Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Framing the attacker in organized cybercrime
KTH, School of Computer Science and Communication (CSC), Media Technology and Interaction Design, MID.
KTH, School of Computer Science and Communication (CSC), Media Technology and Interaction Design, MID.ORCID iD: 0000-0002-2677-9759
KTH, School of Computer Science and Communication (CSC), Media Technology and Interaction Design, MID.
2012 (English)In: Proceedings - 2012 European Intelligence and Security Informatics Conference, EISIC 2012, IEEE conference proceedings, 2012, 30-37 p.Conference paper, Published paper (Refereed)
Abstract [en]

When large values are at stake, the attacker and the attacker's motives cannot be easily modeled, since both the organization at stake and the possible attackers are unique and have complex motives. Hence, rather than using stereotypical attacker models, recent work proposes realistic profiling of the opponent by the use of user-centered design principles in form of the persona methodology. Today, cyber crime is often organized, i.e., attacks are planned and executed by an organization that has put together a tailor made team consisting of the necessary skills for the task. The actual individuals taking part in the attack might not be aware of or interested in the overall organizational motives. Rather, taking motives behind espionage, fraud, etc., into account requires consideration of the attacking organization rather than the individuals. In this paper, based on interviews with IT security experts, we build on the attacker persona methodology and extend it with methodology to also handle organizational motives in order to tackle organized cyber crime. The resulting framework presented in the paper extends the attacker persona methodology by also using narratives in order to assess the own organization's security. These narratives give rise to intrigue sketches involving any number of attacker personas which, hence, make it possible to take organized cyber crime into account.

Place, publisher, year, edition, pages
IEEE conference proceedings, 2012. 30-37 p.
Keyword [en]
intrigue sketch, narrative, Organized cybercrime, persona
National Category
Computer Science
Identifiers
URN: urn:nbn:se:kth:diva-107310DOI: 10.1109/EISIC.2012.48Scopus ID: 2-s2.0-84868583239OAI: oai:DiVA.org:kth-107310DiVA: diva2:576098
Conference
2012 European Intelligence and Security Informatics Conference, EISIC 2012, 22 August 2012 through 24 August 2012, Odense
Note

QC 20121212

Available from: 2012-12-12 Created: 2012-12-10 Last updated: 2014-11-06Bibliographically approved

Open Access in DiVA

fulltext(1734 kB)160 downloads
File information
File name FULLTEXT01.pdfFile size 1734 kBChecksum SHA-512
6aee610045d1b82347c6e2d3cddf87e9da4c2da2dafb0766257e93374f1b949197cadc2299facfb93a1936a530b046f90384a2430cad4a4f593ae7bb876d6b28
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopusIEEEXplore

Authority records BETA

Brynielsson, Joel

Search in DiVA

By author/editor
Tariq, Muhammad AdnanBrynielsson, JoelArtman, Henrik
By organisation
Media Technology and Interaction Design, MID
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 160 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 157 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf