Skip to main content
SpringerLink
Log in

SA-EF Cube: An Evaluation Framework for Assessing Intelligent Context-Aware Critical Information Infrastructure Protection Solutions

  • Conference paper
  • First Online:
Information Security (ISSA 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 973))

Included in the following conference series:

  • 810 Accesses

Abstract

Advances in technologies such as cloud computing and Bring Your Own Technology (BYOT) environments have dramatically changed the way in which organisations do business. Critical Information Infrastructure (CII) is at the core of this revolution, yet it has become an almost impossible task to protect CII against all possible threats effectively. Multi Agent Systems (MASs) and have addressed Critical Information Infrastructure Protection (CIIP) from unique ways, yet these approaches often lack a sufficient contextualisation of the environment and its dynamism. Without a sufficient contextualisation of an environment and the dynamism that is associated with it, an automated CIIP mechanism will never be truly effective. To address this contextualisation problem that autonomous CIIP-mechanism face, the SA-EF Cube model is proposed. The model can be used as a “checklist” to assess if an autonomous CIIP solution covers the fundamental requirements to contextualise the problem domain of CIIP. The SA-EF Cube model is by no means exhaustive in nature, serves as solid foundation for an implementation checklist before any CIIP mechanism is contextualised and developed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A HIS process whereby elements are classified as harmful or not. This process enables non-self-elements to live within the environment as long as they are non-malicious in nature.

  2. 2.

    A HIS process whereby discrimination occurs between elements which form part of the self and those which do not.

References

  1. Bruque, S., Moyano, J., Maqueira, J.M.: Use of cloud computing, web 2, 0 and operational performance: the role of supply chain integration. In: Academy of Management Proceedings, vol. 2014, no. 1, p. 10524. Academy of Management (2014)

    Google Scholar 

  2. von Solms, S.H., von Solms, R.: Information Security Governance. Springer, New York (2008). https://doi.org/10.1007/978-0-387-79984-1

    Book  Google Scholar 

  3. Hadji-Janev, M.: Threats to the critical information infrastructure protection (CIIP) posed by modern terrorism. In: Critical Information Infrastructure Protection and Resilience in the ICT Sector, vol. 93 (2013)

    Google Scholar 

  4. Almklov, P.G., Antonsen, S.: Making work invisible: new public management and operational work in critical infrastructure sectors. Public Adm. 92(2), 477–492 (2014)

    Article  Google Scholar 

  5. Ellefsen, I., von Solms, S.: Implementing critical information infrastructure protection structures in developing countries. In: Butts, J., Shenoi, S. (eds.) ICCIP 2012. IAICT, vol. 390, pp. 17–29. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35764-0_2

    Chapter  Google Scholar 

  6. Theron, P.: Critical Information Infrastructure Protection and Resilience in the ICT Sector. IGI Global, Hershey (2013)

    Book  Google Scholar 

  7. van Niekerk, J.H., Ehlers, E.M.: An immune-inspired multi-agent system for improved critical information infrastructure protection. Suid-Afrikaanse Tydskrif vir Natuurwetenskap en Tegnologie 34(1) (2015)

    Google Scholar 

  8. Wilson, C.: Cyber threats to critical information infrastructure. In: Chen, T.M., Jarvis, L., Macdonald, S. (eds.) Cyberterrorism, pp. 123–136. Springer, New York (2014). https://doi.org/10.1007/978-1-4939-0962-9_7

    Chapter  Google Scholar 

  9. Slideteam.net: Computer Networking, [image] (2015). http://www.slideteam.net/media/catalog/product/cache/1/image/9df78eab33525d08d6e5fb8d27136e95/0/9/0914_complex_networking_diagram_main_office_and_branch_office_wan_lan_and_cloud_ppt_slide_Slide01.jpg. Accessed 8 Mar 2016

  10. Kuykendall, M., Wash, R.: Poor decision making can lead to cybersecurity breaches, Michigan State University (2015). http://msutoday.msu.edu/news/2015/poor-decision-making-can-lead-to-cybersecurity-breaches/. Accessed 8 Mar 2016

  11. Gaines, J., Martin, E.: Bring Your Own Device: Implementation, Recommendations and Best Practices (2014)

    Google Scholar 

  12. Mishra, A., Jani, K.: Comparative study on bring your own technology [BYOT]: applications & security. In: 2015 International Conference on Electrical, Electronics, Signals, Communication and Optimization (EESCO), pp. 1–6. IEEE (2015)

    Google Scholar 

  13. Gharajedaghi, J.: Systems Thinking: Managing Chaos and Complexity: A Platform for Designing Business Architecture. Elsevier, San Diego (2011)

    Google Scholar 

  14. Skotnes, R.O.: Management commitment and awareness creation-ICT safety and security in electric power supply network companies. Inf. Comput. Secur. 23, 302–316 (2015)

    Article  Google Scholar 

  15. Naccache, D., Sauveron, D. (eds.): WISTP 2014. LNCS, vol. 8501. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43826-8

    Book  Google Scholar 

  16. ISACA: An Introduction to the Business Model for Information Security (2009). http://www.isaca.org/knowledge-center/bmis/documents/introtobmis.pdf. Accessed 9 Mar 2016

  17. Kagan, A., Cant, A.: Information security: a socio-technical solution for homeland security threats within small to medium sized enterprises (SMEs). Homeland Secur. Rev. 8, 147 (2014)

    Google Scholar 

  18. Sumra, I.A., Hasbullah, H.B., AbManan, J.-L.B.: Attacks on security goals (confidentiality, integrity, availability) in VANET: a survey. In: Laouiti, A., Qayyum, A., Mohamad Saad, M.N. (eds.) Vehicular Ad-hoc Networks for Smart Cities. AISC, vol. 306, pp. 51–61. Springer, Singapore (2015). https://doi.org/10.1007/978-981-287-158-9_5

    Chapter  Google Scholar 

  19. Ellefsen, I.: The development of a cyber security policy in developing regions and the impact on stakeholders. In: IST-Africa Conference Proceedings 2014, p. 1–10. IEEE (2014)

    Google Scholar 

  20. Luiijf, E., Klaver, M., Nieuwenhuijs, A.: RECIPE–Good Practices for CIP Policy-Makers. The CIP report, vol. 9, pp. 13–14 (2011)

    Google Scholar 

  21. Robinson, N.: Information sharing for CIP: between policy, theory, and practice. In: Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection: Approaches for Threat Protection, vol. 324 (2012)

    Chapter  Google Scholar 

  22. Ardagna, C.A., Asal, R., Damiani, E., Vu, Q.H.: From security to assurance in the cloud: a survey. ACM Comput. Surv. (CSUR) 48(1), 2 (2015)

    Article  Google Scholar 

  23. Bygstad, B.: Generative mechanisms for innovation in information infrastructures. Inf. Organ. 20(3), 156–168 (2010)

    Article  Google Scholar 

  24. Sophos: Security Threat Trends 2015 (2015). https://www.sophos.com/en-us/threat-center/medialibrary/PDFs/other/sophos-trends-and-predictions-2015.pdf. Accessed 6 Apr 2015

  25. Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 833–844. ACM (2012)

    Google Scholar 

  26. Ferber, J.: Multi-agent Systems: An Introduction to Distributed Artificial Intelligence, vol. 1. Addison-Wesley, Reading (1999)

    Google Scholar 

  27. Jennings, N.R.: On agent-based software engineering. Artif. Intell. 117(2), 277–296 (2000)

    Article  MATH  Google Scholar 

  28. Wooldridge, M.: An Introduction to Multi Agent Systems. Wiley, West Sussex (2008)

    Google Scholar 

  29. Wooldridge, M., Jennigs, N.R.: Intelligent agents: theory and practice. Knowl. Eng. Rev. 10(2), 115–152 (2009)

    Article  Google Scholar 

  30. Daradoumis, T., Bassi, R., Xhafa, F., Caballé, S.: A review on massive e-learning (MOOC) design, delivery and assessment. In: 2013 Eighth International Conference on Parallel, Grid, Cloud and Internet Computing (3PGCIC), pp. 208–213. IEEE (2013)

    Google Scholar 

  31. Ouyang, M.: Review on modeling and simulation of interdependent critical infrastructure systems. Reliab. Eng. Syst. Saf. 121, 43–60 (2014)

    Article  Google Scholar 

  32. Shamshirband, S., Anuar, N.B., Kiah, M.L.M., Patel, A.: An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique. Eng. Appl. Artif. Intell. 26(9), 2105–2127 (2013)

    Article  Google Scholar 

  33. Tapia, D.I., Fraile, J.A., Rodríguez, S., Alonso, R.S., Corchado, J.M.: Integrating hardware agents into an enhanced multi-agent architecture for Ambient Intelligence systems. Inf. Sci. 222, 47–65 (2013)

    Article  Google Scholar 

  34. Heydenrych, M.: An adaptive multi-agent architecture for critical information infrastructure protection. Doctoral dissertation (2014). https://ujdigispace.uj.ac.za/bitstream/handle/10210/12370/Heydenrych,%20Mark.%20M.%20Sc.%202014.pdf?sequence=1. Accessed 10 Mar 2015

  35. Byrski, A., Dreżewski, R., Siwik, L., Kisiel-Dorohinicki, M.: Evolutionary multi-agent systems. Knowl. Eng. Rev. 30(2), 171–186 (2015)

    Article  Google Scholar 

  36. Aickelin, U., Dasgupta, D., Gu, F.: Artificial immune systems. Search Methodologies, pp. 187–211. Springer, Boston (2014). https://doi.org/10.1007/978-1-4614-6940-7_7

    Chapter  Google Scholar 

  37. Dasgupta, D., Nino, F.: Immunological Computation: Theory and Applications. Auerbach Publications, Boston (2008)

    Book  Google Scholar 

  38. Ghosh, D., Sharman, R., Rao, H.R., Upadhyaya, S.: Self-healing systems - survey and synthesis. Decis. Support Syst. 42(4), 2164–2185 (2007)

    Article  Google Scholar 

  39. Phogat, S., Gupta, N.: Basics of artificial immune system and its applications. Int. J. Sci. Res. Educ. 3(5) (2015)

    Google Scholar 

  40. Huang, S.J., Liu, X.Z.: Application of artificial bee colony-based optimization for fault section estimation in power systems. Int. J. Electr. Power Energy Syst. 44(1), 210–218 (2013)

    Article  Google Scholar 

  41. Shamshirband, S., et al.: Co-FAIS: cooperative fuzzy artificial immune system for detecting intrusion in wireless sensor networks. J. Netw. Comput. Appl. 42, 102–117 (2014)

    Article  Google Scholar 

  42. Van, T.N., Xuan, H.N., Chi, M.L.: A novel combination of negative and positive selection in artificial immune systems. VNU J. Sci. Comput. Sci. Commun. Eng. 31(1), 22–31 (2015)

    Google Scholar 

  43. Acampora, G., Cook, D.J., Rashidi, P., Vasilakos, A.V.: A survey on ambient intelligence in healthcare. Proc. IEEE 101(12), 2470–2494 (2013)

    Article  Google Scholar 

  44. Mohamed, A., Novais, P., Pereira, A., Villarrubia González, G., Fernández-Caballero, A. (eds.): Ambient Intelligence - Software and Applications. AISC, vol. 376. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19695-4

    Book  Google Scholar 

  45. Lewis, P.R., et al.: A survey of self-awareness and its application in computing systems. In: 2011 Fifth IEEE Conference on Self-Adaptive and Self-Organizing Systems Workshops (SASOW), pp. 102–107. IEEE (2011)

    Google Scholar 

  46. Bohn, J., Coroamă, V., Langheinrich, M., Mattern, F., Rohs, M.: Social, economic, and ethical implications of ambient intelligence and ubiquitous computing. In: Weber, W., Rabaey, J.M., Aarts, E. (eds.) Ambient Intelligence, pp. 5–29. Springer, Heidelberg (2005). https://doi.org/10.1007/3-540-27139-2_2

    Chapter  Google Scholar 

  47. Duval, S., Wicklund, R.A.: Effects of objective self-awareness on attribution of causality. J. Exp. Soc. Psychol. 9(1), 17–31 (1973)

    Article  Google Scholar 

  48. Vago, D.R., David, S.A.: Self-awareness, self-regulation, and self-transcendence (S-ART): a framework for understanding the neurobiological mechanisms of mindfulness. Frontiers Hum. Neurosci. 6, 296 (2012)

    Article  Google Scholar 

  49. de Lemos, R., et al.: Software engineering for self-adaptive systems: a second research roadmap. In: de Lemos, R., Giese, H., Müller, H.A., Shaw, M. (eds.) Software Engineering for Self-Adaptive Systems II. LNCS, vol. 7475, pp. 1–32. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35813-5_1

    Chapter  Google Scholar 

  50. Yuan, E., Esfahani, N., Malek, S.: A systematic survey of self-protecting software systems. ACM Trans. Auton. Adapt. Syst. (TAAS) 8(4), 17 (2014)

    Google Scholar 

  51. Cox, M.T.: Perpetual self-aware cognitive agents. AI Mag. 28(1), 32 (2007)

    Google Scholar 

  52. Aarts, E., et al.: Ambient Intelligence: European Conference, vol. 8850. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-14112-1

    Book  Google Scholar 

  53. Laugé, A., Hernantes, J., Sarriegi, J.M.: Critical infrastructure dependencies: a holistic, dynamic and quantitative approach. Int. J. Crit. Infrastruct. Prot. 8, 16–23 (2015)

    Article  Google Scholar 

  54. Sansurooh, K., Williams, P.A.: BYOD in ehealth: herding cats and stable doors, or a catastrophe waiting to happen? Australian eHealth Informatics and Security Conference, Edith Cowan University (2014)

    Google Scholar 

  55. Bessani, A.N., Sousa, P., Correia, M., Neves, N.F., Verissimo, P.: The CRUTIAL way of critical infrastructure protection. Secur. Priv. 6(6), 44–51 (2008)

    Article  Google Scholar 

  56. Lopez, J., Setola, R., Wolthusen, S.D.: Overview of critical information infrastructure protection. In: Lopez, J., Setola, R., Wolthusen, S.D. (eds.) Critical Infrastructure Protection 2011. LNCS, vol. 7130, pp. 1–14. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28920-0_1

    Chapter  Google Scholar 

  57. Pastrana, S., Montero-Castillo, J., Orfila, A.: Evading IDSs and firewalls as fundamental sources of information in SIEMs. In: Advances in Security Information Management: Perceptions and Outcomes. Nova Science Publishers, Inc. (2013). http://www.seg.inf.uc3m.es/papers/2013nova-evasion.pdf. Accessed 12 Mar 2016

  58. Sun, Y.L., Han, Z., Yu, W., Liu, K.R.: A trust evaluation framework in distributed networks: vulnerability analysis and defense against attacks. INFOCOM 6, 1–13 (2006)

    Google Scholar 

  59. Kahan, B.: Review of evaluation frameworks, prepared for saskatchewan ministry of education (2008). http://www.idmbestpractices.ca/pdf/evaluation-frameworks-review.pdf. Accessed 13 Mar 2016

  60. Kahan, B., Goodstadt, M.: The IDM manual - sections on: basics, suggested guidelines, evidence framework, research and evaluation, using the IDM framework, Centre for Health Promotion, University of Toronto (2005). http://idmbestpractices.ca/idm.php?content=resources-idm#manual. Accessed 13 Mar 2016

  61. Patton, M.Q.: Developmental Evaluation: Applying Complexity Concepts to Enhance Innovation and Use. Guilford Press (2011)

    Google Scholar 

  62. Yusof, M.M., Kuljis, J., Papazafeiropoulou, A., Stergioulas, L.K.: An evaluation framework for health information systems: human, organization and technology-fit factors (HOT-fit). Int. J. Med. Inf. 77(6), 386–398 (2008)

    Article  Google Scholar 

  63. Disterer, G.: ISO/IEC 27000, 27001 and 27002 for information security management (2013). http://file.scirp.org/Html/4-7800154_30059.htm. Accessed 13 Mar 2016

    Article  Google Scholar 

  64. Verry, J.: The relationship between the ISO 27001 and ISO 27002 standards (2013). http://www.pivotpointsecurity.com/blog/iso-27001-iso-27002-standards/. Accessed 13 Mar 2016

  65. ISACA: COBIT 4.1: Framework for IT Governance and Control (2016). http://www.isaca.org/knowledge-center/cobit/pages/overview.aspx. Accessed 13 Mar 2016

Download references

Author information

Authors and Affiliations

  1. Academy of Computer Science and Software Engineering, University of Johannesburg, Johannesburg, South Africa

    Jan Hendrik van Niekerk & Elizabeth Marie Ehlers

Authors
  1. Jan Hendrik van Niekerk
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elizabeth Marie Ehlers
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jan Hendrik van Niekerk .

Editor information

Editors and Affiliations

  1. University of Pretoria, Pretoria, Gauteng, South Africa

    Hein Venter

  2. University of South Africa, Florida, Gauteng, South Africa

    Marianne Loock

  3. University of Johannesburg, Auckland Park, Gauteng, South Africa

    Marijke Coetzee

  4. University of South Africa, Pretoria, Gauteng, South Africa

    Mariki Eloff

  5. University of Pretoria, Pretoria, Gauteng, South Africa

    Jan Eloff

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

van Niekerk, J.H., Ehlers, E.M. (2019). SA-EF Cube: An Evaluation Framework for Assessing Intelligent Context-Aware Critical Information Infrastructure Protection Solutions. In: Venter, H., Loock, M., Coetzee, M., Eloff, M., Eloff, J. (eds) Information Security. ISSA 2018. Communications in Computer and Information Science, vol 973. Springer, Cham. https://doi.org/10.1007/978-3-030-11407-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-11407-7_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-11406-0

  • Online ISBN: 978-3-030-11407-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation