Enterprise Security

Legal requirement for cloud forensics is currently uncertain and presents a challenge for the legal system. These challenges arises from the fact that cloud environment consists of distributed shared storages so there is a level of necessary interactions forensic examiners and law enforcement officers require from the cloud provider in order to conduct their investigations. Cloud computing has generated significant interest in both academia and industry, but it is still an evolving paradigm. Cloud computing services are also, a popular target for malicious activities; resulting to the exponential increase of cyber-attacks. Digital evidence is the evidence that is collected from the suspect’s workstations or electronic medium that could be used in order to assist computer forensics investigations. Cloud forensics involves digital evidence collection in the cloud environment. The current established forensic procedures and process models require major changes in order to be acceptable in cloud environment. This chapter aims to assess challenges that forensic examiners face in tracking down and using digital information stored in the cloud and discuss the importance of education and training to handle, manage and investigate computer evidence.

In this chapter, we consider whether the outsourcing of incident management is a viable technological approach that may be transferable to other cloud security management requirements. We review a viable approach to outsourcing incident response management and consider whether this can be applied to other cloud security approaches, starting with the concept of using proper measurement for a cloud security assurance model. We demonstrate how this approach can be applied, not only to the approach under review, but how it may be applied to address other cloud security requirements.

This world is rife with uncertainties. Risk management plays an increasingly important role in both the public sector and the private sector. Considering that government is the risk manager of last resort, government faces a vast variety of risks and disasters, either natural or manmade. Owing to scarce public resources and increasing public needs, government is not capable to finance all risk management programs. However, once a catastrophic event occurs, government must take immediate actions to control the event. This essay intends to explore the relationship between risk management and budgeting in the public sector. It attempts to demonstrate to what extent and in which areas risk management depends on budget and competes against other public expenditures, and if budget austerity blocks risk management. The analyses of risk management activities and budget cycles find that budgeting generally serves as a facilitator and catalyst to risk and disaster management; and risk and disaster management is mostly a competitor in budget process; and severe unexpected disasters and crises drive and overshadow budgets to deal with the serious consequences ever incurred. This essay suggests particular measures that may help establish a virtuous relationship between budgeting and risk management.

Application of iris recognition for human identification has significant potential for developing a robust identification system. This is due to the fact that iris pattern of individuals are unique, differentiable from left to right eye and is almost stable over the time. However, performance of the existing iris recognition systems depends on the signal processing algorithms they use for iris segmentation, feature extraction and template matching. Like any other signal processing system, the performance of the iris recognition system is depend on the existing level of noise in the image and can be deteriorated as the level of noise increases. The building block of the iris recognition systems, techniques to mitigate the effect of the noise in each stages, criteria to assess the performance of different iris recognition techniques and publicly available iris datasets are discussed in this chapter.

Anomaly based intrusion detection systems classify network traffic into normal and malicious categories. The intrusion detection system raises an alert when maliciousness is detected in the traffic. A security administrator inspects these alerts and takes corrective action to protect the network from intrusions and unauthorized access. Manual inspection of the alerts is also necessary because anomaly based intrusion detection systems have a high false positive rate. The alerts can be in very large number and their manual inspection is a challenging task. We propose an extension for anomaly based intrusion detection system which automatically groups malicious IP flows into different attack clusters. Our technique creates attack clusters from a training set of unlabeled IP flows using unsupervised learning. Every attack cluster consists of malicious IP flows which are similar to each other. We analyze IP flows in every cluster and assign an attack label to them. After the clusters are created, an incoming malicious IP flow is compared with all clusters and the label of the closest cluster is assigned to the IP flow. The intrusion detection system uses labeled flows to raise consolidated anomaly alert for a set of similar IP flows. This approach significantly reduces the overall number of alerts and also generates a high-level map of attack population. We use unsupervised learning techniques for automatic clustering of IP flows. Unsupervised learning is advantageous over supervised learning because the availability of a labeled training set for supervised learning is not always guaranteed. Three unsupervised learning techniques, k-means, self-organizing maps (SOM) and DBSCAN are considered for clustering of malicious IP flows. We evaluated our technique on a flow-based data-set containing different types of malicious flows. Experimental results show that our scheme gives good performance and places majority of the IP flows in correct attack clusters.

With information and communication technologies progressing at a rapid pace and becoming increasingly affordable, the use of various e-services is gaining prevalence at all sectors and levels of enterprises, including government, commerce, education and health. As modern-day enterprise services become progressively virtual in terms of content, storage and delivery, the need for robust of security and privacy pertaining to such services increases proportionally. Despite the plethora of enterprise-scale e-services in use today, there seems to be no general framework for developing those, especially with regard to ensuring security of such services. In this chapter, we present the eTRON architecture which aims at delineating a generic framework for developing secure e-services. At the core of the eTRON architecture lies the tamper-resistant eTRON chip which is equipped with functions for mutual authentication, encrypted communication and strong access control. Besides the security features, the eTRON architecture also offers a wide range of functionalities through a coherent set of API commands so that programmers can develop value-added services in a transparent manner. This chapter discusses various features of the eTRON architecture, and presents three representative eTRON-based e-services in order to evaluate its effectiveness by comparison with other existing e-services.

The evolution of cloud computing and advancement of its services has motivated the organizations and enterprises to move towards the cloud, in order to provide their services to their customers, with greater ease and higher efficiency. Utilizing the cloud-based services, on one hand has brought along numerous compelling benefits and, on the other hand, has raised concerns regarding the security and privacy of the data on the cloud, which is still an ongoing challenge. In this regard, there has been a large body of research on improving the security and privacy in cloud computing. In this chapter, we first study the status of security and privacy in cloud computing. Then among all the existing security techniques, we narrow our focus on obfuscation and diversification techniques. We present the state-of-the-art review in this field of study, how these two techniques have been used in cloud computing to improve security. Finally, we propose an approach that uses these two techniques with the aim of improving the security in cloud computing environment and preserve the privacy of its users.

Large organizations must plan for Cybersecurity throughout their entire network, taking into account network granularity and outside subcontractors. The United States Department of Defense (DoD) has large networked systems that span the globe, crossing multiple intra-organizational systems. This larger network includes Information Systems typical of enterprise networks, SCADA Systems monitoring critical infrastructure, newer Cyber-physical systems, and mobile networks. With increased connectivity within the DoD and to external organizations, Cybersecurity is seen as a critical organizational need. There is not currently a standard evaluation process to gauge whether various Cybersecurity technologies adequately meet the needs of either the DoD at large or the context of lower-tier organizations. We introduce the DoD-Centric and Independent Technology Evaluation Capability (DITEC), an enterprise-ready evaluation tool that offers a repeatable evaluation process, the ability to take prior product evaluations into account during the acquisition process, and tools to assist security non-experts in understanding which technologies meet their specific needs. This work describes DITEC and the Cyber-SCADA Evaluation Capability (C-SEC), an implementation of DITEC in a Cyber-Physical context.

Assessing the security of data stored in cloud storage can be carried out by developing goal-based measurement items. The measurement items can be utilized to construct a security assessment model based on practical needs. The measurement items can assist in acquiring support decision making on the implementation of a security frameworks. This paper discusses the Goal-Question-Metrics (GQM) approach and its application towards constructing measurement items for a security metric. It also attempts to provide practical guidance and example of measurements using GQM. An application of the GQM paradigm towards the development of a security metric is presented. The metrics obtained will assist organizations to meet their requirements for a cloud storage security framework.

Any organisation using the internet to conduct business is vulnerable to violation of security. Currently security in most organizations relates to protection of data and the management of their business information systems. Hence, security is often defined as the protection of information, the system, and hardware; that use, store and relocates that information. Governing information and the secure use of Information Technology (IT) is essential in order to reduce the possible risks and improve an Organisation’s reputation, confidence and trust with its customers. One of the importance success factors for an organization to adopt and use the cloud effectively is information security governance (ISG). As a consequence, this chapter clarifies the concept of governance and the necessity of its two factors IT governance (ITG) and ISG.

Enterprise governance is directing and controlling the organization by the board of directors and executive management in order to ensure the success of the organization. ITG and ISG are integral part of corporate governance. ITG is about the structure that links IT processes, resources and information to support organisation’s objectives. IT brings several risks and threats that need to be considered. Therefore, Information security should not be considered as just a technical issue but governance challenge that needs proactive approach. ISG consists of leadership, organisational structure, processes, compliance and technology. In order to promote the adoption of cloud computing, it is important to recognize that an important and specific issue related to cloud computing is the potential and perceived security risks posed by implementing such technology. Adopting the cloud has several risks such as malicious insider threats and data breaches. An example of cloud risk is virtualization that is one of the concepts used for constructing cloud computing, which has its own security risks, but they are not specific to the cloud. Virtualization is related to open-source shared application server, database, and middleware components. The multi-tenancy model has introduced security problems as it is based on virtualization and sharing resources (hard disk, application software, and virtual machine) on the same physical machine. This chapter will present an overview of information security governance, the risks and vulnerabilities when moving to the cloud.

Sharing e-documents are important components of any enterprise workflow. Keeping these e-documents secure is fundamental to enterprise security, especially in multi-site enterprises or when sharing e-documents with third party. For that purpose, enterprises use document management software. However, document leakage is the most challenging security issue. These leaks are mainly caused by internal attack wither intentional or due to accident and employee ignorance. After exploring the landscape of the current e-document sharing security issues, this chapter proposes a framework to address these issues. The proposed framework is adapting current technologies in new novel approach to deliver a secure environment to share e-documents and track them. The confirmed framework secures documents not only inside the enterprise, but also when they leave the enterprise boundaries via networks or portable devices. As the author’s knowledge extends, there is no other work similar to what this paper provide regarding proposing such a framework. The framework provides a persistent and secure environment through the e-document life cycle and ability to track the document. The framework components design is based on analysing the literature of the current issues and available solutions. These components were confirmed after surveying security professionals and interviewing fourteen security experts. The framework includes components utilising active document concept, digital right management concept, context awareness, and a central certification authority service.