Custom «Vulnerability of Information Infrastructure and Trends of Cyber Terrorism; How Best to Measure Cyber-attack Trends» Essay Paper

This chapter describes the process used in gathering and analyzing the data concerning vulnerability of information infrastructure and trends of cyber terrorism. The data was collected through the major data collection instrument of questionnaire. The questionnaire method of data collection was typically driven by the research questions. The research relied on several organizations for data collection when seeking to answer the research questions. The data obtained from the questionnaire will be used for analysis in chapter 4 to examine the relationship between cyber crime and terrorism attacks.  This chapter further delineates the experiences and methodological challenges of planning and conducting primary research through questionnaires. The chapter specifically draws upon experiences of researching cybercrime and its control via online questionnaires. The chapter encompasses systematic, specific, and detailed information about the processes that the study employs and the instrumentation that is employed in gathering and analyzing data and information.

Chapter Organization

This chapter contains the following sub sections; method of inquiry which describes the data collection techniques, information coding, as well as methods of analysis to be applied. Secondly, it contains a subsection called population; which describes the population under study especially its scope, size, representative quality and appropriateness for use. It also contains the measurement and instrumentation section which lists the intended methods of data collection and the population from which to gather the data. The next sub section is data collection procedures and then the statement of the research hypothesis. The subsection that contains conceptual models or framework that connects the various variables in the study and the research objectives then follows. The next is the study’s methodology strengths and weaknesses. The final section entails the summary of the key findings in the chapter.

•  

  0

  Preparing Orders

•  

  0

  Active Writers

•  

  0%

  Positive Feedback

•  

  0

  Support Agents

 

Title of your paper

Type of service

Type of assignment

Number of pages

-

+

Academic level

Timeframes

Spacing

Currency

USD

• Total price

Continue to order

 

Method of Inquiry

When dealing with cybercrime, ( Kothari  2009 )data at hand are usually inadequate thus necessitating the collection of data trends of cybercrime in relation to cyber terrorism. Though there are several methods of data collection, the use of questionnaires was appropriate in the context of money costs, time and other resources at the disposal of the researcher. The questionnaire indicated in appendix 1 was mailed to the respondents at the major organizations used for this research with a request to return after completing the same.

Before applying this method, a pilot study for testing the questionnaire was conducted that revealed its weaknesses. The questionnaire used both open and closed type of questions which mainly sought past and present types of threats, number and timing of attempted violations, detected violations ,attacks or incidences, number of incidents in which violations were successful and methods they used to detect attack attempts as well as methods the companies use to prevent attacks.  

Population

The main sources of information for this study were company records on cyber attacks. These organizations included Cohen, DISA (Defense Information System Agency), AFICW (Air Force Information Welfare Center Security Posture), Howard thesis and other privately owned information agencies. The above agencies were carefully selected due to their popularity as information dissemination agents and the relatively high level of trust associated with their information precision as well as the availability of the sites for public awareness creation and ease of information verification. The target population was appropriate for data collection  on cyber crime. 

The accuracy of the data provided by the four organizations was based on the fact that the agencies are trusted with the responsibility of reporting on internet security state. It is important to note that the sample population of study is distributed all over the world, but data used was sourced from four companies in the U.S. An individual thesis was also obtained from the U.S and data from one Israeli internet hacker.

This population was appropriate since it has data that represent the global internet. The number of companies picked for the study was also a sufficient representative fraction of the limited number of companies providing surveillance information regarding internet security. The number of antivirus and other security providing companies selected in the study was also a sufficient representative fraction of the total available companies as it can be demonstrated that similar threats are handled across the board. The selected targets included:

DISA

The Defense Information System Agency is an agency operated by the U.S state department whose major objective is to provide information technology infrastructure and support to the executive and military arms of the US federal government. It is mandated with securing information through complex security systems against any form of unauthorized access and alteration or deletion. Inside DISA, a dedicated team of Information Assurance Security Officers facilitate the security process (Benchmark Study, 2011).

Cohen

Cohen is a name that came to the limelight in 2012 by an Israeli identified as Ox Omer. He released information regarding more than 200 credit cards for Saudi citizens as a response to offences by Arab hackers. Cohen had information regarding more than 300,000 credit cards belonging to Saudis. Still, another hacker identifying himself with the same name released credit details for more than 20,000 credit cards bearing Israeli citizens names. The Israeli deputy foreign affairs minister tried responding to the menace, but later found that his own site had been attacked (Benchmark Study, 2011).

Howard Schmidt

Howard is serving as the US coordinator of cyber security. He was appointed in 2009. He was previously the president of Information Security Forum as well as the CEO of R and H Security Consulting. He had also served in various top positions in international security companies based in US and abroad, and has been named by Baseline Magazines to be among the top 50 most influential people in IT business (Singhal and Ou, 2011).

The table below represents the number of respondents targeted by the questionnaires. COHEN had 7 respondents, DISA 6, AFICW 6 while Howard had one as show in the questionnaire below. 

Measurement and Instrumentation

The research instrument used in this study is indicated in appendix 1. The survey questions had different sections where respondents gave feedback based on their experiences with cybercrime. This section focuses on the actual data collected, its organization and presentation. Some respondents went as far as providing feedback data with frequencies and percentages which enabled accurate data analysis in chapter 4. The survey questions gathered data from online sources related to the selected organizations and individuals. Because errors can arise as a result of defective measuring instrument, the questionnaire used simple words with unambiguous meanings.

To ensure sound measurement the study was designed so as to meet the tests of validity, reliability and practicality. To achieve validity, it was ascertained that the questionnaire measured what it was supposed to measure. Validity in this research was measured through content verification. The instrument, as indicated in appendix 1, provided adequate coverage of the relationship between information vulnerability, cybercrime and terrorism. Since the questionnaire contains a representative sample of the targeted population, the content validity is good.   

Data Collection and Analysis Procedure

Through questionnaires, the respondents provided the information required with ease and shorter time. The respondents in the above organizations were attuned to technological backgrounds of the cyber criminal and terrorists in order to better understand their motives. Unstructured questions reduce cultural bias because they do not impose any response alternatives to the students. Data collected from questionnaire was transformed in to statistic related figures computed by mathematical processes to produce various tables in which numbers have unique meaning and interpreted in the analysis section in chapter 4.

The raw field notes were coded without being transformed into write-ups. Reviews of the coded field notes were carried out and data was directly entered into displays using MS Excel and the accompanying analytic text written. The conclusions were drawn from the displayed data. There were minimal instances of missing or unclear data, and of unanswered research questions (Miles & Huberman, 1994). The research employed various data analysis steps including editing, coding, classification, tabulation and analysis with the help of statistical techniques. 

Attack Methodology Analysis

This is a process of identifying vulnerabilities in information infrastructure. The process involves mapping the existing exploits or attack tools to those vulnerabilities.  The gap between current defensive capabilities and accessible exploit technology is analyzed.

`The gap between the defensive techniques and the offensive resources in the information infrastructure concerning the level of vulnerability existing in the system is determined by weighing the vulnerability levels in the information infrastructure in conjunction with the value of the system on the network (Cronin, 2002).  The following formula was used to calculate the threat whereby:

Threat = level of vulnerability + value of system level of vulnerability

The level of vulnerability is the number of open holes on the host in any given configuration. An example of an open hole can be the weakness in the software code. This is inclusive of the operating systems, popular databases and the antivirus programs. It is measured or estimated by tracking the open sources information security researches from trusted databases (Austin, 2003).  The value of the system in AMA is the value of the host system.  This is determined by its worth to the potential attacker and the probable consequences if compromised in a cyber-crime activity like cyber-terrorism.

Attack methodology analysis is an empirical analysis method that explores the weaknesses in the infrastructure of information systems that allow the perpetrators of cyber attacks infiltrate security systems.  The most commonly used procedures for attack analysis lay their emphasis on the following parameters; a) un-authorized access, b) exploitation of existing weaknesses, c) denial of service d) spoofing, e) eavesdropping.

AMA in the research was used in data analysis as shown in the table below.

Research Questions

Research Question 1

Investigate and identify the societal, temporal, political and economic factors associated with cyber terrorism

Research Question 2

Investigate whether perceived vulnerability of information infrastructure and perceived usefulness of the Internet have any effect on the trends of cyber terrorism

Research Question 3

Investigate and identify the sources, nature and level of cyber terrorism and cyber-attack witnessed today

Research Question 4

Investigate the relationship between cybercrime records from the previous research studies and the current cyber-crime trends in the information infrastructure

Research Question 5

 Investigate the relevance of information infrastructure vulnerability and cyber terrorism trends to the development of best measures against cyber-attacks

Research Question 6

Investigate the relationship between acts of terrorism and the trends in cyber-crime

Research Hypotheses

In regard to this research, the main issue is whether to accept the null hypotheses or not. The hypotheses tests were conducted in chapter 4. Hypotheses tests in this research were based on pre-determined level of significance. The study adopted 5% level of significance.

On the research question investigating and identifying the societal, temporal, political and economic factors associated with cyber terrorism, the alternate hypothesis is:

H1: There are societal, temporal, political and economic factors associated with cyber terrorism

The alternative hypnosis to the question investigating whether perceived vulnerability of information infrastructure and perceived usefulness of the Internet has any effect on the trends of cyber terrorism is:

H1: Perceived vulnerability of information infrastructure and perceived usefulness of the Internet affects the trends of cyber terrorism.

Either, the question investigating and identifying the sources, nature and level of cyber terrorism and cyber-attack witnessed today has an alternative hypothesis that states:

H1: There are known sources, nature and level of cyber terrorism and cyber-attack witnessed today

To the question investigating the relationship between cybercrime records from the previous research studies and the current cyber-crime trends in the information infrastructure has an alternative hypothesis that state:

H1: There exists a relationship between cybercrime records from previous research studies and the current cyber-crime trends in the information infrastructure

To the question investigating the relevance of information infrastructure vulnerability and cyber terrorism trends to the development of best measures against cyber-attacks also has an alternative hypothesis stating:

H1: The information infrastructure vulnerability and cyber terrorism trends are relevant to the development of best measures against cyber-attacks

Lastly, the question investigating the relationship between acts of terrorism and the trends in cyber-crime has also an alternate hypothesis stating:

H1: The is a relationship between acts of terrorism and the trends in cyber-crime 

Strengths and Weaknesses of the Methodology

The major strength of the study is level of reliability. The research is reliable because it depends on data sourced from trusted organizations such as government agencies and globally recognized security firms.  Other strengths are that the study combined different categories of sources in order to reduce bias.  It includes government agencies which tend to be non-partisan, internet security firms which might exaggerate internet risk but praise their products, and hackers who may exaggerate their success in security violations. The second strength of the research methodology is its flexibility. The study could be modified and it was consistently re-evaluated to ensure the highest level of credibility, dependability and transferability of the data. 

The research yielded precise descriptive statements about cybercrime and its relationship with terrorism. The second weakness is that although COHEN, DISA and AFICW are trusted organizations, the research presents potential respondent influence and it is time consuming. In addition, it is important to note that the findings of the study may be affected by the rapidly changing internet security scenario, where the strengths of today are the loopholes of tomorrow. 

Summary

This chapter met the objective of collecting the required data that will be used in the analysis section (Chapter 4). Although criminologists collect primary data from a myriad of sources, this methodology is ideal for this study. The choice of source and research instrument was typically driven by key research questions. The research relied upon one source of data collection that is questionnaire when seeking to answer the underlying research questions. This type of data collection reduced the complications that may be encountered in chapter 4 (analysis) because it distances itself from bounded holistic representations. The sample population section describes the individuals under study based on its scope, size, representative quality and appropriateness for use.

The research uses sound measurement to meet the tests of validity, reliability and practicality. It contains the measurement and instrumentation section which lists the intended methods of data gathering and the population from which to gather the data. Data collected from the questionnaires was transformed in to statistic related figures, computed by mathematical processes to produce various tables in which numbers have unique meaning to be interpreted in the analysis section in chapter 4. The major strengths attached to this methodology are the stress placed on the meanings of different questions under investigation. Fears over the reliability of the data obtained from this section were quashed by the fact that the data were obtained from credible organization. While chapter 3 presents the methodology used to obtain data regarding chapter 4, the analysis section will give a deeper insight into the relationship between cybercrime and terrorism.