Cross-Domain Security Asset Management for Healthcare

Cyber-Physical Security for Critical Infrastructures Protection - Lecture Notes in Computer Science ◽

10.1007/978-3-030-69781-5_10 ◽

2021 ◽

pp. 139-154

Author(s):

Federico Stirano ◽

Francesco Lubrano ◽

Giacomo Vitali ◽

Fabrizio Bertone ◽

Giuseppe Varavallo ◽

...

Keyword(s):

Asset Management ◽

National Health System ◽

Cyber Attacks ◽

Critical Infrastructures ◽

Security Systems ◽

Cross Domain ◽

It Systems ◽

Attack Scenario ◽

The Status ◽

Advanced Knowledge

AbstractHealthcare is one of the most peculiar between all Critical Infrastructures due to its context and role in the society. The characteristics of openness and pervasive usage of IT systems and connected devices make it particularly exposed to both physical threats, such as theft and unauthorized access to restricted areas, and cyber attacks, like the notorious wannacry ransomware that abruptly disrupted the British National Health System in May 2017. Even the recent COVID-19 pandemic period has been negatively characterized by an increase of both physical and cyber incidents that specifically targeted hospitals and undermined an essential public service like healthcare. Effective security solutions are necessary in order to protect and enhance the resiliency of the Critical Infrastructures. This paper presents the work being developed in the context of the SAFECARE H2020 project, that specifically considers the requirements for security of hospitals. A particular focus is given to the asset management that consider cross-domain aspects of security, like the physical location and virtual connections that link different components of a hospital. This allows advanced knowledge that enables to infer and forewarn of possible elaborated cyber-physical kill chains. This is particularly important and useful during crisis, as allows to have a holistic overview of the status of the hospital and the potential impacts of one or more incidents to the critical assets. The description and simulation of an attack scenario is also given, together with the description of the messages exchanged by the security systems and the information made available to security operators.

Download Full-text

Security Framework for Supply-Chain Management

Handbook of Research on Interdisciplinary Approaches to Decision Making for Sustainable Supply Chains - Advances in Logistics, Operations, and Management Science ◽

10.4018/978-1-5225-9570-0.ch025 ◽

2020 ◽

pp. 533-555

Author(s):

Kathick Raj Elangovan

Keyword(s):

Supply Chain ◽

Supply Chain Management ◽

Asset Management ◽

Cyber Attacks ◽

Security Framework ◽

Chain Management ◽

It Systems ◽

Secure Environment ◽

Security Operations ◽

Chain Organization

In recent times, cyber-attacks have been a significant problem in any organization. It can damage the brand name if confidential data is compromised. A robust cybersecurity framework should be an essential aspect of any organization. This chapter talks about the security framework for cyber threats in supply chain management and discusses in detail the implementation of a secure environment through various controls. Today, a systematic method is used for handling sensitive information in an organization. It includes processes, people, and IT systems by implementing a risk management method. Distinct controls dedicated to different levels of domains, namely human resources, access control, asset management, cryptography, physical security, operations security, supplier relations, acquisition, incident management, and security governance are provided. Companies, contractors, and any others who are part of the supply chain organization must follow this security framework to defend from any cyber-attacks.

Download Full-text

Security Framework for Supply-Chain Management

10.4018/978-1-6684-3698-1.ch027 ◽

2022 ◽

pp. 587-610

Author(s):

Kathick Raj Elangovan

Keyword(s):

Supply Chain ◽

Supply Chain Management ◽

Asset Management ◽

Cyber Attacks ◽

Security Framework ◽

Chain Management ◽

It Systems ◽

Secure Environment ◽

Security Operations ◽

Chain Organization

Download Full-text

Reinforcing the cyber resilience of a credit institution in Industry 4.0

National Interests Priorities and Security ◽

10.24891/ni.16.6.998 ◽

2020 ◽

Vol 16 (6) ◽

pp. 998-1012

Author(s):

G.V. Fedotova ◽

D.D. Tkachenko

Keyword(s):

Content Analysis ◽

Public Administration ◽

Data Security ◽

Industry 4.0 ◽

Credit Institution ◽

Security Systems ◽

Banking Systems ◽

It Systems ◽

Smart Technologies ◽

Banking Development

Subject. The article discusses the modeling of preventive protection of IT systems and evaluates their cyber resilience. Objectives. The study evaluates the existing threats and determines how informatization processes may unfold in the credit segment. Methods. Research is based on methods of regulatory and legislative analysis. We evaluate today’s public administration of cybersecurity in the financial and credit sector. To give a view of the existing situation and sum up the sector’s performance for the recent years, we performed the content analysis of statistics on data hacking and leakages. Results. The article highlights new trends in the financial and credit sector and the growing complexity of data security systems. As proposed by the Bank of Russia, the integration of smart technologies is showed to reinforce the cybersecurity of banking systems. Conclusions and Relevance. The informatization of all banking operation systems, growing complexity of procedures and work logs require new robust resources to be integrated into financial technologies. Stronger cybersecurity should lay a trend in the financial and credit sector in the nearest future. The findings can be used to flag strategic milestones of the banking development in the information-driven society.

Download Full-text

Network Attack Path Selection and Evaluation Based on Q-Learning

Applied Sciences ◽

10.3390/app11010285 ◽

2020 ◽

Vol 11 (1) ◽

pp. 285

Author(s):

Runze Wu ◽

Jinxin Gong ◽

Weiyue Tong ◽

Bing Fan

Keyword(s):

Distribution System ◽

Path Selection ◽

Cyber Attacks ◽

Power Distribution System ◽

Q Learning ◽

Attack Model ◽

Cross Domain ◽

Time Operation ◽

Attack Path ◽

The Impact

As the coupling relationship between information systems and physical power grids is getting closer, various types of cyber attacks have increased the operational risks of a power cyber-physical System (CPS). In order to effectively evaluate this risk, this paper proposed a method of cross-domain propagation analysis of a power CPS risk based on reinforcement learning. First, the Fuzzy Petri Net (FPN) was used to establish an attack model, and Q-Learning was improved through FPN. The attack gain was defined from the attacker’s point of view to obtain the best attack path. On this basis, a quantitative indicator of information-physical cross-domain spreading risk was put forward to analyze the impact of cyber attacks on the real-time operation of the power grid. Finally, the simulation based on Institute of Electrical and Electronics Engineers (IEEE) 14 power distribution system verifies the effectiveness of the proposed risk assessment method.

Download Full-text

Cross-Domain Deep Face Matching for Real Banking Security Systems

2020 Seventh International Conference on eDemocracy & eGovernment (ICEDEG) ◽

10.1109/icedeg48599.2020.9096783 ◽

2020 ◽

Author(s):

Johnatan S. Oliveira ◽

Gustavo B. Souza ◽

Anderson R. Rocha ◽

Flavio E. Deus ◽

Aparecido N. Marana

Keyword(s):

Security Systems ◽

Cross Domain ◽

Face Matching

Download Full-text

A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures

International Journal of Critical Infrastructure Protection ◽

10.1016/j.ijcip.2015.04.001 ◽

2015 ◽

Vol 10 ◽

pp. 3-17 ◽

Cited By ~ 51

Author(s):

Béla Genge ◽

István Kiss ◽

Piroska Haller

Keyword(s):

System Dynamics ◽

Cyber Attacks ◽

Critical Infrastructures ◽

The Impact

Download Full-text

Public Accountability System: Empirical Assessment of Public Sector of Malaysia

10.31235/osf.io/x5dtf ◽

2019 ◽

Author(s):

Jamaliah Said ◽

Md. Mahmudul Alam ◽

Mohamad Azizal bin Abd Aziz

Keyword(s):

Public Sector ◽

Asset Management ◽

Assessment System ◽

Primary Data ◽

The Public ◽

System P ◽

Final Sample ◽

The Status ◽

Auditor General ◽

Strongly Agree

As the recent Auditor General‟s report discovered some corruptions, weakness, and lack of control in asset management in the public sector of Malaysia, this study is an attempt to assess the status of current practices of accountability in public sector of Malaysia. This study collected primary data based on a set of questionnaire survey that was distributed by email using the Google Doc application among the head of department of 682 departments and agencies under 24 federal ministries including the Prime Minister Department in Malaysia. Finally, based on the email responses, the final sample of the study is 109 respondents. The data were collected based on the opinion about ten factors of accountability practices in the department or agency by using seven-point Likert scale ranging from 1 (strongly disagree) to 7 (strongly agree). The data are analysed under descriptive statistics and factor analysis. Further, the reliability of the data is tested by using Cronbach alpha test, and the validity of data is tested by checking the normality of data through Shapiro Wilk test and graphically. Overall, 87.3% of the respondents mentioned that overall they practice accountability in their department. However, the priority of these ten factors of accountability differs among the services schemes. The accountability in the administrative & diplomatic, education, and medical & health is below the overall average accountability. The accountability in the financial and information system schemes is also not strong enough. Therefore the public sector in Malaysia needs to be transformed into becoming a reliable and efficient sector by ensuring proper accountability and its proper assessment system.

Download Full-text

A review: towards practical attack taxonomy for industrial control systems

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.14.12815 ◽

2018 ◽

Vol 7 (2.14) ◽

pp. 145 ◽

Cited By ~ 1

Author(s):

Qais Saif Qassim ◽

Norziana Jamil ◽

Razali Jidin ◽

Mohd Ezanee Rusli ◽

Md Nabil Ahmad Zawawi ◽

...

Keyword(s):

Control Systems ◽

Supervisory Control ◽

Cyber Attacks ◽

Critical Infrastructures ◽

Cyber Attack ◽

Industrial Control ◽

Industrial Control Systems ◽

Scada System ◽

Water Transportation ◽

Different Types

Supervisory Control and Data Acquisition (SCADA) system is the underlying control system of most national critical infrastructures such as power, energy, water, transportation and telecommunication. In order to understand the potential threats to these infrastructures and the mechanisms to protect them, different types of cyber-attacks applicable to these infrastructures need to be identified. Therefore, there is a significant need to have a comprehensive understanding of various types of cyber-attacks and its classification associated with both Opera-tion Technology (OT) and Information Technology (IT). This paper presents a comprehensive review of existing cyber-attack taxonomies available in the literature and evaluates these taxonomies based on defined criteria.

Download Full-text

The Challenge of Cyber Attacks in the “Information Age” and the Jus Ad Bellum

Journal of University of Human Development ◽

10.21928/juhd.v5n2y2019.pp79-89 ◽

2019 ◽

Vol 5 (2) ◽

pp. 79

Author(s):

Pshtiwan Mohammed Qader

Keyword(s):

International Law ◽

Use Of Force ◽

Information Age ◽

Cyber Attacks ◽

Armed Force ◽

Critical Infrastructures ◽

Cyber Attack ◽

Armed Attack ◽

Self Defense ◽

The Right

The present paper examines the problem of cyber-attacks under existing international law. It takes the view that the (United Nations) UN Charter provisions on the use of force can be extended to cyber-attacks by means of interpretation although the relevant provisions do not explicitly address such issue. This Article argues that cyber-attacks resulting in material damage or destruction to property, death or injury to persons, or severe disruption of the functioning of critical infrastructures can be characterized as use of armed force and therefore violate the prohibition contained in article 2(4) of the Charter. However, cyber-attacks not resulting in the above consequences may be illegal intervention in the internal affairs of other states if such attacks are coercive in nature. In addition, the current study discusses that a cyber-attack which amounts to a use of armed force per se is not sufficient to give the victim state the right to self-defense, unless its scale and effects are equivalent to those of a conventional armed attack. Finally, the study concludes that an international cyber treaty is truly necessary to more effectively address cyber-attacks.

Download Full-text

Economic Impact of Cyber Attacks on Critical Infrastructures

Advances in Digital Crime, Forensics, and Cyber Terrorism - Applying Methods of Scientific Inquiry Into Intelligence, Security, and Counterterrorism ◽

10.4018/978-1-5225-8976-1.ch012 ◽

2019 ◽

pp. 291-314

Author(s):

Merve Şener

Keyword(s):

Economic Impact ◽

Critical Infrastructure ◽

Cyber Attacks ◽

Economic Losses ◽

Critical Infrastructures ◽

Cyber Attack ◽

Network Systems ◽

Financial Losses

Critical infrastructures ensure that activities that are vital and important for individuals can be safely delivered to the society uninterruptedly. The damage on these critical infrastructures caused by cyber-attacks whose control is carried out through computers and network systems is very large. Cyber-attacks directly or indirectly affect companies, institutions, and organizations economically and cause great financial losses. In this chapter, two different categories, energy and finance sector, which are described as critical infrastructure, are discussed; cyber-attacks carried out on these sectors, cyber-attack weapons, and economic losses caused by these attacks are examined.

Download Full-text