Similarly, in most situations, once a suspected attacker is identified, organizations want to evict and block that attacker quickly and effectively. Often the best approach when encountering vampires is just to drive a wooden stake through his or her heart as soon as possible. I like to say leave that type of engagement to the professionals, the external security vendors and researchers, or in the case of vampires, let Buffy handle it. Furthermore, engaging them or watching them move about can be quite risky. However, inviting attackers into your network, much like inviting vampires into your home, can have very serious repercussions. They start envisioning you know, enticing that attacker and perhaps through external lures and possibly even engaging the attacker. I found that when discussing deception for cybersecurity, people seem to jump right to the honeypot and hunting nets. Oh well, I am a big fan of vampire literature and I decided to have a little fun with this presentation, so I incorporated some analogies with vampires. Why does your session title mention vampires? However, my presentation is going to focus on the practical use of deception to assist with the cyber defense of our companies. I use it for research, criminal activity, and quite often by ordinary people wanting to boost their social media profile or provide fake accounts on websites. Sure, deception is used by cyberattackers and defenders, but it's also used for things such as ensuring privacy, criminal investigations, intel, counter-intel operations, conducting espionage. In some cases, they mimic very deceptive activities in the physical world. Some of those users, and it's become so ubiquitous, we often don't even think of them when we think of deception. In cyberspace, people use deception with ease for many purposes. Cyberspace has made creating fake realities, imaginary assets, and false personas quite simple. In my presentation, we'll discuss a few famous examples from history but when we talk about the cyber realm, that is where deception can really thrive. So the art of deception is really about providing that enemy with something they want to believe. I like to think of deception, you know, it's not really about deceiving the enemy, but it's about causing that enemy to deceive himself. How is deception used in the cyber realm? To give you a sneak preview of what to expect, we asked Donnie some questions about his presentation. He will elaborate on this idea in his keynote Vampires & Cybersecurity: Using Deception to Increase Cyber Resilience on Thursday, May 12, 2022, 11:30 am at the European Identity and Cloud Conference 2022. Donnie Wendt's presentation will explore adding deception as a component of a security-in-depth strategy to increase cyber resilience. Virtual machine for web browsing (browser appliance),. Computing Research: Technical Reports, School of Computing. Security Analysis of Micro-payment Systems. (Eds.), Security and Privacy in the Age of Uncertainty, IFIP/SEC’03, Kluwer Academic Publishers, pp. (2003), “Perceptions of security contributing to the implementation of secure IS“, in Gritzalis, D. The Concise Oxford Dictionary, Clarendon Press The Art of War, Translated by James Clavell, Dell Publishing, New York, NY. Seymour, Bibliographer, Air University Library Maxwell AFB, AL
Deception in Warfare, Compiled on-line by Janet L. By The Grace pf Guile: The Role of Deception in Natural History and Human Affairs. A Cognitive Model for Exposition of Human Deception and Counterdeception),, (2003), Doctrine for Joint Psychological Operations: Overview, Joint Publication 3–53,, Joint Doctrine for Military Deception, Joint Pub 3–58,, Definition of Psychological Operations,,
CRS Report for Congress: Cyberwarfare,, Improving the Effectiveness of Deceptive Honeynets through an Empirical Learning Approach,, Unweaving the Web: Deception and Adoption in Future Urban Operations, Rand, Santa Monica.
“A Note on the Role of Deception in Information Protection.“ Computers & Security 18 November 1998 17(6): 483–506Ĭomputer Security Institute (2005) Computer Crime and Security Survey, USA.Įrnst & Young (2005) Annual Global Information Security Survey, downloadable from Google Scholarįriedman, A. Fairfax, Virginia, AFCEA International PressĬohen, F & Lambert, D. Cyberwar 2.0: Myths, Mysteries and Reality. A Review of critical Information Infrastructure Protection within IT Security Guidelines, 4 th Australian Information warfare and IT security Conference 2003.Ĭampen, A. Re-Interpreting Information Operations for the Private Sector, 2 nd European Conference of Information Warfare.īusuttil, T. Information Operations, Brassey’s Inc., ISBN 157488699-1.Īshenden, D.
0 kommentar(er)
