Information Security has become a serious concern for academic institutions for their normal functioning. This paper proposes a metric based assurance plan, keeping in view the resource limitation of small institutions. Modular approach of the proposed solution allows institutions to switch to higher version as they grow and augment more resources. Organization structure necessary to monitor the proposed plan is also proposed with non traditional roles and their job description. For every control an appropriate role is identified and associated with that metric. This modular & responsibility driven approach will ensure that a basic minimum protection plan is in place and overall security monitoring and control is also improved.
Insider threat has been the major Information Security issue for business houses for long time. But, Information Security Managers of academic campuses are yet to pay similar attention to this challenge. As direct financial losses resulting due to this are not of similar magnitude. However, universities and colleges have sensitive academic and personal records. Also, many institutes are engaged in advanced research and creating valuable intellectual property, which need to be protected. Monitoring insider threats in academic campuses is particularly difficult because of complexity of networks, diverse mix of systems and resistance for strict restrictions. Major challenges include, less disciplined users compared to industry users, sharing of terminals, inadequate budgets and fast turnover of student population. There are almost thirty percent new enrollments every year.Existing monitoring and control methods are inadequate for two reasons: they are able to trace source IP addresses but fail to identify the precise user, performing suspicious or non-sanctioned activities. Secondly, they do not provide real-time actions, as user profile is not known. Given these security challenges and the complexity of protecting information assets across diverse servers, applications, and heterogeneous environment, a new approach is proposed. Identity issue is addressed by capturing detailed network user actions across most major applications and correlating it with directory context to track and enforce institutional policies. This is different from existing approaches, where a traffic oriented view of user activity is provided. The proposed approach provides a low cost and quickly deployable solution as no network changes are required. Proposed real-time tracking and alerting mechanism ensures early warning and also proactively stops transactions in progress without degrading performance. It also facilitates audit automation using rule engine, which is constantly updated by an Intelligent Rule Builder.
To ensure a secure computing in a cloud environment, recommendation and trust-based access control model is proposed. The proposed model allows calculation of direct trust and indirect trust based on recommendations. It handles cases where the requesting entity may have a past interaction experience or fresh entity without any past experience with the service. It includes the capability to cause human reasoning performance and can change by behavioral pattern modifications. Positive and negative threshold limits are used to handle malicious recommendation. The results of security mechanism so integrated with the proposed model against attacks such as bad mouthing attack, Sybil attack, and on-off behavior attack are verified.
General TermsCloud, Security, Algorithm.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.