1
|
Parkin S, Chua YT. A cyber-risk framework for coordination of the prevention and preservation of behaviours. JCS 2022. [DOI: 10.3233/jcs-210047] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/15/2022]
Abstract
Cybersecurity controls are deployed to manage risks posed by malicious behaviours or systems. What is not often considered or articulated is how cybersecurity controls may impact legitimate users (often those whose use of a managed system needs to be protected, and preserved). This oversight characterises the ‘blunt’ nature of many cybersecurity controls. Here we present a framework produced from consideration of concerns across methods from cybercrime opportunity reduction and behaviour change, and existing risk management guidelines. We illustrate the framework and its principles with a range of examples and potential applications, including management of suspicious emails in organizations, and social media controls. The framework describes a capacity to improve the precision of cybersecurity controls by examining shared determinants of negative and positive behaviours in a system. This identifies opportunities for risk owners to better protect legitimate users while simultaneously acting to prevent malicious activity in a managed system. We describe capabilities for a novel approach to managing sociotechnical cyber risk which can be integrated alongside elements of typical risk management processes. This includes consideration of user activities as a system asset to protect, and a consideration of how to engage with other stakeholders in the identification of behaviours to preserve in a system.
Collapse
Affiliation(s)
- Simon Parkin
- Delft University of Technology, Delft, Netherlands
| | - Yi Ting Chua
- University of Alabama, Tuscaloosa, AL, United States
| |
Collapse
|
2
|
Lazarov AD, Petrova P. Modelling Activity of a Malicious User in Computer Networks. Cybernetics and Information Technologies 2022; 22:86-95. [DOI: 10.2478/cait-2022-0018] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/20/2022]
Abstract
Abstract
In the present study, an extended classification of Internet users penetrating in computer networks and a definition of the motivation as a psychological and emotional state and main prerequisites for modelling of network intruder’s activity are suggested. A mathematical model as a quadratic function of malicious individual’s behavior and impact on the computer network based on three quantified factors, motivation, satisfaction and system protection is developed. Numerical simulation experiments of the unauthorized access and its effect onto the computer network are carried out. The obtained results are graphically illustrated and discussed.
Collapse
|