Explore chapters and articles related to this topic
IoT Security Frameworks and Countermeasures
Published in Stavros Shiaeles, Nicholas Kolokotronis, Internet of Things, Threats, Landscape, and Countermeasures, 2021
G. Bendiab, B. Saridou, L. Barlow, N. Savage, S. Shiaeles
Security policy refers to “a written document in an organization outlining how to protect the organization from threats, including computer security threats, and how to handle situations when they do occur” [88]. For an organization to determine potential threats, it will need to keep an updated list of all its assets and define how they could possibly be linked to malicious activity. After successfully identifying assets and threats, the next step in the security policy is to describe the right measures that protect systems and/or avoid exposure to those threats [19, 88]. In general, a security policy may include different aspects of the organization, such as software, network, equipment, the physical building, as well as potential malicious activity coming from organization members (with privileged information or access to physical systems) or people outside the company environment, such as hackers, competitors, activists, etc [89].
Security Management
Published in Michael L. Madigan, Handbook of Emergency Management Concepts, 2017
Computer security, also known as cybersecurity or IT security, is security applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the whole Internet. The field includes all five components: hardware, software, data, people, and procedures, by which digital equipment, information, and services are protected from unintended or unauthorized access, change, or destruction and is of growing importance due to the increasing reliance of computer systems in most societies. It includes physical security to prevent theft of equipment and information security to protect the data on that equipment.
Network Security Preliminaries
Published in Dijiang Huang, Ankur Chowdhary, Sandeep Pisharody, Software-Defined Networking and Security, 2018
Dijiang Huang, Ankur Chowdhary, Sandeep Pisharody
In computer security, a firewall (FW)Firewall is a component or set of components that restricts access between a protected network and the Internet, or between other sets of networks. In Chapter 6, we provide a more advanced topics of firewalls. In this section, we focus on technical background of firewalls. Some frequently used terms that highly related to firewalls are given as below:HostHost: A computer system attached to a network.Dual-homed hostDual-homed host: A dual-homed host is a term used to reference a type of firewall that uses two (or more) network interfaces. One connection is an internal network and the second connection is to the Internet. A dual-homed host usually runs general purpose operating system to support firewall applications running in it.Network Address Translation (NAT)Network address translation(NAT): a procedure by which a router changes data in packets to modify the network addresses. This allows a router to conceal the addresses of network hosts on one side of it. This technique can enable a large number of hosts to connect to the Internet using a small number of allocated addresses or can allow a network that's configured with illegal or un-routable addresses to connect to the Internet using valid addresses. It is not actually a security technique, although it can provide a small among of additional security. However, it generally runs on the same routers that make up part of the firewall.Perimeter networkPerimeter network: A network added between a protected network and an external network, in order to provide an additional layer of security. A perimeter network is sometimes called a DMZ, which stands for De-Militarized ZoneDemilitarized Zone (DMZ) (named after the zone separating North and South Korea).ProxyProxy: A program that deals with external servers on behalf of internal clients. Proxy clients talk to proxy servers, which relay approved client requests on to real servers, and relay answers back to clients.
To what extent does time perspective predict online security behaviour?
Published in Behaviour & Information Technology, 2023
The research aim is to explore whether particular time perspective-related psychological constructs are correlated with security behaviours. Specifically, we analyse the association of security behaviour intentions with six TPs (past positive, past negative, present hedonistic, present fatalistic, carpe diem, future). Therefore, our first research question is: does time perspective predict online security behaviour? A pattern of specific TPs predicting specific online security behaviours is expected. This is because different security behaviours have their protective effect at different time scales. For example device securement affects computer security in the present. It is therefore hypothesised that the Past Positive, Past Negative, Carpe Diem, and the Future Time Perspectives positively predicts online security behaviour and Present Hedonism and Present Fatalism negatively predict online security behaviour.
Security analysis and fault detection against stealthy replay attacks
Published in International Journal of Control, 2022
Amirreza Zaman, Behrouz Safarinejadian, Wolfgang Birk
In this section, to derive formulations, it is considered that an adverse third party tries to intrude on the presented control system. The replay attack model in this approach is defined as computer security problems. Also, the feasibility of these kinds of attacks on the control system is investigated. It is proved that the analysis of this work can be generalised to other types of control systems with higher orders. The attacker can inject the control input at any time. It is worth noticing that the identification process of the underlying dynamic model of the control system for attackers can be hard in general, and not all the attackers are such powerful to detect systems'models. Therefore, this paper focuses on a straightforward attack strategy, which is much easy to implement. Besides, since the energy-consuming limitation exists in reality for both system and attacker, the goal of designing attack or defense strategies in CPSs is to develop with the lowest level of energy consumption for both parties.
Security Education, Training, and Awareness Programs: Literature Review
Published in Journal of Computer Information Systems, 2022
Siqi Hu, Carol Hsu, Zhongyun Zhou
Security education, training, and awareness (SETA) programs are ongoing efforts to focus employees’ attention on information security–related issues, provide employees with crucial knowledge and skills, enable their deep understanding of why security protection is needed, and increase their awareness of security issues.1–3 SETA is one of the most common, fundamental, and prominent strategies for organizational security governance4 and is becoming a strategic priority within many organizations.2,5,6 For instance, the United States (US) Computer Security Act of 1987 requires that “each agency shall provide the mandatory periodic training in computer security awareness and accepted computer practices for all employees”.7(p6)