581 research outputs found

    ISMS role in the improvement of digital forensics related process in SOC's

    Full text link
    Organizations concerned about digital or computer forensics capability which establishes procedures and records to support a prosecution for computer crimes could benefit from implementing an ISO 27001: 2013-compliant (ISMS Information Security Management System). A certified ISMS adds credibility to information gathered in a digital forensics investigation; certification shows that the organization has an outsider which verifies that the correct procedures are in place and being followed. A certified ISMS is a valuable tool either when prosecuting an intruder or when a customer or other stakeholder seeks damages against the organization. SOC (Security Operation Center) as an organization or a security unit which handles a large volume of information requires a management complement, where ISMS would be a good choice. This idea will help finding solutions for problems related to digital forensics for non-cloud and cloud digital forensics, including Problems associated with the absence of standardization amongst different CSPs (Cloud service providers).Comment: 8 pages, 4 figures, 1 tabl

    Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard

    Get PDF
    Technical security metrics provide measurements in ensuring the effectiveness of technical security controls or technology devices/objects that are used in protecting the information systems. However, lack of understanding and method to develop the technical security metrics may lead to unachievable security control objectives and inefficient implementation. This paper proposes a model of technical security metrics to measure the effectiveness of network security management. The measurement is based on the security performance for (1) network security controls such as firewall, Intrusion Detection Prevention System (IDPS), switch, wireless access point and network architecture; and (2) network services such as Hypertext Transfer Protocol Secure (HTTPS) and virtual private network (VPN). The methodology used is Plan-Do-Check-Act process model. The proposed technical security metrics provide guidance for organizations in complying with requirements of ISO/IEC 27001 Information Security Management System (ISMS) standard. The proposed model should also be able to provide a comprehensive measurement and guide to use ISO/IEC 27004 ISMS Measurement standard

    Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard

    Get PDF
    Technical security metrics provide measurements in ensuring the effectiveness of technical security controls or technology devices/objects that are used in protecting the information systems. However, lack of understanding and method to develop the technical security metrics may lead to unachievable security control objectives and inefficient implementation. This paper proposes a model of technical security metrics to measure the effectiveness of network security management. The measurement is based on the security performance for (1) network security controls such as firewall, Intrusion Detection Prevention System (IDPS), switch, wireless access point and network architecture; and (2) network services such as Hypertext Transfer Protocol Secure (HTTPS) and virtual private network (VPN). The methodology used is Plan-Do-Check-Act process model. The proposed technical security metrics provide guidance for organizations in complying with requirements of ISO/IEC 27001 Information Security Management System (ISMS) standard. The proposed model should also be able to provide a comprehensive measurement and guide to use ISO/IEC 27004 ISMS Measurement standard

    Compliance with Saudi NCA-ECC based on ISO/IEC 27001

    Get PDF
    Organizations are required to implement an information security management system (ISMS) for making a central cybersecurity framework, reducing costs, treating risks, and so on. Several ISMS standards have been issued and implemented locally and internationally. In Saudi Arabia, the most widely implemented international ISMS is ISO/IEC 27001. Currently, the Saudi National Cybersecurity Authority (NCA) issued a local framework called Essential Cybersecurity Controls (NCA-ECC). Therefore, many ISO/IEC 27001 certified organizations in Saudi Arabia are trying to convert from ISO/IEC 27001 to NCA-ECC or comply with both frameworks. Nevertheless, cybersecurity experts need to know which cybersecurity controls are already implemented, based on the ISO/IEC 27001, and which are not. This paper first measures the extent to which certified ISO/IEC 27001 Saudi organizations comply with the NCA-ECC. Second, it presents a framework for complying with the required unimplemented or partially implemented NCA-ECC controls. The framework can also help organization to be in compliance with both frameworks, if required. Three ISO/IEC 27001-certified Saudi public universities are selected as samples. The data is collected by interviewing the cybersecurity officers in the selected universities. This research shows that certified ISO/IEC 27001 organizations are approximately 64% in compliance with the NCA-ECC. The presented framework can help any ISO/IEC 27001 certified Saudi organization convert from ISO/IEC 27001 to NCA-ECC in a quick and cost-effective manner by considering only NCA-ECC nonconformities

    Education Organization Baseline Control Protection and Trusted Level Security

    Get PDF
    Many education organizations have adopted for security the enterprise best practices for implementation on their campuses, while others focus on ISO Standard (or/and) the National Institution of Standards and Technology. All these adoptions are dependent on IT personal and their experiences or knowledge of the standard. On top of this is the size of the education organizations. The larger the population in an education organization, the more the problem of information and security become very clear. Thus, they have been obliged to comply with information security issues and adopt the national or international standard. The case is quite different when the population size of the education organization is smaller. In such education organizations, they use social security numbers as student ID, and issue administrative rights to faculty and lab managers – or they are not aware of the Family Educational Rights and Privacy Act (FERPA) – and release some personal information. The problem of education organization security is widely open and depends on the IT staff and their information security knowledge in addition to the education culture (education, scholarships and services) has very special characteristics other than an enterprise or comparative organization This paper is part of a research to develop an “Education Organization Baseline Control Protection and Trusted Level Security.” The research has three parts: Adopting (standards), Testing and Modifying (if needed). The baseline control criteria covers the following topics: management control, operational control, logic control, physical control and development and maintenance control. This paper is concerned with the first two controls

    Web attack risk awareness with lessons learned from high interaction honeypots

    Get PDF
    Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2009Com a evolução da web 2.0, a maioria das empresas elabora negócios através da Internet usando aplicações web. Estas aplicações detêm dados importantes com requisitos cruciais como confidencialidade, integridade e disponibilidade. A perda destas propriedades influencia directamente o negócio colocando-o em risco. A percepção de risco providencia o necessário conhecimento de modo a agir para a sua mitigação. Nesta tese foi concretizada uma colecção de honeypots web de alta interacção utilizando diversas aplicações e sistemas operativos para analisar o comportamento do atacante. A utilização de ambientes de virtualização assim como ferramentas de monitorização de honeypots amplamente utilizadas providencia a informação forense necessária para ajudar a comunidade de investigação no estudo do modus operandi do atacante, armazenando os últimos exploits e ferramentas maliciosas, e a desenvolver as necessárias medidas de protecção que lidam com a maioria das técnicas de ataque. Utilizando a informação detalhada de ataque obtida com os honeypots web, o comportamento do atacante é classificado entre diferentes perfis de ataque para poderem ser analisadas as medidas de mitigação de risco que lidam com as perdas de negócio. Diferentes frameworks de segurança são analisadas para avaliar os benefícios que os conceitos básicos de segurança dos honeypots podem trazer na resposta aos requisitos de cada uma e a consequente mitigação de risco.With the evolution of web 2.0, the majority of enterprises deploy their business over the Internet using web applications. These applications carry important data with crucial requirements such as confidentiality, integrity and availability. The loss of those properties influences directly the business putting it at risk. Risk awareness provides the necessary know-how on how to act to achieve its mitigation. In this thesis a collection of high interaction web honeypots is deployed using multiple applications and diverse operating systems in order to analyse the attacker behaviour. The use of virtualization environments along with widely used honeypot monitoring tools provide the necessary forensic information that helps the research community to study the modus operandi of the attacker gathering the latest exploits and malicious tools and to develop adequate safeguards that deal with the majority of attacking techniques. Using the detailed attacking information gathered with the web honeypots, the attacking behaviour will be classified across different attacking profiles to analyse the necessary risk mitigation safeguards to deal with business losses. Different security frameworks commonly used by enterprises are analysed to evaluate the benefits of the honeypots security concepts in responding to each framework’s requirements and consequently mitigating the risk

    Cyber Insurance: recent advances, good practices & challenges

    Get PDF
    The aim of this ENISA report is to raise awareness for the most impact to market advances, by shortly identifying the most significant cyber insurance developments for the past four years – during 2012 to 2016 – and to capture the good practices and challenges during the early stages of the cyber insurance lifecycle, i.e. before an actual policy is signed, laying the ground for future work in the area
    corecore