Artificial intelligence (AI) methods have revolutionized and redefined the landscape of data anal... more Artificial intelligence (AI) methods have revolutionized and redefined the landscape of data analysis in business, healthcare, and technology. These methods have innovated the applied mathematics, computer science, and engineering fields and are showing considerable potential for risk science, especially in the disaster risk domain. The disaster risk field has yet to define itself as a necessary application domain for AI implementation by defining how to responsibly balance AI and disaster risk. (1) How is AI being used for disaster risk applications; and how are these applications addressing the principles and assumptions of risk science, (2) What are the benefits of AI being used for risk applications; and what are the benefits of applying risk principles and assumptions for AI‐based applications, (3) What are the synergies between AI and risk science applications, and (4) What are the characteristics of effective use of fundamental risk principles and assumptions for AI‐based app...
International Conference on Cyber Warfare and Security, 2022
Cyber-attacks know no borders. Given the globally connected environment, no region or country is ... more Cyber-attacks know no borders. Given the globally connected environment, no region or country is secure against cyber-attacks unless the entire world is secure or has cyber capabilities. Yet, whether preventive or reactive, cyber countermeasures require coordination and engagement of various organizations, government bodies, and citizens of different countries. Although a variety of countermeasures exist, Computer Security Incident Response Teams (CSIRTs) have been deemed necessary systems in defending against and preventing cyberattacks, further supporting a nation’s cyber capacity and limiting the harm to citizens, businesses, and governments. Despite calls for establishing CSIRTs at the national level, especially toward protecting critical infrastructure and lives from cyber threats, various discrepancies exist based on a nation’s resources, capabilities, and needs. Limited research delves into the cyber capabilities of low-income countries despite an emphasis on improving global...
The rapid pace of technological developments in the area of information and communications techno... more The rapid pace of technological developments in the area of information and communications technologies caused nations and peoples to be more reliant on cyber infrastructure to survive. Besides opportunities, the widespread use of information technology introduces new threats as well. Risks related to cyber security have started to threaten critical infrastructures, which are defined as assets that are essential for the functioning of a society and its economy. Cyber security has become one of the most serious national security concerns. In 2003 the United States was the first nation to prepare and publish a national cyber security strategy In the last ten years, 35 other nations have subsequently published their national cyber security strategy document. There are several aspects for national cyber security strategies. According to Luiijif and Healey (2012), there are five mandates of national cyber security: 1) Military cyber operations, 2) Counter cybercrime, 3) Intelligence/Coun...
Artificial intelligence (AI) methods have revolutionized and redefined the landscape of data anal... more Artificial intelligence (AI) methods have revolutionized and redefined the landscape of data analysis in business, healthcare, and technology. These methods have innovated the applied mathematics, computer science, and engineering fields and are showing considerable potential for risk science, especially in the disaster risk domain. The disaster risk field has yet to define itself as a necessary application domain for AI implementation by defining how to responsibly balance AI and disaster risk. (1) How is AI being used for disaster risk applications; and how are these applications addressing the principles and assumptions of risk science, (2) What are the benefits of AI being used for risk applications; and what are the benefits of applying risk principles and assumptions for AI‐based applications, (3) What are the synergies between AI and risk science applications, and (4) What are the characteristics of effective use of fundamental risk principles and assumptions for AI‐based applications? This study develops and disseminates an online survey questionnaire that leverages expertise from risk and AI professionals to identify the most important characteristics related to AI and risk, then presents a framework for gauging how AI and disaster risk can be balanced. This study is the first to develop a classification system for applying risk principles for AI‐based applications. This classification contributes to understanding of AI and risk by exploring how AI can be used to manage risk, how AI methods introduce new or additional risk, and whether fundamental risk principles and assumptions are sufficient for AI‐based applications.
Panel #22: Acquisition Dimensions of CybersecurityNaval Postgraduate SchoolApproved for public re... more Panel #22: Acquisition Dimensions of CybersecurityNaval Postgraduate SchoolApproved for public release; distribution is unlimited
Today, cyber space has been embraced by individuals, organizations and nations as an indispensabl... more Today, cyber space has been embraced by individuals, organizations and nations as an indispensable instrument of daily life. Accordingly, impact of cyber threats has continuously been increasing. Critical infrastructure protection and fighting against cyber threats are crucial elements of national security agendas of governments. In this regard, governments need to assess the roles and responsibilities of public and private organizations to address the problems of current cyber protection postures and to respond with reorganization and reauthorization of these postures. A risk management approach is critical in placing these efforts in an ongoing lifecycle process. In this paper, a model is proposed to be used in national cyber security risk management processes. We argue that this model simplifies and streamlines national risk management processes. For this purpose, a matrix is created to partition the problem space. Cyber threat detection and response activities constitute one dim...
2016 11th System of Systems Engineering Conference (SoSE), 2016
Vulnerability of critical infrastructures have increased with widespread use of information techn... more Vulnerability of critical infrastructures have increased with widespread use of information technologies. Although individual hackers whose major aims are self-satisfaction and financial gain are already on the stage, nation sponsored attacks are considered as important threats after Stuxnet attack. An important intention of targeted attacks by nation states may be the degradation of cyber physical systems of their enemies. After these developments, cyber-attacks have become an agenda item of the academics, practitioners and policy makers. In this study, we employed Monte-Carlo reliability analysis technique to quantify the impact of cyber-attacks on industrial control systems used in power generation systems. Economic value of cyber-attacks can help decision makers to decide if a cyber-security investment is feasible or not. The results showed that cyber-attacks may have significant impact on reliability of power generation systems.
The widespread use of information technology transforms businesses continuously and rapidly. Info... more The widespread use of information technology transforms businesses continuously and rapidly. Information technology introduces new threats to organizations as well. Risk analysis is an important tool in order to make correct decisions and to deal with cyber threats. Identification and valuation of assets is a crucial process that must be performed in risk analyses. Without properly identified and valued assets, the results of risk analyses lead to wrong decisions. Wrong decisions on information security may directly affect corresponding business processes. There are some finished and applied methods in literature for asset identification and valuation; however these methods are complicated and are not suitable for practical information security management projects. In this paper, a hierarchy based asset valuation method is proposed. Our method is intended to minimize the common mistakes that were done during Information Security Management Projects. The application of the method has...
Steganography is the art and science of writing hidden messages in such a way that no one apart f... more Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message. In today’s world, it is widely used in order to secure the information. Since digital forensics aims to detect, recover and examine the digital evidence and steganography is a method for hiding digital evidence, detecting the steganography is an important step in digital forensics process. In this paper, the traditional spectral estimation methods are introduced. The performance analysis of each method is examined by comparing all of the spectral estimation methods. Finally, from utilising those performance analyses, a brief pros and cons of the spectral estimation methods are given. Also we give a steganography demo by hiding information into a sound signal and manage to pull out the information (i.e. the true frequency of the information signal) from the sound by means of the spectral estimation methods.
2021 Systems and Information Engineering Design Symposium (SIEDS), 2021
The imperative factors of cybersecurity within institutions have become prevalent due to the rise... more The imperative factors of cybersecurity within institutions have become prevalent due to the rise of cyber-attacks. Cybercriminals strategically choose their targets and develop several different techniques and tactics that are used to exploit vulnerabilities throughout an entire institution. With the thorough analysis practices being used in recent policy and regulation of cyber incident reports, it has been claimed that data breaches have increased at alarming rates rapidly. Thus, capturing the trends of cyber-attacks strategies, exploited vulnerabilities, and reoccurring patterns as insight to better cybersecurity. This paper seeks to discover the possible threats that influence the relationship between the human component and cybersecurity posture. Along with this, we use the Vocabulary for Event Recording and Incident Sharing (VERIS) database to analyze previous cyber incidents to advance risk management that will benefit the institutional level of cybersecurity. We elaborate o...
Artificial intelligence (AI) methods have revolutionized and redefined the landscape of data anal... more Artificial intelligence (AI) methods have revolutionized and redefined the landscape of data analysis in business, healthcare, and technology. These methods have innovated the applied mathematics, computer science, and engineering fields and are showing considerable potential for risk science, especially in the disaster risk domain. The disaster risk field has yet to define itself as a necessary application domain for AI implementation by defining how to responsibly balance AI and disaster risk. (1) How is AI being used for disaster risk applications; and how are these applications addressing the principles and assumptions of risk science, (2) What are the benefits of AI being used for risk applications; and what are the benefits of applying risk principles and assumptions for AI‐based applications, (3) What are the synergies between AI and risk science applications, and (4) What are the characteristics of effective use of fundamental risk principles and assumptions for AI‐based app...
International Conference on Cyber Warfare and Security, 2022
Cyber-attacks know no borders. Given the globally connected environment, no region or country is ... more Cyber-attacks know no borders. Given the globally connected environment, no region or country is secure against cyber-attacks unless the entire world is secure or has cyber capabilities. Yet, whether preventive or reactive, cyber countermeasures require coordination and engagement of various organizations, government bodies, and citizens of different countries. Although a variety of countermeasures exist, Computer Security Incident Response Teams (CSIRTs) have been deemed necessary systems in defending against and preventing cyberattacks, further supporting a nation’s cyber capacity and limiting the harm to citizens, businesses, and governments. Despite calls for establishing CSIRTs at the national level, especially toward protecting critical infrastructure and lives from cyber threats, various discrepancies exist based on a nation’s resources, capabilities, and needs. Limited research delves into the cyber capabilities of low-income countries despite an emphasis on improving global...
The rapid pace of technological developments in the area of information and communications techno... more The rapid pace of technological developments in the area of information and communications technologies caused nations and peoples to be more reliant on cyber infrastructure to survive. Besides opportunities, the widespread use of information technology introduces new threats as well. Risks related to cyber security have started to threaten critical infrastructures, which are defined as assets that are essential for the functioning of a society and its economy. Cyber security has become one of the most serious national security concerns. In 2003 the United States was the first nation to prepare and publish a national cyber security strategy In the last ten years, 35 other nations have subsequently published their national cyber security strategy document. There are several aspects for national cyber security strategies. According to Luiijif and Healey (2012), there are five mandates of national cyber security: 1) Military cyber operations, 2) Counter cybercrime, 3) Intelligence/Coun...
Artificial intelligence (AI) methods have revolutionized and redefined the landscape of data anal... more Artificial intelligence (AI) methods have revolutionized and redefined the landscape of data analysis in business, healthcare, and technology. These methods have innovated the applied mathematics, computer science, and engineering fields and are showing considerable potential for risk science, especially in the disaster risk domain. The disaster risk field has yet to define itself as a necessary application domain for AI implementation by defining how to responsibly balance AI and disaster risk. (1) How is AI being used for disaster risk applications; and how are these applications addressing the principles and assumptions of risk science, (2) What are the benefits of AI being used for risk applications; and what are the benefits of applying risk principles and assumptions for AI‐based applications, (3) What are the synergies between AI and risk science applications, and (4) What are the characteristics of effective use of fundamental risk principles and assumptions for AI‐based applications? This study develops and disseminates an online survey questionnaire that leverages expertise from risk and AI professionals to identify the most important characteristics related to AI and risk, then presents a framework for gauging how AI and disaster risk can be balanced. This study is the first to develop a classification system for applying risk principles for AI‐based applications. This classification contributes to understanding of AI and risk by exploring how AI can be used to manage risk, how AI methods introduce new or additional risk, and whether fundamental risk principles and assumptions are sufficient for AI‐based applications.
Panel #22: Acquisition Dimensions of CybersecurityNaval Postgraduate SchoolApproved for public re... more Panel #22: Acquisition Dimensions of CybersecurityNaval Postgraduate SchoolApproved for public release; distribution is unlimited
Today, cyber space has been embraced by individuals, organizations and nations as an indispensabl... more Today, cyber space has been embraced by individuals, organizations and nations as an indispensable instrument of daily life. Accordingly, impact of cyber threats has continuously been increasing. Critical infrastructure protection and fighting against cyber threats are crucial elements of national security agendas of governments. In this regard, governments need to assess the roles and responsibilities of public and private organizations to address the problems of current cyber protection postures and to respond with reorganization and reauthorization of these postures. A risk management approach is critical in placing these efforts in an ongoing lifecycle process. In this paper, a model is proposed to be used in national cyber security risk management processes. We argue that this model simplifies and streamlines national risk management processes. For this purpose, a matrix is created to partition the problem space. Cyber threat detection and response activities constitute one dim...
2016 11th System of Systems Engineering Conference (SoSE), 2016
Vulnerability of critical infrastructures have increased with widespread use of information techn... more Vulnerability of critical infrastructures have increased with widespread use of information technologies. Although individual hackers whose major aims are self-satisfaction and financial gain are already on the stage, nation sponsored attacks are considered as important threats after Stuxnet attack. An important intention of targeted attacks by nation states may be the degradation of cyber physical systems of their enemies. After these developments, cyber-attacks have become an agenda item of the academics, practitioners and policy makers. In this study, we employed Monte-Carlo reliability analysis technique to quantify the impact of cyber-attacks on industrial control systems used in power generation systems. Economic value of cyber-attacks can help decision makers to decide if a cyber-security investment is feasible or not. The results showed that cyber-attacks may have significant impact on reliability of power generation systems.
The widespread use of information technology transforms businesses continuously and rapidly. Info... more The widespread use of information technology transforms businesses continuously and rapidly. Information technology introduces new threats to organizations as well. Risk analysis is an important tool in order to make correct decisions and to deal with cyber threats. Identification and valuation of assets is a crucial process that must be performed in risk analyses. Without properly identified and valued assets, the results of risk analyses lead to wrong decisions. Wrong decisions on information security may directly affect corresponding business processes. There are some finished and applied methods in literature for asset identification and valuation; however these methods are complicated and are not suitable for practical information security management projects. In this paper, a hierarchy based asset valuation method is proposed. Our method is intended to minimize the common mistakes that were done during Information Security Management Projects. The application of the method has...
Steganography is the art and science of writing hidden messages in such a way that no one apart f... more Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message. In today’s world, it is widely used in order to secure the information. Since digital forensics aims to detect, recover and examine the digital evidence and steganography is a method for hiding digital evidence, detecting the steganography is an important step in digital forensics process. In this paper, the traditional spectral estimation methods are introduced. The performance analysis of each method is examined by comparing all of the spectral estimation methods. Finally, from utilising those performance analyses, a brief pros and cons of the spectral estimation methods are given. Also we give a steganography demo by hiding information into a sound signal and manage to pull out the information (i.e. the true frequency of the information signal) from the sound by means of the spectral estimation methods.
2021 Systems and Information Engineering Design Symposium (SIEDS), 2021
The imperative factors of cybersecurity within institutions have become prevalent due to the rise... more The imperative factors of cybersecurity within institutions have become prevalent due to the rise of cyber-attacks. Cybercriminals strategically choose their targets and develop several different techniques and tactics that are used to exploit vulnerabilities throughout an entire institution. With the thorough analysis practices being used in recent policy and regulation of cyber incident reports, it has been claimed that data breaches have increased at alarming rates rapidly. Thus, capturing the trends of cyber-attacks strategies, exploited vulnerabilities, and reoccurring patterns as insight to better cybersecurity. This paper seeks to discover the possible threats that influence the relationship between the human component and cybersecurity posture. Along with this, we use the Vocabulary for Event Recording and Incident Sharing (VERIS) database to analyze previous cyber incidents to advance risk management that will benefit the institutional level of cybersecurity. We elaborate o...
Uploads
Papers by Unal Tatar