Real-time assessment of IT-related risks, performed at the national level, is very important due to the evolving nature of threats that may originate from individual hackers, organized cyber-criminal groups, as well as state activities. Evaluation of risk that is based on technical information, as well as on mutual relationships between various institutions and services, may result in very valuable situational awareness. The paper describes (in general) cyber risk analysis method which will be implemented in Polish National Cybersecurity Platform.
Current software projects require continuous integration during their whole lifetime. In this context, different approaches regarding introduction of DevOps and DevSecOps strategies have been proposed in the literature. While DevOps proposes an agile methodology for the development and instantiation of software platforms with minimal impact in any kind of operations environment, this contribution proposes the introduction of DevOps methodology for Next Generation IoT deployments. Moreover, novelty of the proposed approach lies in leveraging DevSecOps in different stages and layers of the architecture. In particular, the present work describes the different DevSecOps methodology tasks, and how the security is included on pre-design activities such as planning, creation or adaptation, the design and implementation, as well as on post-implementation activities such as detection, response. Without proper consideration of security and privacy best practices identified in this article, the continuous delivery of services using DevOps methodologies may create risks and introduce different vulnerabilities for Next Generation IoT deployments.
The security of the Internet of Things (IoT) is a very important aspect of everyday life for people and industries, as well as hospitals, military, households and cities. Unfortunately, this topic is still too little researched and developed, which results in exposing users of Internet of Things to possible threats. One of the areas which should be addressed is the creation of a database of information about vulnerabilities and exploits in the Internet of Things; therefore, the goal of our activities under the VARIoT (Vulnerability and Attack Repository for IoT) project is to develop such a database and make it publicly available. The article presents the results of our research aimed at building this database, i.e., how the information about vulnerabilities is obtained, standardized, aggregated and correlated as well as the way of enhancing and selecting IoT related data. We have obtained and proved that existing databases provide various scopes of information and because of that a single and most comprehensive source of information does not exist. In addition, various sources present information about a vulnerability at different times—some of them are faster than others, and the differences in publication dates are significant. The results of our research show that aggregation of information from various sources can be very beneficial and has potential to enhance actionable value of information. We have also shown that introducing more sophisticated concepts, such as trust management and metainformation extraction based on artificial intelligence, could ensure a higher level of completeness of information as well as evaluate the usefulness and reliability of data.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.