The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Integration of hospital information systems (HIS) is an important area and one the basic requirements of hospitals since it increases quality of care and at the same time reduces costs of creating, upgrading, updating and keeping up with technology and healthcare industry standards and information technology. Cloud computing with features like multitenancy, massive scalability, elasticity, pay as...
Security and privacy are two prime barriers to adoption of the cloud computing. To address this problem on Infrastructure-as-a-Service model, a trusted cloud computing platform model has been proposed to provide a closed box execution environment that guarantees confidential execution of guest virtual machines. However this model has significant drawbacks that it relies on the trusted third party...
Nowadays, several network applications require that consumer nodes acquire distributed services from unknown service providers on the Internet. The main goal of consumer nodes is the selection of the best services among the huge multitude provided by the network. As basic criteria for this choice, service cost and Quality-of-Service (QoS) can be considered, provided that the underlying Service-Oriented...
Many organizations still rely on deterrence to control insider threats and on purely preventive strategies to control outsider threats. Such a simple approach to organizational information security is no longer viable given the increasing operational sophistication of current security threat agents and the complexity of information technology infrastructure. Effective implementation of security requires...
One of the network and services management problems is security, either in preventing attacks and using computational mechanisms to protect data and systems or in administrative matters, which involves not just what needs to be protected, but also what security service levels will be delivered. This paper explores Service Level Agreements for Security or just Sec-SLAs. Is tried to provide an overview...
Grid is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations.?? The dynamic and multi-institutional nature of these environments introduces challenging security issues that demand new technical approaches. In particular, one must deal with diverse local mechanisms, support dynamic creation of services, and enable dynamic creation of trust domains...
Security Operations Center (SOC) is a unit inside or outside an organization that monitors and deals with information security incidents, on a technical level. In this paper, a trusted security incident information sharing mechanism among SOCs is proposed. The information needed to share among SOCs to prevent incident dispersions usually were just the time of occurrence, origin of attack, consequence,...
A common misconception concerning Insider Threat is that the information infrastructure is at considerable risk from technical issues. In fact, Insider Threat is a multidisciplinary concept across many different fields, including personnel security, environment security and technology security. All aspects regarding Insider Threat must be addressed in a well-structured and holistic manner, failure...
The use of enterprise architecture frameworks has become more common in the past five years within corporations as well as higher education. Only in the past two years has enterprise information security architecture been introduced as a subset of enterprise architecture aligning IT security with business strategy. This paper will review industry accepted enterprise information security architecture...
This paper focuses on agent-based enterprise information technology infrastructure support for privacy in the Web services architecture (WSA) in order to enforce privacy policies on private information (PI) used by applications. We provision the Web services platform (WSP) with mechanisms to not only enforce privacy policies on PI used by a Web service, but also gather intelligence about PI that is...
An intrusion detection system should support the operator of the system. Thus, in addition to producing alerts, it should allow for easy insertion of new detection algorithms. It should also support dynamic selection and de-selection of detection algorithms, and it should adjust its resource consumption to the current need. Such a system would allow the operator to easily extend the system when new...
The term ldquoGridrdquo refers to systems and applications that integrate and manage resources distributed across multiple control domains. The need to support the integration and interoperation of services which governed by the policies and rules of the real organizations introduces challenging security issues. This paper presents an approach which based on web services security specifications to...
We propose a systems analysis framework based on goal modelling and transactions for improved decision-making about security solution architectures - with a specific focus on layered security of physical spaces and assets. The framework assists in defining more complete security strategies as well as analyzing tradeoffs between security and other factors such as cost and privacy. Using the conceptual...
Software security testing tools and methodologies are presently abundant, and the question no longer seems to be "if to test" for security, but rather "where and when to test" and "then what?". In this paper we present a review of security testing literature, and propose a software security testing scheme that exploits an intra-organisational repository of discovered...
Due to the increasing complexity of Web systems, security testing is becoming a critical activity to guarantee the respect of such systems to their security requirements. To challenge this issue, we rely in this paper on model based active testing. We first specify the Web system behavior using IF formalism. Second, we integrate security rules -modeled in Nomad language- within this IF model using...
Honeypots have been proven to be very useful for accurately detecting attacks, including zero-day threats, at a reasonable cost and with zero false positives. However, there are two pressing problems with existing approaches. The first problem is that timely detection requires deployment of honeypots in a large fraction of the network address space, which many organizations or ISPs cannot afford....
E-business and e-government implementations are becoming more and more widespread with growing number users depending on availability, accuracy and security of such e-services. The users must be able to trust these services, otherwise they will be reluctant to embrace the new opportunities and will not be able to reap the potential benefits. In addition, the end users wish to use the e-services in...
In recent years, organizations have been shifting focus to their core business competencies, and reducing total cost of ownership (TCO) associated with training and management of their IT infrastructure. In the same motif, organizations are establishing security and survivability frameworks as an integral part of their business strategy so as to provide an acceptable quality-of-service for their clients...
Grid manages resources and services distributed across multiple control domains. Grid computing provides people the way to share large mount of distributed resources and services that belong to different local domain. It also makes security problems more complicate, such as in the grid group communication. In this paper, we analyze security requirements of grid environment, especially for the secure...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.