Digitala Vetenskapliga Arkivet

Change search
Refine search result
1 - 8 of 8
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Al Sabbagh, Bilal
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Cybersecurity Incident Response: A Socio-Technical Approach2019Doctoral thesis, comprehensive summary (Other academic)
    Abstract [en]

    This thesis examines the cybersecurity incident response problem using a socio-technical approach. The motivation of this work is the need to bridge the knowledge and practise gap that exists because of the increasing complexity of cybersecurity threats and our limited capability of applying cybersecurity controls necessary to adequately respond to these threats. Throughout this thesis, knowledge from Systems Theory, Soft Systems Methodology and Socio-Technical Systems is applied to examine and document the socio-technical properties of cybersecurity incident response process. The holistic modelling of cybersecurity incident response process developed concepts and methods tested to improve the socio-technical security controls and minimise the existing gap in security controls.

    The scientific enquiry of this thesis is based on pragmatism as the underpinning research philosophy.  The thesis uses a design science research approach and embeds multiple research methods to develop five artefacts (concept, model, method, framework and instantiation) outlined in nine peer-reviewed publications. The instantiated artefact embraces the knowledge developed during this research to provide a prototype for a socio-technical security information and event management system (ST-SIEM) integrated with an open source SIEM tool. The artefact relevance was validated through a panel of cybersecurity experts using a Delphi method. The Delphi method indicated the artefact can improve the efficacy of handling cybersecurity incidents.

    Download full text (pdf)
    Cybersecurity Incident Response
    Download (jpg)
    Omslagsframsida
  • 2.
    Al Sabbagh, Bilal
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Ameen, Marihan
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Wätterstam, Tove
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    A Prototype For HI²Ping Information Security Culture and Awareness Training2012In: 2012 International Conference on E-Learning and E-Technologies in Education (ICEEE), IEEE, 2012, p. 32-36Conference paper (Refereed)
    Abstract [en]

    In this short paper, we propose a security culture and awareness training platform that suite different learning styles and preferences. The objective is to operationalize the platform for improving individuals security awareness and learn more about their security mental models as well as how their cultural background influence their perception of security. Useful application of the tool is to enhance the effectiveness of security knowledge transfer in a security incident response process management and to develop staff commitment to security policies at organizations. The tool can also help on enabling a global security culture by creating a common understanding of security best practices. Qualitative results show the tool can play a promising role in security education as it combines different mediums for communicating the required information to fit the audience different learning styles.

  • 3.
    Al Sabbagh, Bilal
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    A cultural adaption model for global cyber security warning systems: A socio-technical proposal2011Conference paper (Refereed)
    Abstract [en]

    In this paper we explore the problems of developing a cyber security warning system both from a theoretical and practical perspective. We review some of the current development in warning systems around the world and we also examine the security metrics area. We then expanded on a proposed socio-technical coordinate system for global cyber security alerts and adapted it to an information security culture framework.

  • 4.
    Al Sabbagh, Bilal
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Norwegian University of Science and Technology, Norway.
    A Framework and Prototype for A Socio-Technical Security Information and Event Management System (ST-SIEM)2016In: 2016 European Intelligence and Security Informatics Conference: Proceedings / [ed] Joel Brynielsson, Fredrik Johansson, IEEE Computer Society, 2016, p. 192-195Conference paper (Refereed)
    Abstract [en]

    In this short paper we present a socio-technical framework for integrating a security risk escalation maturity model into a security information and event management system. The objective of the framework is to develop the foundations for the next generation socio-technical security information and event management systems (ST-SIEMs) enabling socio-technical security operations centers (ST-SOCs). The primary benefit of the socio-technical framework is twofold: supporting organizations in overcoming the identified limitations in their security risk escalation maturity, and supporting SOCs in overcoming the limitations of their SIEMs. The risk escalation maturity level is quantified using metrics. These metrics are then used by SIEMs for cross correlating security events before they are disseminated to respective organizations. Typical SIEMs in use today calculate security events using generic risk factors not necessarily relevant for every organization. The proposed framework can enable security administrators to effectively and efficiently manage security warnings and to establish necessary countermeasures.

  • 5.
    Al Sabbagh, Bilal
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Developing social metrics for security: modeling the security culture of it workers individuals (Case study)2012In: Proceedings of the 5th International Conference on Communications, Computers and Applications (MIC-CCA2012), IEEE, 2012, p. 112-118Conference paper (Refereed)
    Abstract [en]

    In this short paper we present and discuss the findings of a case study aimed at developing social security metrics for modeling the security culture of certain individuals. Using these metrics we have modeled the security culture of IT workers individuals from Saudi Arabia. We suggest these metrics can be used for modeling and comparing different security cultures to develop a global security culture required for effective global response to cyber security issues. We start by reviewing the latest research on the social aspects of information security. Then we highlight the history of the under-development social security metrics. Afterward we discuss the setup of the case study and the methodology used. Finally, we discuss the experiment results and suggested further research work.

  • 6.
    Al Sabbagh, Bilal
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Security from a Systems Thinking Perspective - Applying Soft Systems Methodology to the Analysis of an Information Security Incident2014In: Proceedings of the 58th Meeting of ISSS, Washington DC, USA, July 2014, International Society for the Systems Sciences (ISSS) , 2014Conference paper (Refereed)
    Abstract [en]

    Applying systems theory to information security enables security analysts to consider the socio-technical role of the security system instead of only focusing on the technical part. Systems theory can also equip security analysts with the skills required to have a holistic and an abstract level of understanding of the security problem in their organisations and to proactively define and evaluate existing risks. The Soft Systems Methodology (SSM) developed by Peter Checkland was created in order to deal with unstructured situations where human beings are part of the socio-technical system. In this paper, SSM is applied as a framework to diagnose a real case security incident in an organisation. The purpose of this application is to demonstrate how the methodology can be considered a beneficial tool for security analysts during security incident management and risk analysis. Literature review and experience indicate an existing lack of customisable incident response tools that facilitate communication and elaboration within organizations during incident management. In addition to the fact that these tools are mainly technical and don’t take the human factor into consideration. Using SSM as such, we define the security attack as a human activity transformation system that transforms a security event triggered by an attacker into a security breach that cause damage to the victim organisation. The attack system is then modelled to include a number of dependent activity sub-systems that interact with each other and their environment including the security control activity systems. By having such systemic perception of a security attack, security analysts, we suggest, can have a holistic perception under what conditions a security attack has succeeded and what elements of the socio-technical system and its environment should have been considered in order to mitigate and reduce the risk exposure.

  • 7.
    Al Sabbagh, Bilal
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Norwegian University of Science and Technology, Norway.
    Socio-Technical SIEM (ST-SIEM): Towards Bridging the Gap in Security Incident Response2017In: International Journal of Systems and Society, ISSN 2327-3984, Vol. 4, no 2, p. 8-21, article id 2Article in journal (Refereed)
    Abstract [en]

    This article discusses the design and specifications of a Socio-Technical Security Information and Event Management System (ST-SIEM). This newly-developed artifact addresses an important limitation identified in today incident response practice—the lack of sufficient context in actionable security information disseminated to constituent organizations. ST-SIEM tackles this limitation by considering the socio-technical aspect of information systems security. This concept is achieved by correlating the technical metrics of security warnings (which are generic in nature, and the sources of which are sometimes unknown) with predefined social security metrics (used for modeling the security culture of constituent organizations). ST-SIEM, accordingly, adapts the risk factor of the triggered security warning based on each constituent organization security culture. Moreover, the artifact features several socio-technical taxonomies with an impact factor to support organizations in classifying, reporting, and escalating actionable security information. The overall project uses design science research as a framework to develop the artifact.

  • 8.
    Al Sabbagh, Bilal
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    ST(CS)2 - Featuring socio-technical cyber security warning systems2012In: Proceedings of the 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), IEEE, 2012, p. 312-316Conference paper (Refereed)
    Abstract [en]

    In this short paper we propose a socio-technical framework for developing cyber security warning systems. We start by reviewing latest research and theories on socio-technical nature of information systems security. We then show the need to consider the social dimension of information systems security as recommended by number of global security consortiums. Afterward we review the development of some of the main currently existing global cyber security warning systems. Finally we present our suggested socio-technical coordination platform to feature socio-technical enabled cyber security warning systems.

1 - 8 of 8
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf