Search results

The security of applications, systems and networks has always been the source of great concern for both enterprises and common users. Different security tools like intrusion detection system/intrusion prevention system and firewalls are available that provide preventive security to the enterprise networks. However, security information and event management (SIEM) systems use these tools in combination to collect events from diverse data sources across the network. SIEM is a proactive tool that processes the events to present a unified security view of the whole network at one location. SIEM system has, therefore, become an essential component of an enterprise network security architecture. However, from various options available, the selection of a suitable and cost-effective open source SIEM solution that can effectively meet most of the security requirements of small-to-medium-sized enterprises (SMEs) is not simple because of the lack of strong analysis.

In this work, the authors first review the security challenges faced by different SME sectors and then consider a comprehensive comparative analysis of the capabilities of well-known open source SIEM solutions. Based on this, the authors provide requirements based recommendations of open source SIEM solutions for SMEs. This paper aims to provide a valuable resource that can be referred to by SMEs for the selection of a SIEM system best suited to their organization’s security posture.

Security requirements of SMEs vary according to their network infrastructure; therefore, every open source SIEM solution would not be suitable for an SME. Selection of a SIEM solution from available open source solutions based upon the security requirements of an SME network is a critical task. Therefore, in this work, a meaningful insight for the selection of an appropriate SIEM solution for SMEs is provided.

Major contribution of this work is the mapping of the security requirements of the SME sectors under consideration, against the open source SIEM options to provide meaningful insight for SMEs in the selection of an appropriate solution.

The purpose of this paper is to propose a framework for security controls automation, in order to achieve greater efficiency and reduce the complexity of information security management.

This research reviewed the controls recommended by well known standards such as ISO/IEC 27001 and NIST SP 800‐53; and identified security controls that can be automated by existing hard‐and software tools. The research also analyzed the Security Information and Event Management (SIEM) technology and proposed a SIEM‐based framework for security controls automation, taking into account the automation potential of SIEM systems and their integration possibilities with several security tools.

About 30 per cent of information security controls can be automated and they were grouped in a list of ten automatable security controls. A SIEM‐based framework can be used for centralized and integrated management of the ten automatable security controls.

By implementing the proposed framework and therefore automating as many security controls as possible, organizations will achieve more efficiency in information security management, reducing also the complexity of this process. This research may also be useful for SIEM vendors, in order to include more functionality to their products and provide a maximum of security controls automation within SIEM platforms.

This paper delimits the boundaries of information security automation and defines what automation means for each security control. A novel framework for security controls automation is proposed. This research provides an automation concept that goes beyond what it is normally described in previous works and SIEM solutions.

Nowadays, to operate securely and legally and to achieve business objectives, secure valuable assets and support uninterrupted business processes, all organizations need to match a lot of internal and external compliance regulations such as laws, standards, guidelines, policies, specifications and procedures. An integrated system able to manage information security (IS) for their intranets in the new cyberspace while processing tremendous amounts of IS-related data coming in various formats is required as never before. These data, after being collected and analyzed, should be evaluated in real-time from an IS incident viewpoint, to identify an incident’s source, consider its type, weigh its consequences, visualize its vector, associate all target systems, prioritize countermeasures and offer mitigation solutions with weighted impact relevance. Different security information and event management (SIEM) systems cope with this routine and usually complicated work by rapid detection of IS incidents and further appropriate response. Modern challenges dictate the need to build these systems using advanced technologies such as the blockchain (BC) technologies (BCTs). The purpose of this study is to design a new BC-based SIEM 3.0 system and propose a methodology for its evaluation.

Modern challenges dictate the need to build these systems using advanced technologies such as the BC technologies. Many internet resources argue that the BCT suits the intrusion detection objectives very well, but they do not mention how to implement it.

After a brief analysis of the BC concept and the evolution of SIEM systems, this paper presents the main ideas on designing the next-generation BC-based SIEM 3.0 systems, for the first time in open access publications, including a convolution method for solving the scalability issue for ever-growing BC size. This new approach makes it possible not to simply modify SIEM systems in an evolutionary manner, but to bring their next generation to a qualitatively new and higher level of IS event management in the future.

The most important area of the future work is to bring this proposed system to life. The implementation, deployment and testing onto a real-world network would also allow people to see its viability or show that a more sophisticated model should be worked out. After developing the design basics, we are ready to determine the directions of the most promising studies. What are the main criteria and principles, according to which the organization will select events from PEL for creating one BC block? What is the optimal number of nodes in the organization’s BC, depending on its network assets, services provided and the number of events that occur in its network? How to build and host the SIEM 3.0 BC infrastructure? How to arrange streaming analytics of block’s content containing events taking place in the network? How to design the BC middleware as software that enables staff to interact with BC blocks to provide services like IS events correlation? How to visualize the results obtained to find insights and patterns in historical BC data for better IS management? How to predict the emergence of IS events in the future? This list of questions can be continued indefinitely for a full-fledged design of SIEM 3.0.

This paper shows the full applicability of the BC concept to the creation of the next-generation SIEM 3.0 systems that are designed to detect IS incidents in a modern, fully interconnected organization’s network environment. The authors’ attempt to begin with a detailed description of the basics for a BC-based SIEM 3.0 system design is presented, as well as the evaluation methodology for the resulting product.

The authors believe that their new revolutionary approach makes it possible not to simply modify SIEM systems in an evolutionary manner, but to bring their next generation to a qualitatively new and higher level of IS event management in the future. They hope that this paper will evoke a lively response in this segment of the security controls market from both theorists and direct developers of living systems that will implement the above approach.

This paper aims to propose a mobile agent-based security information and event management architecture (MA-SIEM) that uses mobile agents for near real-time event collection and normalization on the source device. The externalization of the normalization process, executed by several distributed mobile agents on interconnected computers and devices, proposes a SIEM server dedicated mainly for correlation and analysis.

The architecture has been proposed in three stages. In the first step, the authors described the different aspects of the proposed approach. Then they implemented the proposed architecture and presented a new vision for the insertion of normalized data into the SIEM database. Finally, the authors performed a numerical comparison between the approach used in the proposed architecture and that of existing SIEM systems.

The results of the experiments showed that MA-SIEM systems are more efficient than existing SIEM systems because they leave the SIEM resources primarily dedicated to advanced correlation analysis. In addition, this paper takes into account realistic scenarios and use-cases and proposes a fully automated process for transferring normalized events in near real time to the SIEM server for further analysis using mobile agents.

The work provides new insights into the normalization security-related events using light mobile agents.

This chapter narratively chronologizes the life of a man, now in his late 1960s, who has been key in promoting sport as a vehicle for community development in one of the most economically and politically challenged of all Southeast Asian countries – Cambodia.

Popular in a number of disciplines but rarely applied so far in the field of sport, social development and peace, the main strength of life history analysis is its ability to let stories speak for themselves. The focus on “narrativization” not only provides a rich account of a given topic, but also allows storytellers to shape their accounts, identify their audience, and detail the settings in which these accounts take place.

Cambodian sport (especially football in the northwest province of Siem Reap) and Cambodian society more broadly owes much to the committed efforts of Mr. Ouk Sareth. Not only does the chapter help to better understand the various phases and trajectories of Sareth’s colorful life and the fascinating experiences he has encountered, but also the unique challenges his country has faced and overcome during the seven decades of his life.

We hope that others involved in studying the link between sport, social development and peace will consider narrative method and life history approaches to showcase the pivotal individuals who have operated in the “engine room” of this link.

The purpose of this paper is to explore the mode of entry decisions of firms owned by individuals from a developing country, Thailand, when establishing business operations into a lesser developed country, Cambodia.

The study uses a case study method, using interviews which were held with owners, managers and employees of eight Thai‐owned companies operating in Cambodia.

The paper funds that existing internationalization theory and mode of entry frameworks were useful for classifying the two largest firms in the study, however the smaller entrepreneurial firms could not be accurately categorized according to the existing classifications and therefore an additional category, the born foreign firm, was identified.

As small enterprises are responsible for the vast majority of business activities in lesser developed economies, understanding the nature of born foreign firms can provide policy makers and educators with information to build policies and educational program upon.

The phenomenon of the born foreign firm was identified and explored.

The purpose of this study is to contribute to existing financial literature within a less researched area through a systematic, organized, and holistic approach. This study advances the notion of considering terrorist attacks as a heterogeneous group of events by employing a multidimensional approach. The event study methodology was used to investigate the impact of 46 terrorist attacks occurring on the soil of OECD countries since 1990 on stock markets in US, UK, Spain, and Denmark. Thereby, terrorist attacks are considered as events conveying information to financial markets, which is processed by investors and subsequently reflected in security prices. This chapter is the first contribution within financial literature to distinguish and categorize terrorist attacks through several dimensions and investigate the effect of various characteristics on stock markets. The multidimensional analytical approach consisted of six dimensions, which included an examination of the national stock markets, differences across industries, the underlying threat characteristics, the size of the attack, and the development over time and geospatial aspects. It is concluded that terrorist attacks exhibiting international threat characteristics result in significantly larger and boundary spanning negative abnormal returns, which impact stock markets beyond the country in which the attack occurred. Additionally, the size of the terrorist attack amplifies the negative impact on stock markets. However, while the impact on stock markets was found to be immediate indicating that stock markets are quick and efficient in absorbing new information, the negative impact is likely to evaporate within five trading days.

Cybersecurity training plays a decisive role in overcoming the global shortage of cybersecurity experts and the risks this shortage poses to organizations' assets. Seeking to make the training of those experts as efficacious and efficient as possible, this study investigates the potential of visual programming languages (VPLs) for training in cyber ranges. For this matter, the VPL Blockly was integrated into an existing cyber range training to facilitate learning a code-based cybersecurity task, namely, creating code-based correlation rules for a security information and event management (SIEM) system.

To evaluate the VPL’s effect on the cyber range training, the authors conducted a user study as a randomized controlled trial with 30 participants. In this study, the authors compared skill development of participants creating SIEM rules using Blockly (experimental group) with participants using a textual programming approach (control group) to create the rules.

This study indicates that using a VPL in a cybersecurity training can improve the participants' perceived learning experience compared to the control group while providing equally good learning outcomes.

The originality of this work lies in studying the effect of using a VPL to learn a code-based cybersecurity task. Investigating this effect in comparison with the conventional textual syntax through a randomized controlled trial has not been investigated yet.

Given Wikipedia’s size and importance to the world’s information infrastructure, it can be forgotten that there exists under the same Wikimedia Foundation umbrella, a number of other volunteer wikis producing information on a variety of topics and subjects. Little research has been conducted on these offshoots. In this article I examine one of the earliest of these efforts, Wikivoyage, a free wiki-based travel guidebook.

I examine the content of Wikivoyage’s articles on the temples of Angkor, Siem Reap (the tourist gateway to the temples), the introductory page for the country of Cambodia as a whole and a sample of regional Cambodian entries. Textual and discourse analysis is the foundation of this work.

The findings suggest that although Wikivoyage is not currently an exemplar of alternative tourism discourses, it certainly has potential. But that potential can only be realized if those interested in contributing to the site alternative perspectives and discourses take up the task in a sensitive manner and in accordance with the developing editing culture.

While conceding that Wikivoyage is currently unlikely to monopolize the guidebook market anytime soon, it is still important to study this social phenomenon both for its own intrinsic interest and to assess its potential for a more enlightened and transformative tourism.

The peer review history for this article is available at: https://publons.com/publon/10.1108/OIR-03-2020-0104

The COVID-19 pandemic had a huge negative impact on the world’s hotel industry from the beginning of 2020. As a result of the pandemic, the majority of hotels around the world have decided to close temporarily. It examines the challenges faced by hotel managers and the strategies used to survive.

This research can motivate hotel companies around the world to better understand pandemic situations and develop effective anti-pandemic policies. Based on online in-depth interviews with 25 hotel managers, the findings shed light on the various challenges to hotels.

Findings have shown that the hotel industry has been able to adapt their business for the short term with post-COVID-19 strategies still having limitations. To survive the duration of the pandemic hotels have adopted strategies: reducing employees, promotions and discounts and changing the market segment, as well as levels of maintenance of hygiene and cleanliness. The hotel industry can implement opportunities toward change through government support, crisis management, cooperation with travel agencies and technology.

The current research is to determine the impact of COVID-19 and the adaptive strategies on the hotel sector in the Siem Reap province by the following objectives: (1) To analyse the impacts of COVID-19 in the hotel sector, (2) To identify adaptive strategies in dealing with COVID-19 in the hotel sector and (3) To explore post-COVID-19 strategies of the hotel sector after the COVID-19 pandemic. A qualitative method was employed in the research online and in-depth interviews were conducted with the owner and general manager.

The study suggests that hotels focus more on survival strategies for the short term, so the topic for future research could be to investigate details of strategies after the COVID-19 pandemic in order to research what the hotels' strategic solutions will be and how they will manage the operation after the COVID-19 pandemic for long-term strategies.