2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS) / / Institute of Electrical and Electronics Engineers |
Pubbl/distr/stampa | Piscataway : , : IEEE, , 2015 |
Descrizione fisica | 1 online resource (various pagings) : illustrations |
Disciplina | 005.74 |
Soggetto topico |
Database security
Computer security - Management Database management |
ISBN | 1-4673-8944-7 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Altri titoli varianti | 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security |
Record Nr. | UNISA-996279836103316 |
Piscataway : , : IEEE, , 2015 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. di Salerno | ||
|
2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS) / / Institute of Electrical and Electronics Engineers |
Pubbl/distr/stampa | Piscataway : , : IEEE, , 2015 |
Descrizione fisica | 1 online resource (various pagings) : illustrations |
Disciplina | 005.74 |
Soggetto topico |
Database security
Computer security - Management Database management |
ISBN | 1-4673-8944-7 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Altri titoli varianti | 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security |
Record Nr. | UNINA-9910172656503321 |
Piscataway : , : IEEE, , 2015 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
2842-2021 : IEEE Recommended Practice for Secure Multi-Party Computation / / Institute of Electrical and Electronics Engineers |
Pubbl/distr/stampa | New York, NY, USA : , : IEEE, , 2021 |
Descrizione fisica | 1 online resource (30 pages) |
Disciplina | 005.82 |
Soggetto topico |
Data encryption (Computer science)
Computer security - Management Cryptography |
ISBN | 1-5044-7986-6 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Record Nr. | UNINA-9910507107203321 |
New York, NY, USA : , : IEEE, , 2021 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
2842-2021 : IEEE Recommended Practice for Secure Multi-Party Computation / / Institute of Electrical and Electronics Engineers |
Pubbl/distr/stampa | New York, NY, USA : , : IEEE, , 2021 |
Descrizione fisica | 1 online resource (30 pages) |
Disciplina | 005.82 |
Soggetto topico |
Data encryption (Computer science)
Computer security - Management Cryptography |
ISBN | 1-5044-7986-6 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Record Nr. | UNISA-996574861003316 |
New York, NY, USA : , : IEEE, , 2021 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. di Salerno | ||
|
Advanced penetration testing for highly-secured environments |
Autore | Allen Lee (Information security specialist) |
Edizione | [Second edition /] |
Pubbl/distr/stampa | Birmingham : , : Packt Publishing, , [2016] |
Descrizione fisica | 1 online resource (428 p.) |
Collana | Community experience distilled |
Soggetto topico |
Penetration testing (Computer security)
Computer networks - Security measures Computer security - Management Computer networks |
Soggetto genere / forma | Electronic books. |
ISBN | 1-78439-202-2 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Cover; Copyright; Credits; About the Authors; About the Reviewer; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Penetration Testing Essentials; Chapter 2: Preparing a Test Environment; Chapter 3: Assessment Planning; Chapter 4: Intelligence Gathering; Chapter 5: Network Service Attacks; Chapter 6: Exploitation; Chapter 7: Web Application Attacks; Chapter 8: Exploitation Concepts; Chapter 9: Post-Exploitation; Chapter 10: Stealth Techniques; Chapter 11: Data Gathering and Reporting; Chapter 12: Penetration Testing Challenge; Index; Methodology defined; Example methodologies
Abstract methodologySummary; Introducing VMware Workstation; Installing VMware Workstation; Network design; Understanding the default architecture; Creating the switches; Putting it all together; Summary; Introducing advanced penetration testing; Before testing begins; Planning for action; Installing LibreOffice; Effectively managing your test results; Introduction to the Dradis framework; Summary; Introducing reconnaissance; DNS recon; Gathering and validating domain and IP information; Using search engines to do your job for you; Creating network baselines with scanPBNJ; Summary Web Application Attack and Audit framework (w3af)Introduction to browser plugin HackBar; Reader challenge; Summary; Buffer overflows - a refresher; 64-bit exploitation; Introducing vulnserver; Fuzzing tools included in Kali; Social Engineering Toolkit; Fast-Track; Reader challenge; Summary; Rules of Engagement; Data gathering, network analysis, and pillaging; Pivoting; Reader challenge; Summary; Lab preparation; Stealth scanning through the firewall; Now you see me, now you don't - avoiding IDS; Blending in; PfSense SSH logs; Looking at traffic patterns; Cleaning up compromised hosts Miscellaneous evasion techniquesReader challenge; Summary; Record now - sort later; Old school - the text editor method; Dradis framework for collaboration; The report; Reader challenge; Summary; Firewall lab setup; The scenario; The virtual lab setup; The challenge; The walkthrough; Reporting; Summary; Penetration testing framework; Penetration Testing Execution Standard; Pre-engagement interactions; Intelligence gathering; Threat modeling; Vulnerability analysis; Exploitation; Post exploitation; Reporting; Final thoughts; Why VMware Workstation?; VMnet0; VMnet1; VMnet8; Folders Installing Kali Linux |
Record Nr. | UNINA-9910466127703321 |
Allen Lee (Information security specialist) | ||
Birmingham : , : Packt Publishing, , [2016] | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
Advanced penetration testing for highly-secured environments |
Autore | Allen Lee (Information security specialist) |
Edizione | [Second edition /] |
Pubbl/distr/stampa | Birmingham : , : Packt Publishing, , [2016] |
Descrizione fisica | 1 online resource (428 p.) |
Collana | Community experience distilled |
Soggetto topico |
Penetration testing (Computer security)
Computer networks - Security measures Computer security - Management Computer networks |
ISBN | 1-78439-202-2 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Cover; Copyright; Credits; About the Authors; About the Reviewer; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Penetration Testing Essentials; Chapter 2: Preparing a Test Environment; Chapter 3: Assessment Planning; Chapter 4: Intelligence Gathering; Chapter 5: Network Service Attacks; Chapter 6: Exploitation; Chapter 7: Web Application Attacks; Chapter 8: Exploitation Concepts; Chapter 9: Post-Exploitation; Chapter 10: Stealth Techniques; Chapter 11: Data Gathering and Reporting; Chapter 12: Penetration Testing Challenge; Index; Methodology defined; Example methodologies
Abstract methodologySummary; Introducing VMware Workstation; Installing VMware Workstation; Network design; Understanding the default architecture; Creating the switches; Putting it all together; Summary; Introducing advanced penetration testing; Before testing begins; Planning for action; Installing LibreOffice; Effectively managing your test results; Introduction to the Dradis framework; Summary; Introducing reconnaissance; DNS recon; Gathering and validating domain and IP information; Using search engines to do your job for you; Creating network baselines with scanPBNJ; Summary Web Application Attack and Audit framework (w3af)Introduction to browser plugin HackBar; Reader challenge; Summary; Buffer overflows - a refresher; 64-bit exploitation; Introducing vulnserver; Fuzzing tools included in Kali; Social Engineering Toolkit; Fast-Track; Reader challenge; Summary; Rules of Engagement; Data gathering, network analysis, and pillaging; Pivoting; Reader challenge; Summary; Lab preparation; Stealth scanning through the firewall; Now you see me, now you don't - avoiding IDS; Blending in; PfSense SSH logs; Looking at traffic patterns; Cleaning up compromised hosts Miscellaneous evasion techniquesReader challenge; Summary; Record now - sort later; Old school - the text editor method; Dradis framework for collaboration; The report; Reader challenge; Summary; Firewall lab setup; The scenario; The virtual lab setup; The challenge; The walkthrough; Reporting; Summary; Penetration testing framework; Penetration Testing Execution Standard; Pre-engagement interactions; Intelligence gathering; Threat modeling; Vulnerability analysis; Exploitation; Post exploitation; Reporting; Final thoughts; Why VMware Workstation?; VMnet0; VMnet1; VMnet8; Folders Installing Kali Linux |
Record Nr. | UNINA-9910798229903321 |
Allen Lee (Information security specialist) | ||
Birmingham : , : Packt Publishing, , [2016] | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
Advanced penetration testing for highly-secured environments |
Autore | Allen Lee (Information security specialist) |
Edizione | [Second edition /] |
Pubbl/distr/stampa | Birmingham : , : Packt Publishing, , [2016] |
Descrizione fisica | 1 online resource (428 p.) |
Collana | Community experience distilled |
Soggetto topico |
Penetration testing (Computer security)
Computer networks - Security measures Computer security - Management Computer networks |
ISBN | 1-78439-202-2 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Cover; Copyright; Credits; About the Authors; About the Reviewer; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Penetration Testing Essentials; Chapter 2: Preparing a Test Environment; Chapter 3: Assessment Planning; Chapter 4: Intelligence Gathering; Chapter 5: Network Service Attacks; Chapter 6: Exploitation; Chapter 7: Web Application Attacks; Chapter 8: Exploitation Concepts; Chapter 9: Post-Exploitation; Chapter 10: Stealth Techniques; Chapter 11: Data Gathering and Reporting; Chapter 12: Penetration Testing Challenge; Index; Methodology defined; Example methodologies
Abstract methodologySummary; Introducing VMware Workstation; Installing VMware Workstation; Network design; Understanding the default architecture; Creating the switches; Putting it all together; Summary; Introducing advanced penetration testing; Before testing begins; Planning for action; Installing LibreOffice; Effectively managing your test results; Introduction to the Dradis framework; Summary; Introducing reconnaissance; DNS recon; Gathering and validating domain and IP information; Using search engines to do your job for you; Creating network baselines with scanPBNJ; Summary Web Application Attack and Audit framework (w3af)Introduction to browser plugin HackBar; Reader challenge; Summary; Buffer overflows - a refresher; 64-bit exploitation; Introducing vulnserver; Fuzzing tools included in Kali; Social Engineering Toolkit; Fast-Track; Reader challenge; Summary; Rules of Engagement; Data gathering, network analysis, and pillaging; Pivoting; Reader challenge; Summary; Lab preparation; Stealth scanning through the firewall; Now you see me, now you don't - avoiding IDS; Blending in; PfSense SSH logs; Looking at traffic patterns; Cleaning up compromised hosts Miscellaneous evasion techniquesReader challenge; Summary; Record now - sort later; Old school - the text editor method; Dradis framework for collaboration; The report; Reader challenge; Summary; Firewall lab setup; The scenario; The virtual lab setup; The challenge; The walkthrough; Reporting; Summary; Penetration testing framework; Penetration Testing Execution Standard; Pre-engagement interactions; Intelligence gathering; Threat modeling; Vulnerability analysis; Exploitation; Post exploitation; Reporting; Final thoughts; Why VMware Workstation?; VMnet0; VMnet1; VMnet8; Folders Installing Kali Linux |
Record Nr. | UNINA-9910813995003321 |
Allen Lee (Information security specialist) | ||
Birmingham : , : Packt Publishing, , [2016] | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
Advances in cybersecurity management / / edited by Kevin Daimi and Cathryn Peoples |
Pubbl/distr/stampa | Cham, Switzerland : , : Springer, , [2021] |
Descrizione fisica | 1 online resource (494 pages) |
Disciplina | 005.8 |
Soggetto topico |
Technical education
Computer security - Management |
ISBN | 3-030-71381-4 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Intro -- Preface -- Acknowledgments -- Contents -- About the Editors -- Part I Network and Systems Security Management -- 1 Agent-Based Modeling of Entity Behavior in Cybersecurity -- 1.1 Introduction -- 1.2 Background -- 1.2.1 Modeling of Human Behavior -- 1.2.2 Modeling of System Behavior -- 1.2.3 Agent-Based Modeling (ABM) -- 1.3 Modeling and Simulation -- 1.3.1 Implementation -- 1.3.2 Simulation Results -- 1.3.2.1 Adversary Attack Sophistication -- 1.3.2.2 Trust Level -- 1.3.2.3 Quality or Level of Training -- 1.3.2.4 Quality of Cyber Defense -- 1.3.2.5 Comparison of Slow Growth Rates -- 1.3.2.6 Comparison of Fast Growth Rates -- 1.4 Cybersecurity Management Implications -- 1.5 Limitations of the Study -- 1.6 Conclusions and Future Directions -- References -- 2 A Secure Bio-Hash-Based Multiparty Mutual Authentication Protocol for Remote Health MonitoringApplications -- 2.1 Introduction -- 2.2 Related Work -- 2.3 The Proposed Scheme for Remote Health Monitoring Applications -- 2.3.1 Registration Phase of User -- 2.3.2 Login Phase of User -- 2.3.3 Authentication and Key Agreement Phase of User and MGW -- 2.3.4 Password Change Phase of User -- 2.3.5 System Set Up Phase of Medical Gateway -- 2.3.6 Registration Phase of Sensor with Medical Gateway -- 2.3.7 Registration Phase of Personal Device with Medical Gateway -- 2.3.8 Mutual Authentication Phase of Sensor, Personal Device and Medical Gateway -- 2.4 Security Analysis of Proposed Protocols -- 2.5 Formal Analysis Using Scyther Tool -- 2.6 Scyther Results and Interpretation -- 2.7 Conclusion -- References -- 3 Cybersecurity Attacks During COVID-19: An Analysis of the Behavior of the Human Factors and a Proposal of Hardening Strategies -- 3.1 Introduction -- 3.2 Cybersecurity Attacks During COVID-19 -- 3.3 Analyzing Human Vulnerabilities for Fake News Using the Diamond Model -- 3.3.1 Adversary.
3.3.2 Capability -- 3.3.3 Infrastructure -- 3.3.4 Victim -- 3.4 Strategies Against Fake News During COVID-19 -- 3.5 Conclusions and Future Work -- References -- 4 Vehicle Network Security Metrics -- 4.1 Introduction -- 4.2 Vehicle Communication -- 4.2.1 Intra-vehicle Communication Protocols -- 4.2.2 Intervehicle Communication Protocols -- 4.3 Automotive Vehicle Network Security -- 4.3.1 Automotive Vehicle Threats and Vulnerabilities -- 4.3.2 Automotive Vehicle Security Attacks -- 4.3.3 Automotive Vehicle Attack Surfaces -- 4.4 Industry and Government Initiatives and Standards -- 4.5 Automotive Vehicle Security Metrics -- 4.5.1 Common Vulnerability Scoring System (CVSS) -- 4.5.2 Common Methodology for IT Security Evaluation (CEM) [49] -- 4.5.3 Security Metrics Visualization -- 4.6 Conclusion and Future Research Directions -- References -- 5 VizAttack: An Extensible Open-Source Visualization Framework for Cyberattacks -- 5.1 Introduction -- 5.2 Cyberattack Visualization Approaches -- 5.2.1 Cyberattack Maps and Graphs -- 5.2.2 Honeypot Data Visualization -- 5.2.3 Attack Visualization Challenges -- 5.3 VizAttack Design Principles -- 5.3.1 Design Objectives -- 5.3.2 High-Level Architectural Design -- 5.3.2.1 User Interface: Temporal Analysis -- 5.3.2.2 User Interface: Predefined Queries -- 5.3.2.3 User Interface: Customized Queries -- 5.3.2.4 User Interface: Profiling Attacks -- 5.4 VizAttack Implementation Details -- 5.4.1 VizAttack Prototype -- 5.4.2 Experimental Findings -- 5.4.3 Attack Postmortem Investigation -- 5.5 Conclusion -- References -- 6 Geographically Dispersed Supply Chains: A Strategy to Manage Cybersecurity in Industrial Networks Integration -- 6.1 Introduction -- 6.2 Challenges of Geographically-Dispersed Supply Chains -- 6.3 Critical Infrastructures -- 6.4 Vulnerabilities in Operational Technology Networks. 6.5 International Cybersecurity Regulations and Standards -- 6.6 Proposed Cybersecurity Strategy for Industrial Networks -- 6.6.1 Perimeter and Security Controls Strategies -- 6.6.1.1 Electronic Security Perimeter -- 6.6.1.2 Data Flow in Segmented Networks -- 6.6.1.3 Network and Perimeter Monitoring -- 6.6.1.4 Network Access and Authentication -- 6.6.1.5 Network Perimeter Ports and Services -- 6.6.2 Host Security Controls Strategies -- 6.6.2.1 Asset Configuration -- 6.6.2.2 Ports and Services -- 6.6.2.3 Anti-Malware -- 6.6.2.4 Authentication -- 6.6.3 Security Monitoring Controls -- 6.6.3.1 Asset Configuration and Documentation -- 6.6.3.2 Monitoring -- 6.6.3.3 Authentication -- 6.7 Discussion -- 6.8 Final Considerations -- References -- 7 The Impact of Blockchain on Cybersecurity Management -- 7.1 Introduction -- 7.2 Anonymity and Privacy -- 7.3 Reputation Management -- 7.4 Identification and Integrity -- 7.5 Availability -- 7.6 Trust Management -- 7.7 Software Development Security -- 7.8 Conclusion -- References -- 8 A Framework for Enterprise Cybersecurity Risk Management -- 8.1 Introduction -- 8.1.1 Contributions of Our Chapter -- 8.1.2 Motivation for Business IT Alignment (BITA) -- 8.2 The Evolution of Cybersecurity RM -- 8.2.1 IT-Centric Approach -- 8.2.2 IS-Centric Approach -- 8.2.3 ERM-Centric Approach -- 8.2.4 Motivation for a New Approach -- 8.3 Evaluation of Existing Frameworks -- 8.3.1 NIST Framework -- 8.3.2 COSO Framework -- 8.3.3 COBIT Framework -- 8.3.4 ISO/IEC 31000 Framework -- 8.4 The Importance of BITA in Cybersecurity RM -- 8.4.1 BITA Capabilities -- 8.5 The CHARM Framework Development -- 8.5.1 The CHARM Framework -- 8.5.2 A Case Study Application of the CHARM Framework -- 8.6 Conclusions -- References -- 9 Biometrics for Enterprise Security Risk Mitigation -- 9.1 Introduction -- 9.2 Overview -- 9.2.1 Biometrics. 9.2.2 The Process of Biometric Authentication and Accuracy Measures -- 9.2.3 Types of Biometrics -- 9.2.3.1 Fingerprints -- 9.2.3.2 Face Recognition -- 9.2.3.3 Iris Recognition -- 9.2.3.4 Other Biometrics -- 9.3 Related Works -- 9.3.1 Biometrics in Business Applications -- 9.3.1.1 Biometrics in Education -- 9.3.1.2 Biometrics for Mobile Device Security -- 9.3.1.3 Biometrics for the Healthcare Sector -- 9.3.1.4 Biometrics for the Financial Sector -- 9.3.2 Our Contribution -- 9.4 Biometrics in Enterprise Cybersecurity Risk Management -- 9.4.1 Biometrics in Multifactor Authentication Systems -- 9.5 The Technical, Financial, and Legal Challenges of Biometrics -- 9.5.1 Technical Challenges -- 9.5.1.1 Storage of Biometric Templates -- 9.5.1.2 Security Threats to a Biometric System -- 9.5.2 Legal Challenges -- 9.5.3 Financial and Usability Challenges -- 9.6 Case Studies of Enterprise Risk Mitigation via Biometrics During the COVID-19 Pandemic -- 9.6.1 The Impact of COVID-19 on Information Technology (IT) -- 9.6.1.1 Health Care -- 9.6.1.2 Academic -- 9.6.1.3 Financial -- 9.6.2 COVID-19 Impact on Information Security (IT) -- 9.6.3 Improving Security via Biometric Authentication -- 9.7 Conclusion -- 9.7.1 Future Research Opportunities -- References -- Part II Vulnerability Management -- 10 SQL Injection Attacks and Mitigation Strategies: The Latest Comprehension -- 10.1 Introduction -- 10.2 Background -- 10.2.1 Web Application Security -- 10.2.1.1 Understanding SQL Injection Attack -- 10.2.1.2 Logical Understanding of SQL Injection Attack -- 10.3 SQL Injection Attack Classification -- 10.3.1 In-Band SQL Injection Attacks -- 10.3.1.1 Union-Based SQL Injection Attack -- 10.3.1.2 Error-Based SQL Injection Attack -- 10.3.2 Inferential SQL Injection Attacks -- 10.3.2.1 Blind Boolean-Based SQL Injection Attack -- 10.3.2.2 Blind Time-Based SQL Injection Attack. 10.3.3 Out-of-Band SQL Injection Attacks -- 10.3.4 Modern SQL Injection Attacks -- 10.4 SQL Injection Mitigation Strategies -- 10.4.1 OWASP [1] Suggested Mitigation Strategies -- 10.4.1.1 Principle of Least Privilege for Web-Application Access -- 10.4.1.2 Prepared Statements with Parameterized Queries -- 10.4.1.3 Stored Procedures -- 10.4.1.4 Query Whitelisting -- 10.4.1.5 Escaping All User-Supplied Input -- 10.4.2 SQL Injection Attack Mitigation Strategies: Research Outcomes -- 10.5 Conclusions -- References -- 11 Managing Cybersecurity Events Using Service-Level Agreements (SLAs) by Profiling the People Who Attack -- 11.1 Introduction -- 11.2 Prior Arts -- 11.2.1 Profiling Attackers from a Personal Perspective for SLA Provisioning and Network Management Objectives -- 11.3 Research Proposal -- 11.3.1 SLA Service Request -- 11.3.2 SLA Management -- 11.3.3 SLA and Data Management Interventions -- 11.4 Conclusions and Further Work -- References -- 12 Recent Techniques Supporting Vulnerabilities Management for Secure Online Apps -- 12.1 Introduction -- 12.2 SQL Injection -- 12.2.1 Introduction -- 12.2.2 Exploitation Techniques -- 12.2.2.1 In-Band SQL Injection -- 12.2.2.2 Inferential SQL Injection -- 12.2.2.3 Out-of-Band SQL Injection -- 12.2.3 Causes of Vulnerability -- 12.2.4 Protection Techniques -- 12.2.4.1 Input Validation -- 12.2.4.2 Data Sanitization -- 12.2.4.3 Use of Prepared Statements -- 12.2.4.4 Limitation of Database Permission -- 12.2.4.5 Using Encryption -- 12.3 Cross-Site Scripting -- 12.3.1 Introduction -- 12.3.2 Exploitation Techniques -- 12.3.2.1 Reflected Cross-Site Scripting -- 12.3.2.2 Stored Cross-Site Scripting -- 12.3.2.3 DOM-Based Cross-Site Scripting -- 12.3.3 Causes of Vulnerability -- 12.3.4 Protection Techniques -- 12.3.4.1 Data Validation -- 12.3.4.2 Data Sanitization -- 12.3.4.3 Escaping on Output. 12.3.4.4 Use of Content Security Policy. |
Record Nr. | UNINA-9910485586703321 |
Cham, Switzerland : , : Springer, , [2021] | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
Advances in cybersecurity management / / edited by Kevin Daimi and Cathryn Peoples |
Pubbl/distr/stampa | Cham, Switzerland : , : Springer, , [2021] |
Descrizione fisica | 1 online resource (494 pages) |
Disciplina | 005.8 |
Soggetto topico |
Technical education
Computer security - Management |
ISBN | 3-030-71381-4 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Intro -- Preface -- Acknowledgments -- Contents -- About the Editors -- Part I Network and Systems Security Management -- 1 Agent-Based Modeling of Entity Behavior in Cybersecurity -- 1.1 Introduction -- 1.2 Background -- 1.2.1 Modeling of Human Behavior -- 1.2.2 Modeling of System Behavior -- 1.2.3 Agent-Based Modeling (ABM) -- 1.3 Modeling and Simulation -- 1.3.1 Implementation -- 1.3.2 Simulation Results -- 1.3.2.1 Adversary Attack Sophistication -- 1.3.2.2 Trust Level -- 1.3.2.3 Quality or Level of Training -- 1.3.2.4 Quality of Cyber Defense -- 1.3.2.5 Comparison of Slow Growth Rates -- 1.3.2.6 Comparison of Fast Growth Rates -- 1.4 Cybersecurity Management Implications -- 1.5 Limitations of the Study -- 1.6 Conclusions and Future Directions -- References -- 2 A Secure Bio-Hash-Based Multiparty Mutual Authentication Protocol for Remote Health MonitoringApplications -- 2.1 Introduction -- 2.2 Related Work -- 2.3 The Proposed Scheme for Remote Health Monitoring Applications -- 2.3.1 Registration Phase of User -- 2.3.2 Login Phase of User -- 2.3.3 Authentication and Key Agreement Phase of User and MGW -- 2.3.4 Password Change Phase of User -- 2.3.5 System Set Up Phase of Medical Gateway -- 2.3.6 Registration Phase of Sensor with Medical Gateway -- 2.3.7 Registration Phase of Personal Device with Medical Gateway -- 2.3.8 Mutual Authentication Phase of Sensor, Personal Device and Medical Gateway -- 2.4 Security Analysis of Proposed Protocols -- 2.5 Formal Analysis Using Scyther Tool -- 2.6 Scyther Results and Interpretation -- 2.7 Conclusion -- References -- 3 Cybersecurity Attacks During COVID-19: An Analysis of the Behavior of the Human Factors and a Proposal of Hardening Strategies -- 3.1 Introduction -- 3.2 Cybersecurity Attacks During COVID-19 -- 3.3 Analyzing Human Vulnerabilities for Fake News Using the Diamond Model -- 3.3.1 Adversary.
3.3.2 Capability -- 3.3.3 Infrastructure -- 3.3.4 Victim -- 3.4 Strategies Against Fake News During COVID-19 -- 3.5 Conclusions and Future Work -- References -- 4 Vehicle Network Security Metrics -- 4.1 Introduction -- 4.2 Vehicle Communication -- 4.2.1 Intra-vehicle Communication Protocols -- 4.2.2 Intervehicle Communication Protocols -- 4.3 Automotive Vehicle Network Security -- 4.3.1 Automotive Vehicle Threats and Vulnerabilities -- 4.3.2 Automotive Vehicle Security Attacks -- 4.3.3 Automotive Vehicle Attack Surfaces -- 4.4 Industry and Government Initiatives and Standards -- 4.5 Automotive Vehicle Security Metrics -- 4.5.1 Common Vulnerability Scoring System (CVSS) -- 4.5.2 Common Methodology for IT Security Evaluation (CEM) [49] -- 4.5.3 Security Metrics Visualization -- 4.6 Conclusion and Future Research Directions -- References -- 5 VizAttack: An Extensible Open-Source Visualization Framework for Cyberattacks -- 5.1 Introduction -- 5.2 Cyberattack Visualization Approaches -- 5.2.1 Cyberattack Maps and Graphs -- 5.2.2 Honeypot Data Visualization -- 5.2.3 Attack Visualization Challenges -- 5.3 VizAttack Design Principles -- 5.3.1 Design Objectives -- 5.3.2 High-Level Architectural Design -- 5.3.2.1 User Interface: Temporal Analysis -- 5.3.2.2 User Interface: Predefined Queries -- 5.3.2.3 User Interface: Customized Queries -- 5.3.2.4 User Interface: Profiling Attacks -- 5.4 VizAttack Implementation Details -- 5.4.1 VizAttack Prototype -- 5.4.2 Experimental Findings -- 5.4.3 Attack Postmortem Investigation -- 5.5 Conclusion -- References -- 6 Geographically Dispersed Supply Chains: A Strategy to Manage Cybersecurity in Industrial Networks Integration -- 6.1 Introduction -- 6.2 Challenges of Geographically-Dispersed Supply Chains -- 6.3 Critical Infrastructures -- 6.4 Vulnerabilities in Operational Technology Networks. 6.5 International Cybersecurity Regulations and Standards -- 6.6 Proposed Cybersecurity Strategy for Industrial Networks -- 6.6.1 Perimeter and Security Controls Strategies -- 6.6.1.1 Electronic Security Perimeter -- 6.6.1.2 Data Flow in Segmented Networks -- 6.6.1.3 Network and Perimeter Monitoring -- 6.6.1.4 Network Access and Authentication -- 6.6.1.5 Network Perimeter Ports and Services -- 6.6.2 Host Security Controls Strategies -- 6.6.2.1 Asset Configuration -- 6.6.2.2 Ports and Services -- 6.6.2.3 Anti-Malware -- 6.6.2.4 Authentication -- 6.6.3 Security Monitoring Controls -- 6.6.3.1 Asset Configuration and Documentation -- 6.6.3.2 Monitoring -- 6.6.3.3 Authentication -- 6.7 Discussion -- 6.8 Final Considerations -- References -- 7 The Impact of Blockchain on Cybersecurity Management -- 7.1 Introduction -- 7.2 Anonymity and Privacy -- 7.3 Reputation Management -- 7.4 Identification and Integrity -- 7.5 Availability -- 7.6 Trust Management -- 7.7 Software Development Security -- 7.8 Conclusion -- References -- 8 A Framework for Enterprise Cybersecurity Risk Management -- 8.1 Introduction -- 8.1.1 Contributions of Our Chapter -- 8.1.2 Motivation for Business IT Alignment (BITA) -- 8.2 The Evolution of Cybersecurity RM -- 8.2.1 IT-Centric Approach -- 8.2.2 IS-Centric Approach -- 8.2.3 ERM-Centric Approach -- 8.2.4 Motivation for a New Approach -- 8.3 Evaluation of Existing Frameworks -- 8.3.1 NIST Framework -- 8.3.2 COSO Framework -- 8.3.3 COBIT Framework -- 8.3.4 ISO/IEC 31000 Framework -- 8.4 The Importance of BITA in Cybersecurity RM -- 8.4.1 BITA Capabilities -- 8.5 The CHARM Framework Development -- 8.5.1 The CHARM Framework -- 8.5.2 A Case Study Application of the CHARM Framework -- 8.6 Conclusions -- References -- 9 Biometrics for Enterprise Security Risk Mitigation -- 9.1 Introduction -- 9.2 Overview -- 9.2.1 Biometrics. 9.2.2 The Process of Biometric Authentication and Accuracy Measures -- 9.2.3 Types of Biometrics -- 9.2.3.1 Fingerprints -- 9.2.3.2 Face Recognition -- 9.2.3.3 Iris Recognition -- 9.2.3.4 Other Biometrics -- 9.3 Related Works -- 9.3.1 Biometrics in Business Applications -- 9.3.1.1 Biometrics in Education -- 9.3.1.2 Biometrics for Mobile Device Security -- 9.3.1.3 Biometrics for the Healthcare Sector -- 9.3.1.4 Biometrics for the Financial Sector -- 9.3.2 Our Contribution -- 9.4 Biometrics in Enterprise Cybersecurity Risk Management -- 9.4.1 Biometrics in Multifactor Authentication Systems -- 9.5 The Technical, Financial, and Legal Challenges of Biometrics -- 9.5.1 Technical Challenges -- 9.5.1.1 Storage of Biometric Templates -- 9.5.1.2 Security Threats to a Biometric System -- 9.5.2 Legal Challenges -- 9.5.3 Financial and Usability Challenges -- 9.6 Case Studies of Enterprise Risk Mitigation via Biometrics During the COVID-19 Pandemic -- 9.6.1 The Impact of COVID-19 on Information Technology (IT) -- 9.6.1.1 Health Care -- 9.6.1.2 Academic -- 9.6.1.3 Financial -- 9.6.2 COVID-19 Impact on Information Security (IT) -- 9.6.3 Improving Security via Biometric Authentication -- 9.7 Conclusion -- 9.7.1 Future Research Opportunities -- References -- Part II Vulnerability Management -- 10 SQL Injection Attacks and Mitigation Strategies: The Latest Comprehension -- 10.1 Introduction -- 10.2 Background -- 10.2.1 Web Application Security -- 10.2.1.1 Understanding SQL Injection Attack -- 10.2.1.2 Logical Understanding of SQL Injection Attack -- 10.3 SQL Injection Attack Classification -- 10.3.1 In-Band SQL Injection Attacks -- 10.3.1.1 Union-Based SQL Injection Attack -- 10.3.1.2 Error-Based SQL Injection Attack -- 10.3.2 Inferential SQL Injection Attacks -- 10.3.2.1 Blind Boolean-Based SQL Injection Attack -- 10.3.2.2 Blind Time-Based SQL Injection Attack. 10.3.3 Out-of-Band SQL Injection Attacks -- 10.3.4 Modern SQL Injection Attacks -- 10.4 SQL Injection Mitigation Strategies -- 10.4.1 OWASP [1] Suggested Mitigation Strategies -- 10.4.1.1 Principle of Least Privilege for Web-Application Access -- 10.4.1.2 Prepared Statements with Parameterized Queries -- 10.4.1.3 Stored Procedures -- 10.4.1.4 Query Whitelisting -- 10.4.1.5 Escaping All User-Supplied Input -- 10.4.2 SQL Injection Attack Mitigation Strategies: Research Outcomes -- 10.5 Conclusions -- References -- 11 Managing Cybersecurity Events Using Service-Level Agreements (SLAs) by Profiling the People Who Attack -- 11.1 Introduction -- 11.2 Prior Arts -- 11.2.1 Profiling Attackers from a Personal Perspective for SLA Provisioning and Network Management Objectives -- 11.3 Research Proposal -- 11.3.1 SLA Service Request -- 11.3.2 SLA Management -- 11.3.3 SLA and Data Management Interventions -- 11.4 Conclusions and Further Work -- References -- 12 Recent Techniques Supporting Vulnerabilities Management for Secure Online Apps -- 12.1 Introduction -- 12.2 SQL Injection -- 12.2.1 Introduction -- 12.2.2 Exploitation Techniques -- 12.2.2.1 In-Band SQL Injection -- 12.2.2.2 Inferential SQL Injection -- 12.2.2.3 Out-of-Band SQL Injection -- 12.2.3 Causes of Vulnerability -- 12.2.4 Protection Techniques -- 12.2.4.1 Input Validation -- 12.2.4.2 Data Sanitization -- 12.2.4.3 Use of Prepared Statements -- 12.2.4.4 Limitation of Database Permission -- 12.2.4.5 Using Encryption -- 12.3 Cross-Site Scripting -- 12.3.1 Introduction -- 12.3.2 Exploitation Techniques -- 12.3.2.1 Reflected Cross-Site Scripting -- 12.3.2.2 Stored Cross-Site Scripting -- 12.3.2.3 DOM-Based Cross-Site Scripting -- 12.3.3 Causes of Vulnerability -- 12.3.4 Protection Techniques -- 12.3.4.1 Data Validation -- 12.3.4.2 Data Sanitization -- 12.3.4.3 Escaping on Output. 12.3.4.4 Use of Content Security Policy. |
Record Nr. | UNISA-996464504203316 |
Cham, Switzerland : , : Springer, , [2021] | ||
Materiale a stampa | ||
Lo trovi qui: Univ. di Salerno | ||
|
The CISO's transformation : security leadership in a high threat landscape / / Raj Badhwar |
Autore | Badhwar Raj |
Pubbl/distr/stampa | Cham, Switzerland : , : Springer, , [2021] |
Descrizione fisica | 1 online resource (180 pages) |
Disciplina | 005.8 |
Soggetto topico | Computer security - Management |
ISBN | 3-030-81412-2 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Intro -- Foreword -- Preface -- Acknowledgment -- Contents -- About the Author -- Abbreviations -- Part I: Effective CISO Leadership -- CISOs - Leading from the Front! -- 1 Introduction -- 2 Be the Security Evangelist -- 2.1 Take an Active Hand in Creating the Cybersecurity Policy and Standards -- 2.2 Lead Innovation and Next-Generation Security Technology Implementations -- 2.3 Secure Cloud Environments -- 2.4 Make the Case for Security to Both Technical and Business Audiences -- 2.5 Understand, Assess, and Quantify Cyber Risk -- 2.6 Lead Tactical vs. Strategic Implementations -- 2.7 Lead User Training and Communications -- 2.8 Be Prepared to React to Cyber-Attacks and Other Cyber-Induced Disruptions -- 2.9 Make the Case to the Board of Directors and Other Executives -- 2.10 Recruit and Retain -- 2.11 Attract Women and Other Minorities to the Cyber Security Profession -- 2.12 Win the Market Place -- 3 The CISO Take -- 4 Definitions -- References -- Further Read.ing -- More CISOs on Corporate Boards -- 1 Preface -- 2 Let's Define Cyber Threats and Cyber Risk First -- 3 Making the Case -- 4 The CISO Take -- 5 Definitions -- References -- Further Reading -- Cyber Program Turnaround by New CISO -- 1 The Human Element -- 2 Use of Security Frameworks -- 3 Adoption of a Cloud-Based Security Stack -- 4 Zero Trust -- 5 Seamless Biometric Authentication -- 6 Making Use of Threat Intelligence -- 7 Active Board-Level Participation -- 8 Effectiveness Testing -- 9 The CISO Take -- 10 Definitions -- References -- Further Reading -- CISOs - The Next Step! -- 1 Introduction -- 2 Current State for Most Hands-on CISOs -- 3 The Near-Future State -- 4 The Not-So-Distant Future State -- 4.1 Cybersecurity Product Development -- 4.2 Cybersecurity Services Development -- 4.3 Cyber Wellness -- 4.4 Cyber Insurance Certification and Attestation.
4.5 How Can This Be Delivered? -- 5 The CISO Take -- 6 Definitions -- References -- Further Reading -- CISO Maturity Model -- 1 Introduction -- 2 The Maturity Model -- 2.1 The Technical Track -- Level 1 (L1 CISO) -- Level 4 (L4 CISO) -- Level 5 (L5 CISO) -- 2.2 The Business Track -- Level 2 (L2 CISO) -- Level 3 (L3 CISO) -- Level 6 (Core CISO) -- 2.3 The Hybrid Track -- Level 7 (CSO) -- Level 8 (High-Impact CISO) -- Level 9 (Executive CISO) -- 3 The CISO Take -- 4 Definitions -- References -- Further Reading -- CISO Commentary on Some Emerging and Disruptive Technologies -- 1 Introduction -- 2 Security Commentary -- 3 The CISO Take -- 4 Definitions -- References -- Further Reading -- See Something, Do Something! -- 1 Genesis -- 2 See Something, Say Something -- 3 See Something, Do Something -- 3.1 Making the Case -- Removal of Conflict of Interest -- Empowerment and Enablement -- Separation of Roles and Responsibilities -- Training and Awareness -- 4 The CISO Take -- 5 Definitions -- References -- My Journey as a Writer -- 1 Introduction -- 2 Early Years -- 3 Technical Writing -- 4 The CISO Take -- Further Reading -- Defensive Measures in the Wake of the SolarWinds Fallout -- 1 Introduction -- 2 Generic Defensive Measures -- 2.1 Enable Improved DNS Alerting Using a DNS Sinkhole -- 2.2 Deploy Malware Kill Switch -- 2.3 Perform Monitoring and Alerting Enhancements -- 2.4 Detect Golden SAML Attacks -- 2.5 Reconsider the Usage of DOH -- 2.6 Better Manage Third-Party Risk -- 3 SolarWinds Specific Actions -- 4 The CISO Take -- 5 Definitions -- References -- Further Reading -- Part II: Cybersecurity Team Building -- Cyber Exceptionalism -- 1 Genesis -- 2 Introduction -- 3 What is Cyber Exceptionalism? -- 4 Who Can Be Cyber Exceptional? -- 5 How Can One Become Cyber-Exceptional? -- 6 My Cyber Journey -- 7 The CISO Take -- 8 Definitions -- References. Further Reading -- Special Needs, Disability, and Cybersecurity: Often, a Great Fit -- 1 Making the Case -- 2 The CISO Take -- 3 Definitions -- References -- Further Reading -- Bias-Free Lexicon -- 1 Introduction -- 2 Shoring Up Professionalism in the Workplace -- 3 What's the Impediment to Linguistic Reform? -- 3.1 Response to Impediments -- 4 Corrective Behaviors -- 5 The Next Step -- 6 The CISO Take -- 7 Definitions -- References -- Further Reading -- The Grass Is Not Always Greener on the Other Side -- 1 Introduction -- 2 Happiness and Job Satisfaction -- 3 Don't Burn Your Bridges -- 4 Get a Mentor -- 5 Other Implications -- 6 The CISO Take -- Further Reading -- Let Not Any Outage Go to Waste -- 1 Introduction -- 2 Making the Case -- 3 Change Management -- 4 Operational Ownership -- 5 The CISO Take -- 6 Definitions -- References -- Further Reading -- If You Can't Hire Them, Then Develop Them -- 1 Introduction -- 2 Develop the Talent -- 2.1 Technology Aptitude -- 2.2 Flexibility -- 2.3 Business Domain Awareness -- 2.4 Mission Focus -- 2.5 Systems Thinking -- 2.6 Problem Solving -- 2.7 Collaboration -- 2.8 Expand the Net -- 2.9 Trust -- 3 Retention -- 3.1 Entry-Level -- 3.2 Mid-Level -- 3.3 Senior and Executive Level -- 4 The CISO Take -- Definitions -- Further Reading -- Should You Accept Counteroffers? -- 1 Introduction -- 2 General Advice and Comments -- 3 Advice to Employees -- 4 Advice to Managers -- 5 The Cybersecurity Skew -- 6 My Own Experience -- 7 The CISO Take -- Further Reading -- Importance of 1:1 Conversations -- 1 Introduction -- 2 Guidance -- 2.1 What Is Going Well? -- 2.2 What Is Not Going So Well? -- 2.3 Ask for Feedback -- 2.4 Give Feedback -- 2.5 Talk About Opportunities -- 2.6 Talk About Career Growth -- 2.7 Talk About Individual Development -- 2.8 Brainstorm Ideas -- 2.9 Skip Level Meetings -- 3 The CISO Take. Further Reading -- The Cyber Hygiene Mantra -- 1 Introduction -- 2 Recommendation -- 2.1 Identify and Patch All High/Medium Risk Vulnerabilities -- 2.2 Reduce Threat Surface -- 2.3 Perform Identity and Access Management -- 2.4 Enable Asset Protection -- 2.5 Perform User Training and Awareness -- 2.6 Setup a Certification and Accreditation (C& -- A) Program -- 3 The CISO Take -- 4 Definitions -- References -- Further Reading -- Part III: Cybersecurity Prudence -- Cybersecurity Lessons from the Breach of Physical Security at US Capitol Building -- 1 Introduction -- 2 Best Practices -- 3 The CISO Take -- 4 Definitions -- References -- Further Reading -- Protect Society, the Commonwealth, and the Infrastructure - Post COVID-19 -- 1 Introduction -- 2 Technical Controls Required to Securely Work from Home, and Back -- 3 Number of Masks Required to Securely Go Back to Work -- 4 Virus Tracking (SARS-CoV-2) -- 5 The CISO Take -- 6 Definitions -- Further Reading -- Self-Service Recovery Options for Bricked Windows Devices -- 1 Introduction -- 2 Solutions -- 2.1 USB Boot Drive -- 2.2 Create a USB Recovery Drive, or Media (DVD or CD) -- 3 BSOD or Bricked? -- 3.1 USB Boot Drive -- 3.2 Recovery Drive -- 3.3 Prerequisites -- 4 Edge Cases -- 5 The CISO Take -- 6 Definitions -- References -- Further Reading -- Certification & -- Accreditation -- 1 Introduction -- 2 Making the Case -- 3 The Workflow Outline -- 3.1 Initiation Phase -- 3.2 Security Certification Phase -- 3.3 Security Accreditation Phase -- 3.4 Continuous Monitoring Phase -- 4 The CISO Take -- 5 Definitions -- References -- Further Reading -- Hack Back or Not? -- 1 Introduction -- 2 Genesis -- 3 What Is a Hack Back? -- 4 Security Issues and Impediments -- 4.1 Currency -- 4.2 Code Vulnerabilities -- 4.3 The Weak Link -- 4.4 Sophisticated Attackers -- 4.5 Lack of Defense Coordination. 4.6 Hacking Tools -- 5 Making the Case -- 5.1 Hacker Identities Are Unknown -- 5.2 It May Be Illegal -- 5.3 Open Cyber-Warfare -- 5.4 Friendly Fire -- 5.5 Asset Retrieval -- 6 The CISO Take -- 7 Definitions -- References -- Further Reading -- CISOs Need Liability Protection -- 1 Making the Case -- 2 Liability Insurance -- 2.1 Verify Your Coverage -- 3 Employment Contracts -- 4 State Laws -- 5 Company Bylaws -- 6 The CISO Take -- 7 Definitions -- References -- Further Reading -- Enable Secure Work-From-Home -- 1 Making the Case -- 2 The CISO Take -- References -- Further Reading -- Postlude - Paying It Forward -- Index. |
Record Nr. | UNINA-9910506380403321 |
Badhwar Raj | ||
Cham, Switzerland : , : Springer, , [2021] | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|