Search results

The security of applications, systems and networks has always been the source of great concern for both enterprises and common users. Different security tools like intrusion detection system/intrusion prevention system and firewalls are available that provide preventive security to the enterprise networks. However, security information and event management (SIEM) systems use these tools in combination to collect events from diverse data sources across the network. SIEM is a proactive tool that processes the events to present a unified security view of the whole network at one location. SIEM system has, therefore, become an essential component of an enterprise network security architecture. However, from various options available, the selection of a suitable and cost-effective open source SIEM solution that can effectively meet most of the security requirements of small-to-medium-sized enterprises (SMEs) is not simple because of the lack of strong analysis.

In this work, the authors first review the security challenges faced by different SME sectors and then consider a comprehensive comparative analysis of the capabilities of well-known open source SIEM solutions. Based on this, the authors provide requirements based recommendations of open source SIEM solutions for SMEs. This paper aims to provide a valuable resource that can be referred to by SMEs for the selection of a SIEM system best suited to their organization’s security posture.

Security requirements of SMEs vary according to their network infrastructure; therefore, every open source SIEM solution would not be suitable for an SME. Selection of a SIEM solution from available open source solutions based upon the security requirements of an SME network is a critical task. Therefore, in this work, a meaningful insight for the selection of an appropriate SIEM solution for SMEs is provided.

Major contribution of this work is the mapping of the security requirements of the SME sectors under consideration, against the open source SIEM options to provide meaningful insight for SMEs in the selection of an appropriate solution.

This paper aims to propose a mobile agent-based security information and event management architecture (MA-SIEM) that uses mobile agents for near real-time event collection and normalization on the source device. The externalization of the normalization process, executed by several distributed mobile agents on interconnected computers and devices, proposes a SIEM server dedicated mainly for correlation and analysis.

The architecture has been proposed in three stages. In the first step, the authors described the different aspects of the proposed approach. Then they implemented the proposed architecture and presented a new vision for the insertion of normalized data into the SIEM database. Finally, the authors performed a numerical comparison between the approach used in the proposed architecture and that of existing SIEM systems.

The results of the experiments showed that MA-SIEM systems are more efficient than existing SIEM systems because they leave the SIEM resources primarily dedicated to advanced correlation analysis. In addition, this paper takes into account realistic scenarios and use-cases and proposes a fully automated process for transferring normalized events in near real time to the SIEM server for further analysis using mobile agents.

The work provides new insights into the normalization security-related events using light mobile agents.

Resin jetting with piezo print‐heads is in increasing use, and in the rapid prototyping industry, the merging quality between adjacent droplets will determine the mechanical properties and reliability of the products. Therefore, it is essential to find an experimental technique to ensure seamless inter‐droplet merging. Speckle interferometry with electron microscopy (SIEM) is a micro‐mechanics measurement technique that has a spatial resolution approaching a few nanometers. In this paper, SIEM is successfully applied to measure the ultimate tensile stress and tensile modulus of jetted, UV‐cured cationic resin microsamples. Results show that the microsamples exhibit similar properties to the bulk material properties and that jetting two layers on top of each other is not detrimental to the material properties.

This study aims to systematise the methodology used in comparative urban planning law and propose primary contexts for comparison in planning law.

This study undertook a review of comparative law methodology discourse and sought to establish connections between the discourse and the field of planning law.

This study argues for establishment of a realistic goal for comparative planning law by focusing on the planning law's modifiability. The goal of comparison in planning law should not be to find universally desirable principles or better solutions. Rather, the goal should be to identify a motive for devising a solution. This is because it is not only difficult to establish legal values that are universally applicable to planning law but also inappropriate to determine superiority of planning laws that have been developed over time by each jurisdiction’s sovereignty and policies on land use. When determining comparable systems for analysis among legal systems that are functionally equivalent, it is important to consider the context of land use relations alongside the comparative analysis to be done. To set realistic goals, the context should not be extended indefinitely but be systematised. Based on the foundational relationship underlying planning law, including the tension between planning authorities and property owners, this study presents five specific contexts for comparative analysis: “Strength of Property Rights,” “Level of Judicial Intervention,” “Plan- or Development-led System,” “Allocation of Planning Power” and “Level of Participation.” Examination of these contexts will allow better understanding of the similarities and differences among different systems and practical application of the results of comparative studies.

This study presents a novel approach to systematising the methodology and framework of comparative planning law.

Nowadays, to operate securely and legally and to achieve business objectives, secure valuable assets and support uninterrupted business processes, all organizations need to match a lot of internal and external compliance regulations such as laws, standards, guidelines, policies, specifications and procedures. An integrated system able to manage information security (IS) for their intranets in the new cyberspace while processing tremendous amounts of IS-related data coming in various formats is required as never before. These data, after being collected and analyzed, should be evaluated in real-time from an IS incident viewpoint, to identify an incident’s source, consider its type, weigh its consequences, visualize its vector, associate all target systems, prioritize countermeasures and offer mitigation solutions with weighted impact relevance. Different security information and event management (SIEM) systems cope with this routine and usually complicated work by rapid detection of IS incidents and further appropriate response. Modern challenges dictate the need to build these systems using advanced technologies such as the blockchain (BC) technologies (BCTs). The purpose of this study is to design a new BC-based SIEM 3.0 system and propose a methodology for its evaluation.

Modern challenges dictate the need to build these systems using advanced technologies such as the BC technologies. Many internet resources argue that the BCT suits the intrusion detection objectives very well, but they do not mention how to implement it.

After a brief analysis of the BC concept and the evolution of SIEM systems, this paper presents the main ideas on designing the next-generation BC-based SIEM 3.0 systems, for the first time in open access publications, including a convolution method for solving the scalability issue for ever-growing BC size. This new approach makes it possible not to simply modify SIEM systems in an evolutionary manner, but to bring their next generation to a qualitatively new and higher level of IS event management in the future.

The most important area of the future work is to bring this proposed system to life. The implementation, deployment and testing onto a real-world network would also allow people to see its viability or show that a more sophisticated model should be worked out. After developing the design basics, we are ready to determine the directions of the most promising studies. What are the main criteria and principles, according to which the organization will select events from PEL for creating one BC block? What is the optimal number of nodes in the organization’s BC, depending on its network assets, services provided and the number of events that occur in its network? How to build and host the SIEM 3.0 BC infrastructure? How to arrange streaming analytics of block’s content containing events taking place in the network? How to design the BC middleware as software that enables staff to interact with BC blocks to provide services like IS events correlation? How to visualize the results obtained to find insights and patterns in historical BC data for better IS management? How to predict the emergence of IS events in the future? This list of questions can be continued indefinitely for a full-fledged design of SIEM 3.0.

This paper shows the full applicability of the BC concept to the creation of the next-generation SIEM 3.0 systems that are designed to detect IS incidents in a modern, fully interconnected organization’s network environment. The authors’ attempt to begin with a detailed description of the basics for a BC-based SIEM 3.0 system design is presented, as well as the evaluation methodology for the resulting product.

The authors believe that their new revolutionary approach makes it possible not to simply modify SIEM systems in an evolutionary manner, but to bring their next generation to a qualitatively new and higher level of IS event management in the future. They hope that this paper will evoke a lively response in this segment of the security controls market from both theorists and direct developers of living systems that will implement the above approach.

Cybersecurity training plays a decisive role in overcoming the global shortage of cybersecurity experts and the risks this shortage poses to organizations' assets. Seeking to make the training of those experts as efficacious and efficient as possible, this study investigates the potential of visual programming languages (VPLs) for training in cyber ranges. For this matter, the VPL Blockly was integrated into an existing cyber range training to facilitate learning a code-based cybersecurity task, namely, creating code-based correlation rules for a security information and event management (SIEM) system.

To evaluate the VPL’s effect on the cyber range training, the authors conducted a user study as a randomized controlled trial with 30 participants. In this study, the authors compared skill development of participants creating SIEM rules using Blockly (experimental group) with participants using a textual programming approach (control group) to create the rules.

This study indicates that using a VPL in a cybersecurity training can improve the participants' perceived learning experience compared to the control group while providing equally good learning outcomes.

The originality of this work lies in studying the effect of using a VPL to learn a code-based cybersecurity task. Investigating this effect in comparison with the conventional textual syntax through a randomized controlled trial has not been investigated yet.

The purpose of this study is to contribute to existing financial literature within a less researched area through a systematic, organized, and holistic approach. This study advances the notion of considering terrorist attacks as a heterogeneous group of events by employing a multidimensional approach. The event study methodology was used to investigate the impact of 46 terrorist attacks occurring on the soil of OECD countries since 1990 on stock markets in US, UK, Spain, and Denmark. Thereby, terrorist attacks are considered as events conveying information to financial markets, which is processed by investors and subsequently reflected in security prices. This chapter is the first contribution within financial literature to distinguish and categorize terrorist attacks through several dimensions and investigate the effect of various characteristics on stock markets. The multidimensional analytical approach consisted of six dimensions, which included an examination of the national stock markets, differences across industries, the underlying threat characteristics, the size of the attack, and the development over time and geospatial aspects. It is concluded that terrorist attacks exhibiting international threat characteristics result in significantly larger and boundary spanning negative abnormal returns, which impact stock markets beyond the country in which the attack occurred. Additionally, the size of the terrorist attack amplifies the negative impact on stock markets. However, while the impact on stock markets was found to be immediate indicating that stock markets are quick and efficient in absorbing new information, the negative impact is likely to evaporate within five trading days.

The purpose of this paper is to explore the mode of entry decisions of firms owned by individuals from a developing country, Thailand, when establishing business operations into a lesser developed country, Cambodia.

The study uses a case study method, using interviews which were held with owners, managers and employees of eight Thai‐owned companies operating in Cambodia.

The paper funds that existing internationalization theory and mode of entry frameworks were useful for classifying the two largest firms in the study, however the smaller entrepreneurial firms could not be accurately categorized according to the existing classifications and therefore an additional category, the born foreign firm, was identified.

As small enterprises are responsible for the vast majority of business activities in lesser developed economies, understanding the nature of born foreign firms can provide policy makers and educators with information to build policies and educational program upon.

The phenomenon of the born foreign firm was identified and explored.

Reviews previous research on the efficiency and performance of financial institutions and uses Siems and Barr’s (1998) data envelopment analysis (DEA) model to evaluate the relative productive efficiency of US commercial banks 1984‐1998. Explains the methodology, discusses the input and output measures used and relates bank performance measures to efficiency. Describes the CAMELS rating system used by bank examiners and regulators; and finds that banks with high efficiency scores also have strong CAMELS ratings. Summarizes the other relationship identified and recommends the use of DEA to help analysts and policy makers understand organizations in greater depth, regulators and examiners to develop monitoring tools and banks to benchmark their processes.

The purpose of this research is to understand the vulnerabilities of male youth in the sex trade in Manila, Philippines. Using purposive and a modified respondent-driven sampling methodology, interviews were conducted with 51 young males working as masseurs in the Metro Manila area exploring a wide range of their experiences and vulnerabilities throughout the work including physical, sexual and emotional violence. The mixed method, mostly qualitative research is based on similar surveys conducted throughout the South and South Asia regions.

Research on sexual exploitation of boys and men has largely focused on sexual health and prevention of HIV (Human Rights Watch Philippines, 2004). This research uniquely focuses on a broader range of vulnerabilities for males in the sex trade.

Qualitative discussions reveal instances of forced sex that can take a variety of forms, including physical force and/or violence or coercion involving bribes, verbal abuse or other forms of pressure to provide sexual services. Data also demonstrate stigma and discrimination outside of sex work. This study provides a qualitative assessment of the broader male-to-male sex industry within the Metro-Manila area, including escort services and both direct and indirect male sex work.

For observers, who consider male sexual abuse to be free of violence or discrimination, this provides evidence to the contrary and considerations for organizations that are able to provide funding to support their needs. Education of those involved in addressing the prevention of sexual exploitation should include gendered differences.