File Name: threats countermeasures and advances in applied information security .zip
Organizations are increasingly relying on electronic information to conduct business, which has caused the amount of personal information to grow exponentially. Threats, Countermeasures, and Advances in Applied Information Security addresses the fact that managing information security program while effectively managing risks has never been so critical. This book contains 24 chapters on the most relevant and important issues and advances in applied information security management.
The chapters are authored by leading researchers and practitioners in the field of information security from across the globe. The chapters represent emerging threats and countermeasures for effective management of information security at organizations. The book presents information security management solutions being researched on or deployed through book chapters from leading researchers and practitioners in the field, culminating in chapters of the highest quality.
Buy Hardcover. Add to Cart. More Information. MLA Gupta, Manish,et al. IGI Global, Gupta, M. IGI Global. Available In. Related Books. Hardcover: Available. Current Special Offers. No Current Special Offers. E-Book: Available. OnDemand: Individual Chapters. Description Organizations are increasingly relying on electronic information to conduct business, which has caused the amount of personal information to grow exponentially.
Topics Covered The many academic areas covered in this publication include, but are not limited to: Decision Support Systems Distributed And Secure Architecture Graphical Passwords Intrusion Response Metrics Malware Analysis Network Security Security and Authentication Issues Software Configurations Spam Robots Threats In E-Commerce Reviews and Testimonials The book presents information security management solutions being researched on or deployed through book chapters from leading researchers and practitioners in the field, culminating in chapters of the highest quality.
Organizations are increasingly relying on information in electronic form to conduct business. While this evolution of an electronic-based society from a paper-based one has been advantageous to both enterprises and individuals alike, the amount of personal information has also grown exponentially. With rapid growth in the number of information systems and related processes, managing information security program, while effectively managing risks, has never been so critical.
On average, respondents estimated that 24 hours of down time from a major attack would cost their own organization U. Given the rise of threats and technologies to launch and hide these attacks, the situation is clearly getting worse for organizations. Effective information security management and governance is the most important action organizations can take to thwart and manage these risks. They need to make decisions that are based on analyzing opportunities, risks and security.
Organizations, worldwide, have adopted practical and applied approaches for mitigating risks and managing information security program. The book contains 24 chapters on the most relevant and important issues and advances in applied information security management. With an increase in sophistication of technology, speed of propagation and relative ease of launching and coordinating a cyber-attack, an effective preventive and detective response should include automated and distributed mechanism.
There are a variety of tools of available for cyber-attackers to change the attack pattern and signature, which only makes defense against them ever so challenging. To keep up with dynamic evolution of attack types, the detection methods should be constantly kept updated. Wong of Department of Computer Science, Iowa State University, USA authors discuss their analyses of present-day automated intrusion response metrics; and how they can be used from a more practical standpoint.
Authors review existing intrusion detection approaches and practical challenges faced by organizations in implementing and making the best use of them.
They present practical solutions and recommendations for implementing intrusion response metrics, and identify research areas that need more focus for development of automated practical and effective response systems. Intrusion Detection Systems IDSs are an important and critical part of any effective information security architecture and program. IDSs have evolved significantly over the last decade in response to efficiently thwart fast evolving threats and risks. At a basic level, IDS acts like a pattern recognition system, where patterns of attacks and malicious codes are used to detect threats.
One of the most important steps, that plays a critical role in determining the overall effectiveness of intrusion detection, during pattern recognition is a process known as feature extraction. Use of domain knowledge in manual as well as automatic feature extraction is very pervasive. The experiments use public benchmarking data sets for demonstrating practical applications of feature extraction methods. With increasing approval and regulation of digital signatures across globe, digital signatures are seen as faster and convenient way of legally signing and ratifying documents.
With rise in use of digital signatures, architectures and methods of similar delegation techniques for others to be able to legally and securely sign digital documents have been proposed. In chapter 3, authors assert several shortcomings of these proposed methods from a practical implementation and adoption standpoint. Authors then formalize the security and functional requirements of a proxy smart card system, identifying the involved parties, the adversary model and the usability properties.
The chapter also demonstrates practical implementation of such a smart card based proxy system that includes all the functional requirements for secure delegation, while outperforming existing suggested methods. Increase in dominance of ecommerce channels in delivering products and services could not be overemphasized. With such a rise in adoption rates, the challenges in securing these channels have never been more critical.
Information security standards and frameworks are incerasingly adopted by companies of all sizes and forms. However, implementing a deployment scheme should be done within context of organizational specifics to ensure smoother adoption and effective enforcement.
In this chapter the authors analyse information security goals found in hospital settings. Authors present goal maps, which they used in their study for analysis of empirical data, as a useful tool for analysis and communication of information security goals in an organisation. Authentication is one of the most basic as well as most important security processes that encompass protection of information from unauthorized use.
With recent innovation in technology — both software and hardware — several innovative alternatives to simple text-based passwords have been suggested, which have shown to have higher security and usability.
One such concept is graphical passwords. Most of the vulnerabilities and threats in IT artifact arise from misconfigured software. Evaluating and testing security strength of any specific is one of most crucial proactive countermeasures in ensuring security of any software system. Authors demonstrate their methodology by designing a couple of security appraisals for transactional systems.
The authors also provide a real demonstration of both security appraisals using real scenarios. Privacy issues in an organizational setting have fast emerged as one of the most challenging aspects of enterprise information security program.
Recent instructions and mandates from government, in the form of regulations, have further burdened companies with finding effective ways to comply with those regulations and guidelines without compromising security and convenience.
Authors introduce concept of accountable privacy management in an organization that has several parallel projects while suggesting a compliance tool that also manages enterprise security, privacy, risk and trust-related aspects. Information sharing and collaboration play a significant role in success of business processes and operations in an organizational environment.
Cross-departmental and cross-functional teams have increasingly being leveraged for efficient deployment of products and services by businesses. At the same time securing the information that is being shared and collectively worked upon by has become equally critical.
Data segregation and secure information splitting has been used in organizations to share confidential data. The proposed techniques and methods introduce major enhancements over traditional algorithms. SQL injection attacks are one the most common ways by which confidential data is stolen by hackers. This is also one of the oldest techniques used to extract information from databases compromising the access and privilege requirements.
Stronger input validation and detection techniques have been traditionally used to thwart SQL injection attacks. Embedded applications can be managed remotely using public network such as Internet. Web Services have been extensively used in traditional software systems for providing a wide variety of services including integration of applications, remote assistance and collaboration amongst others. Authors present a model with an objective to demonstrate web services can be used to monitor and control humidity and temperature through Internet using interactive computer front end.
The proposed enhanced metamodel provides a strong solution for providing privacy in an SOA environment. Security of software and application development and implementation is one of the most common challenges facing companies. There are several approaches of evaluating security aspects of different stages in software development life cycle including fuzzing testing method, penetration testing and code walkthrough.
One relatively new and novel inspection method known as Security Goal Indicator Trees is increasingly gaining relevance and importance. The chapter describes the modeling of such security goal based trees as part of requirements engineering using a dedicated plug-in called toll called —GOAT. Due to their relative convenience and cost savings, applications such as Skype and other mobile applications have seen tremendous growth in adoption in recent years.
This has also brought unique and new security challenges for Peer-to-Peer SIP based communication systems that are underlying technologies for novel applications such as Skype. The decentralized nature of P2P makes security management and enforcement rather difficult. China and Vladimir A. Oleshchuk of University of Agder, Norway investigate P2PSIP security issues and propose two enhancement solutions: central based security and distributed trust security. They discuss advantages and disadvantages of each of the proposed approaches.
They also propose a combination of the two approaches in an attempt to find a better and more optimized protection. The chapter proposes a reinforcement model of collaborative security employing basic concepts from game theory, socio-psychology, and probabilistic model-checking. The proposed model aims to solve the problem of inducing positive network effect to enable user centric monitoring of security violations. The chapter presents a formal framework for devising policies to enable collaborative monitoring against policy violations without requiring employees and stakeholders of the company to own more roles for security policy monitoring and enforcement.
The framework is based on 1 organic unity of biological systems under attacks and 2 socio- psychological studies on security and human motivation. The chapter proposes a reward-punishment based reinforcement model for enabling collaborative monitoring of policy violations by extrinsically inducing positive network effect in the system. The chapter proposes Privacy-aware Organisation role Based Access Control PrivOrBAC model to identify and incorporate new access constraints and parameters, namely the privacy contexts, which should implement the consent and the notification concepts.
The chapter also provides an overview of current trends in the usage of formal techniques in the development of e-voting system. Using their experience, authors specify and verify the behaviors of one of currently deployed e-voting systems using formal techniques and verification against a subset of critical security properties that the system should meet.
Written in English. Analyzing Computer Security is a fresh, modern, and relevant introduction to computer security. Organized around today's key attacks, vulnerabilities, and countermeasures, it helps you think Reviews: 3. Passwords: Threats and Counter-Measures. Download as PDF.
Computer security , cybersecurity or information technology security IT security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware , software , or electronic data , as well as from the disruption or misdirection of the services they provide. The field is becoming increasingly significant due to the increased reliance on computer systems , the Internet  and wireless network standards such as Bluetooth and Wi-Fi , and due to the growth of "smart" devices , including smartphones , televisions , and the various devices that constitute the " Internet of things ". Owing to its complexity, both in terms of politics and technology, cybersecurity is also one of the major challenges in the contemporary world.
Not a MyNAP member yet? Register for a free account to start saving and receiving special member only perks. Such activities have historically been conducted by the intelligence-gathering activities of governments and have generally posed a threat to the confidentiality of information.
Your email address will not be published. Required fields are marked *