The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Nowadays the importance of the term DevOps (Developer Operations) has increased around the world, and Mexico is not the exception. This paper describes the implementation of information security and risk management best practices in a DevOps approach established in a Data Center of a large government organization of Mexico. The DevOps approach with security and risk management practices was named...
This article discusses the assessment of the impact of the modern risk-based standards for ensuring the safety and security of Complex Industrial Facilities (CIF) of various industries. The focus pointed on the implementation the management systems based on PDCA cycle of safety process for CIF of fuel and energy complexes, including IT-Security. Furthermore, it is shown that the relevant applicability...
In order to develop efficient and effective framework for managing any conflict between security and privacy Non-Functional requirements and to reduce risk impact in software system, the goals set by the stakeholders need to be ascertained, and then the modeling language, tools, implementation and validation procedures need to be altered accordingly. Overall, this research is aimed for constructing...
Numerous methods for information security risk assessment (ISRA) are available, yet there is little guidance on how to choose one. Through a comprehensive risk identification, estimation, and evaluation framework, the author evaluates the practical application of three ISRA methods in terms of tasks required, user experience, and results.
Cloud computing is an emerging economic modelthat provides a broad network access to services with manybenefits to many tenants at the same time. Although it createsa large potential to develop new online services the evolution ofcloud computing has been accompanied by the proliferation ofvarious attacks against the services on the cloud infrastructures. The importance of risk management in cloud...
The Information System Security Risk management (ISSRM) in organizations is ultimate for business success. ISSRM protects information availability, integrity, and privacy. However, this latter remains a difficult area to establish and maintain, especially in the environment of today's organizations where operations are conducted in a complex and interconnected context. The aim of this paper is to...
Cloud computing is a new terminology that was added to IT jargon in early 2007. Thus it becomes an emerging computing paradigm which offers a lot of advantages such as economy scale, flexibility and convenience. But it raises major issues about security. In present paper, we focus on risk assessment by using an intelligent software agent to develop an immune system of cloud.
In this short paper we present a socio-technical framework for integrating a security risk escalation maturity model into a security information and event management system. The objective of the framework is to develop the foundations for the next generation socio-technical security information and event management systems (ST-SIEMs) enabling socio-technical security operations centers (ST-SOCs)....
In the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes. By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff.
A system-of-systems (SoS) is inherently open in configuration and evolutionary in lifecycle. For the next generation of cooperative cyber-physical system-of-systems, safety and security constitute two key issues of public concern that affect the deployment and acceptance. In engineering, the openness and evolutionary nature also entail radical paradigm shifts. This paper presents one novel approach...
Several methods have been suggested to address the identification of security requirements for information systems (IS) from risk analysis or not. To the best of our knowledge, there is no methodology that enables the derivation in a formal way of security requirements starting from risk analysis. The aim of this paper is to provide a guiding method allowing us to determine security requirements based...
Several catalogues of security threats and controls have been proposed to help organizations in identifying critical risks and improve their risk posture against real world threats. But the role that these catalogues play in a security risk assessment has not yet been investigated. In this paper we report an experiment with 18 MSc students conducted to compare the effect of using domain-specific and...
A structured environment of IT risk management can influence an improving the flexibility and adaptability of business processes and information technology, including information systems in a secure manner. As with all other technologies, the adoption of SOA involves risk. These risks often manifest themselves during an implementation of the SOA solution and arise mainly due to insufficient detail...
Although emerging organizational knowledge systems, such as social media, are widely researched, related knowledge security risks have received less attention. Traditional information security management models tend to concentrate on the technological viewpoint to secure existing information assets. However, the use of contemporary approaches for knowledge creation and sharing offer new important...
In this paper we propose an approach for enhanced data protection in the cloud, based upon accountability governance. Specifically, the relationships between accountability, risk and trust are analyzed in order to suggest characteristics and means to address data governance issues involved when organizations or individuals adopt cloud computing. This analysis takes into account insights from a variety...
This contented analysis examines the Large Information Security Engineering domain, existing Risk Management Framework (RMF) processes, and specific Security Risk Analysis (SRA) approaches as it pertains to the Information Assurance (IA), and security of Critical informative Systems (CIS), sustaining missions of ranging criticality categories processing, transmitting, and management information of...
Knowledge management focuses on capturing and sharing knowledge. Because of this, KM researchers tend to focus on issues related to knowledge capture, storage, and sharing. However, because knowledge is valuable, it is a target needing to be protected. This paper posits that KM researchers and practitioners also need to think security and explores how important security skills are to KM practitioners...
This paper presents a work in progress simulation and a novel model for estimating the impact of cyber attacks. Previous methods so far, have taken the old - fashioned "intuition" approach - a qualitative or quantitative risk based analysis on the business level. More recent technical approaches involve simulations on networks of systems and sensor input from 3rd party detection tools of...
Risk management intertwines with information exchange in any collaborative venture. We consider four aspects of risk management (standard, compliance, security and disaster/catastrophe) with very different types of handlers, and often with different teams being responsible. Comprehensive assurance requires satisfaction of the criteria for each aspect, but each has its own perspective and knowledge...
This paper investigates the complications of designing effective governance for IT risk management (IT-RM). Literature on formal governance suggests that either a coercive (i.e., to force employees' effort and compliance) or an enabling (i.e., to help employees better to master their tasks) design of procedures help to avoid what literature calls 'mock bureaucracy' (i.e., rules are promulgated for...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.