scholarly journals Defining the Minimum Security Baseline in a Multiple Security Standards Environment by Graph Theory Techniques

2019 ◽  
Vol 9 (4) ◽  
pp. 681 ◽  
Author(s):  
Dmitrij Olifer ◽  
Nikolaj Goranin ◽  
Antanas Cenys ◽  
Arnas Kaceniauskas ◽  
Justinas Janulevicius
Keyword(s):  
Graph Theory ◽  
Best Practices ◽  
Vertex Cover ◽  
Graph Isomorphism ◽  
Security Requirements ◽  
Security Requirement ◽  
Minimum Requirements ◽  
As Graph ◽  
Security Standards ◽  
Previous Step

One of the best ways to protect an organization’s assets is to implement security requirements defined by different standards or best practices. However, such an approach is complicated and requires specific skills and knowledge. In case an organization applies multiple security standards, several problems can arise related to overlapping or conflicting security requirements, increased expenses on security requirement implementation, and convenience of security requirement monitoring. To solve these issues, we propose using graph theory techniques. Graphs allow the presentation of security requirements of a standard as graph vertexes and edges between vertexes, and would show the relations between different requirements. A vertex cover algorithm is proposed for minimum security requirement identification, while graph isomorphism is proposed for comparing existing organization controls against a set of minimum requirements identified in the previous step.

scholarly journals USE OF ONTOLOGIES IN MAPPING OF INFORMATION SECURITY REQUIREMENTS / ONTOLOGIJOS NAUDOJIMAS INFORMACIJOS SAUGUMO REIKALAVIMAMS SUSIET

2013 ◽  
Vol 5 (2) ◽  
pp. 88-91
Author(s):  
Simona Ramanauskaitė ◽  
Eglė Radvilė ◽  
Dmitrij Olifer
Keyword(s):  
Information Security ◽  
Best Practices ◽  
Security Requirements ◽  
Security Standards

A large amount of different security documents, standards, guidelines and best practices requires to ensure mapping between different security requirements. As the result of mapping, security requirements of different standards can coincide or require to be amended or harmonised. This is the reason why it is so difficult to map more than two different security documents. Ontologies can be used to solve this issue. The article offers a review of different security documents and ontology types as well as investigates possible use of ontologies for mapping of security standards. Article in Lithuanian Santrauka Esant daugybei informacijos saugą reglamentuojančių dokumentų, gairių ir standartų, aktualu tarpusavyje susieti juose apibrėžtus saugumo reikalavimus. Skirtinguose saugos dokumentuose aprašyti saugumo reikalavimai gali ne tik sutapti arba papildyti vienas kitą, bet ir prieštarauti vienas kitam. Tai labai apsunkina daugiau negu dviejų informacijos saugą reglamentuojančių dokumentų susiejimą. Vienas būdų susieti daugiau negu du saugą reglamentuojančius dokumentus galėtų būti ontologijos naudojimas. Straipsnyje apžvelgiami šiuo metu pagrindiniai saugą reglamentuojantys standartai, egzistuojančios saugumo ontologijos, išnagrinėta galimybė naudoti ontologiją saugą reglamentuojančių dokumentų reikalavimams susieti ir galimybę tokį susiejimą atvaizduoti grafais.

scholarly journals Teaching Combinatorial Principles Using Relations through the Placemat Method

Mathematics ◽  
2021 ◽  
Vol 9 (15) ◽  
pp. 1825
Author(s):  
Viliam Ďuriš ◽  
Gabriela Pavlovičová ◽  
Dalibor Gonda ◽  
Anna Tirpáková
Keyword(s):  
Graph Theory ◽  
Complexity Theory ◽  
Slovak Republic ◽  
Teaching Mathematics ◽  
Combinatorial Structures ◽  
Algorithmic Approach ◽  
Scientific Disciplines ◽  
Combinatorial Principles ◽  
The Subject ◽  
As Graph

The presented paper is devoted to an innovative way of teaching mathematics, specifically the subject combinatorics in high schools. This is because combinatorics is closely connected with the beginnings of informatics and several other scientific disciplines such as graph theory and complexity theory. It is important in solving many practical tasks that require the compilation of an object with certain properties, proves the existence or non-existence of some properties, or specifies the number of objects of certain properties. This paper examines the basic combinatorial structures and presents their use and learning using relations through the Placemat method in teaching process. The effectiveness of the presented innovative way of teaching combinatorics was also verified experimentally at a selected high school in the Slovak Republic. Our experiment has confirmed that teaching combinatorics through relationships among talented children in mathematics is more effective than teaching by a standard algorithmic approach.

Cybersecurity Standards in the Context of Operating System

2021 ◽  
Vol 54 (3) ◽  
pp. 1-36
Author(s):  
Syed Wasif Abbas Hamdani ◽  
Haider Abbas ◽  
Abdul Rehman Janjua ◽  
Waleed Bin Shahid ◽  
Muhammad Faisal Amjad ◽  
...  
Keyword(s):  
Organizational Context ◽  
Cyber Attacks ◽  
Fine Tuning ◽  
Security Vulnerabilities ◽  
Compliance Testing ◽  
Depth Analysis ◽  
Minimum Requirements ◽  
Security Standards ◽  
High Degree ◽  
Selection Of

Cyber threats have been growing tremendously in recent years. There are significant advancements in the threat space that have led towards an essential need for the strengthening of digital infrastructure security. Better security can be achieved by fine-tuning system parameters to the best and optimized security levels. For the protection of infrastructure and information systems, several guidelines have been provided by well-known organizations in the form of cybersecurity standards. Since security vulnerabilities incur a very high degree of financial, reputational, informational, and organizational security compromise, it is imperative that a baseline for standard compliance be established. The selection of security standards and extracting requirements from those standards in an organizational context is a tedious task. This article presents a detailed literature review, a comprehensive analysis of various cybersecurity standards, and statistics of cyber-attacks related to operating systems (OS). In addition to that, an explicit comparison between the frameworks, tools, and software available for OS compliance testing is provided. An in-depth analysis of the most common software solutions ensuring compliance with certain cybersecurity standards is also presented. Finally, based on the cybersecurity standards under consideration, a comprehensive set of minimum requirements is proposed for OS hardening and a few open research challenges are discussed.

A Mark-Up Language for the Specification of Information Security Governance Requirements

2013 ◽  
pp. 103-123
Author(s):  
Anirban Sengupta ◽  
Chandan Mazumdar
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Requirements ◽  
Security Requirement ◽  
Security Governance ◽  
Digital World ◽  
Information Security Governance ◽  
Version 2.0 ◽  
Enterprise Security ◽  
And Control

As enterprises become dependent on information systems, the need for effective Information Security Governance (ISG) assumes significance. ISG manages risks relating to the confidentiality, integrity and availability of information, and its supporting processes and systems, in an enterprise. Even a medium-sized enterprise contains a huge collection of information and other assets. Moreover, risks evolve rapidly in today’s connected digital world. Therefore, the proper implementation of ISG requires automation of the various monitoring, analysis, and control processes. This can be best achieved by representing information security requirements of an enterprise in a standard, structured format. This paper presents such a structured format in the form of Enterprise Security Requirement Markup Language (ESRML) Version 2.0. It is an XML-based language that considers the elements of ISO 27002 best practices.

A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain

2015 ◽  
pp. 875-896
Author(s):  
Kristian Beckers ◽  
Isabelle Côté ◽  
Ludger Goeke ◽  
Selim Güler ◽  
Maritta Heisel
Keyword(s):  
Cloud Computing ◽  
System Analysis ◽  
Business Case ◽  
Security Requirements ◽  
Cloud System ◽  
Security Requirement ◽  
Security Measures ◽  
Analysis Pattern ◽  
It Resources ◽  
Requirements Patterns

Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of particular interest for SME's. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. Therefore, the authors propose a structured, pattern-based method supporting eliciting security requirements and selecting security measures. The method guides potential cloud customers to model the application of their business case in a cloud computing context using a pattern-based approach. Thus, a potential cloud customer can instantiate our so-called Cloud System Analysis Pattern. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns and individual defined security requirement patterns, as well. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transfers the information from the instance to the security requirements patterns. In addition, they have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. The authors illustrate their method using an online-banking system as running example.

Security Gaps in Databases

2011 ◽  
Vol 2 (3) ◽  
pp. 42-62
Author(s):  
Afonso Araújo Neto ◽  
Marco Vieira
Keyword(s):  
Best Practices ◽  
Operating Systems ◽  
Software Package ◽  
Web Applications ◽  
Gap Analysis ◽  
Database Security ◽  
Security Requirements ◽  
Management Systems ◽  
Software Products ◽  
Software Packages

When deploying database-centric web applications, administrators should pay special attention to database security requirements. Acknowledging this, Database Management Systems (DBMS) implement several security mechanisms that help Database Administrators (DBAs) making their installations secure. However, different software products offer different sets of mechanisms, making the task of selecting the adequate package for a given installation quite hard. This paper proposes a methodology for detecting database security gaps. This methodology is based on a comprehensive list of security mechanisms (derived from widely accepted security best practices), which was used to perform a gap analysis of the security features of seven software packages composed by widely used products, including four DBMS engines and two Operating Systems (OS). The goal is to understand how much each software package helps developers and administrators to actually accomplish the security tasks that are expected from them. Results show that while there is a common set of security mechanisms that is implemented by most packages, there is another set of security tasks that have no support at all in any of the packages.

A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain

2014 ◽  
Vol 5 (2) ◽  
pp. 20-43 ◽  
Author(s):  
Kristian Beckers ◽  
Isabelle Côté ◽  
Ludger Goeke ◽  
Selim Güler ◽  
Maritta Heisel
Keyword(s):  
Cloud Computing ◽  
System Analysis ◽  
Economic Benefits ◽  
Cloud Services ◽  
Security Requirements ◽  
Cloud System ◽  
Security Requirement ◽  
Analysis Pattern ◽  
It Resources ◽  
Requirements Patterns

Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of particular interest for SME's. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. Therefore, the authors propose a structured, pattern-based method supporting eliciting security requirements and selecting security measures. The method guides potential cloud customers to model the application of their business case in a cloud computing context using a pattern-based approach. Thus, a potential cloud customer can instantiate our so-called Cloud System Analysis Pattern. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns and individual defined security requirement patterns, as well. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transfers the information from the instance to the security requirements patterns. In addition, they have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. The authors illustrate their method using an online-banking system as running example.

An Algorithm for Testing Isomorphism of Planer Graph Based on Distant Matrix

2012 ◽  
Vol 487 ◽  
pp. 317-321
Author(s):  
Yan Peng Wu ◽  
Shui Qiang Liu
Keyword(s):  
Graph Theory ◽  
Polynomial Time ◽  
Time Complexity ◽  
Graph Isomorphism ◽  
Distance Matrix ◽  
Space Complexity ◽  
The Subject ◽  
The Many

The testing for graph isomorphism is one of the many problems in the subject of graph theory. This thesis proposes an algorithm for testing isomorphism of planer graph of polynomial time via structuring characteristics of planer graph based on distance matrix. The algorithm, with a time complexity of O (n^4) and a space complexity of O (n^2), has a great application value.

scholarly journals Risk management focusing on the best practices of data security systems for healthcare

2021 ◽  
Vol 9 (1) ◽  
pp. 45-78
Author(s):  
Fábio Martins Dias ◽  
Mauro Luiz Martens ◽  
Sonia Francisca de Paula Monken ◽  
Luciano Ferreira da Silva ◽  
Ernesto Del Rosario Santibanez-Gonzalez
Keyword(s):  
Risk Management ◽  
Best Practices ◽  
Data Security ◽  
Management Practices ◽  
The United States ◽  
Healthcare Sector ◽  
Security Systems ◽  
Healthcare Data ◽  
Source Selection ◽  
Minimum Requirements

Objective of the study: Statistics shows a worrisome picture of challenges to be overcome by cybersecurity in the healthcare sector. Data evidence that the healthcare industry experiences four data breaches per week in the United States alone, making it the sector most often affected by digital security breaches. Thus, the current article aims to investigate risk management focusing on identifying requirements and best practices for healthcare data security systems.Methodology/approach: It is based on a systematic literature review. Studies on state-of-the-art data security systems were collected and interpreted through content analysis. Assertive keywords, source-selection criteria, interpretation of selected articles, and database analysis were used to form the investigated sample and to represent the broad applications of this study’s objective.Originality/Relevance: The current study contributes to define a set of minimum requirements and best practices that can be adopted to manage data security risks in the healthcare sector and medical devices.Main results: Results have pointed out that there is no fully effective way to prevent all violations by cybercriminals; however, cybersecurity must be part of management processes adopted by different organizations.Theoretical/methodological contributions: It is found that cybersecurity has a great importance for the healthcare sector, the information generated is rich in content and that cybersecurity is neglected in the sector, that is not able to deal with the reality of cyber threats in the industry 4.0 context.Social /management contributions: By the good risk management practices and the adoption of minimum security items, institutions can ensure that managers can prepare and respond efficiently to cyber risks.

scholarly journals Graph Isomorphism in View of Decomposition Technique

2019 ◽  
Vol 9 (2) ◽  
pp. 4773-4777
Keyword(s):  
Graph Theory ◽  
Molecular Biology ◽  
Polynomial Time ◽  
Dna Isolation ◽  
Graph Isomorphism ◽  
Decomposition Technique ◽  
Decomposition Techniques ◽  
Generic Algorithm ◽  
Polynomial Time Algorithms

Graph Isomorphism is anopen problem in graph theory. A large number of graphs have the polynomial time algorithms for detection. But in general there are specific algorithms for certain range of vertices. Our try to design a generic algorithm. In this paper we proposed an algorithm of O(n3 ) complexity. The decomposition techniques have been adopted as well as reconstruction conjecture in reverse for taking decision of whether the two graphs are isomorphic or not.The ideology is inherited from DNA isolation in molecular biology [Chomczynski et. al].

Sign in / Sign up

Export Citation Format

Share Document