Abstract
Advances in technologies such as cloud computing and Bring Your Own Technology (BYOT) environments have dramatically changed the way in which organisations do business. Critical Information Infrastructure (CII) is at the core of this revolution, yet it has become an almost impossible task to protect CII against all possible threats effectively. Multi Agent Systems (MASs) and have addressed Critical Information Infrastructure Protection (CIIP) from unique ways, yet these approaches often lack a sufficient contextualisation of the environment and its dynamism. Without a sufficient contextualisation of an environment and the dynamism that is associated with it, an automated CIIP mechanism will never be truly effective. To address this contextualisation problem that autonomous CIIP-mechanism face, the SA-EF Cube model is proposed. The model can be used as a “checklist” to assess if an autonomous CIIP solution covers the fundamental requirements to contextualise the problem domain of CIIP. The SA-EF Cube model is by no means exhaustive in nature, serves as solid foundation for an implementation checklist before any CIIP mechanism is contextualised and developed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A HIS process whereby elements are classified as harmful or not. This process enables non-self-elements to live within the environment as long as they are non-malicious in nature.
- 2.
A HIS process whereby discrimination occurs between elements which form part of the self and those which do not.
References
Bruque, S., Moyano, J., Maqueira, J.M.: Use of cloud computing, web 2, 0 and operational performance: the role of supply chain integration. In: Academy of Management Proceedings, vol. 2014, no. 1, p. 10524. Academy of Management (2014)
von Solms, S.H., von Solms, R.: Information Security Governance. Springer, New York (2008). https://doi.org/10.1007/978-0-387-79984-1
Hadji-Janev, M.: Threats to the critical information infrastructure protection (CIIP) posed by modern terrorism. In: Critical Information Infrastructure Protection and Resilience in the ICT Sector, vol. 93 (2013)
Almklov, P.G., Antonsen, S.: Making work invisible: new public management and operational work in critical infrastructure sectors. Public Adm. 92(2), 477–492 (2014)
Ellefsen, I., von Solms, S.: Implementing critical information infrastructure protection structures in developing countries. In: Butts, J., Shenoi, S. (eds.) ICCIP 2012. IAICT, vol. 390, pp. 17–29. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35764-0_2
Theron, P.: Critical Information Infrastructure Protection and Resilience in the ICT Sector. IGI Global, Hershey (2013)
van Niekerk, J.H., Ehlers, E.M.: An immune-inspired multi-agent system for improved critical information infrastructure protection. Suid-Afrikaanse Tydskrif vir Natuurwetenskap en Tegnologie 34(1) (2015)
Wilson, C.: Cyber threats to critical information infrastructure. In: Chen, T.M., Jarvis, L., Macdonald, S. (eds.) Cyberterrorism, pp. 123–136. Springer, New York (2014). https://doi.org/10.1007/978-1-4939-0962-9_7
Slideteam.net: Computer Networking, [image] (2015). http://www.slideteam.net/media/catalog/product/cache/1/image/9df78eab33525d08d6e5fb8d27136e95/0/9/0914_complex_networking_diagram_main_office_and_branch_office_wan_lan_and_cloud_ppt_slide_Slide01.jpg. Accessed 8 Mar 2016
Kuykendall, M., Wash, R.: Poor decision making can lead to cybersecurity breaches, Michigan State University (2015). http://msutoday.msu.edu/news/2015/poor-decision-making-can-lead-to-cybersecurity-breaches/. Accessed 8 Mar 2016
Gaines, J., Martin, E.: Bring Your Own Device: Implementation, Recommendations and Best Practices (2014)
Mishra, A., Jani, K.: Comparative study on bring your own technology [BYOT]: applications & security. In: 2015 International Conference on Electrical, Electronics, Signals, Communication and Optimization (EESCO), pp. 1–6. IEEE (2015)
Gharajedaghi, J.: Systems Thinking: Managing Chaos and Complexity: A Platform for Designing Business Architecture. Elsevier, San Diego (2011)
Skotnes, R.O.: Management commitment and awareness creation-ICT safety and security in electric power supply network companies. Inf. Comput. Secur. 23, 302–316 (2015)
Naccache, D., Sauveron, D. (eds.): WISTP 2014. LNCS, vol. 8501. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43826-8
ISACA: An Introduction to the Business Model for Information Security (2009). http://www.isaca.org/knowledge-center/bmis/documents/introtobmis.pdf. Accessed 9 Mar 2016
Kagan, A., Cant, A.: Information security: a socio-technical solution for homeland security threats within small to medium sized enterprises (SMEs). Homeland Secur. Rev. 8, 147 (2014)
Sumra, I.A., Hasbullah, H.B., AbManan, J.-L.B.: Attacks on security goals (confidentiality, integrity, availability) in VANET: a survey. In: Laouiti, A., Qayyum, A., Mohamad Saad, M.N. (eds.) Vehicular Ad-hoc Networks for Smart Cities. AISC, vol. 306, pp. 51–61. Springer, Singapore (2015). https://doi.org/10.1007/978-981-287-158-9_5
Ellefsen, I.: The development of a cyber security policy in developing regions and the impact on stakeholders. In: IST-Africa Conference Proceedings 2014, p. 1–10. IEEE (2014)
Luiijf, E., Klaver, M., Nieuwenhuijs, A.: RECIPE–Good Practices for CIP Policy-Makers. The CIP report, vol. 9, pp. 13–14 (2011)
Robinson, N.: Information sharing for CIP: between policy, theory, and practice. In: Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection: Approaches for Threat Protection, vol. 324 (2012)
Ardagna, C.A., Asal, R., Damiani, E., Vu, Q.H.: From security to assurance in the cloud: a survey. ACM Comput. Surv. (CSUR) 48(1), 2 (2015)
Bygstad, B.: Generative mechanisms for innovation in information infrastructures. Inf. Organ. 20(3), 156–168 (2010)
Sophos: Security Threat Trends 2015 (2015). https://www.sophos.com/en-us/threat-center/medialibrary/PDFs/other/sophos-trends-and-predictions-2015.pdf. Accessed 6 Apr 2015
Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 833–844. ACM (2012)
Ferber, J.: Multi-agent Systems: An Introduction to Distributed Artificial Intelligence, vol. 1. Addison-Wesley, Reading (1999)
Jennings, N.R.: On agent-based software engineering. Artif. Intell. 117(2), 277–296 (2000)
Wooldridge, M.: An Introduction to Multi Agent Systems. Wiley, West Sussex (2008)
Wooldridge, M., Jennigs, N.R.: Intelligent agents: theory and practice. Knowl. Eng. Rev. 10(2), 115–152 (2009)
Daradoumis, T., Bassi, R., Xhafa, F., Caballé, S.: A review on massive e-learning (MOOC) design, delivery and assessment. In: 2013 Eighth International Conference on Parallel, Grid, Cloud and Internet Computing (3PGCIC), pp. 208–213. IEEE (2013)
Ouyang, M.: Review on modeling and simulation of interdependent critical infrastructure systems. Reliab. Eng. Syst. Saf. 121, 43–60 (2014)
Shamshirband, S., Anuar, N.B., Kiah, M.L.M., Patel, A.: An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique. Eng. Appl. Artif. Intell. 26(9), 2105–2127 (2013)
Tapia, D.I., Fraile, J.A., Rodríguez, S., Alonso, R.S., Corchado, J.M.: Integrating hardware agents into an enhanced multi-agent architecture for Ambient Intelligence systems. Inf. Sci. 222, 47–65 (2013)
Heydenrych, M.: An adaptive multi-agent architecture for critical information infrastructure protection. Doctoral dissertation (2014). https://ujdigispace.uj.ac.za/bitstream/handle/10210/12370/Heydenrych,%20Mark.%20M.%20Sc.%202014.pdf?sequence=1. Accessed 10 Mar 2015
Byrski, A., Dreżewski, R., Siwik, L., Kisiel-Dorohinicki, M.: Evolutionary multi-agent systems. Knowl. Eng. Rev. 30(2), 171–186 (2015)
Aickelin, U., Dasgupta, D., Gu, F.: Artificial immune systems. Search Methodologies, pp. 187–211. Springer, Boston (2014). https://doi.org/10.1007/978-1-4614-6940-7_7
Dasgupta, D., Nino, F.: Immunological Computation: Theory and Applications. Auerbach Publications, Boston (2008)
Ghosh, D., Sharman, R., Rao, H.R., Upadhyaya, S.: Self-healing systems - survey and synthesis. Decis. Support Syst. 42(4), 2164–2185 (2007)
Phogat, S., Gupta, N.: Basics of artificial immune system and its applications. Int. J. Sci. Res. Educ. 3(5) (2015)
Huang, S.J., Liu, X.Z.: Application of artificial bee colony-based optimization for fault section estimation in power systems. Int. J. Electr. Power Energy Syst. 44(1), 210–218 (2013)
Shamshirband, S., et al.: Co-FAIS: cooperative fuzzy artificial immune system for detecting intrusion in wireless sensor networks. J. Netw. Comput. Appl. 42, 102–117 (2014)
Van, T.N., Xuan, H.N., Chi, M.L.: A novel combination of negative and positive selection in artificial immune systems. VNU J. Sci. Comput. Sci. Commun. Eng. 31(1), 22–31 (2015)
Acampora, G., Cook, D.J., Rashidi, P., Vasilakos, A.V.: A survey on ambient intelligence in healthcare. Proc. IEEE 101(12), 2470–2494 (2013)
Mohamed, A., Novais, P., Pereira, A., Villarrubia González, G., Fernández-Caballero, A. (eds.): Ambient Intelligence - Software and Applications. AISC, vol. 376. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19695-4
Lewis, P.R., et al.: A survey of self-awareness and its application in computing systems. In: 2011 Fifth IEEE Conference on Self-Adaptive and Self-Organizing Systems Workshops (SASOW), pp. 102–107. IEEE (2011)
Bohn, J., Coroamă, V., Langheinrich, M., Mattern, F., Rohs, M.: Social, economic, and ethical implications of ambient intelligence and ubiquitous computing. In: Weber, W., Rabaey, J.M., Aarts, E. (eds.) Ambient Intelligence, pp. 5–29. Springer, Heidelberg (2005). https://doi.org/10.1007/3-540-27139-2_2
Duval, S., Wicklund, R.A.: Effects of objective self-awareness on attribution of causality. J. Exp. Soc. Psychol. 9(1), 17–31 (1973)
Vago, D.R., David, S.A.: Self-awareness, self-regulation, and self-transcendence (S-ART): a framework for understanding the neurobiological mechanisms of mindfulness. Frontiers Hum. Neurosci. 6, 296 (2012)
de Lemos, R., et al.: Software engineering for self-adaptive systems: a second research roadmap. In: de Lemos, R., Giese, H., Müller, H.A., Shaw, M. (eds.) Software Engineering for Self-Adaptive Systems II. LNCS, vol. 7475, pp. 1–32. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35813-5_1
Yuan, E., Esfahani, N., Malek, S.: A systematic survey of self-protecting software systems. ACM Trans. Auton. Adapt. Syst. (TAAS) 8(4), 17 (2014)
Cox, M.T.: Perpetual self-aware cognitive agents. AI Mag. 28(1), 32 (2007)
Aarts, E., et al.: Ambient Intelligence: European Conference, vol. 8850. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-14112-1
Laugé, A., Hernantes, J., Sarriegi, J.M.: Critical infrastructure dependencies: a holistic, dynamic and quantitative approach. Int. J. Crit. Infrastruct. Prot. 8, 16–23 (2015)
Sansurooh, K., Williams, P.A.: BYOD in ehealth: herding cats and stable doors, or a catastrophe waiting to happen? Australian eHealth Informatics and Security Conference, Edith Cowan University (2014)
Bessani, A.N., Sousa, P., Correia, M., Neves, N.F., Verissimo, P.: The CRUTIAL way of critical infrastructure protection. Secur. Priv. 6(6), 44–51 (2008)
Lopez, J., Setola, R., Wolthusen, S.D.: Overview of critical information infrastructure protection. In: Lopez, J., Setola, R., Wolthusen, S.D. (eds.) Critical Infrastructure Protection 2011. LNCS, vol. 7130, pp. 1–14. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28920-0_1
Pastrana, S., Montero-Castillo, J., Orfila, A.: Evading IDSs and firewalls as fundamental sources of information in SIEMs. In: Advances in Security Information Management: Perceptions and Outcomes. Nova Science Publishers, Inc. (2013). http://www.seg.inf.uc3m.es/papers/2013nova-evasion.pdf. Accessed 12 Mar 2016
Sun, Y.L., Han, Z., Yu, W., Liu, K.R.: A trust evaluation framework in distributed networks: vulnerability analysis and defense against attacks. INFOCOM 6, 1–13 (2006)
Kahan, B.: Review of evaluation frameworks, prepared for saskatchewan ministry of education (2008). http://www.idmbestpractices.ca/pdf/evaluation-frameworks-review.pdf. Accessed 13 Mar 2016
Kahan, B., Goodstadt, M.: The IDM manual - sections on: basics, suggested guidelines, evidence framework, research and evaluation, using the IDM framework, Centre for Health Promotion, University of Toronto (2005). http://idmbestpractices.ca/idm.php?content=resources-idm#manual. Accessed 13 Mar 2016
Patton, M.Q.: Developmental Evaluation: Applying Complexity Concepts to Enhance Innovation and Use. Guilford Press (2011)
Yusof, M.M., Kuljis, J., Papazafeiropoulou, A., Stergioulas, L.K.: An evaluation framework for health information systems: human, organization and technology-fit factors (HOT-fit). Int. J. Med. Inf. 77(6), 386–398 (2008)
Disterer, G.: ISO/IEC 27000, 27001 and 27002 for information security management (2013). http://file.scirp.org/Html/4-7800154_30059.htm. Accessed 13 Mar 2016
Verry, J.: The relationship between the ISO 27001 and ISO 27002 standards (2013). http://www.pivotpointsecurity.com/blog/iso-27001-iso-27002-standards/. Accessed 13 Mar 2016
ISACA: COBIT 4.1: Framework for IT Governance and Control (2016). http://www.isaca.org/knowledge-center/cobit/pages/overview.aspx. Accessed 13 Mar 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
van Niekerk, J.H., Ehlers, E.M. (2019). SA-EF Cube: An Evaluation Framework for Assessing Intelligent Context-Aware Critical Information Infrastructure Protection Solutions. In: Venter, H., Loock, M., Coetzee, M., Eloff, M., Eloff, J. (eds) Information Security. ISSA 2018. Communications in Computer and Information Science, vol 973. Springer, Cham. https://doi.org/10.1007/978-3-030-11407-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-11407-7_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-11406-0
Online ISBN: 978-3-030-11407-7
eBook Packages: Computer ScienceComputer Science (R0)