http://dlib.iit.ac.lk/xmlui/handle/123456789/1330 2026-04-23T11:31:27Z http://dlib.iit.ac.lk/xmlui/handle/123456789/1348 A Testbed for Measuring Return on Investment of Cyber Security Solutions De Silva, Pamodh "The return on security investment has become a qualification of an equation that has not been explored adequately. A common problem faced by cyber security professionals is that they fail to accurately show their cost vs. reward after or before implementing security controls. The Cyber Security industry has been accused in the past of selling an asteroid insurance that may never realise. A lot of companies who has cyber security controls, assume that they may never be breached keeping the statement “ignorance is bliss” true to its worthiness. But once a breach is reported, the victims have no other option but to tighten up their security measures by resorting to post-breach exposure analysis. This study is focused on giving a helping hand to the cyber security managers of a company to effectively manage the cyber security solutions by measuring the return on security investment thereby helping to prevent breaches and attacks before an incident occurs. An extensive investigation has been carried out and a testbed/ framework has been developed to calculate the return of security investment. This framework also contains links to structured guideline which will assist the users to assess the risk levels once the framework is implemented." 2022-01-01T00:00:00Z http://dlib.iit.ac.lk/xmlui/handle/123456789/1347 A Conceptual Framework for Detecting and Mitigating Racism Based Social Engineering Attacks in an Organization Hewakottage, Miron "As per the present day valuation Information is considered as one of the most valuable assets. Due to that fact it is un-avoidable that it would create a market for information which are obtained illegal manner. Many organizations in the present day keep their information in digital means and majority of the organizational work flow is also carried out through the electronic media mostly through computer systems. Therefore, organizations allocate large amount of budget to protect the organizational cyber space. Even though the organization spend massive amount of money and resources on protecting the cyber space and even if there are state-of-the-art security systems and solutions are implemented and placed there is one part of the system which is tend to be vulnerable which is the user. Because the user operates on human emotions rather pure logics. Therefore, these emotions can be manipulated, hence social engineering. Current organizations do have security measurements for minimize social engineering attacks. But these controls are used to mitigate traditional social engineering attacks such as phishing, sphere phishing, quid pro-quo, pre-texting are some of them. But now social engineers tend to weaponized social issues such as racism as an exploitation method for their social engineering attacks. Un-fortunately due to the novelty of such attacks organizations still do not have any proper controls for such specific type of modern social engineering attack. Therefore, A Conceptual Framework for Detecting and Mitigating Racism Based Social Engineering Attacks in an Organization was developed to fill the gap in such security controls." 2022-01-01T00:00:00Z http://dlib.iit.ac.lk/xmlui/handle/123456789/1346 Improved credit card fraud detection using deep learning ( deep neural fraud detector) Hemapala, Chamali "Any form of unauthorized credit card transaction activity can be considered fraudulent activity. This attack type has already caused massive financial losses worldwide and will be causing a big impact because money is now handled digitally. According to the brief literature review on the domain and the relevant technology, the author identified the gaps in existing research work using various machine learning and neural network techniques. Moreover, the lack of usage of deep learning techniques was another research gap in this domain. This research project considers convolutional neural network, Bidirectional LSTM, and autoencoder to implement three separate deep neural network models, and each model was trained, validated, and tested using a European dataset of 30 different attributes. After a comparative model analysis, LSTM and the Deep CNN models were selected for final prototype testing. The author created a python web application hosted locally to demonstrate the usefulness of developing these machine learning models. The Bidirectional LSTM model was integrated with the web application, and the integrated system was tested manually, sending transaction data values to determine if the model predicted accurately. This dissertation is a massive contribution to the research domain and has created a broad future scope. This prototype has the potential to detect credit card fraud patterns if trained more under real-time transaction data values integrated into a real-world system/network architecture. " 2022-01-01T00:00:00Z http://dlib.iit.ac.lk/xmlui/handle/123456789/1345 Conceptual Framework for Secure Teleworking and Organizational Security Management in SMEs Fernando, Malith "Teleworking has become one of the most important topics in the year 2020 with the Covid-19 pandemic situation. There was a sudden requirement for companies to allow employees to work from home and companies had to do it in a secure manner. When it comes to SMEs one of the most common problem SME has is less interest in security, less expertise in security and less budget allocated for security. Due to that, SMEs started using ad-hoc security to facilitate sudden teleworking requirements and most SMEs got attacked and breached due to inadequate controls. SMEs are resistant to implementing security standards like ISO, PCI DSS, HIPPA and GDPR.etc due to constraints like lack of skills and budget. There are no easy-to-follow frameworks specifically defined for SMEs. There were guidelines published by various security vendors when pandemic comes but that was not specifically crafted for SMEs in mind. According to a European Union Agency for Cyber security, ENISA report published in 2021 one of the security challenge for SMEs are “lack of suitable guidelines”.(ENISA, 2021) This research project is proposing a conceptual framework for easy adoption to secure teleworking for SMEs. Also this will provide a reliable and easy way of adopting with defined maturity levels and eliminates problems with teleworking security in SME. To gather data to conduct this study, security expert opinions gathered via interviews and thematic analysis used to extract relevant information. At the evaluation stage also security expert opinion taken to measure effectiveness of defined framework and results showed that this framework is accepted as a valuable and successful framework by industry security experts." 2022-01-01T00:00:00Z