Running Head: CYBER SECURITY FRAMEWORK 1

Name

Institution

Cyber Security Framework

CYBER SECURITY FRAMEWORK 2

Cyber Security Framework

1. Introduction

Specialized technologies, like TOR (The Onion Router), Freenet, and I2P, are required to
access the Dark Web. All of these programs allow for web hosting that is anonymous. The
widely well-known is TOR. The underlying concept for TOR is that interaction between a
person and a host will be routed along numerous interfaces, and all conversations will be
ciphered. Furthermore, the interaction between any two routers has a distinct cipher. As a result,
nobody can determine the location of the true server and the user. This way, anonymous web
serving may be ensured. The Dark Web information, consisting of email addresses, BitCoin
wallets, URLs, photos, and profiles of user behavior, may be utilized for additional research.

2. Cyber Security Framework

The cyber security framework offers businesses a collection of best practices in

cybersecurity, rules, and strategies to help them strengthen their level of cybersecurity; it also
establishes organized approaches for interacting cybersecurity actions and the executive's results
to the operational levels (Mylrea et al., 2017). The framework core's basis is built on five basic
parts:

Determine — Create an organizational awareness of cybersecurity dangers to systems,

assets, people, capabilities, and data. The tasks in the previous step are required to ensure the
Framework performs successfully. Recognizing the company factors, the funds which bear
important tasks, and the cybersecurity dangers connected to them aids a firm in targeting and
organizing its attempts in agreement with its threat administration plan and company
requirements, business environment, governance, asset management, risk management, and risk
assessment strategy are some instances of result subcategories of this function.

Protect - Create and execute suitable defenses to assure crucial delivery of service. The
defense function helps in reducing or managing the effect of a probable cybersecurity
occurrence. Instances of this function comprise: authentication and identity management;
tutoring and awareness; data safety; data safeguarding procedures and processes; protective
technology and maintenance.
CYBER SECURITY FRAMEWORK 3

Detect - Create and execute suitable ventures to determine the presence of a cybersecurity
occurrence. This feature enables the early diagnosis of cyberthreats, occurrences, events, and
anomalies; detection processes; and security continuous monitoring are instances of outcome
categories under this function.

Respond — Generate and implement appropriate steps in relation to a detected

cybersecurity problem. This feature helps in diminishing the consequences of a potential
cybersecurity occurrence. Examples of outcome communications, response planning, mitigation,
analysis, and upgrades are all groups within this function.

Recover — Generate and implement relevant practices that promote resilience plans and
recover any affected abilities or services as a result of a cyber incident. The recovery feature
enables quick resumes to usual routines to alleviate the consequences of a cybersecurity
occurrence, improvements, recovery planning, and reporting are instances of outcome groups
within this feature.

2.1. Framework Profile

A Profile helps businesses in developing a cybersecurity hazard mitigation strategy that is

closely aligned with enterprise and industry goals, contemplates applicable laws and industry
best practices, and highlights risk mitigation strategies (NIST, 2018). Given the intricacies of
many enterprises, they may opt to have many profiles, each related to a specific element and
acknowledging their own needs.

Framework models may be employed to characterize the current state of certain

cybersecurity operations as well as the intended objective state. The existing profile shows the
cybersecurity results that are presently being realized. The desires profile identifies the results
required to meet the targeted cybersecurity risk administration objectives. Profiles assist in
conveying risk inside and across organizations and fulfill business/mission needs.

A profile comparison (for example, the existing profile and the desired profile) can show
voids that must be filled in order to satisfy cybersecurity goals for risk management. The
business requirements and risk management practices determine the prioritization of gap
mitigation. This threat strategy allows a company to assess the funds required (such as
CYBER SECURITY FRAMEWORK 4

manpower, finance) to meet cybersecurity objectives in a cost-effective, as well as focused way

(NIST, 2018).

2.2. How to use the Framework

Prioritize and define the scope. The firm defines its enterprise goals as well as its high-
level organizational targets. Using this data, the company makes tactical cybersecurity design
choices and determines the scope of assets and systems that serve the defined line of business or
procedure. The Framework may be modeled to meet the needs of numerous lines of business or
procedures within a firm, each with its own number of company requirements and tolerance for
risk. Risk tolerances may be represented by a preferred deployment Tier.

Orient. After the extent of the cybersecurity program for the line of business has been
identified, the organization examines linked assets and systems, legislative needs, and the
absolute approach to risk. The corporation then discusses with experts to find potential dangers
and hazards in such assets and systems.

Design a new profile. The organization develops an Existing Profile by identifying

which Framework Core Classification results are currently successfully met. If a target is only
partly completed, highlighting this aspect will help facilitate later actions by providing
background information.

Perform a risk analysis. This appraisal could be affected by the current risk mitigation
system of the firm or past risk analysis initiatives. The company analyses the workflow to
estimate the likelihood of a cyber breach and the implications such an incident would have on the
enterprise. Firms must anticipate new risks and exploit cyber threat data from various platforms
to have an improved comprehension of the possibility and effect of cyber incidents.

Make a Profile of Interest. The company designs the desired profile that concentrates on
evaluating the Framework Components that represent the firm's targeted cybersecurity goals.
Companies may also develop their Components to address unique organizational hazards. When
creating a Target Profile, the organization may examine the effects and aspirations of various
parties such as parastatals, customers, and company associates.
CYBER SECURITY FRAMEWORK 5

Gaps must be identified, analyzed, and prioritized. The company evaluates the Existing
Profile and the Desired Profile to discover deficiencies. After that, it creates a prioritized work
plan to eliminate gaps in order to achieve the objectives indicated in the desired profile. The
firm then identifies the finance, like finance and manpower, needed to fill the deficiencies.
Employing Profiles in this style motivates businesses to choose enlightened choices about cyber
defense, aids in managing risk, and helps organizations execute cost-effective targeted
adjustments.

Execute the Plan of Action. The firm chooses what steps to take to fill voids found in the
preceding stage and then adapts its existing cyber defense procedures to attain the desired
profile. Firms must assess which guidelines, standards, and actions, including those specific to
their industry, are best suited to their purposes.

The procedures are repeated as needed to constantly examine and enhance an

organization's cybersecurity. For example, companies may discover that repeating the orient
stage more frequently increases the threat analysis quality. Moreover, companies can track
progression by iteratively updating the Current Profile and then comparing it to the Target
Profile.

2.3. Effectiveness of the Framework

Organizations that use the Framework can quantify and attribute risk levels to them, as
well as the benefits and cost of activities done to decrease threats to manageable levels. The
more a firm's ability to quantify the risks, value, and advantages of approaches for cybersecurity
and procedures, the more reasonable, successful, and useful its cybersecurity strategy and
financing will be (NIST, 2018). The Framework Core cybersecurity outcomes promote financial
self-evaluation performance and cybersecurity operations in the following manner: Choosing
how various aspects of the security activity can impact the Targeted Execution Tiers decision,
Examining the firm's response to cyber defense by identifying existing Implementation Tiers
Favoring safety results through the creation of Intended Profiles, Assessing the extent of
compliance for rules inventories or development help indicated as Useful Resources, as well as
assessing the extent to which individual cybersecurity activities accomplish intended
cybersecurity results.
CYBER SECURITY FRAMEWORK 6

Monitoring the dark web for information that may be used to target the company allows it
to stay ahead of risks. Illegal dark web forums and marketplaces provide stolen passwords, other
stolen information, and malware for sale. Malicious actors use stolen information to target
organizations in order to acquire network access for ransomware attacks and other malicious
activities. Phishing emails might employ stolen corporate information to make them look more
legitimate (Mylrea, Gourisetti, & Nicholls, 2017). Unwitting victims might be duped into
disclosing login credentials or allowing malware to enter networks directly. Credential stuffing
attacks take advantage of password reuse and infrequent password changes by using stolen login
credentials in bulk. The assaults attempt to identify a match in the company's network in order
to get unauthorized access.

To identify and anticipate cybersecurity risks to the organization, use a reputable dark
web monitoring solution. These services infiltrate hotspots of cybercriminal activity, such as
unlawful markets and cybercriminal forums. They keep an eye out for stolen data and other
information about companies or personnel. They also keep an eye on dumpsites like Pastebin,
where anonymous users can upload material such as stolen confidential papers, emails,
databases, and other sensitive data.

The Cyber-MAR system that will concentrate on practical simulation and modeling of
maritime systems (e.g., Supply Chain), as well as a Cyber federation Range (CR Cyber-MAR),
will encompass various systems and interrelated systems aboard a ship or ashore in order to
enable real-time modeling of cyber-attacks and possible harmful repercussions (Canepa et al.,
2021). The Cyber-MAR system provides a unified framework with inherent two-way linkages
between Cyber-MAR CR, the MaCRA risk assessment and analysis framework, and models of
economics.

2.4. The soundness of the Framework

A logical system is only sound if the rules upon which it is built are valid in terms of its
semantics (Kaur, 2020). In layman's terms, this means that if the semantics or arrangements of
things regulating the framework change, the soundness of the operations, procedures, and
mathematics will change as well. As a result, the system would be insecure and incomplete.
That is, under all possible scenarios, the mathematical rules must retain the truth or valid
conditions. Feedback from the present industry indicates that new types of assaults continue to
CYBER SECURITY FRAMEWORK 7

test the security of the cyber security frameworks. Some practices that may help prevent cyber-
attacks include: Password protection and access control, Data authentication, Malware scanners,
firewalls, and anti-virus software are all examples of security software (Gade & Ugander. 2014).

Historically, corporations and states have implemented a responsive, "single item"

approach to combatting technology risks, developing discrete systems of protection to safeguard
their systems and the valuable information held within them. This strategy is not only expensive
and difficult; reports of severe cyberattacks continue to lead headlines, making it ineffectual
(Seemma et al., 2018). In reality, considering the number of individuals affected by infractions,
the issue of cyber safety has come to the center of things for company boards seeking a less risky
path onward. Organizations should rather select a fully autonomous, locally incorporated
solution, systems for Next-Generation Security built to deliver consistent, prevention-based
security — in the data center, on the endpoint, on the network, in private and public clouds, and
across Saab's settings. By concentrating on precaution, companies may avoid cyber-attacks from
infiltrating the system and reduce the overall cyber security risk to a reasonable level.

3. The TOR Router

One thing to bear in mind is that the method in which Tor is used decides whether it is a
tool for lawful or criminal use. Tor is used by businesses to view a website of a rival in order to
prevent the competition from monitoring the traffic (Shavers & Bair, 2016). Informants, state
operatives and whistleblowers, and travelers utilize the Tor browser to prevent legitimate
conversations from being exposed. To prevent suspects from being informed of state IP
addresses when browsing sites under investigation, Tor should be encouraged to be used in law
enforcement investigations.

In typical circumstances, a user's connection to a TOR web server includes three steps:
The Entry Guard router, the Middle router(s), and the Exit router (Zhang & Chow, 2018). The
Entrance Guard router serves as the TOR network's point of entrance. If a TOR router has been
in operation for a while with steady connectivity and adequate speed, it is chosen to be an Entry
Guard router. When a person connects to the TOR using a program, such as the TOR Browser,
he is linked to one of the Entry Guard routers. Middle routers are TOR network intermediary
links. They are in charge of relaying communications from Entry Guard routers to Exit routers.
Because there is no direct link between the Entry Guard router and the Exit router, neither side
CYBER SECURITY FRAMEWORK 8

can establish the other's identity. Exit routers are routers located on the TOR system's perimeter.
They are in charge of delivering data to the destination server provided by the user. TOR, which
stands for The Onion Router, meaning that the user's message has been encrypted several times,
stack after stack, much like an onion. Only the Exit router holds the initial decrypted user
message. Every Middle router is in charge of removing a layer of a cipher from the encoded
communication, similar to pilling an onion layer. The raw data of the user's request will be
ciphered at the Exit router, and so the Exit router will know the substance of the user's message
but will not be able to establish the user's true identity. If the user's request comprises only plain
text, such as an HTTP or FTP request, the Exit router will have complete knowledge of the
request.

Because the Tor browser is continually being updated, a user’s gadget can have many
variations of Tor in varied statuses of persistent and erased files. Looking for previous versions
of Tor that might have been utilized might help an investigator determine how long a person has
used Tor as an incognito channel of communication and web browsing tool. To prevent being
compromised by an outdated browser flaw, a frequent Tor user will immediately upgrade their
Tor browser when an update is available (Shavers & Bair, 2016).

The Tor browser stores no web history data in the NTUSER.DAT file or anyplace. To
retrieve Tor surfing history, a data dump of the system is required prior to powering down to
allow for capturing. Another component of the Tor artifact in memory is the way and length of
time the information is kept in memory. If the Tor browser is launched but then exited, the
information in memory is erased nearly instantaneously. Although, if the Tor browser is active,
the URL remains can be retrieved, but only for a few minutes after use.

4. The Dark Web Surfing

The Dark Web is a set of services that are inaccessible to search engines and ordinary
internet users. According to anecdotal evidence, anything prohibited to vend (or talk about)
appears to be readily accessible in this section of the web (Schafer et al., 2019). According to
several investigations, its principal material extends from illicit pornography to narcotics and
weapons. Additional research has indicated that there are several Dark Web services that are
extremely applicable to the cyber security industry (Schafer et al., 2019). Information that is
crucial regarding zero-day vulnerabilities, datasets that were stolen, including login credentials
CYBER SECURITY FRAMEWORK 9

or potentially unwanted programs for hire, can be utilized to predict, detect, and, typically, avoid
attacks on a wide spectrum of targets.

Commercial service is defined as a transaction involving the exchange of products.

Those 'goods' are illicit content on the Dark Web. Bitcoins, considered decentralized money, are
the currency utilized on the Dark Web. Instead of a centralized authority, such as a bank or
government, a network of users known as miners controls and verifies transactions. These
transactions are broadcast immediately into a "Block-Chain." The Hidden Wiki, which is only
accessible with TOR, is the platform where the majority of concealed business services can be
located (Medina, 2016). Some of these websites are even continent-specific; for example, they
may solely trade firearms in Europe. Arms sold on darknet marketplaces are delivered quietly, if
at all.

The "Silk Road" is one of the most well-known business services in the history of the
dark web (Medina, 2016). This is a darknet market comparable to "e-bay." The distinction is that
the products being offered are unlawful. Murder and theft are more extreme darknet markets.
Such websites provide services for killing and stealing. For example, the Assassination Market
generates a list of targets. The day of their assassination is then wagered on in bitcoins. By
carrying out the murder on the specified day, the user wins the bet and hence the sum of money.

Tor and other anonymizing services may be used to avoid censorship, gain access to
banned information, and protect critical business plans or communications. Nonetheless, a wide
spectrum of harmful actors, from thieves to terrorists to government-sponsored informants, may
use the Dark Web and cyberspace as a venue for discussion, action, and coordination. It is
uncertain how much of the Dark Web is committed to supplying a specific criminal market at
any one moment, and it is even more unclear how much bandwidth is actually directed to any
specific site due to the anonymity of services such as Tor.

The law enforcement, military, and intelligence organizations may also depend on the
Dark Web's secrecy. They might utilize it to undertake internet sting operations and monitoring,
as well as to keep anonymous tip channels (Finklea, 2017). Obscurity on the Dark Web may be
utilized to protect authorities from being identified and hacked by rivals. It may also be utilized
to undertake a covert or clandestine computer network activity, like shutting down a site or
launching a DOS assault or communications interception. According to reports, officers are
CYBER SECURITY FRAMEWORK 10

always attempting to improve tactics for deanonymizing Dark Web activity and identifying
criminal individuals online.

5. Conclusion

Improving international law on the topic of cyber-security is the international

community's top goal. The ever-changing technical facts necessitate an updating to international
law. Stricter and clearer sanctions for offenders are also required to deter potential criminals.
Experts have also advocated the concept of an overall security system for accessing the internet,
in which users will be required to identify themselves using a unique password and provide
additional information in order to access the world wide web. Though this approach will aid in
user identification, it clearly contradicts the right to privacy.

Experts have also advocated the construction of volunteer nodes for the TOR databases in
order to deanonymize the TOR network. Given that newly developed criminal platforms hunt
for datasets to "advertise" their websites, the authorities' efforts are justified.
CYBER SECURITY FRAMEWORK 11

REFERENCES

Canepa, M., Ballini, F., Dalaklis, D., Vakili, S., & Colmenares , L. M. H. (2021). CR CyberMar
as a solution path towards cybersecurity soundness in Maritime Logistics Domain.
Transactions on Maritime Science, 10(1). https://doi.org/10.7225/toms.v10.n01.011
Finklea, K. (2017). (rep.). Dark Web (pp. 1–16). Congressional Research Service.
Gade, Nikhita Reddy & Reddy, Ugander. (2014). A Study Of Cyber Security Challenges And
Its Emerging Trends On Latest Technologies.
Kaur, G. (2020). Arithmetic Soundness of Deduplication Security Frameworks. Journal of
Emerging Technologies and Innovative Research (JETIR), 7(11), 450–455.
https://doi.org/ISSN-2349-5162
Medina, M. S. (2016). (rep.). Cyber Security in the dark web era (pp. 1–13). United Nations.
Mylrea, M., Gourisetti, S. N., & Nicholls, A. (2017). An introduction to buildings cybersecurity
framework. 2017 IEEE Symposium Series on Computational Intelligence (SSCI).
https://doi.org/10.1109/ssci.2017.8285228
NIST. (2018). Framework for improving critical infrastructure cybersecurity, version 1.1.
Framework for Improving Critical Infrastructure Cybersecurity.
https://doi.org/10.6028/nist.cswp.04162018
Schafer, M., Fuchs, M., Strohmeier, M., Engel, M., Liechti, M., & Lenders, V. (2019).
Blackwidow: Monitoring the dark web for Cyber Security Information. 2019 11th
International Conference on Cyber Conflict (CyCon).
https://doi.org/10.23919/cycon.2019.8756845
Seemma, P. S., Nandhini, S., & Sowmiya, M. (2018). Overview of cyber security. IJARCCE,
7(11), 125–128. https://doi.org/10.17148/ijarcce.2018.71127
Shavers, B., & Bair, J. (2016). The tor browser. Hiding Behind the Keyboard, 11–34.
https://doi.org/10.1016/b978-0-12-803340-1.00002-1
Zhang, Xuan & Chow, K.P.. (2018). A Framework for Dark Web Threat Intelligence Analysis.
International Journal of Digital Crime and Forensics. 10. 108-117.
10.4018/IJDCF.2018100108.