Enterprise Cybersecurity Research Articles

Особливості формування системи управління кібербезпекою підприємств у воєнний період: теоретико-прикладний аспект

The article examines the peculiarities of forming a cybersecurity management system for enterprises in wartime. The paper presents the theoretical and applied aspect of this issue.
 The purpose of the article is to study the peculiarities and theoretical and applied aspects of forming a cybersecurity management system for enterprises in wartime. The main methods used in the study are analysis, synthesis, statistical methods, etc.
 The importance of enterprise cybersecurity management for their economic security and achievement of the required level of national security is substantiated. A review and analysis of literary sources on the problem of defining the essence of the concept of "cybersecurity" is carried out. It is proved that for effective cybersecurity management it is advisable to classify cyberattacks. It is also advisable to add the following classification features to the existing classification features: "by the level of insurance", i.e. whether it is possible to insure (over-insure) against the threat itself and its consequences, and "by the level of loss", i.e. the level of losses from cyber attacks.
 Modern cyberattacks and their consequences are analyzed. The key stages of building an effective cybersecurity management system are formed. The key aspects of determining the security policy of enterprises, their proactive response to highly dynamic economic conditions (primarily in the field of cybersecurity) in wartime are indicated. The system of enterprise cybersecurity management and organization should provide for the possibility of timely selection of specific means and ways to ensure it. 
 The author analyzes the functional and managerial aspect of forming a cybersecurity management system for enterprises in wartime. The key measures to develop the potential of the security and defense sector of Ukraine are investigated. 
 The study proposes a conceptual model for the formation of an effective cybersecurity management system for enterprises in wartime. Each of its stages is characterized. The functions of the cybersecurity management system of enterprises in wartime are described.

Zero-Trust Architecture (ZTA): Designing an AI-Powered Cloud Security Framework for LLMs’ Black Box Problems

Businesses are becoming more interested in developing and testing Large Language Models (LLMs) in their own settings to support decision-making and growth as a result of the rapid emergence of AI and cloud computing. Here’s the dilemma, though: to what extent do you believe these models and the data they were trained on? We don’t know the feature list of an LLM, which presents the first obstacle when discussing trust and the reasons why there should be zero trust. Although it may seem a bit extreme, this is accurate for two reasons. When it comes to GenAI models nowadays, the more multimodal and more capabilities they have, the better. This way of thinking is great for exploring and confirming if GenAI can address a business problem, but it’s a surefire way to run into trouble when attempting to put things into production in an organizational setting. An enterprise cybersecurity architecture known as a zero-trust architecture (ZTA) is built on the ideas of zero trust and is intended to stop data breaches, enhance privacy, and restrict internal lateral movement. This article discusses ZTA, its logical aspects, probable deployment scenarios, AI rules, threats and limitations in order to provide a detailed understanding of why enterprises must adapt a ZTA framework in a cloud-based environment for AI model deployment.

Adaptive generative AI for dynamic cybersecurity threat detection in enterprises

This research paper provides a thorough examination of the application of Generative Artificial Intelligence (AI) in the context of dynamic cybersecurity threat detection within enterprises. Recognizing the evolving nature of cyber threats, the study focuses on adaptive generative AI models designed to enhance threat detection capabilities. Through an extensive review of existing literature and case studies, the paper explores various Adaptive Generative AI methodologies, including machine learning algorithms, continuous learning mechanisms, and real-time data processing. The analysis encompasses the strengths and limitations of these approaches, shedding light on their efficacy in addressing the complex and dynamic cybersecurity landscape. By offering a comprehensive overview, this research aims to guide the development and implementation of adaptive generative AI solutions for effective threat detection and mitigation in enterprise cybersecurity.

Understanding enterprise cybersecurity information sharing: a theoretical model and empirical analysis

ABSTRACT This research employs an analytical modelling approach, complemented by empirical analysis, to delve into enterprise cybersecurity information sharing strategies. Utilising a thorough cost-based analysis, we scrutinise the cybersecurity costs and security levels within enterprises, leading to the identification of three core cybersecurity strategies – risk acceptance, risk balance, and risk reduction. Additionally, we delineate four distinct information-sharing strategies: selective, balanced, extensive, and futile sharing. Supported by empirical evidence gathered from a cybersecurity forum, this investigation not only enriches scholarly discussions but also provides valuable insights. Its academic significance is accentuated by offering nuanced guidance for practitioners, facilitating the implementation of effective cybersecurity information-sharing practices.

Zero trust architecture in IAM with AI integration

ZTA is a new model of enterprise cybersecurity that stands for continuous authentication, strict access control and dynamic verification for data, assets and identities of enterprises in multilayered infrastructures. ZTA ensures that each and every incoming request to access people, devices or applications is constantly compared to the organisation’s policy and approved, no matter if it is coming inside or outside a network, unlike a traditional perimeter-based security strategy. In an effort to enhance the compliance standards and lower the attack surface, this article expands on the basic tenets of ZTA, such as adding IAM to regulate access based on the role and permission systems. ZTA is further enhanced by AI that enables the real-time identification of threats, dynamic security access control, and risk estimation. By adopting the AI approach, ZTA can make intelligent decisions, and this makes companies able to counteract the ever-incoming cyber threats. Among the areas where ZTA and AI applications are being adopted are cloud environments, remote workforces, IoT devices, and microservices. Further research prospects are also enumerated in this document, such as developing AI-based behavioural analytics, safeguarding Edge and IoT applications, incorporating improved threat intelligence, and incorporating machine learning in ZTA processes. These developments will keep ZTA as a strong and adaptive cybersecurity framework for any corporate infrastructures and protect them from threats in related modern digital landscapes.

The Arrival of Zero Trust: What Does it Mean?

It used to be that enterprise cybersecurity was all castle and moat. First, secure the perimeter and then, in terms of what went on inside that, Trust, but verify. The perimeter, of course, was the corporate network. But what does that even mean at this point? With most employees now working from home at least some of the time and organizations relying increasingly on cloud computing, there is no such thing as a single, enterprise-wide perimeter anymore. And, with corporate security breaches having become a regular news item over the past two decades, trust has essentially evaporated as well.

Multi-type relational clustering for enterprise cyber-security networks

Several cyber-security data sources are collected in enterprise networks providing relational information between different types of nodes in the network, namely computers, users and ports. This relational data can be expressed as adjacency matrices detailing inter-type relationships corresponding to relations between nodes of different types and intra-type relationships showing relationships between nodes of the same type. In this paper, we propose an extension of Non-Negative Matrix Tri-Factorisation (NMTF) to simultaneously cluster nodes based on their intra and inter-type relationships. Existing NMTF based clustering methods suffer from long computational times due to large matrix multiplications. In our approach, we enforce stricter cluster indicator constraints on the factor matrices to circumvent these issues. Additionally, to make our proposed approach less susceptible to variation in results due to random initialisation, we propose a novel initialisation procedure based on Non-Negative Double Singular Value Decomposition for multi-type relational clustering. Finally, a new performance measure suitable for assessing clustering performance on unlabelled multi-type relational data sets is presented. Our algorithm is assessed on both a simulated and real computer network against standard approaches showing its strong performance.

Developing a cyber security culture: Current practices and future needs

While the creation of a strong security culture has been researched and discussed for decades, it continues to elude many businesses. Part of the challenge faced is distilling pertinent, recent academic findings and research into useful guidance. In this article, we aim to tackle this issue by conducting a state-of-the-art study into organisational cyber security culture research. This work investigates four questions, including how cyber security culture is defined, what factors are essential to building and maintaining such a culture, the frameworks proposed to cultivate a security culture and the metrics suggested to assess it. Through the application of the PRISMA systematic literature review technique, we identify and analyse 58 research articles from the last 10 years (2010-2020). Our findings demonstrate that while there have been notable changes in the use of terms (e.g., information security culture and cyber security culture), many of the most influential factors are similar. Top management support, policy and procedures, and awareness for instance, are critical in engendering cyber security culture. Many of the frameworks reviewed revealed common foundations, with organisational culture playing a substantial role in crafting appropriate cyber security culture models. Questionnaires and surveys are the most used tool to measure cyber security culture, but there are also concerns as to whether more dynamic measures are needed. For practitioners, this article highlights factors and models essential to the creation and management of a robust security culture. For research, we produce an up-to-date characterisation of the field and also define open issues deserving of further attention such as the role of change management processes and national culture in an enterprise's cyber security culture.

Real-time analytics, incident response process agility and enterprise cybersecurity performance: A contingent resource-based analysis

Emerging paradigms of attack challenge enterprise cybersecurity with sophisticated custom-built tools, unpredictable patterns of exploitation, and an increasing ability to adapt to cyber defenses. As a result, organizations continue to experience incidents and suffer losses. The responsibility to respond to cybersecurity incidents lies with the incident response (IR) function. We argue that (1) organizations must develop ‘agility’ in their IR process to respond swiftly and efficiently to sophisticated and potent cyber threats, and (2) Real-time analytics (RTA) gives organizations a unique opportunity to drive their IR process in an agile manner by detecting cybersecurity incidents quickly and responding to them proactively. To better understand how organizations can use RTA to enable IR agility, we analyzed in-depth data from twenty expert interviews using a contingent resource-based view. The results informed a framework explaining how organizations enable agile characteristics (swiftness, flexibility, and innovation) in the IR process using the key features of the RTA capability (complex event processing, decision automation, and on-demand and continuous data analysis) to detect and respond to cybersecurity incidents as-they-occur which, in turn, improves their overall enterprise cybersecurity performance.

Classification of stakeholders (users) of accounting information for the enterprise cybersecurity purposes

Introduction. The intensification of cyberrisks due to global hybrid conflicts, the COVID-19 pandemic, and economic imbalances threatens the accounting system as the main generator of economic information, which requires the organization of an effective system of enterprises cybersecurity. It is necessary to understand cyberthreats impact on the functioning of different types of stakeholders for development of the effective cybersecurity.Purpose. The main purpose is to research and improve the classification of accounting information users for the enterprises cybersecurity and minimize the variable cyberrisks that threaten different groups of stakeholders.Methods. General scientific empirical, logical and historical methods of cognition of reality in the process of researching the relevance of variable cyberthreats for different types of stakeholders were used. The research is based on general methods of studying economic processes, facts and phenomena from the standpoint of accounting and enterprises cybersecurity. The information base of the research is historical documents on the classification of stakeholders, scientific works of domestic and foreign scientists about dividing users of accounting information into types, and so on.Results. It is proved that the classical scientific views on the classification of accounting information users are ineffective for the purposes of enterprises cyberprotection, as they do not take into account the activation of relevant for the digital economy of variable cyberthreats. It is proposed to classify accounting information users by the following criteria: the ability to manage the activities of the business entity, the right of access, the likelihood of cyberthreats, the ability to dispose of the access right, access to accounting objects, functional law, information processing, economic activity, age, organizational and legal form, type of communication channels used, frequency of information acts.Discussion. The use of the proposed stakeholders’ classification helps to identify cyberrisks; prevent, avoid and minimize cyberthreats consequences, relevant to each type of accounting information users, which requires further research about enterprises cybersecurity.

Предпосылки формирования системы информационной безопасности предприятия

The article discusses the problems of managing the information security of the enterprise in a changing business climate. The description, shortcomings and advantages of the existing asS TP security system are given. The specifics of the company's procedural and technological security capabilities have been revealed. The enterprise's IT infrastructure has been identified in the information security and cyber defense format, consisting of three components: the servers of applications that deliver business applications; database servers that contain business data and system administration channels to manage and monitor infrastructure that need to work together as a coherent and coordinated system. Structured architecture, uniting corporate cybersecurity in 11 functional areas covering the technical and operational breadth of enterprise cybersecurity. These functional areas are highlighted on the basis of their relative independence from each other and because they are well consistent with the way staff, experience and responsibilities are shared in the enterprise. This corporate cybersecurity architecture format provides the basis for managing the capabilities that the enterprise provides the tools of audit, forensics, detection, and preventive control. This structure provides consistent management of security capabilities and helps prioritize their deployment, maintenance, and updates over time. It also ensures strict accountability and good alignment of strategy, staff, budget and technology to meet the organization's security needs. The structure is designed to be flexible and scalable regardless of the size of the enterprise. It provides an expandable mechanism for adjusting cyber defense over time in response to changing cyber threats.

THE ACCOUNTING SYSTEM AS THE BASIS FOR ORGANISING ENTERPRISE CYBERSECURITY

Abstract. The increasing number of cyberattacks as part of the hybrid influence on social and economic processes and the threat of confidential information leaks dictate the need to ensure cybersecurity for enterprises, sectors and branches of the economy. Since most economic information is produced by the accounting system, its cybersecurity is a priority. The review of literature on enterprise cybersecurity has indicated that the researchers increasingly define the accounting system as the target of cybersecurity measures. This approach is scientifically limited, as it does not consider that the accounting system may be the subject ensuring the cybersecurity of enterprises in the conditions of rapid development of latest computer and communication technologies. The aim of the article is to investigate the prospects of organising accounting when it is acting as the subject in a platform for ensuring the cybersecurity of enterprises. It is substantiated that accounting should be used as the basis for ensuring cybersecurity, given that accounting is the main producer of economic information, much of the accounting information is confidential, modern accounting specialists are qualified in multiple different areas of expertise, numerous cyberattacks are perpetrated via accounting software, and the regulatory nature of accounting standards pertaining to information processes. The prospects of reorganising the accounting department of enterprises and transforming the operational responsibilities of accounting specialists to focus on ensuring the cybersecurity of enterprises are explored. It is proposed to use the accounting policy of the enterprise and the internal regulations linked to it as the basis for the development of cybersecurity regulations. The necessity of introducing permanent security audit to accounting and control activities of the enterprise is proved. It proposed that internal controllers (accountants) or external specialists from audit firms monitor and test the cybersecurity system of enterprises that will facilitate efficient prevention, avoidance and elimination of information barriers and threats to the effective operation of economic entities. Keywords: accounting, cybersecurity, security audit, information security, information risks and barriers, accounting policy. Formulas: 0; fig.: 3; tabl.: 1; bibl.: 19.

Setting the Optimum Time for a Special Audit to Improve the Enterprise's Cyber Security

The article presents a method for setting the optimal time for special audit to improve the level of cyber defense of an enterprise working in the field of market relations of IT services. Studying the issue of providing measures to reduce the risk of a cyber-incident, analyzed the time series of the intensity of cyber-attacks of the enterprise. An analytical function of the cyber-attack intensity at an enterprise that satisfies the nonlinear Bernoulli differential equation is considered. The elasticity interval of the analytic function of the cyber-attack intensity at the enterprise is found. Analysis of cyber-attack time series on the enterprise system for the same time periods falling within the time interval from the end of the planned audit to the beginning of the next one. An analytical alignment of the time series of the cyber-attack intensity function was performed using a logistic curve. A stepwise p-transformation of a small parameter into a cyber-attack intensity function for an enterprise was introduced and the dimensionlessness of the variables was performed, which made it possible to calculate the sensitivity of a dimensionless cyber-attack intensity function from a small parameter p over a set time period. The study is based on the application of the theory of elasticity of the intensity function of cyber-attacks, which determines the time interval at which to conduct a special audit at the enterprise. Due to the found elasticity interval of the cyber-attack intensity function, the optimal time for special audit was determined.

Enterprise cybersecurity training and awareness programs: Recommendations for success

ABSTRACTTo help employees recognize and change their computing security behavior, organizations need to invest in cybersecurity training and awareness programs to encourage their employees’ active engagement in complying with their security policies. However, many organizations’ cybersecurity training and awareness programs fail to achieve their goals as employees feel bored with such training programs and lack enthusiasm to participate in them. Highlighting the criticality of the success of cybersecurity training and awareness programs in organizations, this paper identifies best practices and provides actionable insights (relating cyber awareness to employees’ personal life, reinforcing security procedures and guidelines, instilling a “relaxed alert” state of employees, and minimizing security fatigue for employees) that will help enterprises develop and implement economical, effective, and engaging cybersecurity training and awareness programs.

Enterprise Cybersecurity: Investigating and Detecting Ransomware Infections Using Digital Forensic Techniques

As the world continues to grow and embrace technology ransomware is growing problem. When ransomware encrypts storage sytems, systems shutdown, productivity grinds to a halt, and serious long-term damage takes place. As this is a known problem many firms have developed functionality to address ransomware issues in key security technologies such as intrusion protection systems. Many firms, especially smaller ones, may not have access to these technologies or perhaps the integration of these technologies might not yet be possible due ot varying circumstances. Regardless, ransomware must still be addressed as cyber miscreants actually target weak and unprotected environment. Even without tools that automate and aggregrate security capability, systems administrators can use systems utilities, applications, and digital forensic techniques to detect ransomware and defend their environemnts. This paper explores the literature regarding ransomware attacks, discusses current issues on how ransomware might be addressed, and presents recommendations to detect and investigate ransomware infection.

Enterprise Cybersecurity: Building a Successful Defense Program.

Cybersecurity is no longer an option or an afterthought-it is a strategic asset that every organization must address, especially in healthcare. The impact of modern cyberattacks extends well beyond privacy breaches and damage to brand or reputation; it can also affect the safe delivery of care. In 2017, a global security incident affected National Health Service hospitals in England and Scotland, preventing them from providing services to patients and causing thousands of appointments to be canceled. Such serious cyberattacks are becoming more prevalent, and their impact has dramatically changed from impeding back-office operations to threatening patient safety and the financial viability of healthcare organizations. This era of increased cybersecurity risks has compelled successful organizations to rapidly adapt their information security strategies and develop world-class cyber defense programs.

Cyber security's new hard line

Firewalls should still be an integral part of any enterprise's cyber security strategy, and vendors of the hardware variety are redoubling their R&D to win more market share.

Creating a Culture of Enterprise Cybersecurity

In this article I describe the fundamental dimensions of a security culture, a concept that builds on the experience of “safety culture” in several high-hazard industries. After outlining the concept and subtleties of corporate culture, I apply these concepts to issues of security, focusing on issues of trust, identification and authentication in complex environments. These issues become more challenging in virtual environments, as familiar tokens of identity such as face-toface recognition are absent, and where trust becomes a weakest-link problem. I conclude with a description of the challenges of “managing” the emergent phenomenon of culture, and how trust can be cultivated.

7.6.1 Monitoring and Management Approach for Cyber Security Events over Complex Systems

Abstract– DoD, agency and commercial operations centers that manage complex enterprise systems face the problem of protecting both the systems and the data they carry against cyber attacks while, at the same time, providing high quality end‐to‐end services that meet service level agreements and help ensure mission success. Presently there exists no comprehensive tool suite that encompasses the procedures, methods, and policies to provide an effective enterprise cyber security monitoring and management solution. This paper provides a basis from which to fill that void by introducing a new framework for monitoring and managing cyber security events in complex systems. We demonstrate application of this framework using several realistic scenarios.