Bibliography for computer security, integrity, and safety

A bibliography of computer security, integrity, and safety issues is given. The bibliography is divided into the following sections: recent national publications; books; journal, magazine articles, and miscellaneous reports; conferences, proceedings, and tutorials; and government documents and contractor reports

Active Cyber Defense in the Healthcare Sector

The healthcare industry is a vulnerable sector when it comes to cybercrime. To date, it continues to suffer the highest losses for twelve consecutive years (IBM, 2022). As care- providing systems depend more and more on technology, information assets become an appealing target for cyber criminals. Health data often contains sensitive and identifiable information such as full names, addresses, phone numbers, emails, Social Security Numbers, etc. All these falls under the term Personal Identifiable Information (PII) which are protected by many laws and acts with the purpose of protecting one’s privacy from harms such as identity theft and other fraudulent offenses. In addition to the privacy concern, there is also financial and reputational concerns involved. The health sector suffers frequents attacks and the number continues to grow every year. The purpose of this research thesis paper is to analyze the cyber defense technique Active Cyber Defense (ACD) in relation to the healthcare sector. It seeks to investigate the ways in which the health sector can benefit from incorporating ACD in its security strategy as well as analyzing the various security challenges that the health sector faces and how it attempts to address them. This research will be supported by research papers, government documents, reports, and articles

The InfoSec Handbook

Computer scienc

The InfoSec Handbook

Computer scienc

The theory and implementation of a secure system

Computer viruses pose a very real threat to this technological age. As our dependence on computers increases so does the incidence of computer virus infection. Like their biological counterparts, complete eradication is virtually impossible. Thus all computer viruses which have been injected into the public domain still exist. This coupled with the fact that new viruses are being discovered every day is resulting in a massive escalation of computer virus incidence. Computer viruses covertly enter the system and systematically take control, corrupt and destroy. New viruses appear each day that circumvent current means of detection, entering the most secure of systems. Anti-Virus software writers find themselves fighting a battle they cannot win: for every hole that is plugged, another leak appears. Presented in this thesis is both method and apparatus for an Anti-Virus System which provides a solution to this serious problem. It prevents the corruption, or destruction of data, by a computer virus or other hostile program, within a computer system. The Anti-Virus System explained in this thesis will guarantee system integrity and virus containment for any given system. Unlike other anti-virus techniques, security can be guaranteed, as at no point can a virus circumvent, or corrupt the action of the Anti-Virus System presented. It requires no hardware modification of the computer or the hard disk, nor software modification of the computer's operating system. Whilst being largely transparent to the user, the System guarantees total protection against the spread of current and future viruses

Virtualization and shared Infrastructure data storage for IT in Kosovo institutions

This capstone project addressed the need to strengthen the centralization and security of the electronic data from various national institutions in Kosovo. Most of the electronic data in Kosovo Institutions are separated in so many server rooms in different institutions and different locations. The Republic of Kosovo institutions have different systems of data stored in different physical spaces. Most of these data should be exchangeable in different systems and different data bases. The country lacks physical security in the current system of data security and professional staff for maintaining such data (databases, applications, and other electronic data). The budget of Kosovo is making higher and unnecessary expenditure in the field of information and technology. This project would be a good alternative in order to reduce budgetary expenditure of Kosovo ... The outcome of this project provides recommendations in order to achieve the goals of the project. The three main recommendations of the project are centralization, virtualization and business continuity

Health technology assessment in Sub-Saharan Africa : a cross-national study of Kenya and South Africa

;Bibliography: leaves 365-403.This thesis is concerned with the applications and use of health technology in Sub-Saharan Africa, and particularly in Kenya and South Africa. The focus is on technology planning, deployment, use, management and assessment in the public health sector. The objectives of the study are three-fold: (1) to investigate the problems that arise in the planning, deployment, use, management and assessment of technology in the health services of these countries; (2) to describe how these problems affect the delivery of health services; and (3) to provide suggestions, recommendations and a policy framework to alleviate the problems

ESTABLISHING BLOCKCHAIN-RELATED SECURITY CONTROLS

Blockchain technology is a secure and relatively new technology of distributed digital ledgers which is based on interlinked blocks of transactions. There is a rapid growth in the adoption of the blockchain technology in different solutions and applications and within different industries throughout the world, such as but not limited to, finance, supply chain, digital identity, energy, healthcare, real estate and government. Blockchain technology has great benefits such as decentralization, transparency, immutability and automation. Like any other emerging technology, the blockchain technology has also several risks and threats associated with its expected benefits which in turns could have a negative impact on individuals, entities and/or countries. This is mainly due to the absence of a solid governance foundation for managing and mitigating such risks and the shortage of published standards to govern the blockchain technology along with its associated applications. In line with the “Dubai blockchain Strategy 2020” and “Emirates blockchain Strategy 2021” initiatives, this thesis aims to achieve the following: first, preservation of the confidentiality, integrity and availability of information and information assets in relevance to blockchain applications and solutions implementation across entities, and second, mitigation and reduction of related information security risks and threats; through the establishment of new information security controls specifically related to the blockchain technology which have not been covered in International and National Information Security Standards which are ISO 27001:2013 Standard and UAE Information Assurance Standards by the Signals Intelligence Agency (formerly known as the National Electronic Security Authority). Finally, Risk Assessment and Risk Treatment have been performed on five blockchain use cases; to determine their involved risks with respective to security controls appropriately. The assessment/analysis results showed that the proposed security controls can mitigate relevant information security risks on the blockchain solutions and applications and consequently protect the information and information assets from unauthorized disclosure, modification, and destruction

Demystifying Internet of Things Security

Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. The IoT presents unique challenges in implementing security and Intel has both CPU and Isolated Security Engine capabilities to simplify it. This book explores the challenges to secure these devices to make them immune to different threats originating from within and outside the network. The requirements and robustness rules to protect the assets vary greatly and there is no single blanket solution approach to implement security. Demystifying Internet of Things Security provides clarity to industry professionals and provides and overview of different security solutions What You'll Learn Secure devices, immunizing them against different threats originating from inside and outside the network Gather an overview of the different security building blocks available in Intel Architecture (IA) based IoT platforms Understand the threat pyramid, secure boot, chain of trust, and the software stack leading up to defense-in-depth Who This Book Is For Strategists, developers, architects, and managers in the embedded and Internet of Things (IoT) space trying to understand and implement the security in the IoT devices/platforms

Verkon hyökkäys- ja puolustustyökalujen testausta laboratorioympäristössä

The safest way of conducting network security testing is to do it in a closed laboratory environment that is isolated from the production network, and whose network configuration can be easily modified according to needs. Such an environment was built to the Department of Pervasive Computing in the fall of 2014 as part of TUTCyberLabs. In addition to the networking hardware, computers and servers, two purchases were made: Ruge, a traffic generator, and Clarified Analyzer, a network security monitor. Open source alternatives were researched for comparison and the chosen tools were Ostinato and Security Onion respectively. A hacking lab exercise was created for Computer Network and Security course employing various tools found in Kali Linux that was installed on the computers. Different attack scenarios were designed for the traffic generators and Kali Linux, and they were then monitored on the network security monitors. Finally a comparison was made between the monitoring applications. In the traffic generator tests, both Ruge and Ostinato were capable of clogging the gigabit network found in the laboratory. Both were also able to cause packet loss in two different network setups rendering the network virtually unusable. Where Ostinato finally lost the comparison was its lack of support for stateful connections, e.g., TCP handshake. In the hacking lab exercise the students’ task was to practice penetration testing against a fictional company. Their mission was to exploit various vulnerabilities and use modules found in Metasploit to get a remote desktop connection on a Windows XP machine hidden behind a firewall, by pivoting their connection through the company’s public web server. Comparing the monitoring applications, it became clear that Clarified Analyzer is focused on providing a broad overview of one’s network, and does not provide any alerts or analysis on the traffic it sees. Security Onion on the other hand lacks the overview, but is able to provide real time alerts via Snort. Both of the applications provide means to export packet capture data to, e.g., Wireshark for further analysis. Because of the network overview it provides, Clarified Analyzer works better against denial of service attacks, whereas Security Onion excels in regard to exploits and intrusions. Thus the best result is achieved when both of these are used simultaneously to monitor one’s network