Managing Security Threats and Vulnerabilities for Small to Medium Enterprises

Onwubiko, Cyril; Lenaghan, Andrew

doi:10.1109/isi.2007.379479

Cited by 22 publications

(17 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Secure Socket layer (SSL) is one of the main solutions for MITM, which encrypt the traffic and make it impossible to tamper or modify any of the transferred information between two parties [8]. However, using SSL is not enough because there are ways to fake it (by proxy servers), so that the user think that he have a secure connection while he navigated to a non-SSL site.…”

Section: Man In the Middle Attackmentioning

confidence: 99%

Two Factor Authentication Framework Using OTP-SMS Based on Blockchain

Alharbi¹,

Alghazzawi²

2019

TMLAI

View full text Add to dashboard Cite

The authentication process is the main step which should be used to confirm that the user is the legitimate one and give the access only for him. Recently, Two Factor Authentication (2FA) schemes have been used by most of the applications to add an extra layer of security on the login process and solve the vulnerabilities of using only one factor for authentication. OTP-SMS is one of the most common methods which has been used in 2FA. However, attackers found a way to attack this method and gain an access to the user's account without their permission. In this paper, we proposed a new 2FA framework for OTP-SMS method to prevent different attacks, mainly Man In The Middle (MITM) attack and third party attack. The proposed framework is based on the use of Blockchain technology, which add more security and better environment for authentication process. The proposed framework uses an encrypted OTP, which generated by smart contract and uses also its hash value to send it to the application/website to complete the authentication process. We introduced a comparison between our proposed framework and other two frameworks which uses Blockchain to secure OTP-SMS. Our framework found to be secure against MITM and third party attacks and the computation time and complexity are less than other frameworks.

show abstract

Section: Man In the Middle Attackmentioning

confidence: 99%

Two Factor Authentication Framework Using OTP-SMS Based on Blockchain

Alharbi¹,

Alghazzawi²

2019

TMLAI

View full text Add to dashboard Cite

show abstract

“…The associated strategizing discourse can be characterized with a simple formula: Risks = Assets × Likelihood , where the two abstract entities on the right-hand side are, when possible, related to BCI and APT, respectively. No attempts are made to enlarge the conceptual scope to more complex models that would be available by introducing the concepts of targets (owners), attackers, countermeasures and vulnerabilities (Onwubiko and Lenaghan, 2007), for instance. While it was possible to approach the abstract concept of a likelihood of a security threat by associating it strictly to APTs, it became necessary during interviewing to further fine-tune the analytical risk formula.…”

Section: Research Approachmentioning

confidence: 99%

“…While the model alone allows to frame the overall comparative approach by turning the attention to differences (Lijphart, 1975; Przeworski and Teune, 1970), the qualitative viewpoint is further enriched by focusing on the subjective perceptions of security (Farahmand et al , 2005) in terms of strategizing (Henfridsson and Lind, 2014; Whittington, 2014). The necessary analytical toolbox is built around sharpening a few of the basic abstractions, such as risks, probabilities, assets and costs (Caddy, 2000; Layton and Watters, 2014; Onwubiko and Lenaghan, 2007). Given this machinery, the paper contributes to the aforementioned literature with fresh theoretical thinking, qualitative but practical market research observations and, last but by no means least, a couple of remarks about potential to increase security among small enterprises.…”

Section: Introductionmentioning

confidence: 99%

Tightroping between APT and BCI in small enterprises

Kaukola¹,

Ruohonen

Tuomisto

et al. 2017

ICS

View full text Add to dashboard Cite

Purpose The contemporary internet provisions increasingly sophisticated security attacks. Besides underlining the advanced nature of these attacks, the concept of an advanced persistent threat (APT) catalyzes the important perspective of longitudinal persistence; attacks are not only carefully planned and targeted but the subsequent exploitation period covers long periods of time. If an APT successfully realizes into such exploitation, information assets may be continuously monitored for harvesting business-critical information (BCI). These threats are relevant for the security of small enterprises, and this study aims to examine the qualitative factors that shape the security mindsets among these. Design/methodology/approach The data are collected with semi-structured interviews of six enterprises in a small regional market segment. The analysis is based on a fourfold taxonomy that delivers three mindset profiles, while particular emphasis is placed on the subjective security notions that shape the typical strategizing among enterprises. Findings APT is poorly understood among the observed segment, which tends to often also explicitly downplay the strategic relevance of the concept, but a more pressing challenge relates to the observation that business data is often perceived to have no value. The delivered results can be used to improve the situation. Originality/value This study is among the firsts to explore perceptions of small enterprises toward APT and BCI. The results reveal problematic mindsets and offers new avenues for practitioners as well as academics to study and improve the situation.

show abstract

“…It is used to minimize or eliminate the probability of a threat exploiting a vulnerability in an asset. • An asset is defined as anything that is of a value and importance to the owner, which includes information, programs, data, network, and communication infrastructures [17].…”

Section: Vulnerabilitymentioning

confidence: 99%

Comparing and Evaluating CVSS Base Metrics and Microsoft Rating System

Younis

Malaiya

2015

2015 IEEE International Conference on Software Quality, Reliability and Security

View full text Add to dashboard Cite

Evaluating the accuracy of vulnerability security risk metrics is important because incorrectly assessing a vulnerability to be more critical could lead to a waste of limited resources available and ignoring a vulnerability incorrectly assessed as not critical could lead to a breach with a high impact. In this paper, we compare and evaluate the performance of the CVSS Base metrics and Microsoft Rating system. The CVSS Base metrics are the de facto standard that is currently used to measure the severity of individual vulnerabilities. The Microsoft Rating system developed by Microsoft has been used for some of the most widely used systems. Microsoft software vulnerabilities have been assessed by both the Microsoft metrics and the CVSS Base metrics which makes their comparison feasible. The two approaches, the technical analysis approach (Microsoft) and the expert opinions approach (CVSS) differ significantly. To conduct this study, we examine 813 vulnerabilities of Internet Explorer and Windows 7. The two software systems have been selected because they have a rich history of publicly available vulnerabilities, and they differ significantly in functionality and size. The presence of actual exploits is used for evaluating them. The results show that exploitability metrics in either system do not correlate strongly with the existence of exploits, and have a high false positive rate.

show abstract

Managing Security Threats and Vulnerabilities for Small to Medium Enterprises

Cited by 22 publications

References 5 publications

Two Factor Authentication Framework Using OTP-SMS Based on Blockchain

Two Factor Authentication Framework Using OTP-SMS Based on Blockchain

Tightroping between APT and BCI in small enterprises

Comparing and Evaluating CVSS Base Metrics and Microsoft Rating System

Contact Info

Product

Resources

About