A Community-Oriented Approach to CIIP in Developing Countries

2014 ◽  
pp. 849-871
Author(s):  
Ian Ellefsen ◽  
Sebastiaan von Solms
Keyword(s):  
Developing Countries ◽  
Computer Security ◽  
Cyber Security ◽  
Information Infrastructure ◽  
Cyber Attacks ◽  
Security Measures ◽  
Developing Regions ◽  
Infrastructure Protection ◽  
Internal Structures ◽  
Oriented Approach

Developing countries are fast becoming players in an increasingly interconnected world. Many developing countries are making use of technological solutions to address unique challenges. However, in many cases, this growth is not accompanied with the development of appropriate information infrastructure protection structures. As technological solutions are deployed in developing countries, there will be a large number of new users gaining access to Internet-based systems. In many cases, these new users might lack the skills necessary to identify computer security threats. Inadequate cyber security measures can increase the risk and impact of cyber attacks. The development of internal structures to address Critical Information Infrastructure Protection (CIIP) is dependent on the environment in which it will be deployed. Therefore, traditional CIIP structures might not adequately address the technological challenges found in developing countries. In this chapter, the authors aim to address the development of CIIP structures in developing regions by elaborating on the set of unique challenges that exist. Furthermore, they aim to present a community-oriented structure aimed at providing CIIP, in what they refer to as a “bottom-up” manner. The larger aim of CIIP structures in developing regions is to support the future development and deployment of cyber security mechanisms and to allow developing countries to play a trusted role in global cyber security efforts.

A Community-Oriented Approach to CIIP in Developing Countries

2013 ◽  
pp. 240-261
Author(s):  
Ian Ellefsen ◽  
Sebastiaan von Solms
Keyword(s):  
Developing Countries ◽  
Computer Security ◽  
Cyber Security ◽  
Information Infrastructure ◽  
Cyber Attacks ◽  
Security Measures ◽  
Developing Regions ◽  
Infrastructure Protection ◽  
Internal Structures ◽  
Oriented Approach

Developing countries are fast becoming players in an increasingly interconnected world. Many developing countries are making use of technological solutions to address unique challenges. However, in many cases, this growth is not accompanied with the development of appropriate information infrastructure protection structures. As technological solutions are deployed in developing countries, there will be a large number of new users gaining access to Internet-based systems. In many cases, these new users might lack the skills necessary to identify computer security threats. Inadequate cyber security measures can increase the risk and impact of cyber attacks. The development of internal structures to address Critical Information Infrastructure Protection (CIIP) is dependent on the environment in which it will be deployed. Therefore, traditional CIIP structures might not adequately address the technological challenges found in developing countries. In this chapter, the authors aim to address the development of CIIP structures in developing regions by elaborating on the set of unique challenges that exist. Furthermore, they aim to present a community-oriented structure aimed at providing CIIP, in what they refer to as a “bottom-up” manner. The larger aim of CIIP structures in developing regions is to support the future development and deployment of cyber security mechanisms and to allow developing countries to play a trusted role in global cyber security efforts.

scholarly journals Prioritizing computer security controls for home users

2019 ◽  
Author(s):  
Justin Fanelli ◽  
John Waxler
Keyword(s):  
Computer Security ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Multi Criteria Decision Making ◽  
Data Systems ◽  
Security Controls ◽  
Home Computers ◽  
Subject Matter Expertise ◽  
Home Users ◽  
Home Computing

Hundreds of thousands of home users are victimized by cyber-attacks every year. Most experts agree that average home users are not doing enough to protect their computers and their information from cyber-attacks. Improperly managed home computers can lead to individuals losing data, systems performing slowly, loss of identity, and ransom payments; en masse attacks can act in concert to infect personal computers in business and government. Currently, home users receive conflicting guidance for a complicated terrain, often in the form of anecdotal 'Top 10' lists, that is not appropriate for their specific needs, and in many instances, users ignore all guidance. Often, these popular ‘Top 10’ lists appear to be based solely on opinion. Ultimately, we asked ourselves the following: how can we provide home users with better guidance for determining and applying appropriate security controls that meet their needs and can be verified by the cyber security community? In this paper, we propose a methodology for determining and prioritizing the most appropriate security controls for home computing. Using Multi Criteria Decision Making (MCDM) and subject matter expertise, we identify, analyze and prioritize security controls used by government and industry to determine which controls can substantively improve home computing security. We apply our methodology using examples to demonstrate its benefits.

scholarly journals UNIVERSITY CYBER SECURITY AS A METHOD FOR ANTI-FISHING FRAUD

2020 ◽  
pp. 59-67
Author(s):  
Irina Tatomur
Keyword(s):  
Cyber Security ◽  
Educational Institution ◽  
Visual Presentation ◽  
Academic Community ◽  
Cyber Attacks ◽  
Asia Pacific ◽  
Economic Losses ◽  
Educational Institutions ◽  
Security Measures ◽  
Phishing Attacks

Introduction. With the rapid adoption of computer and networking technologies, educational institutions pay insufficient attention to the implementation of security measures to ensure the confidentiality, integrity and accessibility of data, and thus fall prey to cyber-attacks. Methods. The following methods were used in the process of writing the article: methods of generalization, analogy and logical analysis to determine and structure the motives for phishing attacks, ways to detect and prevent them; statistical analysis of data – to build a chronological sample of the world's largest cyber incidents and determine the economic losses suffered by educational institutions; graphical method – for visual presentation of results; abstraction and generalization – to make recommendations that would help reduce the number of cyber scams. Results. The article shows what role cyber security plays in counteracting phishing scams in the educational field. The motives for the implementation of phishing attacks, as well as methods for detecting and preventing them, have been identified and regulated. The following notions as "phishing", "submarine" and "whaling" are evaluated as the most dangerous types of fraud, targeting both small and large players in the information chain of any educational institution. An analytical review of the educational services market was conducted and a chronological sampling of the largest cyber incidents that occurred in the period 2010-2019 was made. The economic losses incurred by colleges, research institutions and leading universities in the world were described. It has been proven that the US and UK educational institutions have been the most attacked by attackers, somewhat inferior to Canada and countries in the Asia-Pacific region. It is found that education has become the top industry in terms of the number of Trojans detected on devices belonging to educational institutions and the second most listed among the most affected by the ransomware. A number of measures have been proposed to help reduce the number of cyber incidents. Discussion. The obtained results should be taken into account when formulating a strategy for the development of educational institutions, as well as raising the level of awareness of the representatives of the academic community in cybersecurity. Keywords: phishing, cyber security, cyber stalkers, insider threat, rootkit, backdoor.

Application of Cyber Security in Emerging C4ISR Systems

2013 ◽  
pp. 1705-1738
Author(s):  
Ashfaq Ahmad Malik ◽  
Athar Mahboob ◽  
Adil Khan ◽  
Junaid Zubairi
Keyword(s):  
Cyber Security ◽  
Oil And Gas ◽  
Information Assurance ◽  
System Of Systems ◽  
Cyber Attacks ◽  
Security Measures ◽  
Oil And Gas Exploration ◽  
Civil Sector ◽  
C4isr System ◽  
Network Of Networks

C4ISR stands for Command, Control, Communications, Computers, Intelligence, Surveillance & Reconnaissance. C4ISR systems are primarily used by organizations in the defense sector. However, they are also increasingly being used by civil sector organizations such as railways, airports, oil, and gas exploration departments. The C4ISR system is a system of systems and it can also be termed as network of networks and works on similar principles as the Internet. Hence it is vulnerable to similar attacks called cyber attacks and warrants appropriate security measures to save it from these attacks or to recover if the attack succeeds. All of the measures put in place to achieve this are called cyber security of C4ISR systems. This chapter gives an overview of C4ISR systems focusing on the perspective of cyber security warranting information assurance.

Role of Cyber Security in Today's Scenario

2017 ◽  
pp. 177-191 ◽  
Author(s):  
Manju Khari ◽  
Gulshan Shrivastava ◽  
Sana Gupta ◽  
Rashmi Gupta
Keyword(s):  
Information Security ◽  
Computer Security ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Individual Property ◽  
Security Breaches ◽  
Information Tools ◽  
History Of ◽  
Security Standards

Cyber Security is generally used as substitute with the terms Information Security and Computer Security. This work involves an introduction to the Cyber Security and history of Cyber Security is also discussed. This also includes Cyber Security that goes beyond the limits of the traditional information security to involve not only the security of information tools but also the other assets, involving the person's own confidential information. In computer security or information security, relation to the human is basically to relate their duty(s) in the security process. In Cyber security, the factor has an added dimension, referring humans as the targets for the cyber-attacks or even becoming the part of the cyber-attack unknowingly. This also involves the details about the cybercriminals and cyber risks going ahead with the classification of the Cybercrimes which is against individual, property, organisation and society. Impacts of security breaches are also discussed. Countermeasures for computer security are discussed along with the Cyber security standards, services, products, consultancy services, governance and strategies. Risk management with the security architecture has also been discussed. Other section involves the regulation and certification controls; recovery and continuity plans and Cyber security skills.

Role of Cyber Security in Today's Scenario

2018 ◽  
pp. 1-15 ◽  
Author(s):  
Manju Khari ◽  
Gulshan Shrivastava ◽  
Sana Gupta ◽  
Rashmi Gupta
Keyword(s):  
Information Security ◽  
Computer Security ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Individual Property ◽  
Security Breaches ◽  
Information Tools ◽  
History Of ◽  
Security Standards

Cyber Security is generally used as substitute with the terms Information Security and Computer Security. This work involves an introduction to the Cyber Security and history of Cyber Security is also discussed. This also includes Cyber Security that goes beyond the limits of the traditional information security to involve not only the security of information tools but also the other assets, involving the person's own confidential information. In computer security or information security, relation to the human is basically to relate their duty(s) in the security process. In Cyber security, the factor has an added dimension, referring humans as the targets for the cyber-attacks or even becoming the part of the cyber-attack unknowingly. This also involves the details about the cybercriminals and cyber risks going ahead with the classification of the Cybercrimes which is against individual, property, organisation and society. Impacts of security breaches are also discussed. Countermeasures for computer security are discussed along with the Cyber security standards, services, products, consultancy services, governance and strategies. Risk management with the security architecture has also been discussed. Other section involves the regulation and certification controls; recovery and continuity plans and Cyber security skills.

scholarly journals Long-term experiences in keeping balance between safety and usability in research activities in KEK

2019 ◽  
Vol 214 ◽  
pp. 08001
Author(s):  
Tadashi Murakami ◽  
Fukuko Yuasa ◽  
Ryouichi Baba ◽  
Teiji Nakamura ◽  
Kiyoharu Hashimoto ◽  
...  
Keyword(s):  
Computer Security ◽  
High Energy Physics ◽  
High Energy ◽  
Daily Basis ◽  
General Purpose ◽  
Cyber Attacks ◽  
Security Measures ◽  
Security Incident ◽  
Research Activities

This work aims to provide KEK general-purpose network to support various research activities in the fields of high-energy physics, material physics, and accelerator physics. Since the end of the 20th century, on a daily basis, networks experience cyber-attacks and the methods of attack have rapidly evolved to become more sophisticated over the years. Security measures have been developed to mitigate the effects of cyber-attacks. While security measures may improve safety, restrictions might reduce usability. Therefore, we must keep a balance between safety and usability of the network for a smooth running of research activities. Herein, we present our long-term experience with keeping a balance between safety and usability in KEK research activities. The key points are reasonably ensuring traceability and security management. We have been using security devices, such as firewalls, intrusion detection systems, and vulnerability management systems, to achieve a balance between safety and usability. Also, we present activities of the computer security incident response team (CSIRT) and collaborative activities among research organizations.

scholarly journals Cyber Security Issues in Navigation Systems of Marine Vessels From a Control Perspective

2017 ◽  
Author(s):  
Vahid Hassani ◽  
Naveena Crasta ◽  
António M. Pascoal
Keyword(s):  
Cyber Security ◽  
Cyber Attacks ◽  
Gps Data ◽  
Positioning System ◽  
Navigation Systems ◽  
State Variables ◽  
Security Measures ◽  
Security Issues ◽  
Linear Control Theory ◽  
Marine Vessels

Autonomous marine vessels are the way forward to revolutionize maritime operations. However, the safety and success of autonomous missions depend critically on the availability of a reliable positioning system and time information generated using global positioning system (GPS) data. GPS data are further used for guidance, navigation, and control (GNC) of vehicles. At a mission planning level GPS data are commonly assumed to be reliable. From this perspective, this article aims to highlight the perils of maritime navigation attacks, showing the need for the enhancement of standards and security measures to intercept any serious threats to marine vessels emanating from cyber attacks and GPS spoofing. To this end, we consider a case where a cyber attacker blocks the real GPS signals and dupes the GPS antennas on board the marine vehicle with fake signals. Using the Nomoto model for the steering dynamics of a marine vessel and exploiting tools from linear control theory we show analytically, and verify using numerical simulations, that it is possible to influence the state variables of the marine vessel by manipulating the compromised GPS data.

scholarly journals Design and Deployment of Network Testbed for Web Data Security

2021 ◽  
Author(s):  
Shishir Kumar Shandilya
Keyword(s):  
Cyber Security ◽  
Vital Role ◽  
Cyber Attacks ◽  
Adaptive Security ◽  
Security Measures ◽  
Adaptive Responses ◽  
Network Testbeds ◽  
Library Support ◽  
Proactive Security ◽  
Effective Analysis

In recent years, the cyber security scenario has transformed predominantly from conventional response-based security mechanisms to proactive security strategies. And this transformation is still continuing which is shifting it from proactive security strategies to cyber immunity which eliminates the cyber threats by introducing stringent and adaptive security measures. In the process of developing new security algorithms/procedures, accurate modelling and effective simulation play a vital role for the robustness and effectiveness of proposed system. It is also necessary to analyze the behaviour of proposed system against multiple types of known cyber attacks. This paper focuses on the existing network testbeds for an effective analysis and monitoring while proposing a new network testbed for examining new security concepts like cyber immunity. The proposed network testbed is designed to incorporate the methods and procedures of Nature-inspired Cyber Security to accommodate the adaptive responses against the sophisticated and ever-advancing cyber attacks. The proposed testbed provides customizable analytical tool to design, test and examine the new security algorithms through a rich set of attack scenarios. It also allows developers to design, implement, and evaluate their defensive techniques with library support.

Sign in / Sign up

Export Citation Format

Share Document