The construction of archives in colleges and universities in China is in the process of development and improvement.With the development information technology,the informatization of college archives has been accelera...The construction of archives in colleges and universities in China is in the process of development and improvement.With the development information technology,the informatization of college archives has been accelerated.Network technology is developing rapidly in our country,and the number of network users has increased significantly.The use of network technology in university archives management can improve the management efficiency and quality of archives,but the safety factor has dropped significantly.For example,the archival system may face many problems such as virus infection,system paralysis,or cyberattacks,which affects the security of the university archives.Therefore,this paper presents an analysis of these problems in detail,and proposes corresponding solutions,so as to optimize and improve the information security management of college archives.展开更多
Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in ...Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.展开更多
Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global infor...Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.展开更多
The analytical and monitoring capabilities of central event re-positories, such as log servers and intrusion detection sys-tems, are limited by the amount of structured information ex-tracted from the events they rece...The analytical and monitoring capabilities of central event re-positories, such as log servers and intrusion detection sys-tems, are limited by the amount of structured information ex-tracted from the events they receive. Diverse networks and ap-plications log their events in many different formats, and this makes it difficult to identify the type of logs being received by the central repository. The way events are logged by IT systems is problematic for developers of host-based intrusion-detection systems (specifically, host-based systems), develop-ers of security-information systems, and developers of event-management systems. These problems preclude the develop-ment of more accurate, intrusive security solutions that obtain results from data included in the logs being processed. We propose a new method for dynamically normalizing events into a unified super-event that is loosely based on the Common Event Expression standard developed by Mitre Corporation. We explain how our solution can normalize seemingly unrelat-ed events into a single, unified format.展开更多
Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the tar...Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.展开更多
Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the tar...Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.展开更多
The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and ev...The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and evolution of companies.However,several factors have led to an increasing need for more accurate risk analysis approaches.These are:the speed at which technologies evolve,their global impact and the growing requirement for companies to collaborate.Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms.The objective of this paper is,therefore,to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process.This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs.The paper also presents a summary of MARISMA,the risk analysis and management framework designed by our research group.The basis of our framework is the main existing risk standards and proposals,and it seeks to address the weaknesses found in these proposals.MARISMA is in a process of continuous improvement,as is being applied by customers in several European and American countries.It consists of a risk data management module,a methodology for its systematic application and a tool that automates the process.展开更多
文摘The construction of archives in colleges and universities in China is in the process of development and improvement.With the development information technology,the informatization of college archives has been accelerated.Network technology is developing rapidly in our country,and the number of network users has increased significantly.The use of network technology in university archives management can improve the management efficiency and quality of archives,but the safety factor has dropped significantly.For example,the archival system may face many problems such as virus infection,system paralysis,or cyberattacks,which affects the security of the university archives.Therefore,this paper presents an analysis of these problems in detail,and proposes corresponding solutions,so as to optimize and improve the information security management of college archives.
基金the Science and Technology Innovation Program of Shanghai Science and Technology Commit-tee(No.19511103500)。
文摘Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.
文摘Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.
文摘The analytical and monitoring capabilities of central event re-positories, such as log servers and intrusion detection sys-tems, are limited by the amount of structured information ex-tracted from the events they receive. Diverse networks and ap-plications log their events in many different formats, and this makes it difficult to identify the type of logs being received by the central repository. The way events are logged by IT systems is problematic for developers of host-based intrusion-detection systems (specifically, host-based systems), develop-ers of security-information systems, and developers of event-management systems. These problems preclude the develop-ment of more accurate, intrusive security solutions that obtain results from data included in the logs being processed. We propose a new method for dynamically normalizing events into a unified super-event that is loosely based on the Common Event Expression standard developed by Mitre Corporation. We explain how our solution can normalize seemingly unrelat-ed events into a single, unified format.
文摘Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.
文摘Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.
基金the AETHERUCLM(PID2020-112540RB-C42)funded by MCIN/AEI/10.13039/501100011033,SpainALBA-UCLM(TED2021-130355B-C31,id.4809130355-130355-28-521)+1 种基金ALBA-UC(TED2021-130355B-C33,id.3611130630-130630-28-521)funded by the“Ministerio de Ciencia e Innovacion”,Spainsupported by the European Union’s Horizon 2020 Project“CyberSANE”under Grant Agreement No.833683.
文摘The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and evolution of companies.However,several factors have led to an increasing need for more accurate risk analysis approaches.These are:the speed at which technologies evolve,their global impact and the growing requirement for companies to collaborate.Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms.The objective of this paper is,therefore,to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process.This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs.The paper also presents a summary of MARISMA,the risk analysis and management framework designed by our research group.The basis of our framework is the main existing risk standards and proposals,and it seeks to address the weaknesses found in these proposals.MARISMA is in a process of continuous improvement,as is being applied by customers in several European and American countries.It consists of a risk data management module,a methodology for its systematic application and a tool that automates the process.
