858 resultados para IT Security, Internet, Personal Firewall, Security Mechanism, Security System, Security Threat, Security Usability, Security Vulnerability
Resumo:
There are two fundamental challenges in effectively performing security risk assessment in today's IT projects.The first is the project manager's need to know what IT security risks face the project before the project begins. At this stage IT security staff are unable to answer this question without first knowing the system requirements for the project which are yet to be defined. Second organisations that deal with a large project throughput each year find the current IT security risk assessment process to be tedious and expensive, especially when the same process has to be repeated for each individual project. This also makes it difficult for an organisation to prioritise which projects require more investment in IT security in order to fit within budget constraints. This paper presents a conceptual model that is based on an agile approach to alleviate these challenges. We do this by first analysing two online database resources of vulnerabilities by comparing them to each other, and then compare them to the agile criteria of the conceptual model which we define. The conceptual model is then presented and an example is given of how it can be applied to an actual project. We then briefly discuss what further work needs to be done to implement the conceptual model and validate it against an existing IT project.
Resumo:
"16 September 1985."
Resumo:
2008
Resumo:
Type unions, pointer variables and function pointers are a long standing source of subtle security bugs in C program code. Their use can lead to hard-to-diagnose crashes or exploitable vulnerabilities that allow an attacker to attain privileged access over classified data. This paper describes an automatable framework for detecting such weaknesses in C programs statically, where possible, and for generating assertions that will detect them dynamically, in other cases. Exclusively based on analysis of the source code, it identifies required assertions using a type inference system supported by a custom made symbol table. In our preliminary findings, our type system was able to infer the correct type of unions in different scopes, without manual code annotations or rewriting. Whenever an evaluation is not possible or is difficult to resolve, appropriate runtime assertions are formed and inserted into the source code. The approach is demonstrated via a prototype C analysis tool.
Resumo:
China is gradually taking its place as a major regulator, exercising concurrent jurisdiction of the national security review along with the US and EU over high-profile cross-border mergers and acquisitions. The National Security Review (NSR) regulatory regime of foreign acquisitions has attracted significant attention recently with the establishment of China's counterpart to the Committee on Foreign Investment in the United States (CFIUS). Due to the intensified activities of sovereign wealth funds (SWFs) that are closely linked with states, CFIUS's broad discretion to deal with China's SWF-based investment may have a far-reaching impact on China's implementation of the newly enacted NSR regime. It is essential to design a mechanism that allows SWFs to maximise their positive attributes while safeguarding the apolitical integrity of the marketplace. Any disproportionate use of the NSR regime would inevitably bring about more unintended consequences, such as tit-for-tat protectionism. This represents an imminent threat to the tenuous recovery from the recent economic crisis, largely because of the increasingly intertwined and interdependent nature of the global financial markets. It is of utmost significance to evaluate the extent to which the updated legislation strikes a reasonable balance between preserving genuine national security interests and maintaining an open environment for investment.
Resumo:
This paper identifies a number of critical infrastructure applications that are reliant on location services from cooperative location technologies such as GPS and GSM. We show that these location technologies can be represented in a general location model, such that the model components can be used for vulnerability analysis. We perform a vulnerability analysis on these components of GSM and GPS location systems as well as a number of augmentations to these systems.
Resumo:
Existing secure software development principles tend to focus on coding vulnerabilities, such as buffer or integer overflows, that apply to individual program statements, or issues associated with the run-time environment, such as component isolation. Here we instead consider software security from the perspective of potential information flow through a program’s object-oriented module structure. In particular, we define a set of quantifiable "security metrics" which allow programmers to quickly and easily assess the overall security of a given source code program or object-oriented design. Although measuring quality attributes of object-oriented programs for properties such as maintainability and performance has been well-covered in the literature, metrics which measure the quality of information security have received little attention. Moreover, existing securityrelevant metrics assess a system either at a very high level, i.e., the whole system, or at a fine level of granularity, i.e., with respect to individual statements. These approaches make it hard and expensive to recognise a secure system from an early stage of development. Instead, our security metrics are based on well-established compositional properties of object-oriented programs (i.e., data encapsulation, cohesion, coupling, composition, extensibility, inheritance and design size), combined with data flow analysis principles that trace potential information flow between high- and low-security system variables. We first define a set of metrics to assess the security quality of a given object-oriented system based on its design artifacts, allowing defects to be detected at an early stage of development. We then extend these metrics to produce a second set applicable to object-oriented program source code. The resulting metrics make it easy to compare the relative security of functionallyequivalent system designs or source code programs so that, for instance, the security of two different revisions of the same system can be compared directly. This capability is further used to study the impact of specific refactoring rules on system security more generally, at both the design and code levels. By measuring the relative security of various programs refactored using different rules, we thus provide guidelines for the safe application of refactoring steps to security-critical programs. Finally, to make it easy and efficient to measure a system design or program’s security, we have also developed a stand-alone software tool which automatically analyses and measures the security of UML designs and Java program code. The tool’s capabilities are demonstrated by applying it to a number of security-critical system designs and Java programs. Notably, the validity of the metrics is demonstrated empirically through measurements that confirm our expectation that program security typically improves as bugs are fixed, but worsens as new functionality is added.
Resumo:
The dynamic nature of threats and vulnerabilities within the E-business environment can impede online functionality, compromise organisational or customer information, contravene security implementations and thereby undermine online customer confidence. To negate these problems, E-business security has to become proactive, by reviewing and continuously improving security to strengthen E-business security measures and policies. This can be achieved through benchmarking the security measures and policies utilised within the Ebusiness, against recognised information technology (IT) and information security (IS) security standards.<br />
Resumo:
This research analyses the current literature on IT security outsourcing and the organisational attitudes towards this approach to determine the applicability of outsourcing IT security in a commercial environment. A conceptual model is developed as the main goal of research which provides guidance in the process of outsourcing IT security functions to a third-party security service provider. The research conducted has established a complete process for outsourcing IT security.<br />
Resumo:
Organisations have become increasingly dependent on technology in order to compete in their respective markets. As IT technology advances at a rapid pace, so does its complexity, giving rise to new IT security vulnerabilities and methods of attack. Even though the human factors have been recognized to have a crucial role in information security management, the effects of weakness of will and lack of commitment on the stakeholders (i.e., employers and employees) parts has never been factored into the design and delivery of awareness programs. To this end, this paper investigates the impacts of the availability of awareness programs and end-user drive and lack of commitment to information security awareness program design, delivery and success.<br />
Resumo:
he prominence of global warming as an environmental issue has illustrated the close relationship between natural resources, ecosystems and global security. Whilst environmental decision making often uses techniques such as economic valuation and risk management, the security component is often not considered, at least not from a security analyst’s perspective. Yet environmental security considerations can be global, regional and/or national in impact. Environmental change and policy can effect human health and well being as well as initiating conflict; it can affect the existence of life itself. These aspects are firmly in the domain of the security discipline although the protection of the global ecosystem has not traditionally been considered by those who create security policy. The idea of environmental/ecological security ranges from the eco-centric approach which examines the impact of human activities that impact on the security of the natural systems to the more traditional anthropocentric perspectives that look at varied issues such as conflict caused by natural resource competition and environmental degradation, and the greening of military operations. This paper will assert that the inclusion of the security factor in policy creation and environmental assessments is essential to give richer solutions to these complex socio-economic and ecological situations. Systems theory over the last few decades has emphasised the inclusion of as many perspectives on messy problems as possible to provide truly systemic outcomes. It is posited that the addition of such concepts as threat analyses will produce more effective and sustainable outcomes.<br />
Resumo:
The study developed a model to help Australian organisations transition toward an improved IT security culture. The IT Security Culture Transition Model improved organisations' IT security awareness, knowledge, attitude and behaviour allowing them to better protect their IT security. The model can be implemented face-to-face and as an e-learning program.
