An n-sided polygonal model to calculate the impact of cyber security events

This paper presents a model to represent graphically the impact of cyber events (e.g., attacks, countermeasures) in a polygonal systems of n-sides. The approach considers information about all entities composing an information system (e.g., users, IP addresses, communication protocols, physical and logical resources, etc.). Every axis is composed of entities that contribute to the execution of the security event. Each entity has an associated weighting factor that measures its contribution using a multi-criteria methodology named CARVER. The graphical representation of cyber events is depicted as straight lines (one dimension) or polygons (two or more dimensions). Geometrical operations are used to compute the size (i.e, length, perimeter, surface area) and thus the impact of each event. As a result, it is possible to identify and compare the magnitude of cyber events. A case study with multiple security events is presented as an illustration on how the model is built and computed.Comment: 16 pages, 5 figures, 2 tables, 11th International Conference on Risks and Security of Internet and Systems, (CRiSIS 2016), Roscoff, France, September 201

Planning, Managing and Monitoring Technological Security Infrastructures

Over the past few decades many different Information Technologies (IT) policies have been introduced, including COSO, ITIL, PMBook, CMM,ISO 2700x, Six Sigma, being COBIT IT (Control Objectives for IT) the framework that encompasses all IT and Information Systems (IS) governance activities at the organization’s level. As part of the applicability of quality services certification (ISO 9001) in all IT services of a public institution, it is presented a case study aimed at planning, managing and monitoring technological security infrastructures. It followed the guidelines for the ISO 2700x family, COBIT, ITIL and other standards and conducted a survey to complement the IT process’s objectives. With regard to an action-research methodology for problem-solving (i.e., a kind of attempt to improve or investigate practice) and according to the issue under analyze, the question is put into the terms, viz. “How can the ISO 2700x, COBIT, ITIL and other guidelines help with the planning, management and monitoring of technological security infrastructures and minimize the risk management of IT and IS?”. Indeed, it may be resolved that it is possible to achieve the goals of planning, managing and monitoring a technological security infrastructure. In the future, we will use Artificial Intelligence based approaches to problem solving such as Artificial Neural Networks and Cased Based Reasoning, to evaluate this issue

Continuous Risk Management for Industrial IoT: a Methodological View

Emergent cyber-attacks and exploits targeting Operational Technologies (OT) call for a proactive risk management approach. The convergence between OT and the Internet-of-Things in industries introduces new opportunities for cyber-attacks that have the potential to disrupt time-critical and hazardous processes. This paper proposes a methodology to adapt traditional risk management standards to work in a continuous fashion. Monitoring of risk factors is based on incident and event management tools, and misbehaviour detection to address cyber-physical systems’ security gaps. Another source of information that can enhance this approach is threat intelligence. Risks are calculated using Bayesian Networks

Service Dependencies-Aware Policy Enforcement Framework Based on Hierarchical Colored Petri Net

Abstract. As computer and network security threats become more sophisticated and the number of service dependencies is increasing, optimal response decision is becoming a challenging task for security administrators. They should deploy and implement proper network security policy enforcement mechanisms in order to apply the appropriate countermeasures and defense strategy. In this paper, we propose a novel modeling framework which considers the service dependencies while identifying and selecting the appropriate Policy Enforcement Points during an intrusion response process. First, we present the security implications of the service dependencies that have been developed in the literature. Second, we give an overview of Colored Petri Nets (CPN) and Hierarchical CPN (HCPN) and its application on network security. Third, we specify our Service Dependencies-aware Policy Enforcement Framework which is based on the application of HCPN. Finally and to illustrate the advantage of our approach, we present a webmail application use case with the integration of different Policy Enforcement Points.

An automated security analysis framework and implementation for MTD techniques on cloud

Cloud service providers offer their customers with on-demand and cost-effective services, scalable computing, and network infrastructures. Enterprises migrate their services to the cloud to utilize the benefit of cloud computing such as eliminating the capital expense of their computing need. There are security vulnerabilities and threats in the cloud. Many researches have been proposed to analyze the cloud security using Graphical Security Models (GSMs) and security metrics. In addition, it has been widely researched in finding appropriate defensive strategies for the security of the cloud. Moving Target Defense (MTD) techniques can utilize the cloud elasticity features to change the attack surface and confuse attackers. Most of the previous work incorporating MTDs into the GSMs are theoretical and the performance was evaluated based on the simulation. In this paper, we realized the previous framework and designed, implemented and tested a cloud security assessment tool in a real cloud platform named UniteCloud. Our security solution can (1) monitor cloud computing in real-time, (2) automate the security modeling and analysis and visualize the GSMs using a Graphical User Interface via a web application, and (3) deploy three MTD techniques including Diversity, Redundancy, and Shuffle on the real cloud infrastructure. We analyzed the automation process using the APIs and showed the practicality and feasibility of automation of deploying all the three MTD techniques on the UniteCloud

Phenotypic expansion of CACNA1C-associated disorders to include isolated neurological manifestations

International audiencePurpose:CACNA1C encodes the alpha-1-subunit of a voltage-dependent L-type calcium channel expressed in human heart and brain. Heterozygous variants in CACNA1C have previously been reported in association with Timothy syndrome and long QT syndrome. Several case reports have suggested that CACNA1C variation may also be associated with a primarily neurological phenotype.Methods:We describe 25 individuals from 22 families with heterozygous variants in CACNA1C, who present with predominantly neurological manifestations.Results:Fourteen individuals have de novo, nontruncating variants and present variably with developmental delays, intellectual disability, autism, hypotonia, ataxia, and epilepsy. Functional studies of a subgroup of missense variants via patch clamp experiments demonstrated differential effects on channel function in vitro, including loss of function (p.Leu1408Val), neutral effect (p.Leu614Arg), and gain of function (p.Leu657Phe, p.Leu614Pro). The remaining 11 individuals from eight families have truncating variants in CACNA1C. The majority of these individuals have expressive language deficits, and half have autism.Conclusion:We expand the phenotype associated with CACNA1C variants to include neurodevelopmental abnormalities and epilepsy, in the absence of classic features of Timothy syndrome or long QT syndrome