Conclusion & Future Work

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Conclusion & Future Work"

Transcription

1 CHAPTER 7 Conclusion & Future Work 7.1 Conclusion This chapter presents the conclusions which have been derived fulfilling the objective defined in the beginning of chapter 1. The Architecture for Resource Management in Global Grids was introduced with an aim to handle Distributed Heterogeneous Resources Reputation paradigm which further support in managing Resource Management for Grid Computing environments. A reliable and efficient Grid based upon the Trust factor of each & every Grid Resource being integrated in Grid as per the Consumer application requisite, is attained through a Decentralized Grid Reputation-based Trust Model called GridPeerTrust. The merits of the proposed Architecture are obvious from; its comparisons made with existing/prevalent Trust Models. Following conclusions have been achieved which are valuable contributions of the Research:- 1. Pre-standardization of Reputation models for Grid Environment Pre-standardization based on the existing Trust and/or Reputation models that had arisen in the last few years in Grid Environment concluded key processes in common such as gathering information, trust decay, rewarding or punishing. Providing recommendations benefited distributed systems such as Grid Environment for more critic and unavoidable trust and reputation mechanism, specifically in context to Grid Environment. 2. Trust-based Architecture for Global Grids A Secured Grid Resource Management for Global Grids by addition of a Trust-based 139

2 Layer assured the Trust worth of the Grid Resource and consequently the Trust worth of the Grid, on whole, as it entered the commercial arena wherein it promised to help the Grid Consumer in Decision Making, as the system offered only those Gird Resources which assure of a high degree of Trust Relationship of Grid Resource provider. 3. Reputation-based Trust Model The GridPeerTrust, Reputation-based Trust Model allowed Grid Client Applications (e.g. resource brokers, schedulers and monitoring toolkits) to control the Trust and Reputation evaluation of Resource Provider. The Trust Model, called for computing and comparing the Trust values of entities complied through a transaction-based Feedback System and concluded a decentralized implementation of this model in Global Grid network. GridPeerTrust combined various important aspects related to the management of Trust and Reputation in Grid environment such as: (i) Feedback a Grid Resource Provider (entity) receives from Grid Resource Consumer; (ii) Credibility of the recommendations given by Grid Resource Consumer; (iii) Total number of transaction of a Grid Entity, Decay Factor and Trust Context Factor. It is these very aspects which appraise the worth of Grid in the best possible way for Application success as well as in Consumer satisfaction terms. 4. Grid Resource Reputation Trust Manager The Reputation Trust Manager processed the reputation evaluation criteria denoted by the Trust Evaluation Process and calculated Trust level values for a Grid Resource or a set of Resources. The implementation of Trust Manager for each grid entity helped in implementing Reputation-based Trust Model in a decentralized manner. 5. Countering Feedback Security Threats This contribution is the refinement of the Trust Framework to minimize the potential vulnerabilities and security threats in the Reputation System itself. The proposed 140

3 Reputation Model through its defense mechanisms enable the framework to resilient to several security threats including Malicious Individuals, Malicious Collectives, Malicious Collectives with Camouflage, Malicious Spies, Sybil Attack, Man in the Middle Attack, Driving Down the Reputation of a Reliable Entity, Partially Malicious Collectives, Malicious Pre-trusted Entity. Conclusively, this research has significantly attained its aims and objective by demonstrating how the reputation-based Trust Model optimized the Resource Management process in Global Grids. This was demonstrated in the testbed experiments where GridPeerTrust managed to employ computing resources which embrace the parameters stipulated by the trust evaluation process of the assigned job and consequently managed to mitigate the number of malicious entities in the Global Grid and constitutes as an important milestone toward the evolution from failure tolerant research-oriented Grids into mission critical one. The reputation-based Trust Model gained further strength with its ability to adapt to specific job requirements and provide an optimization of the reputation evaluate on process by basing it on multiple Trust context characteristics (e.g. availability, reliability). On a broader scale it can be implied that reputation-based Trust Model, besides Global Grids, has the potential to be applied to different computing paradigms such as Web services, XML-RPC, and other SOA technologies, which normally involve service consumers and producers negotiating through bilateral agreements. On the other hand, the limitations of the reputation-based Trust Model include: (i) amplification of computation overhead, as it requires an extra step of stipulating reputation Trust evaluation process; (ii) message complexity increases, as the reputation query increases in size due to the addition of the TDS; and (iii) a computational overhead due to the processing of multiple QoS factors and a complex trust evaluation process. Existing reputation-based Trust Models offer an adequate level of confidence for most types of users and computational tasks and are generally favored for their simplicity. On the other hand, this reputation-based based Trust Model targets specific scenarios where explicit stipulation of reputation evaluation criteria is required. From its point of view, it 141

4 simply attempts to optimise the Resource Management by adapting it to specific type of jobs and user requirements. 7.2 Future Work The work of described in this thesis has also identified a number of areas for future research. These are listed as follows: 1. Automatic Feedback Management: This aspect is currently absent from the reputationpolicy based trust model and considered essential. The feedback ratings should be supplied automatically by monitoring toolkits and it should take into account different factors, such as the difference between the actual service provided and the level of service guaranteed in the SLA contract and length of experience the resource broker achieved with the evaluated resource (shorter length implies greater feedback). In addition, the feedback ratings should be supplied for each opinion aspect in the TDS. For example, if the resource broker stipulated availability and reliability as quality factors, it should supply ratings for these two aspects on transaction completion. 2. Self-Monitoring Reputation-Policy Trust Model: Several improvements and additions can be made to the trust model. For example, at current state the, only historical rating feedbacks are considered as valid trust source for evaluation. The model can be expanded with real time performance data (via monitoring toolkits) as well as trust prediction models which would aim to assess the performance of a resource at a certain point in the future. This functionality can be proven useful for future scheduled jobs in which solely relying on historical information would not be sufficient. 3. Trust Management issues in Cloud Computing: Cloud computing has been attracting the attention of several researchers both in the academia and the industry as it provides many opportunities for organizations by offering a range of computing services. Before cloud computing to become acceptable to everybody both the enterprises and individuals, several issues have to be solved. One of the most important aspects that need to be paid 142

5 special attention is the cloud security. Trust management is one of the important components in the cloud security that needs special attention. The trust management systems proposed for cloud computing by various researchers have been studied with special emphasis their capability, their applicability in practical heterogonous cloud environment and their implementabilty. 143

Super-Agent Based Reputation Management with a Practical Reward Mechanism in Decentralized Systems

Super-Agent Based Reputation Management with a Practical Reward Mechanism in Decentralized Systems Super-Agent Based Reputation Management with a Practical Reward Mechanism in Decentralized Systems Yao Wang, Jie Zhang, and Julita Vassileva Department of Computer Science, University of Saskatchewan,

More information

Trust and Reputation Management in Distributed Systems

Trust and Reputation Management in Distributed Systems Trust and Reputation Management in Distributed Systems Máster en Investigación en Informática Facultad de Informática Universidad Complutense de Madrid Félix Gómez Mármol, Alemania (felix.gomez-marmol@neclab.eu)

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts. Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:

More information

Sytorus Information Security Assessment Overview

Sytorus Information Security Assessment Overview Sytorus Information Assessment Overview Contents Contents 2 Section 1: Our Understanding of the challenge 3 1 The Challenge 4 Section 2: IT-CMF 5 2 The IT-CMF 6 Section 3: Information Management (ISM)

More information

The Information Assurance Process: Charting a Path Towards Compliance

The Information Assurance Process: Charting a Path Towards Compliance The Information Assurance Process: Charting a Path Towards Compliance A white paper on a collaborative approach to the process and activities necessary to attain compliance with information assurance standards.

More information

Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing

Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing Igor Nai Fovino-Head of Research GCSEC The last two years will surely enter in the history of IT Security. 2010 was the year

More information

The promise and pitfalls of cyber insurance January 2016

The promise and pitfalls of cyber insurance January 2016 www.pwc.com/us/insurance The promise and pitfalls of cyber insurance January 2016 2 top issues The promise and pitfalls of cyber insurance Cyber insurance is a potentially huge but still largely untapped

More information

ESKISP6053.01 Assist security testing, under supervision

ESKISP6053.01 Assist security testing, under supervision Overview This standard covers the competencies required to assist security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

Audit and Governance Committee 24 September 2015 Business Continuity Plan

Audit and Governance Committee 24 September 2015 Business Continuity Plan Audit and Governance Committee 24 September 2015 Business Continuity Plan For Information Portfolio Holder(s) Environmental Protection & Assets Senior Leadership Team Contact: Strategic Director 1. Purpose

More information

Information Assurance. and Critical Infrastructure Protection

Information Assurance. and Critical Infrastructure Protection Information Assurance and Critical Infrastructure Protection A Federal Perspective Information Assurance Presented by the Government Electronics and Information Technology Association 2001 Executive Summary

More information

Adaptive SLA Monitoring of Service Choreographies Enacted on the Cloud

Adaptive SLA Monitoring of Service Choreographies Enacted on the Cloud Istituto di Scienza e Tecnologie dell'informazione A. Faedo Software Engineering and Dependable Computing Laboratory Adaptive SLA Monitoring of Service Choreographies Enacted on the Cloud Antonia Bertolino,

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION CHAPTER 1 INTRODUCTION 1.1 Background Cloud computing is something which is not new in the world of Internet. Basically, it is a unique space in the Internet. It can be used for service, storage and many

More information

Security Control Standard

Security Control Standard Department of the Interior Security Control Standard Security Assessment and Authorization January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior,

More information

Standard for Business Continuity/Disaster Recovery (BC/DR) Service Providers

Standard for Business Continuity/Disaster Recovery (BC/DR) Service Providers Section One Standard for Business Continuity/Disaster Recovery (BC/DR) Service Providers The awareness of BC/DR services has grown due to the threats from terrorism and geopolitical tension. There are

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from

More information

White Paper An Enterprise Security Program and Architecture to Support Business Drivers

White Paper An Enterprise Security Program and Architecture to Support Business Drivers White Paper An Enterprise Security Program and Architecture to Support Business Drivers seccuris.com (866) 644-8442 Contents Introduction... 3 Information Assurance... 4 Sherwood Applied Business Security

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION 1 CHAPTER 1 INTRODUCTION 1.1 Overview Cloud computing has emerged as a business IT solution that provides a new way to manage and deliver automated computing services to consumers via the Internet (Shawish

More information

A Market-based Framework for Trading Grid Resources

A Market-based Framework for Trading Grid Resources A Market-based Framework for Trading Grid Resources Dr. JIE SONG Email: Jie.Song@sun.com Asia Pacific Science & Technology Center Sun Microsystems Inc. Agenda Motivation Grid Service Market Framework Prototype

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,

More information

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services Ronnie D. Caytiles and Byungjoo Park * Department of Multimedia Engineering, Hannam University

More information

E Governance Security Standards Framework:

E Governance Security Standards Framework: Version: 1.0 January, 2010 E Governance Security Standards Framework: An Approach Paper Government of India Department of Information Technology Ministry of Communications and Information Technology New

More information

STRATEGIC PLANNING: A TEN-STEP GUIDE *

STRATEGIC PLANNING: A TEN-STEP GUIDE * STRATEGIC PLANNING: A TEN-STEP GUIDE * I. IMPORTANCE OF PLANNING There is broad agreement among nonprofit leaders and experts that planning is a critical component of good management and governance. Planning

More information

Evaluation of the Iceland State Financial and Human Resource System REPORT OF THE INDIVIDUAL EVALUATOR. Annex 2 SYSTEM AND SOFTWARE QUALITY

Evaluation of the Iceland State Financial and Human Resource System REPORT OF THE INDIVIDUAL EVALUATOR. Annex 2 SYSTEM AND SOFTWARE QUALITY Evaluation of the Iceland State Financial and Human Resource System REPORT OF THE INDIVIDUAL EVALUATOR Annex 2 SYSTEM AND SOFTWARE QUALITY This paper lists the properties used in the two main models in

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information

How to Evaluate DDoS Mitigation Providers:

How to Evaluate DDoS Mitigation Providers: Akamai White Paper How to Evaluate DDoS Mitigation Providers: Four Critical Criteria How to Evaluate DDoS Mitigation Providers 2 TABLE OF CONTENTS INTRODUCTION 3 CRITERIA #1: THREAT INTELLIGENCE 3 CRITERIA

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Security Control Standard

Security Control Standard Department of the Interior Security Control Standard Program Management April 2011 Version: 1.1 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior, Chief Information

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

Trust and Reputation Management for Critical Infrastructure Protection

Trust and Reputation Management for Critical Infrastructure Protection Trust and Reputation Management for Critical Infrastructure Protection Filipe Caldeira 12, Edmundo Monteiro 1, and Paulo Simões 1 1 Universidade de Coimbra - DEI/CISUC, Coimbra, 3030-290, Portugal {fmanuel,edmundo,psimoes}@dei.uc.pt

More information

Identity and Access Management. Key Initiative Overview

Identity and Access Management. Key Initiative Overview Ray Wagner Research Managing Vice President This overview provides a high-level description of the Identity and Access Management Key Initiative. IT leaders can use this guide to understand what they need

More information

COMBINE DIFFERENT TRUST MANAGEMENT TECHNIQUE: RECOMMENDATIONAND REPUTATION IN CLOUD SERVICE. B.Brithi #1, K. Kiruthikadevi *2

COMBINE DIFFERENT TRUST MANAGEMENT TECHNIQUE: RECOMMENDATIONAND REPUTATION IN CLOUD SERVICE. B.Brithi #1, K. Kiruthikadevi *2 COMBINE DIFFERENT TRUST : RECOMMENDATIONAND REPUTATION IN CLOUD SERVICE B.Brithi #1, K. Kiruthikadevi *2 1 P.G Scholar, Department of Computer Science and Engineering, Nandha College of Technology, Erode.

More information

THREATS AND VULNERABILITIES FOR C 4 I IN COMMERCIAL TELECOMMUNICATIONS: A PARADIGM FOR MITIGATION

THREATS AND VULNERABILITIES FOR C 4 I IN COMMERCIAL TELECOMMUNICATIONS: A PARADIGM FOR MITIGATION THREATS AND VULNERABILITIES FOR C 4 I IN COMMERCIAL TELECOMMUNICATIONS: A PARADIGM FOR MITIGATION Joan Fowler and Robert C. Seate III Data Systems Analysts, Inc. 10400 Eaton Place, Suite 400 Fairfax, VA

More information

AISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY. 14 October 2015 OPENING ADDRESS LYNWEN CONNICK

AISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY. 14 October 2015 OPENING ADDRESS LYNWEN CONNICK 1 AISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY 14 October 2015 OPENING ADDRESS LYNWEN CONNICK Thanks Arno, and good morning everyone. Welcome to Australian Information Security Association

More information

MANAGEMENT BRIEFING WEB SERVICES FOR BUSINESS INTELLIGENCE

MANAGEMENT BRIEFING WEB SERVICES FOR BUSINESS INTELLIGENCE MANAGEMENT BRIEFING WEB SERVICES FOR BUSINESS INTELLIGENCE By Richard Veryard, CBDi Forum June 2003 Summary The Business Intelligence space is being radically challenged by new forms of computing, including

More information

IDG Connect DDoS Survey

IDG Connect DDoS Survey KEY FINDINGS INTERACTIVE GUIDE 2016 IDG Connect DDoS Survey As Attacks Intensify DDoS Defenses Require New Strategies Introduction IDG (commissioned by A10 Networks ) conducted a survey of over 120 North

More information

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information

More information

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257 Wireless Sensor Network Security Seth A. Hellbusch CMPE 257 Wireless Sensor Networks (WSN) 2 The main characteristics of a WSN include: Power consumption constrains for nodes using batteries or energy

More information

Panel Session: Lessons Learned in Smart Grid Cybersecurity

Panel Session: Lessons Learned in Smart Grid Cybersecurity PNNL-SA-91587 Panel Session: Lessons Learned in Smart Grid Cybersecurity TCIPG Industry Workshop Jeff Dagle, PE Chief Electrical Engineer Advanced Power and Energy Systems Pacific Northwest National Laboratory

More information

Intrusion Tolerance to Mitigate Attacks that Persist

Intrusion Tolerance to Mitigate Attacks that Persist Intrusion Tolerance to Mitigate Attacks that Persist Arun Sood Professor (Computer Science) and Co-Director International Cyber Center George Mason University, Fairfax, VA asood@gmu.edu The variety and

More information

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013 Enterprise Security Architecture for Cyber Security M.M.Veeraragaloo 5 th September 2013 Outline Cyber Security Overview TOGAF and Sherwood Applied Business Security Architecture (SABSA) o o Overview of

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

Cyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification

Cyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification Cyber Essentials Scheme Protect your business from cyber threats and gain valuable certification Why you need it Cybercrime appears in the news on an almost daily basis - but it s not just the large and

More information

5.5. Penetration Tests. Report of the Auditor General of the Ville de Montréal to the City Council and to the Urban Agglomeration Council

5.5. Penetration Tests. Report of the Auditor General of the Ville de Montréal to the City Council and to the Urban Agglomeration Council Report of the Auditor General of the Ville de Montréal to the City Council and to the Urban Agglomeration Council 5.5 For the Year Ended December 31, 2013 Penetration Tests 5.5. Penetration Tests Table

More information

Balanced Reputation Detective System (BREDS): Proposed Algorithm

Balanced Reputation Detective System (BREDS): Proposed Algorithm Balanced Reputation Detective System (BREDS): Proposed Algorithm Pallavi Bansal 1, Narender Singh 2 1,2Computer science &Engineering department, G.I.T.M, Bilaspur, Yamunanagar, Haryana ---------------------------------------------------------------------***---------------------------------------------------------------------

More information

Lecture 15 - Web Security

Lecture 15 - Web Security CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 15 - Web Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/

More information

Information Technology Strategic Plan

Information Technology Strategic Plan Information Technology Strategic Plan Delivers solutions that are planned, anticipate the future and valued by customers Introduction Our Information Technology Strategy supports the Corporate Plan by

More information

Towards the Magic Green Broker Jean-Louis Pazat IRISA 1/29. Jean-Louis Pazat. IRISA/INSA Rennes, FRANCE MYRIADS Project Team

Towards the Magic Green Broker Jean-Louis Pazat IRISA 1/29. Jean-Louis Pazat. IRISA/INSA Rennes, FRANCE MYRIADS Project Team Towards the Magic Green Broker Jean-Louis Pazat IRISA 1/29 Jean-Louis Pazat IRISA/INSA Rennes, FRANCE MYRIADS Project Team Towards the Magic Green Broker Jean-Louis Pazat IRISA 2/29 OUTLINE Clouds and

More information

GLOSSARY OF KEY TERMS IN M&E

GLOSSARY OF KEY TERMS IN M&E ANNEX E: GLOSSARY OF KEY TERMS IN M&E Source: Development Assistance Committee (DAC). 2002. Glossary of Terms in Evaluation and Results-Based Management. Paris: OECD. This glossary is available in English,

More information

Data Governance. Unlocking Value and Controlling Risk. Data Governance. www.mindyourprivacy.com

Data Governance. Unlocking Value and Controlling Risk. Data Governance. www.mindyourprivacy.com Data Governance Unlocking Value and Controlling Risk 1 White Paper Data Governance Table of contents Introduction... 3 Data Governance Program Goals in light of Privacy... 4 Data Governance Program Pillars...

More information

The flow back tracing and DDoS defense mechanism of the TWAREN defender cloud

The flow back tracing and DDoS defense mechanism of the TWAREN defender cloud Proceedings of the APAN Network Research Workshop 2013 The flow back tracing and DDoS defense mechanism of the TWAREN defender cloud Ming-Chang Liang 1, *, Meng-Jang Lin 2, Li-Chi Ku 3, Tsung-Han Lu 4,

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

U.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview

U.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview U.S. Army Research, Development and Engineering Command Cyber Security CRA Overview Dr. Ananthram Swami, ST Network Science 18FEB 2014 Cyber Security Collaborative Research Alliance A Collaborative Venture

More information

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security

More information

A Broker Based Trust Model for Cloud Computing Environment

A Broker Based Trust Model for Cloud Computing Environment A Broker Based Trust Model for Cloud Computing Environment Chaitali Uikey 1, Dr. D. S. Bhilare 2 1 School of Computer Science & IT, DAVV, Indore, MP. India 2 Computer Center, DAVV, Indore, MP. India Abstract

More information

Five Simple Strategies for Securing APIs. By Scott Morrison, CA Technologies

Five Simple Strategies for Securing APIs. By Scott Morrison, CA Technologies Five Simple Strategies for Securing APIs By Scott Morrison, CA Technologies Contents 3 What Are APIs and Are They Worth the Risk? 8 The Three Attack Vectors to Watch Out For 13 Five Simple Mitigation Strategies

More information

2015 NASPO Cronin Award Nomination. Professional Development in Software Licensing. State of Wisconsin

2015 NASPO Cronin Award Nomination. Professional Development in Software Licensing. State of Wisconsin 2015 NASPO Cronin Award Nomination Professional Development in Software Licensing State of Wisconsin Submitted by: Wisconsin State Bureau of Procurement Executive Summary Evolution and innovation in technology

More information

A PLANNING MODEL FOR ABET ENGINEERING CRITERIA 2000

A PLANNING MODEL FOR ABET ENGINEERING CRITERIA 2000 A PLANNING MODEL FOR ABET ENGINEERING CRITERIA 2000 M. Dayne Aldridge and Larry Benefield College of Engineering Auburn University, AL 36849 Introduction ABET Engineering Criteria 2000 provides a new basis

More information

Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS)

Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS) Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS) PSCR Public Safety Broadband Stakeholder Conference June 4 th, 2014 Alex Kreilein Technology Policy Strategist Office

More information

On the Application of Trust and Reputation Management and User-centric Techniques for Identity Management Systems

On the Application of Trust and Reputation Management and User-centric Techniques for Identity Management Systems On the Application of Trust and Reputation Management and User-centric Techniques for Identity Management Systems Ginés Dólera Tormo Security Group NEC Laboratories Europe Email: gines.dolera@neclab.eu

More information

JISC. Technical Review of Using Cloud for Research. Guidance Notes to Cloud Infrastructure Service Providers. Introduction

JISC. Technical Review of Using Cloud for Research. Guidance Notes to Cloud Infrastructure Service Providers. Introduction JISC Technical Review of Using Cloud for Research Guidance Notes to Cloud Infrastructure Service Providers May, 2010 Introduction Provisioning and maintenance of research computing facilities is a core

More information

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

2011 Cyber Security and the Advanced Persistent Threat A Holistic View 2011 Cyber and the Advanced Persistent Threat A Holistic View Thomas Varney Cybersecurity & Privacy BM Global Business Services 1 31/10/11 Agenda The Threat We Face A View to Addressing the Four Big Problem

More information

Directives and Instructions Regarding Wireless LAN in Department of Defense (DoD) and other Federal Facilities

Directives and Instructions Regarding Wireless LAN in Department of Defense (DoD) and other Federal Facilities Directives and Instructions Regarding Wireless LAN in Department of Defense (DoD) and other Federal Facilities Wireless Infrastructure, Article 12-29-2011 The federal government, and the Department of

More information

Cloud application services (SaaS) Multi-Tenant Data Architecture Shailesh Paliwal Infosys Technologies Limited

Cloud application services (SaaS) Multi-Tenant Data Architecture Shailesh Paliwal Infosys Technologies Limited Cloud application services (SaaS) Multi-Tenant Data Architecture Shailesh Paliwal Infosys Technologies Limited The paper starts with a generic discussion on the cloud application services and security

More information

WWRF Cloud Implications to Security, Privacy, and Trust

WWRF Cloud Implications to Security, Privacy, and Trust ITU-T Workshop on Addressing security challenges on a global scale 06.+07.12.2010, Geneva WWRF Cloud Implications to Security, Privacy, and Trust Mario Hoffmann Chair WWRF Working Group 7 Security & Trust

More information

A Blueprint for Universal Trust Management Services

A Blueprint for Universal Trust Management Services A Blueprint for Universal Trust Management Services Tomasz Kaszuba Krzysztof Rzadca Adam Wierzbicki Grzegorz Wierzowiecki Polish-Japanese Institute of Information Technology Warsaw, Poland adamw@pjwstk.edu.pl

More information

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.

More information

Best Practices for Secure, Privacy, Preserving Mobile Networks: A NIST Perspective

Best Practices for Secure, Privacy, Preserving Mobile Networks: A NIST Perspective Best Practices for Secure, Privacy, Preserving Mobile Networks: A NIST Perspective Donna F. Dodson Chief Cybersecurity Advisor National Institute of Standards and Technology donna.dodson@nist.gov A Little

More information

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document

More information

US Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST)

US Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST) US Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST) william.newhouse@nist.gov NITRD Structure for US Federal Cybersecurity

More information

Risk mitigation for business resilience White paper. A comprehensive, best-practices approach to business resilience and risk mitigation.

Risk mitigation for business resilience White paper. A comprehensive, best-practices approach to business resilience and risk mitigation. Risk mitigation for business resilience White paper A comprehensive, best-practices approach to business resilience and risk mitigation. September 2007 2 Contents 2 Overview: Why traditional risk mitigation

More information

G-Cloud IV Framework Service Definition Accenture Web Application Security Scanning as a Service

G-Cloud IV Framework Service Definition Accenture Web Application Security Scanning as a Service G-Cloud IV Framework Service Definition Accenture Web Application Security Scanning as a Service 1 Table of contents 1. Scope of our services... 3 2. Approach... 4 a. HealthCheck Application Scan... 4

More information

Critical Infrastructure Security and Resilience

Critical Infrastructure Security and Resilience U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International

More information

Costs and Benefits of Reputation Management Systems

Costs and Benefits of Reputation Management Systems Costs and Benefits of Reputation Management Systems Roberto G. Cascella University of Trento Dipartimento di Ingegneria e Scienza dell Informazione Via Sommarive 14, I-381 Povo (TN), Italy cascella@disi.unitn.it

More information

The Fast Track Project Glossary is organized into four sections for ease of use:

The Fast Track Project Glossary is organized into four sections for ease of use: The Fast Track Management Glossary provides a handy reference guide to the fast track management model, encompassing the concepts, steps and strategies used to manage successful projects even in the face

More information

C. Wohlin and B. Regnell, "Achieving Industrial Relevance in Software Engineering Education", Proceedings Conference on Software Engineering

C. Wohlin and B. Regnell, Achieving Industrial Relevance in Software Engineering Education, Proceedings Conference on Software Engineering C. Wohlin and B. Regnell, "Achieving Industrial Relevance in Software Engineering Education", Proceedings Conference on Software Engineering Education & Training, pp. 16-25, New Orleans, Lousiana, USA,

More information

Tel (03) 9282-1239 Fax (03)9282-1241 www.aciia.asia ACIIA ADVOCACY PROJECT ASIAN STOCK EXCHANGE PERSPECTIVES ON INTERNAL AUDIT

Tel (03) 9282-1239 Fax (03)9282-1241 www.aciia.asia ACIIA ADVOCACY PROJECT ASIAN STOCK EXCHANGE PERSPECTIVES ON INTERNAL AUDIT Tel (03) 9282-1239 Fax (03)9282-1241 www.aciia.asia ACIIA ADVOCACY PROJECT ASIAN STOCK EXCHANGE PERSPECTIVES ON INTERNAL AUDIT APRIL 2015 TABLE OF CONTENTS A. Introduction 1 B. Scope and Methodology 2

More information

Directives and Instructions Regarding Security and Installation of Wireless LAN in DoD Federal Facilities

Directives and Instructions Regarding Security and Installation of Wireless LAN in DoD Federal Facilities Directives and Instructions Regarding Security and Installation of Wireless LAN in DoD Federal Facilities Wireless Infrastructure, Article 3-15-2012 The federal government recognizes that standards based

More information

Overview of F5 Networks. Fatih Bilger Senior Systems Engineer, Prolink. fatih.bilger@prolink.com.tr

Overview of F5 Networks. Fatih Bilger Senior Systems Engineer, Prolink. fatih.bilger@prolink.com.tr Overview of F5 Networks Fatih Bilger Senior Systems Engineer, Prolink fatih.bilger@prolink.com.tr Company Snapshot Leading provider of Application Delivery Networking products that optimize the security,

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

D6.1: Service management tools implementation and maturity baseline assessment framework

D6.1: Service management tools implementation and maturity baseline assessment framework D6.1: Service management tools implementation and maturity baseline assessment framework Deliverable Document ID Status Version Author(s) Due FedSM- D6.1 Final 1.1 Tomasz Szepieniec, All M10 (31 June 2013)

More information

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission Hearing before the House Permanent Select Committee on Intelligence Homeland Security and Intelligence: Next Steps in Evolving the Mission 18 January 2012 American expectations of how their government

More information

ISO 27001 Information Security Management Services (Lot 4)

ISO 27001 Information Security Management Services (Lot 4) ISO 27001 Information Security Management Services (Lot 4) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. LHIS TECHNICAL ASSURANCE SERVICES... 3 3. SERVICE OVERVIEW... 4 4. EXPERIENCE...

More information

Complete Protection against Evolving DDoS Threats

Complete Protection against Evolving DDoS Threats Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion

More information

Cyber security Building confidence in your digital future

Cyber security Building confidence in your digital future www.pwc.co.uk/cyber Cyber security Building confidence in your digital future We provide a range of integrated cyber security services, helping you protect what matters Building confidence in your digital

More information

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively

More information

City Research Online. Permanent City Research Online URL: http://openaccess.city.ac.uk/4487/

City Research Online. Permanent City Research Online URL: http://openaccess.city.ac.uk/4487/ Pawar, P. S., Rajarajan, M., Dimitrakos, T. & Zisman, A. (2014). Trust Assessment Using Cloud Broker. In: J. Zhou, N. Gal-Oz, J. Zhang & E, Gudes (Eds.), Trust Management VIII. IFIP Advances in Information

More information

Presentation. Dear Reader:

Presentation. Dear Reader: Dear Reader: Presentation It is with great satisfaction that we present the results of the Coordinated Audit by the Federal Court of Accounts Brazil (TCU) on Information Technology (IT) Governance. This

More information

Table of Contents PERFORMANCE REVIEWS STRATEGIC REVIEWS

Table of Contents PERFORMANCE REVIEWS STRATEGIC REVIEWS SECTION 270 PERFORMANCE AND STRATEGIC REVIEWS Table of Contents 270.1 To which agencies does this section apply? 270.2 What is the purpose of this section? PERFORMANCE REVIEWS 270.3 What is the purpose

More information

Introduction. Rising demand

Introduction. Rising demand When assessing requirements for datacenter consolidation and virtualization, a combination of performance, capacity and technology options will need to be taken into consideration, and each has a host

More information

Cyber Security Solutions

Cyber Security Solutions Cyber Security Solutions Defending the Enterprise General Dynamics Information Technology defends mission-critical systems including government, health, finance, defence, large-enterprise and national

More information

Increase insight. Reduce risk. Feel confident.

Increase insight. Reduce risk. Feel confident. Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING

More information

Trust and Reputation Management

Trust and Reputation Management Trust and Reputation Management Omer Rana School of Computer Science and Welsh escience Centre, Cardiff University, UK Omer Rana (CS, Cardiff, UK) CM0356/CMT606 1 / 28 Outline 1 Context Defining Trust

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

Ensuring Data Storage Security in Cloud Computing

Ensuring Data Storage Security in Cloud Computing Ensuring Data Storage Security in Cloud Computing ABSTRACT Cloud computing has been envisioned as the next-generation architecture of IT enterprise. In contrast to traditional solutions, where the IT services

More information

Technology and Cyber Resilience Benchmarking Report 2012. December 2013

Technology and Cyber Resilience Benchmarking Report 2012. December 2013 Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities

More information