Ataques Zero-day: Despliegue y evolución

In cybersecurity and computer science, the term “zero-day” is commonly related to troubles, threats, and hazards due to the lack of knowledge, experience, or misunderstanding. A zero-day attack is generally considered a new vulnerability with no defense; thus, the possible attack will have a highrisk probability, and a critical impact.  Unfortunately, only a few surveys on the topic are available that would help understand these threats, which are not enough to construct new solutions to detect, prevent, and mitigate them. In this paper, it is conducted a review of the zero-day attack, how to understand its real impact, and a few different accessible solutions nowadays. This study introduces a useful reference that provides researchers with knowledge to understand the current problem concerning zero- days attacks; hence they could develop solutions for facing them.En la ciberseguridad y la informática, el término "Zero-day" se relaciona comúnmente con problemas, amenazas y peligros, esto debido a la falta de conocimiento, experiencia o malentendidos relacionados. Un ataque de Zero-day se considera generalmente una nueva vulnerabilidad sin defensa; por lo tanto, el ataque consecuente tendrá una alta probabilidad de riesgo, y un impacto crítico. Lamentablemente, sólo unos pocos estudios están  disponibles  para  comprender  estas  amenazas, y no bastan para construir nuevas soluciones para detectar, prevenir y mitigar estas dificultades. En este artículo, se presenta una revisión del ataque Zero-day, enfocándose en comprender su impacto real y algunas soluciones accesibles  hoy  en  día. Este estudio presenta una referencia útil que proporciona a los investigadores conocimientos para comprender el problema actual relacionado con los ataques Zero-day. Este puede ser un punto de partida para desarrollar soluciones para combatir este problema

Ataques Zero-day: despliegue y evolución

In cybersecurity and computer science, the term “zero-day” is commonly related to troubles, threats, and hazards due to the lack of knowledge, experience, or misunderstanding. A zero-day attack is generally considered a new vulnerability with no defense; thus, the possible attack will have a highrisk probability, and a critical impact. Unfortunately, only a few surveys on the topic are available that would help understand these threats, which are not enough to construct new solutions to detect, prevent, and mitigate them. In this paper, it is conducted a review of the zero-day attack, how to understand its real impact, and a few different accessible solutions nowadays. This study introduces a useful reference that provides researchers with knowledge to understand the current problem concerning zero- days attacks; hence they could develop solutions for facing them

Information security management frameworks and strategies in higher education institutions: a systematic review

Effective information security management (ISM) practices to protect the information assets of organizations from security intrusions and attacks is imperative. In that sense, a systematic literature review of academic articles focused on ISM in higher education institutions (HEIs) is conducted. For this purpose, an empirical study was performed. Studies carried out from 2012 onward reporting results from HEIs data that perform the ISM through various means, such as a set of framework functions, implementation phases, infrastructure services, and securities to their assets, have been explored. The articles found were then analyzed following a methodological procedure consisting of a systematic mapping study with their research questions, inclusion and exclusion criteria, selection of digital libraries, and analysis of the respective search strings. A set of competencies, resources, directives, and strategies that contribute to designing and to developing an ISM framework (ISMF) for HEIs is identified based on standards such as ISO 27000, COBIT, ITIL, NIST, and EDUCAUSE. This study introduces a strategic reference that guides HEIs on the development of an ISMF and provides recommendations that should be considered for its implementation in an era of ever-evolving security threats

Information security management frameworks in higher education institutions: an overview

An overview of academic articles focused on information security management (ISM) in higher education institutions (HEIs) is presented. For this purpose, an empirical study was carried out. The articles found were then analyzed following a methodological procedure consisted of a systematic mapping study with their research questions, inclusion and exclusion criteria, selection of digital libraries, and analysis of the respective search strings. As a result, a set of information security management frameworks (ISMF) for HEIs were identified. They are based on standards such as ISO 27000, COBIT, ITIL, NIST and EDUCAUSE.Quit

Information security management frameworks and strategies in higher education institutions: a systematic review

Effective information security management (ISM) practices to protect the information assets of organizations from security intrusions and attacks is imperative. In that sense, a systematic literature review of academic articles focused on ISM in higher education institutions (HEIs) is conducted. For this purpose, an empirical study was performed. Studies carried out from 2012 onward reporting results from HEIs data that perform the ISM through various means, such as a set of framework functions, implementation phases, infrastructure services, and securities to their assets, have been explored. The articles found were then analyzed following a methodological procedure consisting of a systematic mapping study with their research questions, inclusion and exclusion criteria, selection of digital libraries, and analysis of the respective search strings. A set of competencies, resources, directives, and strategies that contribute to designing and to developing an ISM framework (ISMF) for HEIs is identified based on standards such as ISO 27000, COBIT, ITIL, NIST, and EDUCAUSE. This study introduces a strategic reference that guides HEIs on the development of an ISMF and provides recommendations that should be considered for its implementation in an era of ever-evolving security threats