Evaluation of Cloud-Based Cyber Security System

Cloud-based cyber security systems leverage the power of cloud computing to protect digital assets from cyber threats. By utilizing remote servers and advanced algorithms, these systems provide real-time monitoring, threat detection, and incident response. They offer scalable solutions, enabling businesses to adapt to evolving threats and handle increasing data volumes. Cloud-based security systems provide benefits such as reduced infrastructure costs, continuous updates and patches, centralized management, and global threat intelligence. They protect against various attacks, including malware, phishing, DDoS, and unauthorized access. With their flexibility, reliability, and ease of deployment, cloud-based cyber security systems are becoming essential for organizations seeking robust protection in today's interconnected digital landscape. The research significance of cloud-based cyber security systems lies in their ability to address the growing complexity and scale of cyber threats in today's digital landscape. By leveraging cloud computing, these systems offer several key advantages for researchers and organizations: Scalability: Cloud-based systems can scale resources on-demand, allowing researchers to handle large volumes of data and analyze complex threat patterns effectively. Cost-efficiency: The cloud eliminates the need for extensive on-premises infrastructure, reducing costs associated with hardware, maintenance, and upgrades. Researchers can allocate resources based on their needs, optimizing cost-effectiveness. Real-time monitoring and threat detection: Cloud-based systems provide real-time monitoring of network traffic, enabling quick identification of suspicious activities and potential threats. Researchers can leverage advanced analytics and machine learning algorithms to enhance threat detection capabilities. Collaboration and knowledge sharing: Cloud platforms facilitate collaboration among researchers and organizations by enabling the sharing of threat intelligence, best practices, and research findings. Compliance and regulatory requirements: Cloud platforms often offer built-in compliance features and tools to meet regulatory requirements, assisting researchers in adhering to data protection and privacy standards. Overall, the research significance of cloud-based cyber security systems lies in their ability to provide scalable, cost-effective, and advanced security capabilities, empowering researchers to mitigate evolving cyber threats and protect sensitive data and systems effectively. We will be using Weighted Product Methodology (WPM) which is a decision-making technique that assigns weights to various criteria and ranks alternatives based on their weighted scores. It involves multiplying the ratings of each criterion by their corresponding weights and summing them up to determine the overall score. This method helps prioritize options and make informed decisions in complex situations. Taken of Operational, Technological, Organizational Recorded Electronic Delivery, Recorded Electronic Deliver, Blockchain technology, Database security, Software updates, Antivirus and antimalware The Organizational cyber security measures comes in last place, while Technological cyber security measures is ranked top and Operational measures comes in between the above two in second place. In conclusion, a cloud-based cyber security system revolutionizes the way organizations safeguard their digital assets. By utilizing remote servers, advanced algorithms, and real-time monitoring, it offers scalable and robust protection against evolving threats. With features like threat detection, data encryption, and centralized management, it ensures enhanced security, agility, and efficiency. Embracing a cloud-based approach empowers organizations to stay ahead in the ever-changing landscape of cyber security, effectively safeguarding their critical data and infrastructure

Ontology in Information Security

The past several years we have witnessed that information has become the most precious asset, while protection and security of information is becoming an ever greater challenge due to the large amount of knowledge necessary for organizations to successfully withstand external threats and attacks. This knowledge collected from the domain of information security can be formally described by security ontologies. A large number of researchers during the last decade have dealt with this issue, and in this paper we have tried to identify, analyze and systematize the relevant papers published in scientific journals indexed in selected scientific databases, in period from 2004 to 2014. This paper gives a review of literature in the field of information security ontology and identifies a total of 52 papers systematized in three groups: general security ontologies (12 papers), specific security ontologies (32 papers) and theoretical works (8 papers). The papers were of different quality and level of detail and varied from presentations of simple conceptual ideas to sophisticated frameworks based on ontology

Ontology-based context-sensitive software security knowledge management modeling

The disconcerting increase in the number of security attacks on software calls for an imminent need for including secure development practices within the software development life cycle. The software security management system has received considerable attention lately and various efforts have been made in this direction. However, security is usually only considered in the early stages of the development of software. Thus, this leads to stating other vulnerabilities from a security perspective. Moreover, despite the abundance of security knowledge available online and in books, the systems that are being developed are seldom sufficiently secure. In this paper, we have highlighted the need for including application context sensitive modeling within a case-based software security management system. Furthermore, we have taken the context-driven and ontology-based frameworks and prioritized their attributes according to their weights which were achieved by using the Fuzzy AHP methodology

The Impact of Cybersecurity and Innovation on Mobility Technology Acceptance

Not only in the mobility industry, innovative digital technologies are associated with opportunities but also pose risks in terms of cybersecurity. Consumers’ perception of a technology might thereby be impacted by their personal affinity to innovation and cybersecurity risk, affecting the attitude towards using. We developed an empirical model based on Davis’ Technology Acceptance Model (TAM) to analyze this impact in an online survey (n= 260). While both innovation and cybersecurity have an effect on attitude towards using, consumers do not perceive a direct tension between the two. Our study does thereby make both theoretical and practical contributions. On the one hand, we propose an extended TAM model that can easily be applied to further industries and digital technologies. On the other, we derive recommendations for the mobility industry, e.g., how to ease negative effects of cybersecurity risk perception, and increase customers’ attitude toward using

Multi-cloud Security Mechanisms for Smart Environments

Achieving transparency and security awareness in cloud environments is a challenging task. It is even more challenging in multi-cloud environments (where application components are distributed across multiple clouds) owing to its complexity. This complexity open doors to the introduction of threats and makes it difficult to know how the application components are performing and when remedial actions should be taken in the case of an anomaly. Nowadays, many cloud customers are becoming more interested in having a knowledge of their application status, particularly as it relates to the security of the application owing to growing cloud security concerns, which is multi-faceted in multi-cloud environments. This has necessitated the need for adequate visibility and security awareness in multi-cloud environments. However, this is threatened by non-standardization and diverse CSP platforms. This thesis presents a security evaluation framework for multi-cloud applications. It aims to facilitate transparency and security awareness in multi-cloud applications through adequate evaluation of the application components deployed across different clouds as well as the entire multi-cloud application. This will ensure that the health, internal events and performance of the multi-cloud application can be known. As a result of this, the security status and information about the multi-cloud application can be made available to application owners, cloud service providers and application users. This will increase cloud customers’ trust in using multi-clouds and ensure verification of the security status of multi-cloud components at any time desired. The security evaluation framework is based on threat identification and risk analysis, application modelling with ontology, selection of metrics and security controls, application security monitoring, security measurement, decision making and security status visualization

Secure and Trusted Execution Framework for Virtualized Workloads

In this dissertation, we have analyzed various security and trustworthy solutions for modern computing systems and proposed a framework that will provide holistic security and trust for the entire lifecycle of a virtualized workload. The framework consists of 3 novel techniques and a set of guidelines. These 3 techniques provide necessary elements for secure and trusted execution environment while the guidelines ensure that the virtualized workload remains in a secure and trusted state throughout its lifecycle. We have successfully implemented and demonstrated that the framework provides security and trust guarantees at the time of launch, any time during the execution, and during an update of the virtualized workload. Given the proliferation of virtualization from cloud servers to embedded systems, techniques presented in this dissertation can be implemented on most computing systems

Interoperabilnost uslužnog računarstva pomoću aplikacijskih programskih sučelja

Cloud computing paradigm is accepted by an increasing number of organizations due to significant financial savings. On the other hand, there are some issues that hinder cloud adoption. One of the most important problems is the vendor lock-in and lack of interoperability as its outcome. The ability to move data and application from one cloud offer to another and to use resources of multiple clouds is very important for cloud consumers.The focus of this dissertation is on the interoperability of commercial providers of platform as a service. This cloud model was chosen due to many incompatibilities among vendors and lack of the existing solutions. The main aim of the dissertation is to identify and address interoperability issues of platform as a service. Automated data migration between different providers of platform as a service is also an objective of this study.The dissertation has the following main contributions: first, the detailed ontology of resources and remote API operations of providers of platform as a service was developed. This ontology was used to semantically annotate web services that connect to providers remote APIs and define mappings between PaaS providers. A tool that uses defined semantic web services and AI planning technique to detect and try to resolve found interoperability problems was developed. The automated migration of data between providers of platform as a service is presented. Finally, a methodology for the detection of platform interoperability problems was proposed and evaluated in use cases.Zbog mogućnosti financijskih ušteda, sve veći broj poslovnih organizacija razmatra korištenje ili već koristi uslužno računarstvo. Međutim, postoje i problemi koji otežavaju primjenu ove nove paradigme. Jedan od najznačajnih problema je zaključavanje korisnika od strane pružatelja usluge i nedostatak interoperabilnosti. Za korisnike je jako važna mogućnost migracije podataka i aplikacija s jednog oblaka na drugi, te korištenje resursa od više pružatelja usluga.Fokus ove disertacije je interoperabilnost komercijalnih pružatelja platforme kao usluge. Ovaj model uslužnog računarstva je odabran zbog nekompatibilnosti različitih pružatelja usluge i nepostojanja postojećih rješenja. Glavni cilj disertacije je identifikacija i rješavanje problema interoperabilnosti platforme kao usluge. Automatizirana migracija podataka između različitih pružatelja platforme kao usluge je također jedan od ciljeva ovog istraživanja.Znanstveni doprinos ove disertacije je sljedeći: Najprije je razvijena detaljna ontologija resursa i operacija iz aplikacijskih programskih sučelja pružatelja platforme kao usluge. Spomenuta ontologija se koristi za semantičko označavanje web servisa koji pozivaju udaljene operacije aplikacijskih programskih sučelja pružatelja usluga, a sama ontologija definira i mapiranja između pružatelja platforme kao usluge. Također je razvijen alat koji otkriva i pokušava riješiti probleme interoperabilnosti korištenjem semantičkih web servisa i tehnika AI planiranja. Prikazana je i arhitektura za automatiziranu migraciju podataka između različitih pružatelja platforme kao usluge. Na kraju je predložena metodologija za otkrivanje problema interoperabilnosti koja je evaluirana pomoću slučajeva korištenja