TIM-8315 v2

Vassilev, A., Oprea, A., Fordyce, A., & Anderson, H. (2024). Adversarial machine learning: A taxonomy and terminology of attacks and mitigations. NIST Artificial Intelligence (AI) Report, NIST Trustworthy and Responsible AI NIST AI, 100-2e2023. https://doi.org/10.6028/NIST.AI.100-2e2023
This NIST Trustworthy and Responsible AI report develops a taxonomy of concepts and defines terminology in adversarial machine learning (AML). The taxonomy is built on surveying the AML literature and is arranged in a conceptual hierarchy that includes key types of ML methods and lifecycle stages of attack, attacker goals and objectives, and attacker capabilities and knowledge of the learning process. The report also provides corresponding methods for mitigating and managing the consequences of attacks and points out relevant open challenges to consider in the lifecycle of AI systems. The terminology used in the report is consistent with the literature on AML and is complemented by a glossary that defines key terms associated with the security of AI systems and is intended to assist non-expert readers. Taken together, taxonomy and terminology are meant to inform other standards and future practice guides for assessing and managing the security of AI systems, by establishing a common language and understanding of the rapidly developing AML landscape.

National Institute of Standards and Technology. (2017, June 2). Artificial intelligence. https://www.nist.gov/artificial-intelligence
Useful source with various links to relevant research or topics.

National Institute of Standards and Technology. (2023). Artificial Intelligence risk management framework (AI RMF 1.0). https://doi.org/10.6028/nist.ai.100-1
NIST’s Risk Management Framework – January 2023 version document.

Purcell, T. (2015, September 2). High-payoff mitigation strategies to reduce cybersecurity risk. Illinois Banker, 4–15.
This article discusses strategies that mitigate or reduce cybersecurity risks. Topics discussed include use of applications such as Java, PDF viewers, Flash, web, and browsers to help prevent malicious software and unapproved programs from running, patching operating system vulnerabilities, and restricting administrative privileges to operating systems and applications based on user duties.

United Nations Office of Counter-Terrorism. (n.d.). Cybersecurity and new technology. United Nations. https://www.un.org/counterterrorism/sites/www.un.org.counterterrorism/files/unoct_conducting_terrorist_threat_web.pdf
This report is the product of a joint initiative between the United Nations Counter-Terrorism Centre (UNCCT) of the United Nations Office of Counter-Terrorism (UNOCT) and INTERPOL on strengthening the capacities of law enforcement and criminal justice authorities to counter the use of new technologies for terrorism purposes.

Le, T. D., Le-Dinh, T., & Uwizeyemungu, S. (2024). Search engine optimization poisoning: A cybersecurity threat analysis and mitigation strategies for small and medium-sized enterprises. Technology in Society, 76, N.PAG. https://doi.org/10.1016/j.techsoc.2024.102470
This study investigates the emerging cybersecurity threat of search engine optimization (SEO) poisoning and its impact on small and medium-sized enterprises' (SMEs) digital marketing efforts. Through a comprehensive analysis of SEO poisoning techniques employed by attackers, the study reveals the significant risks and consequences for SMEs, including reputational damage, financial losses, and disrupted operations. To address these threats, the study proposes tailored mitigation strategies aligned with the principles of the NIST Cybersecurity Framework while considering the resource constraints facing SMEs. The mitigation recommendations encompass technical measures such as website security audits and employee training alongside non-technical initiatives to foster a culture of cybersecurity awareness.

Sarker, I. H., Janicke, H., Ferrag, M. A., & Abuadbba, A. (2024). Multi-aspect rule-based AI: Methods, taxonomy, challenges and directions towards automation, intelligence and transparent cybersecurity modeling for critical infrastructures. Internet of Things, 25(1).
This paper includes a list of identified issues and opportunities for future research, as well as their potential solution directions for how researchers and professionals might tackle future generation cybersecurity modeling in this emerging area of study.

Ampel, B. M., Samtani, S., Zhu, H., Chen, H., & Nunamaker, J. F., Jr. (2024). Improving threat mitigation through a cybersecurity risk management framework: A computational design science approach. Journal of Management Information Systems, 41(1), 236–265. https://doi.org/10.1080/07421222.2023.2301178
The authors developed a novel information technology artifact, ATT&CK-Link, which incorporates a novel transformer and multi-teacher knowledge distillation design, to link hacker threats to this broadly used framework. Here, it is illustrated how hospital systems can use this framework to proactively protect their cyberinfrastructure against hacker threats. The ATT&CK-Link framework has practical implications for cybersecurity professionals, who can implement our framework to generate strategic, operational, and tactical cyber threat intelligence. ATT&CK-Link also contributes to the information systems knowledge base by providing design principles to pursue targeted cybersecurity analytics, risk management, and broader text analytics research through simultaneous multi-modal (e.g., text and code) distillation and classification.

Ivanov, N., Chenning Li, Qiben Yan, Zhiyuan Sun, Zhichao Cao, & Xiapu Luo. (2023). Security threat mitigation for smart contracts: A comprehensive survey. ACM Computing Surveys, 55, 1–37. https://doi.org/10.1145/3593293
This survey develops a comprehensive classification taxonomy of smart contract threat mitigation solutions within five orthogonal dimensions: defense modality, core method, targeted contracts, input-output data mapping, and threat model.

PR Newswire. (2023, January 12). Cyber insurance market to generate USD 48,328.4 million revenue in 2030, says P&S Intelligence. PR Newswire US.
As per the recent market research study P&S Intelligence, the cyber insurance market was valued at USD 11,904.6 million in 2022, which is projected to rise at a rate of 19.1% from 2022 to 2030, to touch USD 48,328.4 million. The growth is ascribed to the rising number of malware, viruses, and other kinds of attacks on IT networks, increasing legislation regarding cybersecurity, and implementation of risk mitigation and insurance strategies across industries.

Eramo, L. A. (2022). Cybersecurity: How medical practices can protect patient data from hackers. Medical Economics, 99(7), 22–23.
This article reports that "The data that medical practices have is incredibly valuable to the bad guys," says Errol Weiss, M.S., chief security officer at Health Information Sharing and Analysis Center (H-ISAC), a global, nonprofit, member-driven organization that collaborates with other entities to share vital physical and cyber threat intelligence and best practices.

Abdulganiyu, O. H., Ait Tchakoucht, T., & Saheed, Y. K. (2023). A systematic literature review for network intrusion detection system (IDS). International Journal of Information Security, 22(5), 1125–1162. https://doi.org/10.1007/s10207-023-00682-2
Based on the research findings, the authors identified unexplored study areas and unresolved research challenges. In order to create a better IDS model, the study concluded by presenting promising, high-impact future research areas.

Bitton, R., Maman, N., Singh, I., Momiyama, S., Elovici, Y., & Shabtai, A. (2023). Evaluating the cybersecurity risk of real-world, machine learning production systems. ACM Computing Surveys, 55(9), 1–36. https://doi.org/10.1145/3559104
An extension to the MulVAL attack graph generation and analysis framework was developed to incorporate cyberattacks on ML production systems. Using this extension, security practitioners can apply attack graph analysis methods in environments that include ML components thus providing security practitioners with a methodological and practical tool for both evaluating the impact and quantifying the risk of a cyberattack targeting ML production systems.

Bringhenti, D., Marchetto, G., Sisto, R., & Valenza, F. (2024). Automation for network security configuration: State of the art and research trends. ACM Computing Surveys, 56(3), 1–37. https://doi.org/10.1145/3616401
The motivations for the introduction of automation in network security configuration are first introduced, along with the key automation enablers. Then, the current state of the art in this context is surveyed, focusing on both the improvements achieved and the current limitations.