The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Threat intelligence is the provision of evidence-based knowledge about existing or potential threats. Benefits of threat intelligence include improved efficiency and effectiveness in security operations in terms of detective and preventive capabilities. Successful threat intelligence within the cyber domain demands a knowledge base of threat information and an expressive way to represent this knowledge...
Information is a valuable asset for the Governments institution, especially when the organization is carrying most important information, such as weather and natural disaster. The need for safeguards against information becomes very necessary issue for such organization. One standard that can be used to measure the maturity level of information security in an organization is the KAMI index developed...
Organizations are exposed to various cyber-attacks. When a component is exploited, the overall computed damage is impacted by the number of components the network includes. This work is focuses on estimating the Target Distribution characteristic of an attacked network. According existing security assessment models, Target Distribution is assessed by using ordinal values based on users' intuitive...
In recent years, the complexity and scale of governance, risk and compliance has grown significantly due to globalization and there is a need for institutions to consult multiple standards and frameworks to address a heterogeneous and highly regulated environment. Even with the advent of Governance Risk and Compliance (GRC) systems, there is a need to reduce redundancy and amount of work to the organization...
It is critical and foremost to come up with the corresponding security requirements first which the following implementations are based on. However, previous security requirement elicitation work based on Common Criteria (CC) rarely addresses the detailed elicitation process of threats from specific functional requirements, which thus results in the widen gap between specific functional requirements...
Software development teams apply security practices to prevent vulnerabilities in the software they ship. However, vulnerabilities can be difficult to find, and security practices take time and effort. Stakeholders can better guide software development if they have empirical data on how security practices are applied by development teams. The goal of this paper is to inform managers and developers...
Cloud computing has been evolving over a couple of years with the increased use of cloud-based services like Amazon Web Services (AWS), Dropbox, Office 365, and so on. It revolves around the several technologies, for developing and supporting these services. With the evolution of new technologies, it leads to widespread use of cloud-based applications in real time. Processing powers are increased...
Emerging healthcare systems are expected to leverage new Internet of Things (IoT) trends to enable preventive and personalized medicine. However, the success of such systems is entirely dependent on the ability to preserve patient privacy. This paper proposes a decentralized ontology based system architecture that caters to a healthcare organization's privacy needs as well as its enterprise security...
Cloud computing is an emerging economic modelthat provides a broad network access to services with manybenefits to many tenants at the same time. Although it createsa large potential to develop new online services the evolution ofcloud computing has been accompanied by the proliferation ofvarious attacks against the services on the cloud infrastructures. The importance of risk management in cloud...
To maintain acceptable levels of security, organizations must manage their IT assets and related vulnerabilities. However, this can be a considerable burden because their resources are often limited. We have been working on a technique and system architecture that monitor the vulnerability of the IT assets on an organization's administrative networks. It uses identifiers of IT assets to locate vulnerability...
GNU Health and OpenEMR are two open source tools used for managing a healthcare facility. SELinux is a Linux kernel security module that provides Mandatory Access Control which can be applied to Linux projects in the healthcare domain. As attacks on IT infrastructure in the now more closely resemble those in the business and government space, it makes sense for the defensive measures to more closely...
There is no widely-accepted lexicon or standard set of rules for auditing static analysis alerts in the software engineering community. Auditing rules and a lexicon should guide different auditors to make the same determination for an alert. Standard terms and processes are necessary so that initial determinations are correctly interpreted, which helps organizations reduce code flaws. They are also...
The Information System Security Risk management (ISSRM) in organizations is ultimate for business success. ISSRM protects information availability, integrity, and privacy. However, this latter remains a difficult area to establish and maintain, especially in the environment of today's organizations where operations are conducted in a complex and interconnected context. The aim of this paper is to...
In the last decade, companies have become tend virtualized thanks to the use of outsourcing, the workforce has become more distributed, workplaces are increasingly distributed and outsourced and increasingly digital employees, with the philosophy of work anytime and anywhere. This development has, and has had a very big impact on mobile platforms and infrastructure, on the one hand, the adoption of...
In the Medical world, one of the new goals is to pay attention to the patient safety. The surveillance of medical devices is called Technovigilance. Several laws exist in the world to apply those rules in hospitals, institutions or industry. The objective is to prevent the recurrence of adverse incidents and risks of serious incidents involving medical devices and to take preventive and corrective...
Cloud computing is an emerging trend that provides on-demand computational resources to the end users as services. Hence, consumers are charged based on their usage and consumption of services delivered through the Internet. This paradigm aims at outsourcing and delegating computations to an external third-party and reducing operating costs. As a result, public sector and private enterprises are interested...
Organizations are now in an era of scale, where the volumes of data gathered, processed and stored is breaking down every architectural construct in the storage industry. This have seen organizations improve their analytics processes such as acquiring and using big data analytics tools as well as increasing their bandwidth and storage devices in order to boost their operational efficiency with little...
In this short paper we present a socio-technical framework for integrating a security risk escalation maturity model into a security information and event management system. The objective of the framework is to develop the foundations for the next generation socio-technical security information and event management systems (ST-SIEMs) enabling socio-technical security operations centers (ST-SOCs)....
Due to increased use of smartphones in enterprise setup several security threats have also been penetrated in it. Threats and risks become increased, especially when these smartphones get connected to enterprise network via GSM, GPRS, Bluetooth or Wi-Fi. Security researchers are also working on offering best security solutions against these threats and attacks. This area is less explored yet; that...
Organizations' dependency on information technology (IT) resources raises concerns over IT confidentiality, integrity, and availability. IT security standards (ITSS) which play a key role in IT security governance, are meant to address those concerns. It is then important for researchers, managers, and policymakers to understand the reasons for the low levels of ITSS diffusion in organizations. Building...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.