Cyber Security Practitioner's Guide

Contents
About the Editor
Contributors’ Biographies
Introduction: It’s Time to Make the Case for Ethics
Facets of Performance
The Need for a New Dimension
Ethics and morals
The principal ethical philosophies
The Emerging Reality
Ethics now
The need for pragmatism
What Next?
Chapter 1 Attack Vectors and the Challenge of Preventing Data Theft
1.1. Cyber Attack Vectors
1.1.1. A brief look at the attack vectors in high profile leaks
1.1.2. Overview of the high-profile leaks
1.1.3. High profile leaks and insider threat
1.1.4. What exfiltration methods are possible on a corporate network?
1.2. Scope of Discussion on Data Exfiltration Methods
1.2.1. Web server attack — SQL injection
1.2.2. Cross Site Scripting
1.2.3. PowerShell exploits
1.2.4. Command and Control
1.2.5. Phishing emails
1.2.6. Documents with embedded code and other attachments
1.2.7. Business Email Compromise
1.2.8. Emerging threats: Knock-Knock and Office 365
1.3. Exfiltration Methods
1.3.1. Exfiltration using DNS aka DNS tunnelling
1.3.2. DNS tunnelling tools
1.3.3. DNS tunnelling detection
1.3.4. Malware using DNS tunnelling
1.4. The Threat Posed by Web Storage and Web Exfiltration
1.4.1. ICMP tunnelling
1.4.2. NTP tunnelling
1.4.3. The threat posed by email
1.4.4. Steganography
1.4.5. Dealing with a cyber attack
1.5. Remediation of Security Breaches
1.5.1. Detecting attacks using honeypots
1.5.2. Detecting attacks by network monitoring
1.6. Detection of Security Breaches — Overview
1.6.1. Black hat, white hat and grey hat hacking
1.6.2. Open-sourcing of security tools
1.7. Methods and Models for Security and Privacy
1.7.1. Methods for security reengineering
1.7.2. Privacy-enhancing technologies and trustworthy information systems
1.8. What Kinds of Products Are There to Prevent Data Theft?
1.9. Detect and Block Using a Firewall
1.9.1. Detect and block using an agent or app at the endpoint
1.9.2. Detect and block using a proxy
1.9.3. Detect and block using a next-generation firewall
1.9.4. Detect and alert using network traffic analysis
1.9.5. Detecting sensitive data
1.10. Recommendations to Protect Against Data Theft
1.11. The Future — STIX, TAXII and Cyber Threat Intelligence
1.12. Conclusion on How to Guard Against Attacks and Prevent Data Theft
Glossary
References
Chapter 2 Management of a Cyber Attack
2.1. Introduction
2.1.1. What is a cyber attack?
2.1.2. Some cyber attack statistics
2.2. Security Incident Response from an Organisation’s Viewpoint
2.2.1. Creating effective security policies
2.2.1.1. Format and layout of a policy
2.2.1.2. Preparing a security policy
2.2.1.3. Exceptions to policy
2.2.2. Cyber incident response plan
2.2.2.1. Security procedures
2.2.2.2. Identification
2.2.2.3. Initial containment
2.2.2.4. Notification
2.2.2.5. Analysis
2.2.2.6. Containment
2.2.2.7. Eradication
2.2.2.8. Recovery
2.2.2.9. Post-incident actions
2.3. Business Risk and Cyber Insurance — Its Place in Your Cyber Response Toolkit
2.3.1. What is risk management?
2.3.2 Cyber insurance
2.4. Conclusion
References
Chapter 3 Practical Cyber Security for Digital Trains
3.1. Introduction
3.2. In Search of Solutions
3.3. Critical Infrastructure
3.4. Conclusion
Glossary
References
Chapter 4 An Approach to Identify Risk-Based Human Behaviour Profiling Within an Office Environment
4.1. Background
4.1.1. The target organisation
4.2. Security Architecture
4.2.1. Proximity technology
4.2.2. Data source
4.2.3. Design approach
4.2.4. Insider threat
4.3. Behaviour Traits
4.4. Threat Detection Methodology
4.4.1. Roles and relationships
4.4.2. Zoning
4.4.3. Infrastructure features
4.4.4. Business areas
4.4.5. Locating beacons and aligning with risk areas
4.4.6. Mapping roles
4.4.7. Human interaction patterns
4.4.8. Hotspots
4.5. Anomaly Detection
4.5.1. Data noise
4.5.2. Detecting anomalies
4.5.3. Classification
4.5.4. Point-based anomalies
4.5.5. Contextual-based anomalies
4.5.6. Collective anomalies
4.6. Threat Model and Algorithm
4.6.1. Extracting the data
4.6.2. Threat detection application
4.6.3. Baseline behaviour
4.6.4. Analysing data
4.6.5. Entry points
4.6.6. Time of day
4.6.7. Time spent in a zone
4.6.8. Zone metrics
4.6.9. Pattern triggers
4.7. The Algorithm
4.7.1. Verification process
4.7.2. False positives
4.7.3. Experiment validation
4.8. Regulations and Legal Considerations
4.8.1. GDPR
4.8.2. Privacy laws
4.9. Conclusions and Recommendations
References
Chapter 5 Ransomware
5.1. Introduction
5.2. Ransomware and How It Impacts Different Platforms
5.3. Methodology of Ransomware
5.4. Latest and Most Prominent Ransomwares
5.5. Platforms Affected by Ransomware Attacks
5.6. Preventing Ransomware Attacks
5.7. Conclusion
References
Chapter 6 Protecting and Securing Data Through Blockchain Across Industries
6.1. Introduction
6.2. What Is Blockchain?
6.2.1. Blockchain overview: How does it work?
6.2.2. Public and private blockchains
6.2.3. Blockchain data storage
6.2.4. Benefits of blockchain
6.2.5. Potential security issues and limitations on blockchain
6.3. Threats to Mission Critical Data: Vulnerabilities and Cyber Attacks
6.3.1. Ransomware
6.3.2. Social engineering: Phishing and spear-phishing
6.4. Cyber Breaches and Client Data Theft Concerns
6.4.1. Cyber breach analysis
6.4.2. Deep web impacts to the client
6.5. Is Blockchain the Answer Industry is Looking for Regarding Securing Data?
6.6. Conclusions
References
Chapter 7 Bring Your Own Device: GDPR Compliant or Headache? The Human Aspect in Security and Privacy
7.1. Introduction
7.2. BYOD Architecture, Security Status and Challenges
7.2.1. Current security models
7.2.1.1. Mobile Device Management (MDM)
7.2.1.2. Mobile Application Management (MAM)
7.2.1.3. Mobile Information Management (MIM)
7.2.2. Security concerns
7.2.3. BYOD security challenges
7.3. Impact of GDPR on BYOD Architectures
7.3.1. Threats to personal data security
7.4. Guidelines to Enhance Security Posture on Mobile Devices
7.4.1. Strong passwords
7.4.2. Anti-virus software
7.4.3. Authentication mechanisms
7.4.4. Remote control
7.4.5. Importance of not rooting/jailbreaking the device
7.4.6. Virtual private networks
7.4.7. Download applications from trusted sources
7.4.8. Update systems to latest patches
7.5. Integration of a Multi-Layer Policy and the Information Governance Framework for a BYOD Security Framework
7.6. Conclusion
References
Chapter 8 GDPR Compliance: Incident Response and Breach Notification Challenges
8.1. Introduction
8.1.1. Background
8.1.2. Aims
8.2. Literature Review
8.2.1. Changes in the legal and regulatory landscape
8.2.2. Exploration of a data breach and its wider impact
8.2.3. Privacy risks in IoT and third-party apps
8.2.4. Establishing privacy by design and default
8.2.5. Encryption and pseudonymisation
8.2.6. Comparison of incident response frameworks
8.2.7. Security culture and leadership within incident response programs
8.2.8. Summary of literature
8.3. Development of Decision Support System
8.3.1. Pre-GDPR incident response frameworks
8.3.2. Compliant GDPR framework design
8.3.3. Justification for component selection
8.4. Focus Group
8.4.1. Recruitment of participants
8.4.2. Ethical consideration
8.5. Results and Analysis
8.5.1. Results
8.5.2. Usability of DSS for addressing privacy by design and default
8.5.3. Feedback and recommendations for improving design
8.5.4. Feasibility of DSS for implementation
8.5.5. Summary of results and analysis
8.6. Evaluation of Research Process and Methods
8.6.1. Research limitations
8.7. Conclusion and Recommendation
8.7.1. Recommendations for future work
References
Chapter 9 Evaluation of the Standardised Digital Forensic Investigation Process Model (SDFIPM)
9.1. Introduction
9.1.1. Research problem
9.1.2. Structure of the paper
9.2. Background to the Previous DFIPMs
9.3. Research Methodology
9.4. Overview of the SDFIPM
9.4.1. Examination process
9.4.2. Analysis process
9.4.3. Interpretation process
9.4.4. Event reconstruction process
9.4.5. Reporting process
9.4.6. Presentation process
9.4.7. Investigation closure process
9.5. Demonstration of the SDFIPM
9.5.1. Case study
9.6. Evaluation of the SDFIPM
9.6.1. Methods of validation
9.6.2. Expert selection process
9.6.3. Feedback formats and analysis
9.6.4. General feedback
9.6.5. Detailed feedback and responses
9.6.6. Analysis of the results
9.6.7. Alterations made to the SDFIPM
9.7. Conclusion
9.7.1. Research problem addressed
9.7.2. Research contribution
9.7.3. Future work
References
Appendix A
Appendix B
Appendix C
Chapter 10 Blockchain of Custody, BoC
10.1. Introduction
10.2. Background
10.3. Blockchain of Custody, BoC
10.3.1. Scope
10.3.2. Transactions
10.3.3. No Wi-Fi, no reception
10.3.4. Incentives
10.3.5. Permissioned blockchain
10.3.6. Tokens
10.3.7. Hyperledger
10.4. Design
10.4.1. User modelling
10.4.2. Data modelling
10.4.3. Access control
10.4.4. Operational Logic
10.4.5. Summary
10.5. Results
10.5.1. Creating a new investigation
10.5.2. Adding a new member to the First Response Team (FRT)
10.5.3. Seizure
10.5.4. Exchange of artefact
10.6. Conclusions
10.6.1. Recommendations
10.6.2. Future work
10.6.3. Summary
References
Chapter 11 New Issues in Cyber Security Forensics
11.1. Introduction
11.1.1. Computer networks
11.2. Cyber Security on Mobile Devices
11.2.1. Security and information protection
11.2.2. Voice over wireless networks
11.3. Wi-Fi Vulnerabilities
11.3.1. Threats and attacks
11.3.2. Wireless sensor networks
11.4. Security and Privacy Adaptation
11.4.1. Network security challenges
11.5. Security in Mobile Operating Environments
11.5.1. Mobile security vulnerabilities
11.5.2. Power in wireless devices
11.5.3. Limitations caused by energy consumption in encryption
11.5.4. Current state of security
11.5.5. Secure access to applications
11.5.6. Social media sites
11.6. Cross Border Security
References
Chapter 12 Ethical Considerations and a Proposed Support Process When Employing People With Autistic Spectrum Disorder in Cyber Security Roles
12.1. Literature Review
12.1.1. Autistic Spectrum Disorder
12.1.1.1. Basic brain anatomy
12.1.1.2. Support processes
12.1.2. TEACCH (Treatment and Education of Autistic and related Communication-handicapped Children)
12.1.3. Project SEARCH
12.1.4. Transition
12.1.5. Assistive technology
12.1.6. Cyber security
12.1.7. Laws and ethics
12.1.7.1. Relevant UK laws
12.1.7.2. Ethics
12.2. Methodology
12.2.1. Qualitive review
12.2.2. Questionnaires
12.2.3. Case studies
12.2.4. Autistic savantism
12.3. Analysis and Critical Discussion
12.3.1. Matching traits with opportunities
12.3.1.1. Traits and strengths
12.3.1.2. Opportunities
12.3.2. Potential issues
12.3.2.1. Social communication
12.3.2.2. Social interaction
12.3.2.3. Honesty
12.3.2.4. Routines and repetitive behaviour
12.3.2.5. Focussed interests
12.3.2.6. Sensory perception
12.3.3. Questionnaire response analysis
12.3.3.1. National Autistic Society questionnaire
12.3.3.2. Employer questionnaire
12.3.4. Autistic brain structural anomalies
12.4. Conclusions
References
Chapter 13 An Ethical Approach to Understanding Cyber Security
13.1. Introduction
13.2. A Working Definition of Ethics
13.3. Computers and Ethics in Cyber Security
13.3.1. Information governance and policy vacuum
13.3.2. Cyber security in unknown waters
13.4. The Ethical Significance of Cyber Security
13.5. The Undermining of Ethical Issues in Cyber Security
13.5.1. Hacking and computer wrongdoing
13.6. Cyber and Information Conflict
13.7. Ethical View of the GDPR’s Cyber Security
13.7.1. Record keeping
13.7.2. The “security of processing”
13.7.3. Data ruptures
13.7.4. Data protection impact assessment
13.7.5. Staff mindfulness program
13.8. Ethical Issues and Data Privacy
13.8.1. Privacy and its significance
13.8.2. Threats to privacy
13.9. Ethics and Research in Cybersecurity
13.10. Concluding Remark
Suggested Reading
References
Chapter 14 An Analysis of Data Mining Metrics to Identify and Evaluate Potential Radicalisation Utilising Social Media
14.1. Introduction
14.2. Literature Review
14.2.1. Psychological traits and linguistic theory
14.2.2. Social media and current events
14.2.3. Wider relative research
14.3. Research Methodology
14.3.1. Datasets
14.4. Keyword Analysis
14.4.1. Word count
14.4.2. Keyword-in-context
14.4.3. Data analysis
14.5. Keyword Metric Results of the Data Analysis
14.5.1. Analytical comparison of the keyword metrics
14.5.2. Legislative and jurisdiction factors interconnected with the definitions of radicalisation and extremism
14.5.3. Analysis of the social media platform and policies, and their effect on current and future data capturing
14.5.4. Review of the collated analytic data, psychological, social and legislative research
14.6. Conclusions
References
Chapter 15 The European Union’s General Data Protection Regulation (GDPR)
15.1. Introduction
15.2. Legislative Background
15.3. Personal Data Under GDPR
15.4. Data Processing
15.5. General Principles
15.6. The Data Protection Officer
15.7. Data Protection Impact Assessment
15.8. The Fines and the Press
15.9. Information Technology and the GDPR
15.10. Conclusions
References
Index