Search results

With the rapid development of Internet technology, cybersecurity threats such as security loopholes, data leaks, network fraud, and ransomware have become increasingly prominent, and organized and purposeful cyberattacks have increased, posing more challenges to cybersecurity protection. Therefore, reliable network risk assessment methods and effective network security protection schemes are urgently needed.

Based on the dynamic behavior patterns of attackers and defenders, a Bayesian network attack graph is constructed, and a multitarget risk dynamic assessment model is proposed based on network availability, network utilization impact and vulnerability attack possibility. Then, the self-organizing multiobjective evolutionary algorithm based on grey wolf optimization is proposed. And the authors use this algorithm to solve the multiobjective risk assessment model, and a variety of different attack strategies are obtained.

The experimental results demonstrate that the method yields 29 distinct attack strategies, and then attacker's preferences can be obtained according to these attack strategies. Furthermore, the method efficiently addresses the security assessment problem involving multiple decision variables, thereby providing constructive guidance for the construction of security network, security reinforcement and active defense.

A method for network risk assessment methods is given. And this study proposed a multiobjective risk dynamic assessment model based on network availability, network utilization impact and the possibility of vulnerability attacks. The example demonstrates the effectiveness of the method in addressing network security risks.

The purpose of this study is to explore the rationale that governs implementation of information systems and network security expenditures through a case study approach.

The research method took the form of a mixed‐method assessment of the perceptions of persons of authority in the management and the network security areas of an organization that has implemented network security protocols. Two stages of the research process were completed in order to gather the necessary data for the study. The first stage of the study was the administration of a Likert‐type questionnaire in which respondents answered 30 unique items on network security. In the second phase of the study, a number of responders were contacted to further expand upon the themes presented in the Likert‐type questionnaire.

Empirical evidence gathered justifies theoretical claims that personnel from general management have different perspectives towards network security than personnel from the network security management. In particular, the study indicates that such differences are demonstrated on a number of areas such as the effectiveness and the efficiency of the networked system; control of network security; security‐related decision‐making processes; and users of the network. The latter being the most controversial issue with one side indicating that users should be allowed to use the network in an efficient manner, and the other side emphasizing that users pose one of the greatest security risks to the system.

The limitations of the study are found in its focus on a specific company and on its perception‐centred nature of risk and risk analysis. No two persons identify and frame risk in an identical manner. This creates potential conflict of interest when the participants within a risk assessment process approach the issues and present their arguments as to how to best identify and respond to risks.

Through comparing and contrasting the perspectives of the two sample populations, the research assists in demonstrating how, why, and to what extent specific problems are recognized by those within management and those within network security. This allowed the analysis of how these problems are defined and what steps can be taken that would help to reduce or eliminate its impact in the organization used in our case study.

It has been argued in the literature that there is lack of empirically based research to explore and effectively analyze the perceptions held by management and by security specialists within organizations with respect to security. This paper presents the results of the application of a novel two‐stage framework on an empirical case study focused on a large national bank. The work allowed the identification of the various perceptions held by management and by security specialists, and the degree to which these perceptions are similar.

The purpose of this paper is to explore the underlying relational properties of security networks by focusing specifically on the relationship between formal and informal ties, and interpersonal and inter-organisational trust.

The research is based on 20 qualitative interviews with senior members of police and security agencies across the field of counter-terrorism in Australia.

The findings suggest that the underlying relational properties of security networks are highly complex, making it difficult to distinguish between formal and informal ties, interpersonal and inter-organisational trust. The findings also address the importance of informal ties and interpersonal trust for the functioning of organisational security networks.

The research is exploratory in nature and extends to a number of organisational security networks in the field of counter-terrorism in Australia. While it is anticipated that the findings will be relevant in a variety of contexts, further research is required to advance our knowledge of the implications and properties of informal social networks within defined network boundaries.

The findings suggest that the functioning of security networks is likely to be highly dependent on the underlying social relationships between network members. This has practical implications for those responsible for designing and managing security networks.

The paper calls attention to a very understudied topic by focusing on the dynamics of informal ties and interpersonal trust within organisational security networks.

The purpose of this paper is to provide an in-depth overview of the security requirements and challenges for Internet of Things (IoT) and discuss security solutions for various enabling technologies and implications to various applications.

Security requirements and solutions are analysed based on a four-layer framework of IoT on sensing layer, network layer, service layer, and application layer. The cross-layer threats are analysed followed by the security discussion for the enabling technologies including identification and tracking technologies, WSN and RFID, communication, networks, and service management.

IoT calls for new security infrastructure based on the new technical standards. As a consequence, new security design for IoT shall pay attention to these new standards. Security at both the physical devices and service-applications is critical to the operation of IoT, which is indispensable for the success of IoT. Open problems remain in a number of areas, such as security and privacy protection, network protocols, standardization, identity management, trusted architecture, etc.

The implications to various applications including supervisory control and data acquisition, enterprise systems, social IoT are discussed. The paper will serve as a starting point for future IoT security design and management. The security strategies for IoT should be carefully designed by managing the tradeoffs among security, privacy, and utility to provide security in multi-layer architecture of IoT.

The paper synthesizes the current security requirements for IoT and provides a clear framework of security infrastructure based on four layers. Accordingly, the security requirements and potential threats in the four-layer architecture are provided in terms of general devices security, communication security, network security, and application security.

The purpose of this paper is to investigate the work practices of network security professionals and to propose a new and robust work practices model of these professionals.

The proposed work practices model is composed by combining the findings of ten notable empirical studies performed so far this century. The proposed model was then validated by an online survey of 125 network security professionals with a wide demographic spread.

The empirical data collected from the survey of network security professionals strongly validate the proposed work practices model. The results also highlight interesting trends for different groups of network security professionals, with respect to performing different security-related activities.

Further studies could investigate more closely the links and dependencies between the different activities of the proposed work practices model and tools used by network security professionals to perform these activities.

A robust work practices model of network security professionals could hugely assist tool developers in designing usable tools for network security management.

This paper proposes a new work practices model of network security professionals, which is built by consolidating existing empirical evidence and validated by conducting a survey of network security professionals. The findings enhance the understanding of tool developers about the day-to-day activities of network security professionals, consequently assisting developers in designing better tools for network security management.

To take relative actions to cope with the threat which network finance information security now encounters by constructing controlling tactical and synergetic model.

It is practical to use the synergetic self‐organization theory to calculate the effects that the force of synergetic system of controlling tactics to financial information security makes on network financial system, and it is also practical to construct the synergetic model of controlling tactics to network financial information security on the basis of it.

Through applying synergetic analysis to controlling tactical system of network financial information security, it can be found out that controlling tactical system is an open system which changes from disorder to order and which keeps away from a balancing state. As an opening system, controlling tactics are interacting with outside from now and then.

Network financial information security takes on dynamics, relativity, integrity and complexity. Accessibility of data is the main limitations which model will be applied.

From the view of network financial information security, constructing controlling tactical and synergetic model of information security are explained.

Network finance is orientated as a special social and economic system. The author does analysis on the network financial system, and expounds order parameters and model of network financial system.

The security of applications, systems and networks has always been the source of great concern for both enterprises and common users. Different security tools like intrusion detection system/intrusion prevention system and firewalls are available that provide preventive security to the enterprise networks. However, security information and event management (SIEM) systems use these tools in combination to collect events from diverse data sources across the network. SIEM is a proactive tool that processes the events to present a unified security view of the whole network at one location. SIEM system has, therefore, become an essential component of an enterprise network security architecture. However, from various options available, the selection of a suitable and cost-effective open source SIEM solution that can effectively meet most of the security requirements of small-to-medium-sized enterprises (SMEs) is not simple because of the lack of strong analysis.

In this work, the authors first review the security challenges faced by different SME sectors and then consider a comprehensive comparative analysis of the capabilities of well-known open source SIEM solutions. Based on this, the authors provide requirements based recommendations of open source SIEM solutions for SMEs. This paper aims to provide a valuable resource that can be referred to by SMEs for the selection of a SIEM system best suited to their organization’s security posture.

Security requirements of SMEs vary according to their network infrastructure; therefore, every open source SIEM solution would not be suitable for an SME. Selection of a SIEM solution from available open source solutions based upon the security requirements of an SME network is a critical task. Therefore, in this work, a meaningful insight for the selection of an appropriate SIEM solution for SMEs is provided.

Major contribution of this work is the mapping of the security requirements of the SME sectors under consideration, against the open source SIEM options to provide meaningful insight for SMEs in the selection of an appropriate solution.

The purpose of this paper is to present a P2P network security pricing model that promotes more secure online information sharing in P2P networks through the creation of networks with increased resistance to malicious code propagation. Online information sharing is at an all‐time high partly due to the recent growth in, and use of, online peer‐to‐peer (P2P) networks.

The model integrates current research findings in incentive compatible network pricing with recent developments in complex network theory. File download prices in P2P networks are linked to network security using a graph theory measurement called the Pearson coefficient. The Pearson coefficient indicates a structural dimension of scale‐free networks (scale‐free networks like the internet) called preferential attachment. Preferential attachment refers to the network property where the probability for a node to connect to a new node is greater if the new node already has a high number of connections.

The P2P network security pricing model concept is illustrated to show how the model functions to create more secure P2P networks.

Future research in P2P network security pricing should focus on testing the model presented in this paper by numerical experiments and simulation including the tracking of malicious code propagation on networks grown under the pricing model.

The P2P network security pricing model demonstrated here is a different approach to network security that has a strong potential to impact on the future security of P2P and other computer based networks.

From a financial stability viewpoint, this paper aims to study cyclical interdependencies arising from the cross-holding of securities in the Colombian financial system.

Cross-holding of securities in financial systems occurs when two financial institutions hold securities issued by each other or when more than two financial institutions hold securities issued by each other in a circular structure. Securities cross-holding is key for financial stability because of potential contagion arising from cyclical interdependencies in the connective architecture of financial systems. The presence of cyclical interdependencies is studied based on network analysis. The data set is a multilayer network that comprises bonds, certificates of deposit and equity issued and held by Colombian financial institutions from 2016 to 2019.

Results show that the extent of securities’ cyclical interdependencies is particularly low and stable – even when cross-holding across different types of securities is considered.

The monetary value of exposures and their size with respect to financial institutions’ balance sheets are not considered. Studying the impact on the financial system’s solvency is a compulsory research path.

The network topology suggests that increased potential contagion by cyclical interdependencies and feedback effects from securities cross-holding is rather limited.

To the best of the authors’ knowledge, this is the first time that cyclical interdependencies arising from the securities cross-holding are studied. From a financial stability perspective, the methodology is general and promising for monitoring and analytical purposes.

The purpose of this paper is to discuss and amalgamate information security principles, and legal and ethical concerns that surround security testing and components of generic security testing methodologies that can be applied to Voice over Internet Protocol (VoIP), in order to form an audit methodology that specifically addresses the needs of this technology.

Information security principles, legal and ethical concerns are amalgamated that surround security testing and components of generic security testing methodologies that can be applied to VoIP. A simple model is created of a business infrastructure (core network) for the delivery of enterprise VoIP services and the selected tests are applied through a methodically structured action plan.

The main output of this paper is a, documented in detail, testing plan (audit programme) for the security review of a core VoIP enterprise network infrastructure. Also, a list of recommendations for good testing practice based on the testing experience and derived through the phase of the methodology evaluation stage.

The methodology in the paper does not extend at the moment to the testing of the business operation issues of VoIP telephony, such as revenue assurance or toll fraud detection.

This approach facilitates the conduct or security reviews and auditing in a VoIP infrastructure.

VoIP requires appropriate security testing before its deployment in a commercial environment. A key factor is the security of the underlying data network. If the business value of adopting VoIP is considered then the potential impact of a related security incident becomes clear. This highlights the need for a coherent security framework that includes means for security reviews, risk assessments, and influencing design and deployment. In this respect, this approach can meet this requirement.