Zero-Trust Culture V: Capstone Strategy Proposal
Following on from Part IV: Report, this part of the capstone project will present a strategy proposal to achieve a human centred cybersecurity culture. NOTE: Following this project, the Commonwealth Government’s recently released Guiding Principles to embed a Zero Trust Culture. This proposal has been updated to demonstrate alignment with this. Task In this assessment […]
Zero-Trust Culture IV: Capstone Report
Following on from Part III: Presentation, this report will establish the importance of humans in our systems and explore how we can integrate zero-trust principles into operational security (opsec). Task Write a report that investigates the concepts raised in the previous presentations which: Report Table of contents Note: with the exception of “socio-technical” in this […]
Zero-Trust Culture III: Capstone Presentation
Following on from Part II: Intro, this report will establish the importance of humans in our systems and explore how we can integrate zero-trust principles into operational security (opsec). Task Create a ten minute minute presentation which builds on the previous presentation and: Presentation In this presentation we explore the human element of cybersecurity. Transcript […]
Zero-Trust Culture II: Capstone Intro
Following the university accepting my project proposal outlined in Part I: Pitch, this part of the capstone project will introduce the concept of zero-trust culture called for in the Australian 2023-2030 Cybersecurity Strategy, and explore how we can work towards it. Task Presentation In this presentation we explore what a zero-trust culture is and how […]
Zero-Trust Culture I: Capstone Pitch
Task The capstone project was the twelfth and final course of my masters. Students with an average grade of over 65% and willing external stakeholders are eligible to submit a proposal for an Externally Directed Project – this means they can design and run a project of their own instead of completing the university aligned […]
SITA cyber-attack part II: report
Task It can be useful to look at cyber-attacks in the news to prepare ourselves for similar events. While the available information may be lacking, by analysing current events we can build scenarios to gain insights into adversary tactics, techniques and procedures as well as defences which we can adopt to mitigate similar attacks. This […]
Aviation cybersecurity oversight presentation
Task In this assessment you will consider the policy implications of your new Cyber Strategy, highlighting and explaining two policy statements which support the strategy. These implications will be communicated through a presentation (5-minute recorded video presentation), and an executive brief document (1-page written summary). The presentation and brief will be aimed at the executives […]
Aviation cybersecurity oversight strategy
Task As we have previously discovered, cybersecurity in the aviation sector is an emerging field. In light of other countries introducing specific aviation cybersecurity regulation and the failed Transport Security Amendment (Critical Infrastructure) Bill 2022, Australia seems to be lagging in this area. Although the Department of Home Affairs is responsible for cybersecurity, when it […]
How do the different ethical theories apply to cybersecurity?
The various normative ethical theories (deontology, utilitarianism, agent based) provide different ways of viewing the world and could lead to justifiably opposing outcomes. Let’s look at them in regard to cybersecurity applications, then look at how they can be used together. Utilitarianism is based on the Greatest Happiness Principle, decisions are based on choosing an […]
Ethical deployment of cyber weapons, Exodus
In 2019 researchers from Security Without Borders discovered the Exodus malware had infected almost 25 apps in the Google Play Store (Franceschi-Bicchierai, 2019), further investigation revealing that it was developed by eServ and authorised by Italian law enforcement (Gallagher, 2020). Due to malfunctioning target validation, it infected and exfiltrated data from non-target devices. Christen et […]