Addressing insider attacks via forensic-ready risk management. (March 2023)
- Record Type:
- Journal Article
- Title:
- Addressing insider attacks via forensic-ready risk management. (March 2023)
- Main Title:
- Addressing insider attacks via forensic-ready risk management
- Authors:
- Daubner, Lukas
Macak, Martin
Matulevičius, Raimundas
Buhnova, Barbora
Maksović, Sofija
Pitner, Tomas - Abstract:
- Abstract: Cyberattacks perpetrated by insiders are difficult to prevent using traditional security approaches. Often, such attackers misuse legitimate access to the system to conduct an attack, or an external attacker manipulates or masquerades as an insider to gain access, bypassing the security controls. A possible solution to this problem are forensic-ready software systems that support the eventual forensic investigation. For example, assuring that appropriate evidence of an attack would be generated and assessable if needed. While not primarily aimed at prevention, the controls of forensic-ready systems can be used to ensure reliable post-incident investigation in the case of an insider attack. Currently, however, there is a gap in adequate methods for identifying requirements and assessment of such systems. Therefore, we propose FR-ISSRM, a risk management approach to derive the forensic readiness requirements addressing insider attacks. The requirements, once implemented, assist in the reliable uncovering culprit, root cause, damage of the attack, and overall improvement of security posture. The approach is then demonstrated in three cases covering typical insider attacks. Graphical abstract: Highlights: Security practices are limited in preventing attacks from or enabled by insiders. Forensic readiness is a solution to a reliable investigation of insider attacks. Forensic-ready risk management assesses the forensic readiness state and enhances it. Risk managementAbstract: Cyberattacks perpetrated by insiders are difficult to prevent using traditional security approaches. Often, such attackers misuse legitimate access to the system to conduct an attack, or an external attacker manipulates or masquerades as an insider to gain access, bypassing the security controls. A possible solution to this problem are forensic-ready software systems that support the eventual forensic investigation. For example, assuring that appropriate evidence of an attack would be generated and assessable if needed. While not primarily aimed at prevention, the controls of forensic-ready systems can be used to ensure reliable post-incident investigation in the case of an insider attack. Currently, however, there is a gap in adequate methods for identifying requirements and assessment of such systems. Therefore, we propose FR-ISSRM, a risk management approach to derive the forensic readiness requirements addressing insider attacks. The requirements, once implemented, assist in the reliable uncovering culprit, root cause, damage of the attack, and overall improvement of security posture. The approach is then demonstrated in three cases covering typical insider attacks. Graphical abstract: Highlights: Security practices are limited in preventing attacks from or enabled by insiders. Forensic readiness is a solution to a reliable investigation of insider attacks. Forensic-ready risk management assesses the forensic readiness state and enhances it. Risk management enables the efficient development of forensic-ready software systems. … (more)
- Is Part Of:
- Journal of information security and applications. Volume 73(2023)
- Journal:
- Journal of information security and applications
- Issue:
- Volume 73(2023)
- Issue Display:
- Volume 73, Issue 2023 (2023)
- Year:
- 2023
- Volume:
- 73
- Issue:
- 2023
- Issue Sort Value:
- 2023-0073-2023-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-03
- Subjects:
- Forensic readiness -- Digital forensics -- Forensic ready systems -- Risk management -- Insider attacks -- Information security
Computer security -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.jisa.2023.103433 ↗
- Languages:
- English
- ISSNs:
- 2214-2126
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 25968.xml