Authors :
Ganesh Bhusal; Bimal Shrestha
Volume/Issue :
Volume 9 - 2024, Issue 8 - August
Google Scholar :
https://shorturl.at/ZK789
Scribd :
https://shorturl.at/sUWEJ
DOI :
https://doi.org/10.38124/ijisrt/IJISRT24AUG241
Abstract :
The evolving landscape of cyber threats
necessitates an adaptive approach to threat modeling and
regulatory compliance. This paper explores the
integration of the PASTA (Process for Attack Simulation
and Threat Analysis) framework with emerging
regulatory trends to address future cyber threats. The
study examines how PASTA can be aligned with
regulatory frameworks such as PCI DSS, HIPAA, GDPR,
and CCPA, to enhance cybersecurity resilience and
compliance. By analyzing the application of PASTA to
Advanced Persistent Threats (APTs) and ransomware,
the paper demonstrates how this structured methodology
can help organizations effectively model, simulate, and
mitigate sophisticated attacks. The integration of PASTA
with regulatory requirements provides a comprehensive
approach to managing cyber risks, ensuring robust
protection against both current and emerging threats.
Keywords :
PASTA, Threat Modeling, Regulatory Compliance, Cybersecurity, Advanced Persistent Threats (APTs), Ransomware, PCI DSS, HIPAA, GDPR, CCPA.
References :
- Morris Worm (1988) Spafford, E.H., 1989. The Internet Worm Program: An Analysis. ACM SIGCOMM Computer Communication Review, 19(1), pp.17-57. Available at: https://dl.acm.org/doi/ 10.1145/1012481.1012485 [Accessed 1 July 2024].
- Melissa Virus (1999) CNET News, 1999. Melissa Virus: A New Cyber Threat. Available at: https://www.cnet.com/news/melissa-virus-a-new-cyber-threat/ [Accessed 12 July 2024].
- ILOVEYOU Virus (2000) F-Secure, 2000. The ILOVEYOU Virus. Available at: https://www.f-secure.com/en/web/labs_global/iloveyou [Accessed 13 July 2024].
- Code Red Worm (2001) CERT/CC, 2001. CERT Advisory CA-2001-19 Code Red Worm. Available at: https://www.cisa.gov/uscert/ncas/alerts/ca-2001-19 [Accessed 19 July 2024].
- Blaster Worm (2003) Microsoft, 2003. Security Bulletin MS03-026: Buffer Overrun in RPC Interface Could Allow Code Execution. Available at: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026 [Accessed 19 July 2024].
- Sasser Worm (2004) CERT/CC, 2004. CERT Advisory CA-2004-05 Sasser Worm. Available at: https://www.cisa.gov/uscert/ncas/alerts/ca-2004-05 [Accessed 17 July 2024].
- Storm Worm (2007) Symantec, 2007. Storm Worm Overview. Available at: https://www.broadcom.com/ company/newsroom/press-releases/2007/031307 [Accessed 19 July 2024].
- Conficker Worm (2008) Microsoft, 2009. The Conficker Worm. Available at: https://docs.microsoft.com/en-us/security-updates/ securitybulletins/2009/ms08-067 [Accessed 18 July 2024].
- Stuxnet (2010) Langner, R., 2011. To Kill a Centrifuge: A Technical Analysis of Stuxnet. IEEE Security & Privacy, 9(3), pp.49-51. Available at: https://ieeexplore.ieee.org/document/5777897 [Accessed 19 July 2024].
- Target Data Breach (2013) Krebs, B., 2014. Target’s Massive Data Breach: A Detailed Timeline. Available at: https://krebsonsecurity.com/tag/target-breach/ [Accessed 19 July 2024].
- Sony PlayStation Network Hack (2014) Sony Network Entertainment, 2014. PlayStation Network and Qriocity Service Outage. Available at: https://www.sony.net/SonyInfo/News/Press/201104/11-0501E/ [Accessed 19 July 2024].
- WannaCry Ransomware (2017) Europol, 2017. WannaCry Ransomware Attack. Available at: https://www.europol.europa.eu/newsroom/news/ransomware-attack-on-a-global-scale [Accessed 19 July 2024].
- NotPetya Ransomware (2017) Kaspersky, 2017. NotPetya Ransomware: A Comprehensive Analysis. Available at: https://securelist.com/notpetya-a-comprehensive-analysis/78755/ [Accessed 19 July 2024].
- Meltdown and Spectre (2018) Kocher, P., Horn, M., and others, 2019. Spectre Attacks: Exploiting Speculative Execution. USENIX Security Symposium. Available at: https://www.usenix.org/conference/ usenixsecurity19/presentation/kocher [Accessed 19 July 2024].
- Capital One Data Breach (2019) Capital One, 2019. Capital One Data Breach Statement. Available at: https://www.capitalone.com/facts2019 [Accessed 19 July 2024].
- SolarWinds Hack (2020) FireEye, 2020. SUNBURST: A Highly Sophisticated Supply Chain Attack. Available at: https://www.fireeye.com/ blog/threat-research/2020/12/sunburst-a-highly-sophisticated-supply-chain-attack.html [Accessed 20 July 2024].
- Colonial Pipeline Ransomware (2021) Colonial Pipeline, 2021. Colonial Pipeline Statement on Cyber Attack. Available at: https://www.colonialpipeline.com/press-releases/ colonial-pipeline-statement-on-cyber-attack/ [Accessed 19 July 2024].
- Log4Shell Vulnerability (2021) Apache Software Foundation, 2021. Log4j 2 Vulnerability – CVE-2021-44228. Available at: https://logging.apache.org/ log4j/2.x/security.html [Accessed 19 July 2024].
The evolving landscape of cyber threats
necessitates an adaptive approach to threat modeling and
regulatory compliance. This paper explores the
integration of the PASTA (Process for Attack Simulation
and Threat Analysis) framework with emerging
regulatory trends to address future cyber threats. The
study examines how PASTA can be aligned with
regulatory frameworks such as PCI DSS, HIPAA, GDPR,
and CCPA, to enhance cybersecurity resilience and
compliance. By analyzing the application of PASTA to
Advanced Persistent Threats (APTs) and ransomware,
the paper demonstrates how this structured methodology
can help organizations effectively model, simulate, and
mitigate sophisticated attacks. The integration of PASTA
with regulatory requirements provides a comprehensive
approach to managing cyber risks, ensuring robust
protection against both current and emerging threats.
Keywords :
PASTA, Threat Modeling, Regulatory Compliance, Cybersecurity, Advanced Persistent Threats (APTs), Ransomware, PCI DSS, HIPAA, GDPR, CCPA.