2,559 research outputs found

    Enhancing systems integration by incorporating business continuity drivers

    Get PDF
    Purpose – The purpose of this paper is to present a framework for developing an integrated operating environment (IOE) within an enterprise information system by incorporating business continuity drivers. These drivers enable a business to continue with its operations even if some sort of failure or disaster occurs. Design/methodology/approach – Development and implementation of the framework are based on holistic and top-down approach. An IOE on server’s side of contemporary business computing is investigated in depth. Findings – Key disconnection points are identified, where systems integration technologies can be used to integrate platforms, protocols, data and application formats, etc. Downtime points are also identified and explained. A thorough list of main business continuity drivers (continuous computing (CC) technologies) for enhancing business continuity is identified and presented. The framework can be utilized in developing an integrated server operating environment for enhancing business continuity. Originality/value – This paper presents a comprehensive framework including exhaustive handling of enabling drivers as well as disconnection points toward CC and business continuity

    Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook

    Full text link
    Deception techniques have been widely seen as a game changer in cyber defense. In this paper, we review representative techniques in honeypots, honeytokens, and moving target defense, spanning from the late 1980s to the year 2021. Techniques from these three domains complement with each other and may be leveraged to build a holistic deception based defense. However, to the best of our knowledge, there has not been a work that provides a systematic retrospect of these three domains all together and investigates their integrated usage for orchestrated deceptions. Our paper aims to fill this gap. By utilizing a tailored cyber kill chain model which can reflect the current threat landscape and a four-layer deception stack, a two-dimensional taxonomy is developed, based on which the deception techniques are classified. The taxonomy literally answers which phases of a cyber attack campaign the techniques can disrupt and which layers of the deception stack they belong to. Cyber defenders may use the taxonomy as a reference to design an organized and comprehensive deception plan, or to prioritize deception efforts for a budget conscious solution. We also discuss two important points for achieving active and resilient cyber defense, namely deception in depth and deception lifecycle, where several notable proposals are illustrated. Finally, some outlooks on future research directions are presented, including dynamic integration of different deception techniques, quantified deception effects and deception operation cost, hardware-supported deception techniques, as well as techniques developed based on better understanding of the human element.Comment: 19 page

    CONSERVE: A framework for the selection of techniques for monitoring containers security

    Get PDF
    Context:\ua0Container-based virtualization is gaining popularity in different domains, as it supports continuous development and improves the efficiency and reliability of run-time environments.\ua0Problem:\ua0Different techniques are proposed for monitoring the security of containers. However, there are no guidelines supporting the selection of suitable techniques for the tasks at hand.\ua0Objective:\ua0We aim to support the selection and design of techniques for monitoring container-based virtualization environments.\ua0Approach: First, we review the literature and identify techniques for monitoring containerized environments. Second, we classify these techniques according to a set of categories, such as technical characteristic, applicability, effectiveness, and evaluation. We further detail the pros and cons that are associated with each of the identified techniques.\ua0Result:\ua0As a result, we present CONSERVE, a multi-dimensional decision support framework for an informed and optimal selection of a suitable set of container monitoring techniques to be implemented in different application domains.\ua0Evaluation:\ua0A mix of eighteen researchers and practitioners evaluated the ease of use, understandability, usefulness, efficiency, applicability, and completeness of the framework. The evaluation shows a high level of interest, and points out to potential benefits

    Survey of Intrusion Detection Research

    Get PDF
    The literature holds a great deal of research in the intrusion detection area. Much of this describes the design and implementation of specific intrusion detection systems. While the main focus has been the study of different detection algorithms and methods, there are a number of other issues that are of equal importance to make these systems function well in practice. I believe that the reason that the commercial market does not use many of the ideas described is that there are still too many unresolved issues. This survey focuses on presenting the different issues that must be addressed to build fully functional and practically usable intrusion detection systems (IDSs). It points out the state of the art in each area and suggests important open research issues

    Comparitive assessment of the vulnerability and resilience of 10 deltas, synthesis report

    Get PDF
    The proposed framework for delta assessment and especially the scorecards are intended to enhance awareness raising, discussion and prioritization on most relevant delta issues, in each delta but also in comparison with other deltas. This should lead to more efficient and effective (multi-sectoral) policy formulation, management design and implementation, in concrete Delta plans, pilot-projects and (research) programmes. The target groups are all stakeholders who are involved in delta management at different levels and with different interests (government, private companies, NGOs, public), and who wish to contribute to the resilience of their own delta and other deltas worldwide
    • …
    corecore