An Analysis of and Perspective on the Information Security Maturity Model: a case study of a Public and a Private Sector Company

Information Security (IS) is a concept that is related to protecting a set of data in order to preserve the value it has for an individual or an organization. A review of the literature shows there are four main aspects related to IS: confidentiality, integrity, availability and non-repudiation. Based on these four aspects, a new framework is put forward for analyzing the information security maturity model (ISMM) in an organization, assuming that each organization has a minimum level of information security policies in each aspect, taking into consideration the percentage of policies that this organization has from all those cited in our model. At the end, a case study was conducted in order to analyze the ISMM of a public and private sector company

Scan Attacks and Countermeasures in Presence of Scan Response Compactors

International audienceThe conflict between security and testability is still a concern of hardware designers. While secure devices must protect confidential information from unauthorized users, quality testing of these devices requires the controllability and observability of a substantial quantity of embedded information, and thus may jeopardize the data confidentiality. Several attacks using the test infrastructures (and in particular scan chains) have been described. More recently it has been shown how test response compaction structures provide a natural counter-measure against this type of attack. However, in this paper, we show that even in the presence of response compactors the scan-based attack is still possible and it requires low complexity computation. We then give some perspectives concerning the techniques that can be used to increase the scan-based attack complexity without affecting the testability of the device