Cyber Operations Rapid Assessment (CORA): Examining the State of Cybersecurity Assessment Methodologies and Introducing a New Alternative (original) (raw)
Related papers
In 2014, 25% of all organizations polled across industry said the lack of infosec skills were a problem. In 2015, an Enterprise Strategy Group (ESG) survey found that 28% reported a shortage of infosec skills (Trendmicro, 2015). With the growing threat of cybercrime and national security issues, growing the number of qualified cybersecurity professionals has become a national imperative. As the cybersecurity universe is shaped by new technologies, unknown threats, and increasing vulnerability in a dynamic environment, there is an established need to rapidly establish innovative, effective, efficient and responsive cybersecurity education initiatives (Dark & Mirkovic, 2015). One such initiative recently piloted by the Department of Defense is the Cyber Operations Academy Course (COAC). The first pilot began in May 2015 at the Fort McNair campus in Washington D.C. As a six-month immersive course, participants consisted of 20 mostly military personnel from all four branches of the military services, various backgrounds and little if any cyber experience. Employing an authentic problem-based course using cooperative and collaborative learning models, the pilot consisted of instruction in foundations, defensive/offensive operations, programming, social engineering, and skills integration. Leveraging cyber ranges and capture the flag (CTF) activities, the course was also supported by four " fireteam " leads as facilitators, coaches, and subject matter experts. At the end of the course, students developed cyber capabilities and tools, developed and deployed exploits, detected and responded to incidents, and used social engineering to exploit " targets. " In comparison with existing cyber protection teams deployed in DoD installations, the students were as capable and in some cases more capable in comparisons of performance. In pre/post comparisons, students exhibited potentially large knowledge gains. This paper discusses the nature of the course's pedagogy; the challenge of developing representations of learning outcomes and performance; and the challenges in developing performance-based assessments to authentically and objectively assess students' knowledge and skills in the context of the course provides learning science and methodological direction for applied research projects and cybersecurity assessment and is the lead researcher for assessing the development of the ADL Total Learning Architecture. Dr. Gallagher has directed research on video game design for cognitive adaptability and learning science implications of the design of the xAPI and is also researching methods to apply the xAPI and its syntax to describe social learning interactions and human performance especially within cyber-physical contexts. He has led research projects in cognition and game design and R&D projects in learning object content models, simulations, reusable pedagogical models, organizational readiness, and knowledge management. He has been recognized by NASA for his work on assessing the Johnson Space Center on knowledge management readiness by the JSC Chief Knowledge Officer and has authored papers and chapters on neuroscience, cognition, game design, and innovative learning technology applications and specifications.
Focal report / Crisis and Risk Network (CRN), 2010
Shady RAT: An investigation of targeted intrusions into more than 70 global companies, governments, and non-profit organizations during the last five years." Available at: http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf. Microsoft (2011): "Microsoft Security Intelligence Report Volume 10: An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in 2010".
Cyber-threat intelligence for security decision making: A review and research agenda for practice
Computers & Security, 2023
The increasing militarization of the cyber-threat environment has driven considerable interest in understanding the role of cyber-threat intelligence (CTI) in supporting the enterprise. Despite CTI's value proposition to organizations, the rate of industry adoption has been low and localized within IT Operations. Our review of the research and practice literature on CTI shows that the discourse is heavily dominated by the technology perspective, leaving significant gaps in the knowledge of CTI. We begin with a background study that reinforces the traditional origins of CTI as a process derived from the Intelligence Cycle that is referenced and practiced in military intelligence studies. We describe the Intelligence Cycle and its phases and reinforce the characteristics and attributes of intelligence, asserting the critical importance of synthesizing information into intelligence. We subsequently develop a research agenda for practice researchers addressing the critical research question: "How can cyber-threat intelligence be operationalized in organizations?" We begin by exploring research questions to develop the theoretical foundations of CTI. Towards this objective, we present a useful template for process theory that generates practice outcomes. We then discuss methods suited to practice research in CTI before moving on to inquiries concerning the role and purpose of CTI in practice. We delve into questions on the broad aspects of practice at both the macro-level, focusing on the examination of CTI programs in organizations with different strategic risks, and the micro-level, exploring the distinctions between practice, praxis, and practitioners. Additionally, we explore questions on the role of artifacts, objects, and information systems that support CTI practice, including spaces and the role of practitioners and non-practitioners. After exploring various practice-related topics, we examine potential research opportunities pertaining to the prevailing narratives surrounding technology and information sharing, as identified in our literature review.
Applying the Action Research Method to Develop a Methodology
Society is increasingly dependent on Information Security Management Systems (ISMS), and having these kind of systems has become vital for the development of Small and Medium-Sized Enterprises (SMEs). However, these companies require ISMS that have been adapted to their special features and have been optimized as regards the resources needed to deploy and maintain them, with very low costs and short implementation periods. This paper discusses the different cycles carried out using the 'Action Research (AR)' method, which have allowed the development of a security management methodology for SMEs that is able to automate processes and reduce the implementation time of the ISMS.
CyberSecurity Challenges thesis Final
Cyber security challenges, 2022
Cyber security is very crucial for developmental enterprises. The developmental enterprises should protect its asset from possible threats. An organization needs to assess cybersecurity risks primary to protect the assets. In order to conduct a cyber security risk assessment, a framework should be developed first. The researcher identified and investigated the developmental institutions specifically in EIIDE problem in Ethiopia and the gap of previous cyber security risk assessment standards, guidelines and frameworks and come up with the solution. The general objective of this research is to develop an integrated cybersecurity risk assessment framework for the EIIDE to improve the level of safety and security. The synthesized result of thematic data analysis and the relevant framework, standard, guidelines such as ISO27001, NIST SP 800-30, and critical mass cybersecurity requirement standard is used to develop cyber security risk assessment framework for EIIDE. The national cybersecurity risk assessment process has3 main levels that are national, sectoral and organizational. The organizational level risk assessment process also has 3 main level that is strategic tactical/managerial and operational level. The organizational operational level has a total of 13 components that include cyber security strategic management awareness, organizational structure, established system context, purpose, scope, identify assets & intrusion detection, identify threats, identify vulnerability determine likelihood, determine impact, risk evaluation, communicate result and risk identification & evaluation update opportunity. The design science approach is applied in this study to develop and evaluate the framework. To evaluate the framework the researcher used a descriptive approach which is scenario and panel of expert’s method. The data is collected from EIIDE then data analysis approach is applied to analyze and interpret the data. Though two studies conducted on the financial sector in Ethiopia, the methodology to conduct this study and few CSRA process components (specific to the EIIDE) makes this research different from the other two. Thus it provides the opportunity to extend the knowledge area. The result of this research can help improve organization cyber security risk assessment process. Keywords: Cyber security, Cyber Security Risk Assessment, Cyber Security Risk Assessment Standards, framework and Guidelines, Cyber Security Risk Assessment Framework for EIIDE
Cybersecurity & CARVER Methodology , 2022
A CARVER assessment is the first step in helping organizations obtain insight to their critical assets as systems which process, store, and transmit information critical to business operations. Foundational, the approach leverages an often overlooked adversarial prospective with subjective functional focused critical asset identification. Increased measure to protect, detect and defend against threat will reduce attack surfaces and require future evaluation to identify gaps and validate input.
Critical Information Infrastructure Cyberspace Situational Awareness: Measure it, Manage it
Background: The sustainable development goals (SDGs) were designed to serve as a useful guide for focused and coherent action on sustainable development at the global, regional, national and local levels, and also help to mainstream sustainable development into the United Nations system by 2030. Information, a leading factor of production cutting across all sectors lacks the due consideration as a significant enabler of progressive development of infrastructure and e-readiness for improved service delivery. Critical Information Infrastructure (CII) players have set up a local, regional and global collaboration arena which inevitably involves among others intensive information sharing, collaboration, distribution and preservation in the cyberspace, powered by assorted information communication technologies (ICTs). The cyberspace, however, has been targeted by cybercriminals with the view to compromising the confidentiality, integrity and availability of strategic information systems in the CII. Materials and Methods: With Kenya as a case study, using purposive sampling and qualitative analysis using Cybersecurity Capability Maturity Model (C2M2), this study explores the level of cyberspace situational awareness with a view to leveraging on its maturity level. Results: It is established that cyberspace situation awareness is an obligatory requisite towards cyberspace security management approaches which is predominantly technical solutions oriented. The study further reveals that a thorough and comprehensive cyberspace incidents' intelligence, surveillance and reconnaissance are vital, but missing components to achieving a mature, measured and managed cyberspace which may guarantee the assurance of CII platforms. Conclusion: In view of these findings, we demonstrate and create insights into how other non-technical thematic areas are pertinent towards the cyberspace situational awareness. It is recommended that adopting suitable framework encompassing technical, social and political facets would enable a maturity, sustainability and furtherance of CII cyberspace situational awareness, being core ingredient of information governance, thus the achievement of the e-readiness for improved delivery of SDGs.
Ten Years In: Implementing Strategic Approaches to Cyberspace
2020
This book represents a look beyond theories and analogies to examine the challenges of strategy implementation. In the essays that follow, practitioners who are building cyberspace forces at-scale join scholars who study power and force in this new domain to collectively offer a unique perspective on the evolution and future of cyber strategy and operations. The co-editors of Ten Years In compiled it in the tenth year of operations for U.S. Cyber Command. During that decade, the Command worked with the Services and the Coast Guard to build seven component commands, attained unified combatant command status, and matured the Cyber Mission Force's 133 teams. For the Department of Defense cyber enterprise, it has been a decade of operational learning and doctrinal development, culminating in the DoD Cyber Strategy, the U.S. Cyber Command Vision to Achieve and Maintain Cyberspace Superiority, and the revision of Joint Publication 3-12, Cyberspace Operations. Yet threats to our nation evolved and diversified over this decade as great-power competition spread to cyberspace and intruded on diplomatic relations below the threshold of armed conflict. Such threats now include state-sponsored theft of U.S. intellectual property and personally identifiable information, intrusions in critical infrastructure, and campaigns to influence and intimidate democratic institutions around the world. Cyberspace capabilities are now being integrated with all instruments of national power, to include conventional military operations and information warfare. The chapters to follow cover opportunities and challenges associated with implementing the principles articulated in national and military strategic guidance. These analyses offer historical perspective on cyber conflict, chart organizational developments, and reflect on challenges such as public-private relationships, manpower and talent, readiness and capabilities, and evolving authorities. In addition, this volume looks to the future with several reflections by promising cyberspace scholars and leaders in the Department of Defense and academia. I think readers will agree that this volume points to a maturation of cyberspace practice in the Department of Defense. Ten years ago U.S. Cyber Command began the transition from an idea to an institution to the persistent implementation of approaches to safeguard the Department of Defense's Information Networks, to support Joint Force commanders, and to defend the nation from cyberspace threats of strategic viii the newport papers consequence. This volume expands on previous strategic thought to suggest ways in which an emerging cyberspace strategy can be executed to its full potential. The partnership between the Naval War College's Cyber and Innovation Policy Institute and U.S. Cyber Command represented in this volume illustrates the role that professional military education plays in bridging gaps between practice and scholarship. Ten Years In should demonstrate how the Joint Force can profit from the expertise sustained by its professional military education enterprise as well as from the timely knowledge of those confronting the immediate challenges facing the Department of Defense.