Auditoría de los sistemas y la seguridad en entornos mixtos : (Linux - Windows)

Los sistemas de información son ya activos estratégicos para cualquier organización, y la ventaja actual reside en el gran número de alternativas para las organizaciones en cuanto a tecnologías de la información. Nos encontramos con entornos cada vez más heterogéneos y modelos más flexibles, con los que se intenta alcanzar una ventaja competitiva a todos los niveles, y donde es fundamental el uso de ciertos protocolos y estándares tecnológicos. Para minimizar los riesgos y amenazas asociadas al uso de las tecnologías de la información, es necesario llevar a cabo una buena gestión de la seguridad de la información, destacando el control de accesos a los recursos y la gestión de las identidades. En esta gestión eficaz es importante la revisión y evaluación periódica de la seguridad, a través de la puesta en práctica de auditorías de sistemas y de seguridad. Existen diferentes marcos de referencias y estándares, que sirven como guías para las empresas que buscan la eficacia y eficiencia en las tareas de gestión de los activos de información. Entre estos estándares destacan por su grado de aceptación a nivel internacional COBIT e ISO/IEC 27002. El presente proyecto trata de ofrecer una guía de buenas prácticas sencilla y asequible para cualquier tipo de organización, haciendo hincapié en la seguridad centrada en el control de accesos lógico y gestión de identidades. En el proceso de definición de este tipo de guías es importante hacer una revisión de las tecnologías disponibles en el entorno, que en este caso trata de aquellos donde conviven sistemas Windows y Linux.Information Systems are now strategic assets to any organization, and the current advantage consists in the large number of information technologies alternatives for enterprises. We run into more and more flexible models and heterogeneous environments, in attempts to achieve a competitive advantage at all business levels, and using technology standards and protocols is a major factor. It is mandatory to reduce information technology associate risks and threats. This is achieved with information security management, where resources access control and identity management are noteworthy issues. For the efficient management it is important to develop regular checks and continuous assessments too, across of running security and system audits. There are several frameworks and standards for the previous purpose, and these standards are good for enterprises that see the efficience in information assets managment as one of their principal objectives. From among these standards we can emphasize COBIT and ISO/IEC 27002, because of their international degree of acceptance. This Project aims to provide a simple good practices guide for any kind of organization, focused on information security, with logic access control and identity management as a key factors. In this guide definition process it is important to review the technologies availables in the environment too, which in this case are limited by Windows and Linux systemsIngeniería Técnica en Informática de Gestió

Cyber threat intelligence sharing: Survey and research directions

Cyber Threat Intelligence (CTI) sharing has become a novel weapon in the arsenal of cyber defenders to proactively mitigate increasing cyber attacks. Automating the process of CTI sharing, and even the basic consumption, has raised new challenges for researchers and practitioners. This extensive literature survey explores the current state-of-the-art and approaches different problem areas of interest pertaining to the larger field of sharing cyber threat intelligence. The motivation for this research stems from the recent emergence of sharing cyber threat intelligence and the involved challenges of automating its processes. This work comprises a considerable amount of articles from academic and gray literature, and focuses on technical and non-technical challenges. Moreover, the findings reveal which topics were widely discussed, and hence considered relevant by the authors and cyber threat intelligence sharing communities

Simulation Results to Analyse the Benefits of Information Sharing - Dataset

This is a data set used to obtain the results described in the paper "Shall We Collaborate? A Model to Analyse the Benefits of Information Sharing" published in the proceedings of the 3rd Workshop on Information Sharing and Collaborative Security (WISCS 2016), Vienna, Austria, 2016

Simulation Results to Analyse the Benefits of Information Sharing - Dataset

<p>This is a data set used to obtain the results described in the paper "Shall We Collaborate? A Model to Analyse the Benefits of Information Sharing" published in the proceedings of the 3rd Workshop on Information Sharing and Collaborative Security (WISCS 2016), Vienna, Austria, 2016.</p