東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

Managing Cybersecurity and Privacy R...

Albakri, Adham.

FindBook

Google Book

Amazon

博客來

Managing Cybersecurity and Privacy Risks of Cyber Threat Intelliegence.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Managing Cybersecurity and Privacy Risks of Cyber Threat Intelliegence./
作者:	Albakri, Adham.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2021,
面頁冊數:	217 p.
附註:	Source: Dissertations Abstracts International, Volume: 84-08, Section: A.
Contained By:	Dissertations Abstracts International84-08A.
標題:	Personal information. -
電子資源:	https://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=30256672
ISBN:	9798371938282

Managing Cybersecurity and Privacy Risks of Cyber Threat Intelliegence.
Albakri, Adham.

Managing Cybersecurity and Privacy Risks of Cyber Threat Intelliegence. - Ann Arbor : ProQuest Dissertations & Theses, 2021 - 217 p.

Source: Dissertations Abstracts International, Volume: 84-08, Section: A.

Thesis (Ph.D.)--University of Kent (United Kingdom), 2021.

This item must not be sold to any third party vendors.

In recent years, the number of cyber-attacks that affect critical infrastructures such as health, telecommunications and banks has been rapidly increasing. Sharing Cyber Threat Intelligence (CTI) is being encouraged and mandated as a way of improving overall cyber intelligence and defence, but its take up is slow. Organisations may well be justified in perceiving risks in sharing and disclosing cyber incident information, but they tend to express such worries in broad and vague terms. There are risks of breaching regulations and laws regarding privacy. With laws and regulations such as the General Data Protection Regulation (GDPR), the managers of CTI datasets need clear guidance on how and when it is legal to share such information. This thesis supports the decision of sharing CTI datasets as it proposes a novel contribution through a detailed understanding of which information in cyber incident reports requires protection against specific threats with assessed severity.It presents a specific and granular analysis of the risks in cyber incident information sharing, looking in detail at what information may be contained in incident reports and which specific risks are associated with its disclosure. It provides a set of guidelines for the disciplined use of the STIX incident model in order to reduce information security risk. Then, it proposes a quantitative risk model to assess the risk of sharing CTI datasets enabled by sharing with different entities in various situations. The evaluation of the cyber incident model analysis and the quantative risk model has been validated by means of experts' opinions.As a final contribution, this thesis defines the impact that GDPR legal aspects may have on the sharing of CTI that helps technical people and CTI managers with limited legal expertise to encompass legal consideration before sharing CTI datasets. In addition, it recommends protection levels for sharing CTI to ensure compliance with the GDPR.

ISBN: 9798371938282Subjects--Topical Terms:

3562412
Personal information.

Managing Cybersecurity and Privacy Risks of Cyber Threat Intelliegence.
LDR:03128nmm a2200373 4500 001 2395893
005 20240531084202.5
006 m o d
007 cr#unu||||||||
008 251215s2021 ||||||||||||||||| ||eng d
020 $a 9798371938282
035 $a (MiAaPQ)AAI30256672
035 $a (MiAaPQ)UnivKentCanterbury90779
035 $a AAI30256672
040 $a MiAaPQ $c MiAaPQ
100 1 $a Albakri, Adham. $3 3765410
245 1 0 $a Managing Cybersecurity and Privacy Risks of Cyber Threat Intelliegence.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2021
300 $a 217 p.
500 $a Source: Dissertations Abstracts International, Volume: 84-08, Section: A.
500 $a Advisor: Boiten, Eerke.
502 $a Thesis (Ph.D.)--University of Kent (United Kingdom), 2021.
506 $a This item must not be sold to any third party vendors.
520 $a In recent years, the number of cyber-attacks that affect critical infrastructures such as health, telecommunications and banks has been rapidly increasing. Sharing Cyber Threat Intelligence (CTI) is being encouraged and mandated as a way of improving overall cyber intelligence and defence, but its take up is slow. Organisations may well be justified in perceiving risks in sharing and disclosing cyber incident information, but they tend to express such worries in broad and vague terms. There are risks of breaching regulations and laws regarding privacy. With laws and regulations such as the General Data Protection Regulation (GDPR), the managers of CTI datasets need clear guidance on how and when it is legal to share such information. This thesis supports the decision of sharing CTI datasets as it proposes a novel contribution through a detailed understanding of which information in cyber incident reports requires protection against specific threats with assessed severity.It presents a specific and granular analysis of the risks in cyber incident information sharing, looking in detail at what information may be contained in incident reports and which specific risks are associated with its disclosure. It provides a set of guidelines for the disciplined use of the STIX incident model in order to reduce information security risk. Then, it proposes a quantitative risk model to assess the risk of sharing CTI datasets enabled by sharing with different entities in various situations. The evaluation of the cyber incident model analysis and the quantative risk model has been validated by means of experts' opinions.As a final contribution, this thesis defines the impact that GDPR legal aspects may have on the sharing of CTI that helps technical people and CTI managers with limited legal expertise to encompass legal consideration before sharing CTI datasets. In addition, it recommends protection levels for sharing CTI to ensure compliance with the GDPR.
590 $a School code: 5021.
650 4 $a Personal information. $3 3562412
650 4 $a Data integrity. $3 2142314
650 4 $a Threats. $3 594889
650 4 $a Computer security. $3 540555
650 4 $a Confidentiality. $3 736289
650 4 $a Decision making. $3 517204
650 4 $a Malware. $3 3562952
650 4 $a Privacy. $3 528582
650 4 $a Civil engineering. $3 860360
650 4 $a Computer science. $3 523869
650 4 $a Information technology. $3 532993
650 4 $a Web studies. $3 2122754
690 $a 0543
690 $a 0984
690 $a 0501
690 $a 0489
690 $a 0646
710 2 $a University of Kent (United Kingdom). $3 3642032
773 0 $t Dissertations Abstracts International $g 84-08A.
790 $a 5021
791 $a Ph.D.
792 $a 2021
793 $a English
856 4 0 $u https://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=30256672