Automation Possibilities in Information Security Management

Montesino, Raydel; Fenz, Stefan

doi:10.1109/eisic.2011.39

Cited by 15 publications

(16 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The National Institute of Standards and Technology (NIST) in cooperation with the Massachusetts Institute of Technology Research Establishment (MITRE) provide the Security Content Automation Protocol (SCAP), a multipurpose approach which enables e.g. automated vulnerability checking employing security configuration checklists [29]. SCAP content benefits from multiple sources, among them the National Vulnerability Database (NVD) or the MITRE Open Vulnerability and Assessment Language (OVAL) Database [30].…”

Section: Related Workmentioning

confidence: 99%

IO: An Interconnected Asset Ontology in Support of Risk Management Processes

Birkholz

Sieverdingbeck

Sohr

et al. 2012

2012 Seventh International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Asset information obtained via infrastructure analysis is essential for developing and establishing risk management. However, information about assets acquired by existing infrastructure analysis processes is often incomplete or lacking in detail, especially concerning their interconnected topology. In this paper, we present the Interconnected-asset Ontology, IO, as a step towards a standardized representation of detailed asset information. The utilization of an asset ontology as a machine-readable representation supports the automation of risk management processes and the standardization of asset information reduces redundant acquisition processes that are often found in practice.

show abstract

Section: Related Workmentioning

confidence: 99%

IO: An Interconnected Asset Ontology in Support of Risk Management Processes

Birkholz

Sieverdingbeck

Sohr

et al. 2012

2012 Seventh International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

show abstract

“…It does so by focusing on increasing the contribution of f (2) , while not to decreasing the results of f (1) and f (3) . Due to this, the goal distribution of Pareto-Q-learning falls well short of the desired 3:7:2 goal prioritization.…”

Section: Figurementioning

confidence: 99%

“…From Figures 3-5, we can see that all the algorithms start with an unfavorable distribution of the goals. Both STOM and GUESS aggressively react by decreasing the results for goals f (1) and f (3) and increasing the result for f (2) , until the algorithm reaches a goal distribution that matches the set goal prioritization of 3:7:2. The GUESS method slightly outperforms the STOM method.…”

Section: Figurementioning

confidence: 99%

See 1 more Smart Citation

Pareto Optimal Solutions for Network Defense Strategy Selection Simulator in Multi-Objective Reinforcement Learning

Sun

Xiong

et al. 2018

Applied Sciences

View full text Add to dashboard Cite

Using Pareto optimization in Multi-Objective Reinforcement Learning (MORL) leads to better learning results for network defense games. This is particularly useful for network security agents, who must often balance several goals when choosing what action to take in defense of a network. If the defender knows his preferred reward distribution, the advantages of Pareto optimization can be retained by using a scalarization algorithm prior to the implementation of the MORL. In this paper, we simulate a network defense scenario by creating a multi-objective zero-sum game and using Pareto optimization and MORL to determine optimal solutions and compare those solutions to different scalarization approaches. We build a Pareto Defense Strategy Selection Simulator (PDSSS) system for assisting network administrators on decision-making, specifically, on defense strategy selection, and the experiment results show that the Satisficing Trade-Off Method (STOM) scalarization approach performs better than linear scalarization or GUESS method. The results of this paper can aid network security agents attempting to find an optimal defense policy for network security games.

show abstract

“…The software will be planned as simple and user friendly. Security aspects must be taken in to account when designing the software [7]. There must be specialized security applications to ensure a safe and automatic control of the school.…”

mentioning

confidence: 99%

Resilience of Cyber-Physical System: A Case Study of Safe School Environment

Rajamäki

Rathod

Ahlgren

et al. 2012

2012 European Intelligence and Security Informatics Conference

View full text Add to dashboard Cite

Modern critical infrastructure includes a combination of computational and physical components, known as cyberphysical system (CPS) [1]. Often, urban built infrastructures represent a critical node within the intertwined networks of an urban area. Current school environment are examples of CPSs including automatic access controls (AACs), guidance and alarm systems (GASs), digital clocks, heat and motion identification sensors, and remolding spaces such as classrooms. A safe school environment can be created using parallel methods such as preventive, proactive and readiness for reactive resilience [2, 3]. Espoo City is constructing a new school campus Opinmäki [4]and Laurea University of Applied Sciences acts as a safety and security consultant within the project. This paper focuses on needs for improved understanding of school security solutions, mainly covering readiness for reactive methods of security. The paper presents two technical security solutions: 1) technical control and reporting emergency incident and 2) design of security room.AAC tags can be identification cards, wristbands, necklaces, and others. The person who has a tag can be identified. These persons can be teachers, staff, students or someone who need access. This solution allows an access in building facilities to only identified authorize people. Students can move around without tags during the day in the public area that is not locked, like most of the classrooms or they have identification cards to get access to labs and other facilities. Children in the daycare wear a special wristband that helps identifying them, enhancing cost savings with automating routine operations. The heat and air conditioning systems can automatically set correct working level when system identifies a number of people in the building [5]. AAC is linked to video surveillance working in public areas and entrances. Video surveillance being used for two purposes: 1) in crisis situations recordings can be explored and hand over to the police; 2) to count the number of people in the variable areas. Normally classes are not monitored as teachers have control on accessing student spaces. However, there can be provision of class monitoring on major events or bigger classes. During off-hours, all the safety measures are active, and all persons should have their identification cards and all movements in school will be registered in the system. Doors cannot be opened when the video surveillance system detects more than one person tries to enter in 'only one person' at a time entrance. Analyzing software counts the number of people that enter or leave the area. Camera must be positioned almost perpendicular on top of the doorway [6]. Another option is to install thermal cameras in every room, to count the exact number of people in a room. This technology does not reveal the identity of people in the room; hence nobody's privacy will be compromised. The school has heat and movement sensors installed in every room's roof structures. Sensors can identify the number of people in ...

show abstract

Automation Possibilities in Information Security Management

Cited by 15 publications

References 4 publications

IO: An Interconnected Asset Ontology in Support of Risk Management Processes

IO: An Interconnected Asset Ontology in Support of Risk Management Processes

Pareto Optimal Solutions for Network Defense Strategy Selection Simulator in Multi-Objective Reinforcement Learning

Resilience of Cyber-Physical System: A Case Study of Safe School Environment

Contact Info

Product

Resources

About