Defense-in-depth revisited: qualitative risk analysis methodology for complex network-centric operations

Bass, T.; Robichaux, R.

doi:10.1109/milcom.2001.985765

Cited by 30 publications

(18 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The defence-in-depth strategy delivers security at different levels of protection and implementation as discussed in [33], [34], and [35].Preparing for zero-day exploits and possible cyber-warfare requires a strategic plan, which must be implemented at different phases of the security architecture of every nation-state that is keen on a secure cyberspace. Different levels of security as shown in Figure 5implies protection at different layers.…”

Section: National Readiness Through Defence-in-depthmentioning

confidence: 99%

Zero day exploits and national readiness for cyber-warfare

Ibor¹

2018

Nig. J. Tech.

View full text Add to dashboard Cite

A zero day vulnerability is an unknown exploit that divulges security flaws in software before such a flaw is publicly reported or announced. But how should a nation react to a zero day? This question is a concern for most national governments, and one that requires a systematic approach for its resolution. The securities of critical infrastructure of nations and states have been severally violated by cybercriminals. Nation-state espionage and the possible disruption and circumvention of the security of critical networks has been on the increase. Most of these violations are possible through detectable operational bypasses, which are rather ignored by security administrators. One common instance of a detectable operational bypass is the non-application of periodic security updates and upgrades from software and hardware vendors. Every software is not necessarily in its final state, and the application of periodic updates allow for the patching of vulnerable systems, making them to be secure enough to withstand an exploit. To have control over the security of critical national assets, a nation must be "cyber-ready" through the proper management of vulnerabilities and the deployment of the rightful technology in the cyberspace for hunting, detecting and preventing cyber-attacks and espionage. To this effect, this paper discusses the implications of zero day exploits and highlights the dangers posed by this cankerworm for an unprepared nation. The paper also adopts the defence-in-depth strategy for national readiness and a foolproof system that enforces the security of critical national infrastructure at all levels.

show abstract

Section: National Readiness Through Defence-in-depthmentioning

confidence: 99%

Zero day exploits and national readiness for cyber-warfare

Ibor¹

2018

Nig. J. Tech.

View full text Add to dashboard Cite

show abstract

“…One uses the same system of categorization as described for ISM above (Alberts et al, 2003;Bass & Robichaux, 2001;Landoll & Landoll, 2005;Lichtenstein, 1996;Visintine, 2003). Organizations must identify all information assets in the scoped system to inform accurate decisions in the future (Standards Australia, 2004a).…”

Section: Understanding the Significance Of Asset Identificationmentioning

confidence: 99%

Asset Identification in Information Security Risk Assessment: A Business Practice Approach

Shedden¹,

Ahmad²,

Smith³

et al. 2016

CAIS

View full text Add to dashboard Cite

Abstract:Organizations apply information security risk assessment (ISRA) methodologies to systematically and comprehensively identify information assets and related security risks. We review the ISRA literature and identify three key deficiencies in current methodologies that stem from their traditional accountancy-based perspective and a limited view of organizational "assets". In response, we propose a novel rich description method (RDM) that adopts a less formal and more holistic view of information and knowledge assets that exist in modern work environments. We report on an in-depth case study to explore the potential for improved asset identification enabled by the RDM compared to traditional ISRAs. The comparison shows how the RDM addresses the three key deficiencies of current ISRAs by providing: 1) a finer level of granularity for identifying assets, 2) a broader coverage of assets that reflects the informal aspects of business practices, and 3) the identification of critical knowledge assets.

show abstract

“…Based on the three basic factors that define risk (i.e., Criticality, Vulnerability, Threat [5]), the potential attacks against AWMN are presented and analyzed [6].…”

Section: Possible Attacks Against Awmnmentioning

confidence: 99%

Towards a security framework for an established autonomous network

Ztoupis

Zarifis

Stavrakakis

et al. 2008

2008 3rd International Symposium on Wireless Pervasive Computing

View full text Add to dashboard Cite

Abstract-This paper focuses on the security of the Athens Wireless Metropolitan Network (AWMN), which is an established autonomous network. More specifically, it presents and analyzes the possible security attacks that threaten AWMN, its users and the provided services. Attempting to counteract these attacks and the related risks, we study and evaluate the application of known security measures in AWMN that aim at providing authentication services. Authentication is the most vital property of secure communications. Finally, we propose and highlight an authentication model that satisfies the requirements of an autonomous network, like AWMN. The proposed model combines the web of trust and free trust policy approach of the Pretty Good Privacy (PGP) protocol and the non-infrastructure solution of the self-organized public-key management scheme.

show abstract

Defense-in-depth revisited: qualitative risk analysis methodology for complex network-centric operations

Cited by 30 publications

References 1 publication

Zero day exploits and national readiness for cyber-warfare

Zero day exploits and national readiness for cyber-warfare

Asset Identification in Information Security Risk Assessment: A Business Practice Approach

Towards a security framework for an established autonomous network

Contact Info

Product

Resources

About