Security Assessment Process of IT-components for Cloud Infrastructure

2020 ◽  
Author(s):  
Ilya I. Livshitz ◽  
Pawel A. Lontsikh ◽  
Elena Y. Golovina ◽  
Egor P. Kunakov ◽  
Valentina V. Kozhukhova
Keyword(s):  
Assessment Process ◽  
Security Assessment ◽  
Cloud Infrastructure

Practical Web Application Security Audit Following Industry Standards and Compliance

2011 ◽  
pp. 259-279
Author(s):  
Shakeel Ali
Keyword(s):  
Web Application ◽  
Assessment Process ◽  
Security Assessment ◽  
Web Application Security ◽  
Application Security ◽  
Security Issues ◽  
Pci Dss ◽  
Industry Standards ◽  
Before And After ◽  
Security Standards

A rapidly changing face of internet threat landscape has posed remarkable challenges for security professionals to thwart their IT infrastructure by applying advanced defensive techniques, policies, and procedures. Today, nearly 80% of total applications are web-based and externally accessible depending on the organization policies. In many cases, number of security issues discovered not only depends on the system configuration but also the application space. Rationalizing security functions into the application is a common practice but assessing their level of resiliency requires structured and systematic approach to test the application against all possible threats before and after deployment. The application security assessment process and tools presented here are mainly focused and mapped with industry standards and compliance including PCI-DSS, ISO27001, GLBA, FISMA, SOX, and HIPAA, in order to assist the regulatory requirements. Additionally, to retain a defensive architecture, web application firewalls have been discussed and a map between well-established application security standards (WASC, SANS, OWASP) is prepared to represent a broad view of threat classification.

scholarly journals Security Assessment of Agriculture IoT (AIoT) Applications

2021 ◽  
Vol 11 (13) ◽  
pp. 5841
Author(s):  
Erwin Kristen ◽  
Reinhard Kloibhofer ◽  
Vicente Hernández Díaz ◽  
Pedro Castillejo
Keyword(s):  
Control Systems ◽  
Communication Networks ◽  
Working Environment ◽  
Assessment Process ◽  
Security Assessment ◽  
Industrial Control Systems ◽  
Digital World ◽  
Important Field ◽  
Automation Control ◽  
Iec 62443

Cybersecurity is an important field in our digital world. It protects computer systems and communication networks against theft or sabotage of information to guarantee trouble-free operation in a trustworthy working environment. This article gives an overview of a cybersecurity assessment process and an appropriate Cybersecurity Management (CSM) implementation for future digital agriculture applications. The cybersecurity assessment follows the IEC 62443 cybersecurity standard for Industrial Automation Control Systems (IACS), adapted to Agriculture Automation Control Systems (AACS). However, the research results showed application differences; thus, an expansion of the standard is necessary to fill the existing open security gaps in agriculture. Agriculture differs from industrial control systems because of the outdoor located field area, which requires other forms of security. An appropriate cybersecurity standard for the agriculture domain is not currently available. However, such a standard will be necessary to define generally applicable procedures to protect agricultural assets against cyberattacks. The cybersecurity standards and regulations existing today (2021) are not sufficient for securing the agriculture domain against new and domain-specific cyberattacks. This article describes some of the cyber vulnerabilities identified and provides initial recommendations for addressing them.

Maritime Cyber Risk Management: An Experimental Ship Assessment

2019 ◽  
Vol 72 (5) ◽  
pp. 1108-1120 ◽  
Author(s):  
Boris Svilicic ◽  
Junzo Kamahara ◽  
Matthew Rooks ◽  
Yoshiji Yano
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Software Tool ◽  
Assessment Process ◽  
Security Level ◽  
Security Assessment ◽  
Critical Systems ◽  
Electronic Chart ◽  
Experimental Process ◽  
Cyber Risk

The maritime transport industry is increasingly reliant on computing and communication technologies, and the need for cyber risk management of critical systems and assets on vessels is becoming critically important. In this paper, a comprehensive cyber risk assessment of a ship is presented. An experimental process consisting of assessment preparation activities, assessment conduct and results communication has been developed. The assessment conduct relies on a survey developed and performed by interviewing a ship's crew. Computational vulnerability scanning of the ship's Electronic Chart Display and Information System (ECDIS) is introduced as a specific part of this cyber security assessment. The assessment process presented has been experimentally tested by evaluating the cyber security level of Kobe University's training ship Fukae-maru. For computational vulnerability scanning, an industry-leading software tool has been used, and a quantitative cyber risk analysis has been conducted to evaluate cyber risks on the ship.

scholarly journals Assuring the Optimum Security Level for Network, Physical and Cloud Infrastructure

2021 ◽  
Author(s):  
Ali Atieh
Keyword(s):  
Electromagnetic Interference ◽  
Cloud Security ◽  
Cyber Attacks ◽  
Security Level ◽  
Optimum Level ◽  
Security Assessment ◽  
It Infrastructure ◽  
Cloud Infrastructure ◽  
Network Infrastructure ◽  
Physical Infrastructure

A robust and secure IT infrastructure ensures reliable security, high speeds and connectivity, employee support and accessibility, and a positive user experience for clients. It is hard to manage a modern firm without a secure and adaptable IT infrastructure. Technology, when properly set up and networked, can improve back-office processes, increase efficiency, and simplify communication. This research explores how an organization assure the optimum level of infrastructure security in in three domains: network infrastructure security, physical infrastructure security, and cloud infrastructure security. Running a network infrastructure model comes with a variety of difficulties. The findings suggest that there are few recommendations for assuring right security level for the network infrastructure, including: conducting a network security assessment, keeping user access privileges to a bare minimum for work, updating programs, investigating cybersecurity tools and Increasing cyber-awareness. Physical infrastructure security is also crucial. We divided he dangers are divided into the following categories and suggested for appropriated measure: threats by environment, threats by technical infrastructure, threats by humans, inappropriate humidity and temperature, Electrification, Electromagnetic Interference (EMI), Unauthorized physical access. Cloud security is necessitated by the widespread adoption of cloud technology, as well as an ever-increasing volume and sophistication of cyber attacks. To ensure the right level of cloud security, this research recommend to take some measures, including: Transit and Rest Protection, Asset Security. Securing User Management, Integration of compliance and security, Authentication and Identity, and Operational Safety and Security While no amount of security will ever stop all attacks, organizations can significantly minimize risk of suffering a breach and the fallout from such attacks by taking a few critical steps to secure business’ network, physical and cloud infrastructure.

scholarly journals Assuring the Optimum Security Level for Network, Physical and Cloud Infrastructure

2021 ◽  
Author(s):  
Ali T. Atieh
Keyword(s):  
Electromagnetic Interference ◽  
Cloud Security ◽  
Cyber Attacks ◽  
Security Level ◽  
Optimum Level ◽  
Security Assessment ◽  
It Infrastructure ◽  
Cloud Infrastructure ◽  
Network Infrastructure ◽  
Employee Support

A robust and secure IT infrastructure ensures reliable security, high speeds and connectivity,employee support and accessibility, and a positive user experience for clients. It is hard to managea modern firm without a secure and adaptable IT infrastructure. Technology, when properly setup and networked, can improve back-office processes, increase efficiency, and simplifycommunication. This research explores how an organization assure the optimum level ofinfrastructure security in in three domains: network infrastructure security, physical infrastructuresecurity, and cloud infrastructure security. Running a network infrastructure model comes with avariety of difficulties. The findings suggest that there are few recommendations for assuring rightsecurity level for the network infrastructure, including: conducting a network security assessment,keeping user access privileges to a bare minimum for work, updating programs, investigatingcybersecurity tools and Increasing cyber-awareness. Physical infrastructure security is also crucial.We divided he dangers are divided into the following categories and suggested for appropriatedmeasure: threats by environment, threats by technical infrastructure, threats by humans,inappropriate humidity and temperature, Electrification, Electromagnetic Interference (EMI),Unauthorized physical access. Cloud security is necessitated by the widespread adoption of cloudtechnology, as well as an ever-increasing volume and sophistication of cyber attacks. To ensurethe right level of cloud security, this research recommend to take some measures, including: Transitand Rest Protection, Asset Security. Securing User Management, Integration of compliance andsecurity, Authentication and Identity, and Operational Safety and Security While no amount ofsecurity will ever stop all attacks, organizations can significantly minimize risk of suffering a breachand the fallout from such attacks by taking a few critical steps to secure business’ network, physicaland cloud infrastructure.

scholarly journals Reinforcing SLA Consensus on Blockchain

Computers ◽  
2021 ◽  
Vol 10 (12) ◽  
pp. 159
Author(s):  
Nikolaos Kapsoulis ◽  
Alexandros Psychas ◽  
Antonios Litke ◽  
Theodora Varvarigou
Keyword(s):  
Performance Indicators ◽  
Service Level ◽  
Assessment Process ◽  
Public Cloud ◽  
Cloud Infrastructure ◽  
Consensus Approach ◽  
Self Assessment ◽  
The Public ◽  
Area Of Interest ◽  
Permissioned Blockchains

Cloud Infrastructure as a Service (IaaS) Service Level Agreements (SLAs) assessment constitutes the de facto area of interest and applications in the public cloud infrastructure. However, the domination of colossal corporations tends to monopolize the way metrics and Key Performance Indicators (KPIs) are measured and determined, leading to governed environments where the clientele is unable to obtain accurate and unbiased assessment of SLAs. Leaning toward SLA self-assessment, this paper provides a fair SLA consensus approach with innate transparency and privacy by leveraging permissioned blockchains that are equipped with Trusted Execution Environments (TEEs). The SLA assessment intelligence is performed inside enclaved smart contracts isolated from the on-chain entities views. The result constitutes a permissioned blockchain ecosystem where the IaaS and their clientele commonly agree on all the respective SLA monitoring and computation rules beforehand, as defined in any SLA assessment process, while the SLA consensus scheme constantly audits the SLA metrics based on these pre-approved regulations.

Sign in / Sign up

Export Citation Format

Share Document