Malware and Antivirus Deployment for Enterprise Security

Threats to information security are pervasive, originating from both outside and within an organization. The history of computer security is dotted with the tales of newer methods of identification, detection, and prevention of malware, only to be followed by a new set of threats that circumvent those safeguards. The explosive growth of the Internet and wide availability of toolsets and documentation exacerbates this problem by making malware development easy. As blended threats continue to combine multiple types of attacks into single and more dangerous payloads, newer threats are emerging. Phishing, pharming, spamming, spoofing, spyware, and hacking incidents are increasing at an alarming rate despite the release of breakthrough security defense products. A multi-layered, integrated approach using different security products in conjunction with well-defined security policies and antivirus software will form the foundation for effective enterprise security management.

Download Full-text

IoT Information Security: Fundamental Statements Review

PROGRAMMNAYA INGENERIA ◽

10.17587/prin.11.259-269 ◽

2020 ◽

Vol 11 (5) ◽

pp. 259-269

Author(s):

V. A. Galatenko ◽

◽

K. A. Kostyukhin ◽

Keyword(s):

Information Security ◽

Internet Of Things ◽

Reference Model ◽

Integrated Approach ◽

Point Of View ◽

The Internet ◽

Physical Damage ◽

Security Breaches ◽

Internet Of Things Technology ◽

The Internet Of Things

Internet of things technology is developing at an exceptionally fast pace. This applies to both industrial and consumer Internet. The "things" account for billions, and many areas of application have been formed. At the same time, the state of information security of the Internet of things is not satisfactory, and protective measures are clearly inferior to Commerce. This is especially dangerous because the Internet of things spans two worlds: digital and physical, and security breaches can cause both informational and physical damage. The Internet of things is developing rapidly, so it is natural that it experiences typical growth diseases-fragmentation and uneven development. The base for ensuring security is mostly formed (but continues to be formed), the question is how quickly there will be a harmonization of approaches, and advanced ideas will be accepted by device manufacturers. Many state and non-state agencies actively promote security tools, inform and train manufacturers and consumers. The article is an overview of the main provisions of information security of the Internet of things. An attempt is made to consider software and technical and legislative levels of Internet of things security. This makes it different from other publications of a similar nature. Only a holistic, integrated approach can improve real information security. Authors outline basic concepts and describe a reference model of Internet of things, draw attention to the peculiarities of the Internet of things that are important from the security point of view, enumerate typical threats for Internet of things. The legislative level of information security, security recommendations for the Internet of things, manufacturers description of usage, and installation of software corrections are considered in detail.

Download Full-text

Review: Information Security Policies, Procedures and Standards: Guidelines for Effective Information Security Management

The Computer Bulletin ◽

10.1093/combul/45.2.30-b ◽

2003 ◽

Vol 45 (2) ◽

pp. 30-30

Author(s):

C. Gray

Keyword(s):

Information Security ◽

Security Management ◽

Security Policies ◽

Information Security Management

Download Full-text

Role of Cyber Security in Today's Scenario

Detecting and Mitigating Robotic Cyber Security Risks - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-2154-9.ch013 ◽

2017 ◽

pp. 177-191 ◽

Cited By ~ 7

Author(s):

Manju Khari ◽

Gulshan Shrivastava ◽

Sana Gupta ◽

Rashmi Gupta

Keyword(s):

Information Security ◽

Computer Security ◽

Cyber Security ◽

Cyber Attacks ◽

Cyber Attack ◽

Individual Property ◽

Security Breaches ◽

Information Tools ◽

History Of ◽

Security Standards

Cyber Security is generally used as substitute with the terms Information Security and Computer Security. This work involves an introduction to the Cyber Security and history of Cyber Security is also discussed. This also includes Cyber Security that goes beyond the limits of the traditional information security to involve not only the security of information tools but also the other assets, involving the person's own confidential information. In computer security or information security, relation to the human is basically to relate their duty(s) in the security process. In Cyber security, the factor has an added dimension, referring humans as the targets for the cyber-attacks or even becoming the part of the cyber-attack unknowingly. This also involves the details about the cybercriminals and cyber risks going ahead with the classification of the Cybercrimes which is against individual, property, organisation and society. Impacts of security breaches are also discussed. Countermeasures for computer security are discussed along with the Cyber security standards, services, products, consultancy services, governance and strategies. Risk management with the security architecture has also been discussed. Other section involves the regulation and certification controls; recovery and continuity plans and Cyber security skills.

Download Full-text

Role of Cyber Security in Today's Scenario

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch001 ◽

2018 ◽

pp. 1-15 ◽

Cited By ~ 1

Author(s):

Manju Khari ◽

Gulshan Shrivastava ◽

Sana Gupta ◽

Rashmi Gupta

Keyword(s):

Information Security ◽

Computer Security ◽

Cyber Security ◽

Cyber Attacks ◽

Cyber Attack ◽

Individual Property ◽

Security Breaches ◽

Information Tools ◽

History Of ◽

Security Standards

Cyber Security is generally used as substitute with the terms Information Security and Computer Security. This work involves an introduction to the Cyber Security and history of Cyber Security is also discussed. This also includes Cyber Security that goes beyond the limits of the traditional information security to involve not only the security of information tools but also the other assets, involving the person's own confidential information. In computer security or information security, relation to the human is basically to relate their duty(s) in the security process. In Cyber security, the factor has an added dimension, referring humans as the targets for the cyber-attacks or even becoming the part of the cyber-attack unknowingly. This also involves the details about the cybercriminals and cyber risks going ahead with the classification of the Cybercrimes which is against individual, property, organisation and society. Impacts of security breaches are also discussed. Countermeasures for computer security are discussed along with the Cyber security standards, services, products, consultancy services, governance and strategies. Risk management with the security architecture has also been discussed. Other section involves the regulation and certification controls; recovery and continuity plans and Cyber security skills.

Download Full-text

IT Security

Managing Very Large IT Projects in Businesses and Organizations - Advances in IT Personnel and Project Management ◽

10.4018/978-1-59904-546-7.ch006 ◽

2009 ◽

pp. 84-95

Author(s):

Matthew Guah

Keyword(s):

Information Security ◽

Computer Security ◽

Security Management ◽

Implementation Process ◽

Cyber Attacks ◽

It Security ◽

Security Risk ◽

Corporate Security ◽

It Systems ◽

Organizational Perspective

One area that has scarcely received attention in the IT security literature, is the role that individual compliance plays in preventing cyber-attacks. Specifically, how individuals take precautions, how they are motivated to take precautions, and the impact of corporate security policies on individual precaution-taking behaviour have not been extensively researched. Existing literature has underdeveloped conceptualizations of how these control systems work in the realm of information security. This chapter adds to the body of knowledge concerning the socio-organizational perspective for understanding IT security management in the organization that implement VLITP. It examines the VLITP implementation process for achieving IT security management BS 7799 Part 2 certification. The author also gives regards to the role of individual perceptions of the compulsion of controls as a significant part of the IT security process. Focusing more on behavioural aspects of security during the implementation of VLITP, this book considers Information security is to be different from computer security—which is the encompassing of information security in addition to the other aspects of security such as technical aspects, physical security, system security, networking issues, and so forth.. IT security risk considerations cause are capable of causing particular concern on the interdependence of IT systems and inject another element of complexity in the application of the policies governing VLITPs.

Download Full-text

Preparing for Cyber Threats with Information Security Policies

International Journal of Cyber Warfare and Terrorism ◽

10.4018/ijcwt.2013100103 ◽

2013 ◽

Vol 3 (4) ◽

pp. 22-31

Author(s):

Ilona Ilvonen ◽

Pasi Virtanen

Keyword(s):

Information Systems ◽

Information Security ◽

Literature Review ◽

Scenario Analysis ◽

Security Policy ◽

Potential Effect ◽

Security Policies ◽

The Internet ◽

Cyber Threats

Contemporary organisations in any industry are increasingly dependent on information systems. Today most organisations are online all the time, and their internal systems are used in environments that are already or easily connected to the internet. The paper analyses cyber threats and their potential effect on the operations of different organisations with the use of scenario analysis. The scenarios are built based on a literature review. One outcome of the analysis is that to an organisation it is irrelevant where a cyber threat originates from and who it is targeted for. If the threat is specifically targeted to the organisation or if the threat is collateral in nature is not important; preparing for the threat is important in both cases. The paper discusses the pressures that the cyber threats pose to information security policies, and what the role of the information security policy could be in preparing for the threats.

Download Full-text

Integration of COBIT, Balanced Scorecard and SSE-CMM as an Organizational & Strategic Information Security Management (ISM) Framework

ICT Ethics and Security in the 21st Century ◽

10.4018/978-1-60960-573-5.ch014 ◽

2011 ◽

pp. 277-309 ◽

Cited By ~ 3

Author(s):

James E. Goldman ◽

Suchit Ahuja

Keyword(s):

Information Security ◽

Balanced Scorecard ◽

Security Management ◽

Integrated Approach ◽

Maturity Model ◽

Strategic Information ◽

Information Security Management ◽

Integrated Framework ◽

It Alignment ◽

Measurement And Evaluation

The purpose of this chapter is to present an integrated framework that addresses the need for organizational information security requirements as well as alignment between business, IT and information security strategies. This is achieved via the integrated use of control objectives for Information Technology (COBIT) and balanced scorecard (BSC) frameworks, in conjunction with Systems Security Engineering Capability Maturity Model (SSE-CMM) as a tool for performance measurement and evaluation, in order to ensure the adoption of a continuous improvement approach for successful sustainability. This integrated framework has been presented at the IEEE Symposium on Security & Privacy (2009) and the International Conference on Business/IT Alignment (2009). The goal is to investigate the strengths, implementation techniques, and potential benefits of such an integrated approach. The integrated use of COBIT, BSC, and SSE-CMM can provide a more comprehensive mechanism for strategic information security management–one that is fully aligned with business, IT, and information security strategies.

Download Full-text

A Study on Generalization of Security Policies for Enterprise Security Management System

The KIPS Transactions PartC ◽

10.3745/kipstc.2002.9c.6.823 ◽

2002 ◽

Vol 9C (6) ◽

pp. 823-830 ◽

Cited By ~ 1

Keyword(s):

Management System ◽

Security Management ◽

Security Policies ◽

Enterprise Security

Download Full-text

Teaching Objectives of a Simulation Game for Computer Security

10.28945/2666 ◽

2003 ◽

Author(s):

Cynthia E. Irvine ◽

Michael F Thompson

Keyword(s):

Computer Simulation ◽

Information Security ◽

Computer Security ◽

Computer Networks ◽

Security Policies ◽

Simulation Game ◽

Teaching Objectives ◽

Highly Skilled ◽

Access Controls

This paper describes a computer simulation game being developed to teach computer security principles. The player of the game constructs computer networks and makes choices affecting the ability of these networks and the game’s virtual users to protect valuable assets from attack by both vandals and well-motivated professionals. The game introduces the player to the need for well formed information security policies, allowing the player to deploy a variety of means to enforce security policies, including authentication, audit and access controls. The game will depict a number of vulnerabilities ranging from trivial passwords to trap doors planted by highly skilled, well-funded adversaries.

Download Full-text