Information security controls for multi-cloud and microservices

2020 ◽  
Vol 10 (2) ◽  
pp. 1-4
Author(s):  
Alok Kumar
Keyword(s):  
Information Security ◽  
Information Technologies ◽  
Control Process ◽  
Great Demand ◽  
Security Controls ◽  
Security Control ◽  
Almost All ◽  
Multi Cloud

The current study, provides the information security control process involved in multi-cloud and micro services. In recent years, there has been great demand to provide two layer securities in almost all sectors with the use of information technologies. Hence the present study highlights on the information securities and their importance.

scholarly journals Aligning Two Specifications for Controlling Information Security

2014 ◽  
Vol 4 (2) ◽  
pp. 46-62
Author(s):  
Riku Nykänen ◽  
Tommi Kärkkäinen
Keyword(s):  
Information Security ◽  
Security Management ◽  
Security Requirements ◽  
Information Security Management ◽  
Security Controls ◽  
Information Security Management System ◽  
Security Control ◽  
High Level ◽  
Iec 27001 ◽  
Iec 27002

Assuring information security is a necessity in modern organizations. Many recommendations for information security management exist, which can be used to define a baseline of information security requirements. ISO/IEC 27001 prescribes a process for an information security management system, and guidance to implement security controls is provided in ISO/IEC 27002. Finnish National Security Auditing Criteria (KATAKRI) has been developed by the national authorities in Finland as a tool to verify maturity of information security practices. KATAKRI defines both security control objectives and security controls to meet an objective. Here the authors compare and align these two specifications in the process, structural, and operational level, focusing on the security control objectives and the actual controls. Even if both specifications share the same topics on high level, the results reveal the differences in the scope and in the included security controls.

The model of an intelligent information security control system for supply chains based on the spatial concepts of the actor-network theory

2020 ◽  
Vol 5 ◽  
pp. 94-106
Author(s):  
Y.M. Iskanderov ◽  
◽  
M.D. Pautov
Keyword(s):  
Control System ◽  
Information Security ◽  
Supply Chains ◽  
Network Theory ◽  
Actor Network Theory ◽  
Spatial Concepts ◽  
Actor Network ◽  
Information Security Management System ◽  
Security Control ◽  
Intelligent Information

Aim. The use of modern information technologies makes it possible to achieve a qualitatively new level of control in supply chains. In these conditions, ensuring information security is the most important task. The article shows the possibilities of applying the spatial concepts of the actor-network theory in the interests of forming a relevant intelligent information security management system for supply chains. Materials and methods. The article discusses a new approach based on the provisions of the actor-network theory, which makes it possible to form the structure of an intelligent information security control system for supply chains, consisting of three main functional blocks: technical, psychological and administrative. The incoming information security threats and the relevant system responses generated through the interaction of the system blocks were considered as enacting the three Law’s spaces: the space of regions, the space of networks and the space of fl uids. Results. It is shown that the stability of this system in the space of networks is a necessary condition for its successful functioning in the space of regions, and its resilience in the space of fl uids gained through the dynamic knowledge formation helps overcome the adverse effects of the fl uidity. The problems of the intentional / unintentional nature of information security threats, as well as the reactivity / proactivity of the corresponding responses of the intelligent information security management system for supply chains are investigated. Conclusions. The proposed approach showed the possibility of using such an interdisciplinary tool in the fi eld of information security as the concepts of the actor-network theory. The intelligent information security control system built on its basis ensures that almost all the features of solving information security problems in supply chains are taken into account.

scholarly journals Improving Forensic Triage Efficiency through Cyber Threat Intelligence

2019 ◽  
Vol 11 (7) ◽  
pp. 162 ◽  
Author(s):  
Nikolaos Serketzis ◽  
Vasilios Katos ◽  
Christos Ilioudis ◽  
Dimitrios Baltatzis ◽  
Georgios Pangalos
Keyword(s):  
Information Security ◽  
Digital Forensics ◽  
Incident Response ◽  
Security Controls ◽  
Digital Forensic ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Series Of Experiments ◽  
Cyber Threat Intelligence ◽  
Security Incidents

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR.

Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL

2015 ◽  
Vol 23 (2) ◽  
pp. 161-177 ◽  
Author(s):  
Li-Hsing Ho ◽  
Ming-Tsai Hsu ◽  
Tieh-Min Yen
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Security Management ◽  
Fuzzy Dematel ◽  
Information Security Management ◽  
Content Type ◽  
Cause And Effect ◽  
Information Security Management System ◽  
Security Control ◽  
Improvement Strategies

Purpose – The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide organizations with a method for analyzing and making systematic decisions for improvement. Design/methodology/approach – This study utilized the Fuzzy DEMATEL to analyze cause-and-effect relationships and mutual influence of the 11 control items of the International Organization for Standardization (ISO) 27001 Information Security Management System (ISMS), which are discussed by seven experts in Taiwan to identify the core control items for developing the improvement strategies. Findings – The study has found that the three core control items of the ISMS are security policy (SC1), access control (SC7) and human resource security (SC4). This study provides organizations with a direction to develop improvement strategies and effectively manage the ISMS of the organization. Originality/value – The value of this study is for an organization to effectively dedicate resources to core control items, such that other control items are driven toward positive change by analyzing the cause-and-effect relation and the mutual influential level among information security control items, through a cause-and-effect matrix and a systematic diagram.

GLOBAL PROBLEMS OF MODERNITY AND THE SOCIETY OF INFORMATION TECHNOLOGIES

2021 ◽  
Vol 2 (1) ◽  
pp. 4-16
Author(s):  
Narzulla Juraev ◽  
Keyword(s):  
Information And Communication Technologies ◽  
Information Society ◽  
Information Technologies ◽  
Intellectual Development ◽  
Modern Society ◽  
Scientific Article ◽  
Consumer Attitude ◽  
Political Analysis ◽  
Information And Communication ◽  
Almost All

The rapid breakthrough observed today in the field of information and communication technologies testifies to the movement of mankind towards a new post-industrial phase of development -the information society. At the present stage, information is the main source of development of society. The penetration of information technology into almost all socio-economic spheres entails the formation of new needs and a new way of life for mankind.While noting the positive aspects of the information society, one should not forget about its negative aspects. With the development of modern society, the consumer attitude of people to the world is increasing. There is a danger of information dependence. For some people, virtual reality is often more significant than reality itself. To fully disclose the research, the scientific article used methods such as a systematic approach, historicity, comparative historical, structural, political analysis, functional and cultural analysis.At the end, scientifically grounded conclusions, recommendations and proposals on the need for spiritual and intellectual development of society weredeveloped.

Sign in / Sign up

Export Citation Format

Share Document