7,157 research outputs found
Comparison of recovery requirements with investigation requirements for intrusion management systems
Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2002Includes bibliographical references (leaves: 52-54)Text in English; Abstract: Turkish and Englishix, 54 leavesComputer systems resources and all data contained in the system may need to be protected against the increasing number of unauthorized access, manipulation and malicious intrusions. This thesis is concerned with intrusion management systems and specially with their investigation and recovery subsystems. The goals of these systems are to investigate intrusion attempts and recover from intrusions as fast as possible. In order to achieve these goals me should observe the fact that some of the intrusion attempts will be eventually successful should be accepted and necessary precautions should be taken.After an intrusion has taken place, the focus should be on the assessment:looking at what damage has occurred, how it happened, what changes can be made to prevent such attacks in the future. In this thesis, requirements of investigation and recovery process are determined and related guidelines developed. The similarities and differences between these guidelines are explained
Security Risk Management - Approaches and Methodology
In today’s economic context, organizations are looking for ways to improve their business, to keep head of the competition and grow revenue. To stay competitive and consolidate their position on the market, the companies must use all the information they have and process their information for better support of their missions. For this reason managers have to take into consideration risks that can affect the organization and they have to minimize their impact on the organization. Risk management helps managers to better control the business practices and improve the business process.Risk Management, Security, Methodology
UK security breach investigations report: an analysis of data compromise cases
This report, rather than relying on questionnaires and self-reporting, concerns cases that were investigated by the forensic investigation team at 7Safe. Whilst removing any inaccuracies arising from self-reporting, the authors acknowledge that the limitation of the sample size remains. It is hoped that the unbiased reporting by independent investigators has yielded interesting facts about modern security breaches. All data in this study is based on genuine completed breach investigations conducted by the compromise investigation team over the last 18 months
Blockchain implications for auditing: a systematic literature review and bibliometric analysis
Blockchain technology, smart contracts, and asset tokenization have relevant implications for the auditing environment. This paper evaluates the current stage of blockchain application in auditing, analyzing scientific publications and identifying the impact of what is already a reality and the potential effects of its improvements in audit professionals’ activities performance. The article considers the proposals and suggestions on the leading research indexed by the Scopus and Web of Science databases. We analyzed 374 papers on the topic of blockchain and provide a summary and analysis of the current state of auditing research. The bibliometric analysis was performed using the Bibliometrix R Package and the VOSviewer software. After a systematic study of abstracts and a general review of the papers to only include those directly related to our work’s objectives, we found 78 papers. The work results in a framework of potential and effective implications of blockchain technology for auditing, pointing out several new challenges in terms of skills and knowledge needed in this new reality of audit professionals
Global logistics indicators, supply chain metrics, and bilateral trade patterns
Past research into the determinants of international trade highlighted the importance of the basic spatial gravity model augmented by additional variables representing sources of friction. Studies modeled many sources of friction using various proxies, including indices based on expert judgment in some cases. This paper focuses on logistics friction and draws on a data set recently compiled by the World Bank with specific quantitative metrics of logistics performance interms of time, cost, and variability in time. It finds that the new variables that relate directly to logistics performance have a statistically significant relationship with the level of bilateral trade. It also finds that a single logistics index can capture virtually all of the explanatory power of multiple logistics indicators. The findings should spur public and private agencies that have direct or indirect power over logistics performance to focus attention on reducing sources of friction so as to improve their country's ability to compete in today's global economy. Moreover, since the logistics metrics are directly related to operational performance, countries can use these metrics to target actions to improve logistics and monitor their progress.Common Carriers Industry,Transport and Trade Logistics,Economic Theory&Research,Free Trade,Trade Policy
The Role of a Microservice Architecture on cybersecurity and operational resilience in critical systems
Critical systems are characterized by their high degree of intolerance to threats, in other words,
their high level of resilience, because depending on the context in which the system is inserted,
the slightest failure could imply significant damage, whether in economic terms, or loss of
reputation, of information, of infrastructure, of the environment, or human life. The security of
such systems is traditionally associated with legacy infrastructures and data centers that are
monolithic, which translates into increasingly high evolution and protection challenges.
In the current context of rapid transformation where the variety of threats to systems has been
consistently increasing, this dissertation aims to carry out a compatibility study of the
microservice architecture, which is denoted by its characteristics such as resilience, scalability,
modifiability and technological heterogeneity, being flexible in structural adaptations, and in
rapidly evolving and highly complex settings, making it suited for agile environments. It also
explores what response artificial intelligence, more specifically machine learning, can provide
in a context of security and monitorability when combined with a simple banking system that
adopts the microservice architecture.Os sistemas crĂticos sĂŁo caracterizados pelo seu elevado grau de intolerância Ă s ameaças, por
outras palavras, o seu alto nĂvel de resiliĂŞncia, pois dependendo do contexto onde se insere o
sistema, a mĂnima falha poderá implicar danos significativos, seja em termos econĂłmicos, de
perda de reputação, de informação, de infraestrutura, de ambiente, ou de vida humana. A
segurança informática de tais sistemas está tradicionalmente associada a infraestruturas e data
centers legacy, ou seja, de natureza monolĂtica, o que se traduz em desafios de evolução e
proteção cada vez mais elevados.
No contexto atual de rápida transformação, onde as variedades de ameaças aos sistemas têm
vindo consistentemente a aumentar, esta dissertação visa realizar um estudo de
compatibilidade da arquitetura de microserviços, que se denota pelas suas caraterĂsticas tais
como a resiliĂŞncia, escalabilidade, modificabilidade e heterogeneidade tecnolĂłgica, sendo
flexĂvel em adaptações estruturais, e em cenários de rápida evolução e elevada complexidade,
tornando-a adequada a ambientes ágeis. Explora também a resposta que a inteligência artificial,
mais concretamente, machine learning, pode dar num contexto de segurança e
monitorabilidade quando combinado com um simples sistema bancário que adota uma
arquitetura de microserviços
Blockchain for automotive: An insight towards the IPFS blockchain-based auto insurance sector
The advancing technology and industrial revolution have taken the automotive industry by storm in recent times. The auto sector’s constantly growing demand has paved the way for the automobile sector to embrace new technologies and disruptive innovations. The multi-trillion dollar, complex auto insurance sector is still stuck in the regulations of the past. Most of the customers still contact the insurance company by phone to buy new policies and process existing insurance claims. The customers still face the risk of fraudulent online brokers, as policies are mostly signed and processed on papers which often require human supervision, with a risk of error. The insurance sector faces a threat of failure due to losing and misconception of policies and information. We present a decentralized IPFS and blockchain-based framework for the auto insurance sector that regulates the activities in terms of insurance claims for automobiles and automates payments. This article also discusses how blockchain technology’s features can be useful for the decentralized autonomous vehicle’s ecosystem
Applications of Cyber Threat Intelligence (CTI) in Financial Institutions and Challenges in Its Adoption
The critical nature of financial infrastructures makes them prime targets for cybercriminal activities, underscoring the need for robust security measures. This research delves into the role of Cyber Threat Intelligence (CTI) in bolstering the security framework of financial entities and identifies key challenges that could hinder its effective implementation. CTI brings a host of advantages to the financial sector, including real-time threat awareness, which enables institutions to proactively counteract cyber-attacks. It significantly aids in the efficiency of incident response teams by providing contextual data about attacks. Moreover, CTI is instrumental in strategic planning by providing insights into emerging threats and can assist institutions in maintaining compliance with regulatory frameworks such as GDPR and CCPA. Additional applications include enhancing fraud detection capabilities through data correlation, assessing and managing vendor risks, and allocating resources to confront the most pressing cyber threats. The adoption of CTI technologies is fraught with challenges. One major issue is data overload, as the vast quantity of information generated can overwhelm institutions and lead to alert fatigue. The issue of interoperability presents another significant challenge; disparate systems within the financial sector often use different data formats, complicating seamless CTI integration. Cost constraints may also inhibit the adoption of advanced CTI tools, particularly for smaller institutions. A lack of specialized skills necessary to interpret CTI data exacerbates the problem. The effectiveness of CTI is contingent on its accuracy, and false positives and negatives can have detrimental impacts. The rapidly evolving nature of cyber threats necessitates real-time updates, another hurdle for effective CTI implementation. Furthermore, the sharing of threat intelligence among entities, often competitors, is hampered by mistrust and regulatory complications. This research aims to provide a nuanced understanding of the applicability and limitations of CTI within the financial sector, urging institutions to approach its adoption with a thorough understanding of the associated challenges
Design of an integrated airframe/propulsion control system architecture
The design of an integrated airframe/propulsion control system architecture is described. The design is based on a prevalidation methodology that uses both reliability and performance. A detailed account is given for the testing associated with a subset of the architecture and concludes with general observations of applying the methodology to the architecture
Advanced Digital Auditing
This open access book discusses the most modern approach to auditing complex digital systems and technologies. It combines proven auditing approaches, advanced programming techniques and complex application areas, and covers the latest findings on theory and practice in this rapidly developing field. Especially for those who want to learn more about novel approaches to testing complex information systems and related technologies, such as blockchain and self-learning systems, the book will be a valuable resource. It is aimed at students and practitioners who are interested in contemporary technology and managerial implications
- …