Network Security Intelligence Centres for Information Security Incident Management

Programme: 6598 - Ph.D. on the Basis of Prior Published Works in Cyber SecurityIntensive IT development has led to qualitative changes in our living, which are driving current information security (IS) trends and require sophisticated structures and adequate approached to manage IS for different businesses. The wide range of threats is constantly growing in modern intranets; they have become not only numerous and diverse but more disruptive. In such circumstances, organizations realize that IS incidents’ timely detection and prevention in the future (what is more important) are not only possible but imperative. Any delay and only reactive actions to IS incidents put their assets under risk. A properly designed IS incident management system (ISIMS), operating as an integral part of the whole organization’s governance system, reduces IS incidents’ number and limits damage caused by them. To maximally automate IS incident management (ISIM) within one organization and to deepen its knowledge of IS level, this research proposes to unite together all advantages of a Security Intelligence Centre (SIC) and a Network Operations Centre (NOC) with their unique and joint toolkits and techniques in a unified Network SIC (NSIC). For this purpose the glossary of the research area was introduced, the taxonomy of IS threats, vulnerabilities, network attacks, and incidents was determined. Further, IS monitoring as one of the ISIM processes was described, the Security Information and Event Management (SIEM) systems’ role in it and their evolution were shown. The transition from Security Operations Centres (SOCs) to SICs was followed up. At least, modern network environment’s requirements for new protection solutions were formulated and it was proven that the NSIC proposed as a combination of a SIC and a NOC fully meets them. The NSIC’s zone security infrastructure with corresponding IS controls is proposed. Its implementation description at the Moscow Engineering Physics Institute concludes the research at this stage. In addition, some proposals for the training of highly qualified personnel for NSICs were formulated. The creation of an innovative NSIC concept, its interpretation, construction and initial implementation through original research presented are its main results. They contribute substantially to the modern networks’ security, as they extend the forefront of the SOCs and SICc used nowadays and generate significant new knowledge and understanding of network security requirements and solutions

On Experience of Using Distance Learning Technologies for Teaching Cryptology

Part 3: Tools and Applications for TeachingInternational audienceThe necessity of using Distance Learning (DL) for teaching cryptology is analyzed. The modern features of applying different DL approaches to solve this task are extracted. The NRNU MEPhI’s experience in creating mass-oriented DL project called Cryptowiki.net is described; its structure and assignments implemented by the students of cryptologic courses are shown. The related works are presented. Cryptowiki.net’s difference from the analogs is stressed out. The main findings of the research are formulated in conclusion

Educational and Laboratory System for Studying Man-in-the-Middle Attacks and Ways to Protect against Them

For the implementation of the Master’s program “Business Continuity and Information Security Maintenance” in the field of specialty 10.04.01 “Information Security”, a software shell of the educational laboratory complex (ELC) designed to study the “Man in the middle” network attacks has been developed in the NRNU MEPhI. In the framework of the ELC four basic attacks of this type are modeled: UDP Hijacking, Session Hijacking, TCP Hijacking and Bucket brigade attack. The paper presents two ELC applications: the instructor’s application and the student’s application. To assess the students’ knowledge after performing laboratory work, the “Testing” module for assessing progress testing has been created, which includes questions for testing using the ELC software shell. Methodical instructions on performance of laboratory work have been written. Within the framework of the “Protected Information Systems” discipline of the Information Security of Banking Systems Department of the NNIU MEPhI, implementing the above-mentioned Mastre’s program, a successful approbation of the developed ELC has been carried out. In conclusion the ways to further improvement of the ELC are suggested

Issues of Practical Application of Blockchain Technology

Since the advent of the Internet, the blockchain technology (BT) has been recognized as one of the most explosive innovations of the early 21st century, capable of changing both financial and non-financial applications. The paper presents various interpretations of the blockchain, illustrates the process of inclusion of a new block into it, briefly discusses the issues of standardization of this new technology by organizations such as ISO and NIST, as well as introduces the basic BT notion for a transaction. The main task of this article is to give a generalized idea of the composition and structure of blocks of the blockchain, taking into account the identifier and the hash connecting each new block with its predecessor. It also provides an example of accounting and saving in a holistic and chronological form transactions in the blockchain for the case of its use in managing information security incidents in computer networks. The presented results can be extended to any subject area in which it is possible and reasonable to create a blockchain. In conclusion, the directions of subsequent research in this area are determined

Information Security Operations Centers

At present information security (IS) incidents have become not only more numerous and diverse but also more damaging and disruptive. Preventive controls based on the IS risk assessment results decrease the majority but not all the IS incidents. Therefore, an IS incident management system is necessary for rapidly detecting IS incidents, minimizing loss and destruction, mitigating the vulnerabilities that were exploited and restoring organization’s IT infrastructure (ITI), including its IT services. These systems can be implemented on the basis of a Security Operations Center (SOC). Based on the related works a survey of the existing SOCs, their mission and main functions is given. The SOCs’ classification as well as the key indicators of IS incidents in II are proposed. Some serious first-generation SOCs’ limitations are defined. This analysis leads to the main area of further research launched by the author

Developing Hands-On Laboratory Works for the “Information Security Incident Management” Discipline

Part 1: Information Security Learning TechniquesInternational audienceThe paper presents our recent experience in developing the hands-on laboratory works for the “Business Continuity and Information Security Maintenance” Master’s Degree programme in the framework of the NRNU MEPhI’s “Network Security Intelligence” Educational and Research Center (NSIC). These labs are designed for the “Information Security Incident Management” discipline to provide training on information security (IS) incident practical and actionable response, in particular its investigation on the basis of computer forensic approaches and specialized tools being used for these purposes. The main areas of further improvement of these labs conclude the paper

Blockchain and Its Security: Ignore or Insert into Academic Training?

Part 3: Applications and CryptographyInternational audienceAt present, the blockchain technologies (BCT) cause a serious burst of interest of young people in the first place. Not to meet the rising demand and not to pay attention to the BCT during the training means not to be modern. Any educational institution, which doesn’t offer courses in the BCT, is going to be left behind as a non-competitive. The paper analyzes a state of the current training in the BCT worldwide, paying special attention to security issues. It also lists standards and books, which can support this training. On these bases, the desired competencies after mastering a full-time BCT course and an exemplary structure of this course are proposed

Information Security and Expert's Knowledge Autoformalization

AbstractTo implement the proposed Information Security (IS) Maintenance Concept, the IS experts’ knowledge autoformalization algorithm was created as the problems of IS assessment and protection level prediction are based mainly on the experts’ informal professional knowledge

Network Security Monitoring on the basis of Switches

Perspective and cost-effective approach to monitoring information security (IS) in a networked environment within the organization in the framework of its IS management, based on the use of the specialized tools network security monitoring switches is considered

Survey of Big Data Information Security

Today the information security (IS) of data mining is the crucial and comprehensive issue for organizations of the different spheres and size. The main challenges of Big Data are management of large amounts of heterogeneous information and providing its availability. Big Data protection against unauthorized access and corruption (keeping its confidentiality and integrity) and availability maintenance form the key research priorities in this field. The issues related to providing these Big Data features are considered in the paper. The existing approaches to their solution are analyzed. Also some concepts for their improvement while designing the secure Big Data mining algorithm are formulated in accordance to IS properties