Dissertation/Thesis Abstract

Analysis of Factors to Reduce Advanced Persistent Threat (APT) Exploitation Risk: A Delphi Study
by Nichols, R. Alexander, Ph.D., Capella University, 2020, 155; 28153044
Abstract (Summary)

The first act of cyber-warfare brought the developing problem to the forefront: is information security governance enough to address the imminent threat posed by nation-state cyber-warfare operations utilizing advanced persistent threat (APT) exploitation against national security critical infrastructure? This study investigated how to reduce APT risk to business information systems using information security governance. When it comes to the tension caused by the business requirement to share data and multiple regulatory requirements to protect data, there is a gap in the current research literature on threat-based information security governance implementations. Using the information security control theory, this qualitative Delphi study asked how identifying the tension between data sharing and data protection in threat-based information security governance implementation reduces the escalating threat of APT exploitation in cyber-warfare upon national security critical infrastructure, and build more robust business information system security. This study’s population was 12 certified subject matter experts (SME) in information security holding DoD 8140/8570 level III information security certification and a minimum of five years of work experience securing business information or security systems. The SME panel consisted of three females and eight males, varying in age from 25 to 74 years old who were ethnically diverse and geographically diverse, with members residing in six states of the United States. The SMEs’ data and literature analysis both indicated that threat-based information security governance implementation was the solution. This study provided more detailed information for IT security professionals on APT exploitation risk, increasing the effectiveness of information security governance built upon the information security control theory’s construct of tension. The data showed that the tension between data protection and data sharing requirements compounded business fiscal constraints on information security governance implementations. APT exploitation risk is no longer about the classification of sensitive data, as it is as much about the value of exploiting sensitive data and network infrastructure to launch other cyber-operations. The data also suggested no single technical control measure solution can defend against nation-state actors using advanced targeted malware engineered to bypass security control measures, gain continued access to data, and remain undetected for years. Top-level management must understand the function of information security governance and the threat actors targeting their industry to defend against APT exploitation risk. Further study is needed on cyber-warfare to expand the topic of information security governance and research into information assurance and cybersecurity.

Indexing (document details)
Advisor: Ramos, Colleen
Commitee: Valentine, Randall, Hilley, Michael
School: Capella University
Department: School of Business, Technology and Health Administration
School Location: United States -- Minnesota
Source: DAI-A 82/6(E), Dissertation Abstracts International
Subjects: Information Technology, Systems science, Operations research, Computer science, Public policy, Management, Information science, Public administration
Keywords: Advanced Persisten Threat (APT), Cyber-warfare operations, Data protection, Data sharing, Information security control Theory, Threat-based information security Governance, Cybersecurity, Cyber-operations, Information security governance, IT security professionals, Subject matter experts (SME)
Publication Number: 28153044
ISBN: 9798557023627
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy