China
Africa
Explore chapters and articles related to this topic
Security Assessment (A1): SDL Activities and Best Practices
Published in James F. Ransome, Anmol, Mark S. Merkow, Practical Core Software Security, 2023
James F. Ransome, Anmol, Mark S. Merkow
The discovery meeting is essentially an SDL kick-off meeting where the key SDLC stakeholders get on the same page at the beginning of the process so that security is built in rather than bolted on post-release. Security planning in the discovery meeting should include preparations for the entire system life cycle, including the identification of key security milestones and deliver ables, as well as tools and technologies. Special consideration should be given to items that may need to be procured, such as software security testing and assessment tools and the potential use of third-party software security architects or engineers, if staff augmentation is needed or the customer requires third-party attestation. Other resource impacts such as active testing, accreditation, and required training must be considered as well. A series of milestones or security meetings should be planned to discuss each of the security considera tions throughout the system development. The outcomes of the discovery meeting are typically in terms of decisions that are made for future activities, which are followed later in the SDL by actual security or privacy activities. A project schedule should integrate security activities to ensure proper planning of any future decisions associated with schedules and resources. All meeting participants and stakeholders should walk away from this meeting with a common understanding of the security implications, considerations, and requirements for the software.
Open-Source Tools for IoT Security
Published in Syed Rameem Zahra, Mohammad Ahsan Chishti, Security and Privacy in the Internet of Things, 2020
Anam Iqbal, Mohammad Ahsan Chishti
SiteWhere is an industrial-strength open-source application training platform for the IoT that facilitates ingestion, storage, processing, and integration of device data. It provides a microserver-based infrastructure with the key resources needed to create and deploy IoT applications, and support high throughput and low latency. SiteWhere can run multiple applications on a single SiteWhere instance. It connects devices using MQTT, AMQP, SOMP protocols. It enables the addition of devices through self-registration (via REST services). One advantage is that it integrates with third-party development structures for high‑level development. The default database store is MongoDB Eclipse Californium Framework for CoAP messages, InfluxDB for event data storage, Grafana to view SiteWhere data, and HBase for non-relational data storage (Anon., 2020g; Li, 2018).
TCP/IP Network Management: A Case Study
Published in Steven F. Blanding, Enterprise Operations Management, 2020
Hewlett Packard’s OpenView Network Node Manager 3.3.1 (NNM) is used to monitor and control the network and provides the necessary platform to integrate middleware applications to maximize data sharing and processing. The NNM: Automatically discovers the devices on the TCP/IP networks and monitors the status of these devices.Automatically draws the topology of the network based on the discovered information and creates appropriate map views. A map is a graphical and hierarchical representation of the network.Collects performance information from the device’s MIB, stores it for trend analysis, and graphs the collected data.Defines event thresholds for MIB objects remotely.Takes specific actions upon receipt of specific SNMP traps.Diagnoses and displays network faults and performance problems.Allows integration with the popular third-party applications to enhance the system’s management capabilities.
Capturing the benefits of industry 4.0: a business network perspective
Published in Production Planning & Control, 2019
Andreas Schroeder, Ali Ziaee Bigdeli, Carlos Galera Zarco, Tim Baines
The multi-stakeholder dependence on product-use data creates substantial theoretical and practical business challenges. It creates considerable risks for manufacturers and third-party providers which may not have control over these critical external resources. Resource dependency theory (RDT) suggests that firms will seek to maximize their autonomy from exchange partners holding critical resources or minimize uncertainty with regards to these resources (Davis and Cobb 2010). Firms have a specific repertoire of tactics available to internalize or tightly control these critical resources and thereby reduce their external dependencies (Hillman, Withers, and Collins 2009).
Cybersecurity investments in a two-echelon supply chain with third-party risk propagation
Published in International Journal of Production Research, 2021
As the findings of Section 4 show, there is investment inefficiency caused by positive or negative externalities in the supply chain. To mitigate the third-party propagation risks and internalise externalities, three mechanisms will be presented with consideration of the practice: joint decision, security risk compensation, and security information sharing.3 In this section, optimal strategies and minimum costs under these three mechanisms will be discussed and compared with the benchmark, i.e. the decentralised case.