The Role of PASTA in Addressing Future Trends in Regulatory Compliance: Emerging Cyber Threats


Authors : Ganesh Bhusal; Bimal Shrestha

Volume/Issue : Volume 9 - 2024, Issue 8 - August

Google Scholar : https://shorturl.at/ZK789

Scribd : https://shorturl.at/sUWEJ

DOI : https://doi.org/10.38124/ijisrt/IJISRT24AUG241

Abstract : The evolving landscape of cyber threats necessitates an adaptive approach to threat modeling and regulatory compliance. This paper explores the integration of the PASTA (Process for Attack Simulation and Threat Analysis) framework with emerging regulatory trends to address future cyber threats. The study examines how PASTA can be aligned with regulatory frameworks such as PCI DSS, HIPAA, GDPR, and CCPA, to enhance cybersecurity resilience and compliance. By analyzing the application of PASTA to Advanced Persistent Threats (APTs) and ransomware, the paper demonstrates how this structured methodology can help organizations effectively model, simulate, and mitigate sophisticated attacks. The integration of PASTA with regulatory requirements provides a comprehensive approach to managing cyber risks, ensuring robust protection against both current and emerging threats.

Keywords : PASTA, Threat Modeling, Regulatory Compliance, Cybersecurity, Advanced Persistent Threats (APTs), Ransomware, PCI DSS, HIPAA, GDPR, CCPA.

References :

  1. Morris Worm (1988) Spafford, E.H., 1989. The Internet Worm Program: An Analysis. ACM SIGCOMM Computer Communication Review, 19(1), pp.17-57. Available at: https://dl.acm.org/doi/ 10.1145/1012481.1012485 [Accessed 1 July 2024].
  2. Melissa Virus (1999) CNET News, 1999. Melissa Virus: A New Cyber Threat. Available at: https://www.cnet.com/news/melissa-virus-a-new-cyber-threat/ [Accessed 12 July 2024].
  3. ILOVEYOU Virus (2000) F-Secure, 2000. The ILOVEYOU Virus. Available at: https://www.f-secure.com/en/web/labs_global/iloveyou [Accessed 13 July 2024].
  4. Code Red Worm (2001) CERT/CC, 2001. CERT Advisory CA-2001-19 Code Red Worm. Available at: https://www.cisa.gov/uscert/ncas/alerts/ca-2001-19 [Accessed 19 July 2024].
  5. Blaster Worm (2003) Microsoft, 2003. Security Bulletin MS03-026: Buffer Overrun in RPC Interface Could Allow Code Execution. Available at: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026 [Accessed 19 July 2024].
  6. Sasser Worm (2004) CERT/CC, 2004. CERT Advisory CA-2004-05 Sasser Worm. Available at: https://www.cisa.gov/uscert/ncas/alerts/ca-2004-05 [Accessed 17 July 2024].
  7. Storm Worm (2007) Symantec, 2007. Storm Worm Overview. Available at: https://www.broadcom.com/ company/newsroom/press-releases/2007/031307 [Accessed 19 July 2024].
  8. Conficker Worm (2008) Microsoft, 2009. The Conficker Worm. Available at: https://docs.microsoft.com/en-us/security-updates/ securitybulletins/2009/ms08-067 [Accessed 18 July 2024].
  9. Stuxnet (2010) Langner, R., 2011. To Kill a Centrifuge: A Technical Analysis of Stuxnet. IEEE Security & Privacy, 9(3), pp.49-51. Available at: https://ieeexplore.ieee.org/document/5777897 [Accessed 19 July 2024].
  10. Target Data Breach (2013) Krebs, B., 2014. Target’s Massive Data Breach: A Detailed Timeline. Available at: https://krebsonsecurity.com/tag/target-breach/ [Accessed 19 July 2024].
  11. Sony PlayStation Network Hack (2014) Sony Network Entertainment, 2014. PlayStation Network and Qriocity Service Outage. Available at: https://www.sony.net/SonyInfo/News/Press/201104/11-0501E/ [Accessed 19 July 2024].
  12. WannaCry Ransomware (2017) Europol, 2017. WannaCry Ransomware Attack. Available at: https://www.europol.europa.eu/newsroom/news/ransomware-attack-on-a-global-scale [Accessed 19 July 2024].
  13. NotPetya Ransomware (2017) Kaspersky, 2017. NotPetya Ransomware: A Comprehensive Analysis. Available at: https://securelist.com/notpetya-a-comprehensive-analysis/78755/ [Accessed 19 July 2024].
  14. Meltdown and Spectre (2018) Kocher, P., Horn, M., and others, 2019. Spectre Attacks: Exploiting Speculative Execution. USENIX Security Symposium. Available at: https://www.usenix.org/conference/ usenixsecurity19/presentation/kocher [Accessed 19 July 2024].
  15. Capital One Data Breach (2019) Capital One, 2019. Capital One Data Breach Statement. Available at: https://www.capitalone.com/facts2019 [Accessed 19 July 2024].
  16. SolarWinds Hack (2020) FireEye, 2020. SUNBURST: A Highly Sophisticated Supply Chain Attack. Available at: https://www.fireeye.com/ blog/threat-research/2020/12/sunburst-a-highly-sophisticated-supply-chain-attack.html [Accessed 20 July 2024].
  17. Colonial Pipeline Ransomware (2021) Colonial Pipeline, 2021. Colonial Pipeline Statement on Cyber Attack. Available at: https://www.colonialpipeline.com/press-releases/ colonial-pipeline-statement-on-cyber-attack/ [Accessed 19 July 2024].
  18. Log4Shell Vulnerability (2021) Apache Software Foundation, 2021. Log4j 2 Vulnerability – CVE-2021-44228. Available at: https://logging.apache.org/ log4j/2.x/security.html [Accessed 19 July 2024].

The evolving landscape of cyber threats necessitates an adaptive approach to threat modeling and regulatory compliance. This paper explores the integration of the PASTA (Process for Attack Simulation and Threat Analysis) framework with emerging regulatory trends to address future cyber threats. The study examines how PASTA can be aligned with regulatory frameworks such as PCI DSS, HIPAA, GDPR, and CCPA, to enhance cybersecurity resilience and compliance. By analyzing the application of PASTA to Advanced Persistent Threats (APTs) and ransomware, the paper demonstrates how this structured methodology can help organizations effectively model, simulate, and mitigate sophisticated attacks. The integration of PASTA with regulatory requirements provides a comprehensive approach to managing cyber risks, ensuring robust protection against both current and emerging threats.

Keywords : PASTA, Threat Modeling, Regulatory Compliance, Cybersecurity, Advanced Persistent Threats (APTs), Ransomware, PCI DSS, HIPAA, GDPR, CCPA.

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe