4,939 Hits in 8.7 sec

Cyber security training for critical infrastructure protection: A literature review

Nabin Chowdhury, Vasileios Gkioulos
2021 Computer Science Review  
Objective: In this study, we seek to establish the current state-of-the-art in cyber-security training offerings for critical infrastructure protection and the key performance indicators (KPIs) that allow  ...  Nonetheless, general agreement on best measures and methods for cybersecurity training has yet to be reached.  ...  Declaration of competing interest The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper  ... 
doi:10.1016/j.cosrev.2021.100361 fatcat:7h645cftenbjzjlqy3dpljf2bi

The Human Factor in the Social Media Security – Combining Education and Technology to Reduce Social Engineering Risks and Damages

David Tayouri
2015 Procedia Manufacturing  
networks can also be used to identify an organization's insider threat, by analyzing the social media content.Combining education and training with best-ofbreed technology may reduce social engineering  ...  Unusual approaches to cyber security training should be considered, such as interactive video games.  ...  To ensure ongoing improvement, training should be evaluated to measure their effectiveness, for example by simulating actual social engineering on the employees, such as email phishing attacks, and to  ... 
doi:10.1016/j.promfg.2015.07.181 fatcat:gq2y4xfgq5e77ensqcrnqcjarm

Software Protection Decision Support and Evaluation Methodologies (Dagstuhl Seminar 19331)

Bjorn De Sutter, Christian Collberg, Mila Dalla Preda, Michael Wagner
2019 Dagstuhl Reports  
The attackers try to compromise those by reverse-engineering the software and by tampering with it.  ...  The seminar is situated in the domain of software protection against so-called man-at-the-end attacks, in which attackers have white-box access to the software that embeds valuable assets with security  ...  In other words, to be effective, the deployed protections need to protect against all possible attack vectors.  ... 
doi:10.4230/dagrep.9.8.1 dblp:journals/dagstuhl-reports/SutterCPW19 fatcat:guwem6swfjf3hm4qaqcfkc6phi

People Are the Perimeter [chapter]

Malcolm Harkins
2013 Managing Risk and Information Security  
Typically, he'd find an empty table, set down the laptop, and then walk out of sight to get his lunch.  ...  My security team noticed the neglected laptop and pointed it out to me.  ...  Technical controls alone are no longer able to keep pace with rapidly changing attacks, especially when those attacks are combined with sophisticated social engineering.  ... 
doi:10.1007/978-1-4302-5114-9_5 fatcat:go6ywnehzffmfcwbgj4hguvqnq

Insights into Organizational Security Readiness: Lessons Learned from Cyber-Attack Case Studies

Faisal Quader, Vandana P. Janeja
2021 Journal of Cybersecurity and Privacy  
adoption and investment by the business; the training and awareness of all stakeholders, including users, customers and employees; and the investments in cybersecurity.  ...  In addition, we investigated the key factors leading up to an attack, including the human behavioral aspects; the organizational–cultural factors at play; the security policies adapted; the technology  ...  Training and Awareness Adequate training to educate employees on cyber threats is an absolute necessity for the protection of a corporate network.  ... 
doi:10.3390/jcp1040032 fatcat:ljlclwnrpfgppijsgsilgdsxqm


Tobechukwu ONYEKWENA, Chukwuemeka Ozioma Stanislaus ONWUKWE
2021 Zenodo  
The paper concludes that the purpose of fire protection is to ensure the protection of life, materials, goods and activities within a building or on a building internally and in relation to adjacent buildings  ...  accommodation for clothing and for taking meals on every site, protective clothing, fencing and provision of security guard etc to ensure  ...  Local exhaust ventilation is an engineering system to protect operators from hazardous substances (Yuth et al, 2017) .  ... 
doi:10.5281/zenodo.6384380 fatcat:f7edcd535rhkpischquilhadhu

Information Security Awareness in Public Administrations [chapter]

Margit Scholl
2018 Public Management and Administration  
Information security (IS) and awareness (ISA) must be an integrated part of these agendas. The goal of IS is to protect information of all types and origins.  ...  Here, the employees play a necessary and significant role in the success of IS, and the entire staff of an institution need to know about their specific roles and be aware of the information security management  ...  I would like to thank Dr. Horst Görtz and the HGS for financial support of the "SecAware4job" project and for publication of this book chapter.  ... 
doi:10.5772/intechopen.74572 fatcat:eqw7zlrl4jeadhqtm3fxd4ay5e

A Survey on Ethical Hacking: Issues and Challenges [article]

Jean-Paul A. Yaacoub, Hassan N. Noura, Ola Salman, Ali Chehab
2021 arXiv   pre-print
Security attacks are growing in an exponential manner and their impact on existing systems is seriously high and can lead to dangerous consequences.  ...  This growing problem should be solved and mitigated to reach better resistance against these attacks. Moreover, the advantages and limitations of penetration tests are also listed.  ...  . • Step 6: employees must be trained against different social engineering, and phishing attack techniques and types.  ... 
arXiv:2103.15072v1 fatcat:kqj6isalovdzbald3w2kxnqhbe

A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats

Anton Konev, Alexander Shelupanov, Mikhail Kataev, Valeriya Ageeva, Alina Nabieva
2022 Symmetry  
abstract model of the protected object and threats aimed at it in order to make this model suitable for any organization and protect it against most threats.  ...  Enabling security features during the development of a distributed system requires the careful analysis of potential attacks or threats in different contexts, a process often referred to as «threat modeling  ...  based on configuration, which are often used to attack cloud storage systems.  ... 
doi:10.3390/sym14030549 fatcat:s6vjpv6qonefjnx4egcmitvsoe

Introduction to Penetration Testing [chapter]

Stephen Fried
2001 Best Practices  
The hacker's art of social engineering relies heavily on this fact. Social engineering is a con game used by intruders to trick people who know secrets into revealing them.  ...  This makes it easier to assume the identity of a legitimate employee or to use social engineering to trick people into divulging in-formation.  ... 
doi:10.1201/9781420031508.ch47 fatcat:4csgxbgmvncsxpdkf252mar4oq

The U.S. Cyber Threat Landscape

Elie Alhajjar, Kevin Lee
2022 Proceedings of the ... European conference on information warfare and security  
It is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage, or unauthorized access.  ...  In this paper, we sketch a general frame for the cyber threat landscape in the United States of America by focusing on five major categories: ransomware, social engineering, third party software, deep  ...  Acknowledgements The second author would like to thank the Intelligent Cyber-Systems and Analytics Research Lab (ICSARL) at the Army Cyber Institute (ACI) in West Point, NY for their hospitality.  ... 
doi:10.34190/eccws.21.1.197 fatcat:yfvya5ceancy7gouc37augrv2y

Selective SIGINT: Collecting Communications Intelligence While Protecting One's Own

John A. Gentry
2019 The international journal of intelligence and counter intelligence  
Ultimately, what end users want is easy access to, and secure protection of, their data.  ...  It stands in dramatic contrast to areas where the Navy took administrative requirements seriously--such as training and certification requirements for pilots.  ... 
doi:10.1080/08850607.2019.1621087 fatcat:qfobzro7hjbxtfwk4zrswch4r4

Data Service Outsourcing and Privacy Protection in Mobile Internet [chapter]

Zhen Qin, Erqiang Zhou, Yi Ding, Yang Zhao, Fuhu Deng, Hu Xiong
2018 Data Service Outsourcing and Privacy Protection in Mobile Internet  
However, outsourcing to third parties may cause some risks in user privacy protection.  ...  Due to the limited resources of mobile terminals, it is impossible to complete large-scale data computation and storage.  ...  It is an open problem left by the work of [37] to construct a PRE scheme secure against chosen-ciphertext attack (CCA).  ... 
doi:10.5772/intechopen.79903 fatcat:kvdisoudirgdhd7tvscnhsb6gm

Networking and Security Issues

محمد الهادی
2013 مجلة الجمعیة المصریة لنظم المعلومات وتکنولوجیا الحاسبات  
also exposes the Organization to possible attacks and threats.  ...  Organizations need to share services resources and information but they still need to protect these from people who should not have access to them, while at the same time making those resources available  ...  Also, malicious attackers can deceive ignorant employees by using "social engineering" to gain entry. The attacker could masquerade as an administrator and ask for passwords and user names.  ... 
doi:10.21608/jstc.2013.119825 fatcat:n2mzxdvxx5fvbnls62ih37hjwu

Data Protection and the Prevention of Cybercrime - The EU as an Area of Security?

Maria Grazia Porcedda
2012 Social Science Research Network  
I then claim that the implementation of data protection principles in a cyber-security policy can act as a proxy to reduce cyber threats, and in particular (narrow) cybercrime, provided that the following  ...  approach to human rights.  ...  Many of these attacks are perpetrated by means of social engineering.  ... 
doi:10.2139/ssrn.2169340 fatcat:delhfmf3vrh6nb25mcgvyqmney
« Previous Showing results 1 — 15 out of 4,939 results