Date of Conferral

2022

Degree

Doctor of Information Technology (D.I.T.)

School

Information Systems and Technology

Advisor

Gary Griffith

Abstract

Advanced persistent threats (APTs) targeting critical infrastructures can adversely impact human lives. Cyber security analysts are concerned with APT attacks because they make it challenging to defend critical infrastructures. Grounded in routines activity theory (RAT), the purpose of this qualitative exploratory multiple case study was to explore strategies cybersecurity analysts use to defend critical infrastructures from APT attacks. Data were collected through interviews with 8 participants and documents from two organizations. Participants were required to have experience analyzing network traffic on a critical infrastructure network, one year of cyber threat hunting experience, prior or current knowledge of cyber threat intelligence (CTI) and reside in the Southwestern and Northeastern United States. Through thematic analysis, four themes emerged: (a) CTI and threat hunting are part of the defense-in-depth strategy, (b) the lack of standards on CTI and threat hunting has created numerous challenges, (c) CTI informs threat hunting, and (d) threat hunting consists of looking at behaviors, not IOCs. A key recommendation is for cyber security analysts to enhance their defense strategies by incorporating threat hunting and cyber threat intelligence into their playbooks. The implications for positive social change include the potential to protect critical infrastructures and support the local community welfare.

Download

Share

 
COinS