Identifying immersive environments’ most relevant research topics: an instrument to query researchers and practitioners

This paper provides an instrument for ascertaining researchers’ perspectives on the relative relevance of technological challenges facing immersive environments in view of their adoption in learning contexts, along three dimensions: access, content production, and deployment. It described its theoretical grounding and expert-review process, from a set of previously-identified challenges and expert feedback cycles. The paper details the motivation, setup, and methods employed, as well as the issues detected in the cycles and how they were addressed while developing the instrument. As a research instrument, it aims to be employed across diverse communities of research and practice, helping direct research efforts and hence contribute to wider use of immersive environments in learning, and possibly contribute towards the development of news and more adequate systems.The work presented herein has been partially funded under the European H2020 program H2020-ICT-2015, BEACONING project, grant agreement nr. 687676.info:eu-repo/semantics/publishedVersio

Review on Security Aspects for Cloud Architecture

Cloud computing is one of the fastest growing and popular technology in the field of computing. As the concept of cloud computing was introduced in 2006. Since then large number of IT industries join the queue to develop many cloud services and put sensitive information over cloud. In fact cloud computing is no doubt the great innovation in the field of computing but at the same time also poses many challenges. Since a large number of organizations migrate their business to cloud and hence it appears as an attractive target for the malicious attack. The purpose of the paper is to review the available literature for security concerns and highlight a relationship between vulnerabilities, attacks and threats in SaaS model. A mapping is being presented to highlight the impact of vulnerabilities and attacks

Semantics for incident identification and resolution reports

In order to achieve a safe and systematic treatment of security protocols, organizations release a number of technical briefings describing how to detect and manage security incidents. A critical issue is that this document set may suffer from semantic deficiencies, mainly due to ambiguity or different granularity levels of description and analysis. An approach to face this problem is the use of semantic methodologies in order to provide better Knowledge Externalization from incident protocols management. In this article, we propose a method based on semantic techniques for both, analyzing and specifying (meta)security requirements on protocols used for solving security incidents. This would allow specialist getting better documentation on their intangible knowledge about them.Ministerio de Economía y Competitividad TIN2013-41086-

Enhancing cyber assets visibility for effective attack surface management : Cyber Asset Attack Surface Management based on Knowledge Graph

The contemporary digital landscape is filled with challenges, chief among them being the management and security of cyber assets, including the ever-growing shadow IT. The evolving nature of the technology landscape has resulted in an expansive system of solutions, making it challenging to select and deploy compatible solutions in a structured manner. This thesis explores the critical role of Cyber Asset Attack Surface Management (CAASM) technologies in managing cyber attack surfaces, focusing on the open-source CAASM tool, Starbase, by JupiterOne. It starts by underlining the importance of comprehending the cyber assets that need defending. It acknowledges the Cyber Defense Matrix as a methodical and flexible approach to understanding and addressing cyber security challenges. A comprehensive analysis of market trends and business needs validated the necessity of asset security management tools as fundamental components in firms' security journeys. CAASM has been selected as a promising solution among various tools due to its capabilities, ease of use, and seamless integration with cloud environments using APIs, addressing shadow IT challenges. A practical use case involving the integration of Starbase with GitHub was developed to demonstrate the CAASM's usability and flexibility in managing cyber assets in organizations of varying sizes. The use case enhanced the knowledge graph's aesthetics and usability using Neo4j Desktop and Neo4j Bloom, making it accessible and insightful even for non-technical users. The thesis concludes with practical guidelines in the appendices and on GitHub for reproducing the use case

Research priorities in immersive learning technology: the perspectives of the iLRN community

This paper presents the perspectives of the immersive learning research network community on the relevance of various challenges to the adoption of immersive learning technology, along three dimensions: access, content production, and deployment. Using a previously validated questionnaire, we surveyed this community of 622 researchers and practitioners during the summer of 2018, attaining 54 responses. By ranking the challenges individually and within each dimension, the results point towards higher relevance being placed on aspects that link immersive environments with learning management systems and pedagogical tasks, alongside aspects that empower non-technical users (educational actors) to produce interactive stories, objects, and characters.The work presented herein has been partially funded under the European H2020 program H2020-ICT-2015, BEACONING project, grant agreement nr. 687676.info:eu-repo/semantics/acceptedVersio

An analysis of fusing advanced malware email protection logs, malware intelligence and active directory attributes as an instrument for threat intelligence

After more than four decades email is still the most widely used electronic communication medium today. This electronic communication medium has evolved into an electronic weapon of choice for cyber criminals ranging from the novice to the elite. As cyber criminals evolve with tools, tactics and procedures, so too are technology vendors coming forward with a variety of advanced malware protection systems. However, even if an organization adopts such a system, there is still the daily challenge of interpreting the log data and understanding the type of malicious email attack, including who the target was and what the payload was. This research examines a six month data set obtained from an advanced malware email protection system from a bank in South Africa. Extensive data fusion techniques are used to provide deeper insight into the data by blending these with malware intelligence and business context. The primary data set is fused with malware intelligence to identify the different malware families associated with the samples. Active Directory attributes such as the business cluster, department and job title of users targeted by malware are also fused into the combined data. This study provides insight into malware attacks experienced in the South African financial services sector. For example, most of the malware samples identified belonged to different types of ransomware families distributed by known botnets. However, indicators of targeted attacks were observed based on particular employees targeted with exploit code and specific strains of malware. Furthermore, a short time span between newly discovered vulnerabilities and the use of malicious code to exploit such vulnerabilities through email were observed in this study. The fused data set provided the context to answer the “who”, “what”, “where” and “when”. The proposed methodology can be applied to any organization to provide insight into the malware threats identified by advanced malware email protection systems. In addition, the fused data set provides threat intelligence that could be used to strengthen the cyber defences of an organization against cyber threats