A Security Incident Data Model. - Internet Archive Scholar

This paper presents a security incident data model. The model uses many of the existing security incident taxonomies to organise its security incident related information. ... Where characteristic of incidents is not covered by existing taxonomies some progress has been made in developing one. The proposed structure stores both management and technical information. ... In this paper we present a conceptual data model that can be used to organize information collected from security incidents. ...

doi:10.1007/978-0-387-35586-3_38 fatcat:thgcdojfnzd6xjfllmwhsfadcq

However, the incidence of myocardial infarction was greater in females (52%) compared to males (38%) (p<0.035). ... A significantly higher rate of diabetes was noted in females (62%) compared to males (48%) (p<0.012). Co-existing diabetes and hypertension was found in 70% of females as compared to 38% of males. ... Furthermore, females had a lower incidence of ischemic heart disease but a higher prevalence of myocardial infraction (52%) in comparison to the male subjects (38%); this difference is statistically significant ...

doi:10.37575/b/med/0038 fatcat:5h5phkn4jjfvfceg4xasfjxsmy

Citation

Emad Al Khoufi. "Adu, K.K. and Adjei, E. (2018). The phenomenon of data loss and cyber security issues in Ghana. Foresight, 20(2), 150–61. Ahmed, M.T.U., Bhuiya, N.I. and Rahman, M.M. (2017). A secure enterprise architecture focused on security and technology-transformation (SEAST), The 12th International Conference for Internet Technology and Secured Transactions, (ICITST-2017), Cambridge, UK, 11–4/12/2017. Alanazi, S.T., Anbar, M., Ebad, S.A., Karuppayah, S. and Al-Ani, H.A. (2020). Theory-based model and prediction analysis of information security compliance behavior in the Saudi healthcare sector. Symmetry, 12(9), 1544. DOI: 10.3390/sym12091544 Alateyah, S.A., Crowder, R.M. and Wills, G.B. (2013). Identified factors affecting the citizen's intention to adopt e-government in Saudi Arabia. World Academy of Science, Engineering and Technology, 7(8), 904–12. Antonino, P., Duszynski, S., Jung, C. and Rudolph, M. (2010). Indicator-based architecture-level security evaluation in a service-oriented environment. In: The Fourth European Conference on Software Architecture: Copenhagen, Denmark, 23–26/08/2010. DOI: 10.1145/1842752.1842795. Chaturvedi, M., Gupta, M. and Bhattacharya, J. (2008). Cyber Security Infrastructure in India: A Study, Emerging Technologies in E-Government. Available at: http://www.csi-sigegov.org/emerging_pdf/9_70-84.pdf (Accessed on 15/11/2020). Dalol, M.H. (2018). Effectiveness of Accounting Information Systems in Light of Development of IT Infrastructure and Information Security. Master's Dissertation, The Islamic University of Gaza, Gaza, Palestine. Dooley, K. (2001). Designing Large Scale LANs: Help for Network Designers. USA: O'Reilly Media. Ebad, S. (2018a) An exploratory study of ICT projects failure in emerging markets. Journal of Global Information Technology Management, 21(2), 139–60. DOI: 10.1080/1097198X.2018.1462071. Ebad, S. (2018b). The influencing causes of software unavailability: A case study from industry. Software Practice and Experience, 48(5), 1056–76. DOI: 10.1002/spe.2569. Hashizume, K., Rosado, D.G., Fernández-Medina, E. and Fernandez, E.B. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(5), n/a. DOI: 10.1186/1869-0238-4-5. Kirby, L. (2015). Beyond Cyber Security: Protecting Your IT Infrastructure. Available at https://uptimeinstitute.com/images/Documents/ProtectingYourITInfrastructure.pdf (accessed on 15/11/2020). Lethbridge, T.C., Sim, S.E. and Singer, J. (2005). Studying software engineers: Data collection techniques for software field studies. Empirical Software Engineering, 10(3), 311–41. Marrone, M. and Kolbe, L.M. (2011). Impact of IT service management frameworks on the IT organization. Business and Information Systems Engineering, 3(1), 5–18. Mastelic, T. and Brandic, I. (2013). TimeCap: Methodology for comparing IT infrastructures based on time and capacity metrics. In: The IEEE 6th International Conference on Cloud Computing, 131–8, Santa Clara, CA, USA, 28/06–03/07/2013. Mimura, M. and Suga, Y. (2019). Filtering malicious JavaScript code with Doc2Vec on an imbalanced dataset. In: The 14th Asia Joint Conference on Information Security (AsiaJCIS), Kobe, Japan, 24–31/08/2019. Pearlson, K.E., Saunders, C.S. and Galletta, D.F. (2019). Managing and Using Information Systems. 5th edition, USA: Wiley. Popp, K. and Meyer, R. (2011). Profit from Software Ecosystems Models, Ecosystems and Partnerships in the Software Industry. Norderstedt, Germany: Books on Demand. Priem, R. (2020). Distributed ledger technology for securities clearing and settlement: Benefits, risks, and regulatory implications. Financial Innovation, 6(11), n/a. DOI: 10.1186/s40854-019-0169-6. Rabii, L. and Abdelaziz, D. (2015). Comparison of e-readiness composite indicators, The 15th International Conference on Intelligent Systems Design and Applications (ISDA), Marrakech, Morocco, 14–16/12/2015. Sanchez-Nielsen, E., Padron-Ferrer, A. and Marreo-Estevez, F. (2011). A multi-agent system for incident management solutions on IT infrastructures. In: The 14th Conference of the Spanish Association for Artificial Intelligence (CAEPIA 2011), La Laguna, Spain, 07–11/11/2011. Schoenfisch, J, Meilicke, C., Stülpnagel, J.V. and Ortmann, J (2018). Root cause analysis in IT infrastructures using ontologies and abduction in Markov logic networks. Information Systems, 74(2), 103–16. Shang, S. and Seddon, P.B. (2000). A comprehensive framework for classifying the benefits of ERP systems. In: The 2000 American Conference of Information Systems, Long Beach, California, 10–13/08/2000. Shoffner, M., Owen, P., Mostafa, J., Lamm, B., Wang, X., Schmitt, C.P. and Ahalt S.C. (2013). The secure medical research workspace: An IT infrastructure to enable secure research on clinical data. Clinical and Translational Science, 6 (3), 222–5. Shrivastava, A.K. (2015). The impact assessment of IT Infrastructure on information security: a survey report. In: International Conference on Information Security and Privacy (ICISP2015), Nagpur, India, 11–12/12/2015. Sommerville, I. (2015). Software Engineering. 10th edition, UK: Pearson. Sousa, K.J. and Oz, E. (2015). Management Information Systems. 7th edition, USA: Cengage Learning. Teymourlouei, H., and Harris, V. (2019). Effective methods to monitor IT infrastructure security for small business. In: The 2019 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, USA, 5–7/12/2019. Topper, J. (2018). Compliance is not security. Computer Fraud and Security, 2018(3), 5–8. DOI: 10.1016/S1361-3723(18)30022-8. Wohlin, C., Runeson, P., Host, M., Ohlsson, M.C., Regnell, B. and Wesslen, A. (2012). Experimentation in Software Engineering. Germany: Springer. Yasasin, E., Prester, J., Wagner, G. and Schryen, G. (2020). Forecasting IT security vulnerabilities –an empirical analysis. Computers and Security, 88(n/a), n/a. DOI: 10.1016/j.cose.2019.101610. Zambon, E., Etalle, S., Wieringa, R.J. and Hartel, P. (2010). Model-based qualitative risk assessment for availability of IT infrastructures. Software and Systems Modeling, 10(4), 553–80." Basic and Applied Sciences - Scientific Journal of King Faisal University (2021)

A number of theoretical security models are available that provide best practice security guidelines and are widely utilised as a basis to identify and operationalise security requirements. ... Such models often capture high-level security concepts (e.g., whitelisting, secure configurations, wireless access control, data recovery, etc.), strategies for operationalising such concepts through specific ... Such models offer high-level security concepts that can be used as a basis for security requirements. ...

doi:10.1145/2884781.2884785 dblp:conf/icse/RashidNRECB16 fatcat:wf2rm5l3wjhyrj2djxvpqk5j3q

This paper presents the work in progress in developing an enterprise information security data model. ... Moving towards a knowledge economy, managing effectively and safely the corporate data is the key to an organisation's survival and success. ... Decomposing further the proposed enterprise IT security data model, an incident model was created. ...

doi:10.1007/978-0-387-35691-4_16 fatcat:ca4mnbgbojesze5yxnuxctvuc4

We propose a conceptual model that draws upon the Situation Awareness (SA) model and Protection Motivation Theory (PMT) to guide this research. 40 organisational cloud service users in Malaysia were surveyed ... We, therefore, suggest a successful adoption cloud incident handling strategy by organisational cloud service users involves the nexus between these four PMT factors. ... Acknowledgements The first author is currently a PhD student at the University of South Australia, supported by Ministry of Education, Malaysia (MOE) and University of Tun Hussein Onn Malaysia (UTHM). ...

arXiv:1505.02908v1 fatcat:yx2eg4bzd5fthkc7cnbafdyg4e

This new model technology can be a more enhanced approach than conventional security technology in terms of detection and response speed. ... Infrastructure for Information Security Model: The Infrastructure of security system should provide a security architecture, security development, adequately secured and configured system, user access ... International Journal of Security and Its Applications Vol. 9, No. 6 (2015) Copyright ⓒ 2015 SERSC ...

doi:10.14257/ijsia.2015.9.6.21 fatcat:oa6oxi6uljbp7isxc52tjrzkdm

Usage control is the suitable security policy model, since it allows changes during run-time without conceptually raising additional incidents. ... With the goal of improving security and privacy, this work proposes adapting an IT security model and its enforcement to current and most probable incidents before they result in an unacceptable risk for ... I would like to thank Isao Echizen, Hiroshi Maruyama, Kazuhiro Minami, Günter Müller, Stefan Sackmann, Matthias Schunter, Noboru Sonehara, A Min Tjoa, and Michael Waidner for discussions and their comments ...

doi:10.1109/spw.2014.14 dblp:conf/sp/Wohlgemuth14 fatcat:bbc3ap4mz5btpptcdqk6ltcydi

We propose to model the stakeholder collaboration networks and to analyze scenarios of how security incidents affect relationships between stakeholders. ... Transmission factors characterizing a relationship help us to assess the impact of incidents. We apply the conventional method and our new approach to a case study and compare the results. ... This research was funded by the European Center for Security and Privacy by Design (EC-SPRIDE). ...

doi:10.1145/2683467.2683474 dblp:conf/nspw/PollerTK14 fatcat:uxtcnuih7najratvou4h3kmn7q

This data model aims to facilitate a global vision of information systems risk by supplying real-time security events data to risk assessment tools based on renowned methodologies. ... Data model extension for security event notification with dynamic risk assessment purpose. ... Ad hoc applications using these models are implemented in CERT environments. These efforts have raised the maturity level of the IODEF model close to a standard for IS security incidents. ...

doi:10.1007/s11432-013-5018-z fatcat:sg3suhfspjfzflnkapoqwukdvm

Currently, several security incident database models have been proposed and used. ... Our framework enhances the incident management process by allowing the law enforcement units to (a) collect the required evidence from incident data that are spread through a number of different incident ... The European project S2003 proposed a simple data model that can be used to build a library of security incidents [9] . ...

doi:10.1007/11573036_65 fatcat:jma6qff5tbeirndcjjx3z57os4

Managed Security Service Providers (MSSP's), which are tasked with detecting security incidents on behalf of multiple customers, are confronted with these data quality issues, but also possess a wealth ... We use MSSP data to develop Virtual Product, which addresses the aforementioned data challenges by predicting what security events would have been triggered by a security product if it had been present ... PROPOSED MODEL: VIRTUAL PRODUCT Given a security product P, our Virtual Product model aims to detect and categorize incidents for customers who have not deployed P. ...

doi:10.1145/3134600.3134617 dblp:conf/acsac/ChenHCGHR17 fatcat:233cu5sdjzevvhvynrrgqar4ma

The articles of this special issue, which have been accepted after a double-blind peer review, contribute to this view on interdisciplinary security engineering in regard to the stages of security and ... This special issue on 'Security and Privacy in Business Networking' contributes to the journal 'Electronic Markets' by introducing a different view on achieving acceptable secure business networking applications ... an incident and its propagation to a secure ICT system is always possible. ...

doi:10.1007/s12525-014-0158-6 fatcat:bfo34xhhwnbbpkafvtitjqcruy

Security incidents can have negative impacts on healthcare organisations and the security of medical records has become a primary concern of the public. ... In response to this case study, we suggest the security assurance modelling framework to address those obstacles. ... Ahmad [24, 25] proposed a double loop learning model and a dynamic security learning (DSL) process model to address this issue. ...

doi:10.1080/17538157.2016.1255629 pmid:28068150 fatcat:rvf244dfqfad7hyvsvgmiz7i5y

INDEX TERMS Database security, database forensics investigation, database incident, pre-incident response, during-incident response, post-incident response. 145018 This work is licensed under a Creative ... As a result, this paper has proposed suitable steps of constructing and Integrated Incident Response Model (IIRM) that can be relied upon in the database forensic investigation field. ... Thus, a security policy is a specification of security requirements, usually specified based on some security model. ...

doi:10.1109/access.2020.3008696 fatcat:xjjlp7ikevgk3oi7jdghv2ki4m

DOAJ

This defines a shift from response to management of computer security incidents in anointer relationship manner that foster collaboration through the exchange and sharing of incidence management details ... management, as it provides an organised way of handling the aftermaths of a security breach. ... Security Coordination Model A Security Coordination Model for Inter-Organisational Information Incidents Response Forensic Process was proposed by [10] . ...

doi:10.9734/bjmcs/2014/11874 fatcat:n4v7ln5ymzck7lcojepcskgkv4

Szczepanski

A Security Incident Data Model [chapter]

Preserved Fulltext

Preserved Fulltext

Discovering "unknown known" security requirements

Preserved Fulltext

Building an Enterprise it Security Management System [chapter]

Preserved Fulltext

Factors Influencing the Adoption of Cloud Incident Handling Strategy: A Preliminary Study in Malaysia [article]

Preserved Fulltext

A Study on the Development of Next Generation Intelligent Integrated Security Management Model using Big Data Technology

Preserved Fulltext

Resilience as a New Enforcement Model for IT Security Based on Usage Control

Preserved Fulltext

An Asset to Security Modeling?

Preserved Fulltext

Data model extension for security event notification with dynamic risk assessment purpose

Preserved Fulltext

Workflow Based Security Incident Management [chapter]

Preserved Fulltext

Predicting Cyber Threats with Virtual Security Products

Preserved Fulltext

Security and privacy in business networking

Preserved Fulltext

Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization

Preserved Fulltext

Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field

Preserved Fulltext

A Comparative Assessment of Computer Security Incidence Handling

Preserved Fulltext