Page tree
Skip to end of metadata
Go to start of metadata

Description

(related to/part of theme "Information Governance & Integrity")

4. Proving the integrity

  • Tools/toolsets and processes for public authorities (police, customs, border control, KTK, military, etc.) for investigation of cyber attacks

Ideas

  • Recording DOS attacks in WSNs
  • Provability: authentic vs. non-authentic

Questions

  • What kind of toolset public authorities will need, so that it will be possible for them to (successfully) investigate ongoing or already happened cyber attack?
  • SOL-operations
  • Forensics
  • Incident response -processes
  • Planning and process to do post-mortem cyber forensic to unknown cyber threats

Research questions

Industrial partners

OrganizationContact personRole & contribution
Patria

Metso

Missing Link

Gofore

Kalmar







Research partners

OrganizationContact personRole & contribution
Tamk






















2 Comments

  1. Anonymous

    Split this to three main phases of a cyber-attacks, namely

    1. Before cyber-attack: Preparedness. Building capabilities:

    • planning
      • avoiding dangerous job combinations (vaaralliset työyhdistelmät)
    • processes
      • Information Governance incl. evidence management
      • incl. MIM (Major Incident Management) process
    • deception (incl. honey potting)
    • training
    • building
    • testing
    • auditing

    2. During cyber-attack: 

    • incident management process incl. MIM
    • keep chain-of-custody (katkeamaton dokumentoitu käsittelyketju)
    • keeping evidence intact (=authentic evidence)
    • undisputed process 
    • sandboxing & deception
    • visualization incl. AI
    • analysis
      • incl. is this a smoke-screen attack?

    3.  After cyber-attack

    • root-cause analysis and forensic
      • incl. post-attack analysis
      • post-mortem forensic and reporting (lessons learned)
    • authentic evidence
      • pre-trial investigation (esitutkintaan saattaminen)
  2. Anonymous

    TAMK's Field Lab allows testing DoS meaning that it enables experiments on the three phases of the cyber attack mentioned above. The tests can be planned based on industry needs.

Write a comment…