There’s the need to exchange information in managing vulnerabilities (such as Day-Zero vulnerabilities), threats, incidents, etc. In cyber-security related endeavors, the quality of data validation and dissemination of the information gathered are key. In essence, vulnerabilities – be they unknown or undisclosed or undiscovered – there must be best efforts employed to limit the extent of impact in the event of incident or attack. The situation was exacerbated as those exploited breaches in turn facilitated other possible intrusions or incidents (Bradley, Alvarez, Kuhn, & McMillen, 2015). In 2014, for example, studies uncovered that major vulnerabilities, known for many years, which had been dormant were then being exploited. “Whenever they are attacked are adversely affected by way of loss of revenues, loss of customer confidence, loss of investor confidence, loss of resources, loss of credibility, cost related to dealing with the security breaches, cost of mitigation, as well as possible business closure, etc.” (Yeboah-Boateng, 2013a, p. When these susceptibilities are not properly dealt with, they can be exploited by various threats. These vulnerabilities are flaws and weaknesses, which are typically inherent within the systems design, configurations and operations (Yeboah-Boateng, 2013a). However, in recent times researchers are highlighting that a holistic cyber-security endeavors involve business concerns, governance and compliance issues, as well as organizational psychology (Tisdale, 2015) (Yeboah-Boateng, 2013a).Īs businesses utilize the opportunities offered by ICTs, they are also exposed to cybersecurity challenges, such as vulnerabilities and threats. Often, most IT professionals have perceived cyber-security as a mere technical problem. Knowledge management is utilized in the collection, organization, analysis and collaborative sharing of the vast amount of information to the cybersecurity professionals, national security agents, and business community, etc. in documents or repositories organizational processes and practices” (Davenport & Prusak, 2000). Knowledge is defined as a “fluid mix of framed experiences, values, contextual information and expert insights … is often embedded …. Managing enterprise networks require the use of knowledge management methods employed in the gathering of information, open-sharing of vulnerabilities and related exploits, as well as hotfixes from vendors. In spite of the intangible nature of the actionable information, often gathered from knowledge capturing activities, they can be employed to improve information sharing and management in organizations (Belsis, Kokolakis, & Kiountouzis, 2005). Knowledge Management (KM) techniques have found applications in all spheres in technology based organizations, and in recent times with cyber-security (Tisdale, 2015). By observing those stages during an attack progression and then creating immediate protections to block those attack methods, organizations can achieve a level of closed-loop intelligence that can block and protect across this attack kill chain. The implication is that knowledge sharing could be harnessed to create a pool of mitigation resources for most enterprises in developing economies.Īll attacks follow certain stages. It is intuitive and serves as an effective mitigation strategy for most organizations, especially SMEs. Results from footprinting were used to design a KM-based Cyber-Intelligence Gathering model that incorporates Lewin's Change Theory. A virtual machine experiment utilized various tools to gather intelligence. Using the Scrum approach, relevant articles and databases were reviewed, towards improving mitigation strategies. Cyber-intelligence is perceived as a process and a product, with outcomes being alerts that solicit explicit responses, leading to mitigation of possible threats. Using open-sharing of vulnerabilities and exploits, cyber risks could be mitigated through info-sharing. Key cyber-security objectives are to prevent, detect and respond to threats. Though the actionable information gathered is intangible, they are used to improve knowledge sharing in organizations. AbstractRecently, KM has found applications in cyber-security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |