Attacks on IT Systems

Attacks on IT systems are deliberate acts with the determined aim of destroying, damaging or misusing a company’s IT systems. This type of risk is growing significantly in the last years. Today it must be assumed that the greatest dangers for IT systems no longer emanate from individuals, but rather from mafia-like structured, organised crime. Knowing categories of motives and attributes of actors can support the discovery, investigation and persecution of attacks and malicious activities. The categories make it easier to develop preventive and reactive policies and measures to mitigate the risks of computer crime.

Risk Assessment and Real Time Vulnerability Identification in IT Environments

Contrary to static models of risk analysis, the authors propose a pro-active framework for identifying vulnerabilities and assessing risk in real-time. Instead of searching for vulnerabilities from an external point of view, where the information is obtained by simply exploring a digital asset (computational system composed of hardware and software), the authors propose that software agents (sensors) capable of providing application, configuration and location information be incorporated into assets. Any observed changes, such as physical location, software update or installation, hardware modifications, changes in security policy and others, will be immediately reported by the agent, in a pro-active manner, to a central repository. It is possible to assess risk in a certain environment comparing databases of rules and known vulnerabilities with information about each asset, collected by the sensors and stored in the central repository.

Applying Continuous Authentication to Protect Electronic Transactions

In this sense, this chapter explores some possibilities for continuous authentication use to increase electronic transactions security and addresses issues such: Trust in electronic communications systems, conventional authentication models, continuous authentication concepts and biometrics.

Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for Real E-Mail Traffic

Even if new interaction paradigms, such as the Voice over IP (VoIP), are becoming popular and widely adopted, the e-mail is still one of the most utilized ways to communicate across the Internet. However, many malicious threats are conveyed via e-mails. Usually, the authors can exploit two different approaches: i) analyzing the logs produced by e-mail servers or ii) reconstruct the e-mail flows by capturing data directly from the network by placing ad-hoc probes. In this vein, this Chapter discusses the analysis, development and deployment of statistical detection techniques aimed at the detection of Internet worms. For what concerns i), they introduce a tool called Log Mail Analyzer (LMA), which allows to overcome the complexity of inspecting multiple logs created from a heterogeneous population of mail servers. In the perspective of ii) they briefly discuss an alternative solution, based on ad-hoc network probes, to be properly placed to collect traffic and then reconstruct the e-mail flow to be monitored. Lastly, the authors introduce a threshold mechanism, based on a simple statistical framework, to automatically detect and identify different worm activities.

Regulatory and Policy Compliance with Regard to Identity Theft Prevention, Detection, and Response

The proliferation of the Internet has intensified the identity theft crisis. Recent surveys indicate staggering losses amounting to almost $50 billion incurred due to almost 9 million cases of identity theft losses. These startling and apparently persistent statistics have prompted the United States and other foreign governments to initiate strategic plans and to enact several regulations in order to curb the crisis. This chapter surveys national and international laws pertaining to identity theft. Further, it discusses regulatory and policy compliance in the field of information security as it relates to identity theft prevention, detection, and response policies or procedures. In order to comply with recently enacted security-focused legislations and to protect the private information of customers or other third-party members, it is important that institutions of all types establish appropriate policies and procedures for dealing with sensitive information.

Challenges to Managing Privacy Impact Assessment of Personally Identifiable Data

The challenges organisations face in managing privacy risks are numerous, and inherently diverse. Traditionally, organisations focused on addressing business and security requirements of a project, but most recently, privacy impact assessment has become an essential part of the risk management regime for most projects. Significant efforts are now directed toward providing appropriate guidance on how to conduct privacy impact assessments. Appropriate assessments of privacy invasive technologies, justification for project, collection and handling of personally identifiable data and compliance to privacy legislations possess enormous challenges to carrying out appropriate privacy impact assessments. In this chapter, guidance on how to assess privacy risks of both new and in-service projects is provided. Further, lessons learned from managing privacy risks of new and in-service projects resulting from aggregation, collection, sharing, handling and transportation of personally identifiable information are discussed.

Firewall

Firewall is a critical technology in protecting enterprise network systems and individual hosts. Firewalls can be implemented through a specific software application or as a dedicated appliance. Depending on the security policies in an organization, several firewall implementation architectures are available, each with its advantages and disadvantages. Therefore, a thorough understanding of firewall technology, its features and limitations, and implementation considerations is very important in the design and implementation of effective firewall architecture in an organization. This chapter covers the life cycle of firewall design, selection, and implementation.

Forensics Challenges for Mobile Phone Security

First, the author reviews the currently used guidelines and procedures in digital forensic investigations, and then presents their current adaptations to mobile phone forensics, including criteria for the selection of forensics tool for mobile phone. Due to the world popularity of GSM phones, a detailed description of the SIM file system is presented. The forensic strength and weaknesses of the classes of physical and logical forensic tools are discussed .Current approaches to overcome the impediments of both classes are reviewed in terms of usability and forensic soundness. Then, the newest challenge to the digital forensic community, anti-forensics (AF) is raised, including the risks faced by mobile phone forensics investigation. Finally, the author addresses the issue of current research as well as trends on mobile phone forensics.

Combining Security and Privacy in Requirements Engineering

Security requirements engineering identifies security risks in software in the early stages of the development cycle. In this chapter, the authors present a security requirements approach dubbed SQUARE. They integrate privacy requirements into SQUARE to identify privacy risks in addition to security risks. They present a privacy elicitation technique and then combine security risk assessment techniques with privacy risk assessment techniques.

Audio Visual System for Large Scale People Authentication and Recognition over Internet Protocol (IP)

Biometrics is a promising and viable solution to enhance information security systems compared to passwords. However, there are still several issues regarding large-scale deployment of biometrics in real-world situations that need to be resolved before biometrics can be incorporated together. One of these issues is the occurrence of high training time while enrolling a large amount of people into the system. Hence, in this chapter, the authors present the training architecture for an audio visual system for large scale people recognition over internet protocol. In the proposed architecture, a selection criteria divider unit is used to decompose the large scale people or population into smaller groups whereby each group is trained subsequently. As the input dimensions of each group is reduced compared to the original data size, the proposed structure greatly reduces the overall training time required. To combine the scores from all groups, a two-level fusion based on weighted sum rule and max rule is also proposed in this chapter. The implementation results of the proposed system show a great reduction in training time compared to a similar system trained by conventional means without any compromise on the performance of the system. In addition to the proposal of a scalable training architecture for large-scale people recognition based on audio visual data, a literature review of available audio visual speaker recognition systems and large-scale population training architectures are also presented in this chapter.