A process flow model for dynamic enterprise network cyber security analysis

Abstract

Several Enterprises are adopting Enterprise Networks due to their benefits like remote file storage, resource sharing, and improved communication. Due to a large number of target groups, cyber-attackers have exploited vulnerabilities in the Enterprise Networks to launch cyber-attacks on these networks thus resulting into data theft and financial losses to the enterprises. To effectively address these security concerns, this study proposes a Dynamic Enterprise Network Cyber Security Analysis Model for Enterprise Network security. The proposed model caters for dynamic networks. It puts into consideration the ever changing components of enterprise networks. This study uses Design Science Research approach and MITRE ATT & CK matrix serves as the knowledge base for information about common attacks. A sample population of 132 respondents from 10 enterprises with Enterprise Networks in Eastern and Central Uganda was studied. Purposive sampling was used to select key informants with technical knowledge about cyber security. Primary data was collected using closed-ended questionnaires and secondary data was collected from analysis of scholarly articles, books, conference papers, and journals. The research participants were required to voluntarily participate and their consent was required before being studied. SPSS version 27 tool was used to analyze the data collected. With the DENCAM, Solar Winds ipMonitor network monitoring tool was used to monitor changes in the components of enterprise networks, then MITRE ATT & CK provided knowledge about the possible attacks that can be launched on the enterprises as a result of the changes in the enterprise network components and the possible remedies. Once preventive measures were put in place to deter the projected attacks, simulation attacks were launched on the enterprise network using Cymulate threat emulator. The network was able to resist such attacks. This will ensure security of enterprise networks thus enabling achievement of Uganda’s Vision 2040 which aims at using ICT to provide an opportunity to improve national productivity by making government and business enterprises more efficient, effective, and globally competitive.