Special Interest Groups (SIGs) are targeted avenues for member companies, researchers, and government agencies to exchange knowledge and explore collaborations for collective interest. SIG meetings are informal, interactive sessions where the group share their work, ideas, challenges, and related issues, within the community of the Consortium.
Threat Intelligence and Incident Response
The Threat Intelligence aspect covers technologies to detect malicious activities which include anomalies in network and endpoint access, suspicious user / insider behaviour, malware, Denial of Service attacks, and so on. The current trend in predictive / proactive defense overlaps the developments in Big Data, Data Analytics, and Deep Learning fields.
The Incident Response aspect covers technologies to evaluate and prioritise detected threats to assist human operators in crisis resolution and risk mitigation, as well as regulatory considerations to minimize impact of breaches across the board.
Data Protection and Privacy
The Data Protection aspect covers technologies to protect confidentiality and integrity of data. This also involves access control considerations including user authentication.
The Data Privacy aspect covers technologies as well as regulations in order to preserve privacy of data owners without crippling the usability of the data, thus enabling new applications, smarter devices, and enhancing the digital lifestyle.
The group interests span all aspects of security for mobile devices: mobile applications, mobile platforms including software, firmware and hardware, mobile network, mobile malware, and mobile user behaviour.
Mobile security involves consideration of constraints underlying embedded devices as well as features unique to mobile lifestyle such as the ready availability of certain information (real-time location, contacts, etc.) compared to traditional computing.
System and Software Security
The group interests span technologies for building secure software and constructing secure complex systems from various software and hardware components, as well as technologies for finding and patching vulnerabilities in existing or third-party software.
These involve testing methodologies, standards and compliance, design and development best practices, and also user / developer interfacing considerations, such as the need to reduce false alarms and to prioritize vulnerabilities for fixing.
Cyber-Physical System and IoT Security
Cyber-Physical System (CPS) Security is concerned with protecting complex infrastructure with large networks of devices such as public utilities and urban transportation. There is an emphasis on preserving correct, safe execution of (usually critical) processes that produce as well as use information shared across components, while accounting for physical and operational constraints of the system.
Internet of Things (IoT) shares the interconnected feature of CPS, with more emphasis on the connectivity technologies instead of the integrated system. As such IoT Security is concerned with confidentiality, integrity, availability and privacy of the exchanged information across devices.
Cybercrime and Investigation
The Cybercrime and Investigation SIG focuses on measures and technologies for better cybercrime investigation and attack attribution. The group interests include digital forensics and anti-forensics, investigative triaging, and solving challenges in handling large volumes of case exhibits and digitisation.
Distinct from the Threat Intelligence and Incident Response topic, which leans towards organizational defense, this topic is applicable to cybercrime determent and law enforcement.
The SIGs are dynamic groups and more groups can be formed as interest arises.