This document discusses cognitive security and disinformation risk assessments. It outlines three layers of security - physical, cyber, and cognitive. It describes various disinformation strategies and risks, including different types of misleading information like disinformation, misinformation, and malinformation. It then discusses approaches for assessing and managing disinformation risks, including analyzing the information, threat, and response landscapes in a country. It provides frameworks for classifying disinformation incidents and objects. Finally, it discusses how to set up a cognitive security operations center (CogSOC) to conduct near real-time monitoring, analysis, and response to disinformation threats.
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
“Securing the Critical Infrastructure Networks Effectively” - Is OT the Weakest Link in Securing the Critical Infrastructure?
Cyber Attacks has consistently ranked among the top threats faced by businesses. Cyber Security as a subject that has now reached boardroom agendas. There have been proposals to link Cyber Security to CEO performance and pays. The point only underlines the critical nature and importance of Cyber Security to Businesses.
In an OT environment, the threat is amplified much more because it can have ramifications that impact human lives and their safety.
SANSFIRE - Elections, Deceptions and Political BreachesJohn Bambenek
Its been the year of political breaches. While campaigns are odd entities, there are lessons enterprises can draw from what happened in 2016 to protect their organizations from attacks.
What should organizations be concerned about when using Machine Learning for Predictive Modeling techniques? Divergence Academy and Divergence.AI are leading efforts to bring Algorithmic Accountability awareness to masses.
Social media platforms have become the norm for companies to engage with customers and communicate information with the rest of the world. These networks also provide data that, when used with social monitoring tools, can be used to mitigate security issues before they become a major problem.
In this presentation you can learn how some of the world’s leading companies are using social intelligence to monitor security threats, identify liabilities, and get ahead of risk.
Covered:
Cyber security attacks
Fraud detection
Intellectual property protection
Executive and talent threats
Compilation of selected articles, interviews, speeches, and media by emerging technology, cybersecurity, and homeland security evangelist, Chuck Brooks
Effective Cybersecurity Communication SkillsJack Whitsitt
Presentation describes the problems associated with communication with others - as an information receiver or provider - about cybersecurity and provides insights into how those problems may be overcome through structured communication, the use of positive and negative space, and the setting of perspective and context through lensing.
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
“Securing the Critical Infrastructure Networks Effectively” - Is OT the Weakest Link in Securing the Critical Infrastructure?
Cyber Attacks has consistently ranked among the top threats faced by businesses. Cyber Security as a subject that has now reached boardroom agendas. There have been proposals to link Cyber Security to CEO performance and pays. The point only underlines the critical nature and importance of Cyber Security to Businesses.
In an OT environment, the threat is amplified much more because it can have ramifications that impact human lives and their safety.
SANSFIRE - Elections, Deceptions and Political BreachesJohn Bambenek
Its been the year of political breaches. While campaigns are odd entities, there are lessons enterprises can draw from what happened in 2016 to protect their organizations from attacks.
What should organizations be concerned about when using Machine Learning for Predictive Modeling techniques? Divergence Academy and Divergence.AI are leading efforts to bring Algorithmic Accountability awareness to masses.
Social media platforms have become the norm for companies to engage with customers and communicate information with the rest of the world. These networks also provide data that, when used with social monitoring tools, can be used to mitigate security issues before they become a major problem.
In this presentation you can learn how some of the world’s leading companies are using social intelligence to monitor security threats, identify liabilities, and get ahead of risk.
Covered:
Cyber security attacks
Fraud detection
Intellectual property protection
Executive and talent threats
Compilation of selected articles, interviews, speeches, and media by emerging technology, cybersecurity, and homeland security evangelist, Chuck Brooks
Effective Cybersecurity Communication SkillsJack Whitsitt
Presentation describes the problems associated with communication with others - as an information receiver or provider - about cybersecurity and provides insights into how those problems may be overcome through structured communication, the use of positive and negative space, and the setting of perspective and context through lensing.
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapitolTechU
Slides from a Webinar presented on Oct. 6, 2022, by Dr. Kellup Charles, Chair of Cybersecurity at Capitol Technology University. Dr. Charles looks at OSINT--Open Source Intelligence, including the Process, Method, and Techniques.
Intro to a Data-Driven Computer Security DefenseRoger Grimes
Introduces a Data-Driven Computer Security Defense, a computer security defense strategy introduced by the author. Slide deck complements the book and whitepaper and can be used by anyone.
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
Companies have AI projects. Security products use AI to keep attackers out and insiders at bay. But what is this "AI" that everyone talks about? In this talk we will explore what artificial intelligence in cyber security is, where the limitations and dangers are, and in what areas we should invest more in AI. We will talk about some of the recent failures of AI in security and invite a conversation about how we verify artificially intelligent systems to understand how much trust we can place in them.
Alongside the AI conversation, we will discover that we need to make a shift in our traditional approach to cyber security. We need to augment our reactive approaches of studying adversary behaviors to understanding behaviors of users and machines to inform a risk-driven approach to security that prevents even zero day attacks.
How to Think in the Information Age: Finding Facts in a Post-Truth WorldSt. Petersburg College
With an ever-increasing daily torrent of information raining on people from almost every perceivable angle, it is impossible to process it all and, more importantly, to “separate the wheat from the chaff.” It is vital for everyone to be able to verify the accuracy and authority of information found on the Web while being able to detect bad data and lies to achieve the final goal of making intelligent decisions. As 21st Century library and information professionals, it is essential that we know how to think in the Information Age and to be able to pass this skill on to our users. In this webinar:
~ discover what misinformation is and explore ways to combat it.
~ learn to recognize misleading news, statistics, graphs, infographics, and more.
~ understand basic fallacies and how to detect bias.
~ appreciate how fast information spreads on social media and gather tools to help you become a stronger digital citizen.
~ utilize the scientific method to become a critical thinker in the Information Age.
Practical and Actionable Threat Intelligence CollectionSeamus Tuohy
A great deal of the existing human rights reporting and analysis aggregate and strip away contextual information in order to produce “quantified knowledge” that is technically reliable and useful for governmental decision making. The results produced often end up too delayed, partial, distorted, and misleading to be used by local actors and human rights defenders to directly respond to the threats that they face. Those who could benefit most from the human rights knowledge being collected and shared in the digital world are those that existing repositories of information serve the least.
In this presentation I will provide concrete guidance on approaches for adopting data-rich, practical, and actionable threat information collection. In this content heavy 1.5 hour talk I will discuss a range of tools and techniques for seeking out sources of actionable information, distinguishing valuable information from useless but interesting information, and streamlining your information collection and analysis process to allow you to focus on your real work.
This talk WON’T be focused on collecting or sharing threat intelligence and/or human rights research aimed at evidence creation or changing the public dialogue. It WILL be focused on helping you identify, collect, and use publicly available sources of information to respond to your changing threat landscape.
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013Adrian Wright
Security on the Brain – Using Human Psychology to Achieve Compliance: ISSA-UK Expert Workshop
Presented by Adrian Wright - ISSA-UK VP of Research
One of the biggest wake-up calls in recent times is the realisation that more than 60% of major security breaches and data losses are down to 'human factor' failings.
Our main weapon in mitigating these failings is to spend more on in-house awareness campaigns and on technical measures to minimise any losses - yet incidents and losses continue to increase. Clearly these existing awareness campaigns and controls are not enough, as the message is still not getting through or isn't being complied with.
This presentation and workshop session challenges current thinking and strategies in dealing with people as both an asset and a source of risk, by leveraging human psychology and people's differing motivations to improve communication, change opinions and turn basic awareness into actual compliance.
In this session
Learn:
- The psychology of why we don't comply - why awareness alone won't do
- What motivates people to do - or not do - specific things
- Neurolinguistics - it's not just what you say; but how you say it and to who
- Divide and conquer - adapting your message to target specific personality types
- Changing the security culture by changing people's belief systems
- Dirty tricks (slightly) - tactics that work in changing behaviour
- Selling the unsellable - lessons from other sectors in making boring stuff sexy
Participate:
- Informal group discussion of challenges and successes from your experience
- Identifying your audience’s character types and shaping the message
- Influencing the Board by speaking their language
- Developing an internal PR strategy to improve security's image and influence
- Develop a brand new and more effective mission statement for your team
About the Presenter:
Adrian Wright CISA
20 years experience in Information Security, IT Risk Management & Compliance. Specialist in managing security, risk and compliance awareness campaigns;
9 Years Global CISO Head of InfoSec at Reuters - covering 142 countries and 250,000 systems;
10 years founder and programme director at Secoda Risk Management. Experienced speaker and writer on all things cyber security, governance, risk & compliance.
2 Years Director of Projects & 1 Year VP of Research & Board member at ISSA-UK
Having spent decades looking into the darker recesses and failings within technology; Adrian has recently turned his attention to the darker recesses and failings within the human beings that work with the technology…
Cybersecurity Risk Perception and CommunicationStephen Cobb
Research into Cultural Theory, White Male Effect, and more. We show high level of concern about cybercrime among US adults and first evidence of White Male Effect in cyber risk perception.
How to Mitigate Risk From Your Expanding Digital PresenceSurfWatch Labs
The digital presence of organizations continues to expand, and with that expansion comes greater exposure to digital risks. Visibility into those risks is critical in order to effectively manage that risk.
A look at how we can strengthen our communities by sharing information.
* What is threat information?
* How is it produced and created?
* Who shares? And with whom?
* Ideas around how to make it more actionable
Similar to Risk, SOCs, and mitigations: cognitive security is coming of age (20)
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...JeyaPerumal1
A cellular network, frequently referred to as a mobile network, is a type of communication system that enables wireless communication between mobile devices. The final stage of connectivity is achieved by segmenting the comprehensive service area into several compact zones, each called a cell.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
5. Cognitive Security: Online Information Harms
• Disinformation: The deliberate attempt to influence perception and decision making by
presenting information that is incomplete, incorrect, or out of context.
• Misinformation: Unwittingly propagating misleading or incorrect information. See “useful idiots.”
• Malinformation: The attempt to influence perception by leaking ostensibly true information that
may be out of context.
• Hate Speech
5
7. Disinformation Risk Landscaping
Mis/disinformation is everywhere:
Where do you put your resources?
● Detection, mitigation, response
● People, technologies, time, attention
● Connections
Manage the risks, not the artifacts
● Attack surfaces, vulnerabilities, potential
losses / outcomes
● Risk assessment, reduction, remediation
● Risks: How bad? How big? Who to?
8. Landscapes
Information
Landscape
• Information seeking
• Information sharing
• Information sources
• Information voids
Threat
Landscape
• Motivations
• Sources/ Starting points
• Effects
• Misinformation Narratives
• Hateful speech narratives
• Crossovers
• Tactics and Techniques
• Artifacts
Response
Landscape
• Monitoring organisations
• Countering organisations
• Coordination
• Existing policies
• Technologies
• etc
9. Disinformation Actors
Persistent
Manipulators
Advanced teams
• Internet Research Agency
• China, Iran teams etc
For-profit website networks
• Antivax websites
• Pink slime sites
• “Stolen” US election sites
Nationstate media
• Sputnik
• Russia Today
Service
Providers
Disinformation as a Service
• Factories
• Ex-marketing, spam etc
Ad-Hoc paid teams
• EBLA Ghana
• PeaceData USA
Opportunists
Wares Sellers
• Clicks
• T-shirts
• Books etc.
Groups
• Conspiracy groups
• Extremists
Individuals
• Attention-seekers
• Jokers etc
10. Response Actors
Disinformation SOCs
Large actors
• ISAOs
• Platforms
• Other large actors
Event-specific
• War rooms
• Agencies
Disinformation
Teams
Disinformation “desk"
• In existing SOC
• Standalone unit
Investigators
• Journalists
• Academics
• Independent journalists
Other Responders
Policymakers
Law enforcement
Corporations
Influencers
Nonprofits
Educators
Individual researchers
Concerned citizens
13. CONNECT RESPONSE EFFORTS
Hundreds of groups, large
and small, working on
different pieces /
approaches
Help them identify and
connect with one another
Facilitate collaboration and
communication
15. COGSOCS: Cognitive Security SOCs
• Inform: Summarise and share information about ongoing incidents
• Neutralise: Disinformation incident response: triage, takedown, escalation.
• Prevent: Collate disinformation indicators of compromise (IoCs) and vulnerabilities; supply to
organisations.
• Support: Assess the possibility of direct attack, and ways to be ready for that.
• Clearinghouse: Collate and share incident data, including with organizations focusing on
response and counter-campaigns.
1
5
16. CogSOC Top-level Activities
Risk Mitigation
Secure system
* Simulations
* Red teaming
* Penetration testing
* Team exercises
Check compliance
* compliance analysis
Enablement
Foundation work
* Data engineering
* Information frameworks
* Politics
* Training
Real-time Operations
Incident response
* Discover
* Investigate
* Respond to threats
Research
* Threat intelligence
* Deeper investigations
22. Planning
Strategic
Planning
Objective
Planning
Preparation
Develop
People
Develop
Networks
Microtargeting
Develop
Content
Channel
Selection
Execution
Pump Priming Exposure
Prebunking
Humorous counter
narratives
Mark content with
ridicule / decelerants
Expire social media
likes/ retweets
Influencer disavows
misinfo
Cut off banking
access
Dampen emotional
reaction
Remove / rate limit
botnets
Social media amber
alert
Etc
Go Physical Persistence
Evaluation
Measure
Effectiveness
Have a
disinformation
response plan
Improve stakeholder
coordination
Make civil society
more vibrant
Red team
disinformation, design
mitigations
Enhanced privacy
regulation for social
media
Platform regulation
Shared fact checking
database
Repair broken social
connections
Pre-emptive action
against disinformation
team infrastructure
Etc
Media literacy
through games
Tabletop simulations
Make information
provenance
available
Block access to
disinformation
resources
Educate influencers
Buy out troll farm
employees / offer
jobs
Legal action against
for-profit
engagement farms
Develop compelling
counter narratives
Run competing
campaigns
Etc
Find and train
influencers
Counter-social
engineering training
Ban incident actors
from funding sites
Address truth in
narratives
Marginalise and
discredit extremist
groups
Ensure platforms are
taking down
accounts
Name and shame
disinformation
influencers
Denigrate funding
recipient / project
Infiltrate in-groups
Etc
Remove old and
unused accounts
Unravel Potemkin
villages
Verify project before
posting fund requests
Encourage people to
leave social media
Deplatform message
groups and boards
Stop offering press
credentials to
disinformation outlets
Free open library
sources
Social media source
removal
Infiltrate
disinformation
platforms
Etc
Fill information
voids
Stem flow of
advertising money
Buy more advertising
than disinformation
creators
Reduce political
targeting
Co-opt disinformation
hashtags
Mentorship: elders,
youth, credit
Hijack content
and link to
information
Honeypot social
community
Corporate research
funding full disclosure
Real-time updates to
factcheck database
Remove non-relevant
content from special
interest groups
Content moderation
Prohibit images in
political Chanels
Add metadata to
original content
Add warning labels
on sharing
Etc
Rate-limit
engagement
Redirect searches
away from disinfo
Honeypot: fake
engagement system
Bot to engage and
distract trolls
Strengthen
verification methods
Verified ids to
comment or
contribute to poll
Revoke whitelist /
verified status
Microtarget likely
targets with
counter
messages
Train journalists to
counter influence
moves
Tool transparency
and literacy in
followed channels
Ask media not to
report false info
Repurpose images
with counter
messages
Engage payload and
debunk
Debunk/ defuse fake
expert credentials
Don’t engage with
payloads
Hashtag jacking
Etc
DMCA takedown
requests
Spam domestic
actors with lawsuits
Seize and analyse
botnet servers
Poison monitoring
and evaluation
data
Bomb link shorteners
with calls
Add random links to
network graphs
AMITT Blue: Countermeasures Framework
25. ACTION
MONITORING
RESPONSIBLE FOR
DISINFORMATION SOC: ORGANISATION BOUNDARIES
Internet
Domains
Social Media
Platforms
Organization’s
Platforms
Lawmakers
Organization’s
Business Units
COG SOC
Infosec SOC
Organization’s
Communities
Media
27. COGSOC Internal Organization: Tiers
Tier1 Triage
• Scanning systems
• Triaging alerts
• Gathering data
• Starting tickets
Tier2 Incident
Response
• Analysis
• Remediation
• Tactical response
Tier3 SMEs
• Threat hunting
• Deep analysis
• Strategic response
Tier4 Management
• Business connections
• Plans, audits, organization
Tickets Responses Reports
Crisis Plan
Platform alerts
Social media
External alerts
Business Units
Partners &
Responders
Disinformation Knowledge
• Artifacts, narratives, actors,
segments etc
Specialist Knowledge
• Politics, industry, marketing etc
28. Resource Allocation and Measurement
● You can’t manage what you can’t measure
○ Backed by disinformation and response measurement
● Resource allocation and depletion on both sides
○ Strategic objectives
○ People, process, technology, time, money, attention, reach, etc
○ We can learn a lot from games
● Extending capacity
○ Surge capacity
○ Automation - using ML to take strain during times of heavy loads
29. Pillars of a SOC
• People
• Enough people to make a difference, in time
• Enough connections / levers to make a difference
• Culture
• Safety processes: mental health and opsec
• Process
• Understand disinformation, understand threat response
• Fast, lightweight processes
• Technology
• Speed - supporting analysis, storage etc
• Sharing - get data to responders in ways they understand (whatever works)
31. Information Landscape
• Traditional Media
• Newspapers
• Radio - including community radio
• TV
• Social Media
• Facebook
• Whatsapp
• Twitter
• Youtube/ Telegram/ etc
• Others
• Word of mouth
32. Threat Landscape
• Motivations
• Geopolitics mostly absent
• Party politics (internal, inter-party)
• Actors
• Activities
• Manipulate faith communities
• discredit election process
• Discredit/discourage journalists
• Attention (more drama)
• Risks / severities
• Sources
• WhatsApp
• Blogs
• Facebook pages
• Online newspapers
• Media
• Routes
• Hijacked narratives
• Whatsapp to blogs, vice versa
• Whatsapp forwarding
• facebook to whatsapp
• Social media to traditional media
• Social media to word of mouth
34. Response Landscape (Needs / Work / Gaps)
Risk Reduction
● Media and influence
literacy
● information landscaping
● Other risk reduction
Monitoring
● Radio, TV, newspapers
● Social media platforms
● Tips
Analysis
● Tier 1 (creates tickets)
● Tier 2 (creates
mitigations)
● Tier 3 (creates reports)
● Tier 4 (coordination)
Response
● Messaging
○ prebunk
○ debunk
○ counternarratives
○ amplification
● Actions
○ removal
○ other actions
● Reach
35. Responder Behaviours
● C00009: Educate high profile influencers on best practices
● C00008: Create shared fact-checking database
● C00042: Address truth contained in narratives
● C00030: Develop a compelling counter narrative (truth based)
● C00093: Influencer code of conduct
● C00193: promotion of a “higher standard of journalism”
● C00073: Inoculate populations through media literacy training
● C00197: remove suspicious accounts
● C00174: Create a healthier news environment
● C00205: strong dialogue between the federal government and
private sector to encourage better reporting
36. Practical Resource Allocation
• Tagging needs and groups with AMITT labels
• Building collaboration mechanisms to reduce lost tips and repeated collection
• Designing for future potential surges
• Automating repetitive jobs to reduce load on humans
37. THANK YOU
Sara-Jayne “SJ” Terp @bodaceacat
Dr. Pablo Breuer @Ngree_H0bit
https://cogsec-collab.org/
https://threet.consulting/
37