Security Threats to Critical Infrastructure: The Human Factor

J 2018

Security Threats to Critical Infrastructure: The Human Factor

GHAFIR, Ibrahim; Jibran SALEEM; Mohammad HAMMOUDEH; Hanan FAOUR; Václav PŘENOSIL et al.

Základní údaje

Originální název

Security Threats to Critical Infrastructure: The Human Factor

Autoři

GHAFIR, Ibrahim; Jibran SALEEM; Mohammad HAMMOUDEH; Hanan FAOUR; Václav PŘENOSIL; Sardar JAF; Sohail JABBAR a Thar BAKER

Vydání

The Journal of Supercomputing, Springer US, 2018, 0920-8542

Další údaje

Jazyk

angličtina

Typ výsledku

Článek v odborném periodiku

Obor

10200 1.2 Computer and information sciences

Stát vydavatele

Spojené státy

Utajení

není předmětem státního či obchodního tajemství

Odkazy

URL

Impakt faktor

Impact factor: 2.157

Označené pro přenos do RIV

Ano

Kód RIV

RIV/00216224:14330/18:00102471

Organizační jednotka

Fakulta informatiky

Klíčová slova anglicky

Critical infrastructure security; Security awareness; Cyber security training; Work-based security training; Security threats against critical infrastructure

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 3. 5. 2019 14:56, RNDr. Pavel Šmerk, Ph.D.

Anotace

V originále

In the twenty-first century, globalisation made corporate boundaries invisible and difficult to manage. This new macroeconomic transformation caused by globalisation introduced new challenges for critical infrastructure management. By replacing manual tasks with automated decision making and sophisticated technology, no doubt we feel much more secure than half a century ago. As the technological advancement takes root, so does the maturity of security threats. It is common that today's critical infrastructures are operated by non-computer experts, e.g. nurses in health care, soldiers in military or firefighters in emergency services. In such challenging applications, protecting against insider attacks is often neither feasible nor economically possible, but these threats can be managed using suitable risk management strategies. Security technologies, e.g. firewalls, help protect data assets and computer systems against unauthorised entry. However, one area which is often largely ignored is the human factor of system security. Through social engineering techniques, malicious attackers are able to breach organisational security via people interactions. This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, among others.

Citovat

GHAFIR, Ibrahim; Jibran SALEEM; Mohammad HAMMOUDEH; Hanan FAOUR; Václav PŘENOSIL; Sardar JAF; Sohail JABBAR a Thar BAKER. Security Threats to Critical Infrastructure: The Human Factor. The Journal of Supercomputing. Springer US, 2018, roč. 74, č. 10, s. 4986-5002. ISSN 0920-8542. Dostupné z: https://doi.org/10.1007/s11227-018-2337-2.

@article{1412727,
   author = {Ghafir, Ibrahim and Saleem, Jibran and Hammoudeh, Mohammad and Faour, Hanan and Přenosil, Václav and Jaf, Sardar and Jabbar, Sohail and Baker, Thar},
   article_number = {10},
   doi = {https://doi.org/10.1007/s11227-018-2337-2},
   keywords = {Critical infrastructure security; Security awareness; Cyber security training; Work-based security training; Security threats against critical infrastructure},
   language = {eng},
   issn = {0920-8542},
   journal = {The Journal of Supercomputing},
   title = {Security Threats to Critical Infrastructure: The Human Factor},
   url = {https://doi.org/10.1007/s11227-018-2337-2},
   volume = {74},
   year = {2018}
}

TY  - JOUR
ID  - 1412727
AU  - Ghafir, Ibrahim - Saleem, Jibran - Hammoudeh, Mohammad - Faour, Hanan - Přenosil, Václav - Jaf, Sardar - Jabbar, Sohail - Baker, Thar
PY  - 2018
TI  - Security Threats to Critical Infrastructure: The Human Factor
JF  - The Journal of Supercomputing
VL  - 74
IS  - 10
SP  - 4986-5002
EP  - 4986-5002
PB  - Springer US
SN  - 09208542
KW  - Critical infrastructure security
KW  - Security awareness
KW  - Cyber security training
KW  - Work-based security training
KW  - Security threats against critical infrastructure
UR  - https://doi.org/10.1007/s11227-018-2337-2
L2  - https://doi.org/10.1007/s11227-018-2337-2
N2  - In the twenty-first century, globalisation made corporate boundaries invisible and difficult to manage. This new macroeconomic transformation caused by globalisation introduced new challenges for critical infrastructure management. By replacing manual tasks with automated decision making and sophisticated technology, no doubt we feel much more secure than half a century ago. As the technological advancement takes root, so does the maturity of security threats. It is common that today's critical infrastructures are operated by non-computer experts, e.g. nurses in health care, soldiers in military or firefighters in emergency services. In such challenging applications, protecting against insider attacks is often neither feasible nor economically possible, but these threats can be managed using suitable risk management strategies. Security technologies, e.g. firewalls, help protect data assets and computer systems against unauthorised entry. However, one area which is often largely ignored is the human factor of system security. Through social engineering techniques, malicious attackers are able to breach organisational security via people interactions. This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, among others.
ER  -

GHAFIR, Ibrahim; Jibran SALEEM; Mohammad HAMMOUDEH; Hanan FAOUR; Václav PŘENOSIL; Sardar JAF; Sohail JABBAR a Thar BAKER. Security Threats to Critical Infrastructure: The Human Factor. \textit{The Journal of Supercomputing}. Springer US, 2018, roč.~74, č.~10, s.~4986-5002. ISSN~0920-8542. Dostupné z: https://doi.org/10.1007/s11227-018-2337-2.

Přehled o publikaci