Quantitative Information Security Vulnerability Assessment for Norwegian Critical Infrastructure

2020 ◽  
pp. 31-43
Author(s):  
Yi-Ching Liao
Keyword(s):  
Information Security ◽  
Vulnerability Assessment ◽  
Critical Infrastructure ◽  
Quantitative Information ◽  
Security Vulnerability

scholarly journals Phát triển Framework ứng dụng AI hỗ trợ tự động khai thác lỗ hổng bảo mật

2022 ◽  
Vol 1 (13) ◽  
pp. 80-92
Author(s):  
Nguyễn Mạnh Thiên ◽  
Phạm Đăng Khoa ◽  
Nguyễn Đức Vượng ◽  
Nguyễn Việt Hùng
Keyword(s):  
Information System ◽  
Reinforcement Learning ◽  
Information Security ◽  
Vulnerability Assessment ◽  
Large Scale ◽  
Learning Technology ◽  
Security Assessment ◽  
Security Vulnerability ◽  
Different Levels

Tóm tắt—Hiện nay, nhiệm vụ đánh giá an toàn thông tin cho các hệ thống thông tin có ý nghĩa quan trọng trong đảm bảo an toàn thông tin. Đánh giá/khai thác lỗ hổng bảo mật cần được thực hiện thường xuyên và ở nhiều cấp độ khác nhau đối với các hệ thống thông tin. Tuy nhiên, nhiệm vụ này đang gặp nhiều khó khăn trong triển khai diện rộng do thiếu hụt đội ngũ chuyên gia kiểm thử chất lượng ở các cấp độ khác nhau. Trong khuôn khổ bài báo này, chúng tôi trình bày nghiên cứu phát triển Framework có khả năng tự động trinh sát thông tin và tự động lựa chọn các mã để tiến hành khai thác mục tiêu dựa trên công nghệ học tăng cường (Reinforcement Learning). Bên cạnh đó Framework còn có khả năng cập nhật nhanh các phương pháp khai thác lỗ hổng bảo mật mới, hỗ trợ tốt cho các cán bộ phụ trách hệ thống thông tin nhưng không phải là chuyên gia bảo mật có thể tự động đánh giá hệ thống của mình, nhằm giảm thiểu nguy cơ từ các cuộc tấn công mạng. Abstract—Currently, security assessment is one of the most important proplem in information security. Vulnerability assessment/exploitation should be performed regularly with different levels of complexity for each information system. However, this task is facing many difficulties in large-scale deployment due to the lack of experienced testing experts. In this paper, we proposed a Framework that can automatically gather information and automatically select suitable module to exploit the target based on reinforcement learning technology. Furthermore, our framework has intergrated many scanning tools, exploited tools that help pentesters doing their work. It also can be easily updated new vulnerabilities exploit techniques.

scholarly journals Security Vulnerability Assessment of Google Home Connection with an Internet of Things Device

Proceedings ◽  
2021 ◽  
Vol 74 (1) ◽  
pp. 1
Author(s):  
Hilal Çepik ◽  
Ömer Aydın ◽  
Gökhan Dalkılıç
Keyword(s):  
Internet Of Things ◽  
Vulnerability Assessment ◽  
Smart Home ◽  
Human Life ◽  
Computer Systems ◽  
Security Vulnerability ◽  
Network Time ◽  
Network Time Protocol ◽  
Home Systems

With virtual assistants, both changes and serious conveniences are provided in human life. For this reason, the use of virtual assistants is increasing. The virtual assistant software has started to be produced as separate devices as well as working on phones, tablets, and computer systems. Google Home is one of these devices. Google Home can work integrated with smart home systems and various Internet of Things devices. The security of these systems is an important issue. As a result of attackers taking over these systems, very serious problems may occur. It is very important to take the necessary actions to detect these problems and to take the necessary measures to prevent possible attacks. The purpose of this study is to test whether an attack that attackers can make to these systems via network time protocol will be successful or not. Accordingly, it has been tried to attack the wireless connection established between Google Home and an Internet of Things device over the network time protocol. Attack results have been shared.

The Evolving Concept of the Japanese Security Strategy

2021 ◽  
pp. 648-658
Author(s):  
Yoko Nitta
Keyword(s):  
Information Security ◽  
National Security ◽  
Critical Infrastructure ◽  
Action Plan ◽  
Global Risk ◽  
Security Strategy ◽  
Corporate Executives ◽  
Foreign State ◽  
Prime Concern ◽  
Present Information

This chapter studies how the significant cyberattacks perpetrated against the Japan Pension Services (JPS) served to heighten awareness of the significance of cyber threats among political and corporate executives. According to the Japanese cybersecurity strategy, cyberattacks constitute a global risk and remain a prime concern for the development of appropriate countermeasures. As a result, Japan has regarded the strengthening of cybersecurity as a priority and outlined this to the National Security Council in 2014. At present, information security institutions in Japan are chaperoned by the cybersecurity strategy headquarters, which aims to promote constructive and efficient cybersecurity policies. In addition, Japan has implemented its third action plan on information security for critical infrastructure and revised its cybersecurity strategy in 2015. By working in partnership with countries around the world, Japan pursues its own national security as well as the peace and stability of the international community. International cooperation and partnerships also contribute to the international campaign against cyberattacks, especially those in which foreign state actors may be implicated.

scholarly journals ON THE FORMATION OF LEGAL AND SCIENTIFIC BASES OF ENSURING THE SAFETY OF CRITICAL INFORMATION INFRASTRUCTURE OF THE RUSSIAN FEDERATION

2019 ◽  
Vol 29 (5) ◽  
pp. 644-654
Author(s):  
N.M. Kurbatov
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Critical Infrastructure ◽  
Information Infrastructure ◽  
Significant Information ◽  
Critical Information ◽  
Foreign Countries ◽  
History Of ◽  
The Russian Federation ◽  
Definition Of

The concept of critical information infrastructure is analyzed. The history of its formation and consolidation in the legal space of Russian legislation is considered. The article studies the experience of foreign countries in the field of ensuring information security in general and protecting critical infrastructure in particular. The relevance of the chosen topic is due to the course taken by the Russian Federation for the development of the information society in the country, as well as the need to protect significant information systems and resources of state authorities. The author of the article reveals the terms included in the definition of critical information infrastructure, enshrined in the legislation of the Russian Federation. In conclusion, the main problems of the considered regulatory legal acts are highlighted, recommendations are given on the further development of the information security system of critical infrastructure.

Vulnerability assessment and Disaster Prevention Adaptation Planning Strategies for Industrial Parks

2020 ◽  
Author(s):  
Jen-Te Pai ◽  
Hong-Jie Chen
Keyword(s):  
Vulnerability Assessment ◽  
Critical Infrastructure ◽  
Evaluation Framework ◽  
Disaster Prevention ◽  
Four Dimensions ◽  
Industrial Parks ◽  
Fuzzy Delphi ◽  
Planning Strategies ◽  
Social Exposure

<p>In recent years, lots of major disasters happened in the industrial parks. As a critical infrastructure, it become an urgent issue to tackle the disaster prevention and vulnerability assessment of the industrial parks. This study reviews the theory of vulnerability, regional resilience, disaster prevention system for industrial parks and related literature to establish the vulnerability assessment framework. Therefore, by utilizing the fuzzy Delphi method to screen the indicators in four dimensions such as physical, social, exposure and economic, and also the AHP expert panel to set the related weights and the correlation between their indicators. And, follow up with Dynamic ANP Process to extract the decision-making structures in 2019, and 2030. In total, 63 industrial parks were evaluated by this evaluation framework and categorized by different vulnerable types. Therefore, responding disaster adaptation strategies were proposed for different parks as a reference for government.</p>

Sign in / Sign up

Export Citation Format

Share Document