48,505 research outputs found
An Iterative and Toolchain-Based Approach to Automate Scanning and Mapping Computer Networks
As today's organizational computer networks are ever evolving and becoming
more and more complex, finding potential vulnerabilities and conducting
security audits has become a crucial element in securing these networks. The
first step in auditing a network is reconnaissance by mapping it to get a
comprehensive overview over its structure. The growing complexity, however,
makes this task increasingly effortful, even more as mapping (instead of plain
scanning), presently, still involves a lot of manual work. Therefore, the
concept proposed in this paper automates the scanning and mapping of unknown
and non-cooperative computer networks in order to find security weaknesses or
verify access controls. It further helps to conduct audits by allowing
comparing documented with actual networks and finding unauthorized network
devices, as well as evaluating access control methods by conducting delta
scans. It uses a novel approach of augmenting data from iteratively chained
existing scanning tools with context, using genuine analytics modules to allow
assessing a network's topology instead of just generating a list of scanned
devices. It further contains a visualization model that provides a clear, lucid
topology map and a special graph for comparative analysis. The goal is to
provide maximum insight with a minimum of a priori knowledge.Comment: 7 pages, 6 figure
Security Risk Management - Approaches and Methodology
In today’s economic context, organizations are looking for ways to improve their business, to keep head of the competition and grow revenue. To stay competitive and consolidate their position on the market, the companies must use all the information they have and process their information for better support of their missions. For this reason managers have to take into consideration risks that can affect the organization and they have to minimize their impact on the organization. Risk management helps managers to better control the business practices and improve the business process.Risk Management, Security, Methodology
The Conservation Assessment: A Proposed Model for Evaluating Museum Environmental Management Needs
Provided to help museums assess environmental needs, identify problems, and implement technical solutions. Also available in Spanish
The RFID PIA – developed by industry, agreed by regulators
This chapter discusses the privacy impact assessment (PIA) framework endorsed
by the European Commission on February 11th, 2011. This PIA, the first to receive the
Commission's endorsement, was developed to deal with privacy challenges associated with
the deployment of radio frequency identification (RFID) technology, a key building block of
the Internet of Things. The goal of this chapter is to present the methodology and key
constructs of the RFID PIA Framework in more detail than was possible in the official text.
RFID operators can use this article as a support document when they conduct PIAs and need
to interpret the PIA Framework. The chapter begins with a history of why and how the PIA
Framework for RFID came about. It then proceeds with a description of the endorsed PIA
process for RFID applications and explains in detail how this process is supposed to function.
It provides examples discussed during the development of the PIA Framework. These
examples reflect the rationale behind and evolution of the text's methods and definitions. The
chapter also provides insight into the stakeholder debates and compromises that have
important implications for PIAs in general.Series: Working Papers on Information Systems, Information Business and Operation
On Properties of Policy-Based Specifications
The advent of large-scale, complex computing systems has dramatically
increased the difficulties of securing accesses to systems' resources. To
ensure confidentiality and integrity, the exploitation of access control
mechanisms has thus become a crucial issue in the design of modern computing
systems. Among the different access control approaches proposed in the last
decades, the policy-based one permits to capture, by resorting to the concept
of attribute, all systems' security-relevant information and to be, at the same
time, sufficiently flexible and expressive to represent the other approaches.
In this paper, we move a step further to understand the effectiveness of
policy-based specifications by studying how they permit to enforce traditional
security properties. To support system designers in developing and maintaining
policy-based specifications, we formalise also some relevant properties
regarding the structure of policies. By means of a case study from the banking
domain, we present real instances of such properties and outline an approach
towards their automatised verification.Comment: In Proceedings WWV 2015, arXiv:1508.0338
- …