This paper proposes a novel, beneficial application of deepfake technology in the realm of moving target obfuscation information security defence mechanisms. This defensive obfuscation technique aims to utilize generative artificial intelligence systems to synthesize honeypot datasets that mimic certain characteristics of sensitive and highly sought-after datasets by threat actors. By synthesizing and intentionally making available realistic but fake datasets within information systems, this novel technique has the potential to (1) mislead threat actors from acquiring their target data during their data breach attempts, and (2) render any corpus of breached datasets useless.
After decades of Internet diffusion, geopolitical and information threats posed by cyberspace have never been greater. While distributed denial-of-service (DDOS) attacks, email hacks, and malware are concerns, nuanced online strategies for psychological influence, including state-sponsored disinformation campaigns and computational propaganda, pose threats that democracies struggle to respond to. Indeed, Western cybersecurity is failing to address the perspective of Russia’s ‘information security,’—manipulation of the user as much as of the network. Based in computational social science, this paper argues for cybersecurity to adopt more proactive social and cognitive (non-kinetic) approaches to cyber and information defense. This protects the cognitive, attitudinal, and behavioral capacities required for a democracy to function by preventing psychological apparatuses, such as confirmation bias and affective polarization, that trigger selective exposure, echo chambers, in-group tribalization, and out-group threat labelling.
Human factors account for 27% of data breaches on the global scale. Even with clear and often strict policies in place, employees are often considered to be the weakest link in the field of Information Security (IS. This paper seeks to find one explanation for this phenomenon in military context by exploring military cadets’ personalities, as well as their reasons and justifications for using neutralisation techniques in order to deviate from organisational IS regulations. The results of this paper emphasise that a more personalised approach to IS education could be useful.
Contributions of scientific knowledge in cybersecurity are made by researchers glob- ally, where the focus and scope differ based on the development and challenges in cybersecurity faced by each country. This study examines the publication contributions and trends of African re- searchers in the field of cybersecurity for a period of 20 years (1998 to 2018).
Vulnerabilities leveraged by Advanced Persistent Threats (APTs) that ultimately allow them to gain access to critical data and unveil private information are often far removed from the portions of the security environment where initial access is gained. This paper presents a defensi- ble scholarly decomposition of the red-team process itself and discusses how traditional red-team assessments may not be the most effective solution for emulating APT threats and mitigating their impacts.
This article presents the results of a trend-scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. The authors sketch the expected digital warfare and defence environment as a‘Battlefield of Things’ in which connected objects, connected soldiers, and automated and autonomous sensing and acting systems are core elements.
Information-security management programs are becoming increasingly important in enabling organisations to promote a high level of accountability and good governance. Organisations need accurate and relevant real-time information to make effective and efficient decisions pertaining to cyber threats and attacks. Based on a qualitative study, this article introduces and discusses the components of an information-security management program.
Managers of critical information infrastructures need better tools for managing risk than the qualitative or compliance-based metrics commonly used today in critical infrastructure protection. This paper provides a performance-based metric that can be used to obtain a quantitative measure of the security of information infrastructures.
As the newest domain of military operations, cyberspace presents new challenges and learning opportunities. The fundamental military concepts operations apply, but often in ways different from the other domains. This paper examines military concepts of offense and defense in the cyberspace domain. Much previous work attempts to map military concepts into cyberspace while avoiding the technological reality of the domain. This paper applies foundational principles from the established field of information security to make a more technologically grounded examination of cyberspace offense and defense, their relationship, and how their nature here differs from the other operational domains.
Asymmetric warfare is frequently described as a conflict between two parties where the ‘weaker’ party aims to offset its comparatively fewer resources by making use of particular tactical advantages. This paper develops a concept model that captures the leverage available to the ‘weaker’ party over the ‘stronger’ party simply because the former is attacking rather than defending.
Traditional security risk assessment takes a broad asset-based view of organizations. The risk identification process therefore focuses on well-known threats and vulnerabilities to static and discrete assets that fall within the scope of organizational boundaries under investigation. It does not offer a methodology or framework that systematically deals with risks that arise from the complex interdependencies1 among the critical infrastructures2. To support this proposition, this paper conducts a systematic analysis of the security risks resulting from logical, cyber, geographical and physical interdependencies between telecommunications and power infrastructures.
A ‘broad’ definition of insider is proposed: someone who has skills, knowledge, resources or access, considered privileged to, or under the control of, an organization. This extends the traditional ‘narrow’ definition of insider as someone who just has privileged access to IT systems. This broad definition allows a detailed analysis of the strategy and modus operandi of insiders using threat susceptibility factors such as catalysts, inhibitors and amplifiers. This analysis is then used as a basis for a review of insider threat counter-measures.
Penetration testing has gained great momentum commercially, but there is limited methodological research in the literature. A methodology is important for penetration testing if it is to maintain a degree of separation between the security profession and wanton attacks. The methodological approaches to security posture testing are explored; using tactics adopted from crackers themselves; and, look particularly at a small body of literature. The surveyed methodologies are compared and contrasted, extrapolating the major trends and features into a hybrid, and conclude with directions for future research. In general, it was found that the methodologies to converge on reconnaissance, attack and escape.
In the present paper we discuss security aspects of the Information and Communication Technology (ICT) from developing countries perspective. Specifically, we present and discuss our study done in Tanzania. We start by discussing the extents of computers and computer systems use and network connectivity, followed by level of IT security awareness and the country policies in relation to ICT implementations. Then we highlight various risks and challenges within the context and finally, we discuss some of the remedial steps and actions that are being taken to deal with the situations.
It has been recognized for some time now that education in information security is better served by a laboratory component that reinforces principle and theoretical analysis learnt in the class room with a follow-up hands-on component performed in an appropriate laboratory. In this paper we present the design of a highly reconfigurable laboratory for information security education. The design has been implemented successfully in ISIS - The Information Systems and Internet Security Laboratory at Polytechnic University. We also describe the rationale for our design and give examples of a few typical assignments that the laboratory facilitates.
The military is moving towards Network Enabled Capability (NEC) where the emphasis is on resource sharing within national contingents and on a coalition basis, facilitated by the Network. Future capability is predicated on the core attribute of agility. NEC is expected to enable the dynamic formation of communities of interest and the rapid reorganisation of resources as required by military commanders. Through the application of a suitable security policy framework to a small-scale case study, this paper tests the assertion that the ability to express, verify and implement flexible security policy is essential to achieve the agility required.
Network Centric Operations (NCO) allows an organisation to structure its people, processes and technology to gather and process information to ensure the right information gets to the right person at the right time in and the right form. NCO enables an organisation to achieve information superiority, and hence gain a competitive advantage.
The current information security standards still advocate the use of risk assessment in the prioritisation of security investments. However, prior research on the use of risk assessment methodologies in organisational security has shown that the use of the traditional monolithic risk assessment process described in the current risk management standard is simply not practical at the organisational level. This paper first examines the problems in performing a systematic risk assessment and then discusses the limitations of a traditional risk assessment. To address these limitations, this paper proposes splitting up the current monolithic risk assessment process. The result is an information security assessment framework that puts greater emphasis on situational awareness and allows for better decision making on the prioritization of security investments.
The purpose of this paper is to form a preliminary hypothesis about how to identify characteristics that a leader needs to focus on when aiming at cyber-security leadership. The paper studies the key concepts and terms of cyber security and presents the physical world and the cyber world framework. The paper refers to a system model of a society and uses that model to analyze the results of two limited media surveys about cyber-related newspaper articles. The media surveys indicate a strong need to organize the cyber world.
The possibility of accessing information related to an investigation at any time and from any place is getting increasingly important for security forces, especially the police. Thus, needs arise to store this information in a cloud, to protect these data from unauthorized access, and to allow access to only authorized persons—often only within a limited time period. The conceptual paper at hand describes a technique to store data in a cloud in a secure encrypted manner and grant the access rights adapted to current requirements.
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.