An NFR Pattern Approach to Dealing with NFRs
|
|
- Priscilla Blankenship
- 8 years ago
- Views:
Transcription
1 An NFR Pattern Approach to Dealing with NFRs Presenter : Sam Supakkul Sam Supakkul Tom Hill Lawrence Chung The Univ. of Texas at Dallas Thein Than Tun The Open University, UK Julio CSP Leite PUC-Rio, Brazil
2 An NFR Pattern Approach to Dealing with NFRs Presenter : Sam Supakkul (criticality=high) (criticality=low) Beautiful building help? Cost Durability help/hurt? Layered shells Surrounded by water Triangular shape Sam Supakkul Tom Hill Lawrence Chung The Univ. of Texas at Dallas Thein Than Tun The Open University, UK Julio CSP Leite PUC-Rio, Brazil
3 Some NFRs, such as security, are achieved by dealing with bad things (criticality=high) Credit card info security threaten Break-in wireless network Masquerade user login Steal credit card info mitigate 2-factor authen. Password encryption Biometric authen. Thrustworthiness help/hurt? (criticality=intermediate) help/hurt? (criticality=low) Cost
4 Acquiring and using NFR knowledge are difficult but insufficient knowledge can be damaging (2 nd ) Biggest credit card theft 45.7M credit cards stolen $20M in fraudulent transactions To cost TJX $1B over 5 years TJX Inc. used security measures ID/password authentication Data encryption TJX not able to prevent the hacker 1. Break-in wireless network 2. Masquerade user login 3. Steal credit card info But TJX did not know enough Potential security problems Applicable mitigations Proper tradeoff among NFRs
5 This talk presents a pattern-based approach to capturing, organizing, and reusing NFR knowledge Organizing Capturing Reusing Amenable to tool support
6 Different kinds of patterns for capturing different kinds of NFR knowledge Objective pattern Problem pattern Alternatives pattern Selection pattern
7 Objective pattern captures a definition of an NFR as softgoals to be achieved Security = Confidentiality, Integrity, and Availability Confidentiality = Privacy and Proprietary Integrity = Authenticity and Non-repudiation Availability = Timeliness and Reliability
8 Problem pattern captures soft-problems or obstacles to achieving an NFR NFR: Confidentiality [Credit Card] Undesirable situation: Unauthorized access [Server] Threat operations: Masquerading user login, Vulnerability: Transmission of ID/password in clear text
9 Alternatives pattern captures alternative means or solutions with side-effects effects Problem: Transmission of ID/password in clear text Alternatives: Encrypt ID/password, Biometric authentication Side-effects: Cost, Trustworthiness
10 Selection pattern captures an application independent selection scheme Weight-based quantitative selection Weight(!) =0.5! Weight(+) =0.5 + Trustworthiness [Security] ++ Retina authentication Fingerprint authentication Weight(++) =1.0 Selection based on the weight of criticality of goal/problem contribution towards goal/problem pro: intuitive, widely used con: subjective weighting, scaling problem! Trustworthiness [Security] Rank(++!)=7 Rank(++!)= Retina authentication Fingerprint authentication Selection based on the ranking of criticality-contribution combination pro: less subjective, no scaling problem con: agreement on ranking Rank-based qualitative selection
11 A deeper look at the selections Weight-based quantitative selection Weight(!) =0.5! Weight(+) =0.5 + Trustworthiness [Security] ++ Retina authentication Fingerprint authentication Weight(++) =1.0 selection = alternative with highest score selection = max( score(alternative) ) score(alternative) = score(contribution) score(contr) = weight(criticality) x weight (contr)! Trustworthiness [Security] Rank(++!)=7 Rank(++!)= Retina authentication Fingerprint authentication selection = alternative with best ranking selection = min( rank(alternative) ) rank(alternative) = rank(contribution) rank(contr) = rank(criticality-contr) Rank-based qualitative selection user-defined ranking: ++!!G +!!G ++S +S - -S
12 Additional info for each pattern: credentials, applicability, refinement rules Credentials and applicability info. help with pattern selection Refinement rules help with pattern reuse/application Credentials Authors Sources Endorsements Known Uses Applicability Who What Why When Where How How much succeed NFRDecomposition refinement rule
13 Refinement rules used to transform the target model during pattern application 1 2 transform transform before after R3 3 transform 4 transform
14 Next, patterns may be organized along generalization, aggregation, and classification dim. generalization aggregation instantiation classification Objective pattern Alternatives pattern Problem pattern decomposition specialization Organizing Selection pattern Capturing Reusing Amenable to tool support
15 Specialized pattern is more specific in breadth or in depth Generalization dimension R2' More specific in breadth US Law: Security = Conf., Integrity, Avail. Payment Card Industry (PCI): Security = Confidentiality More specific in depth PCI also concerned with Accountability beyond Privacy R5
16 Composite pattern assembles smaller patterns to capture a larger chunk of knowledge Aggregation dimension Applying the whole pattern will apply the part-of patterns
17 A pattern is used as a template to instantiate occurrence patterns Classification dimension Meta-pattern Occurrence pattern Binding Reference model Applying the occurrence pattern applies the meta-pattern with customization (binding) Security asset mapped to Credit Card Info (super-class to sub-class) Security mapped to Confidentiality (parent goal to sub-goal)
18 Applying the approach to the TJX case shows preliminary positive results reuse knowledge in a different project Break-in wireless network Masquerade user login Steal credit card info Method Construct tool prototypes Build for reuse scenario Build with reuse scenario Hypotheses Knowledge from the case can be captured and reused in a different project The approach works in a tool- assisted environment
19 The NFR Pattern Assistant for pattern support The RE-Tools for knowledge modeling capturing organizing The NFR Pattern Assistant The RE-Tools StarUML extension framework reusing The NFR Framework The i* Framework KAOS Problem Frame UML
20 Build for reuse scenario: model and patternize Model for the current project Patternize and organize for future projects
21 Build with reuse scenario: select and apply
22 Results: 93% of knowledge captured and reused The approach works but needs improvements Break-in wireless network Masquerade user login Steal credit card info for Sample results modeled knowledge 1 composite, 5 primitive generated by application Limitations (future work) Tool/usability related Models not captured with original placements Knowledge not captured due to missing refinement rules (25 rules defined) Pattern search and selection are currently manual Approach related Need to support dealing with NFRs during architecture/design Need more case studies
23 In summary, the difficulty of acquiring and using NFR knowledge can be alleviated by NFR patterns generalization aggregation instantiation classification Objective pattern Alternatives pattern Problem pattern decomposition specialization Organizing Selection pattern Capturing Reusing Amenable to tool support Thank you Questions & Comments?
24 Backup slides
25 Five operations are defined for manipulating NFR patterns
26 NFR pattern concepts are defined in a meta-model model and implemented by the tool
27 Modeling concepts are integrated in a meta-model model and implemented by the tool Type Topic 1 Topic EndPoint Satisficed Goal * 1 1 Phenomenon 1 Proposition 1 parent 1..* offspring Problem 1 Satisficing Label Weakly Satisficed Undecided Weakly Denied Denied Softgoal Hardgoal Want Soft Problem Hard Problem Impact Conflict NFR Softgoal Claim Operationalizing Softgoal Requirement 1..* Stakeholder Adversary Want Want 0..* 0..* Refer Reference Constrain Reference Stakeholder Agent 1 Adversary 1..* Given Domain RefInterface EndPoint Requirement Reference * Referenced Phenomenon Undesirable Situation Designed Domain 1..* realize Controlled Phenomenon Undesirable Mechanism Machine Domain 1..* Interface 1 1..* Shared Phenomenon controller Domain 1..* generalize 0..* 1 Contribution Decomposition Eql And Or Correlation Satisficing Legend adopted metaelement extended metaelement Direct Satisficing Make proxy of existing metaelement Softgoal Stakeholder Satisficing Some Plus Help Hurt Some Minus Break 1
28 Refinement rules for objective pattern
29 Example of refinement rules in an objective pattern
30 Refinement rules for problem pattern
31 Example of refinement rules in a problem pattern
32 Refinement rules for alternatives pattern
33 Example of refinement rules in an alternatives pattern
34 Refinement rules for selection pattern
35 Example of refinement rules in a selection pattern
36 Constraints for pattern aggregation
37 Constraints for pattern instantiation
Designing for Privacy and Other Competing Requirements Eric Yu 1 and Luiz Marcio Cysneiros 2 1 Faculty of Information Studies
Designing for Privacy and Other Competing Requirements Eric Yu 1 and Luiz Marcio Cysneiros 2 1 Faculty of Information Studies yu@fis.utoronto.ca 2 Department of Mathematics and Statistics Information Technology
More informationSecure communications via IdentaDefense
Secure communications via IdentaDefense How vulnerable is sensitive data? Communication is the least secure area of digital information. The many benefits of sending information electronically in a digital
More informationPass-the-Hash. Solution Brief
Solution Brief What is Pass-the-Hash? The tools and techniques that hackers use to infiltrate an organization are constantly evolving. Credential theft is a consistent concern as compromised credentials
More informationIIABSC 2015 - Spring Conference
IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber
More informationUbiquitous, Pervasive and Mobile Computing: A Reusable-Models-based Non-Functional Catalogue
Ubiquitous, Pervasive and Mobile Computing: A Reusable-Models-based Non-Functional Catalogue Milene Serrano 1 and Maurício Serrano 1 1 Universidade de Brasília (UnB/FGA), Curso de Engenharia de Software,
More informationNSF Workshop on Big Data Security and Privacy
NSF Workshop on Big Data Security and Privacy Report Summary Bhavani Thuraisingham The University of Texas at Dallas (UTD) February 19, 2015 Acknowledgement NSF SaTC Program for support Chris Clifton and
More informationGoal-Oriented Requirements Engineering: An Overview of the Current Research. by Alexei Lapouchnian
Goal-Oriented Requirements Engineering: An Overview of the Current Research by Alexei Lapouchnian Department of Computer Science University Of Toronto 28.06.2005 1. Introduction and Background...1 1.1
More informationUnderstanding the Role of Enterprise Architecture. towards Better Institutionalization
Understanding the Role of Enterprise Architecture towards Better Institutionalization Lawrence Chung Hyun-Kyung Song Yeong-Tae Song Nary Subramanian University of Texas at Dallas Towson University University
More informationIntroduction to Online Payment Processing and PayPal Payment Solutions
Introduction to Online Payment Processing and PayPal Payment Solutions PayPal Helps Bring You New Customers Drivers of Consumer Demand for PayPal Opportunities for Merchants PayPal is: Secure Simple Fast
More informationSecurityMetrics Vision whitepaper
SecurityMetrics Vision whitepaper 1 SecurityMetrics Vision: Network Threat Sensor for Small Businesses Small Businesses at Risk for Data Theft Small businesses are the primary target for card data theft,
More informationGuide to Vulnerability Management for Small Companies
University of Illinois at Urbana-Champaign BADM 557 Enterprise IT Governance Guide to Vulnerability Management for Small Companies Andrew Tan Table of Contents Table of Contents... 1 Abstract... 2 1. Introduction...
More information2015 CENTRI Data Breach Report:
INDUSTRY REPORT 2015 CENTRI Data Breach Report: An Analysis of Enterprise Data Breaches & How to Mitigate Their Impact P r o t e c t y o u r d a t a Introduction This industry report attempts to answer
More informationHIPAA Security. 6 Basics of Risk Analysis and Risk Management. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationMobile Banking. Secure Banking on the Go. Matt Hillary, Director of Information Security, MX
Mobile Banking Secure Banking on the Go Matt Hillary, Director of Information Security, MX Mobile Banking Channels SMS / Texting Mobile Banking Channels Mobile Web Browser Mobile Banking Channels Mobile
More informationIT Compliance Volume II
The Essentials Series IT Compliance Volume II sponsored by by Rebecca Herold Addressing Web-Based Access and Authentication Challenges by Rebecca Herold, CISSP, CISM, CISA, FLMI February 2007 Incidents
More informationMetrics to Assess and Manage Software Application Security Risk. M. Sahinoglu, S. Stockton, S. Morton, P. Vasudev, M. Eryilmaz
Metrics to Assess and Manage Software Application Security Risk M. Sahinoglu, S. Stockton, S. Morton, P. Vasudev, M. Eryilmaz Auburn University at Montgomery (AUM) and ATILIM University, Ankara msahinog@aum.edu,
More informationBiometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19
Biometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19 Andrew Sessions, Abel Sussman Biometrics Consortium Conference Agenda
More informationSecure Semantic Web Service Using SAML
Secure Semantic Web Service Using SAML JOO-YOUNG LEE and KI-YOUNG MOON Information Security Department Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationRegulations on Information Systems Security. I. General Provisions
Riga, 7 July 2015 Regulations No 112 (Meeting of the Board of the Financial and Capital Market Commission Min. No 25; paragraph 2) Regulations on Information Systems Security Issued in accordance with
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationWHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
More informationInformation Technology Branch Access Control Technical Standard
Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,
More informationSecuring corporate assets with two factor authentication
WHITEPAPER Securing corporate assets with two factor authentication Published July 2012 Contents Introduction Why static passwords are insufficient Introducing two-factor authentication Form Factors for
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationVulnerability Management Policy
Vulnerability Management Policy Policy Statement Computing devices storing the University s Sensitive Information (as defined below) or Mission-Critical computing devices (as defined below) must be fully
More informationXYPRO Technology Brief: Stronger User Security with Device-centric Authentication
Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication
More informationInformation & Communication Security (SS 15)
Information & Communication Security (SS 15) Security Engineering Dr. Jetzabel Serna-Olvera @sernaolverajm Chair of Mobile Business & Multilateral Security Goethe University Frankfurt www.m-chair.de Introduction
More informationAn Insight into Cookie Security
An Insight into Cookie Security Today most websites and web based applications use cookies. Cookies are primarily used by the web server to track an authenticated user or other user specific details. This
More informationWHITE PAPER. Preventing Wireless Data Breaches in Retail
WHITE PAPER Preventing Wireless Data Breaches in Retail Preventing Wireless Data Breaches in Retail The introduction of wireless technologies in retail has created a new avenue for data breaches, circumventing
More informationPrivacy by Design in Federated Identity Management
1 Privacy by Design in Federated Identity Management Interpreting Legal Privacy Requirements for FIM and Comparing Risk Mitigation Models 2015 International Workshop on Privacy Engineering IWPE 15 - MAY
More informationA Vulnerability-Centric Requirements Engineering Framework: Analyzing Security Attacks, Countermeasures, and Requirements Based on Vulnerabilities
A Vulnerability-Centric Requirements Engineering Framework: Analyzing Security Attacks, Countermeasures, and Requirements Based on Vulnerabilities Golnaz Elahi University of Toronto gelahi@cs.toronto.edu
More informationPursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES
Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES Contents PART I An Increasing Threat: Identity Theft The FFIEC Response Risk Assessment Fundamentals The FFIEC
More informationGoal-Oriented Requirements Engineering and Software Architecting. Department of Computer Science The University of Texas at Dallas
Goal-Oriented Requirements Engineering and Software Architecting Lawrence Chung Department of Computer Science The University of Texas at Dallas Outline Running Example: London Ambulance System Goal-Orientation
More informationInformation Systems Security
Information Systems Security Lecture 4: Security Engineering Prof. Dr. Christoph Karg Aalen University of Applied Sciences Department of Computer Science 11.10.2015 Learning Objective Learning Objective
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationICAWEB423A Ensure dynamic website security
ICAWEB423A Ensure dynamic website security Release: 1 ICAWEB423A Ensure dynamic website security Modification History Release Release 1 Comments This Unit first released with ICA11 Information and Communications
More informationCHAPTER 1 INTRODUCTION
1 CHAPTER 1 INTRODUCTION 1.1 Introduction Cloud computing as a new paradigm of information technology that offers tremendous advantages in economic aspects such as reduced time to market, flexible computing
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationFive PCI Security Deficiencies of Retail Merchants and Restaurants
Whitepaper January 2010 Five PCI Security Deficiencies of Retail Merchants and Restaurants The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations by Brad Cyprus, SSCP - Senior Security Architect,
More informationFive PCI Security Deficiencies of Restaurants
Whitepaper The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations By Bradley K. Cyprus- Senior Security Architect, Vendor Safe 2011 7324 Southwest Freeway, Suite 1700, Houston, TX 77074
More informationMulti-Factor Authentication of Online Transactions
Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best
More informationNetwork Security. Network Security Hierarchy. CISCO Security Curriculum
Network Security Network Security Hierarchy Material elaborat dupa: CISCO Security Curriculum Kenny Paterson s Lectures for: M.Sc. in Information Security, Royal Holloway, University of London 1 Objectives
More informationNeustar Intelligent Cloud Services
Neustar Intelligent Cloud Services Position Paper: W3C Workshop on Identity in the Browser Submitted on April 20, 2011 Primary Contact John Hwang Product Manager, Neustar 571-434-4693 john.hwang@neustar.biz
More informationWhen it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs
White Paper Meeting PCI Data Security Standards with Juniper Networks SECURE ANALYTICS When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright 2013, Juniper Networks,
More informationOn the Role of Primary and Secondary Assets in Adaptive Security: An Application in Smart Grids
On the Role of Primary and Secondary Assets in Adaptive Security: An Application in Smart Grids Liliana Pasquale, Mazeiar Salehie, Raian Ali, Inah Omoronyia, and Bashar Nuseibeh Lero- Irish Software Engineering
More informationSecurity Requirements Engineering A Strategic Approach
Security Requirements Engineering A Strategic Approach Chandrabose A Research Scholar Madurai Kamaraj University Madurai, India ABSTRACT Although security requirements engineering has recently attracted
More informationLecture 3 Topics on Requirements Engineering
Lecture 3 Topics on Requirements Engineering Some material taken from the Tropos project at U of T Copyright Yijun Yu, 2005 Course information Let s vote Course Project/Final Exam 50-50 or 60-40? Midterm/Final
More informationCatapult PCI Compliance
Catapult PCI Compliance Table of Contents Catapult PCI Compliance...1 Table of Contents...1 Overview Catapult (PCI)...2 Support and Contact Information...2 Dealer Support...2 End User Support...2 Catapult
More informationHowever, the marketplace for replaceable components is still not at sight due to many
Software Replaceability: An NFR Approach Lei Zhang Lawrence Chung Jing Wang Department of Computer Science The University of Texas at Dallas {lei74, chung, jwang}@ utdallas.edu Abstract Building software
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationUniversity of Illinois at Chicago Health Sciences Colleges Information Technology Group Security Policies Summary
University of Illinois at Chicago Health Sciences Colleges Information Technology Group Security Policies Summary This Summary was prepared March 2009 by Ian Huggins prior to HSC adoption of the most recent
More informationFrequently Asked Questions (FAQ)
Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart
More informationChapter 7 Information System Security and Control
Chapter 7 Information System Security and Control Essay Questions: 1. Hackers and their companion viruses are an increasing problem, especially on the Internet. What can a digital company do to protect
More informationReducing Email Threats
Reducing Email Threats MyMail Solves Common Privacy and Security Email Threats MyMail Technology, LLC 2009 West Beauregard Avenue San Angelo, TX 76901 (866) 949-8572 www.mymail.com March 2008 REDUCING
More informationSECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM
SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM Chandramohan Muniraman, Meledath Damodaran, Amanda Ryan University of Houston-Victoria Abstract As in any information management system security
More informationSecurity. TestOut Modules 12.6 12.10
Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card
More informationBeyond passwords: Protect the mobile enterprise with smarter security solutions
IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:
More informationMeeting PCI Data Security Standards with
WHITE PAPER Meeting PCI Data Security Standards with Juniper Networks STRM Series Security Threat Response Managers When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright
More informationSecurity Challenges. in Moving to Externalized Datacenters. (Focusing on SaaS) Eran Birk, Spring 2014. Business. Intelligence
Business Intelligence Security Challenges in Moving to Externalized Datacenters (Focusing on SaaS) Eran Birk, Spring 2014 Grid Computing Cloud Computing Compute Networks Storage Information provided in
More informationSECURITY RISK MANAGEMENT
SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W
More informationNetwork Security: Introduction
Network Security: Introduction 1. Network security models 2. Vulnerabilities, threats and attacks 3. Basic types of attacks 4. Managing network security 1. Network security models Security Security has
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationSecuring mobile devices in the business environment
IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile
More informationSecurity Threat Risk Assessment: the final key piece of the PIA puzzle
Security Threat Risk Assessment: the final key piece of the PIA puzzle Curtis Kore, Information Security Analyst Angela Swan, Director, Information Security Agenda Introduction Current issues The value
More informationNETWORK SECURITY DEVELOPMENT PROCESS. - A Framework for Teaching Network Security Courses *
NETWORK SECURITY DEVELOPMENT PROCESS - A Framework for Teaching Network Security Courses * T. Andrew Yang, Tuan Anh Nguyen Univ. of Houston Clear Lake, Houston, Texas Contact: (281) 283-3835, yang@uhcl.edu
More informationHow Reflection Software Facilitates PCI DSS Compliance
Reflection How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance In 2004, the major credit
More informationCentral Desktop Enterprise Edition (Security Pack)
Central Desktop Enterprise Edition (Security Pack) The Central Desktop Security Pack is included in the Enterprise Edition of Central Desktop. The Enterprise Edition is for companies and organizations
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationThreat Modeling. Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE UNIVERSITEIT LEUVEN
Threat Modeling Frank Piessens (Frank.Piessens@cs.kuleuven.be ) Secappdev 2007 1 Overview Introduction Key Concepts Threats, Vulnerabilities, Countermeasures Example Microsoft s Threat Modeling Process
More informationA Structured Comparison of Security Standards
A Structured Comparison of Security Standards Kristian Beckers 1, Isabelle Côté 3, Stefan Fenz 2, Denis Hatebur 1,3, and Maritta Heisel 1 1 paluno - The Ruhr Institute for Software Technology - University
More informationHow to get from laws to technical requirements
How to get from laws to technical requirements And how the OPM hack relates technology, policy, and law June 30, 2015 Isaac Potoczny-Jones ijones@galois.com www.galois.com Galois, Inc. Overview Outline!
More informationTrends in Mobile Authentication. cnlab security ag, obere bahnhofstr. 32b, CH-8640 rapperswil-jona esther.haenggi@cnlab.ch, +41 55 214 33 36
Trends in Mobile Authentication cnlab security ag, obere bahnhofstr. 32b, CH-8640 rapperswil-jona esther.haenggi@cnlab.ch, +41 55 214 33 36 E-banking authentication mtan 2 Phishing passiv Man-in-the-Middle
More informationManaged Security Services
Managed Security Services 1 Table of Contents Possible Security Threats 3 ZSL s Security Services Model 4 Managed Security 4 Monitored Security 5 Self- Service Security 5 Professional Services 5 ZSL s
More informationIdentity Theft: A Growing Problem. presented by Melissa Elson Agency Liaison Office of Privacy Protection - Bureau of Consumer Protection
Identity Theft: A Growing Problem presented by Melissa Elson Agency Liaison Office of Privacy Protection - Bureau of Consumer Protection Identity Theft What it is How it happens How to protect yourself
More informationUF IT Risk Assessment Standard
UF IT Risk Assessment Standard Authority This standard was enacted by the UF Senior Vice President for Administration and the UF Interim Chief Information Officer on July 10, 2008 [7]. It was approved
More informationAnalyzing Security Requirements As Relationships among Strategic Actors
Analyzing Security Requirements As Relationships among Strategic Actors Lin Liu 1, Eric Yu 2, John Mylopoulos 1 1 Computer Science Department, University of Toronto, Toronto, Canada M5S 1A4 {liu, jm}@cs.toronto.edu
More informationRisk Management Policy
Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012
More informationSecuring Virtual Desktop Infrastructures with Strong Authentication
Securing Virtual Desktop Infrastructures with Strong Authentication whitepaper Contents VDI Access Security Loopholes... 2 Secure Access to Virtual Desktop Infrastructures... 3 Assessing Strong Authentication
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the
More informationThe Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training
The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.
More informationSecuring e-government Web Portal Access Using Enhanced Two Factor Authentication
Securing e-government Web Portal Access Using Enhanced Two Factor Authentication Ahmed Arara 1, El-Bahlul Emhemed Fgee 2, and Hamdi Ahmed Jaber 3 Abstract This paper suggests an advanced two-factor authentication
More informationMeeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM)
White Paper Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM) When It Comes To Monitoring and Validation It Takes More Than Just Collecting Logs Juniper
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationAttestation and Authentication Protocols Using the TPM
Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all
More informationPrivileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery
Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account
More informationPolicies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification
Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices
More informationDomain 5 Information Security Governance and Risk Management
Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association
More informationManagement of Hardware Passwords in Think PCs.
Lenovo Corporation March 2009 security white paper Management of Hardware Passwords in Think PCs. Ideas from Lenovo Notebooks and Desktops Workstations and Servers Service and Support Accessories Introduction
More informationDEVELOPING A NETWORK SECURITY PLAN
1-06-30 INFORMATION MANAGEMENT: STRATEGY, SYSTEMS, AND TECHNOLOGIES DEVELOPING A NETWORK SECURITY PLAN Frederick Gallegos and Stephen Tanner INSIDE Securing the New Distributed Environment, Review of Security
More informationSecurity Risk Management and Assessment System
ABSTRACT SAGEPOT: A TOOL FOR SECURITY ASSESSMENT AND GENERATION OF POLICY TEMPLATES K. Saleh, A. Meliani, Y. Emad and A. AlHajri American University of Sharjah, Department of Computer Science Box 26666,
More informationElectronic Data Security: Designing Good Data Protection Plans
Electronic Data Security: Designing Good Data Protection Plans Dean Gallant Harvard University FAS Assistant Dean for Research Policy and Administration & Executive Officer, Committee on the Use of Human
More informationSecurity of Payment Card Data on Cloud-Based Mobile Payment Platforms
Security of Payment Card Data on Cloud-Based Mobile Payment Platforms Randy Gainer ACI Forum on Emerging Payment Systems San Francisco March 22, 2013 Topics to be covered Cloud-based mobile payment solutions
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationPASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013
2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More information