Refine
Year of publication
Institute
Document Type
- Conference Proceeding (44)
- Article (7)
- Part of a Book (6)
- Book (5)
Keywords
- Cybersecurity (3)
- ICS (2)
- AI (1)
- Android (1)
- Artificial intelligence (1)
- Asset Discovery (1)
- Asset Inventory (1)
- Asset Management (1)
- Audit Trail (1)
- Auditing Framework (1)
The work of an digital forensics expert is far more extensive and varied today than it was just a few years ago. Especially after hacking attacks on organizations, experts in DFIR (Digital Forensics and Incident Response) come into play. In this paper, we present a learning platform that enables people to learn DFIR from scratch. To achieve this goal, the content of the learning platform was defined, evaluated and prepared with the help of experts from industry and government. For this purpose, expert interviews were conducted, which were subsequently evaluated. The results of these interviews were incorporated into initial scenarios that were implemented in individual modules on the learning platform Ilias, with a distinction being made between the basics and the main DFIR part. In the basic part, an introduction to IT forensics is offered, which is supplemented by further technical modules. This includes training in the use of the Linux operating system, which is frequently used in digital forensics, as well as the acquisition and analysis of RAM iand hard disk images. In the main part, the focus is to apply the learnings from the basic sections and to enhance them with incident related knowledge for DFIR projects, in which digital forensics experts gather and analyse evidence on various systems of the attacked organizations by searching and gathering so-called IoCs (Indicators of Compromise) from log files and other sources. Once the analysis part is complete, and all evidence has been collected, cleanup, recovery and restart of systems may take place, which is handled in the last section of the main training module.
The need for compliance and the growing number of IT security threats force many companies to improve their level of IT security. At the same time, new legal regulations and the trend to interconnect IT with automation environments (operational technology, OT) lead to the situation that IT security and OT security need to be approached at the same time. However, OT differs from IT in several aspects and many well-established IT security procedures cannot simply be copied to OT networks. As in IT the first step to establish an acceptable security level for OT is to perform a proper risk assessment. Available tools that support OT asset management are either expensive or they do not provide the functionality needed. In the context of this paper a new open-source approach to OT asset management is presented. The tool that was developed to collect OT assets considers the specific characteristics of OT devices, the sensitivity of production environments, and the typically rudimentary star ting situation of many real-world machine operators while being free of charge at the same time.
In today’s world, there are more and more IT systems that are interconnected to provide services to a wide variety of business classes. Since their services are usually inevitably linked to financial and political interests, the number of attacks aimed at disrupting or profiting from these and the associated systems in various ways is constantly increasing. In this paper we design and implement a framework for the comprehensive auditing of IT systems in system architectures of different enterprise classes. For our solution, we evaluate formal requirements regarding audit trails, provide concepts for the pseudonymisation of audit data, develop software components for E2E audit trails and finally present a secure system architecture based on Kubernetes and Istio in conjunction with the storage components ArangoDB and HashiCorp Vault to achieve an efficient framework for creating E2E audit trails.
Industrial automation and control systems (IACS) operate in complex and increasingly networked environments of industrial plants. Due to the increasing number of cyber attacks, these systems are also exposed to the growing threat of being attacked. IACS are often found in critical infrastructure such as power supply or water treatment plants, as well as in industry, so their compromise can result in devastating consequences. To prevent this, the IEC-62443 series of standards was developed to address the cybersecurity of IACS. In order to achieve cybersecurity in accordance with the IEC-62443 standard, the human factor plays a major role, as it is humans that need to implement and manage the cybersecurity controls. To help those users to get started and gain a basic understanding of important IEC-62443 concepts such as zones and conduits, defense in depth, and security levels, this paper defines an experience-based practical approach to train users w.r.t. application and implementation of the standard.
The increasing significance of information technology (IT) security in modern life and the rising number of cybersecurity regulations and legislation are creating a high demand for IT security experts, which is currently unmet, resulting in numerous vacancies. To address this shortage of skilled professionals, it is crucial to cultivate early interest among students. In the present study, the game-based system CampusQuest is introduced as a tool to engage students in cybersecurity from the outset and to stimulate their ambition in this field. The system is based on the concept of solving challenges, similar to the format of so-called Capture the Flag competitions. However, the challenges have been adapted to align with the specific context of a university campus, combining various additional elements. CampusQuest incorporates physical elements into the challenges, which are distributed permanently across the campus and motivate individuals to participate. Additionally, the system has been enhanced with a mechanism to prevent the dissemination of solutions. The system has been implemented in a prototype form and currently comprises eleven challenges of varying degrees of difficulty, which is designed to facilitate the introduction of the subject to first-year students.
Tatort Unternehmen - Interne Ermittlungen - Criminal Investigations - beeindruckende Begriffe aus der Tagespresse, die in der betrieblichen Praxis jedoch vor allem eins erfordern: viel Sachkunde und routiniertes Vorgehen. Welche taktischen Möglichkeiten und Stolperfallen bei eigenen Sachverhaltsaufklärungen auftreten, stellt dieses Buch anschaulich vor. Erstmals systematisch integriert aus juristischer, Ermittlungs- und IT-Perspektive zeigen Birgit Galley, Ingo Minoggio und Marko Schuba auf, - welche rechtlichen Rahmenbedingungen beachtet werden müssen, - wann und wie Sachverhalte ermittelt werden, - wie man mit Zeugen und auch Tätern umgeht, - wann man am besten welche Fragen stellt - und welche besser nicht, - wie digitale Spuren sichtbar gemacht und Ausspähungen entdeckt werden. Über 30 Jahre Fallerfahrung der Autoren und viel Anwendungsnähe aller vorgestellten Themen findet man in diesem Buch. Ein Werkzeugkoffer und Anleitung für die eigene Ermittlungspraxis.
