The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define ...The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define the sets of security issues, controls and organisation’s commitment for seamless integration with knowledge based platforms in order to protect critical assets and data. Such platforms are needed to evaluate and share violations which can create security loop-hole. The lack of rules-based approaches for discovering potential threats at organisation’s context, poses a challenge for many organisations in safeguarding their critical assets. To address the challenge, this paper introduces a Platform for Organisation Security Threat Analytic and Management (POSTAM) using rule-based approach. The platform enhances strategies for combating information security threats and thus improves organisations’ commitment in protecting their critical assets. R scripting language for data visualization and java-based scripts were used to develop a prototype to run on web protocol. MySQL database management system was used as back-end for data storage during threat analytic processes.展开更多
This paper introduces the PKPM-BIM construction management platform and its applications in the construction security management. The PKPM-BIM platform is an integrated management system mainly developed for the contr...This paper introduces the PKPM-BIM construction management platform and its applications in the construction security management. The PKPM-BIM platform is an integrated management system mainly developed for the contractors to implement the BIM-aided construction management. Application of BIM technology would bring many beneficial changes to the security management in construction.展开更多
In this paper, a technical and statistical analysis of security system and security management is provided for crowd energy and smart living. At the same time, a clear understanding is made for crowd energy concept an...In this paper, a technical and statistical analysis of security system and security management is provided for crowd energy and smart living. At the same time, a clear understanding is made for crowd energy concept and next generation smart living. Various case examples have been studied and a brief summary has been provided.Furthermore, a statistical analysis has been provided in terms of security management in smart living where it is found that young technocrats give the highest importance to security management in smart living. Last but not the least, current limitation, constraints, and future scope of security implementation have been discussed in terms of crowd energy clustered with next generation smart living.展开更多
The Internet of Medical Things(IoMT)is an online device that senses and transmits medical data from users to physicians within a time interval.In,recent years,IoMT has rapidly grown in the medicalfield to provide heal...The Internet of Medical Things(IoMT)is an online device that senses and transmits medical data from users to physicians within a time interval.In,recent years,IoMT has rapidly grown in the medicalfield to provide healthcare services without physical appearance.With the use of sensors,IoMT applications are used in healthcare management.In such applications,one of the most important factors is data security,given that its transmission over the network may cause obtrusion.For data security in IoMT systems,blockchain is used due to its numerous blocks for secure data storage.In this study,Blockchain-assisted secure data management framework(BSDMF)and Proof of Activity(PoA)protocol using malicious code detection algorithm is used in the proposed data security for the healthcare system.The main aim is to enhance the data security over the networks.The PoA protocol enhances high security of data from the literature review.By replacing the malicious node from the block,the PoA can provide high security for medical data in the blockchain.Comparison with existing systems shows that the proposed simulation with BSD-Malicious code detection algorithm achieves higher accuracy ratio,precision ratio,security,and efficiency and less response time for Blockchain-enabled healthcare systems.展开更多
The construction of archives in colleges and universities in China is in the process of development and improvement.With the development information technology,the informatization of college archives has been accelera...The construction of archives in colleges and universities in China is in the process of development and improvement.With the development information technology,the informatization of college archives has been accelerated.Network technology is developing rapidly in our country,and the number of network users has increased significantly.The use of network technology in university archives management can improve the management efficiency and quality of archives,but the safety factor has dropped significantly.For example,the archival system may face many problems such as virus infection,system paralysis,or cyberattacks,which affects the security of the university archives.Therefore,this paper presents an analysis of these problems in detail,and proposes corresponding solutions,so as to optimize and improve the information security management of college archives.展开更多
The long awaited cloud computing concept is a reality now due to the transformation of computer generations.However,security challenges have become the biggest obstacles for the advancement of this emerging technology...The long awaited cloud computing concept is a reality now due to the transformation of computer generations.However,security challenges have become the biggest obstacles for the advancement of this emerging technology.A well-established policy framework is defined in this paper to generate security policies which are compliant to requirements and capabilities.Moreover,a federated policy management schema is introduced based on the policy definition framework and a multi-level policy application to create and manage virtual clusters with identical or common security levels.The proposed model consists in the design of a well-established ontology according to security mechanisms,a procedure which classifies nodes with common policies into virtual clusters,a policy engine to enhance the process of mapping requests to a specific node as well as an associated cluster and matchmaker engine to eliminate inessential mapping processes.The suggested model has been evaluated according to performance and security parameters to prove the efficiency and reliability of this multilayered engine in cloud computing environments during policy definition,application and mapping procedures.展开更多
The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming m...The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming more and more obvious. Although the Internet community came up with a consensus that the future network should be trustworthy, the concept of 'trustworthy networks' and the ways leading us to a trustworthy network are not yet clear. This research insists that the security, controllability, manageability, and survivability should be basic properties of a trustworthy network. The key ideas and techniques involved in these properties are studied, and recent developments and progresses are surveyed. At the same time, the technical trends and challenges are briefly discussed. The network trustworthiness could and should be eventually achieved.展开更多
An interactive network security measure and a description of its function as well as its principle are presented. Based on the existing security loopholes and bugs in operating systems, this measure focuses on the res...An interactive network security measure and a description of its function as well as its principle are presented. Based on the existing security loopholes and bugs in operating systems, this measure focuses on the restrictive condition of security and the establishment of configuration files. Under the control and administration of the secure management of configuration files, each system module brings much flexibility, adaptability and high-level security. The security detecting and managing software used in UNIX based on this measure has obtained good results, achieving the goal of automatically detecting and handling inner and outer system-violation and system abuse.展开更多
As the scale of the power system continues to expand,the environment for power operations becomes more and more complex.Existing risk management and control methods for power operations can only set the same risk dete...As the scale of the power system continues to expand,the environment for power operations becomes more and more complex.Existing risk management and control methods for power operations can only set the same risk detection standard and conduct the risk detection for any scenario indiscriminately.Therefore,more reliable and accurate security control methods are urgently needed.In order to improve the accuracy and reliability of the operation risk management and control method,this paper proposes a method for identifying the key links in the whole process of electric power operation based on the spatiotemporal hybrid convolutional neural network.To provide early warning and control of targeted risks,first,the video stream is framed adaptively according to the pixel changes in the video stream.Then,the optimized MobileNet is used to extract the feature map of the video stream,which contains both time-series and static spatial scene information.The feature maps are combined and non-linearly mapped to realize the identification of dynamic operating scenes.Finally,training samples and test samples are produced by using the whole process image of a power company in Xinjiang as a case study,and the proposed algorithm is compared with the unimproved MobileNet.The experimental results demonstrated that the method proposed in this paper can accurately identify the type and start and end time of each operation link in the whole process of electric power operation,and has good real-time performance.The average accuracy of the algorithm can reach 87.8%,and the frame rate is 61 frames/s,which is of great significance for improving the reliability and accuracy of security control methods.展开更多
Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in ...Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.展开更多
Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global infor...Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.展开更多
The analytical and monitoring capabilities of central event re-positories, such as log servers and intrusion detection sys-tems, are limited by the amount of structured information ex-tracted from the events they rece...The analytical and monitoring capabilities of central event re-positories, such as log servers and intrusion detection sys-tems, are limited by the amount of structured information ex-tracted from the events they receive. Diverse networks and ap-plications log their events in many different formats, and this makes it difficult to identify the type of logs being received by the central repository. The way events are logged by IT systems is problematic for developers of host-based intrusion-detection systems (specifically, host-based systems), develop-ers of security-information systems, and developers of event-management systems. These problems preclude the develop-ment of more accurate, intrusive security solutions that obtain results from data included in the logs being processed. We propose a new method for dynamically normalizing events into a unified super-event that is loosely based on the Common Event Expression standard developed by Mitre Corporation. We explain how our solution can normalize seemingly unrelat-ed events into a single, unified format.展开更多
Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the tar...Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.展开更多
The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and ev...The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and evolution of companies.However,several factors have led to an increasing need for more accurate risk analysis approaches.These are:the speed at which technologies evolve,their global impact and the growing requirement for companies to collaborate.Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms.The objective of this paper is,therefore,to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process.This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs.The paper also presents a summary of MARISMA,the risk analysis and management framework designed by our research group.The basis of our framework is the main existing risk standards and proposals,and it seeks to address the weaknesses found in these proposals.MARISMA is in a process of continuous improvement,as is being applied by customers in several European and American countries.It consists of a risk data management module,a methodology for its systematic application and a tool that automates the process.展开更多
Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the tar...Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.展开更多
文摘The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define the sets of security issues, controls and organisation’s commitment for seamless integration with knowledge based platforms in order to protect critical assets and data. Such platforms are needed to evaluate and share violations which can create security loop-hole. The lack of rules-based approaches for discovering potential threats at organisation’s context, poses a challenge for many organisations in safeguarding their critical assets. To address the challenge, this paper introduces a Platform for Organisation Security Threat Analytic and Management (POSTAM) using rule-based approach. The platform enhances strategies for combating information security threats and thus improves organisations’ commitment in protecting their critical assets. R scripting language for data visualization and java-based scripts were used to develop a prototype to run on web protocol. MySQL database management system was used as back-end for data storage during threat analytic processes.
基金Supported by the Ministry of Housing and Urban-Rural Development Science and Technology Project Program of China(2016-K8-045)
文摘This paper introduces the PKPM-BIM construction management platform and its applications in the construction security management. The PKPM-BIM platform is an integrated management system mainly developed for the contractors to implement the BIM-aided construction management. Application of BIM technology would bring many beneficial changes to the security management in construction.
基金the support provided by the University of Asia Pacific and Institute for Energy, Environment, Research and Development (IEERD)
文摘In this paper, a technical and statistical analysis of security system and security management is provided for crowd energy and smart living. At the same time, a clear understanding is made for crowd energy concept and next generation smart living. Various case examples have been studied and a brief summary has been provided.Furthermore, a statistical analysis has been provided in terms of security management in smart living where it is found that young technocrats give the highest importance to security management in smart living. Last but not the least, current limitation, constraints, and future scope of security implementation have been discussed in terms of crowd energy clustered with next generation smart living.
基金Taif University Researchers Supporting Project Number(TURSP-2020/98),Taif University,Taif,Saudi Arabia.
文摘The Internet of Medical Things(IoMT)is an online device that senses and transmits medical data from users to physicians within a time interval.In,recent years,IoMT has rapidly grown in the medicalfield to provide healthcare services without physical appearance.With the use of sensors,IoMT applications are used in healthcare management.In such applications,one of the most important factors is data security,given that its transmission over the network may cause obtrusion.For data security in IoMT systems,blockchain is used due to its numerous blocks for secure data storage.In this study,Blockchain-assisted secure data management framework(BSDMF)and Proof of Activity(PoA)protocol using malicious code detection algorithm is used in the proposed data security for the healthcare system.The main aim is to enhance the data security over the networks.The PoA protocol enhances high security of data from the literature review.By replacing the malicious node from the block,the PoA can provide high security for medical data in the blockchain.Comparison with existing systems shows that the proposed simulation with BSD-Malicious code detection algorithm achieves higher accuracy ratio,precision ratio,security,and efficiency and less response time for Blockchain-enabled healthcare systems.
文摘The construction of archives in colleges and universities in China is in the process of development and improvement.With the development information technology,the informatization of college archives has been accelerated.Network technology is developing rapidly in our country,and the number of network users has increased significantly.The use of network technology in university archives management can improve the management efficiency and quality of archives,but the safety factor has dropped significantly.For example,the archival system may face many problems such as virus infection,system paralysis,or cyberattacks,which affects the security of the university archives.Therefore,this paper presents an analysis of these problems in detail,and proposes corresponding solutions,so as to optimize and improve the information security management of college archives.
文摘The long awaited cloud computing concept is a reality now due to the transformation of computer generations.However,security challenges have become the biggest obstacles for the advancement of this emerging technology.A well-established policy framework is defined in this paper to generate security policies which are compliant to requirements and capabilities.Moreover,a federated policy management schema is introduced based on the policy definition framework and a multi-level policy application to create and manage virtual clusters with identical or common security levels.The proposed model consists in the design of a well-established ontology according to security mechanisms,a procedure which classifies nodes with common policies into virtual clusters,a policy engine to enhance the process of mapping requests to a specific node as well as an associated cluster and matchmaker engine to eliminate inessential mapping processes.The suggested model has been evaluated according to performance and security parameters to prove the efficiency and reliability of this multilayered engine in cloud computing environments during policy definition,application and mapping procedures.
基金the National Key BasicResearch Program (973 Program) under Grant2007CB307104.
文摘The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming more and more obvious. Although the Internet community came up with a consensus that the future network should be trustworthy, the concept of 'trustworthy networks' and the ways leading us to a trustworthy network are not yet clear. This research insists that the security, controllability, manageability, and survivability should be basic properties of a trustworthy network. The key ideas and techniques involved in these properties are studied, and recent developments and progresses are surveyed. At the same time, the technical trends and challenges are briefly discussed. The network trustworthiness could and should be eventually achieved.
基金Supported by the China Academy of Engineering Physics Fundation (No.20020605)
文摘An interactive network security measure and a description of its function as well as its principle are presented. Based on the existing security loopholes and bugs in operating systems, this measure focuses on the restrictive condition of security and the establishment of configuration files. Under the control and administration of the secure management of configuration files, each system module brings much flexibility, adaptability and high-level security. The security detecting and managing software used in UNIX based on this measure has obtained good results, achieving the goal of automatically detecting and handling inner and outer system-violation and system abuse.
基金This paper is supported by the Science and technology projects of Yunnan Province(Grant No.202202AD080004).
文摘As the scale of the power system continues to expand,the environment for power operations becomes more and more complex.Existing risk management and control methods for power operations can only set the same risk detection standard and conduct the risk detection for any scenario indiscriminately.Therefore,more reliable and accurate security control methods are urgently needed.In order to improve the accuracy and reliability of the operation risk management and control method,this paper proposes a method for identifying the key links in the whole process of electric power operation based on the spatiotemporal hybrid convolutional neural network.To provide early warning and control of targeted risks,first,the video stream is framed adaptively according to the pixel changes in the video stream.Then,the optimized MobileNet is used to extract the feature map of the video stream,which contains both time-series and static spatial scene information.The feature maps are combined and non-linearly mapped to realize the identification of dynamic operating scenes.Finally,training samples and test samples are produced by using the whole process image of a power company in Xinjiang as a case study,and the proposed algorithm is compared with the unimproved MobileNet.The experimental results demonstrated that the method proposed in this paper can accurately identify the type and start and end time of each operation link in the whole process of electric power operation,and has good real-time performance.The average accuracy of the algorithm can reach 87.8%,and the frame rate is 61 frames/s,which is of great significance for improving the reliability and accuracy of security control methods.
基金the Science and Technology Innovation Program of Shanghai Science and Technology Commit-tee(No.19511103500)。
文摘Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.
文摘Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.
文摘The analytical and monitoring capabilities of central event re-positories, such as log servers and intrusion detection sys-tems, are limited by the amount of structured information ex-tracted from the events they receive. Diverse networks and ap-plications log their events in many different formats, and this makes it difficult to identify the type of logs being received by the central repository. The way events are logged by IT systems is problematic for developers of host-based intrusion-detection systems (specifically, host-based systems), develop-ers of security-information systems, and developers of event-management systems. These problems preclude the develop-ment of more accurate, intrusive security solutions that obtain results from data included in the logs being processed. We propose a new method for dynamically normalizing events into a unified super-event that is loosely based on the Common Event Expression standard developed by Mitre Corporation. We explain how our solution can normalize seemingly unrelat-ed events into a single, unified format.
文摘Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.
基金the AETHERUCLM(PID2020-112540RB-C42)funded by MCIN/AEI/10.13039/501100011033,SpainALBA-UCLM(TED2021-130355B-C31,id.4809130355-130355-28-521)+1 种基金ALBA-UC(TED2021-130355B-C33,id.3611130630-130630-28-521)funded by the“Ministerio de Ciencia e Innovacion”,Spainsupported by the European Union’s Horizon 2020 Project“CyberSANE”under Grant Agreement No.833683.
文摘The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and evolution of companies.However,several factors have led to an increasing need for more accurate risk analysis approaches.These are:the speed at which technologies evolve,their global impact and the growing requirement for companies to collaborate.Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms.The objective of this paper is,therefore,to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process.This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs.The paper also presents a summary of MARISMA,the risk analysis and management framework designed by our research group.The basis of our framework is the main existing risk standards and proposals,and it seeks to address the weaknesses found in these proposals.MARISMA is in a process of continuous improvement,as is being applied by customers in several European and American countries.It consists of a risk data management module,a methodology for its systematic application and a tool that automates the process.
文摘Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.