The aim of this study is to find mitigation techniques for a number of risks resulting from the usage of systems that will eventually become infected. The key results of this study are a set of threat descriptions related to various attack phases, existing mitigation mechanisms, proposed improvements for existing mitigation mechanisms, and novel mitigations. In addition, the most suitable mitigation techniques are assessed with regard to different attack/defence phases. A mitigation technique may be categorised according to: whether it can be used before the breach, whether it can protect against the actual compromise or during or after the breach, or whether it may be used in more than one attack phase.
The results of this study can be implemented into existing systems (or processes) by integrating the described security controls, countermeasures and mitigation mechanisms in order to improve their level of security. The results can also be used to design new systems and might provide ideas for new security controls and mitigation techniques. The study proposes that in addition to the baseline security controls, at least one advanced technique should be used in each phase. The assumed audience of this study is security officers who design secure systems, system administrators who manage system security, and managers who will gain information about the existing technologies and their required resources.
Teemu Vaisänen, Lorena Trinberg, Nikolaos Pissanidis (NATO CCD COE, Tallinn, Estonia): I accidentally malware – what should I do… is this dangerous? Overcoming inevitable risks of electronic communication