Catalogue Search | MBRL
Are you sure you want to remove the book from the shelf?
{{itemTitle}}
46,011
result(s) for
"Operations security"
Sort by:
A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers
Recently, a majority of security operations centers (SOCs) have been facing a critical issue of increased adoption of transport layer security (TLS) encryption on the Internet, in network traffic analysis (NTA). To this end, in this survey article, we present existing research on NTA and related areas, primarily focusing on TLS-encrypted traffic to detect and classify malicious traffic with deployment scenarios for SOCs. Security experts in SOCs and researchers in academia can obtain useful information from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification. Especially, we have discussed pros and cons of three main deployment models for encrypted NTA: TLS interception, inspection using cryptographic functions, and passive inspection without decryption. In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods.
Journal Article
Deterring cyber warfare : bolstering strategic stability in cyberspace
Deterrence theory was well developed during the Cold War for the deterrence of kinetic attacks. While the deterrence of cyber attacks is one of the most important issues facing the United States and other nations, the application of deterrence theory to the cyber realm is problematic. This study offers an introduction to cyber warfare and a review of the challenges associated with deterring cyber attacks. Mazanec and Thayer recommend efforts in three specific areas to aid the deterrence of major cyber attacks: by cultivating beneficial norms for strategic stability; by continuing efforts in the area of improving cyber forensics and defences; and, finally, by developing and communicating a clear declaratory policy and credible options for deterrence-in-kind so as to make escalation unavoidable and costly. This timely study reflects increased international interest in cyber warfare, and is based on the recognition that information networks in cyberspace are becoming operational centres of gravity in armed conflict.
Book
Organizational science and cybersecurity: abundant opportunities for research at the interface
Cybersecurity is an ever-present problem for organizations, but organizational science has barely begun to enter the arena of cybersecurity research. As a result, the “human factor” in cybersecurity research is much less studied than its technological counterpart. The current manuscript serves as an introduction and invitation to cybersecurity research by organizational scientists. We define cybersecurity, provide definitions of key cybersecurity constructs relevant to employee behavior, illuminate the unique opportunities available to organizational scientists in the cybersecurity arena (e.g., publication venues that reach new audiences, novel sources of external funding), and provide overall conceptual frameworks of the antecedents of employees’ cybersecurity behavior. In so doing, we emphasize both end-users of cybersecurity in organizations and employees focused specifically on cybersecurity work. We provide an expansive agenda for future organizational science research on cybersecurity—and we describe the benefits such research can provide not only to cybersecurity but also to basic research in organizational science itself. We end by providing a list of potential objections to the proposed research along with our responses to these objections. It is our hope that the current manuscript will catalyze research at the interface of organizational science and cybersecurity.
Journal Article
North Korea's cyber operations : strategy and responses
North Korea is emerging as a significant actor in cyberspace with both its military and clandestine organizations gaining the ability to conduct cyber operations. However, there is no comprehensive standard literature about North Korea's cyber capabilities that takes an integrated view of the topic. Existing research is fragmented in pockets of strategic, technical, and policy pieces, though no individual study reaches far enough to create a standard reference document about North Korea's cyber capabilities. This report aims to fill this void, integrating Korean and English language information sources, existing work in each respective field, and creating a foundation for future deeper research.
Book
Bridging the Gap: Enhancing Maritime Vessel Cyber Resilience through Security Operation Centers
Increasingly disruptive cyber-attacks in the maritime domain have led to more efforts being focused on enhancing cyber resilience. From a regulatory perspective, there is a requirement that maritime stakeholders implement measures that would enable the timely detection of cyber events, leading to the adoption of Maritime Security Operation Centers (M-SOCs). At the same time, Remote Operation Centers (ROCs) are also being discussed to enable increased adoption of highly automated and autonomous technologies, which could further impact the attack surface of vessels. The main objective of this research was therefore to better understand both enabling factors and challenges impacting the effectiveness of M-SOC operations. Semi-structured interviews were conducted with nine M-SOC experts. Informed by grounded theory, incident management emerged as the core category. By focusing on the factors that make M-SOC operations a unique undertaking, the main contribution of this study is that it highlights how maritime connectivity challenges and domain knowledge impact the M-SOC incident management process. Additionally, we have related the findings to a future where M-SOC and ROC operations could be converged.
Journal Article
Cyberspace in peace and war
\"Cyberspace in Peace and War presents a comprehensive understanding of cybersecurity, cyberwar, and cyber terrorism. From basic concepts to advanced principles, Libicki examines the sources and consequences of system compromises, addresses how cybersecurity policies can strengthen countries defenses--leaving them less susceptible to cyberattack, and explores cybersecurity in the context of military operations, highlighting unique aspects of the digital battleground and strategic uses of cyberwar. He provides the technical and geopolitical foundations of cyberwar necessary to understand the policies, operations, and strategies required for safeguarding an increasingly online infrastructure.\"--Provided by publisher.
Book
SELID: Selective Event Labeling for Intrusion Detection Datasets
A large volume of security events, generally collected by distributed monitoring sensors, overwhelms human analysts at security operations centers and raises an alert fatigue problem. Machine learning is expected to mitigate this problem by automatically distinguishing between true alerts, or attacks, and falsely reported ones. Machine learning models should first be trained on datasets having correct labels, but the labeling process itself requires considerable human resources. In this paper, we present a new selective sampling scheme for efficient data labeling via unsupervised clustering. The new scheme transforms the byte sequence of an event into a fixed-size vector through content-defined chunking and feature hashing. Then, a clustering algorithm is applied to the vectors, and only a few samples from each cluster are selected for manual labeling. The experimental results demonstrate that the new scheme can select only 2% of the data for labeling without degrading the F1-score of the machine learning model. Two datasets, a private dataset from a real security operations center and a public dataset from the Internet for experimental reproducibility, are used.
Journal Article
Cyber warfare : a reference handbook
This timely handbook traces the development of cyber capabilities from their roots in information warfare and cryptology to their potential military application in combat.
Book
Reconciling Tensions in Security Operations Centers a Paradox Theory Approach
There is pressure on security operations centers (SOCs) from public and private industries as they are coping with the surge of cyberattacks, which is making the reconciliation of inherent organizational tensions a priority. This study surfaces two persistent tensions: (1) expediency versus authority, and (2) adaptability versus consistency that have remained underexplored in cybersecurity literature. We based the research on empirical data collected across three organizational settings, an international consumer packaged goods, a non-departmental public body based in the Netherlands, and a global managed security service provider. Thus, we reveal these not as isolated trade-offs but as paradoxes that must be continuously navigated within SOC operations. Built upon both empirical analysis and Paradox Theory, we develop a conceptual model that explains how SOCs reconcile these tensions through the strategic integration of artificial intelligence (AI), automation, and human expertise. Our model emphases that AI and automation do not replace human analysts; rather, they allow a new form of organizational balance, through mechanisms such as Dynamic Equilibrium and iterative integration. The model demonstrates how SOCs embed technological and human capabilities to sustain simultaneously agility, consistency, authority, and speed. By reframing AI integration as a process of paradox reconciliation, not as a resistance or automation alone, this study contributes new theoretical insight into the sociotechnical dynamics shaping the future of cybersecurity operations.
Journal Article