238,694 research outputs found
Design and Development of Widgets for a Corporate Security Application
Aquest projecte es lliura com a Treball Final del Grau d'Enginyeria InformĂ tica de la Facultat d'InformĂ tica de Barcelona. L'objectiu Ă©s posar en prĂ ctica els coneixements adquirits durant l'especialitat d'enginyeria del Software. El projecte consisteix a dissenyar i desenvolupar widgets per a una aplicaciĂł mĂłvil corporativa de seguretat que permet als usuaris interaccionar amb una de les funcionalitats principals de la aplicaciĂł, sempre mantenint la perspectiva de la seguretat i la usabilitat.This project is delivered as the Bachelor Thesis of the Informatics Engineering Degree of the Barcelona Faculty of Computer Science. The objective is to put into practice the knowledge acquired during the Software engineering specialty. The project consists of designing and developing widgets for a corporate security mobile application that allows users to interact with one of the main functionalities of the application, always maintaining the perspective of security and usability
Security and computer forensics in web engineering education
The integration of security and forensics into Web Engineering curricula is imperative! Poor security in web-based applications is continuing to cost organizations millions and the losses are still increasing annually. Security is frequently taught as a stand-alone course, assuming that security can be 'bolted on' to a web application at some point. Security issues must be integrated into Web Engineering processes right from the beginning to create secure solutions and therefore security should be an integral part of a Web Engineering curriculum. One aspect of Computer forensics investigates failures in security. Hence, students should be aware of the issues in forensics and how to respond when security failures occur; collecting evidence is particularly difficult for Web-based applications
Risk and Business Goal Based Security Requirement and Countermeasure Prioritization
Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justifications are needed to operate securely and effectively in networked businesses. In this paper, we first compare a Risk-Based Requirements Prioritization method (RiskREP) with some requirements engineering and risk assessment methods based on their requirements elicitation and prioritization properties. RiskREP extends misuse case-based requirements engineering methods with IT architecture-based risk assessment and countermeasure definition and prioritization. Then, we present how RiskREP prioritizes countermeasures by linking business goals to countermeasure specification. Prioritizing countermeasures based on business goals is especially important to provide the stakeholders with structured arguments for choosing a set of countermeasures to implement. We illustrate RiskREP and how it prioritizes the countermeasures it elicits by an application to an action case
Desktop security as a three-dimensional problem
In this paper we argue against viewing computer desktop security solely as a technical issue. Instead, we propose a perspective that combines three related dimensions: technical infrastructure, usability and user engagement. In this light, we suggest that a viable approach to desktop security should embrace these three key dimensions of the end-user context. An example desktop application is described that has been engineered to embody these dimensions in support of the desktop user
SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators
Although Cloud Computing promises to lower IT costs and increase users'
productivity in everyday life, the unattractive aspect of this new technology
is that the user no longer owns all the devices which process personal data. To
lower scepticism, the project SensorCloud investigates techniques to understand
and compensate these adoption barriers in a scenario consisting of cloud
applications that utilize sensors and actuators placed in private places. This
work provides an interdisciplinary overview of the social and technical core
research challenges for the trustworthy integration of sensor and actuator
devices with the Cloud Computing paradigm. Most importantly, these challenges
include i) ease of development, ii) security and privacy, and iii) social
dimensions of a cloud-based system which integrates into private life. When
these challenges are tackled in the development of future cloud systems, the
attractiveness of new use cases in a sensor-enabled world will considerably be
increased for users who currently do not trust the Cloud.Comment: 14 pages, 3 figures, published as technical report of the Department
of Computer Science of RWTH Aachen Universit
Cloud Migration: A Case Study of Migrating an Enterprise IT System to IaaS
This case study illustrates the potential benefits and risks associated with
the migration of an IT system in the oil & gas industry from an in-house data
center to Amazon EC2 from a broad variety of stakeholder perspectives across
the enterprise, thus transcending the typical, yet narrow, financial and
technical analysis offered by providers. Our results show that the system
infrastructure in the case study would have cost 37% less over 5 years on EC2,
and using cloud computing could have potentially eliminated 21% of the support
calls for this system. These findings seem significant enough to call for a
migration of the system to the cloud but our stakeholder impact analysis
revealed that there are significant risks associated with this. Whilst the
benefits of using the cloud are attractive, we argue that it is important that
enterprise decision-makers consider the overall organizational implications of
the changes brought about with cloud computing to avoid implementing local
optimizations at the cost of organization-wide performance.Comment: Submitted to IEEE CLOUD 201
- …