Scaling Concepts between Trust and Enforcement

2010 ◽  
pp. 20-57 ◽  
Author(s):  
Andreas U. Schmidt ◽  
Andreas Leicher ◽  
Inhyok Cha
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Access Control ◽  
Trusted Computing ◽  
Policy Enforcement ◽  
It Security ◽  
Technological Basis ◽  
Trust Relationships ◽  
Modern Information ◽  
Computing Platforms

Enforcement and trust are opposite concepts in information security. This chapter reflects on the paradigm shift from traditional concepts of access control and policy enforcement toward de-centralised methods for establishing trust between loosely connected entities. By delegating parts of enforcement tasks to trusted elements dispersed in a system, the system can establish transitive trust relationships. This is the most advanced evolution of the organisational method of separation of duties within IT security. The technological basis for trust in systems – trusted computing platforms – is described on conceptual levels allowing comparison with other top-level security concepts and mapping to application domains. Important applications in modern information systems and networks are exhibited.

Development of Project-based Learning Team in Information Security Classes in High Vocational Colleges

2011 ◽  
Vol 271-273 ◽  
pp. 1826-1829
Author(s):  
Yan He
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Small Groups ◽  
Project Based Learning ◽  
It Security ◽  
Training Mode ◽  
Vocational Colleges ◽  
Practical Experiences ◽  
Learning Team

To secure the information systems and safeguard the personal and social data, experts engaged in the IT security departments should be increasingly turned out. Many universities have incorporated information security courses at the undergraduate and graduate levels as part of information systems or computer science majors, and some high vocational colleges set the IT security specialty to train the information security operators. However, most graduates are lack of practical operations and they don't have the qualifications to do the job. To train the IT security experts, appropriate methods should be developed. We propose a training mode based on project_based learning team. In the team, students work together in small groups aiming at a project topic, which is pertinent to their real contexts. Through analyzing the quality of the ability improving of each individual in the project team, the professional skills and practical experiences of most students are greatly improved.

scholarly journals International Experience of Legal Support of Information Security and the Possibilities for its Application in the Republic of Kazakhstan

2020 ◽  
pp. 71-85
Author(s):  
Sholpan Zabikh
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Legal Regulation ◽  
International Experience ◽  
The State ◽  
Modern World ◽  
External Threats ◽  
Modern Information ◽  
The Republic ◽  
The Individual

The author in the article considers the problems of ensuring information security for the solution of which it is supposed to study methods and ways for identifying and preventing danger in the information sphere. The information security of society as a whole is determined by the rapidly growing technological capabilities of modern information systems, which in their influence on the politics, economy, and the spiritual and ideological sphere of people have now become decisive. Ensuring information security, which refers to the state of protection of the vital interests of the individual, society and the state in the information sphere from internal and external threats, seems to be a very important task in the modern world. The security of the information space are entails the protection of the rights and interests of man and citizen, society and the state in the information sphere from real and potential threats. The article also provides a generalized description of the international experience in the legal regulation of information security and the possibility of its application in the Republic of Kazakhstan.

scholarly journals PROTECTION MODELS AND METHODS AGAINST THREATED PROGRAMS INFORMATION SYSTEMS

2020 ◽  
pp. 72-84
Author(s):  
V.M. Dzhulij ◽  
V.A. Boychuk ◽  
V.Y. Titova ◽  
O.V. Selyukov ◽  
O.V. Miroshnichenko
Keyword(s):  
Information System ◽  
Information Systems ◽  
Access Control ◽  
Hard Disk ◽  
Security System ◽  
Modern Information ◽  
Access Rights ◽  
The Impact

The article proposes an approach to the development of protection methods against threatening programs in modern information systems, which consists in the development of security methods based on the implementation of access control to files by their types, which can be identified by file extensions that significantly exceed the known methods of antivirus protection, such as on the effectiveness of protection, as well as the impact on the load of computing resources of the information system. It is shown that the most important for protection are executable binary and script files, and that these classes of malware require mandatory storage of the threatening file on the hard disk before its execution (read). This led to the conclusion that protection against threatening programs can be built by implementing control (delineation) of access to files. A general approach to the implementation of protection against threatening programs is proposed, based on the implementation of control of access to files by their types, which can be identified by file extensions. The possibility of using such an approach is substantiated by a study of remedies. Methods of protection against threatening programs allow to protect the information system, both from loading, and from execution of binary and scripted threat files, differing in the possibility of taking into account the location of executable files, the possibility of administration with a working security system, the ability to control the modification of access objects, renaming access features, the ability to protect against scripted threat programs, including the ability to give threatening properties to interpreters (virtual x machines). Models of access control have been developed, which allowed the built-in access matrices to formulate requirements for building a secure system, the implementation of which prevents the leakage of given access rights of subjects to objects.

Study on Access Control Based on Trusted Computing

2013 ◽  
Vol 441 ◽  
pp. 980-983 ◽  
Author(s):  
Xin Qiang Ma ◽  
Yi Huang ◽  
Bo Lv
Keyword(s):  
Access Control ◽  
Trusted Computing ◽  
New Technology ◽  
Database System ◽  
Management Systems ◽  
Online Transactions ◽  
Exciting Potential ◽  
The Subject ◽  
Computing Platforms ◽  
Management Functions

An important new technology has recently been developed that will revolutionize trust and security for online transactions. Conventionally, most of the security-relevant functions are concentrated within the operating system. Often, these functions, especially those dealing with access control, are commingled with object management functions. This article, abstracted from a new book on the subject, explains the key concepts and the exciting potential of Trusted Computing Platforms (often abbreviated to Trusted Platforms). We discuss access control in multilevel database management systems applies and illustrate the main applies of access control based on Trusted Computing in the LogicSQL database system.

scholarly journals Understanding the Perspectives of Information Security Managers on Insider Threat

2020 ◽  
Author(s):  
Fongu Akipus Ngufor ◽  
David Cross
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Insider Threat ◽  
It Security ◽  
Social Control Theory ◽  
Insider Threats ◽  
The Social ◽  
It Managers ◽  
Research Questions ◽  
Cyber Crimes

<p>Insider threat is one of the main issues faced by organizations as information systems become inherent to the success and competitiveness of businesses in contemporary environments. However, there is insufficient understanding of the phenomenon of insider threat by information security managers responsible for ensuring the availability, confidentiality, and integrity of data and information systems. Therefore, it is crucial to address issues related to insider threat. The focus of this phenomenological qualitative research was on the lived experiences of information security managers’ perceptions, understanding, and how they employ mechanisms to reduce cyber-crimes perpetrated in U.S. East Coast organizations. The research questions examined how information technology (IT) managers experienced and understood insider threats and how their experiences and understanding shaped their behavior to curb insider threat. The social control theory was useful for the purpose of explaining the reasons why individuals with legitimate access could decide to exploit vulnerabilities in the critical assets of businesses. Twelve participants, all IT security managers, selected through purposive sampling for semi-structured one-to-one interview, took part in the study. Findings from the study indicated that malicious insider threats pose a growing risk to organizations and inadvertent insider threats were more common but less damaging than malicious insider threats. Further, insider threats were associated with disgruntled employees who committed sabotage or theft to meet financial needs and revenge. Experience and understanding of insider threats influenced IT managers to advocate for the implementation of training to raise awareness of security policies to deter insider threats. Based on the findings, IT security managers should use technical and administrative approaches to prevent, detect, and monitor systems to control insider threats.</p>

Research on Task-Based Usage Control Core Models in Workflow for Manufacturing Environment

2014 ◽  
Vol 886 ◽  
pp. 378-381
Author(s):  
Xiao Lin Xu
Keyword(s):  
Information Systems ◽  
Access Control ◽  
Management System ◽  
Manufacturing Environment ◽  
Widespread Application ◽  
Usage Control ◽  
Modern Information

With widespread application of Workflow (WF) management system, problem in access control becomes more and more important. At present, the TBAC Model and TRBAC Model cannot satisfy the requirements of access control in Modern information systems. Therefore, the task in WF is the center which combine UCON model with WF, and establish the Task-Based Usage Control (TUCON) Model in which the access control of WF use the UCON Model.

Zintegrowane badanie i ocena stanu ochrony zasobów informacji

2018 ◽  
Vol 6 (24) (1-2) ◽  
pp. 39-58
Author(s):  
Krzysztof Liderman ◽  
Adam Patkowski
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Integrated Approach ◽  
Technical Diagnostics ◽  
It Security ◽  
Information Protection ◽  
Security Audit ◽  
Paper Briefly ◽  
Complex Information ◽  
Penetration Tests

W artykule przedstawiono propozycję zintegrowanego ujęcia zagadnień oceny stanu ochrony informacji w złożonych systemach informacyjnych. Fundamentem tej propozycji jest diagnostyka techniczna oraz bezpieczeństwo informacyjne. Przedstawiono m.in. zagadnienia wykonywania badań dostarczających podstaw do takiej oceny: testów penetracyjnych oraz audytu bezpieczeństwa teleinformatycznego. W ostatnim punkcie opisano krótko metodykę LP-A wykonywania audytu bezpieczeństwa teleinformatycznego integrującą różne typy badań oraz ułatwiającą wykorzystanie różnych, w zależności od potrzeb, wzorców audytowych. ABSTRACT: The paper presents a proposal of an integrated approach to the issues of assessing the state of information protection in complex information systems. The foundation of this proposal is technical diagnostics along with information security. Featured, among others issues of performing tests providing the basis for such an assessment: penetration tests and IT security audit. The last chapter of the paper briefly describes the LP-A methodology of performing an IT security audit that integrates various types of research, aiding various audit patterns, depending on the needs.

scholarly journals Understanding the Perspectives of Information Security Managers on Insider Threat

2020 ◽  
Author(s):  
Fongu Akipus Ngufor ◽  
David Cross
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Insider Threat ◽  
It Security ◽  
Social Control Theory ◽  
Insider Threats ◽  
The Social ◽  
It Managers ◽  
Research Questions ◽  
Cyber Crimes

<p>Insider threat is one of the main issues faced by organizations as information systems become inherent to the success and competitiveness of businesses in contemporary environments. However, there is insufficient understanding of the phenomenon of insider threat by information security managers responsible for ensuring the availability, confidentiality, and integrity of data and information systems. Therefore, it is crucial to address issues related to insider threat. The focus of this phenomenological qualitative research was on the lived experiences of information security managers’ perceptions, understanding, and how they employ mechanisms to reduce cyber-crimes perpetrated in U.S. East Coast organizations. The research questions examined how information technology (IT) managers experienced and understood insider threats and how their experiences and understanding shaped their behavior to curb insider threat. The social control theory was useful for the purpose of explaining the reasons why individuals with legitimate access could decide to exploit vulnerabilities in the critical assets of businesses. Twelve participants, all IT security managers, selected through purposive sampling for semi-structured one-to-one interview, took part in the study. Findings from the study indicated that malicious insider threats pose a growing risk to organizations and inadvertent insider threats were more common but less damaging than malicious insider threats. Further, insider threats were associated with disgruntled employees who committed sabotage or theft to meet financial needs and revenge. Experience and understanding of insider threats influenced IT managers to advocate for the implementation of training to raise awareness of security policies to deter insider threats. Based on the findings, IT security managers should use technical and administrative approaches to prevent, detect, and monitor systems to control insider threats.</p>

scholarly journals Features of cybersecurity of modern information technologies during the digital transformation.

2021 ◽  
pp. 194-200
Author(s):  
V. Martsenyuk ◽  
А. Sverstyuk ◽  
I. Andrushchak ◽  
L. Rykovska ◽  
V. Koshelyuk
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
Security Management ◽  
Digital Transformation ◽  
Management Systems ◽  
Key Factors ◽  
Information Security Management ◽  
Digital Production ◽  
Modern Information

The article considers system-wide views on cybersecurity during the digital transformation, highlights the key factors that determine the problems of information systems protection. The corresponding transformation of information security management systems is given. New threats to digital production, their features and channels of influence are considered.

Sign in / Sign up

Export Citation Format

Share Document