equip security analysts with the skills required to have a holistic and an abstract level of understanding of the security problem in their organisations and to proactively define and evaluate existing risks. The Soft Systems Methodology (SSM) developed by Peter Checkland was created in order to deal with unstructured situations where human beings are part of the socio-technical system. In this paper, SSM is applied as a framework to diagnose a real case security incident in an organisation. The purpose of this application is to demonstrate how the methodology can be considered a beneficial tool for security analysts during security incident management and risk analysis. Literature review and experience indicate an existing lack of customisable incident response tools that facilitate communication and elaboration within organizations during incident management. In addition to the fact that these tools are mainly technical and don’t take the human factor into consideration. Using SSM as such, we define the security attack as a human activity transformation system that transforms a security event triggered by an attacker into a security breach that cause damage to the victim organisation. The attack system is then modelled to include a number of dependent activity sub-systems that interact with each other and their environment including the security control activity systems. By having such systemic perception of a security attack, security analysts, we suggest, can have a holistic perception under what conditions a security attack has succeeded and what elements of the socio-technical system and its environment should have been considered in order to mitigate and reduce the risk exposure.

sted, utgiver, år, opplag, sider
International Society for the Systems Sciences (ISSS), 2014
Serie
Proceedings of the annual meeting of the ISSS, E-ISSN 1999-6918
Emneord
SSM, Socio-Technical Approach, Information Security, Security Approach, Security Incident
HSV kategori
Forskningsprogram
data- och systemvetenskap
Identifikatorer
urn:nbn:se:su:diva-114736 (URN)978-1-5108-0371-8 (ISBN)
Konferanse
The 58th Meeting of ISSS, Washington DC, USA, 27 July – 1 August, 2014
Tilgjengelig fra: 2015-03-09 Laget: 2015-03-09 Sist oppdatert: 2022-02-23bibliografisk kontrollert
7. A Socio-technical Framework for Threat Modeling a Software Supply Chain
Åpne denne publikasjonen i ny fane eller vindu >>A Socio-technical Framework for Threat Modeling a Software Supply Chain
2015 (engelsk)Inngår i: IEEE Security and Privacy, ISSN 1540-7993, E-ISSN 1558-4046, Vol. 13, nr 4, s. 30-39Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

A new framework performs security threat modeling for a global software supply chain. The threat modeling is based on a case study from the Swedish Armed Forces. After a review of current practices and theories for threat modeling of a software supply chain, the authors suggest a socio-technical framework for studying the software supply chain security problem from a systemic viewpoint. The framework addresses issues of modeling the target system, identifying threats, and analyzing countermeasures.

Emneord
security, threat modeling, software supply chain, sociotechnical framework, social-technical approach
HSV kategori
Identifikatorer
urn:nbn:se:su:diva-120102 (URN)10.1109/MSP.2015.72 (DOI)000359253100006 ()
Tilgjengelig fra: 2015-09-03 Laget: 2015-09-01 Sist oppdatert: 2019-04-17bibliografisk kontrollert
8. A Framework and Prototype for A Socio-Technical Security Information and Event Management System (ST-SIEM)
Åpne denne publikasjonen i ny fane eller vindu >>A Framework and Prototype for A Socio-Technical Security Information and Event Management System (ST-SIEM)
2016 (engelsk)Inngår i: 2016 European Intelligence and Security Informatics Conference: Proceedings / [ed] Joel Brynielsson, Fredrik Johansson, IEEE Computer Society, 2016, s. 192-195Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

In this short paper we present a socio-technical framework for integrating a security risk escalation maturity model into a security information and event management system. The objective of the framework is to develop the foundations for the next generation socio-technical security information and event management systems (ST-SIEMs) enabling socio-technical security operations centers (ST-SOCs). The primary benefit of the socio-technical framework is twofold: supporting organizations in overcoming the identified limitations in their security risk escalation maturity, and supporting SOCs in overcoming the limitations of their SIEMs. The risk escalation maturity level is quantified using metrics. These metrics are then used by SIEMs for cross correlating security events before they are disseminated to respective organizations. Typical SIEMs in use today calculate security events using generic risk factors not necessarily relevant for every organization. The proposed framework can enable security administrators to effectively and efficiently manage security warnings and to establish necessary countermeasures.

sted, utgiver, år, opplag, sider
IEEE Computer Society, 2016
Emneord
SIEM, Socio-Technical SIEM, SOC, Risk Escalation
HSV kategori
Forskningsprogram
data- och systemvetenskap
Identifikatorer
urn:nbn:se:su:diva-153268 (URN)10.1109/EISIC.2016.049 (DOI)978-1-5090-2857-3 (ISBN)
Konferanse
2016 European Intelligence and Security Informatics Conference, Uppsala, Sweden, 17–19 August 2016
Tilgjengelig fra: 2018-02-23 Laget: 2018-02-23 Sist oppdatert: 2022-02-28bibliografisk kontrollert
9. Socio-Technical SIEM (ST-SIEM): Towards Bridging the Gap in Security Incident Response
Åpne denne publikasjonen i ny fane eller vindu >>Socio-Technical SIEM (ST-SIEM): Towards Bridging the Gap in Security Incident Response
2017 (engelsk)Inngår i: International Journal of Systems and Society, ISSN 2327-3984, Vol. 4, nr 2, s. 8-21, artikkel-id 2Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

This article discusses the design and specifications of a Socio-Technical Security Information and Event Management System (ST-SIEM). This newly-developed artifact addresses an important limitation identified in today incident response practice—the lack of sufficient context in actionable security information disseminated to constituent organizations. ST-SIEM tackles this limitation by considering the socio-technical aspect of information systems security. This concept is achieved by correlating the technical metrics of security warnings (which are generic in nature, and the sources of which are sometimes unknown) with predefined social security metrics (used for modeling the security culture of constituent organizations). ST-SIEM, accordingly, adapts the risk factor of the triggered security warning based on each constituent organization security culture. Moreover, the artifact features several socio-technical taxonomies with an impact factor to support organizations in classifying, reporting, and escalating actionable security information. The overall project uses design science research as a framework to develop the artifact.

Emneord
socio-technical, Security Information and Event Management System, SIEM, ST-SIEM, taxonomies, information systems security, incident response
HSV kategori
Forskningsprogram
data- och systemvetenskap
Identifikatorer
urn:nbn:se:su:diva-149438 (URN)10.4018/IJSS.2017070102 (DOI)
Tilgjengelig fra: 2017-11-30 Laget: 2017-11-30 Sist oppdatert: 2023-07-22bibliografisk kontrollert

Open Access i DiVA

Cybersecurity Incident Response(12211 kB)9249 nedlastinger
Filinformasjon
Fil FULLTEXT01.pdfFilstørrelse 12211 kBChecksum SHA-512
0fc066cd2f4bb5babe5ff48dc3f69feef35099b3e75c3a52f5abb94dd8d3945d4d5f74b75a63eabe51f7c0bb2fd5ec95b14c057b35b95304cab602f6e98cc58a
Type fulltextMimetype application/pdf

Søk i DiVA

Av forfatter/redaktør
Al Sabbagh, Bilal
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 9255 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

isbn
urn-nbn

Altmetric

isbn
urn-nbn
Totalt: 6448 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf