A Problem Shared is a Problem Halved: A Survey on the Dimensions of Collective Cyber Defense Through Security Information Sharing
TL;DR: A structured overview about the dimensions of cyber security information sharing is provided, motivated in more detail and work out the requirements for an information sharing system, and a critical review of the state of the art is reviewed.
About: This article is published in Computers & Security.The article was published on 2016-07-01. It has received 166 citations till now. The article focuses on the topics: Information sharing & The Internet.
Citations
More filters
01 Jan 2019
TL;DR: A privacy preserving decision tree algorithm is proposed, where each organization can build and learn the decision tree based on overall organizations’ training spam/ham email data without disclosing any private information of any party.
Abstract: To secure cyber infrastructure against intentional and potentially malicious threats, a growing collaborative effort between cybersecurity professionals and researchers from institutions, private industries, academia, and government agencies has engaged in exploiting and designing a variety of cyber defense systems. Cybersecurity researchers and designers aim to maintain the confidentiality, integrity, and availability of information and information management systems through various cyber defense systems that protect computers and networks from hackers who may want to steal financial, medical, or other identity-based information. The Cooperative Cyber-defense has been recognized as an essential strategy to fight against cyberattacks. Cyber-security information sharing among various organizations and leveraging the aggregated cyber information to build proactive cyber defense system is nontrivial for organizations. However, building such cyber defense system is challenged by two issues: (1) organizations are reluctant to share their private information to others (2) even when they agree on a solution where information can be shared in privacy preserving manner, the obfuscated cyber threat information has to be processed to build the trained model for future prediction of any new or unknown cyber incident. To address these issues, in this paper, we propose a privacy preserving protocol where organizations can share their private information as an encrypted form with others and they can learn the information for future prediction without disclosing any private information. More specifically we propose a privacy preserving decision tree algorithm, where each organization can build and learn the decision tree based on overall organizations’ training spam/ham email data without disclosing any private information of any party. Once the building of a decision tree is done, the organizations can predict if any new email is spam or ham locally.
26 citations
Cites background from "A Problem Shared is a Problem Halve..."
...The Cybersecurity Information Sharing (CIS) has been encouraged worldwide by the governments through a number of legal initiatives [5]....
[...]
TL;DR: In this paper, the authors report on a series of scoping workshops and interviews with industry professionals (experts in enterprise systems, IoT and risk) conducted to investigate the validity of this argument and investigate the key challenges for approaches in industry that attempt to effectively and efficiently assess cyber-risk in the IoT.
Abstract: Security risk assessment methods have served us well over the last two decades. As the complexity, pervasiveness and automation of technology systems increases, particularly with the Internet of Things (IoT), there is a convincing argument that we will need new approaches to assess risk and build system trust. In this article, we report on a series of scoping workshops and interviews with industry professionals (experts in enterprise systems, IoT and risk) conducted to investigate the validity of this argument. Additionally, our research aims to consult with these professionals to understand two crucial aspects. Firstly, we seek to identify the wider concerns in adopting IoT systems into a corporate environment, be it a smart manufacturing shop floor or a smart office. Secondly, we investigate the key challenges for approaches in industry that attempt to effectively and efficiently assess cyber-risk in the IoT.
26 citations
TL;DR: It was found that actors in the Swedish financial sector have a well developed crisis management working concept, but information about rational adversaries that cause prolonged disturbances are possibly not collected, analyzed and utilized systematically.
25 citations
TL;DR: A triangulation study is conducted to identify and analyze public information security data sources and a taxonomy is introduced to classify and compare these data sources based on the following six dimensions: type of information, Integrability, Timeliness, Originality, Type of Source, and Trustworthiness.
25 citations
TL;DR: This special issue presents selected contributions based on discussions at the conference SCIENCE · PEACE · SECURITY ’19, focusing on problems of international security and peacebuilding as well as contributions dedicated to transparency, trustbuilding, arms control, disarmament, and conflict management.
Abstract: Scientific discoveries and technological innovations have always exerted a great influence on peace and security. New civil and military technologies are revolutionizing warfare. Particularly striking areas are cyber warfare and the rapid development of uninhabited weapon systems. Issues of nuclear disarmament, missile defence or space armament as well as chemical and biological weapons remain urgent. The conference SCIENCE · PEACE · SECURITY ’19 aimed for an accurate understanding and fruitful discussions of today’s and tomorrow’s peace and security challenges. This includes natural science/technical as well as interdisciplinary contributions, focusing on problems of international security and peacebuilding as well as contributions dedicated to transparency, trustbuilding, arms control, disarmament, and conflict management. This special issue presents selected contributions based on discussions at the conference.
25 citations
Cites background from "A Problem Shared is a Problem Halve..."
...Hence, there is a growing demand for cyber threat intelligence (CTI) sharing and IT peace research by experts to support the management of threat indicators within organizations and the IT security community (Dandurand & Serrano, 2013; Reuter, 2020; Skopik et al., 2016, 2018)....
[...]
...CTI is increasingly used as part of public and private cyber awareness and defense (Skopik et al., 2016; Skopik et al., 2018), states, such as the US and Germany and even international organizations like NATO already use CTI databases (Dulaunoy et al., 2019; Strobel, 2015)....
[...]
...…of large scale cyber operations by organized criminal groups or even political actors (Reuter, 2019) demand new forms of crossorganizational and international sharing of information to discover cyber threats at an early state on and enable an early warning infrastructure (Skopik et al., 2016)....
[...]
References
More filters
01 May 2011
TL;DR: Last year marked a turning point in the history of cybersecurity-the arrival of the first cyber warfare weapon ever, known as Stuxnet, which followed a completely new approach that's no longer aligned with confidentiality, integrity, and availability thinking.
Abstract: Last year marked a turning point in the history of cybersecurity-the arrival of the first cyber warfare weapon ever, known as Stuxnet Not only was Stuxnet much more complex than any other piece of malware seen before, it also followed a completely new approach that's no longer aligned with conven tional confidentiality, integrity, and availability thinking Con trary to initial belief, Stuxnet wasn't about industrial espionage: it didn't steal, manipulate, or erase information Rather, Stuxnet's goal was to physically destroy a military target-not just meta phorically, but literally Let's see how this was done
1,548 citations
[...]
TL;DR: This analysis illustrates that the Big Data analytics is a fast-growing, influential practice and a key enabler for the social business and is critical for success in the age of social media.
Abstract: In this paper, we explain the concept, characteristics & need of Big Data & different offerings available in the market to explore unstructured large data. This paper covers Big Data adoption trends, entry & exit criteria for the vendor and product selection, best practices, customer success story, benefits of Big Data analytics, summary and conclusion. Our analysis illustrates that the Big Data analytics is a fast-growing, influential practice and a key enabler for the social business. The insights gained from the user generated online contents and collaboration with customers is critical for success in the age of social media.
811 citations
09 Jun 2003
TL;DR: This work formalizes the notion of minimal information sharing across private databases, and develops protocols for intersection, equijoin, intersection size, and Equijoin size.
Abstract: Literature on information integration across databases tacitly assumes that the data in each database can be revealed to the other databases. However, there is an increasing need for sharing information across autonomous entities in such a way that no information apart from the answer to the query is revealed. We formalize the notion of minimal information sharing across private databases, and develop protocols for intersection, equijoin, intersection size, and equijoin size. We also show how new applications can be built using the proposed protocols.
706 citations
"A Problem Shared is a Problem Halve..." refers background in this paper
...Usually there is a crucial economic tradeoff to be considered between economic benefit of sharing (Agrawal et al., 2003; Skopik and Li, 2013) and potential disadvantages, such as harm of reputation and commitment of costly resources....
[...]
TL;DR: This work conducted interviews in 20 organizations to identify ways in which interpersonal trust in a knowledge-sharing context develops and summarize behaviors and practices for managers interested in promoting trust (and thereby knowledge creation and sharing) within their own organizations.
Abstract: Executive Overview In many organizations, informal networks are the primary means by which employees find information, solve complex problems, and learn how to do their work. Two forms of interpersonal trust—trust in a person's competence and in a person's benevolence—enable effective knowledge creation and sharing in these networks. Yet, though conceptually appealing, trust is an elusive concept that is often difficult for managers to influence. We conducted interviews in 20 organizations to identify ways in which interpersonal trust in a knowledge-sharing context develops. Based on this work, we summarize behaviors (e.g., discretion, consistency, collaboration) and practices (e.g., building shared vision, ensuring transparency in decision-making, holding people accountable for trust) for managers interested in promoting trust (and thereby knowledge creation and sharing) within their own organizations.
684 citations
Book•
01 Jan 2003TL;DR: In this article, the authors established a foundation for shared understanding, integration, and trust in virtual teams, and proposed a framework for virtual teams to share knowledge and knowledge sharing among themselves.
Abstract: Part 1: Establishing the Foundation: Shared Understanding, Integration, & Trust.Introduction: Establishing the Foundation: Shared Understanding, Integration, & Trust (Susan G. Cohen and Cristina B. Gibson).Chapter 1: In the Beginning: Introduction and Framework (Susan G. Cohen and Cristina B. Gibson).Chapter 2: Knowledge Sharing And Shared Understanding In Virtual Teams (Pamela Hinds and Suzanne Weisband).Chapter 3: Managing The Global New Product Development Network: A Sensemaking Perspective (Susan Albers Mohrman, Janice A. Klein, and David Finegold).Chapter 4: Building Trust: Effective Multi-Cultural Communication Processes in Virtual Teams (Cristina B. Gibson and Jennifer A. Manuel).Summary: Establishing the Foundation (Susan G. Cohen and Cristina B. Gibson).Part 2: The Raw Materials: People and Context.Introduction: The Raw Materials: People and Context (Cristina B. Gibson and Susan G. Cohen).Chapter 5: Building a Winning Virtual Team: KSAs, Selection, Training, and Evaluation (Richard Blackburn, Stacie Furst, and Benson Rosen).Chapter 6: Pay Systems for Virtual Teams (Edward E. Lawler III).Chapter 7: Meeting the Performance Challenge: Calculating ROI for Virtual Teams (Alec R. Levenson and Susan G. Cohen).Summary: The Raw Materials (Cristina B. Gibson and Susan G. Cohen).Part 3: Constructing the Design: Leadership, Knowledge Management and Information Sharing.Introduction: Constructing the Design: Leadership, Knowledge Management and Information Sharing (Susan G. Cohen and Cristina B. Gibson).Chapter 8: Exploring Emerging Leadership in Virtual Teams (Kristi Lewis Tyran, Craig K. Tyran, and Morgan Shepherd).Chapter 9: Designing the Knowledge-Management Infrastructure for Virtual Teams: Building and Using Social Networks and Social Capital (Martha L. Maznevski and Nicholas A. Athanassiou).Chapter 10: Overcoming Barriers to Information Sharing in Virtual Teams (Catherine Durnell Cramton and Kara L. Orvis).Summary: Constructing the Design (Susan G. Cohen and Cristina B. Gibson).Part 4: Wiring that Connects: Implementing Information Technology.Introduction: Wiring that Connects: Implementing Information Technology (Susan G. Cohen and Cristina B. Gibson).Chapter 11: Context, Task and the Evolution of Technology Use in Global Virtual Teams (Kenneth Riopelle, Julia Gluesing, Tara Alcordo, Marietta Baba, David Britt, Willie McKether, Leslie Monplaisir, Hilary Ratner, and Kimberly Harris Wagner).Chapter 12: Technology Alignment and Adaptation for Virtual Teams Involved in Unstructured Knowledge Work (Nelson King and Ann Majchrzak).Chapter 13: Team or Community of Practice Aligning Tasks, Structures and Technologies (Arjan Raven).Summary: Wiring that Connects (Susan G. Cohen and Cristina B. Gibson).Part 5: It's All About Action: Processes and Development.Introduction: It's All About Action: Processes and Development (Cristina B. Gibson and Susan G. Cohen).Chapter 14: Influence and Political Processes in Virtual Teams (Efrat Elron and Eran Vigoda).Chapter 15: Conflict and Virtual Teams (Terri L. Griffith, Elizabeth A. Mannix, and Margaret A. Neale).Chapter 16: The Development of Global Virtual Teams (Julia Gluesing, Tara Alcordo, Marietta Baba, David Britt, Kimberly Harris Wagner, Willie McKether, Leslie Monplaisir, Hilary Ratner, and Kenneth Riopelle).Chapter 17: Closing the Time Gap in Virtual Teams (Janice A. Klein & Astrid Kleinhanns).Summary: It's All About Action (Cristina B. Gibson and Susan G. Cohen).Chapter 18: The Last Word: Conclusions and Implications (Cristina B. Gibson and Susan G. Cohen).
633 citations