DOI QR코드

DOI QR Code

Business Process Reengineering of an Information Exchange Management System for a Nationwide Cyber Threat Intelligence

  • Pramadi, Yogha Restu (School of Electrical Engineering and Informatics, Institute of Technology Bandung) ;
  • Rosmansyah, Yousep (School of Electrical Engineering and Informatics, Institute of Technology Bandung) ;
  • Kim, Myonghee (Dept. of IT Convergence and Application Engineering, PuKyong Nat. Univ.) ;
  • Park, Man-Gon (Dept. of IT Convergence and Application Engineering, PuKyong Nat. Univ.)
  • 투고 : 2017.01.07
  • 심사 : 2017.01.26
  • 발행 : 2017.02.28

초록

Nowadays, nations cyber security capabilities play an important role in a nation's defense. Security-critical infrastructures such as national defenses, public services, and financial services are now exposed to Advanced Persistent Threats (APT) and their resistance to such attacks effects the nations stability. Currently Cyber Threat Intelligence (CTI) is widely used by organizations to mitigate and deter APT for its ability to proactively protect their assets by using evidence-based knowledge. The evidence-based knowledge information can be exchanged among organizations and used by the receiving party to strengthen their cyber security management. This paper will discuss on the business process reengineering of the CTI information exchange management for a nationwide scaled control and governance by the government to better protect their national information security assets.

키워드

참고문헌

  1. A.K. Sood and R.J. Enbody, "Targeted Cyberattacks: A Superset of Advanced Persistent Threats," IEEE Security and Privacy, Vol. 11, No. 1, pp. 54-61, 2013.
  2. Advanced Persistent Threats: A Decade in Review, Technical Report of Command Five Pty Ltd, 2011.
  3. K. Geers, D. Kindlund, N. Moran, and R. Rachwald, World War C: Understanding Nation-State Motives behind Today's Advanced Cyber Attacks, Technical Report of FireEye, 2014.
  4. D. Kushner, "The Real Story of Stuxnet," IEEE Spectrum, Vol. 50, No. 3, pp. 48-53, 2013. https://doi.org/10.1109/MSPEC.2013.6471059
  5. B. Schneier, Phishing Has Gotten Very Good, https://www.schneier.com/blog/archives/2013/03/phishing_has_go.html (accessed Nov., 15, 2016).
  6. R.L. Trope and S.J. Humes, "By Executive Order: Delivery of Cyber Intelligence Imparts Cyber Responsibilities," IEEE Security and Privacy, Vol. 11, No. 2, pp. 63-67, 2013. https://doi.org/10.1109/MSP.2013.29
  7. Y.R. Pramadi, Y. Rosmansyah, and M.G. Park, "A Study on Cyber Threat Intelligence Information Exchange System," Proceedings of the 5th Japan-Korea Joint Workshop on Complex Communication Sciences, pp. 156-159, 2016.
  8. IEEE Standard for Functional Modeling Language-Syntax and Semantics for IDEF0, IEEE Standard 13201-1998, 1998.
  9. Information Systems Audit and Control Association, COBIT 5: A Business Framework for the Governance and Management of Enterprise IT, Rolling Meadows, IL 60008, USA, 2012.
  10. B.E. Grooms, Joint Intelligence Preparation of the Operational Environment, Joint Intelligence Organizations, USA, pp. 1-285, 2009.
  11. C. Johnson, L. Badger, and D.C. Waltermire, NIST Special Publication 800-150, Guide to Cyber Threat Information Sharing (Draft) , National Institute of Standards and Technology, 2014.
  12. C.S. Johnson, M.L. Badger, D.A. Waltermire, J. Snyder, and C. Skorupka, Guide to Cyber Threat Information Sharing, National Institute of Standards and Technology, NIST-SP 800-150, 2016.
  13. A. Liska, Building an Intelligence-led Security Program, Elsevier, Waltham, 2014.
  14. A. Kornmaier and F. Jaouen, "Beyond Technical Data-A More Comprehensive Situational Awareness Fed by Available Intelligence Information," Proceedings of 2014 6th International Conference on Cyber Conflict, pp. 139-154, 2014.
  15. K. Giles and W. Hagestad II, "Divided by a Common Language: Cyber Definitions in Chinese, Russian, and English," Proceedings of 2013 5th International Conference on Cyber Conflict, pp.1-17, 2013.
  16. S.Y. Kim, M.H. Kim, and M.G. Park, "A Study on the Information Security Control and Management Process in Mobile Banking Systems," Journal of Korea Multimedia Society, Vol. 18, No. 2, pp. 218-232, 2015. https://doi.org/10.9717/kmms.2015.18.2.218
  17. H. Dalziel, E. Olson, and J. Carnall, How to Define and Build an Effective Cyber Threat Intelligence Capability, Syngress, Waltham, 2015.