Critical Information Infrastructure Security

A number of nations developed and published a national cyber security strategy (NCSS). Most of them were published in the period 2009 2011. Despite the fact that each of these NCSS intends to address the cyber security threat, large differences exist between the NCSS approaches. This paper analyses and compares the NCSS of Australia, Canada, Czech Republic, France, Germany, Japan, The Netherlands, New Zealand, the United Kingdom, and the United States. Thirteen observations lead to a set of conclusions which nations with an NCSS and developers of future NCSS may use to their advantage.

[1]  Carrie Gates,et al.  Defining the insider threat , 2008, CSIIRW '08.

[2]  Panayiotis Kotzanikolaou,et al.  Risk-Based Criticality Analysis , 2009, Critical Infrastructure Protection.

[3]  Geoffrey H. Kuenning,et al.  Detecting insider threats by monitoring system call activity , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[4]  Paul Thompson,et al.  Weak models for insider threat detection , 2004, SPIE Defense + Commercial Sensing.

[5]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[6]  Steven Furnell,et al.  Insider Threat Prediction Tool: Evaluating the probability of IT misuse , 2002, Comput. Secur..

[7]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[8]  Michael Boss,et al.  Network topology of the interbank market , 2003, cond-mat/0309582.

[9]  Dimitris Gritzalis,et al.  Long-term verifiability of healthcare records authenticity , 2007 .

[10]  Jean-Pierre Müller,et al.  Interbank Credit Lines as a Channel of Contagion , 2006 .

[11]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[12]  Thomas L. Magnanti,et al.  Connectivity-splitting models for survivable network design , 2004, Networks.

[13]  Brajendra Panda,et al.  Knowledge Acquisition and Insider Threat Prediction in Relational Database Systems , 2009, 2009 International Conference on Computational Science and Engineering.

[14]  Nils Kalstad Svendsen,et al.  Multigraph Dependency Models for Heterogeneous Infrastructures , 2007, Critical Infrastructure Protection.

[15]  Steven Furnell,et al.  Towards an insider threat prediction specification language , 2006, Inf. Manag. Comput. Secur..

[16]  Eric A. M. Luiijf,et al.  Modeling Dependencies In Critical Infrastructures , 2008, Critical Infrastructure Protection.

[17]  Davide Maria Parrilli,et al.  Legal Issues in Grid and Cloud Computing , 2010, Grid and Cloud Computing.

[18]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[19]  Sadie Creese,et al.  A Modelling Approach for Interdependency in Digital Systems-of-Systems Security - Extended Abstract , 2010, CRITIS.

[20]  Tom Fong,et al.  Measuring the Interdependence of Banks in Hong Kong , 2009 .

[21]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[22]  Ronald E. Fisher,et al.  Analyzing Cross-Sector Interdependencies , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[23]  William Eberle,et al.  Insider Threat Detection Using Graph-Based Approaches , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[24]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[25]  Dimitris Gritzalis,et al.  Smartphone security evaluation The malware attack case , 2011, Proceedings of the International Conference on Security and Cryptography.

[26]  Jennifer Neville,et al.  Relational Dependency Networks , 2007, J. Mach. Learn. Res..

[27]  Milos Manic,et al.  CIMS: A Framework for Infrastructure Interdependency Modeling and Analysis , 2006, Proceedings of the 2006 Winter Simulation Conference.

[28]  Keven G. Ruby,et al.  The Insider Threat to Information Systems , 2022 .

[29]  Dimitris Gritzalis,et al.  Exploitation of auctions for outsourcing security-critical projects , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[30]  Kwangjo Kim,et al.  Yet Another Intrusion Detection System against Insider Attacks , 2008 .

[31]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[32]  Shufen Liu,et al.  A Prediction Model of Insider Threat Based on Multi-agent , 2006, 2006 First International Symposium on Pervasive Computing and Applications.

[33]  Diomidis Spinellis,et al.  Evaluating certificate status information mechanisms , 2000, CCS.

[34]  J. Yang,et al.  Network Models and Financial Stability , 2008 .

[35]  Ning Hu,et al.  A Layered Approach to Insider Threat Detection and Proactive Forensics , 2005 .

[36]  Steven Furnell,et al.  A preliminary model of end user sophistication for insider threat prediction in IT systems , 2005, Comput. Secur..

[37]  B. Panda,et al.  A Knowledge-Base Model for Insider Threat Prediction , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[38]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[39]  Dimitris Gritzalis,et al.  An Insider Threat Prediction Model , 2010, TrustBus.

[40]  Joos Vandewalle,et al.  (How) can mobile agents do secure electronic transactions on untrusted hosts? A survey of the security issues and the current solutions , 2003, TOIT.