Analyzing, Implementing and Monitoring Critical Security Controls: A Case Implemented in J & B Group

The increasing sophistication of information security threats and the ever-growing body of regulation has made information security a critical function in organizations. Software companies and application vendors are unable to keep up with rapidly growing attacks and changing threat patters. The need for information security should be apparent and require substantial research, knowledge, and ability to design and implement an effective security program. Also, requires a great investment of time and resources. Many small and medium businesses may understand the importance of risk, but lack in grasping the severity of the problem and resources to identify it. A well analyzed and implemented information security program can reduce the damage caused by an attack by reducing the mean time to detect, contain and restore. The purpose of this paper is to present a systematic approach to conduct analysis by gathering data, implementing and monitoring the critical security controls. An effective information security process ensuring strong security posture to defend against cyber-attacks with minimum resources and open source software is the key to this research as it reduces the cost to implement and maintain the security operations center. The literature focuses on increasing cyber-attacks on organizations and how to prevent these attacks using technical countermeasures and non-technological side of information security. This research refers to CIS critical security controls (CSC) to classify data, systems and analyze risk using Qualitative and Quantitative data. Research data is collected from J & B Group Information technology team. Importance of security program is not only adopting best security processes and tools but also must be reviewed, updated and maintained on a regular basis. Continuous monitoring of security controls is driven with open source SIEM tool with minimum license and by establishing custom rules for generating offenses and alerts

An introduction to Cyber Peacekeeping

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Cyber is the newest domain of war, and the topic of cyber warfare is one that is receiving increasing attention. Research efforts into cyber warfare are extensive, covering a range of issues such as legality, cyber weapons and deterrence. Despite all of the research activity around cyber warfare, one aspect has been largely overlooked: the restoration of peace and security in its aftermath. In this article, we present the argument that cyber warfare will threaten civilian peace and security long after a conflict has ended, and that existing peace operations will be required to evolve in order to address this threat. We explore how existing UN peacekeeping operations could be adapted, in ways that would be both feasible and valuable towards maintaining and restoring peace in a region. We conclude that the path to cyber peacekeeping will not be easy, but that it is an evolution that must begin today so that we can be prepared for the conflicts of the future

Guerra cibernética: desafios de uma nova fronteira

The advancement of Information and Communication along with increased access to the Internet and social networks, the challenge of the digital age is to build an environment that allows the country to identify, monitor and mitigate cyber risks, boosting the development of preventive, proactive, reactive and repressive actions to any kind of threat, in order to secure and defend the interests of the country and the Brazilian society. The types of denial of service attacks, intrusion attempts and social engineering are the weapons that these cybercriminals have and the other side of this war, we have some tools and equipment that assist us in protecting the network. This work presents some attacks in the world who started the cyber age some techniques of attack and defense tools, and proposes a solution of defense to protect the critical infrastructure of the country and organizations.Com o avanço da tecnologia da informação e comunicações (TIC) aliado ao aumento de acessos à Internet e redes sociais, o grande desafio da Era Digital é a construção de um ambiente no País que permita identificar, monitorar e mitigar os riscos cibernéticos, impulsionando o desenvolvimento de ações preventivas, pró-ativas, reativas e de repressão a todo o tipo de ameaça, a fim de assegurar e defender os interesses do país e da sociedade brasileira. Os tipos de ataques de negação de serviço, as tentativas de interceptação de trafego e a engenharia social, são algumas armas que estes cibercriminosos possuem e do outro lado desta guerra, temos algumas ferramentas e equipamentos que nos auxiliam na proteção da rede. Este trabalho apresenta alguns ataques ocorridos no mundo que deram início a era cibernética, algumas técnicas de ataque e ferramentas de defesa, bem como propõe uma solução de defesa para proteger as infraestruturas críticas do País e das organizações

Cyber Humanitarian Interventions: The viability and ethics of using cyber-operations to disrupt perpetrators’ means and motivations for atrocities in the digital age

In the contemporary digital age, mass atrocity crimes are increasingly promoted and organised online. Yet, little attention has been afforded to the question of whether proactive cyberspace operations might be used for human protection purposes. Beginning with the framework of the Responsibility to Protect (R2P), this thesis asks: How might cyber-operations be used ethically to protect populations from mass atrocity crimes? To answer this question, I introduce the concept of ‘cyber humanitarian interventions’, and argue that such measures can be used to disrupt potential perpetrators’ means and motivations for atrocities. Specifically, I contend that cyber humanitarian interventions can be used to frustrate potential perpetrators’ communication channels, logistical supply chains, and funding, as well as to stymie potential perpetrators’ desire for violence via online, targeted, tailor-made campaigns based on their big data. These capabilities can be used in an ethically acceptable manner, and thus ought to be pursued prior to the resort to other more forceful measures to protect. Moreover, and perhaps more controversially, I argue that, in some circumstances, there is a qualified responsibility to deceive potential perpetrators – via online disinformation – in order to fulfil responsibilities to protect. This thesis seeks to make three key contributions. First, it contributes to extant literatures on R2P, atrocity prevention, and cyberspace by offering cyber humanitarian interventions as a hitherto neglected tool for human protection. Second, it furthers ethical debates on atrocity prevention by providing an in-depth analysis of how cyber humanitarian interventions can be deployed ethically. Third, it challenges prevailing conceptions of disinformation by arguing that that there is, in fact, a qualified responsibility to deceive potential perpetrators into not committing atrocities via online disinformation. In sum, this thesis aims to bring 21st century capabilities to bear on centuries-old crimes, and highlights cyber humanitarian interventions as a more peaceful, cost-effective, and politically palatable tool to protect vulnerable populations from mass atrocity crimes