DAUBNER, Lukáš, Martin MACÁK, Raimundas MATULEVIČIUS, Barbora BÜHNOVÁ, Sofija MAKSOVIĆ and Tomáš PITNER. Addressing insider attacks via forensic-ready risk management. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS. ENGLAND: ELSEVIER, 2023, vol. 73, March 2023, p. 103433-103449. ISSN 2214-2126. Available from: https://dx.doi.org/10.1016/j.jisa.2023.103433.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Addressing insider attacks via forensic-ready risk management
Authors DAUBNER, Lukáš (203 Czech Republic, guarantor, belonging to the institution), Martin MACÁK (703 Slovakia, belonging to the institution), Raimundas MATULEVIČIUS, Barbora BÜHNOVÁ (203 Czech Republic, belonging to the institution), Sofija MAKSOVIĆ (688 Serbia, belonging to the institution) and Tomáš PITNER (203 Czech Republic, belonging to the institution).
Edition JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, ENGLAND, ELSEVIER, 2023, 2214-2126.
Other information
Original language English
Type of outcome Article in a journal
Field of Study 10200 1.2 Computer and information sciences
Country of publisher Netherlands
Confidentiality degree is not subject to a state or trade secret
WWW URL
Impact factor Impact factor: 5.600 in 2022
RIV identification code RIV/00216224:14330/23:00130246
Organization unit Faculty of Informatics
Doi http://dx.doi.org/10.1016/j.jisa.2023.103433
UT WoS 000926717100001
Keywords in English Forensic readiness; Digital forensics; Forensic ready systems; Risk management; Insider attacks; Information security
Tags best1
Tags International impact, Reviewed
Changed by Changed by: RNDr. Pavel Šmerk, Ph.D., učo 3880. Changed: 7/4/2024 22:45.
Abstract
Cyberattacks perpetrated by insiders are difficult to prevent using traditional security approaches. Often, such attackers misuse legitimate access to the system to conduct an attack, or an external attacker manipulates or masquerades as an insider to gain access, bypassing the security controls. A possible solution to this problem are forensic-ready software systems that support the eventual forensic investigation. For example, assuring that appropriate evidence of an attack would be generated and assessable if needed. While not primarily aimed at prevention, the controls of forensic-ready systems can be used to ensure reliable post-incident investigation in the case of an insider attack. Currently, however, there is a gap in adequate methods for identifying requirements and assessment of such systems. Therefore, we propose FR-ISSRM, a risk management approach to derive the forensic readiness requirements addressing insider attacks. The requirements, once implemented, assist in the reliable uncovering culprit, root cause, damage of the attack, and overall improvement of security posture. The approach is then demonstrated in three cases covering typical insider attacks.
Links
CZ.02.1.01/0.0/0.0/16_019/0000822, interní kód MU
(CEP code: EF16_019/0000822)		Name: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur (Acronym: C4e)
Investor: Ministry of Education, Youth and Sports of the CR, CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence, Priority axis 1: Strengthening capacities for high-quality research
EF16_019/0000822, research and development projectName: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur
MUNI/A/1389/2022, interní kód MUName: Aplikovaný výzkum na FI: Bezpečnost počítačových systémů, softwarových architektur kritických infrastruktur s forenzními aspekty, zpracování dat pokročilých sensorů a algoritmy plánování v dopravě a logistice
Investor: Masaryk University
PrintDisplayed: 30/4/2024 22:25