security controls
Recently Published Documents


TOTAL DOCUMENTS

382
(FIVE YEARS 132)

H-INDEX

11
(FIVE YEARS 3)

2022 ◽  
Vol 2022 ◽  
pp. 1-13
Author(s):  
Minsoo Lee ◽  
Hyun Kwon ◽  
Hyunsoo Yoon

The instrumentation and control (I&C) system of a nuclear power plant (NPP) employs a cybersecurity program regulated by the government. Through regulation, the government requires the implementation of security controls in order for a system to be developed and operated. Accordingly, the licensee of an NPP works to comply with this requirement, beginning in the development phase. The compliance-driven approach is efficient when the government supervises NPPs, but it is inefficient when a licensee constructs them. The security controls described in regulatory guidance do not consider system characteristics. In other words, the development organization spends a considerable amount of time excluding unnecessary control items and preparing the evidence to justify their exclusion. In addition, security systems can vary according to the developer’s level of security knowledge, leading to differences in levels of security between systems. This paper proposes a method for a developer to select the appropriate security controls when preparing the security requirements during the early development phase; it is designed to ensure the system’s security and reduce the cost of excluding unnecessary security controls. We have formalized the representation of attack patterns and security control patterns and identified the relationships between these patterns. We conducted a case study applying RG 5.71 in the Plant Protection System (PPS) to confirm the validity of the proposed method.


Sensors ◽  
2022 ◽  
Vol 22 (2) ◽  
pp. 538
Author(s):  
Alok Mishra ◽  
Yehia Ibrahim Alzoubi ◽  
Asif Qumer Gill ◽  
Memoona Javeria Anwar

Cybersecurity is a critical issue that must be prioritized not just by enterprises of all kinds, but also by national security. To safeguard an organization’s cyberenvironments, information, and communication technologies, many enterprises are investing substantially in cybersecurity these days. One part of the cyberdefense mechanism is building an enterprises’ security policies library, for consistent implementation of security controls. Significant and common cybersecurity policies of various enterprises are compared and explored in this study to provide robust and comprehensive cybersecurity knowledge that can be used in various enterprises. Several significant common security policies were identified and discussed in this comprehensive study. This study identified 10 common cybersecurity policy aspects in five enterprises: healthcare, finance, education, aviation, and e-commerce. We aimed to build a strong infrastructure in each business, and investigate the security laws and policies that apply to all businesses in each sector. Furthermore, the findings of this study reveal that the importance of cybersecurity requirements differ across multiple organizations. The choice and applicability of cybersecurity policies are determined by the type of information under control and the security requirements of organizations in relation to these policies.


Electronics ◽  
2022 ◽  
Vol 11 (2) ◽  
pp. 222
Author(s):  
Tomasz Wichary ◽  
Jordi Mongay Batalla ◽  
Constandinos X. Mavromoustakis ◽  
Jerzy Żurek ◽  
George Mastorakis

This paper focuses on the security challenges of network slice implementation in 5G networks. We propose that network slice controllers support security by enabling security controls at different network layers. The slice controller orchestrates multilevel domains with resources at a very high level but needs to understand how to define the resources at lower levels. In this context, the main outstanding security challenge is the compromise of several resources in the presence of an attack due to weak resource isolation at different levels. We analysed the current standards and trends directed to mitigate the vulnerabilities mentioned above, and we propose security controls and classify them by efficiency and applicability (easiness to develop). Security controls are a common way to secure networks, but they enforce security policies only in respective areas. Therefore, the security domains allow for structuring the orchestration principles by considering the necessary security controls to be applied. This approach is common for both vendor-neutral and vendor-dependent security solutions. In our classification, we considered the controls in the following fields: (i) fair resource allocation with dynamic security assurance, (ii) isolation in a multilayer architecture and (iii) response to DDoS attacks without service and security degradation.


Sensors ◽  
2022 ◽  
Vol 22 (2) ◽  
pp. 513
Author(s):  
Efstratios Chatzoglou ◽  
Georgios Kambourakis ◽  
Christos Smiliotopoulos

The impact that IoT technologies have on our everyday life is indisputable. Wearables, smart appliances, lighting, security controls, and others make our life simpler and more comfortable. For the sake of easy monitoring and administration, such devices are typically accompanied by smartphone apps, which are becoming increasingly popular, and sometimes are even required to operate the device. Nevertheless, the use of such apps may indirectly magnify the attack surface of the IoT device itself and expose the end-user to security and privacy breaches. Therefore, a key question arises: do these apps curtail their functionality to the minimum needed, and additionally, are they secure against known vulnerabilities and flaws? In seek of concrete answers to the aforesaid question, this work scrutinizes more than forty chart-topping Android official apps belonging to six diverse mainstream categories of IoT devices. We attentively analyse each app statically, and almost half of them dynamically, after pairing them with real-life IoT devices. The results collected span several axes, namely sensitive permissions, misconfigurations, weaknesses, vulnerabilities, and other issues, including trackers, manifest data, shared software, and more. The short answer to the posed question is that the majority of such apps still remain susceptible to a range of security and privacy issues, which in turn, and at least to a significant degree, reflects the general proclivity in this ecosystem.


2022 ◽  
pp. 533-560
Author(s):  
Winfred Yaokumah

Operations security management integrates the activities of all the information systems security controls. It ensures that the entire computing environment is adequately secured. This chapter conducts an in-depth review of scholarly and practitioner works to conceptualize the domain of operations security management. Drawing upon the existing information systems security literature, the chapter classifies operations security management into 10 domains. Following, the chapter performs an empirical analysis to investigate the state-of-practice of operations security management in organizations. The findings show that the maturity level of operations security management is at the Level 3 (well-defined). The maturity levels range from Level 0 (not performed) to Level 5 (continuously improving). The results indicate that operations security processes are documented, approved, and implemented organization-wide. Backup and malware management are the most applied operations security controls, while logging, auditing, monitoring, and reviewing are the least implemented controls.


2022 ◽  
pp. 102612
Author(s):  
Miguel Calvo ◽  
Marta Beltrán

Sensors ◽  
2021 ◽  
Vol 22 (1) ◽  
pp. 238
Author(s):  
Christos Grigoriadis ◽  
Romain Laborde ◽  
Antonin Verdier ◽  
Panayiotis Kotzanikolaou

Maritime processes involve actors and systems that continuously change their underlying environment, location and threat exposure. Thus, risk mitigation requires a dynamic risk assessment process, coupled with an adaptive, event driven security enforcement mechanism, to efficiently deal with dynamically evolving risks in a cost efficient manner. In this paper, we propose an adaptive security framework that covers both situational risk assessment and situational driven security policy deployment. We extend MITIGATE, a maritime-specific risk assessment methodology, to capture situations in the risk assessment process and thus produce fine-grained and situation-specific, dynamic risk estimations. Then, we integrate DynSMAUG, a situation-driven security management system, to enforce adaptive security policies that dynamically implement security controls specific to each situation. To validate the proposed framework, we test it based on maritime cargo transfer service. We utilize various maritime specific and generic systems employed during cargo transfer, to produce dynamic risks for various situations. Our results show that the proposed framework can effectively assess dynamic risks per situation and automate the enforcement of adaptive security controls per situation. This is an important improvement in contrast to static and situation-agnostic risk assessment frameworks, where security controls always default to worst-case risks, with a consequent impact on the cost and the applicability of proper security controls.


2021 ◽  
pp. 271-289
Author(s):  
Muhammad Imran Tariq ◽  
Shahzadi Tayyaba ◽  
Emiro De-la-Hoz-Franco ◽  
Muhammad Waseem Ashraf ◽  
Dana V. Rad ◽  
...  

2021 ◽  
Vol 2089 (1) ◽  
pp. 012005
Author(s):  
Sharma Yash ◽  
Pandey Neeraj Kumar

Abstract The major challenges, which come across face recognition system, are to find the age and gender in 2D/3D image of the person specifically in cloud environment. This paperis centered on face detection with MAC (Media Access Control) and biometric technology. Face scanning along with machine’s MAC address and biometric technologies has been shown to improve security controls. Face recognition can be used to search and label users and their assigned machines for sensitive purposes. Following that, it was stored in a specific database with their unique ID. In addition, the verification process has begun by comparing the models in the database. Face scanning along with speech and biometric technologies is used to improve security controls. Face recognition system may also be set up in high security machines to improve protection by allowing only registered individuals or others users. Related strategies for determining the age and gender and 2D/3D image from a specific picture are explored, as well as several modern methods for preserving protection. In this paper, the full model is explored independently with security implemented in cloud environment. The proposed model of the paper provides the integrated security features using MAC address of machine and face recognition of the machine user.


Sign in / Sign up

Export Citation Format

Share Document