Exploitation of auctions for outsourcing security-critical projects

Kandias, Miltiadis; Mylonas, Alexios; Theoharidou, Marianthi; Gritzalis, Dimitris

doi:10.1109/iscc.2011.5983912

Cited by 10 publications

(5 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When specific people involved in given task, it is easy to detect and identify the malicious intension of insider [8] [9]. If employee is going to perform a computer fraud, it is hard to do among them during the work hours and chance of catching them is easy.…”

Section: Whirling Of Dutiesmentioning

confidence: 99%

Understanding insider attack problem and scope in cloud

Gunasekhar

Rao

Basu

2015

2015 International Conference on Circuits, Power and Computing Technologies [ICCPCT-2015]

View full text Add to dashboard Cite

The malicious insider can be an employees, user and/or third party business partner. The insiders can have legitimate access to their organization data centers. In organizations, the security related aspects are based on insider's behaviors, the malicious insiders may theft sensitive data and no protection mechanisms are addressed till now to completely defend against the attacks. Such that organizational data could be so vulnerable from insider threat attacks. The malicious insiders of an organization can perform stealing on sensitive data at cloud storage as well as at organizational level. The insiders can misuse their credentials in order to perform malicious tasks on sensitive information as they agreed with the competitors of that organization. By doing this, the insiders may get financial benefits from the competitors. The damages of insider threat are: IT sabotages, theft of confidential information, trade secrets and Intellectual properties (IP). It is very important for the nation to start upgrading it's IT infrastructure and keep up with the latest security guidelines and practices.

show abstract

Section: Whirling Of Dutiesmentioning

confidence: 99%

Understanding insider attack problem and scope in cloud

Gunasekhar

Rao

Basu

2015

2015 International Conference on Circuits, Power and Computing Technologies [ICCPCT-2015]

View full text Add to dashboard Cite

show abstract

“…The generic model of cloud environment provides facilities for clients to store their sensitive data, software as service (software is provided as service from cloud provider), platform as service (platform is provided as service) [6] [7] and infrastructure as service. In general the organizations want to use cloud services in a secure manner instead of purchase products [10].…”

Section: Generic Modelmentioning

confidence: 99%

Mitigation of Insider Attacks through Multi-Cloud

Gunasekhar

Rao

Reddy

et al. 2015

IJECE

View full text Add to dashboard Cite

The malicious insider can be an employees, user and/or third party business partner. In cloud environment, clients may store sensitive data about their organization in cloud data centers. The cloud service provider should ensure integrity, security, access control and confidentiality about the stored data at cloud data centers. The malicious insiders can perform stealing on sensitive data at cloud storage and at organizations. Most of the organizations ignoring the insider attack because it is harder to detect and mitigate. This is a major emerging problem at the cloud data centers as well as in organizations. In this paper, we proposed a method that ensures security, integrity, access control and confidentiality on sensitive data of cloud clients by employing multi cloud service providers. The organization should encrypt the sensitive data with their security policy and procedures and store the encrypted data in trusted cloud. The keys which are used during encryption process are again encrypted and stored in another cloud area. So that organization contains only keys for keys of encrypted data. The Administrator of organization also does not know what data kept in cloud area and if he accesses the data, easily caught during the auditing. Hence, the only authorized used can access the data and use it and we can mitigate insider attacks by providing restricted privileges.

show abstract

“…Furthermore, the field of risk assessment/management and critical infrastructure protection has contributed towards an elevated understanding over the issue [9][10]. Alternative approaches have, also, been proposed to this extend [11][12].…”

Section: Related Workmentioning

confidence: 99%

Proactive insider threat detection through social media

Kandias

Stavrou

Bozovic

et al. 2013

Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society

Self Cite

View full text Add to dashboard Cite

Insider threat is a major issue in cyber and corporate security. In this paper we study the psychosocial perspective of the insider via social media, Open Source Intelligence, and user generated content classification. Inductively, we propose a prediction method by evaluating the predisposition towards law enforcement and authorities, a personal psychosocial trait closely connected to the manifestation of malevolent insiders. We propose a methodology to detect users holding a negative attitude towards authorities. For doing so we facilitate the use of machine learning techniques and of a dictionary-based approach, so as to detect comments expressing negative attitude. Thus, we can draw conclusions over a user behavior and beliefs via the content the user generated within the limits a social medium. We also use an assumption free flat data representation technique in order to decide over the user's attitude. Furthermore, we compare the results of each method and highlight the common behavior manifested by the users. The demonstration is applied on a crawled community of users on YouTube.

show abstract

Exploitation of auctions for outsourcing security-critical projects

Cited by 10 publications

References 29 publications

Understanding insider attack problem and scope in cloud

Understanding insider attack problem and scope in cloud

Mitigation of Insider Attacks through Multi-Cloud

Proactive insider threat detection through social media

Contact Info

Product

Resources

About