ebook img

Advances in Cybersecurity Management PDF

494 Pages·2021·9.496 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Advances in Cybersecurity Management

Kevin Daimi Cathryn Peoples   Editors Advances in Cybersecurity Management Advances in Cybersecurity Management Kevin Daimi • Cathryn Peoples Editors Advances in Cybersecurity Management Editors KevinDaimi CathrynPeoples UniversityofDetroitMercy UlsterUniversity Detroit,MI,USA Newtownabbey,UK ISBN978-3-030-71380-5 ISBN978-3-030-71381-2 (eBook) https://doi.org/10.1007/978-3-030-71381-2 ©TheEditor(s)(ifapplicable)andTheAuthor(s),underexclusivelicensetoSpringerNature SwitzerlandAG2021 Thisworkissubjecttocopyright.AllrightsaresolelyandexclusivelylicensedbythePublisher,whether thewholeorpartofthematerialisconcerned,specificallytherightsoftranslation,reprinting,reuse ofillustrations,recitation,broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,and transmissionorinformationstorageandretrieval,electronicadaptation,computersoftware,orbysimilar ordissimilarmethodologynowknownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthors,andtheeditorsaresafetoassumethattheadviceandinformationinthisbook arebelievedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsor theeditorsgiveawarranty,expressedorimplied,withrespecttothematerialcontainedhereinorforany errorsoromissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictional claimsinpublishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Preface Regardlessofourtechnicalabilityingeneral,itisimperativetohavesomedegree of competency in relation to cybersecurity—if we are online, we are all potential victims of a cybersecurity attack. However, as with any skill, we all have varying ability to exploit this competency. The extent to which any of us needs to be cybersecurity-awarevariesdependingontheroleweplayintheonlineworld,and thepositionwefillinrelationtoanetworkanditssupportedsystemsandservices. Thosewhoareclosertothedesignanddevelopmentofanetworksystemwillhave different needs to those who are maintaining systems, selling systems, and using systems. There are a variety of frameworks in place which support users and organi- zations in applying security techniques to protect themselves, their systems and applications, and their networks. The Object Management Group as one example has produced a series of cybersecurity standards. The European Commission, whichisinvolvedinworkingtowardsacybersecurityinitiativeisanotherexample. Nonetheless, despite all of these efforts, the cost of cyberattacks is continuing to grow. A report by Accenture in 2020 describes that the number of organizations spendingmorethan20%oftheirITbudgetoncybersecurityhasdoubledinthelast 3years.Furthermore,69%oforganizationssaythatthecostofstayingaheadofthe attacksisunsustainable. Agapthereforecontinuestoexistinrelationtotheconsiderationofcybersecurity provisioning. The contents of Advances in Cybersecurity Management book contribute to international cybersecurity initiatives. It is relevant that the authors contributing chapters to this book come from a variety of backgrounds and experiences,helpingtoprovidearangeofperspectiveswithregardtothecyberse- curity challenge. Furthermore, this book contains chapters from an internationally distributedauthorbase,anotherimportantpointtomake,giventhatourperceptions andexperiencesinrelationtocybersecurityvarybasedonourlocationworldwide. This book is organized into three parts: The first part involves Network and Systems Security Management, the second concerns Vulnerability Management, andthethirddealswithIdentityManagementandSecurityOperations.Below,we presentabriefoverviewofthebookchapters. v vi Preface Relevant tothenatureofattacksinournetworks today,anoverview ofarange of SQL injection attacks, with specific attention given to the focus on mitigation strategies, is provided. Identity management is the focus in another chapter. A frameworktovisualizecyberattacks,referredtoasVizAttack,isfurtherdiscussed. In terms of cyberattacks to which organizations are exposed, a chapter communicatesanimportantmessagethatsecurityawarenessneedstobeprevalent acrossanorganization.Inresponsetothis,agamificationstrategyisconsideredas an approach to prepare an organization for attacks. Further chapter considers the management of cybersecurity challenges in an organization, specifically from the perspectiveofindustry. In relation to modern day applications, a search engine is presented, which is applicableonadomain-specificapproach,inrecognitionofthefactthatcybersecu- rityinformationwillhavevariableimportancedependingonthedomaininwhichit isapplied.Otherauthorsconsidertechniquestoexploitanonlineapp,withaviewto understandingthewaysthattheyneedtobemademoresecure.Recommendationof asocialnetworkanalyzerismadeinanotherchapter,withthegoalofunderstanding if a friend is actually a friend, or if they have a more fraudulent intention when making the friend request. Further chapters consider the security metrics needed to support vehicular networks, and a protocol to support the operations of remote healthmonitoringapplications. Riskidentification andmanagement isanimportantpartofdealingwithcyber- attacks. A number of authors contributed chapters to cover this area including the management of risk in relation to cybersecurity attacks, the use of biometrics to supportriskmitigationinenterprises,aframeworkformanagingrisksinenterprises, andinvestigatingthecycleofmanagingrisks.Giventhecostofsecuritybreaches, effective risk management is seen as critical, and opportunities for pre-emptive detectionoftheoccurrenceofrisksisseenasbeingcritical.Relatedtothis,achapter providesahistoryofsecurityattacks,withaviewtohighlightingthatitisimportant to analyze the traffic in the network in addition to the user behavior. In parallel with this concept, further chapter recognizes that the detection of security attacks from traffic flows will take place once the network begins to be compromised. Pre-emptive identification could be helpful, and the authors subsequently make a proposal to use the common characteristics of the people who attack to predict whereproblemsmayoccurinthenetwork. While approaches can be made to manage risks, these will not be guaranteed, andtheattacksthemselvesneedtobemanaged.Anauthorpresentsarecommender systemtomanagesecurityusingaratingapproach,andadifferentauthordiscusses agent-basedmodellingofentitybehaviorincybersecurity. Cyberattacks have become more prevalent recently, in the period of Covid-19. Relatedtothis,somebookchaptersconsidercybersecurityattacksduringCovid-19. Goingbeyondthis,otherchapterdiscussesthecybersecuritychallengesinthecloud afterCovid-19,inrecognitionofrapiduptakeinthenumberofcloudusersandvalue of operating in the cloud. Furthermore, an argument is presented in relation to the need to plan cybersecurity techniques to be efficient due to the limited processing capabilitiesofhardwaretorespondtodemand. Preface vii Basedonthehistoricalevidencethatweareawareofinrelationtocybersecurity attacks to date, the goalposts of security attacks will continue to move, and we will continue to require novel ways to both identify and response to cyberattacks. We hope that this book will provide valuable ideas on the “whats” and “whys” of cyberattacks, and that it supports readers in their knowledge and understanding of thiscomplexfield. Detroit,MI,USA KevinDaimi Newtownabbey,UK CathrynPeoples Acknowledgments The Advances in Cybersecurity Management book would not have been possible withouttheteamwork,encouragement,andsupportofmanypeople.Wewouldlike tofirstacknowledgetheauthorsofallchaptersinthisbook,whocontributedtheir knowledgeandexpertiseinCybersecurityManagement.Wearealsogratefultothe hardworkofallchapterreviewers,whoarelistedbelow.Finally,wewouldliketo expressourgratitudetoMaryJames,ZoeKennedy,andBrianHalmatSpringerfor theirkindness,courtesy,professionalism,andsupport. JacquesBouAbdo,UniversityofNebraskaatKearney,USA MohammedAkour,YarmoukUniversity,Jordan AbeerAlsadoon,CharlesSturtUniversity,Australia RobertoO.Andrade,EscuelaPolitécnicaNacional,Ecuador, AllenAshourian,ZRDTechnology,USA SumitraBinu,ChristUniversity,India KhalilChallita,NotreDameUniversity-Louaize,Lebanon RalfLuisdeMoura,OperationalTechnologyArchitecture,Brazil KevinDaimi,UniversityofDetroitMercy,USA IoannaDionysiou,UniversityofNicosia,Cyprus GuillermoFranciaIII,UniversityofWestFlorida,USA MikhailGofman,CaliforniaStateUniversityofFullerton,USA DialaAbiHaidar,JeddahInternationalCollege,SaudiArabia MaryAnnHoppa,NorfolkStateUniversity,USA GurdipKaur,UniversityofNewBrunswick,Canada IreneKopaliani,PrincetonUniversity,USA ArashHabibilashkari,UniversityofNewBrunswick,Canada EdisonLoza-Aguirre,EscuelaPolitécnicaNacional,Ecuador DougMillward,UniversityofEssex,UK EsmiraldaMoradian,StockholmUniversity,Sweden RenitaMurimi,UniversityofDallas,USA MaisNijim,TexasA&MUniversity-Kingsville,USA KendallE.Nygard,NorthDakotaStateUniversity,USA ix x Acknowledgments NkaepeOlaniyi,KaplanOpenLearning,UK SaibalKPal,DefenseR&DOrganization,India CathrynPeoples,UlsterUniversity,UK DanielaPöhn,UniversitätderBundeswehrMünchen,Germany KarpoorShashidhar,SamHoustonStateUniversity,USA NicolasSklavos,UniversityofPatras,Greece Contents PartI NetworkandSystemsSecurityManagement 1 Agent-BasedModelingofEntityBehaviorinCybersecurity.......... 3 GuillermoA.FranciaIII,XavierP.Francia,andCedricBridges 2 A Secure Bio-Hash–Based Multiparty Mutual AuthenticationProtocolforRemoteHealthMonitoring Applications................................................................. 19 SumitraBinu 3 Cybersecurity Attacks During COVID-19: An Analysis oftheBehavioroftheHumanFactorsandaProposalof HardeningStrategies....................................................... 37 RobertoO.Andrade,MaríaCazares,andWalterFuertes 4 VehicleNetworkSecurityMetrics ........................................ 55 GuillermoA.FranciaIII 5 VizAttack: An Extensible Open-Source Visualization FrameworkforCyberattacks ............................................. 75 SavvasKarasavvas,IoannaDionysiou,andHaraldGjermundrød 6 Geographically Dispersed Supply Chains: A Strategy toManageCybersecurityinIndustrialNetworksIntegration ........ 97 RalfLuisde Moura,AlexandreGonzalez,VirginiaN. L.Franqueira, AntonioLemos MaiaNeto,andGustavoPessin 7 TheImpactofBlockchainonCybersecurityManagement............ 117 RayaneElSibai,KhalilChallita,JacquesBouAbdo, andJacquesDemerjian 8 AFrameworkforEnterpriseCybersecurityRiskManagement...... 139 SamirJarjouiandRenitaMurimi xi

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.