Portunes: Representing Attack Scenarios Spanning through the Physical, Digital and Social Domain
نویسندگان
چکیده
The security goals of an organization are realized through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals by combining physical, digital and social means. A systematic analysis of such attacks requires the whole environment where the insider operates to be formally represented. This paper presents Portunes, a framework which integrates all three security domains in a single environment. Portunes consists of a high-level abstraction model focusing on the relations between the three security domains and a lower abstraction level language able to represent the model and describe attacks which span the three security domains. Using the Portunes framework, we are able to represent a whole new family of attacks where the insider is not assumed to use purely digital actions to achieve a malicious goal.
منابع مشابه
Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain
The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means. This paper presents the Portunes model, a model for describing and...
متن کاملPortunes: analyzing multi-domain insider threats
The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals sho...
متن کاملAlignment of Organizational Security Policies Theory and Practice
To address information security threats, an organization defines security policies that state how to deal with sensitive information. These policies are high-level policies that apply for the whole organization and span the three security domains: physical, digital and social. One example of a high-level policy is: ”The sales data should never leave the organization.” The high-level policies ar...
متن کاملCyber Threats Foresight Against Iran Based on Attack Vector
Cyber threats have been extraordinary increased in recent years. Cyber attackers, including government agencies or hackers, have made significant advances in the use of various tools for attacking target systems in some countries particularly on Islamic republic of Iran. The complexity of cyber threats and the devastating effects of them on critical systems highlights necessity of cyber thr...
متن کاملDeveloping Earthquake Resiliency Scenarios based on Rural-Urban Linkages (Case Study: Shemiranat, Damavand and Firouzkoh)
Linkages in geographical spaces representing a region is not just a functional system which has been formed by various settlements. It rather takes its power from social, economic and physical networks and their interactions which means it is controlled by aforementioned networks. Therefore, there are always rural area and urban area with some relations or linkages. In this regard, relation mos...
متن کامل