Další formáty:
BibTeX
LaTeX
RIS
@article{2250473, author = {Daubner, Lukáš and Macák, Martin and Matulevičius, Raimundas and Bühnová, Barbora and Maksović, Sofija and Pitner, Tomáš}, article_location = {ENGLAND}, article_number = {March 2023}, doi = {http://dx.doi.org/10.1016/j.jisa.2023.103433}, keywords = {Forensic readiness; Digital forensics; Forensic ready systems; Risk management; Insider attacks; Information security}, language = {eng}, issn = {2214-2126}, journal = {JOURNAL OF INFORMATION SECURITY AND APPLICATIONS}, title = {Addressing insider attacks via forensic-ready risk management}, url = {https://www.sciencedirect.com/science/article/pii/S2214212623000182}, volume = {73}, year = {2023} }
TY - JOUR ID - 2250473 AU - Daubner, Lukáš - Macák, Martin - Matulevičius, Raimundas - Bühnová, Barbora - Maksović, Sofija - Pitner, Tomáš PY - 2023 TI - Addressing insider attacks via forensic-ready risk management JF - JOURNAL OF INFORMATION SECURITY AND APPLICATIONS VL - 73 IS - March 2023 SP - 103433 EP - 103433 PB - ELSEVIER SN - 22142126 KW - Forensic readiness KW - Digital forensics KW - Forensic ready systems KW - Risk management KW - Insider attacks KW - Information security UR - https://www.sciencedirect.com/science/article/pii/S2214212623000182 N2 - Cyberattacks perpetrated by insiders are difficult to prevent using traditional security approaches. Often, such attackers misuse legitimate access to the system to conduct an attack, or an external attacker manipulates or masquerades as an insider to gain access, bypassing the security controls. A possible solution to this problem are forensic-ready software systems that support the eventual forensic investigation. For example, assuring that appropriate evidence of an attack would be generated and assessable if needed. While not primarily aimed at prevention, the controls of forensic-ready systems can be used to ensure reliable post-incident investigation in the case of an insider attack. Currently, however, there is a gap in adequate methods for identifying requirements and assessment of such systems. Therefore, we propose FR-ISSRM, a risk management approach to derive the forensic readiness requirements addressing insider attacks. The requirements, once implemented, assist in the reliable uncovering culprit, root cause, damage of the attack, and overall improvement of security posture. The approach is then demonstrated in three cases covering typical insider attacks. ER -
DAUBNER, Lukáš, Martin MACÁK, Raimundas MATULEVIČIUS, Barbora BÜHNOVÁ, Sofija MAKSOVI$\backslash$'C a Tomáš PITNER. Addressing insider attacks via forensic-ready risk management. \textit{JOURNAL OF INFORMATION SECURITY AND APPLICATIONS}. ENGLAND: ELSEVIER, 2023, roč.~73, March 2023, s.~103433-103449. ISSN~2214-2126. Dostupné z: https://dx.doi.org/10.1016/j.jisa.2023.103433.
|