ATTPS Publication: Trustworthy ICT Taxonomy

Similar documents
Cyber Security and Privacy

Cloud security architecture

Bellevue University Cybersecurity Programs & Courses

Cloud, Mobile, and Analytics. Looking Beyond the Hype

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Introduction to Cyber Security / Information Security

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

Security + Certification (ITSY 1076) Syllabus

Content Teaching Academy at James Madison University

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

CHAPTER 1 INTRODUCTION

Associate Prof. Dr. Victor Onomza Waziri

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

COSC 472 Network Security

Certified Information Systems Auditor (CISA)

(Instructor-led; 3 Days)

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

CESG Certification of Cyber Security Training Courses

Enterprise Security Architecture Concepts and Practice

Security Controls for the Autodesk 360 Managed Services

Chapter 1: Introduction

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015

A Survey on Security Threats and Security Technology Analysis for Secured Cloud Services

Course Content Summary ITN 262 Network Communication, Security and Authentication (4 Credits)

Security Controls What Works. Southside Virginia Community College: Security Awareness

CNA 432/532 OSI Layers Security

Security Issues in Cloud Computing

Security and Privacy in Cloud Computing

NIST Big Data Public Working Group

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

McAfee Security Architectures for the Public Sector

CISA TIMETABLE (4 DAYS)

Technology Risk Management

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

John Essner, CISO Office of Information Technology State of New Jersey

Workshop: How an IAM RFP Can Help You Choose the Best Solution for Your Business

CNT Computer and Network Security Review/Wrapup

Media Shuttle s Defense-in- Depth Security Strategy

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---

Fundamentals of Network Security - Theory and Practice-

The Information Security Problem

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

CompTIA Security+ Certification Study Guide. (Exam SYO-301) Glen E. Clarke. Gravu Hill

locuz.com Professional Services Security Audit Services

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Evaluation of different Open Source Identity management Systems

Information Security Basic Concepts

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Intrusion Detection: Game Theory, Stochastic Processes and Data Mining

PCI DSS Requirements - Security Controls and Processes

Security from a customer s perspective. Halogen s approach to security

3rd International Symposium on Big Data and Cloud Computing Challenges (ISBCC-2016) March 10-11, 2016 VIT University, Chennai, India

Jort Kollerie SonicWALL

Weighted Total Mark. Weighted Exam Mark

SECURE AND TRUSTY STORAGE SERVICES IN CLOUD COMPUTING

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING

Certificate in Cyber Security

Public Key Applications & Usage A Brief Insight

Information Security

Leading The World Into Connected Security. Paolo Florian Sales Engineer

EXIN Cloud Computing Foundation

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

Seminar: Security Metrics in Cloud Computing ( se)

Brainloop Cloud Security

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

INFORMATION TECHNOLOGY

Course Outline Computing Science Department Faculty of Science. COMP Credits Computer Network Security (3,1,0) Fall 2015

Microsoft s cybersecurity commitment

V1.4. Spambrella Continuity SaaS. August 2

Chapter 10. Cloud Security Mechanisms

Data Protection: From PKI to Virtualization & Cloud

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

Security aspects of e-tailing. Chapter 7

Cloud Computing Security Considerations

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

Cybersecurity Health Check At A Glance

GoodData Corporation Security White Paper

Transcription:

Publication: worthy ICT Taxonomy Roger Berkley worthy ICT Taxonomy Research Cybersecurity technology is a considerably large subdomain of ICT. Technology experts like Gartner have identified at least 94 different technology profiles for secure ICT in their Hype Cycle market research. Likewise, in an attempt to categorize already available worthy technologies, European research project CYSPA identified 21 security technology groups. SECCORD project has identified 50 independent keywords to classify R&D projects in & Security. Von Faber and Behnsen introduced the ESARIS Security Taxonomy, which is built to manage the complexity of protecting an industrial ICT service provider. ESARIS is a taxonomy of 31 ICT security standards where each standard comprises several security measures (Faber & Behnsen, 2013). National Institute of Communication Technologies (INTECO) provides a framework entitled Taxonomy of ICT Security Solutions which includes 13 different types of ICT security products and 8 different types of ICT security services (INTECO, 2010). Following available similar taxonomy research, and for the need to produce a worthy ICT Taxonomy and the unavailability of a similar construct within our reach project decided to take on the task of creating the worthy ICT Taxonomy. Project built the worthy ICT Taxonomy, taking into consideration the available classifications and categorizations. goal of building a single classification construct (i.e. taxonomy) is to provide a more comprehensive and reasonably complete guideline for clustering worthy ICT and cybersecurity European initiatives to perform various analyses including Research Gap Analysis and Business Impact Analysis performed as part of a Project Portfolio Analysis. recognizes the potential use of this taxonomy in other projects, research initiatives and organizations and that is reason for this publication. 1

Need for a worthy ICT Taxonomy need for a worthy ICT taxonomy stems from its role in the Business Impact Analysis and Research Gap Analysis performed as part of the overall portfolio analysis. Figure 1 illustrates this role. Figure 1: Role of worthy ICT Taxonomy in Business Impact Analysis and Gap Analysis projects on the project list (item number 1 in Figure 1) constituting the European worthy ICT Innovation Funnel are assigned a project technology classification. Determining a project technology (item 2) relies on direct multilevel input from project leaders or participants. collects this data as part of the European ICT project survey. Project respondents select up to three options of classification (focus areas) from the worthy ICT Taxonomy (item 0). Additional information to determine a project technology classification is in consideration from CORDIS 1 project descriptions and from European project web sites. Project technology classifications are then mapped to Gartner Hype Cycle (item 3) Technologies for business impact analysis, taking categorical and field technology definitions in consideration for this mapping. 1 http://cordis.europa.eu/ 2

Building the worthy ICT Taxonomy For the reasons of achieving a business impact measure, and an effective research gap analysis, project took on the task of building the worthy ICT Taxonomy for use in the project and for general public dissemination. In this regard, took in consideration various sources of information, including the taxonomies presented earlier at the top of this report. Moreover, and after considering the fitness-for-purpose of various general IT taxonomies, the ACM Computing Classification System 2 was adopted as a starting point. It provided the most comprehensive taxonomy available for modern ICT topics and most suitable for the needs of project., at its own judgement, educated by the available sources of information, extracted a subset of the ACM Computing Classification System as a first step to create the worthy ICT Taxonomy. ACM subset was then categorized in relation to technological domain and according to technology definitions provided by the available technology definition sources (Gartner IT Glossary 3, TechTarget Computing Glossary 4, Tech Terms Computer Dictionary 5, Techopedia 6 ). Finally, the resulting categorized list was improved through iterated cycles of research to identify additional technologies within and closely related to worthy ICT. input from these research cycles added additional technology categories and fields to the final worthy ICT Taxonomy. complete worthy ICT Taxonomy is presented on the following ages of this publication. 2 http://dl.acm.org/ccs/ccs.cfm?cfid=702965103&cftoken=83959333 3 http://www.gartner.com/it-glossary/ 4 http://whatis.techtarget.com/ 5 http://techterms.com/ 6 https://www.techopedia.com/ 3

worthy ICT Taxonomy 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 0. worthy ICT (Generic) 0.1 worthy ICT architectures 0.2 frameworks (practical/applicable) 0.3 worthy service design 0.4 worthy service components 0.5 worthy service delivery 0.6 worthy service certification 0.7 worthy service continual improvement mechanisms 0.8 worthy service strategy 0.9 worthy service monitoring 0.10 Validation of trust in trustworthy services 1. Cryptography 1.1 Key management 1.2 Public key (asymmetric) techniques 1.2.1 Digital signatures 1.2.2 Public key encryption 1.3 Symmetric cryptography and hash functions 1.3.1 Block and stream ciphers 1.3.2 Hash functions and message authentication codes 1.4 Homomorphic encryption 1.4.1 Fully homomorphic encryption (FHE) 1.4.2 Partially homomorphic encryption (PHE) 1.5 Cryptanalysis and other attacks 1.6 Information-theoretic encryption techniques 1.7 Mathematical foundations of cryptography 1.8 Email Encryption 2. Formal methods and theory of security 2.1 frameworks (theoretical) 2.2 Security requirements 2.2.1 Secure by design 2.3 Formal security models 2.4 Logic and verification 2.4.1 Context-aware and content-aware technologies 2.4.1.1 Content aware data loss prevention (DLP) 3. Security services 3.1 Authentication 3.1.1 Biometrics 3.1.2 Graphical / visual / Machine-Machine passwords 3.1.3 Multi-factor authentication 3.1.4 Identity proofing services (eid) 3.2 Access control 3.2.1 Attribute Based Mechanisms (Access Control) 3.3 Authorization 4

44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 3.4 Pseudonymity, anonymity and untraceability 3.5 Privacy enhancing technologies (PET) 3.5.1 Privacy by design 3.6 Digital rights management 3.6.1 Limited disclosure technology 3.7 Identity Analytics and Intelligence 4. Intrusion/anomaly detection and malware mitigation 4.1 Malware and its mitigation 4.2 Intrusion detection systems 4.2.1 Artificial immune systems 4.3 Social engineering attacks 4.3.1 Spoofing attacks 4.3.2 Phishing 4.3.3 Other intrusion and anomaly detection and mitigation 5. Security in hardware 5.1 Tamper-proof and tamper-resistant designs 5.2 Embedded systems security 5.2.1 Hardware-based security protocols 5.2.2 Tokenization 5.3 Hardware attacks and countermeasures 5.3.1 Malicious design modifications 5.3.2 Side-channel analysis and countermeasures 5.4 Hardware reverse engineering 6. Systems security 6.1 Operating systems security 6.1.1 Mobile platform security 6.1.1.1 Mobile single sign-on 6.1.2 ed computing 6.1.3 Virtualization and security 6.2 Distributed systems security 6.3 Information flow control 6.4 Denial-of-service attacks 6.5 Firewalls 6.6 Vulnerability management 6.6.1 Vulnerability scanners 6.6.2 Penetration testing 6.7 File system security 6.7.1 File Analysis 7. Network security 7.1 Security protocols 7.2 Web protocol security 7.3 Mobile and wireless security 8. Cloud Security 8.1 Cloud Data Protection Gateways 8.2 Cloud Access Security Brokers 5

89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 8.3 Hypervisor Security Protection 8.4 High-Assurance Hypervisors 8.5 Certification for Cloud Security and Cloud Services 8.6 Standardization for Cloud Security 8.7 Cloud Governance 8.7.1 Accountability for Cloud Services 8.7.2 Data Provenance for Cloud Services 8.7.3 Audit Mechanisms for Cloud 8.7.4 Policy Assurance and Management for Cloud 8.7.5 Compliance Mechanisms for Cloud 8.7.6 Asset Control and Maintenance for Cloud 8.7.7 Monitoring Services & Tools for Cloud 9. Cloud Services & Cloud Security Services 9.1 Cloud Management Platforms 9.1.1 Cloud Service Brokerage 9.1.2 Cloud-Based Disaster Recovery Services 9.1.3 Cloud Testing Tools and Service 9.1.4 Cloud Application Discovery 9.2 Virtualization 9.2.1 Virtual Machine Resilience 9.2.2 Virtual Machine Backup and Recovery 9.2.3 Hypervisor / Virtual Machine Monitor 9.3 Private Cloud Computing 9.3.1 Cloud Computing in Government 9.4 Public Cloud Computing 9.4.1 European Public Cloud Initiative (Pre-operational) 9.4.2 European Public Cloud Service (Operational) 9.5 Cloud-Based Security Services 9.5.1 SaaS Platform Security Management 9.5.2 Security as a Service (SecaaS) 9.5.2.1 SecaaS for Enterprise 9.5.2.2 SecaaS for Public Social Media 10. Database and storage security 10.1 Data anonymization and sanitization 10.2 Management and querying of encrypted data 10.3 Information accountability and usage control 10.4 Database activity monitoring 10.5 Virtual Directories 11. Software and application security 11.1 Software security engineering 11.2 Web application security 11.3 Social network security and privacy 11.4 Domain-specific security and privacy architectures 12. Large-scale system security 12.1 Physically-coupled system security (tight coupling) 6

134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 12.1.1 Systems of systems security (Tightly-coupled) 12.2 Loosely-coupled system security 12.2.1 Service oriented architecture security 12.2.2 Message-based service integration security 12.2.3 Systems of systems security (Loosely-coupled) 13. Human and societal aspects of security and privacy 13.1 Economics of security and privacy 13.1.1 Economics of trust in information technology 13.2 Social aspects of security and privacy 13.2.1 Usability in security and privacy 13.2.2 Personalization of security and privacy 13.2.3 Flexible localization (optional localization) 13.3 Privacy protections 13.3.1 Internet Reputation Management (Enterprise) 13.3.2 Persona management (individuals) 13.4 Regulation for security & privacy 13.5 Standards Development for security & privacy 13.6 Software and System security in Government 7

References Casper, C. (2014). Hype Cycle for Privacy 2014, Gartner. Heiser, J. (2014). Hype Cycle for Cloud Security 2014, Gartner. Faber, E. von, & Behnsen, W. (2013). A security Taxonomy that facilitates Protecting an industrial ICT Production and how it really provides Transparency. In H. Reimer, N. Pohlmann, & W. Schneider (Eds.), ISSE 2013 Securing Electronic Business Processes: Highlights of the Information Security Solutions Europe 2013 Conference (pp. 87 98). Wiesbaden: Springer Vieweg. National Institute for Communications Technologies INTECO. (2010). TAXONOMY OF ICT SECURITY SOLUTIONS. 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information