A Goal- Driven Security Framework for Cloud Storage: A Preliminary Study
|
|
- Lesley Hensley
- 7 years ago
- Views:
Transcription
1 A Goal- Driven Security Framework for Cloud Storage: A Preliminary Study Fara Yahya fara.yahya@soton.ac.uk Electronic & Software Systems Electronics & Computer Science Faculty of Physical Sciences and Engineering University of Southampton (Cyber Security 2016), 13th - 14th June 2016, London United Kingdom
2 Introduction Background Preliminary Study Results & Discussion Conclusion & Future Work 2
3 3
4 Introduction According to Cisco Global Cloud Index, cloud storage users will store 1.6 Gigabytes data per month by 2019, compared to 992 megabytes data per month in Exabyte Year Cloud Storage Growth Per User Regional Cloud Storage Users by 2019 Region Internet Users in Millions (% of Population) Cloud Storage Users in Millions (% of Internet Users) Asia Pacific 2,022 (49%) 1,176 (58%) Central and Eastern Europe 321 (66%) 134 (42%) Latin America 355 (54%) 141 (40%) Middle East and Africa 401 (25%) 65 (16%) North America 311 (83%) 257 (83%) Western Europe 341 (80%) 272 (80%) 4
5 Cloud Security Concerns Cloud-related malware Insufficient due diligence Malicious Insiders Closure of Cloud Service Abuse of Cloud Service Data Loss Natural Disaster Insecure APIs Hardware failure Shared Technologies Vulnerabilities Denial of Service Account Hijacking Data Breach Inadequate Cloud Planning/Design 5
6 CIANA Threats STRIDE Confidentiality Integrity Data Breaches Data Loss Account/Service Hijacking Insecure APIs Denial of Service Spoofing Identity Tampering with Data Availability Non-repudiation Authenticity Malicious Insiders Abuse of Cloud Service Insufficient Due Diligence Shared Technology Vulnerability Hardware Failure Natural Disaster Closure of Cloud Service Cloud-related Malware Inadequate Cloud Planning/Design Repudiation Information Disclosure Denial of Service Elevation of Privilege 6
7 Approach What are the cloud storage elements? What are the security concerns? What are the existing international industry standards, best practices & guidelines? 7
8 Preliminary study A qualitative interview was carried out to explore the knowledge, opinions and values of individuals or groups who are experts in a particular field of knowledge. A survey was chosen to collect information to capture knowledge on cloud security. Questionnaires are data collection tool in which participants are requested to answer various predetermined questions. 8
9 Results of expert review The semi-structured interviews were conducted with 20 security experts in Malaysia and the United Kingdom. The security experts have more than five years of experience in information security. The aim of the expert interview was to review the security components identified by the literature review and to explore other components. 9
10 Thematic Analysis 10
11 Results of practitioners survey The quantitative data was collected using an online questionnaire. Overall, 34 were taken as the sample. All of the respondents are security practitioners, currently working in ICT and have at least two years experience in information security. The aim of the survey was to confirm the components in the proposed framework and other components obtained from the expert interviews. 11
12 Statistical Analysis Reliability Statistics Test of security components Components Number of Items Cronbach s alpha Value Reliability test Cronbach s alpha analysis Normality test A Shapiro-Wilk test, visual inspection of histograms, normal Q-Q plots, box plots, skewness and kurtosis Correlation test Pearson correlation Parametric test One sample t-test Confidentiality Integrity Availability Non-repudiation Authenticity Reliability Accountability Auditability Analysis of security components using one sample t-testª Component Mean t Sig. (2- tailed) Confidentiality Co <0.001** Co <0.001** Integrity In <0.001** In <0.001** Availability Av <0.001** Av <0.001** Non- repudiation Nr <0.002** Nr <0.001** Authenticity At <0.001** At <0.001** Reliability Re <0.001** Re <0.001** Accountability Ac <0.001** Ac <0.001** Auditability Au <0.001** ª df =33 ** p< Au <0.001** 12
13 Discussion All the components proposed, based on existing studies and suggested in the expert review, were deemed statistically significant. Confidentiality and Availability received the strongest consensus. This shows that although security protections are important, the availability of service and accessibility of data in the cloud is considered important too. 13
14 14
15 Conclusion A security framework to protect data in cloud storage is proposed based on security components and threats in the cloud. Literature syntheses identified six security components To review these components, expert reviews with security experts from UK and Malaysia was conducted Experts confirmed the identified components and mentioned two additional These components were confirmed via the questionnaire survey 15
16 Future Work An instrument to measure how much does an organisation follow the cloud storage security framework will be developed based on the goal-driven components identified and confirmed in this study The instrument is developed using Goal-Question- Metrics (GQM) approach. The instrument is a selfassessment tool, currently receiving 161 responses from IT security managers in Malaysia 16
17 17
Cloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationMobile Application Threat Analysis
The OWASP Foundation http://www.owasp.org Mobile Application Threat Analysis Ari Kesäniemi Nixu Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under
More informationESKISP6054.01 Conduct security testing, under supervision
Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to
More informationSecure By Design: Security in the Software Development Lifecycle
Secure By Design: Security in the Software Development Lifecycle Twin Cities Rational User s Group Security Briefing by Arctec Group (www.arctecgroup.net) Integrating Security into Software Development
More informationSecurity and Privacy in Cloud Computing
Security and Privacy in Cloud Computing Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 2 02/01/2010 Threats, vulnerabilities, and enemies Goal Learn the cloud computing threat model
More informationResidual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)
Organizational risks 1 Lock-in Risk of not being able to migrate easily from one provider to another 2 Loss of Governance Control and influence on the cloud providers, and conflicts between customer hardening
More informationIs it Time to Trust the Cloud? Unpacking the Notorious Nine
Is it Time to Trust the Cloud? Unpacking the Notorious Nine Jonathan C. Trull, CISO, Qualys Cloud Security Alliance Agenda Cloud Security Model Background on the Notorious Nine Unpacking the Notorious
More informationSurvey about Cloud Computing Threats
Survey about Cloud Computing Threats Raju M #1, Lanitha B *2 PG Scholar, Department of CSE, CMS College of Engineering, Namakkal, Tamilnadu, India #1 Assistant Professor, Department of CSE, KGiSL Institute
More informationThreat Modeling. Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE UNIVERSITEIT LEUVEN
Threat Modeling Frank Piessens (Frank.Piessens@cs.kuleuven.be ) Secappdev 2007 1 Overview Introduction Key Concepts Threats, Vulnerabilities, Countermeasures Example Microsoft s Threat Modeling Process
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationOverview TECHIS60441. Carry out security testing activities
Overview Information, services and systems can be attacked in various ways. Understanding the technical and social perspectives, how attacks work, the technologies and approaches used are key to being
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationRequirements Engineering for SaaS Application Security in Cloud Using SQUARE Methodology
Requirements Engineering for SaaS Application Security in Cloud Using SQUARE Methodology E. Pragnavi J. Sandeep Kumar Assistant Professor, Product Technical Lead, Dept. of CSE, UCE, Infosys, Hyderabad
More informationDevelopment Processes (Lecture outline)
Development*Process*for*Secure* So2ware Development Processes (Lecture outline) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development
More informationThreat modeling. Tuomas Aura T-110.4206 Information security technology. Aalto University, autumn 2011
Threat modeling Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 Threats Threat = something bad that can happen Given an system or product what are the threats against
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationBCS Foundation Certificate in Information Security Management Principles
S Foundation ertificate in Information Security Management Principles Specimen Paper Record your surname/last/family name and initials on the nswer Sheet. Specimen paper only. 20 multiple-choice questions
More informationTop Threats Working Group. The Notorious Nine. Cloud Computing Top Threats in 2013. February 2013
Top Threats Working Group The Notorious Nine Cloud Computing Top Threats in 2013 February 2013 The permanent and official location for Cloud Security Alliance Top Threats research is http://www.cloudsecurityalliance.org/topthreats.
More informationCAN NUCLEAR INSTALLATIONS AND RESEARCH CENTERS ADOPT CLOUD COMPUTING?
CAN NUCLEAR INSTALLATIONS AND RESEARCH CENTERS ADOPT CLOUD COMPUTING? Ameer Pichan School of Electrical Engineering & Computing Curtin University, Australia What is it? Similar to other services net r
More informationBreach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security
Breach Findings for Large Merchants 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security Disclaimer The information or recommendations contained herein are
More informationFinancial Sector Cybersecurity: who s in charge? Aquiles A. Almansi Lead Financial Sector Specialist WBG-Finance & Markets
Financial Sector Cybersecurity: who s in charge? Aquiles A. Almansi Lead Financial Sector Specialist WBG-Finance & Markets Issues in the Governance of Central Banks (BIS 2009) Financial Sector Cybersecurity:
More informationThreat Modeling: The Art of Identifying, Assessing, and Mitigating security threats
Threat Modeling: The Art of Identifying, Assessing, and Mitigating security threats Mohamed Ali Saleh Abomhara University of Agder mohamed.abomhara@uia.no Winter School in Information Security, Finse May
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationIntroduction to Information Security
Introduction to Information Security Chapter 1 Information Security Basics Winter 2015/2016 Stefan Mangard, www.iaik.tugraz.at What is Information Security? 2 Security vs. Safety The German word Sicherheit
More informationCAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST
CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires
More informationCloud Data Security and the Insider Threat
Cloud Data Security and the Insider Threat Sol Cates CSO @solcates scates@vormetric.com Copyright 2014 Vormetric, Inc. All rights reserved. A bit about me InfoSec for ~ 18 years Currently have 4 jobs Infrastructure
More informationRecall the Security Life Cycle
Lecture 7: Threat Modeling CS 436/636/736 Spring 2014 Nitesh Saxena Recall the Security Life Cycle Threats Policy Specification Design Implementation Operation and Maintenance So far what we have learnt
More informationRisks and Challenges
Cloud and Mobile Security: Risks and Challenges Chong Sau Wei (CISM) chong@scan associates.net General Manager Managed Security Services SCAN Associates Berhad Seminar e Kerajaan Negeri Pulau Pinang 14
More informationWeb Application Remediation. OWASP San Antonio. March 28 th, 2007
Web Application Remediation OWASP San Antonio March 28 th, 2007 Agenda Introduction The Problem: Vulnerable Web Applications Goals Example Process Overview Real World Issues To Address Conclusion/Questions
More information1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services
1. Computer Security: An Introduction Definitions Security threats and analysis Types of security controls Security services Mar 2012 ICS413 network security 1 1.1 Definitions A computer security system
More informationThreat Modeling. 1. Some Common Definition (RFC 2828)
Threat Modeling Threat modeling and analysis provides a complete view about the security of a system. It is performed by a systematic and strategic way for identifying and enumerating threats to a system.
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationCommittees Date: Subject: Public Report of: For Information Summary
Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security
More informationBrochure More information from http://www.researchandmarkets.com/reports/3065119/
Brochure More information from http://www.researchandmarkets.com/reports/3065119/ Global Hadoop Market applications, Geography, Haas, Strategy, Industry Overview, Size, regional analysis, Share, Global
More informationSoftware Security Touchpoint: Architectural Risk Analysis
Software Security Touchpoint: Architectural Risk Analysis Gary McGraw, Ph.D. Chief Technology Officer, Cigital Founded in 1992 to provide software security and software quality professional services Recognized
More informationCyber Security and the Board of Directors
Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Cyber Security and the Board of Directors An essential responsibility in financial services About Delta Risk is a
More informationSpambrella SaaS Support Terms & Conditions
April 29, 2014 Spambrella SaaS Support Terms & Conditions Spambrella and/or other noted Spambrella related products contained herein are registered trademarks or trademarks of Spambrella and/or its affiliates
More informationhttp://www.cisjournal.org Security Framework for Cloud Computing Environment: A Review Ayesha Malik, Muhammad Mohsin Nazir
Security Framework for Cloud Computing Environment: A Review Ayesha Malik, Muhammad Mohsin Nazir Department of Computer Science Lahore College for Women University, Lahore, Pakistan. ayesha_sadaqat@yahoo.com,
More informationCompliance and Cloud Computing
Compliance and Cloud Computing Balaji Palanisamy Director, Southwest- US Coalfire Systems, Inc. July 24, 2014 Agenda Introduction Cloud Computing Basics Cloud Computing Threats Security vs. Compliance
More informationCloud Security & Standardization. Markku Siltanen Tietoturvakonsultti CISA, CGEIT, CRISC
0 Copyright 2011 FUJITSU Cloud Security & Standardization Markku Siltanen Tietoturvakonsultti CISA, CGEIT, CRISC Cloud computing 1 Copyright 2011 FUJITSU Characteristics of cloud 2 Copyright 2011 FUJITSU
More informationPublic Cloud Security: Surviving in a Hostile Multitenant Environment
Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could
More informationInformation Security Team
Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface
More informationDefending Against Attacks by Modeling Threat Behaviors
Defending Against Attacks by Modeling Threat Behaviors John Benninghoff Transvasive Security Transparent and Pervasive Security 2013 Verizon DBIR Recommendations What can we do about it? Collect, analyze
More informationCHAPTER 7 PRESENTATION AND ANALYSIS OF THE RESEARCH FINDINGS
CHAPTER 7 PRESENTATION AND ANALYSIS OF THE RESEARCH FINDINGS 7.1 INTRODUCTION Chapter 6 detailed the methodology that was used to determine whether educators are teaching what management accountants need
More information2015 Global Study on IT Security Spending & Investments
2015 Study on IT Security Spending & Investments Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Sponsored by Part 1. Introduction Security risks are pervasive and becoming
More informationISSECO Syllabus Public Version v1.0
ISSECO Syllabus Public Version v1.0 ISSECO Certified Professional for Secure Software Engineering Date: October 16th, 2009 This document was produced by the ISSECO Working Party Syllabus Introduction to
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationExternal Supplier Control Requirements
External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationMarketsandMarkets. http://www.marketresearch.com/marketsandmarkets-v3719/ Publisher Sample
MarketsandMarkets http://www.marketresearch.com/marketsandmarkets-v3719/ Publisher Sample Phone: 800.298.5699 (US) or +1.240.747.3093 or +1.240.747.3093 (Int'l) Hours: Monday - Thursday: 5:30am - 6:30pm
More informationGlobal Encryption and Key Management Trends Study
Global Encryption and Key Management Trends Study SPONSORED BY THALES E-SECURITY INDEPENDENTLY CONDUCTED BY PONEMON INSTITUTE LLC PUBLICATION DATE: APRIL 2015 www.thalesgroup.com Background Data Rise of
More informatione-government Agency Delivering Secure, Public-Oriented e-government Facilities in Africa A Holistic Approach
THE UNITED REPUBLIC OF TANZANIA President s office, Public Service Management e-government Agency Delivering Secure, Public-Oriented e-government Facilities in Africa A Holistic Approach Dr. Jabiri Kuwe
More informationChallenges of Software Security in Agile Software Development
Challenges of Software Security in Agile Software Development Dr. Panayotis Kikiras INFS133 March 2015 Agenda Lean Principles and Agile Development Usable Security Secure software development in Agile
More informationCSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments
CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments Kelvin Ng Tao Yao Sing Heng Yiak Por Acknowledgeme nts Co-Chairs Kapil Raina, Zscaler Kelvin Ng, Nanyang
More informationUNDERSTANDING THE INDEPENDENT-SAMPLES t TEST
UNDERSTANDING The independent-samples t test evaluates the difference between the means of two independent or unrelated groups. That is, we evaluate whether the means for two independent groups are significantly
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationSecurity Risk Solutions Limited is a privately owned Kenyan company that was established in 2007.
Information Security Management Present and Future By: Jona Owitti, CISA Director, Security Risk Solutions Limited Immediate Past Chairman, ISACA Kenya Chapter About SRS www.securityrisksolutions.net -
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationBig Data and Infosecurity: Research Report
Big Data and Infosecurity: Research Report Contents Big Data and Infosecurity: Research Report... 1 Table of Contents... 1 Executive Summary... 2 Methodology... 2 Findings... 3 Who responded?... 3 What
More informationThe Security Organization p. 1 Anecdote p. 2. Introduction
Preface p. xxiii Introduction p. xxv The Security Organization p. 1 Anecdote p. 2 Introduction p. 2 Where to Put the Security Team p. 2 Where Should Security Sit? Below the IT Director Report p. 3 Where
More informationNetwork Infrastructure Virtualization: Transforming Telecommunications and Managed Services
Brochure More information from http://www.researchandmarkets.com/reports/2775087/ Network Infrastructure Virtualization: Transforming Telecommunications and Managed Services Description: Historically,
More informationCreating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services
Creating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services Managing Governance, Risk, and Compliance for Cloud Information Security Introduction Businesses today are
More informationCloud Security: An Independent Assessent
Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned
More informationAn overwhelming majority of IaaS clouds leverage virtualization for their foundation.
1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources
More informationThe Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.
The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35
More informationENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency
ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The
More informationFBLA Cyber Security aligned with Common Core 6.14. FBLA: Cyber Security RST.9-10.4 RST.11-12.4 RST.9-10.4 RST.11-12.4 WHST.9-10.4 WHST.11-12.
Competency: Defend and Attack (virus, spam, spyware, Trojans, hijackers, worms) 1. Identify basic security risks and issues to computer hardware, software, and data. 2. Define the various virus types and
More informationAnatomy of a Cloud Computing Data Breach
Anatomy of a Cloud Computing Data Breach Sheryl Falk Mike Olive ACC Houston Chapter ITPEC Practice Group September 18, 2014 1 Agenda Ø Cloud 101 Welcome to Cloud Computing Ø Cloud Agreement Considerations
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationSecurity Testing. How security testing is different Types of security attacks Threat modelling
Security Testing How security testing is different Types of security attacks Threat modelling Note: focus is on security of applications (not networks, operating systems) Security testing is about making
More informationOverview of computer and communications security
Overview of computer and communications security 2 1 Basic security concepts Assets Threats Security services Security mechanisms 2 Assets Logical resources Information Money (electronic) Personal data
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationInformation Security in Business: Issues and Solutions
Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information
More informationA view from the Cloud Security Alliance peephole
A view from the Cloud Security Alliance peephole Cloud One million new mobile devices - each day! Social Networking Digital Natives State Sponsored Cyberattacks? Organized Crime? Legal Jurisdiction & Data
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationMobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program
Mobile Application Security Helping Organizations Develop a Secure and Effective Mobile Application Security Program by James Fox fox_james@bah.com Shahzad Zafar zafar_shahzad@bah.com Mobile applications
More information- This study provides an in-depth analysis of MSS market with current and future trends to elucidate the imminent investment pockets in the market.
Brochure More information from http://www.researchandmarkets.com/reports/3197615/ Global Managed Security Services Market - Size, Share, Global Trends, Company Profiles, Demand, Insights, Analysis, Research,
More informationIT Security Management Risk Analysis and Controls
IT Security Management Risk Analysis and Controls Steven Gordon Document No: Revision 770 3 December 2013 1 Introduction This document summarises several steps of an IT security risk analysis and subsequent
More informationAuditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A
Brochure More information from http://www.researchandmarkets.com/reports/2213812/ Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A Description: The auditor's guide to ensuring
More informationWeb application testing
CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration
More informationUnit 3 Cyber security
2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:
More informationUnderstanding and evaluating risk to information assets in your software projects
Understanding and evaluating risk to information assets in your software projects ugh.. what a mouthful Dana Epp Windows Security MVP Who am I? Microsoft Windows Security MVP Information Security Professional
More informationThreat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP
Threat Modeling Categorizing the nature and severity of system vulnerabilities John B. Dickson, CISSP What is Threat Modeling? Structured approach to identifying, quantifying, and addressing threats. Threat
More informationCyber Security Assessment Framework: Case of Government Ministries in Kenya
Cyber Security Assessment Framework: Case of Government Ministries in Kenya Alice Nambiro Wechuli (Department of Computer Science, Masinde Muliro University of Science and Technology, Kenya alicenambiro@yahoo.com)
More information2008 Disaster Recovery Research Overview and Key Findings Report
2008 Disaster Recovery Research Report The Overview The Symantec sponsored 2008 Disaster Recovery Research fourth annual report highlights business trends regarding disaster planning and preparedness.
More informationRisk Management in the Development Process A Progress Report
Risk Management in the Development Process A Progress Report 1 Introduction 2 Smart Meter Gateway - basic facts 3 Real Life Example Introduction Industry 4.0 and IoT gain importance of Embedded Systems
More informationGlobal Disaster Recovery Market Insights, Opportunity Analysis, Market Shares and Forecast 2016-2022
Brochure More information from http://www.researchandmarkets.com/reports/3517502/ Global Disaster Recovery Market Insights, Opportunity Analysis, Market Shares and Forecast 2016-2022 Description: The increasing
More informationOWASP Cornucopia. Ecommerce Website Edition. The OWASP Foundation. OWASP London https://www.owasp.org. 3rd June 2013
The OWASP Foundation OWASP London https://www.owasp.org 3rd June 2013 OWASP Cornucopia Ecommerce Website Edition OWASP Cornucopia - Ecommerce Website Edition helps developers identify security requirements
More informationPenetration Testing. How Government Can Achieve Better Outcomes. Delivered by Murray Goldschmidt, Chief Operating Officer
Penetration Testing How Government Can Achieve Better Outcomes Delivered by Murray Goldschmidt, Chief Operating Officer Cyber Security for Government Conference, 25&26 October 2011, Sydney Compliance,
More informationA New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager
A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks Alex Leemon, Sr. Manager 1 The New Cyber Battleground: Inside Your Network Over 90% of organizations have been breached
More informationAgile and Secure Can We Be Both? Chicago OWASP. June 20 th, 2007
Agile and Secure Can We Be Both? Chicago OWASP June 20 th, 2007 The Agile Practitioner s Dilemma Agile Forces: Be more responsive to business concerns Increase the frequency of stable releases Decrease
More informationCSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun
CSCI 454/554 Computer and Network Security Instructor: Dr. Kun Sun About Instructor Dr. Kun Sun, Assistant Professor of Computer Science http://www.cs.wm.edu/~ksun/ Phone: (757) 221-3457 Email: ksun@wm.edu
More informationREPORT. Next steps in cyber security
REPORT March 2015 Contents Executive summary...3 The Deloitte and Efma questionnaire...5 Level of awareness...5 Level of significance...8 Level of implementation...11 Gap identification and concerns...15
More informationCyber Security Organisational Standards. Guidance
Cyber Security Organisational Standards Guidance April 2013 Contents Contents...2 Overview...3 Background...4 Definitions...5 Presentation and Layout...6 Submissions Guidance...7 Acceptance Criteria...8
More informationAgile and Secure: OWASP AppSec Seattle Oct 2006. The OWASP Foundation http://www.owasp.org/
Agile and Secure: Can We Be Both? OWASP AppSec Seattle Oct 2006 Dan Cornell, OWASP San Antonio Leader Principal, Denim Group Ltd. dan@denimgroup.com (210) 572-4400 Copyright 2006 - The OWASP Foundation
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationGold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary
Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK Executive Summary Core statements I. Cyber security is now too hard for enterprises The threat is increasing
More informationSecurity Threats in Demo Steinkjer
Security Threats in Demo Steinkjer Report from the Telenor-SINTEF collaboration project on Smart Grids Author(s) Inger Anne Tøndel, SINTEF Martin Gilje Jaatun, SINTEF Maria Bartnes Line, SINTEF/NTNU SINTEF
More information