Federal Information Security Fundamentals

Gantz, Stephen D.; Philpott, Daniel

doi:10.1016/b978-1-59-749641-4.00002-3

Cited by 4 publications

(3 citation statements)

References 3 publications

(3 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The appropriate monitoring frequency varies across VTS centers and is determined by various criteria. For example, the higher-risk section necessitates more frequent monitoring [ 32 ].…”

Section: Proposed Optimal Vts Operators Staffing Methodsmentioning

confidence: 99%

Optimal Staffing for Vessel Traffic Service Operators: A Case Study of Yeosu VTS

Yoo

Kim

2021

Sensors

View full text Add to dashboard Cite

Vessel traffic volume and vessel traffic service (VTS) operator workloads are increasing with the expansion of global maritime trade, contributing to marine accidents by causing difficulties in providing timely services. Therefore, it is essential to have sufficient VTS operators considering the vessel traffic volume and near-miss cases. However, no quantitative method for determining the optimal number of workstations, which is necessary for calculating the VTS operator staffing level, has yet been proposed. This paper proposes a new, microscopic approach for calculating the number of workstations from vessel trajectories and voice recording communication data between VTS operators and navigators. The vessel trajectory data are preprocessed to interpolate different intervals. The proposed method consists of three modules: Information services, navigational assistance services, and traffic organization service. The developed model was applied to the Yeosu VTS in Korea. Another workstation should be added to the current workstation based on the proposed method. The results showed that even without annual statistical data, a reasonable VTS operator staffing level could be calculated. The proposed approach helps prevent vessel accidents by providing timely services even if the vessel traffic is congested if VTS operators are deployed to a sufficient number of workstations.

show abstract

“…The appropriate monitoring frequency varies across VTS centers and is determined by various criteria. For example, the higher-risk section necessitates more frequent monitoring [ 32 ].…”

Section: Proposed Optimal Vts Operators Staffing Methodsmentioning

confidence: 99%

Optimal Staffing for Vessel Traffic Service Operators: A Case Study of Yeosu VTS

Yoo

Kim

2021

Sensors

View full text Add to dashboard Cite

show abstract

“…Hence, the military tradition of information classification has led to a focus on the confidentiality aspect. Consequently, confidentiality has been prioritised over integrity and availability when it comes to information classification (Gantz and Philpott, 2013). Moreover, information classification stems from a practice where paper files were classified manually by few users, compared to today's situation where most information is digitalised and it all needs to be classified (Bunker, 2012).…”

Section: Information Classification Methods 209mentioning

confidence: 99%

Developing an information classification method

Bergström

Karlsson

Åhlfeldt

2020

ICS

View full text Add to dashboard Cite

Purpose The purpose of this paper is to develop a method for information classification. The proposed method draws on established standards, such as the ISO/IEC 27002 and information classification practices. The long-term goal of the method is to decrease the subjective judgement in the implementation of information classification in organisations, which can lead to information security breaches because the information is under- or over-classified. Design/methodology/approach The results are based on a design science research approach, implemented as five iterations spanning the years 2013 to 2019. Findings The paper presents a method for information classification and the design principles underpinning the method. The empirical demonstration shows that senior and novice information security managers perceive the method as a useful tool for classifying information assets in an organisation. Research limitations/implications Existing research has, to a limited extent, provided extensive advice on how to approach information classification in organisations systematically. The method presented in this paper can act as a starting point for further research in this area, aiming at decreasing subjectivity in the information classification process. Additional research is needed to fully validate the proposed method for information classification and its potential to reduce the subjective judgement. Practical implications The research contributes to practice by offering a method for information classification. It provides a hands-on-tool for how to implement an information classification process. Besides, this research proves that it is possible to devise a method to support information classification. This is important, because, even if an organisation chooses not to adopt the proposed method, the very fact that this method has proved useful should encourage any similar endeavour. Originality/value The proposed method offers a detailed and well-elaborated tool for information classification. The method is generic and adaptable, depending on organisational needs.

show abstract

“…Hence, this type of organizations may fail to put forensics tools in place against unknown attacks. It is important that they are able to study those attacks which could help them forestall feature occurrence and possibly identify source of attacks whether internal to the organization or external [7]. ARP cache spoofing is the commonest attack that can be launched from within a network and could have a very high destruction profile to an organization.…”

Section: Introductionmentioning

confidence: 99%

ARP Cache Poisoning Mitigation and Forensics Investigation

Mangut¹,

Al-Nemrat²,

Benzaid

et al. 2015

2015 IEEE Trustcom/BigDataSE/Ispa

View full text Add to dashboard Cite

Abstract-Address Resolution Protocol (ARP) cache spoofing or poisoning is an OSI layer 2 attack that exploits the statelessness vulnerability of the protocol to make network hosts susceptible to issues such as Man in the Middle attack, host impersonation, Denial of Service (DoS) and session hijacking.In this paper, a quantitative research approach is used to propose forensic tools for capturing evidences and mitigating ARP cache poisoning. The baseline approach is adopted to validate the proposed tools. The evidences captured before attack are compared against evidences captured when the network is under attack in order to ascertain the validity of the proposed tools in capturing ARP cache spoofing evidences.To mitigate the ARP poisoning attack, the security features DHCP Snooping and Dynamic ARP Inspection (DAI) are enabled and configured on a Cisco switch. The experimentation results showed the effectiveness of the proposed mitigation technique.

show abstract

Federal Information Security Fundamentals

Cited by 4 publications

References 3 publications

Optimal Staffing for Vessel Traffic Service Operators: A Case Study of Yeosu VTS

Optimal Staffing for Vessel Traffic Service Operators: A Case Study of Yeosu VTS

Developing an information classification method

ARP Cache Poisoning Mitigation and Forensics Investigation

Contact Info

Product

Resources

About