Information Assurance and Security Technologies for Risk Assessment and Threat Management:



Similar documents
10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Information Security

CESG Certification of Cyber Security Training Courses

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

External Supplier Control Requirements

Ensuring Security in Cloud with Multi-Level IDS and Log Management System

COSC 472 Network Security

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Introduction to Cyber Security / Information Security

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

(Instructor-led; 3 Days)

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Security Controls What Works. Southside Virginia Community College: Security Awareness

Second-generation (GenII) honeypots

CPSC 467: Cryptography and Computer Security

Name. Description. Rationale

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

External Supplier Control Requirements

Network Security Essentials:

Cisco Advanced Services for Network Security

INTRUSION PREVENTION (IPS) Features SECURITY OF INFORMATION TECHNOLOGIES

NIST Cyber Security Activities

Wireless Network Security

Jort Kollerie SonicWALL

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Information Security Basic Concepts

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Information, Network & Cyber Security

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Chapter 10. Network Security

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Security and Privacy in Cloud Computing

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

The Protection Mission a constant endeavor

Central Agency for Information Technology

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Certified Information Systems Auditor (CISA)

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Chapter 1: Introduction

74% 96 Action Items. Compliance

PCI Solution for Retail: Addressing Compliance and Security Best Practices

WIRELESS NETWORKING SECURITY

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Joseph Migga Kizza. A Guide to Computer Network Security. 4) Springer

How To Manage Security On A Networked Computer System

Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks

Bellevue University Cybersecurity Programs & Courses

Course: Information Security Management in e-governance

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

DISTRIBUTED SYSTEMS SECURITY

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

Security Requirements for Wireless Local Area Networks

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Intrusion Detection for Mobile Ad Hoc Networks

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

Chapter 23. Database Security. Security Issues. Database Security

Introduction to Security

Network Security: Introduction

Chap. 1: Introduction

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

System Specification. Author: CMU Team

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Cyber Security for SCADA/ICS Networks

CSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

Analyzing the Security Significance of System Requirements

Detailed Description about course module wise:

PCI DSS Requirements - Security Controls and Processes

Data Security Incident Response Plan. [Insert Organization Name]

NETWORK SECURITY (W/LAB) Course Syllabus

Managing Cloud Computing Risk

Security and Risk Analysis of VoIP Networks

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

Newcastle University Information Security Procedures Version 3

Endpoint Security Management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

Goals. Understanding security testing

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Transcription:

Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances Te-Shun Chou East Carolina University, USA Information Science REFERENCE

Detailed Table of Contents Foreword Preface Acknowledgment xii xiv xvii Section 1 Attacks and Vulnerabilities Chapter 1 Attacks on IT Systems: Categories of Motives Georg Disterer, University of Applied Sciences Hannover, Germany Computer attacks can be categorized based on the courses of action used to exploit vulnerabilities such as break-in, masquerading, and probe attacks. Computer attacks also can be categorized based on the result of attacks, such as corruption, leakage, and denial. In this chapter, the author categorizes the attacks in respect of attacker's motivations into ten categories, such as greed, hopelessness, and curiosity. In each category, the author uses recently occurred incidents to illustrate the motives of people who attack company IT systems. Chapter 2 Wireless Security 17 Faisal Kaleem, Florida International University, USA Kang K. Yen, Florida International University, USA Wireless technologies such as WiFi, Bluetooth, and cellular wireless have become instrumental in our daily life. However, attackers could possibly break into the wireless network to steal valuable information and thus cause loss of assets. Therefore, the study of wireless security is a big issue to both individuals and organizations. In this chapter the authors start with the introduction of wireless technology history. The authors then explicate the wireless security threats in wireless local area network and wireless personal area network. At last, the countermeasures of wireless attacks are presented.

Section 2 Security Technologies Chapter 3 Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for Real E-Mail Traffic 47 Gianluca Papaleo, Istituto di Elettronica e di Ingegneria dell 'Informazione e delle Telecomunicazioni, Italy & Consiglio Nazionale delle Ricerche, Italy Davide Chiarella, Istituto di Elettronica e di Ingegneria dell 'Informazione e delle Telecomunicazioni, Italy & Consiglio Nazionale delle Ricerche, Italy Maurizio Aiello, Istituto di Elettronica e di Ingegneria dell 'Informazione e delle Telecomunicazioni, Italy & Consiglio Nazionale delle Ricerche, Italy Luca Caviglione, Istituto di Studi sui Sistemi Intelligent}per I'Automazione, Italy & Consiglio Nazionale delle Ricerche, Italy Generally, there exist two main intrusion detection techniques: anomaly detection and misuse detection. Misuse detection involves the comparison of observed traffic data with a set of well defined rules that describe signatures of intrusions. If the signature of observed network traffic is not matched with any of predefined rules, it is declared as an attack. Anomaly detection searches for intrusive activities by comparing network traffic to those established acceptable normal usage patterns learned from training data. If the pattern of observed data is different from those learned normal ones, the data is classified as an attack. In this chapter, the authors review anomaly detection and misuse detection approaches in detecting worms spreading through the Internet. The authors also investigate several aspects concerning the analysis, development and deployment of statistical anomaly detection techniques for e-mail traffic. Chapter 4 Forensics Challenges for Mobile Phone Security 72 Halim M. Khelalfa, University of Wollongong in Dubai, UAE Mobile phone forensics is a quite new research topic in the field of digital forensics. It is associated with recovering digital evidence or data from mobile phones. Chapter Four begins with an introduction of GSM and CDMA cellular wireless technologies, followed by an investigation of forensics issues such as guidelines, procedures, tools, and threats. This chapter ends with a presentation of current researches as well as trends on mobile phone forensics. ^ Chapter 5 Applying Continuous Authentication to Protect Electronic Transactions 134 Silas Leite Albuquerque, University of Brasilia, Brazil Paulo Roberto de Lira Gondim, University of Brasilia, Brazil Authentication is very important in protecting computer systems. It is a process to verify an individual's identity whether s/he has enough authorization to access the computer system or not. In the beginning

of this chapter, the authors explore the ideas regarding trust models in electronic transactions. The authors then research electronic transactions security using continuous authentication processes in trust in electronic communications systems, brief revision about conventional authentication models, continuous authentication concepts, and biometrics. Chapter 6 Identity-Based Cryptography: Applications, Vulnerabilities and Future Directions 162 Jenny Torres, University Pierre and Marie Curie, France Michele Nogueira, Federal University of Parana, Brazil Guy Pujolle, University Pierre and Marie Curie, France Cryptography is the science that uses key to encrypt a message into ciphertext and decrypt the ciphertext back into plaintext. Identity-Based cryptography (IBC) uses a public key for encryption, which the key represents the identification of a user. The Chapter Six presents an introduction of symmetric-key cryptography and asymmetric-key cryptography technologies. An investigation of IBC attacks and its security vulnerabilities as well as the solutions against those vulnerabilities are also provided. Chapter 7 Audio Visual System for Large Scale People Authentication and Recognition over Internet Protocol (IP) 183 Sue Inn Ch 'ng, Nottingham University Malaysia Campus, Malaysia Kah Phooi Seng, Sunway University, Malaysia L'i-Minn Ang, Nottingham University Malaysia Campus, Malaysia Fong Tien Ong, Nottingham University Malaysia Campus, Malaysia Nottingham University Malaysia, School of Engineering, Selangor, Malaysia With respect to information technology, biometrics becomes more and more important to individual's identity and access control. Thanks to the use of more and more reliable user authentication technique, the security of information systems are therefore enhanced. In this chapter, the authors begin with an overview of audio-visual systems. Then the authors propose an audio-visual system using face and voice modality biometrics technology so that the system could handle large volume of people recognition over internet protocol. Chapter 8 Firewall 204 Biwu Yang, East Carolina University, USA Firewalls protect personal computers and infrastructure networks from malicious threats. Based upon a set of rules, firewalls examine all traffic passing through and only allow legitimate messages to pass. In this chapter, the author describes various types of firewalls, security policies on firewalls, firewall architectures, and firewall implementation considerations.

Section 3 Risk Assessment and Management Chapter 9 Risk Assessment and Real Time Vulnerability Identification in IT Environments 229 Laerte Peotta de Melo, University of Brasilia, Brazil Paulo Roberto Lira Gondim, University of Brasilia, Brazil Security risk assessment is important to the security of an organization. It is a process to ensure that the security controls for a system are fully commensurate with its risks. In this chapter, the authors raise attention to risks, attacks, threats, and vulnerabilities in a business. The main risk assessment techniques and frameworks are also discussed. Then the authors propose a pro-active framework for identifying vulnerabilities and assessing risk and demonstrate their model using a client/server approach. Chapter 10 Challenges to Managing Privacy Impact Assessment of Personally Identifiable Data 254 Cyril Onwubiko, Research Series Limited, UK With the advance of computer technology, a large amount of personal information data could be easily and quickly retrieved without permission. As a result, how to use appropriate process to protect personal information data and corresponding privacy regulations and legislations become critical. In this chapter, the author begins with a discussion of challenges to manage privacy impact assessment of personally identifiable information. Then the issues relating to privacy impact assessment of new and in-service projects are demonstrated. Finally the author provides a model showing how to conduct privacy impact assessment on both new and in-service projects. Chapter 11 Combining Security and Privacy in Requirements Engineering 273 Saeed Abu-Nimeh, Damballa Inc., USA Nancy R. Mead, Carnegie Mellon University, USA A lack of security and privacy requirements could lead to insecure software. Security and privacy requirements engineering focuses on identifying software security and privacy risks in early stages of a software development lifecycle. In this chapter, the authors propose a model that integrates the security risk assessment techniques with privacy risk assessment techniques. To make sure that both the existing security and the privacy risk assessment techniques follow the same methodology and require the same expertise, a classification scheme of risk assessment methods is applied. Also, the authors use pseudosoftware development projects to evaluate the feasibility of their proposed model.

Section 4 Strategic Planning of Information Security Chapter 12 Regulatory and Policy Compliance with Regard to Identity Theft Prevention, Detection, and Response 292 Guillermo A. Francia III, Jacksonville State University, USA Frances Shannon Hutchinson, Jacksonville State University, USA The information data of an organization must be available when needed and well protected from unauthorized inside and outside intruders. How the information data is managed and protected must be carefully planned. This chapter discusses regulatory and policy compliance in the field of information security. The authors start with the regulatory compliance, and a variety forms of legislation that has an impact on regulatory compliance are discussed. The authors then provide guidelines on the development of policies in response to identity theft. Finally, policy compliance for achieving the policy's goals and auditing to determine whether policy compliance has actually been achieved are presented. Compilation of References 323 About the Contributors 343 Index -. 348

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information