Open Access. Powered by Scholars. Published by Universities.®
- Discipline
- Keyword
-
- Risk analysis (5)
- Information security (4)
- Critical Infrastructures (3)
- Critical infrastructures (3)
- National security (3)
-
- Critical Infrastructure Protection (2)
- Critical infrastructure protection (2)
- Cyber security (2)
- Delphi survey (2)
- Flow chart (2)
- ISO/IEC 27001:2005 (2)
- Internet of Things (2)
- Quantitative risk analysis (2)
- Survey (2)
- APT (1)
- APT29 (1)
- Advanced Persistent Threats (1)
- Asset valuation (1)
- BS 7799 (1)
- Case process approach (1)
- College curriculum (1)
- Compliance (1)
- Computer crime prevention (1)
- Curriculum (1)
- Cyber Maturity (1)
- Cyber Resilience (1)
- Cyber Security (1)
- Cyber defense (1)
- Cyber forensics (1)
- Cyber intelligence (1)
- Publication Year
- Publication
- Publication Type
Articles 1 - 21 of 21
Full-Text Articles in Information Security
Zero Trust And Advanced Persistent Threats: Who Will Win The War?, Bilge Karabacak, Todd Whittaker
Zero Trust And Advanced Persistent Threats: Who Will Win The War?, Bilge Karabacak, Todd Whittaker
All Faculty and Staff Scholarship
Advanced Persistent Threats (APTs) are state-sponsored actors who break into computer networks for political or industrial espionage. Because of the nature of cyberspace and ever-changing sophisticated attack techniques, it is challenging to prevent and detect APT attacks. 2020 United States Federal Government data breach once again showed how difficult to protect networks from targeted attacks. Among many other solutions and techniques, zero trust is a promising security architecture that might effectively prevent the intrusion attempts of APT actors. In the zero trust model, no process insider or outside the network is trusted by default. Zero trust is also called perimeterless …
A Mixed Public-Private Partnership Approach For Cyber Resilience Of Space Technologies, Bilge Karabacak, Gokhan Ikitemur, Andy Igonor
A Mixed Public-Private Partnership Approach For Cyber Resilience Of Space Technologies, Bilge Karabacak, Gokhan Ikitemur, Andy Igonor
All Faculty and Staff Scholarship
Governments today emphasize space systems as critical infrastructures. Many vital services, including communications, transportation, and maritime operations, depend on space systems. Cyber systems represent an essential component that enables effective functioning, configuration, and monitoring of technological space services. Space systems possess unique vulnerabilities and properties that attract the attention of hackers, and often with varying motivations. The private sector increasingly participates in the production of space technologies, and as a result of the differences in perceptions and priorities of governments and the private sector, handling the challenges of governance as it relates to the cybersecurity of space systems presents an …
Cybersecurity Education: The Quest To Building Bridge Skills, Andy Igonor, Raymond L. Forbes, Jonathan Mccombs
Cybersecurity Education: The Quest To Building Bridge Skills, Andy Igonor, Raymond L. Forbes, Jonathan Mccombs
All Faculty and Staff Scholarship
Today's employers differ in what skills and abilities they believe make for a competent cybersecurity professional; however, they concur on the importance of technical and soft skills, which we collectively refer to as "bridge skills" - in other words, skills needed to bridge employer needs and what higher education teaches. Higher education, on the other hand favors producing a holistic and rounded graduate, with soft skills incorporated into the first one or two years of study. Somewhere between these two dichotomies is a missing link which currently manifests as higher education not meeting the needs of industry relative to cybersecurity …
Iot Forensics Curriculum: Is It A Myth Or Reality?, Bilge Karabacak, Kemal Aydin, Andy Igonor
Iot Forensics Curriculum: Is It A Myth Or Reality?, Bilge Karabacak, Kemal Aydin, Andy Igonor
All Faculty and Staff Scholarship
In this research paper, two questions are answered. The first question is "Should universities invest in the preparation of an IoT forensics curriculum?". The second question is "If the IoT forensics curriculum is worth investing in, what are the basic building steps in the development of an loT forensics curriculum?". To answer those questions, the authors conducted a comprehensive literature review spanning academia, the private sector, and non-profit organizations. The authors also performed semi-structured interviews with two experts from academia and the private sector. The results showed that because of the proliferation of IoT technology and the increasing number of …
From The National Cyber Maturity To The Cyber Resilience: The Lessons Learnt From The Efforts Of Turkey, Bilge Karabacak, Unal Tatar
From The National Cyber Maturity To The Cyber Resilience: The Lessons Learnt From The Efforts Of Turkey, Bilge Karabacak, Unal Tatar
All Faculty and Staff Scholarship
In this paper, the details of critical infrastructure protection program of United States of America are shared by taking the cyber resilience into account. The academic and institutional studies on the concepts of cyber maturity, critical infrastructure protection program and cyber resilience are explained in detail. By the help of these studies and national efforts, the relations among these concepts are proposed. The key components of a cyber security strategy and action plan for a cyber resilient society is proposed by taking these three concepts into account. As the final step, the recent cyber security efforts of Turkey is shared …
Preliminary Analysis Of Cyberterrorism Threats To Internet Of Things (Iot) Applications, Bilge Karabacak, Mobolarinwa Balogun, Hayretdin Bahsi
Preliminary Analysis Of Cyberterrorism Threats To Internet Of Things (Iot) Applications, Bilge Karabacak, Mobolarinwa Balogun, Hayretdin Bahsi
All Faculty and Staff Scholarship
The era of Internet of Things (IoT) being a combination of various networking and computing technologies already in a state of growth that introduces a new age of data aggregation mechanism and ubiquitous connectivity among physical objects. However, the most of the cyber threats still remain unsolved and may create huge impact on our lives. One of the possible major changes in impact landscape is the imminent physical results of cyber threats as IoT technologies enable closer interactions between humans and information systems. Although the cyber threats to critical infrastructures have been highly considered by the cyber security community, the …
Design Implications Of Changing Student Demographics, Andy Igonor, Natalya Koehler
Design Implications Of Changing Student Demographics, Andy Igonor, Natalya Koehler
Learning Showcase 2016: A Celebration of Discovery, Transformation and Success
Many non-traditional higher education institutions have built their cyber security and computer science programs {CSCS) to cater to the needs of adult, working learners. Focusing on this demographic has implications for course and program design. Design approaches have therefore focused on strategies aimed at translating knowledge into learning nuggets specific to the adult learner, enabling day one job-readiness upon graduation. Recently, there has been increased focus on CSCS education at the high school level. The computer science for all initiative was announced recently by US President Obama, and there have been increased creativity on the part of higher education institutions …
An Assessment Model To Improve National Cyber Security Governance, Bilge Karabacak, Unal Tatar, Adrian Gheorghe
An Assessment Model To Improve National Cyber Security Governance, Bilge Karabacak, Unal Tatar, Adrian Gheorghe
All Faculty and Staff Scholarship
Today, cyber space has been embraced by individuals, organizations and nations as an indispensable instrument of daily life. Accordingly, impact of cyber threats has continuously been increasing. Critical infrastructure protection and fighting against cyber threats are crucial elements of national security agendas of governments. In this regard, governments need to assess the roles and responsibilities of public and private organizations to address the problems of current cyber protection postures and to respond with reorganization and reauthorization of these postures. A risk management approach is critical in placing these efforts in an ongoing lifecycle process. In this paper, a model is …
Regulatory Approaches For Cyber Security Of Critical Infrastructures: The Case Of Turkey, Bilge Karabacak, Sevgi Ozkan Yildirim, Nazife Baykal
Regulatory Approaches For Cyber Security Of Critical Infrastructures: The Case Of Turkey, Bilge Karabacak, Sevgi Ozkan Yildirim, Nazife Baykal
All Faculty and Staff Scholarship
Critical infrastructures are vital assets for public safety, economic welfare and/or national security of countries. Today, cyber systems are extensively used to control and monitor critical infrastructures. A considerable amount of the infrastructures are connected to the Internet over corporate networks. Therefore, cyber security is an important item for the national security agendas of several countries. The enforcement of security principles on the critical infrastructure operators through the regulations is a still-debated topic. There are several academic and governmental studies that analyze the possible regulatory approaches for the security of the critical infrastructures. Although most of them favor the market-oriented …
A Vulnerability-Driven Cyber Security Maturity Model For Measuring National Critical Infrastructure Protection Preparedness, Bilge Karabacak, Sevgi Ozkan Yildirim, Nazife Baykal
A Vulnerability-Driven Cyber Security Maturity Model For Measuring National Critical Infrastructure Protection Preparedness, Bilge Karabacak, Sevgi Ozkan Yildirim, Nazife Baykal
All Faculty and Staff Scholarship
Critical infrastructures are vital assets for the public safety, economic welfare and national security of countries. Cyber systems are used extensively to monitor and control critical infrastructures. A number of infrastructures are connected to the Internet via corporate networks. Cyber security is, therefore, an important item of the national security agenda of a country. The intense interest in cyber security has initiated research focusing on national cyber security maturity assessments. However, little, if any, research is dedicated to maturity assessments of national critical infrastructure protection efforts. Instead, the vast majority of studies merely examine diverse national-level security best practices ranging …
Developing And Verifying A Set Of Principles For The Cyber Security Of The Critical Infrastructures Of Turkey, Bilge Karabacak
Developing And Verifying A Set Of Principles For The Cyber Security Of The Critical Infrastructures Of Turkey, Bilge Karabacak
All Faculty and Staff Scholarship
Critical infrastructures are vital assets for countries as a harm given to critical infrastructures may affect public order, economic welfare and/or national security. Today, cyber systems are extensively used to control and monitor critical infrastructures. Therefore, cyber threats have the potential to adversely affect the order of societies and countries. In this PhD study, the root causes of the susceptibility of the critical infrastructures of Turkey to the cyber threats are identified by analyzing the qualitative data with the grounded theory method. The extracted root causes are verified by two experts. The set of principles for the cyber security of …
Strategies To Counter Cyber Attacks: Cyber Threats And Critical Infrastructure Protection, Bilge Karabacak, Unal Tatar
Strategies To Counter Cyber Attacks: Cyber Threats And Critical Infrastructure Protection, Bilge Karabacak, Unal Tatar
All Faculty and Staff Scholarship
Today, cyber threats have the potential to harm critical infrastructures which may result in the interruption of life-sustaining services, catastrophic economic damages or severe degradation of national security. The diversity and complexity of cyber threats that exploit the vulnerabilities of critical infrastructures increase every day. . In order to lessen the potential harm of cyber threats, countermeasures have to be applied and the effectiveness of these countermeasures has to be monitored continuously. In this study, a brief definition and history of critical infrastructures are introduced. Cyber threats are examined in four fundamental categories. Vulnerabilities of critical infrastructures are categorized and …
A Comparative Analysis Of The National Cyber Security Strategies Of Leading Nations, Bilge Karabacak, Unal Tatar, Orhan Calik, Minhac Celik
A Comparative Analysis Of The National Cyber Security Strategies Of Leading Nations, Bilge Karabacak, Unal Tatar, Orhan Calik, Minhac Celik
All Faculty and Staff Scholarship
The rapid pace of technological developments in the area of information and communications technologies caused nations and peoples to be more reliant on cyber infrastructure to survive. Besides opportunities, the widespread use of information technology introduces new threats as well. Risks related to cyber security have started to threaten critical infrastructures, which are defined as assets that are essential for the functioning of a society and its economy. Cyber security has become one of the most serious national security concerns. In 2003 the United States was the first nation to prepare and publish a national cyber security strategy In the …
An Hierarchical Asset Valuation Method For Information Security Risk Analysis, Bilge Karabacak, Unal Tatar
An Hierarchical Asset Valuation Method For Information Security Risk Analysis, Bilge Karabacak, Unal Tatar
All Faculty and Staff Scholarship
The widespread use of information technology transforms businesses continuously and rapidly. Information technology introduces new threats to organizations as well. Risk analysis is an important tool in order to make correct decisions and to deal with cyber threats. Identification and valuation of assets is a crucial process that must be performed in risk analyses. Without properly identified and valued assets, the results of risk analyses lead to wrong decisions. Wrong decisions on information security may directly affect corresponding business processes. There are some finished and applied methods in literature for asset identification and valuation; however these methods are complicated and …
Collaborative Risk Method For Information Security Management Practices: A Case Context Within Turkey, Bilge Karabacak, Sevgi Ozkan
Collaborative Risk Method For Information Security Management Practices: A Case Context Within Turkey, Bilge Karabacak, Sevgi Ozkan
All Faculty and Staff Scholarship
In this case study, a collaborative risk method for information security management has been analyzed considering the common problems encountered during the implementation of ISO standards in eight Turkish public organizations. This proposed risk method has been applied within different public organizations and it has been demonstrated to be effective and problem-free. The fundamental issue is that there is no legislation that regulates the information security liabilities of the public organizations in Turkey. The findings and lessons learned presented in this case provide useful insights for practitioners when implementing information security management projects in other international public sector organizations.
A Collaborative Process Based Risk Analysis For Information Security Management Systems, Bilge Karabacak, Sevgi Ozkan
A Collaborative Process Based Risk Analysis For Information Security Management Systems, Bilge Karabacak, Sevgi Ozkan
All Faculty and Staff Scholarship
Today, many organizations quote intent for ISO/IEC 27001:2005 certification. Also, some organizations are en route to certification or already certified. Certification process requires performing a risk analysis in the specified scope. Risk analysis is a challenging process especially when the topic is information security. Today, a number of methods and tools are available for information security risk analysis. The hard task is to use the best fit for the certification. In this work we have proposed a process based risk analysis method which is suitable for ISO/IEC 27001:2005 certifications. Our risk analysis method allows the participation of staff to the …
Critical Infrastructure Protection Status And Action Items Of Turkey, Bilge Karabacak, Sevgi Ozkan
Critical Infrastructure Protection Status And Action Items Of Turkey, Bilge Karabacak, Sevgi Ozkan
All Faculty and Staff Scholarship
Critical infrastructures are the physical and virtual systems essential to the minimum operations of the economy and the government. Critical Infrastructure Protection (CIP) is a critical agenda item for governments in the developed countries. In these countries, policies and procedures on CIP are already in place and required laws are in action as well. In Turkey, some official introductory studies have been performed in 2009. However, there are a number of steps that Turkey still has to take. In this study, key definitions are provided firstly. After the definitions, the efforts of USA, EU, OECD and NATO are summarized. The …
A Quantitative Method For Iso 17799 Gap Analysis, Bilge Karabacak, Ibrahim Sogukpinar
A Quantitative Method For Iso 17799 Gap Analysis, Bilge Karabacak, Ibrahim Sogukpinar
All Faculty and Staff Scholarship
ISO/IEC 17799:2005 is one of the leading standards of information security. It is the code of practice including 133 controls in 11 different domains. There are a number of tools and software that are used by organizations to check whether they comply with this standard. The task of checking compliance helps organizations to determine their conformity to the controls listed in the standard and deliver useful outputs to the certification process. In this paper, a quantitative survey method is proposed for evaluating ISO 17799 compliance. Our case study has shown that the survey method gives accurate compliance results in a …
Securing Networks Of Information Age, Bilge Karabacak, Mert Uneri
Securing Networks Of Information Age, Bilge Karabacak, Mert Uneri
All Faculty and Staff Scholarship
Internet and IT devices are being used for business and entertainment more frequently. Internet has been becoming a vital part of social fabric. Threats to Internet and other complex commercial networks are solid and growing. Globalization and the need for interoperability complicates security of IT Networks and Internet. Cyber threats have an important potential damage capacity. Proactive security methodologies are needed to protect valuable information. According to the situation described above, the purpose of this paper is to examine the current trends in network security, and to propose a roadmap for protecting information from cyber threats.
Isram: Information Security Risk Analysis Method, Bilge Karabacak, Ibrahim Sogukpinar
Isram: Information Security Risk Analysis Method, Bilge Karabacak, Ibrahim Sogukpinar
All Faculty and Staff Scholarship
Continuously changing nature of technological environment has been enforcing to revise the process of information security risk analysis accordingly. A number of quantitative and qualitative risk analysis methods have been proposed by researchers and vendors. The purpose of these methods is to analyze today's information security risks properly. Some of these methods are supported by a software package. In this study, a survey based quantitative approach is proposed to analyze security risks of information technologies by taking current necessities into consideration. The new method is named as Information Security Risk Analysis Method (ISRAM). Case study has shown that ISRAM yields …
A Novel Approach To Information Security Risk Analysis, Bilge Karabacak, Ibrahim Sogukpinar
A Novel Approach To Information Security Risk Analysis, Bilge Karabacak, Ibrahim Sogukpinar
All Faculty and Staff Scholarship
A number of risk analysis methods became obsolete because of the profound changes in information technologies. Revolutionary changes in information technologies have converted many risk analysis methods into inconsistent, long lasting and expensive instruments. Therefore, risk analysis methods should be adaptively modified or redesigned according to the changes in information technologies, so that they meet the information security requirements of the organizations. By taking these requirements into consideration, a survey based approach is proposed for analyzing the risks of information technologies. This new method is named as Risk Analysis Method for Information Security (RAMIS). A case study is conducted to …