Kholekile L. Gwebu,Jing Wang,Li Wang

DOI: https://doi.org/10.1080/07421222.2018.1451962

IF: 7.582

2018-01-01

Journal of Management Information Systems

Abstract:Despite the significant financial losses associated with data breaches, little is known about the (in)effectiveness of the tools that firms have to protect their value following a breach. Drawing on cognitive dissonance theory and the research on cue diagnosticity and crisis management, this study examines the relative efficacy of firm reputation and a range of post-breach response strategies. The results indicate that firm reputation is an important asset in protecting firm value. However, only certain response strategies are found to mitigate the negative financial impact of a breach on lower-reputation firms, and response strategies are found to matter less for high-reputation firms. These findings offer practitioners evidence-based guidance for protecting firm value following data breaches and underscore the need for developing more nuanced strategies for managing breaches. The theoretical arguments developed here serve as a conceptual base for examining the efficacy of various data breach response strategies.

Alneyadi,Elankayer Sithirasenan,Vallipuram Muthukkumarasamy,Sultan Alneyadi

DOI: https://doi.org/10.1016/j.jnca.2016.01.008

IF: 7.574

2016-02-01

Journal of Network and Computer Applications

Abstract:Protection of confidential data from being leaked to the public is a growing concern among organisations and individuals. Traditionally, confidentiality of data has been preserved using security procedures such as information security policies along with conventional security mechanisms such as firewalls, virtual private networks and intrusion detection systems. Unfortunately, these mechanisms lack pro-activeness and dedication towards protecting confidential data, and in most cases, they require predefined rules by which protection actions are taken. This can result in serious consequences, as confidential data can appear in different forms in different leaking channels. Therefore, there has been an urge to mitigate these drawbacks using more efficient mechanisms. Recently, data leakage prevention systems (DLPSs) have been introduced as dedicated mechanisms to detect and prevent the leakage of confidential data in use, in transit and at rest. DLPSs use different techniques to analyse the content and the context of confidential data to detect or prevent the leakage. Although DLPSs are increasingly being designed and developed as standalone products by IT security vendors and researchers, the term still ambiguous. In this study, we have carried out a comprehensive survey on the current DLPS mechanisms. We explicitly define DLPS and categorise active research directions in this field. In addition, we suggest future directions towards developing more consistent DLPSs that can overcome some of the weaknesses of the current ones. This survey is an updated reference on DLPSs, that can benefit both academics and professionals.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Mir Hassan,Chen Jincai,Adnan Iftekhar,Adnan Shehzad,Xiaohui Cui

DOI: https://doi.org/10.48550/arXiv.2012.14111

2020-12-28

Cryptography and Security

Abstract:Data Loss/Leakage Prevention (DLP) continues to be the main issue for many large organizations. There are multiple numbers of emerging security attach scenarios and a limitless number of overcoming solutions. Today's enterprises' major concern is to protect confidential information because a leakage that compromises confidential data means that sensitive information is in competitors' hands. Different data types need to be protected. However, our research is focused only on data in motion (DIM) i-e data transferred through the network. The research and scenarios in this paper demonstrate a recent survey on information and data leakage incidents, which reveals its importance and also proposed a model solution that will offer the combination of previous methodologies with a new way of pattern matching by advanced content checker based on the use of machine learning to protect data within an organization and then take actions accordingly. This paper also proposed a DLP deployment design on the gateway level that shows how data is moving through intermediate channels before reaching the final destination using the squid proxy server and ICAP server.

Isabel Herrera Montano,José Javier García Aranda,Juan Ramos Diaz,Sergio Molina Cardín,Isabel de la Torre Díez,Joel J. P. C. Rodrigues

DOI: https://doi.org/10.1007/s10586-022-03668-2

2022-07-14

Cluster Computing

Abstract:Abstract Data leakage is a problem that companies and organizations face every day around the world. Mainly the data leak caused by the internal threat posed by authorized personnel to manipulate confidential information. The main objective of this work is to survey the literature to detect the existing techniques to protect against data leakage and to identify the methods used to address the insider threat. For this, a literature review of scientific databases was carried out in the period from 2011 to 2022, which resulted in 42 relevant papers. It was obtained that from 2017 to date, 60% of the studies found are concentrated and that 90% come from conferences and publications in journals. Significant advances were detected in protection systems against data leakage with the incorporation of new techniques and technologies, such as machine learning, blockchain, and digital rights management policies. In 40% of the relevant studies, significant interest was shown in avoiding internal threats. The most used techniques in the analyzed DLP tools were encryption and machine learning.

computer science, information systems, theory & methods

Sanjeev Pratap Singh,Naveed Afzal

2024-05-18

Abstract:The rising complexity of cyber threats calls for a comprehensive reassessment of current security frameworks in business environments. This research focuses on Stealth Data Exfiltration, a significant cyber threat characterized by covert infiltration, extended undetectability, and unauthorized dissemination of confidential data. Our findings reveal that conventional defense-in-depth strategies often fall short in combating these sophisticated threats, highlighting the immediate need for a shift in information risk management across businesses. The evolving nature of cyber threats, driven by advancements in techniques such as social engineering, multi-vector attacks, and Generative AI, underscores the need for robust, adaptable, and comprehensive security strategies. As we navigate this complex landscape, it is crucial to anticipate potential threats and continually update our defenses. We propose a shift from traditional perimeter-based, prevention-focused models, which depend on a static attack surface, to a more dynamic framework that prepares for inevitable breaches. This suggested model, known as MESA 2.0 Security Model, prioritizes swift detection, immediate response, and ongoing resilience, thereby enhancing an organizations ability to promptly identify and neutralize threats, significantly reducing the consequences of security breaches. This study suggests that businesses adopt a forward-thinking and adaptable approach to security management to stay ahead of the ever-changing cyber threat landscape.

Cryptography and Security

Sneha K. Thombre

DOI: https://doi.org/10.1109/ComPE49325.2020.9200160

2020-07-01

Abstract:Every organisation has some crucial data that holds the reason for its competitive advantage over others. This data includes intellectual property, trade secrets, salary details etc. Non-ethical disclosure of such data can have fatal impacts. Recent incidents of data leaks cannot be overlooked, therefore every organisation should preferably use Data Loss Prevention(DLP) system to avoid the risk of data leakage. The aim of this work is to develop a freeware DLP that will help small and medium scale organizations to protect their covert data. There are numerous channels of data exfiltration such as Bluetooth, E-mail, Universal Serial Bus(USB) etc. The USB channel being portable and fast to use, it is favoured for data transfer. This DLP system is developed to work on windows framework. It targets to block transfer of confidential files through a USB port, according to the policies set by an administrator. This solution uses emerging technologies and integrates kernel space modules and machine learning approach to deliver a novel solution. It intercepts file transfer actions through a USB port and checks the contents of the file. In case, contents of the file are found to be confidential, the copy action will be blocked. This solution is implemented in a way that makes it effective and simplistic to use. It will definitely help the organizations to protect their data. There is a plethora of research going on in this area to secure sensitive information from being leaked. Incorporating Machine learning to accurately detect leaks is a new challenge in this field.

Computer Science

Kishu Gupta,Ashwani Kush

2023-12-21

Abstract:Data is the key asset for organizations and data sharing is lifeline for organization growth; which may lead to data loss. Data leakage is the most critical issue being faced by organizations. In order to mitigate the data leakage issues data leakage prevention systems (DLPSs) are deployed at various levels by the organizations. DLPSs are capable to protect all kind of data i.e. DAR, DIM/DIT, DIU. Statistical analysis, regular expression, data fingerprinting are common approaches exercised in DLP system. Out of these techniques; statistical analysis approach is most appropriate for proposed DLP model of data security. This paper defines a statistical DLP model for document classification. Model uses various statistical approaches like TF-IDF (Term Frequency- Inverse Document Frequency) a renowned term count/weighing function, Vectorization, Gradient boosting document classification etc. to classify the documents before allowing any access to it. Machine learning is used to test and train the model. Proposed model also introduces an extremely efficient and more accurate approach; IGBCA (Improvised Gradient Boosting Classification Algorithm); for document classification, to prevent them from possible data leakage. Results depicts that proposed model can classify documents with high accuracy and on basis of which data can be prevented from being loss.

Machine Learning,Cryptography and Security,Information Retrieval

Scott Freitas,Andrew Wicker,Duen Horng Chau,Joshua Neil

DOI: https://doi.org/10.48550/arXiv.2001.11108

2020-01-30

Abstract:Given a large enterprise network of devices and their authentication history (e.g., device logons), how can we quantify network vulnerability to lateral attack and identify at-risk devices? We systematically address these problems through D2M, the first framework that models lateral attacks on enterprise networks using multiple attack strategies developed with researchers, engineers, and threat hunters in the Microsoft Defender Advanced Threat Protection group. These strategies integrate real-world adversarial actions (e.g., privilege escalation) to generate attack paths: a series of compromised machines. Leveraging these attack paths and a novel Monte-Carlo method, we formulate network vulnerability as a probabilistic function of the network topology, distribution of access credentials and initial penetration point. To identify machines at risk to lateral attack, we propose a suite of five fast graph mining techniques, including a novel technique called AnomalyShield inspired by node immunization research. Using three real-world authentication graphs from Microsoft and Los Alamos National Laboratory (up to 223,399 authentications), we report the first experimental results on network vulnerability to lateral attack, demonstrating D2M's unique potential to empower IT admins to develop robust user access credential policies.

Social and Information Networks

Bert Valkenburg,Ivano Bongiovanni

DOI: https://doi.org/10.2139/ssrn.4671348

IF: 5.105

2024-01-17

Computers & Security

Abstract:Enterprise risk management frameworks have gained popularity after the Global Financial Crisis for companies to be more in control of their risks. Since then, the Three Lines of Defence model (based on defence-in-depth approaches) has become one of the primary risk management frameworks in the Western world. Yet, its application in the cybersecurity space, one of the fastest-growing areas of risk for modern organisations, has been fragmented at best. In this article, we conducted a systematic literature review on the application of the Three Lines of Defence model in cybersecurity. The model has been recently renamed the Three Lines Model. After the seminal publication by the Institute of Internal Auditors in 2013, academics and practitioners have either referenced this model as the primary governance framework for risk management or analysed it in depth in various areas. To the best of our knowledge, this is the first systematic literature review on the topic. We have performed a methodical analysis of existing research using best practices in the field and adopted the grounded theory approach as the theoretical underpinning of our investigation. This way, we unraveled details, critiques and possible alternatives to the Three Lines Model in cybersecurity. Our study expands our understanding of the Three Lines Model and its application in cybersecurity, highlighting the status quo of research in the space and offering practical recommendations for organisations interested in exploring its implementation to mitigate the impact of cyber-risks.

computer science, information systems

Kishu Gupta,Ashwani Kush

2023-12-21

Abstract:Sensitive data leakage is the major growing problem being faced by enterprises in this technical era. Data leakage causes severe threats for organization of data safety which badly affects the reputation of organizations. Data leakage is the flow of sensitive data/information from any data holder to an unauthorized destination. Data leak prevention (DLP) is set of techniques that try to alleviate the threats which may hinder data security. DLP unveils guilty user responsible for data leakage and ensures that user without appropriate permission cannot access sensitive data and also provides protection to sensitive data if sensitive data is shared accidentally. In this paper, data leakage prevention (DLP) model is used to restrict/grant data access permission to user, based on the forecast of their access to data. This study provides a DLP solution using data statistical analysis to forecast the data access possibilities of any user in future based on the access to data in the past. The proposed approach makes use of renowned simple piecewise linear function for learning/training to model. The results show that the proposed DLP approach with high level of precision can correctly classify between users even in cases of extreme data access.

Cryptography and Security,Machine Learning

Yan Shvartzshnaider,Zvonimir Pavlinovic,Thomas Wies,Lakshminarayanan Subramanian,Prateek Mittal,Helen Nissenbaum

DOI: https://doi.org/10.48550/arXiv.1711.02742

2017-11-07

Cryptography and Security

Abstract:Conventional Data Leakage Prevention (DLP) systems suffer from the following major drawback: Privacy policies that define what constitutes data leakage cannot be seamlessly defined and enforced across heterogeneous forms of communication. Administrators have the dual burden of: (1) manually self-interpreting policies from handbooks to specify rules (which is error-prone); (2) extracting relevant information flows from heterogeneous communication protocols and enforcing policies to determine which flows should be admissible. To address these issues, we present the Verifiable and ACtionable Contextual Integrity Norms Engine (VACCINE), a framework for building adaptable and modular DLP systems. VACCINE relies on (1) the theory of contextual integrity to provide an abstraction layer suitable for specifying reusable protocol-agnostic leakage prevention rules and (2) programming language techniques to check these rules against correctness properties and to enforce them faithfully within a DLP system implementation. We applied VACCINE to the Family Educational Rights and Privacy Act and Enron Corporation privacy regulations. We show that by using contextual integrity in conjunction with verification techniques, we can effectively create reusable privacy rules with specific correctness guarantees, and check the integrity of information flows against these rules. Our experiments in emulated enterprise settings indicate that VACCINE improves over current DLP system design approaches and can be deployed in enterprises involving tens of thousands of actors.

Manuel Kern,Max Landauer,Florian Skopik,Edgar Weippl

DOI: https://doi.org/10.1016/j.cose.2024.103844

IF: 5.105

2024-04-11

Computers & Security

Abstract:Many modern cyber attack techniques cannot be prevented. Logging and monitoring, however, offer a means to at least detect these techniques early, and therefore become increasingly important for defense. Many companies are unfortunately reluctant to invest more in cyber security logging and monitoring or hire additional security staff to operate detective solutions. There is a need for a methodology to pick appropriate cyber security solutions from the vast pool of available products. Our model takes requirements mandated by common standards from ISO, NIST, BSI and the like into account. While standards and guidelines remain at a high abstraction level and are applicable to different organizations over a long period of time, guidance on implementation becomes outdated comparatively quickly. We propose a novel logging maturity and decision model for the selection of the best fitting cyber security solutions for an organization. The novelty is that this model accounts for constraints in the selection process, such as cost, complexity, compliance, and relevance to the organization's assets. We validate the model with MITRE ATT&CK framework data and apply it to illustrative use cases based on our survey.

computer science, information systems

Victor Chang,Muthu Ramachandran

DOI: https://doi.org/10.1109/tsc.2015.2491281

IF: 11.019

2016-01-01

IEEE Transactions on Services Computing

Abstract:Offering real-time data security for petabytes of data is important for cloud computing. A recent survey on cloud security states that the security of users' data has the highest priority as well as concern. We believe this can only be able to achieve with an approach that is systematic, adoptable and well-structured. Therefore, this paper has developed a framework known as Cloud Computing Adoption Framework (CCAF) which has been customized for securing cloud data. This paper explains the overview, rationale and components in the CCAF to protect data security. CCAF is illustrated by the system design based on the requirements and the implementation demonstrated by the CCAF multi-layered security. Since our Data Center has 10 petabytes of data, there is a huge task to provide real-time protection and quarantine. We use Business Process Modeling Notation (BPMN) to simulate how data is in use. The use of BPMN simulation allows us to evaluate the chosen security performances before actual implementation. Results show that the time to take control of security breach can take between 50 and 125 hours. This means that additional security is required to ensure all data is well-protected in the crucial 125 hours. This paper has also demonstrated that CCAF multi-layered security can protect data in real-time and it has three layers of security: 1) firewall and access control; 2) identity management and intrusion prevention and 3) convergent encryption. To validate CCAF, this paper has undertaken two sets of ethical-hacking experiments involved with penetration testing with 10,000 trojans and viruses. The CCAF multi-layered security can block 9,919 viruses and trojans which can be destroyed in seconds and the remaining ones can be quarantined or isolated. The experiments show although the percentage of blocking can decrease for continuous injection of viruses and trojans, 97.43 percent of them can be quarantined. Our CCAF multi-layered security has an average of 20 percent better performance than the single-layered approach which could only block 7,438 viruses and trojans. CCAF can be more effective when combined with BPMN simulation to evaluate security process and penetrating testing results.

computer science, information systems, software engineering

Mohammad Rajib Uddin,Shahriar Akter,Thomas Lee

DOI: https://doi.org/10.1016/j.ijpe.2024.109202

IF: 11.251

2024-03-05

International Journal of Production Economics

Abstract:Protecting data in retail operations is vital in the age of data-driven digital transformation. Businesses face a constant challenge from data breaches due to the unpredictable and dynamic nature of the threats. Although studies in the context of data breaches are gaining momentum, a unified approach to data breach prevention and responsive strategies are required to address the challenge. Drawing on the micro-foundations of dynamic capabilities theory, the study proposes a data breach protection framework for retail operations. The findings of the study highlight the dimensions and sub-dimensions of data breach protection capability using a systematic literature review and a thematic analysis. The outcome of this study can benefit retailers, customers, and society by understanding how to protect data in data-driven digital transformation.

engineering, manufacturing, industrial,operations research & management science

Gajendra Liyanaarachchi,Sameer Deshpande,Scott Weaven

DOI: https://doi.org/10.1108/ijbm-06-2020-0313

2020-12-09

Abstract:Purpose This conceptual paper explores gaps in bank privacy protection practices and advocates for banks to integrate market-oriented (MO) approaches in their corporate digital responsibility (CDR) initiatives to minimize consumer data vulnerability. Design/methodology/approach To apply MO in CDR, this study recommends adoption of a behavior change framework comprising of the co-creation, build and engage (CBE) model and proposes the creation of consumer segments based on generational cohort and tailoring strategies through motivation, opportunity and ability (MOA) model to manage vulnerability. Findings The study specifies that managing consumer data vulnerability requires a unique strategy different from conventional service delivery. A holistic approach is recommended by integrating corporate digital responsibility as a pivotal element of organizational strategy and by positioning vulnerable customers as a critical stakeholder. Originality/value The paper contributes to the research in corporate social responsibility (CSR), privacy and data vulnerability in the banking sector in two prominent ways: first, the study demonstrates the importance of MO as a premise to develop a novel version of CDR called market-oriented digital responsibility (MODR). The study considers MODR as a strategy to reposition vulnerable consumers as a key stakeholder, and, second, the study proposes an innovative set of consumer segments based on data vulnerability and introduces a data vulnerability growth model (DVGM) connecting vulnerability with age.

business

Chen Jian,Dan Dan

DOI: https://doi.org/10.11648/j.ajmse.20240903.11

2024-08-20

American Journal of Management Science and Engineering

Abstract:Customers today are increasingly demanding a personalized shopping experience, coupled with stringent data security measures and prompt responses. As the landscape of online privacy evolves, particularly with the anticipated sunset of third-party cookies by 2024, businesses face a critical imperative to revamp their customer data management strategies. The emergence of Customer Data Platforms (CDPs) stands out as a pivotal solution in this evolving ecosystem. This article undertakes a detailed critique of CDPs, starting with insights gathered from both users and industry experts, and subsequently examining consumer perceptions and behaviors in the digital realm. At the heart of contemporary consumer expectations lies the desire for tailor-made interactions that reflect their preferences and behaviors. This demand necessitates robust data management tools capable of aggregating, analyzing, and activating customer data across multiple touchpoints. CDPs have emerged as a central tool in this endeavor, offering businesses a unified platform to integrate disparate data sources and derive actionable insights in real-time. By leveraging comprehensive customer profiles built from first-party data, CDPs enable businesses to deliver personalized experiences that foster customer loyalty and drive revenue growth. Moreover, the impending demise of third-party cookies, compounded by stringent data protection regulations like GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act), underscores the urgency for businesses to adopt privacy-centric data practices. CDPs play a crucial role in this paradigm shift by empowering businesses to ethically collect and utilize customer data, thereby enhancing transparency and trust. However, challenges persist, including the complexity of integrating CDPs into existing infrastructures and ensuring compliance with evolving regulatory frameworks. From a consumer standpoint, attitudes towards data privacy are evolving, with an increasing emphasis on transparency and control over personal information. Consumers are more inclined to engage with brands that demonstrate a commitment to data security and ethical data usage practices. This shift necessitates a nuanced approach from businesses using CDPs, emphasizing not only personalization but also data protection and consent management. While CDPs offer substantial benefits in navigating the complexities of modern data management and meeting consumer expectations for personalized experiences, their successful implementation hinges on addressing technical, regulatory, and ethical considerations. By doing so, businesses can not only adapt to the evolving landscape of digital privacy but also foster enduring customer relationships grounded in trust and mutual value.

Fuzhi Cang,Mingxing Zhang,Yongwei Wu,Weimin Zheng

DOI: https://doi.org/10.3969/j.issn.1673-5188.2013.04.004

2013-01-01

Abstract:Despite the multifaceted advantages of cloud computing,concerns about data leakage or abuse impedes its adoption for security-sensi tive tasks.Recent investigations have revealed that the risk of unauthorized data access is one of the biggest concerns of users of cloud-based services.Transparency and accountability for data managed in the cloud is necessary.Specifically,when using a cloudhost service,a user typically has to trust both the cloud service provider and cloud infrastructure provider to properly handling private data.This is a multi-party system.Three particular trust models can be used according to the credibility of these providers.This pa per describes techniques for preventing data leakage that can be used with these different models.

Winnie Bahati Mbaka,Katja Tuma

2024-08-15

Abstract:The arrival of recent cybersecurity standards has raised the bar for security assessments in organizations, but existing techniques don't always scale well. Threat analysis and risk assessment are used to identify security threats for new or refactored systems. Still, there is a lack of definition-of-done, so identified threats have to be validated which slows down the analysis. Existing literature has focused on the overall performance of threat analysis, but no previous work has investigated how deep must the analysts dig into the material before they can effectively validate the identified security threats. We propose a controlled experiment with practitioners to investigate whether some analysis material (like LLM-generated advice) is better than none and whether more material (the system's data flow diagram and LLM-generated advice) is better than some material. In addition, we present key findings from running a pilot with 41 MSc students, which are used to improve the study design. Finally, we also provide an initial replication package, including experimental material and data analysis scripts and a plan to extend it to include new materials based on the final data collection campaign with practitioners (e.g., pre-screening questions).

Software Engineering

Elena Baninemeh,Slinger Jansen,Katsiaryna Labunets

2024-01-23

Abstract:Distributed ledger technologies have gained significant attention and adoption in recent years. Despite various security features distributed ledger technology provides, they are vulnerable to different and new malicious attacks, such as selfish mining and Sybil attacks. While such vulnerabilities have been investigated, detecting and discovering appropriate countermeasures still need to be reported. Cybersecurity knowledge is limited and fragmented in this domain, while distributed ledger technology usage grows daily. Thus, research focusing on overcoming potential attacks on distributed ledgers is required. This study aims to raise awareness of the cybersecurity of distributed ledger technology by designing a security risk assessment method for distributed ledger technology applications. We have developed a database with possible security threats and known attacks on distributed ledger technologies to accompany the method, including sets of countermeasures. We employed a semi-systematic literature review combined with method engineering to develop a method that organizations can use to assess their cybersecurity risk for distributed ledger applications. The method has subsequently been evaluated in three case studies, which show that the method helps to effectively conduct security risk assessments for distributed ledger applications in these organizations.

Cryptography and Security,Software Engineering

Stefano Braghin,Marco Simioni,Mathieu Sinn

DOI: https://doi.org/10.48550/arXiv.2108.13785

2021-08-31

Abstract:Shared folders are still a common practice for granting third parties access to data files, regardless of the advances in data sharing technologies. Services like Google Drive, Dropbox, Box, and others, provide infrastructures and interfaces to manage file sharing. The human factor is the weakest link and data leaks caused by human error are regrettable common news. This takes place as both mishandled data, for example stored to the wrong directory, or via misconfigured or failing applications dumping data incorrectly. We present Data Leakage Prevention FileSystem (DLPFS), a first attempt to systematically protect against data leakage caused by misconfigured application or human error. This filesystem interface provides a privacy protection layer on top of the POSIX filesystem interface, allowing for seamless integration with existing infrastructures and applications, simply augmenting existing security controls. At the same time, DLPFS allows data administrators to protect files shared within an organisation by preventing unauthorised parties to access potentially sensitive content. DLPFS achieves this by transparently integrating with existing access control mechanisms. We empirically evaluate the impact of DLPFS on system's performances to demonstrate the feasibility of the proposed solution.

Cryptography and Security,Computers and Society