Cyber Security Practitioner's Guide

Contents
About the Editor
Contributors’ Biographies
Introduction: It’s Time to Make the Case for Ethics
	Facets of Performance
	The Need for a New Dimension
		Ethics and morals
			The principal ethical philosophies
	The Emerging Reality
		Ethics now
		The need for pragmatism
	What Next?
Chapter 1 Attack Vectors and the Challenge of Preventing Data Theft
	1.1. Cyber Attack Vectors
		1.1.1. A brief look at the attack vectors in high profile leaks
		1.1.2. Overview of the high-profile leaks
		1.1.3. High profile leaks and insider threat
		1.1.4. What exfiltration methods are possible on a corporate network?
	1.2. Scope of Discussion on Data Exfiltration Methods
		1.2.1. Web server attack — SQL injection
		1.2.2. Cross Site Scripting
		1.2.3. PowerShell exploits
		1.2.4. Command and Control
		1.2.5. Phishing emails
		1.2.6. Documents with embedded code and other attachments
		1.2.7. Business Email Compromise
		1.2.8. Emerging threats: Knock-Knock and Office 365
	1.3. Exfiltration Methods
		1.3.1. Exfiltration using DNS aka DNS tunnelling
		1.3.2. DNS tunnelling tools
		1.3.3. DNS tunnelling detection
		1.3.4. Malware using DNS tunnelling
	1.4. The Threat Posed by Web Storage and Web Exfiltration
		1.4.1. ICMP tunnelling
		1.4.2. NTP tunnelling
		1.4.3. The threat posed by email
		1.4.4. Steganography
		1.4.5. Dealing with a cyber attack
	1.5. Remediation of Security Breaches
		1.5.1. Detecting attacks using honeypots
		1.5.2. Detecting attacks by network monitoring
	1.6. Detection of Security Breaches — Overview
		1.6.1. Black hat, white hat and grey hat hacking
		1.6.2. Open-sourcing of security tools
	1.7. Methods and Models for Security and Privacy
		1.7.1. Methods for security reengineering
		1.7.2. Privacy-enhancing technologies and trustworthy information systems
	1.8. What Kinds of Products Are There to Prevent Data Theft?
	1.9. Detect and Block Using a Firewall
		1.9.1. Detect and block using an agent or app at the endpoint
		1.9.2. Detect and block using a proxy
		1.9.3. Detect and block using a next-generation firewall
		1.9.4. Detect and alert using network traffic analysis
		1.9.5. Detecting sensitive data
	1.10. Recommendations to Protect Against Data Theft
	1.11. The Future — STIX, TAXII and Cyber Threat Intelligence
	1.12. Conclusion on How to Guard Against Attacks and Prevent Data Theft
	Glossary
	References
Chapter 2 Management of a Cyber Attack
	2.1. Introduction
		2.1.1. What is a cyber attack?
		2.1.2. Some cyber attack statistics
	2.2. Security Incident Response from an Organisation’s Viewpoint
		2.2.1. Creating effective security policies
			2.2.1.1. Format and layout of a policy
			2.2.1.2. Preparing a security policy
			2.2.1.3. Exceptions to policy
		2.2.2. Cyber incident response plan
			2.2.2.1. Security procedures
			2.2.2.2. Identification
			2.2.2.3. Initial containment
			2.2.2.4. Notification
			2.2.2.5. Analysis
			2.2.2.6. Containment
			2.2.2.7. Eradication
			2.2.2.8. Recovery
			2.2.2.9. Post-incident actions
	2.3. Business Risk and Cyber Insurance — Its Place in Your Cyber Response Toolkit
		2.3.1. What is risk management?
		2.3.2 Cyber insurance
	2.4. Conclusion
	References
Chapter 3 Practical Cyber Security for Digital Trains
	3.1. Introduction
	3.2. In Search of Solutions
	3.3. Critical Infrastructure
	3.4. Conclusion
	Glossary
	References
Chapter 4 An Approach to Identify Risk-Based Human Behaviour Profiling Within an Office Environment
	4.1. Background
		4.1.1. The target organisation
	4.2. Security Architecture
		4.2.1. Proximity technology
		4.2.2. Data source
		4.2.3. Design approach
		4.2.4. Insider threat
	4.3. Behaviour Traits
	4.4. Threat Detection Methodology
		4.4.1. Roles and relationships
		4.4.2. Zoning
		4.4.3. Infrastructure features
		4.4.4. Business areas
		4.4.5. Locating beacons and aligning with risk areas
		4.4.6. Mapping roles
		4.4.7. Human interaction patterns
		4.4.8. Hotspots
	4.5. Anomaly Detection
		4.5.1. Data noise
		4.5.2. Detecting anomalies
		4.5.3. Classification
		4.5.4. Point-based anomalies
		4.5.5. Contextual-based anomalies
		4.5.6. Collective anomalies
	4.6. Threat Model and Algorithm
		4.6.1. Extracting the data
		4.6.2. Threat detection application
		4.6.3. Baseline behaviour
		4.6.4. Analysing data
		4.6.5. Entry points
		4.6.6. Time of day
		4.6.7. Time spent in a zone
		4.6.8. Zone metrics
		4.6.9. Pattern triggers
	4.7. The Algorithm
		4.7.1. Verification process
		4.7.2. False positives
		4.7.3. Experiment validation
	4.8. Regulations and Legal Considerations
		4.8.1. GDPR
		4.8.2. Privacy laws
	4.9. Conclusions and Recommendations
	References
Chapter 5 Ransomware
	5.1. Introduction
	5.2. Ransomware and How It Impacts Different Platforms
	5.3. Methodology of Ransomware
	5.4. Latest and Most Prominent Ransomwares
	5.5. Platforms Affected by Ransomware Attacks
	5.6. Preventing Ransomware Attacks
	5.7. Conclusion
	References
Chapter 6 Protecting and Securing Data Through Blockchain Across Industries
	6.1. Introduction
	6.2. What Is Blockchain?
		6.2.1. Blockchain overview: How does it work?
		6.2.2. Public and private blockchains
		6.2.3. Blockchain data storage
		6.2.4. Benefits of blockchain
		6.2.5. Potential security issues and limitations on blockchain
	6.3. Threats to Mission Critical Data: Vulnerabilities and Cyber Attacks
		6.3.1. Ransomware
		6.3.2. Social engineering: Phishing and spear-phishing
	6.4. Cyber Breaches and Client Data Theft Concerns
		6.4.1. Cyber breach analysis
		6.4.2. Deep web impacts to the client
	6.5. Is Blockchain the Answer Industry is Looking for Regarding Securing Data?
	6.6. Conclusions
	References
Chapter 7 Bring Your Own Device: GDPR Compliant or Headache? The Human Aspect in Security and Privacy
	7.1. Introduction
	7.2. BYOD Architecture, Security Status and Challenges
		7.2.1. Current security models
			7.2.1.1. Mobile Device Management (MDM)
			7.2.1.2. Mobile Application Management (MAM)
			7.2.1.3. Mobile Information Management (MIM)
		7.2.2. Security concerns
		7.2.3. BYOD security challenges
	7.3. Impact of GDPR on BYOD Architectures
		7.3.1. Threats to personal data security
	7.4. Guidelines to Enhance Security Posture on Mobile Devices
		7.4.1. Strong passwords
		7.4.2. Anti-virus software
		7.4.3. Authentication mechanisms
		7.4.4. Remote control
		7.4.5. Importance of not rooting/jailbreaking the device
		7.4.6. Virtual private networks
		7.4.7. Download applications from trusted sources
		7.4.8. Update systems to latest patches
	7.5. Integration of a Multi-Layer Policy and the Information Governance Framework for a BYOD Security Framework
	7.6. Conclusion
	References
Chapter 8 GDPR Compliance: Incident Response and Breach Notification Challenges
	8.1. Introduction
		8.1.1. Background
		8.1.2. Aims
	8.2. Literature Review
		8.2.1. Changes in the legal and regulatory landscape
		8.2.2. Exploration of a data breach and its wider impact
		8.2.3. Privacy risks in IoT and third-party apps
		8.2.4. Establishing privacy by design and default
		8.2.5. Encryption and pseudonymisation
		8.2.6. Comparison of incident response frameworks
		8.2.7. Security culture and leadership within incident response programs
		8.2.8. Summary of literature
	8.3. Development of Decision Support System
		8.3.1. Pre-GDPR incident response frameworks
		8.3.2. Compliant GDPR framework design
		8.3.3. Justification for component selection
	8.4. Focus Group
		8.4.1. Recruitment of participants
		8.4.2. Ethical consideration
	8.5. Results and Analysis
		8.5.1. Results
		8.5.2. Usability of DSS for addressing privacy by design and default
		8.5.3. Feedback and recommendations for improving design
		8.5.4. Feasibility of DSS for implementation
		8.5.5. Summary of results and analysis
	8.6. Evaluation of Research Process and Methods
		8.6.1. Research limitations
	8.7. Conclusion and Recommendation
		8.7.1. Recommendations for future work
	References
Chapter 9 Evaluation of the Standardised Digital Forensic Investigation Process Model (SDFIPM)
	9.1. Introduction
		9.1.1. Research problem
		9.1.2. Structure of the paper
	9.2. Background to the Previous DFIPMs
	9.3. Research Methodology
	9.4. Overview of the SDFIPM
		9.4.1. Examination process
		9.4.2. Analysis process
		9.4.3. Interpretation process
		9.4.4. Event reconstruction process
		9.4.5. Reporting process
		9.4.6. Presentation process
		9.4.7. Investigation closure process
	9.5. Demonstration of the SDFIPM
		9.5.1. Case study
	9.6. Evaluation of the SDFIPM
		9.6.1. Methods of validation
		9.6.2. Expert selection process
		9.6.3. Feedback formats and analysis
		9.6.4. General feedback
		9.6.5. Detailed feedback and responses
		9.6.6. Analysis of the results
		9.6.7. Alterations made to the SDFIPM
	9.7. Conclusion
		9.7.1. Research problem addressed
		9.7.2. Research contribution
		9.7.3. Future work
	References
	Appendix A
	Appendix B
	Appendix C
Chapter 10 Blockchain of Custody, BoC
	10.1. Introduction
	10.2. Background
	10.3. Blockchain of Custody, BoC
		10.3.1. Scope
		10.3.2. Transactions
		10.3.3. No Wi-Fi, no reception
		10.3.4. Incentives
		10.3.5. Permissioned blockchain
		10.3.6. Tokens
		10.3.7. Hyperledger
	10.4. Design
		10.4.1. User modelling
		10.4.2. Data modelling
		10.4.3. Access control
		10.4.4. Operational Logic
		10.4.5. Summary
	10.5. Results
		10.5.1. Creating a new investigation
		10.5.2. Adding a new member to the First Response Team (FRT)
		10.5.3. Seizure
		10.5.4. Exchange of artefact
	10.6. Conclusions
		10.6.1. Recommendations
		10.6.2. Future work
		10.6.3. Summary
	References
Chapter 11 New Issues in Cyber Security Forensics
	11.1. Introduction
		11.1.1. Computer networks
	11.2. Cyber Security on Mobile Devices
		11.2.1. Security and information protection
		11.2.2. Voice over wireless networks
	11.3. Wi-Fi Vulnerabilities
		11.3.1. Threats and attacks
		11.3.2. Wireless sensor networks
	11.4. Security and Privacy Adaptation
		11.4.1. Network security challenges
	11.5. Security in Mobile Operating Environments
		11.5.1. Mobile security vulnerabilities
		11.5.2. Power in wireless devices
		11.5.3. Limitations caused by energy consumption in encryption
		11.5.4. Current state of security
		11.5.5. Secure access to applications
		11.5.6. Social media sites
	11.6. Cross Border Security
	References
Chapter 12 Ethical Considerations and a Proposed Support Process When Employing People With Autistic Spectrum Disorder in Cyber Security Roles
	12.1. Literature Review
		12.1.1. Autistic Spectrum Disorder
			12.1.1.1. Basic brain anatomy
			12.1.1.2. Support processes
		12.1.2. TEACCH (Treatment and Education of Autistic and related Communication-handicapped Children)
		12.1.3. Project SEARCH
		12.1.4. Transition
		12.1.5. Assistive technology
		12.1.6. Cyber security
		12.1.7. Laws and ethics
			12.1.7.1. Relevant UK laws
			12.1.7.2. Ethics
	12.2. Methodology
		12.2.1. Qualitive review
		12.2.2. Questionnaires
		12.2.3. Case studies
		12.2.4. Autistic savantism
	12.3. Analysis and Critical Discussion
		12.3.1. Matching traits with opportunities
			12.3.1.1. Traits and strengths
			12.3.1.2. Opportunities
		12.3.2. Potential issues
			12.3.2.1. Social communication
			12.3.2.2. Social interaction
			12.3.2.3. Honesty
			12.3.2.4. Routines and repetitive behaviour
			12.3.2.5. Focussed interests
			12.3.2.6. Sensory perception
		12.3.3. Questionnaire response analysis
			12.3.3.1. National Autistic Society questionnaire
			12.3.3.2. Employer questionnaire
		12.3.4. Autistic brain structural anomalies
	12.4. Conclusions
	References
Chapter 13 An Ethical Approach to Understanding Cyber Security
	13.1. Introduction
	13.2. A Working Definition of Ethics
	13.3. Computers and Ethics in Cyber Security
		13.3.1. Information governance and policy vacuum
		13.3.2. Cyber security in unknown waters
	13.4. The Ethical Significance of Cyber Security
	13.5. The Undermining of Ethical Issues in Cyber Security
		13.5.1. Hacking and computer wrongdoing
	13.6. Cyber and Information Conflict
	13.7. Ethical View of the GDPR’s Cyber Security
		13.7.1. Record keeping
		13.7.2. The “security of processing”
		13.7.3. Data ruptures
		13.7.4. Data protection impact assessment
		13.7.5. Staff mindfulness program
	13.8. Ethical Issues and Data Privacy
		13.8.1. Privacy and its significance
		13.8.2. Threats to privacy
	13.9. Ethics and Research in Cybersecurity
	13.10. Concluding Remark
	Suggested Reading
	References
Chapter 14 An Analysis of Data Mining Metrics to Identify and Evaluate Potential Radicalisation Utilising Social Media
	14.1. Introduction
	14.2. Literature Review
		14.2.1. Psychological traits and linguistic theory
		14.2.2. Social media and current events
		14.2.3. Wider relative research
	14.3. Research Methodology
		14.3.1. Datasets
	14.4. Keyword Analysis
		14.4.1. Word count
		14.4.2. Keyword-in-context
		14.4.3. Data analysis
	14.5. Keyword Metric Results of the Data Analysis
		14.5.1. Analytical comparison of the keyword metrics
		14.5.2. Legislative and jurisdiction factors interconnected with the definitions of radicalisation and extremism
		14.5.3. Analysis of the social media platform and policies, and their effect on current and future data capturing
		14.5.4. Review of the collated analytic data, psychological, social and legislative research
	14.6. Conclusions
	References
Chapter 15 The European Union’s General Data Protection Regulation (GDPR)
	15.1. Introduction
	15.2. Legislative Background
	15.3. Personal Data Under GDPR
	15.4. Data Processing
	15.5. General Principles
	15.6. The Data Protection Officer
	15.7. Data Protection Impact Assessment
	15.8. The Fines and the Press
	15.9. Information Technology and the GDPR
	15.10. Conclusions
	References
Index