As cyber threats keep changing and business environments adapt, a comprehensive approach to disaster recovery involves more than just defensive measures. This research delves deep into the strategies required to respo...As cyber threats keep changing and business environments adapt, a comprehensive approach to disaster recovery involves more than just defensive measures. This research delves deep into the strategies required to respond to threats and anticipate and mitigate them proactively. Beginning with understanding the critical need for a layered defense and the intricacies of the attacker’s journey, the research offers insights into specialized defense techniques, emphasizing the importance of timely and strategic responses during incidents. Risk management is brought to the forefront, underscoring businesses’ need to adopt mature risk assessment practices and understand the potential risk impact areas. Additionally, the value of threat intelligence is explored, shedding light on the importance of active engagement within sharing communities and the vigilant observation of adversary motivations. “Beyond Defense: Proactive Approaches to Disaster Recovery and Threat Intelligence in Modern Enterprises” is a comprehensive guide for organizations aiming to fortify their cybersecurity posture, marrying best practices in proactive and reactive measures in the ever-challenging digital realm.展开更多
斯诺登事件揭露了某些密码体制的确存在被颠覆的事实.椭圆曲线数字签名算法(elliptic curve digital signature algorithm,ECDSA)在同等安全强度下,因其签名长度短而被广泛应用,如被用于比特币交易单的签名.ECDSA签名算法是否会被颠覆...斯诺登事件揭露了某些密码体制的确存在被颠覆的事实.椭圆曲线数字签名算法(elliptic curve digital signature algorithm,ECDSA)在同等安全强度下,因其签名长度短而被广泛应用,如被用于比特币交易单的签名.ECDSA签名算法是否会被颠覆且存在修复方法仍是一个挑战.正面回答了这一问题:首先利用伪随机函数(pseudorandom function,PRF)计算k替换ECDSA签名中使用的随机数k,实现了对ECDSA签名的颠覆,使得敌手只需获得至多3个连续签名就能够提取出签名私钥;然后,将签名私钥、签名消息与其他随机签名组件的哈希值作为签名算法的第2个随机数,对ECDSA签名进行了改进,提出了抗颠覆攻击的ECDSA签名,即使敌手替换新签名算法的某个组件,也无法提取签名私钥的任何信息;最后,对提出的算法与已有算法进行了效率测试,实验结果证明了提出的算法在计算复杂度与算法执行效率方面都具备优势.展开更多
Organizational and end user data breaches are highly implicated by the role of information security conscious care behavior in respective incident responses.This research study draws upon the literature in the areas o...Organizational and end user data breaches are highly implicated by the role of information security conscious care behavior in respective incident responses.This research study draws upon the literature in the areas of information security,incident response,theory of planned behaviour,and protection motivation theory to expand and empirically validate a modified framework of information security conscious care behaviour formation.The applicability of the theoretical framework is shown through a case study labelled as a cyber-attack of unprecedented scale and sophistication in Singapore’s history to-date,the 2018 SingHealth data breach.The single in-depth case study observed information security awareness,policy,experience,attitude,subjective norms,perceived behavioral control,threat appraisal and self-efficacy as emerging prominently in the framework’s applicability in incident handling.The data analysis did not support threat severity relationship with conscious care behaviour.The findings from the above-mentioned observations are presented as possible key drivers in the shaping information security conscious care behaviour in real-world cyber incident management.展开更多
Digital integration within healthcare systems exacerbates their vulnerability to sophisticated ransomware threats, leading to severe operational disruptions and data breaches. Current defenses are typically categorize...Digital integration within healthcare systems exacerbates their vulnerability to sophisticated ransomware threats, leading to severe operational disruptions and data breaches. Current defenses are typically categorized into active and passive measures that struggle to achieve comprehensive threat mitigation and often lack real-time response effectiveness. This paper presents an innovative ransomware defense system, ERAD, designed for healthcare environments that apply the MITRE ATT&CK Matrix to coordinate dynamic, stage-specific countermeasures throughout the ransomware attack lifecycle. By systematically identifying and addressing threats based on indicators of compromise (IOCs), the proposed system proactively disrupts the attack chain before serious damage occurs. Validation is provided through a detailed analysis of a system deployment against LockBit 3.0 ransomware, illustrating significant enhancements in mitigating the impact of the attack, reducing the cost of recovery, and strengthening the cybersecurity framework of healthcare organizations, but also applicable to other non-health sectors of the business world.展开更多
Security incidents targeting information systems have become more complex and sophisticated, and intruders might evade responsibility due to the lack of evidence to convict them. In this paper, we develop a system for...Security incidents targeting information systems have become more complex and sophisticated, and intruders might evade responsibility due to the lack of evidence to convict them. In this paper, we develop a system for Digital Forensic in Networking, called DigForNet, which is useful to analyze security incidents and explain the steps taken by the attackers. DigForNet combines intrusion response team knowledge with formal tools to identify the attack scenarios that have occurred and show how the system behaves for every step in the scenario. The attack scenarios construction is automated and the hypothetical concept is introduced within DigForNet to alleviate missing data related to evidences or investigator knowledge. DigForNet system supports the investigation of attack scenarios that integrate anti-investigation attacks. To exemplify the proposal, a case study is proposed.展开更多
文摘As cyber threats keep changing and business environments adapt, a comprehensive approach to disaster recovery involves more than just defensive measures. This research delves deep into the strategies required to respond to threats and anticipate and mitigate them proactively. Beginning with understanding the critical need for a layered defense and the intricacies of the attacker’s journey, the research offers insights into specialized defense techniques, emphasizing the importance of timely and strategic responses during incidents. Risk management is brought to the forefront, underscoring businesses’ need to adopt mature risk assessment practices and understand the potential risk impact areas. Additionally, the value of threat intelligence is explored, shedding light on the importance of active engagement within sharing communities and the vigilant observation of adversary motivations. “Beyond Defense: Proactive Approaches to Disaster Recovery and Threat Intelligence in Modern Enterprises” is a comprehensive guide for organizations aiming to fortify their cybersecurity posture, marrying best practices in proactive and reactive measures in the ever-challenging digital realm.
基金Taif University Researchers Supporting Project number(TURSP-2020/98).
文摘Organizational and end user data breaches are highly implicated by the role of information security conscious care behavior in respective incident responses.This research study draws upon the literature in the areas of information security,incident response,theory of planned behaviour,and protection motivation theory to expand and empirically validate a modified framework of information security conscious care behaviour formation.The applicability of the theoretical framework is shown through a case study labelled as a cyber-attack of unprecedented scale and sophistication in Singapore’s history to-date,the 2018 SingHealth data breach.The single in-depth case study observed information security awareness,policy,experience,attitude,subjective norms,perceived behavioral control,threat appraisal and self-efficacy as emerging prominently in the framework’s applicability in incident handling.The data analysis did not support threat severity relationship with conscious care behaviour.The findings from the above-mentioned observations are presented as possible key drivers in the shaping information security conscious care behaviour in real-world cyber incident management.
文摘Digital integration within healthcare systems exacerbates their vulnerability to sophisticated ransomware threats, leading to severe operational disruptions and data breaches. Current defenses are typically categorized into active and passive measures that struggle to achieve comprehensive threat mitigation and often lack real-time response effectiveness. This paper presents an innovative ransomware defense system, ERAD, designed for healthcare environments that apply the MITRE ATT&CK Matrix to coordinate dynamic, stage-specific countermeasures throughout the ransomware attack lifecycle. By systematically identifying and addressing threats based on indicators of compromise (IOCs), the proposed system proactively disrupts the attack chain before serious damage occurs. Validation is provided through a detailed analysis of a system deployment against LockBit 3.0 ransomware, illustrating significant enhancements in mitigating the impact of the attack, reducing the cost of recovery, and strengthening the cybersecurity framework of healthcare organizations, but also applicable to other non-health sectors of the business world.
文摘Security incidents targeting information systems have become more complex and sophisticated, and intruders might evade responsibility due to the lack of evidence to convict them. In this paper, we develop a system for Digital Forensic in Networking, called DigForNet, which is useful to analyze security incidents and explain the steps taken by the attackers. DigForNet combines intrusion response team knowledge with formal tools to identify the attack scenarios that have occurred and show how the system behaves for every step in the scenario. The attack scenarios construction is automated and the hypothetical concept is introduced within DigForNet to alleviate missing data related to evidences or investigator knowledge. DigForNet system supports the investigation of attack scenarios that integrate anti-investigation attacks. To exemplify the proposal, a case study is proposed.
