China
Africa
Explore chapters and articles related to this topic
Attack Graph Generation
Published in Nicholas Kolokotronis, Stavros Shiaeles, Cyber-Security Threats, Actors, and Dynamic Mitigation, 2021
Konstantinos-Panagiotis Grammatikakis, Nicholas Kolokotronis
Besides product and vendor-oriented security advisories, security-focused organizations provide comprehensive lists of vulnerabilities that may affect any software or hardware asset, regardless of its vendor. A selection of 15 of these databases was presented in Section 8.2.3, with a focus on the richness of their structured information. Their entries list the products—hardware or software, together with their specific versions—affected by the relevant vulnerability and, whenever such information is available, the remediation actions to be performed.
The Fundamental Concepts
Published in Mohssen Mohammed, Al-Sakib Khan Pathan, Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks, 2016
Mohssen Mohammed, Al-Sakib Khan Pathan
It is extremely critical for organizations to focus on standardization and management compliance efforts. Network security vulnerability needs to be identified and removed to bridge the gap between an organization’s current and desired stage. Organizations often use vulnerability scanners to identify vulnerabilities of their host systems and network assets. A vulnerability scanner identifies not only hosts and open ports on those hosts but also associated vulnerabilities on them.
The Far-Reaching Image of a Secure System Architecture
Published in Dr. Dimitris, N. Chorafas, Heinrich Steinmann, Intelligent Networks, 2019
Dr. Dimitris, N. Chorafas, Heinrich Steinmann
Because proper protection is essential, the protection of computer-based assets should be achieved through a security program for developing and implementing cost-effective measures to cope with computer-related threats. Risk analysis has the aim first to identify then to develop and present valid solutions to management.
Exploring IS security themes: a literature analysis
Published in Journal of Decision Systems, 2020
Areej Alyami, David Sammon, Karen Neville, Carolanne Mahony
Previous literature frequently uses the terms ‘information security’ and ‘information systems security’ (IS security) synonymously (Crossler et al., 2013; D’Arcy & Herath, 2011). IS security research is far-reaching and contains technical, behavioural, managerial, philosophical, and organisational approaches that relate to the protection of IS assets (Zafar & Clark, 2009). IS security provides a way to protect the valuable assets of any organisation, especially the ones that hold sensitive information, and minimises the risks of vulnerability and data breaches. It is based on three main principles that, represented by the CIA triad, was developed at the beginning of the computer era, and are considered as a popular conceptual model of IS security (Hedström, et al., 2011). They include: (1) confidentiality: preventing unauthorised access to sensitive data; (2) integrity: the truthfulness of the data, which cannot be modified without authorisation and (3) availability: accessibility of the data whenever it is requested by authorised personnel.
The impact of time pressure on cybersecurity behaviour: a systematic literature review
Published in Behaviour & Information Technology, 2019
Noman H. Chowdhury, Marc T. P. Adam, Geoffrey Skinner
Cyberspace can be defined as the realm of virtual environment where users create, store, and share digitised information, and communicate online through physical infrastructure (Craigen, Diakun-Thibault, and Purse 2014; Singer and Friedman 2014). One major concern in cyberspace is that assets (i.e. users, information, and infrastructure) may exhibit vulnerabilities (e.g. outdated security protocols, unsecure access permission) that can be exploited by threats (e.g. data leakage, identity theft). Importantly, threats give rise to risks of attacks (e.g. data breach, espionage, ransomware) that can in turn jeopardise security goals pertaining to assets (e.g. availability, integrity, privacy). Against this backdrop, the notion of cybersecurity is concerned with the attainment and maintenance of security goals related to assets against threats (ITU 2008) through countermeasures. However, weaknesses in countermeasures may also add to existing vulnerabilities or even create new vulnerabilities (see Figure 3).
Self-efficacy in Information Security: A Replication Study
Published in Journal of Computer Information Systems, 2023
Botong Xue, Merrill Warkentin, Leigh A. Mutchler, Puzant Balozian
Most modern organizations1 adopt protective technological solutions such as firewalls and anti-malware software to prevent external attacks to mitigate the risks to information assets. However, each organization is also vulnerable to internal threats from employees, contractors, and other insiders who pose a particularly troublesome threat to information security.2,3 The responsibility for the protection of information assets belongs to all individuals who possess access to them, yet these insiders tend to be the weakest link of an organization’s security processes.3–9 Because the success of an organization’s security program relies on the compliance of its employees, it isn’t surprising that a rich stream of research exists where significant influences on employees and their secure behaviors are identified. Some examples include habit,10 personality traits,11 extrinsic and intrinsic motivations,12 social cues and social influences,13,14 organizational position,15 leadership,16,17 and security policy awareness.18 Self-efficacy, an individual’s perceptions of their capability to perform certain actions, is another important influence on employee secure behavior choices, and is the focus of a paper by original paper.1 Specifically, the authors applied social cognitive theory to explore how perceptions of self-efficacy with information security predict users’ secure behaviors and users’ secure intentions, and whether self-efficacy has significant relationships with previous experience and perceived general controllability of information security threats. Please see the research model in Figure 1.