Patrick Wake patrick.d.wake@durham.ac.uk
PGR Student Doctor of Philosophy
Work in Progress: Evaluation of Security Standards through a Cyber Range using Hackers’ Tactics, Techniques and Procedures
Wake, Patrick; Black, Sue; Young, Jonathan
Authors
Professor Sue Black sue.black@durham.ac.uk
Professor
Jonathan Young jonathan.p.young@durham.ac.uk
PGR Student Doctor of Philosophy
Abstract
We present a framework for the creation of a cyber range to test the effectiveness of security standards, policies and frameworks. These assets guide organisations on how to protect themselves from cyber threats. They have been created via a variety of methods including standards bodies, anecdotal evidence, findings from successful attacks and others. To date, however, there is not an agreed process for creating cyber ranges to conduct a practical assessment of the recommended controls. As a result, the ability of enterprises and standards bodies to judge the effectiveness of these measures is limited. Utilising hackers’ tactics, techniques, and procedures to evaluate security standards, should be an effective method for testing a lifelike cyber range which complies to a specific standard. We have started to produce the blueprint for such a laboratory, presented here to showcase our initial findings, using the Cyber Essentials framework as an initial use case. 1.
Citation
Wake, P., Black, S., & Young, J. (2023, July). Work in Progress: Evaluation of Security Standards through a Cyber Range using Hackers’ Tactics, Techniques and Procedures. Presented at 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) |
| Start Date | Jul 3, 2023 |
| End Date | Jul 7, 2023 |
| Acceptance Date | Jun 1, 2023 |
| Online Publication Date | Jul 31, 2023 |
| Publication Date | 2023-07 |
| Deposit Date | Dec 9, 2024 |
| Publicly Available Date | Dec 10, 2024 |
| Peer Reviewed | Peer Reviewed |
| Pages | 653-658 |
| DOI | https://doi.org/10.1109/eurospw59978.2023.00076 |
| Keywords | Standards organizations; Process control; Benchmark testing; Security; Proposals; Cyber Range; Security Standards; Cyber Essentials; Hacking |
| Public URL | https://durham-repository.worktribe.com/output/3211870 |
Files
Accepted Journal Article
(762 Kb)
PDF
Licence
http://creativecommons.org/licenses/by/4.0/
Copyright Statement
This accepted manuscript is licensed under the Creative Commons Attribution 4.0 licence. https://creativecommons.org/licenses/by/4.0/
You might also like
Empirical comparison of text-based mobile apps similarity measurement techniques
(2019)
Journal Article
Digital Inclusion in Nothern England: Training Women from Underrepresented Communities in Tech: A Data Analytics Case Study
(2020)
Presentation / Conference Contribution
Clustering Mobile Apps Based on Mined Textual Features
(2016)
Presentation / Conference Contribution
Self-Regulated Sample Diversity in Large Language Models
(2024)
Presentation / Conference Contribution
Optimising IT Security Research via a Low Cost, Instantly Available, Cloud Based Cyber Range
(2024)
Presentation / Conference Contribution
Downloadable Citations
About Durham Research Online (DRO)
Administrator e-mail: dro.admin@durham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search