Toward web-based information security knowledge sharing
Introduction
Nowadays1 many organizations and companies rely heavily on information systems and have to ensure that they work properly at any given time. Additionally Information and Communication Technologies (ICTs) have become an important part of everyday life. In some areas, ICT systems and services are an essential part of economy and society, for example as part of critical information infrastructures where “their disruption or destruction would have a serious impact on vital societal functions (European Network and Information Security Agency, 2009)”
In a study (McAfee Inc, 2009) conducted in 2008 it was found that information security breaches caused companies worldwide to lose more than $1 trillion (708 billion) within one year. Often, security breaches were performed by insiders, especially by former employees. Cyber criminals are also increasing their efforts to steal sensitive data and information.
The study found that criminals will increase their efforts to create sophisticated schemes which take advantage of employees, new technologies and software vulnerabilities. Criminals will also assemble detailed profiles of executives and other high-level targets in order to utilize more effective spear phishing attacks.
When security breaches can have such dire consequences, both in financial and societal terms, securing the systems is of utmost importance. This applies both for the containment of everyday risks such as failures of individual components and also for preventing malicious attacks from outside against the systems.
To be able to approach such challenges in a professional manner, experts have to collect knowledge on information security, about potential risks and to create own solutions to reduce them. Information security is usually defined as the protection and preservation of confidentiality, integrity and availability of information, though other properties such as authenticity, reliability etc. are also of concern (Glaser and Pallas, 2007).
Many of these situations occur on a regular basis. For this reason it would be of advantage to allow knowledge sharing between experts, so that the same solutions aren't created over and over again by different individuals. Such a sharing of knowledge could save valuable resources which could be used in more productive ways. Moreover, sharing could lead to solutions of higher quality, due to the fact that existing solutions are enhanced instead of similar solutions being developed all the time. Till now organizations are partly comparing solutions with other organizations, but there is no unifying system with a widespread basis which could support knowledge sharing in a formal and structured way. This paper will present a web portal based on Web-Protégé, aiming to offer a tool for structured sharing of information security knowledge.
The research question this paper tries to answer is how web portal can be used to foster sharing of information security knowledge among organizations. The working hypothesis is that a tool can provide a central platform for participating organizations over which a sharing of knowledge can take place. This allows having more efficient and more structured cooperation than would be possible through classic channels like phone calls or e-mails. In the following sections we will discuss the functionality and the evaluation of a web portal based on Web-Protégé that aims to offer such a centralized platform.
Section snippets
Related research
The European Network and Information Security Agency (ENISA) has undertaken efforts to build the European Information Sharing and Alerting System (EISAS) (European Network and Information Security Agency, 2009), a pan-European network for information sharing. It was followed by different projects, for example the Framework for Information Sharing and Alerting (FISHA) (Kijewski, 2011). The main goal of these European projects is to raise the information level and the awareness of IT security
Collaborative web portal solution
The presented web portal is aiming to create a unified and machine-readable platform for information security knowledge sharing, enabling collaboration between users, helping them to understand and extend the underlying security ontology together. The knowledge captured in the ontology is dynamic in nature and should model current threats and vulnerabilities as well as up-to-date control mechanisms.
This approach is not restricted to a certain organization but tries to elevate the collaboration
Methodology
For the purpose of evaluating the implemented functionality of the security ontology web portal, an evaluation process consisting of multiple phases was conducted. The goal of this process was on the one hand to review the usability of the web portal functions and on the other hand to assess if the tool can support information security knowledge sharing among information security experts.
For the evaluation we selected three experts with at least five years of information security expertise who
Conclusion
It was found that there are a number of incentives and barriers that encourage or hinder organizations to participate in information sharing. The most important incentives were of economic nature. Organizations want to benefit economically from sharing their knowledge with possible competitors. As was shown in a study by ENISA in 2010 (European Network and Information Security Agency, 2010) economic incentives are coming from cost savings, which can result from enhanced reaction times to
Outlook
The web portal presented in this paper has the potential to support information security experts in their everyday work. The evaluation has shown that the interface is easy to handle, though some refinements have still to be implemented. Still there are conceptual challenges that have to be addressed in future work. During the evaluation it was also shown, that certain aspects of the ontology are difficult to model and offer too much ambiguity. For example the comprehensibility of the
Acknowledgments
The research was funded by COMET K1, FFG – Austrian Research Promotion Agency.
References (13)
- et al.(2002)
Good practice guide network security information exchanges
(June 2009)Incentives and challenges for information sharing in the context of network and information security
(September 2010)- et al.
Challenges of web-based information security knowledge sharing
- et al.
Formalizing information security knowledge
(2009) - et al.
A community knowledge base for IT security
IT Professional
(2011)
Cited by (30)
Knowledge absorption for cyber-security: The role of human beliefs
2020, Computers in Human BehaviorCitation Excerpt :Knowledge absorption is an organizational capability to transfer, integrate, and utilize new knowledge obtained from external sources (Cohen & Levinthal, 1989; Grant, 1996a, 1996b; Park, 2011; Tsai, 2001). Prior research suggests that if the organization succeeds at this knowledge absorption, the investment cost for any given level of information security is reduced (Gal-Or & Ghose, 2005), as are inefficient duplications of effort (Feledi, Fenz, & Lechner, 2013). Furthermore, the effectiveness of security solutions improves (Parsons et al., 2014; Safa & Von Solms, 2016).
Cyber threat intelligence sharing: Survey and research directions
2019, Computers and SecurityCitation Excerpt :There are many ways to build up a reputation to earn credibility amongst other stakeholders. To increase the credibility, stakeholders have to continuously share CTI, correlate various sources, and respond to questions by the community pertaining to the shared intelligence (Feledi et al., 2013). On the contrary, once a bad reputation has been entrenched it is challenging to reverse the effect.
Human errors in the information security realm – and how to fix them
2016, Computer Fraud and SecurityAn information security knowledge sharing model in organizations
2016, Computers in Human BehaviorHuman aspects of information security in organisations
2016, Computer Fraud and SecurityCitation Excerpt :Information security experts face similar problems in this domain and they could also gain a lot by sharing knowledge. Preventing the development of multiple solutions to similar problems by way of sharing knowledge leads to the avoidance of wasting time and extra costs.5 This time and funding could be better spent by improving the quality of solutions, instead of reinventing the security wheel.
Information security policy compliance model in organizations
2016, Computers and SecurityCitation Excerpt :This collaboration is imperative in terms of documentation, and providing a timeline for activities and a set of evidence for incident handling. Collaboration can be in the shape of submitting, improving, commenting on and peer-reviewing the submitted knowledge (Feledi et al., 2013). Identifying features, in order to assess information security threats, is one of the benefits of collaboration (Mace et al., 2010).