Monitoring and Improving Managed Security Services inside a Security Operation Center

Nowadays, small to medium sized companies, which usually cannot afford hiring dedicated security experts, are interested in benefiting from Managed Security Services (MSS) provided by third party Security Operation Centers (SOC) to tackle network-wide threats. Accordingly, the performance of the SOC is becoming more and more important to the service providers in order to optimize their resources and compete in the global market. Security specialists in a SOC, called analysts, have an important role to analyze suspicious machine-generated alerts to see whether they are real attacks. How to monitor and improve the performance of analysts inside a SOC is a critical issue that most service providers need to address. In this paper, by observing workflows of a real-world SOC, a tool consisting of three different modules is designed for monitoring analysts' activities, analysis performance measurement, and performing simulation scenarios. The tool empowers managers to evaluate the SOC's performance which helps them to conform to Service-Level Agreement (SLA) regarding required response time to security incidents, and see the need for improvement. Moreover, the designed tool is strengthened by a background service module to provide feedback about anomalies or informative issues for security analysts in the SOC. Three case studies have been conducted based on real data collected from the operational SOC, and simulation results have demonstrated the effectiveness of the different modules of the designed tool in improving the SOC performance

Security aspects in cloud based condition monitoring of machine tools

In the modern competitive environments companies must have rapid production systems that are able to deliver parts that satisfy highest quality standards. Companies have also an increased need for advanced machines equipped with the latest technologies in maintenance to avoid any reduction or interruption of production. Eminent therefore is the need to monitor the health status of the manufacturing equipment in real time and thus try to develop diagnostic technologies for machine tools. This paper lays the foundation for the creation of a safe remote monitoring system for machine tools using a Cloud environment for communication between the customer and the maintenance service company. Cloud technology provides a convenient means for accessing maintenance data anywhere in the world accessible through simple devices such as PC, tablets or smartphones. In this context the safety aspects of a Cloud system for remote monitoring of machine tools becomes crucial and is, thus the focus of this pape

Data as a Service (DaaS) for sharing and processing of large data collections in the cloud

Data as a Service (DaaS) is among the latest kind of services being investigated in the Cloud computing community. The main aim of DaaS is to overcome limitations of state-of-the-art approaches in data technologies, according to which data is stored and accessed from repositories whose location is known and is relevant for sharing and processing. Besides limitations for the data sharing, current approaches also do not achieve to fully separate/decouple software services from data and thus impose limitations in inter-operability. In this paper we propose a DaaS approach for intelligent sharing and processing of large data collections with the aim of abstracting the data location (by making it relevant to the needs of sharing and accessing) and to fully decouple the data and its processing. The aim of our approach is to build a Cloud computing platform, offering DaaS to support large communities of users that need to share, access, and process the data for collectively building knowledge from data. We exemplify the approach from large data collections from health and biology domains.Peer ReviewedPostprint (author's final draft

Prison Bed Profiteers: How Corporations Are Reshaping Criminal Justice in the U.S.

Examines concerns with the role and performance of private prisons, including reports of abuse and neglect, low pay and limited training for staff, poor government oversight, and lack of cost savings and community economic benefit. Makes recommendations

Security and Privacy Issues in Cloud Computing

Cloud computing transforming the way of information technology (IT) for consuming and managing, promising improving cost efficiencies, accelerate innovations, faster time-to-market and the ability to scale applications on demand (Leighton, 2009). According to Gartner, while the hype grew ex-ponentially during 2008 and continued since, it is clear that there is a major shift towards the cloud computing model and that the benefits may be substantial (Gartner Hype-Cycle, 2012). However, as the shape of the cloud computing is emerging and developing rapidly both conceptually and in reality, the legal/contractual, economic, service quality, interoperability, security and privacy issues still pose significant challenges. In this chapter, we describe various service and deployment models of cloud computing and identify major challenges. In particular, we discuss three critical challenges: regulatory, security and privacy issues in cloud computing. Some solutions to mitigate these challenges are also proposed along with a brief presentation on the future trends in cloud computing deployment

Ensuring patients privacy in a cryptographic-based-electronic health records using bio-cryptography

Several recent works have proposed and implemented cryptography as a means to preserve privacy and security of patients health data. Nevertheless, the weakest point of electronic health record (EHR) systems that relied on these cryptographic schemes is key management. Thus, this paper presents the development of privacy and security system for cryptography-based-EHR by taking advantage of the uniqueness of fingerprint and iris characteristic features to secure cryptographic keys in a bio-cryptography framework. The results of the system evaluation showed significant improvements in terms of time efficiency of this approach to cryptographic-based-EHR. Both the fuzzy vault and fuzzy commitment demonstrated false acceptance rate (FAR) of 0%, which reduces the likelihood of imposters gaining successful access to the keys protecting patients protected health information. This result also justifies the feasibility of implementing fuzzy key binding scheme in real applications, especially fuzzy vault which demonstrated a better performance during key reconstruction