Threat Assessment

Inside and Out? The information Security Threat from Insiders

ABSTRACT

A ‘broad’ definition of insider is proposed: someone who has skills, knowledge, resources or access, considered privileged to, or under the control of, an organization. This extends the traditional ‘narrow’ definition of insider as someone who just has privileged access to IT systems. This broad definition allows a detailed analysis of the strategy and modus operandi of insiders using threat susceptibility factors such as catalysts, inhibitors and amplifiers. This analysis is then used as a basis for a review of insider threat counter-measures.

A Methodology for the Assessment of the Capability of Threat Agents in an Information Environment

ABSTRACT

The proliferation in the use of information and communications technologies over the last three decades has resulted in significant changes in the level and type of threat that is posed to the information environment that we have come to rely on. The way in which the threat that is posed to an information environment is assessed has not advanced at the same rate as the technology. As a result, there is, at the present time, no way in which the threats that are posed to information systems can be either modeled or quantified in any meaningful or repeatable manner. This paper will investigate a number of methodologies in order to attempt to identify one that will provide an accurate representation of the threat to information systems in a range of scenarios.

Analysis of Programmable Logic Controller Firmware for Threat Assessment and Forensic Investigation

ABSTRACT

Industrial Control Systems are developing into highly networked collections of
distributed devices. The next generation of threats is likely to focus on PLC firmware. Just as traditional computer malware evolved to hide itself using operating system-level rootkits, so will ICS attacks evolve to embed themselves in the PLC equivalent: the firmware. This paper discusses the techniques and procedures required to access, inspect, and manipulate the firmware of an Allen-Bradley PLC. A detailed analysis provides details about the capabilities and methods required by an attacker, and the effectiveness of recovering PLC firmware for forensic investigation of a potential attack.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com