Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 3735

Search results for: IoT security requirements

3735 Security of Internet of Things: Challenges, Requirements and Future Directions

Authors: Amjad F. Alharbi, Bashayer A. Alotaibi, Fahd S. Alotaibi

Abstract:

The emergence of Internet of Things (IoT) technology provides capabilities for a huge number of smart devices, services and people to be communicate with each other for exchanging data and information over existing network. While as IoT is progressing, it provides many opportunities for new ways of communications as well it introduces many security and privacy threats and challenges which need to be considered for the future of IoT development. In this survey paper, an IoT security issues as threats and current challenges are summarized. The security architecture for IoT are presented from four main layers. Based on these layers, the IoT security requirements are presented to insure security in the whole system. Furthermore, some researches initiatives related to IoT security are discussed as well as the future direction for IoT security are highlighted.

Keywords: Internet of Things (IoT), IoT security challenges, IoT security requirements, IoT security architecture

Procedia PDF Downloads 174
3734 A Survey of Attacks and Security Requirements in Wireless Sensor Networks

Authors: Vishnu Pratap Singh Kirar

Abstract:

Wireless sensor network (WSN) is a network of many interconnected networked systems, they equipped with energy resources and they are used to detect other physical characteristics. On WSN, there are many researches are performed in past decades. WSN applicable in many security systems govern by military and in many civilian related applications. Thus, the security of WSN gets attention of researchers and gives an opportunity for many future aspects. Still, there are many other issues are related to deployment and overall coverage, scalability, size, energy efficiency, quality of service (QoS), computational power and many more. In this paper we discus about various applications and security related issue and requirements of WSN.

Keywords: wireless sensor network (WSN), wireless network attacks, wireless network security, security requirements

Procedia PDF Downloads 358
3733 Investigation of Information Security Incident Management Based on International Standard ISO/IEC 27002 in Educational Hospitals in 2014

Authors: Nahid Tavakoli, Asghar Ehteshami, Akbar Hassanzadeh, Fatemeh Amini

Abstract:

Introduction: The Information security incident management guidelines was been developed to help hospitals to meet their information security event and incident management requirements. The purpose of this Study was to investigate on Information Security Incident Management in Isfahan’s educational hospitals in accordance to ISO/IEC 27002 standards. Methods: This was a cross-sectional study to investigate on Information Security Incident Management of educational hospitals in 2014. Based on ISO/IEC 27002 standards, two checklists were applied to check the compliance with standards on Reporting Information Security Events and Weakness and Management of Information Security Incidents and Improvements. One inspector was trained to carry out the assessments in the hospitals. The data was analyzed by SPSS. Findings: In general the score of compliance Information Security Incident Management requirements in two steps; Reporting Information Security Events and Weakness and Management of Information Security Incidents and Improvements was %60. There was the significant difference in various compliance levels among the hospitals (p-valueKeywords: information security incident management, information security management, standards, hospitals

Procedia PDF Downloads 278
3732 Requirements Engineering via Controlling Actors Definition for the Organizations of European Critical Infrastructure

Authors: Jiri F. Urbanek, Jiri Barta, Oldrich Svoboda, Jiri J. Urbanek

Abstract:

The organizations of European and Czech critical infrastructure have specific position, mission, characteristics and behaviour in European Union and Czech state/ business environments, regarding specific requirements for regional and global security environments. They must respect policy of national security and global rules, requirements and standards in all their inherent and outer processes of supply-customer chains and networks. A controlling is generalized capability to have control over situational policy. This paper aims and purposes are to introduce the controlling as quite new necessary process attribute providing for critical infrastructure is environment the capability and profit to achieve its commitment regarding to the effectiveness of the quality management system in meeting customer/ user requirements and also the continual improvement of critical infrastructure organization’s processes overall performance and efficiency, as well as its societal security via continual planning improvement via DYVELOP modelling.

Keywords: added value, DYVELOP, controlling, environments, process approach

Procedia PDF Downloads 310
3731 Evaluation and Analysis of the Secure E-Voting Authentication Preparation Scheme

Authors: Nidal F. Shilbayeh, Reem A. Al-Saidi, Ahmed H. Alsswey

Abstract:

In this paper, we presented an evaluation and analysis of E-Voting Authentication Preparation Scheme (EV-APS). EV-APS applies some modified security aspects that enhance the security measures and adds a strong wall of protection, confidentiality, non-repudiation and authentication requirements. Some of these modified security aspects are Kerberos authentication protocol, PVID scheme, responder certificate validation, and the converted Ferguson e-cash protocol. Authentication and privacy requirements have been evaluated and proved. Authentication guaranteed only eligible and authorized voters were permitted to vote. Also, the privacy guaranteed that all votes will be kept secret. Evaluation and analysis of some of these security requirements have been given. These modified aspects will help in filtering the counter buffer from unauthorized votes by ensuring that only authorized voters are permitted to vote.

Keywords: e-voting preparation stage, blind signature protocol, Nonce based authentication scheme, Kerberos Authentication Protocol, pseudo voter identity scheme PVID

Procedia PDF Downloads 186
3730 CyberSecurity Malaysia: Towards Becoming a National Certification Body for Information Security Management Systems Internal Auditors

Authors: M. S. Razana, Z. W. Shafiuddin

Abstract:

Internal auditing is one of the most important activities for organizations that implement information security management systems (ISMS). The purpose of internal audits is to ensure the ISMS implementation is in accordance to the ISO/IEC 27001 standard and the organization’s own requirements for its ISMS. Competent internal auditors are the main element that contributes to the effectiveness of internal auditing activities. To realize this need, CyberSecurity Malaysia is now in the process of becoming a certification body that certifies ISMS internal auditors. The certification scheme will assess the competence of internal auditors in generic knowledge and skills in management systems, and also in ISMS-specific knowledge and skills. The certification assessment is based on the ISO/IEC 19011 Guidelines for auditing management systems, ISO/IEC 27007 Guidelines for information security management systems auditing and ISO/IEC 27001 Information security management systems requirements. The certification scheme complies with the ISO/IEC 17024 General requirements for bodies operating certification systems of persons. Candidates who pass the exam will be certified as an ISMS Internal Auditor, whose competency will be evaluated every three years.

Keywords: ISMS internal audit, ISMS internal auditor, ISO/IEC 17024, competence, certification

Procedia PDF Downloads 141
3729 Safety-Security Co-Engineering of Control Systems

Authors: Elena A. Troubitsyna

Abstract:

Designers of modern safety-critical control systems are increasingly relying on networking to provide the systems with advanced functionality and satisfy customer’s needs. However, networking nature of modern control systems also brings new technological challenges associated with ensuring system safety in the presence of openness and hence, potential security threats. In this paper, we propose a methodology that relies on systems-theoretic analysis to enable an integrated analysis of safety and security requirements of controlling software. We demonstrate how to create a safety case – a structured argument about system safety – with explicit representation of both safety and security goals. Our approach provides the designers with a systematic approach to analysing safety and security interdependencies while designing safety-critical control systems.

Keywords: controlling software, integrated analysis, security, safety-security co-engineering

Procedia PDF Downloads 371
3728 Conflicts Identification Approach among Stakeholders in Goal-Oriented Requirements Analysis

Authors: Muhammad Suhaib

Abstract:

Requirements Analysis are the most important part of software Engineering for both system application development, and project requirements. Conflicts often arise during the requirements gathering and analysis phase. This research aims to identify conflicts during the requirements gathering phase in software development life cycle, Research, Development, and Technology converted the world into a global village. During requirements elicitation/gathering phase it’s very difficult to understand the main objective of stakeholders, after completion of requirements elicitation task final results are used for Software Requirements Specification (SRS), SRS is the highly important outcome of the requirements analysis phase. this is the foundation between the developers and stakeholders or customers, proposed methodology will be helpful to identify those conflicts in a very easy manner during the initial phase of the project.

Keywords: goal oriented requirements analysis, conflicts identification model, requirements analysis, requirements engineering

Procedia PDF Downloads 28
3727 An Approach to Specify Software Requirements in Semantic Form

Authors: Deepa Vijay, Chellammal Surianarayanan, Gopinath Ganapathy

Abstract:

Requirements of a software project serve as a guideline for the entire project team which enable the team towards producing the right outcome. As requirements are the key in deciding the success of the project, it should be specified in an unambiguous manner. Also, the requirements should be complete and consistent. It should be interpreted in the same way by the entire software project team as the customer interprets. Specifying requirements in textual manner is common in software development. This leads to poor understanding of the requirements which results in more errors and degraded quality. There are some literatures which focus on semantic way of specifying functional requirement which ensure the consistency and completeness of requirements. Alternately in the work, a method is proposed to map the syntactic requirements with corresponding semantics in the form of ontologies. This improves the understanding of requirements, prevents errors and improves quality.

Keywords: functional requirement, ontology, requirements management, semantics

Procedia PDF Downloads 258
3726 Specification of Requirements to Ensure Proper Implementation of Security Policies in Cloud-Based Multi-Tenant Systems

Authors: Rebecca Zahra, Joseph G. Vella, Ernest Cachia

Abstract:

The notion of cloud computing is rapidly gaining ground in the IT industry and is appealing mostly due to making computing more adaptable and expedient whilst diminishing the total cost of ownership. This paper focuses on the software as a service (SaaS) architecture of cloud computing which is used for the outsourcing of databases with their associated business processes. One approach for offering SaaS is basing the system’s architecture on multi-tenancy. Multi-tenancy allows multiple tenants (users) to make use of the same single application instance. Their requests and configurations might then differ according to specific requirements met through tenant customisation through the software. Despite the known advantages, companies still feel uneasy to opt for the multi-tenancy with data security being a principle concern. The fact that multiple tenants, possibly competitors, would have their data located on the same server process and share the same database tables heighten the fear of unauthorised access. Security is a vital aspect which needs to be considered by application developers, database administrators, data owners and end users. This is further complicated in cloud-based multi-tenant system where boundaries must be established between tenants and additional access control models must be in place to prevent unauthorised cross-tenant access to data. Moreover, when altering the database state, the transactions need to strictly adhere to the tenant’s known business processes. This paper focuses on the fact that security in cloud databases should not be considered as an isolated issue. Rather it should be included in the initial phases of the database design and monitored continuously throughout the whole development process. This paper aims to identify a number of the most common security risks and threats specifically in the area of multi-tenant cloud systems. Issues and bottlenecks relating to security risks in cloud databases are surveyed. Some techniques which might be utilised to overcome them are then listed and evaluated. After a description and evaluation of the main security threats, this paper produces a list of software requirements to ensure that proper security policies are implemented by a software development team when designing and implementing a multi-tenant based SaaS. This would then assist the cloud service providers to define, implement, and manage security policies as per tenant customisation requirements whilst assuring security for the customers’ data.

Keywords: cloud computing, data management, multi-tenancy, requirements, security

Procedia PDF Downloads 48
3725 An Effective Route to Control of the Safety of Accessing and Storing Data in the Cloud-Based Data Base

Authors: Omid Khodabakhshi, Amir Rozdel

Abstract:

The subject of cloud computing security research has allocated a number of challenges and competitions because the data center is comprised of complex private information and are always faced various risks of information disclosure by hacker attacks or internal enemies. Accordingly, the security of virtual machines in the cloud computing infrastructure layer is very important. So far, there are many software solutions to develop security in virtual machines. But using software alone is not enough to solve security problems. The purpose of this article is to examine the challenges and security requirements for accessing and storing data in an insecure cloud environment. In other words, in this article, a structure is proposed for the implementation of highly isolated security-sensitive codes using secure computing hardware in virtual environments. It also allows remote code validation with inputs and outputs. We provide these security features even in situations where the BIOS, the operating system, and even the super-supervisor are infected. To achieve these goals, we will use the hardware support provided by the new Intel and AMD processors, as well as the TPM security chip. In conclusion, the use of these technologies ultimately creates a root of dynamic trust and reduces TCB to security-sensitive codes.

Keywords: code, cloud computing, security, virtual machines

Procedia PDF Downloads 95
3724 A Causal Model for Environmental Design of Residential Community for Elderly Well-Being in Thailand

Authors: Porntip Ruengtam

Abstract:

This article is an extension of previous research presenting the relevant factors related to environmental perceptions, residential community, and the design of a healing environment, which have effects on the well-being and requirements of Thai elderly. Research methodology began with observations and interviews in three case studies in terms of the management processes and environment design of similar existing projects in Thailand. The interview results were taken to summarize with related theories and literature. A questionnaire survey was designed for data collection to confirm the factors of requirements in a residential community intended for the Thai elderly. A structural equation model (SEM) was formulated to explain the cause-effect factors for the requirements of a residential community for Thai elderly. The research revealed that the requirements of a residential community for Thai elderly were classified into three groups when utilizing a technique for exploratory factor analysis. The factors were comprised of (1) requirements for general facilities and activities, (2) requirements for facilities related to health and security, and (3) requirements for facilities related to physical exercise in the residential community. The results from the SEM showed the background of elderly people had a direct effect on their requirements for a residential community from various aspects. The results should lead to the formulation of policies for design and management of residential communities for the elderly in order to enhance quality of life as well as both the physical and mental health of the Thai elderly.

Keywords: elderly, environmental design, residential community, structural equation modeling

Procedia PDF Downloads 232
3723 An Analysis of Privacy and Security for Internet of Things Applications

Authors: Dhananjay Singh, M. Abdullah-Al-Wadud

Abstract:

The Internet of Things is a concept of a large scale ecosystem of wireless actuators. The actuators are defined as things in the IoT, those which contribute or produces some data to the ecosystem. However, ubiquitous data collection, data security, privacy preserving, large volume data processing, and intelligent analytics are some of the key challenges into the IoT technologies. In order to solve the security requirements, challenges and threats in the IoT, we have discussed a message authentication mechanism for IoT applications. Finally, we have discussed data encryption mechanism for messages authentication before propagating into IoT networks.

Keywords: Internet of Things (IoT), message authentication, privacy, security

Procedia PDF Downloads 253
3722 Georgian Social Security System Compatibility with EU Requirements

Authors: Nino Grigolaia

Abstract:

Introduction: The article discusses the experience of the EU in the social field, analyzes the peculiarities of the functioning of the social system in Georgia, and reveals the priority and importance of social policy. Methodology: Different research methods are applied in the presented paper. There are used induction, deduction, analysis, synthesis, analogy, correlation, and statistical observation methodologies in the work. Main Findings: Based on the analysis of social security reforms in Georgia, the main systematic problems are detected, the recommendations on social security system components, integration of the social security field in the unified insurance system, the formation of the national social system, perfection of the legislative, regulatory framework of social protection, adoption of foreign experience are developed in the article. Conclusion: The article concludes that the social protection system in Georgia is at an early stage of development, with the significant impact of factors such as high level of unemployment, low pensions, a large number of families living under the poverty line, and other ones. Accordingly, it is well-established that the study of the social security problem in Georgia is still actual. Based on the analysis, appropriate suggestions in the field of social security are made, and relevant recommendations are proposed.

Keywords: social security, social system, social policy, social security models

Procedia PDF Downloads 40
3721 Applying Maslow’s Theory for Business Analysis

Authors: Ashish Adike

Abstract:

Business analysis is the process of understanding complex business requirements and transforming them into a user-friendly solution. In order to meet the increasing needs of business, there has been an evolution of technologies like artificial intelligence, 3D printing, augmented reality, etc. This paper presents the evolution of business needs in the form of a pyramid and the importance of business analysis at each stage in order to better provide a solution to the business challenges. The paper draws an analogy to basic Maslow’s theory of human needs (although there have been some developments to the theory lately) and compares it to the evolution of business needs and the role of business analysis at each stage with a stage-by-stage comparison of Maslow’s pyramid of needs. The five evolving stages of requirements are data capture bottom of the pyramid), data security, system integration, user experience, and analytical capabilities (top of the pyramid). As we progress from bottom to top of the pyramid, the responsibility of business analysis to make recommendations to elicit the requirements from the users increases.

Keywords: Maslows Theory, requirements analysis, pyramid of needs, business analysis

Procedia PDF Downloads 55
3720 Teaching Students Collaborative Requirements Engineering: Case Study of Red:Wire

Authors: Dagmar Monett, Sven-Erik Kujat, Marvin Hartmann

Abstract:

This paper discusses the use of a template-based approach for documenting high-quality requirements as part of course projects in an undergraduate Software Engineering course. In order to ease some of the Requirements Engineering activities that are performed when defining requirements by using the template, a new CASE tool, RED:WIRE, was first developed and later tested by students attending the course. Two questionnaires were conceived around a study that aims to analyze the new tool’s learnability as well as other obtained results concerning its usability in particular and the Requirements Engineering skills developed by the students in general.

Keywords: CASE tool, requirements engineering, SOPHIST template, undergraduate course

Procedia PDF Downloads 282
3719 Classification of Impact Damages with Respect of Damage Tolerance Design Approach and Airworthiness Requirements

Authors: T. Mrna, R. Doubrava

Abstract:

This paper describes airworthiness requirements with respect damage tolerance. Damage tolerance determines the amount and magnitude of damage on parts of the airplane. Airworthiness requirements determine the amount of damage that can still be in flight capable of the condition. Component damage can be defined as barely visible impact damage, visible impact damage or clear visible impact damage. Damage is also distributed it according to the velocity. It is divided into low or high velocity impact damage. The severity of damage to the part of airplane divides the airworthiness requirements into several categories according to severity. Airworthiness requirements are determined by type airplane. All types of airplane do not have the same conditions for airworthiness requirements. This knowledge is important for designing and operating an airplane.

Keywords: airworthiness requirements, composite, damage tolerance, low and high velocity impact

Procedia PDF Downloads 444
3718 Legal Issues of Food Security in Republic of Kazakhstan

Authors: G. T. Aigarinova

Abstract:

This article considers the legal issues of food security as a major component of national security of the republic. The problem of food security is the top priority of the economic policy strategy of any state, the effectiveness of this solution influences social, political, and ethnic stability in society. Food security and nutrition is everyone’s business. Food security exists when all people, at all times, have physical, social and economic access to sufficient safe and nutritious food that meets their dietary needs and food preferences for an active and healthy life. By analyzing the existing legislation in the area of food security, the author identifies weaknesses and gaps, suggesting ways to improve it.

Keywords: food security, national security, agriculture, public resources, economic security

Procedia PDF Downloads 224
3717 Network Security Attacks and Defences

Authors: Ranbir Singh, Deepinder Kaur

Abstract:

Network security is an important aspect in every field like government offices, Educational Institute and any business organization. Network security consists of the policies adopted to prevent and monitor forbidden access, misuse, modification, or denial of a computer network. Network security is very complicated subject and deal by only well trained and experienced people. However, as more and more people become wired, an increasing number of people need to understand the basics of security in a networked world. The history of the network security included an introduction to the TCP/IP and interworking. Network security starts with authenticating, commonly with a username and a password. In this paper, we study about various types of attacks on network security and how to handle or prevent this attack.

Keywords: network security, attacks, denial, authenticating

Procedia PDF Downloads 229
3716 Rating the Importance of Customer Requirements for Green Product Using Analytic Hierarchy Process Methodology

Authors: Lara F. Horani, Shurong Tong

Abstract:

Identification of customer requirements and their preferences are the starting points in the process of product design. Most of design methodologies focus on traditional requirements. But in the previous decade, the green products and the environment requirements have increasingly attracted the attention with the constant increase in the level of consumer awareness towards environmental problems (such as green-house effect, global warming, pollution and energy crisis, and waste management). Determining the importance weights for the customer requirements is an essential and crucial process. This paper used the analytic hierarchy process (AHP) approach to evaluate and rate the customer requirements for green products. With respect to the ultimate goal of customer satisfaction, surveys are conducted using a five-point scale analysis. With the help of this scale, one can derive the weight vectors. This approach can improve the imprecise ranking of customer requirements inherited from studies based on the conventional AHP. Furthermore, the AHP with extent analysis is simple and easy to implement to prioritize customer requirements. The research is based on collected data through a questionnaire survey conducted over a sample of 160 people belonging to different age, marital status, education and income groups in order to identify the customer preferences for green product requirements.

Keywords: analytic hierarchy process (AHP), green product, customer requirements for green design, importance weights for the customer requirements

Procedia PDF Downloads 136
3715 A Scheme Cooperating with Cryptography to Enhance Security in Satellite Communications

Authors: Chieh-Fu Chang, Wan-Hsin Hsieh

Abstract:

We have proposed a novel scheme— iterative word-extension (IWE) to enhance the cliff effect of Reed-Solomon codes regarding the error performance at a specific Eb/N0. The scheme can be readily extended to block codes and the important properties of IWE are further investigated here. In order to select proper block codes specifying the desired cliff Eb/N0, the associated features of IWE are explored. These properties and features grant IWE ability to enhance security regarding the received Eb/N0 in physical layer so that IWE scheme can cooperate with the traditional presentation layer approach — cryptography, to meet the secure requirements in diverse applications. The features and feasibility of IWE scheme in satellite communication are finally discussed.

Keywords: security, IWE, cliff effect, space communications

Procedia PDF Downloads 327
3714 System Security Impact on the Dynamic Characteristics of Measurement Sensors in Smart Grids

Authors: Yiyang Su, Jörg Neumann, Jan Wetzlich, Florian Thiel

Abstract:

Smart grid is a term used to describe the next generation power grid. New challenges such as integration of renewable and decentralized energy sources, the requirement for continuous grid estimation and optimization, as well as the use of two-way flows of energy have been brought to the power gird. In order to achieve efficient, reliable, sustainable, as well as secure delivery of electric power more and more information and communication technologies are used for the monitoring and the control of power grids. Consequently, the need for cybersecurity is dramatically increased and has converged into several standards which will be presented here. These standards for the smart grid must be designed to satisfy both performance and reliability requirements. An in depth investigation of the effect of retrospectively embedded security in existing grids on it’s dynamic behavior is required. Therefore, a retrofitting plan for existing meters is offered, and it’s performance in a test low voltage microgrid is investigated. As a result of this, integration of security measures into measurement architectures of smart grids at the design phase is strongly recommended.

Keywords: cyber security, performance, protocols, security standards, smart grid

Procedia PDF Downloads 165
3713 Survey of Access Controls in Cloud Computing

Authors: Monirah Alkathiry, Hanan Aljarwan

Abstract:

Cloud computing is one of the most significant technologies that the world deals with, in different sectors with different purposes and capabilities. The cloud faces various challenges in securing data from unauthorized access or modification. Consequently, security risks and levels have greatly increased. Therefore, cloud service providers (CSPs) and users need secure mechanisms that ensure that data are kept secret and safe from any disclosures or exploits. For this reason, CSPs need a number of techniques and technologies to manage and secure access to the cloud services to achieve security goals, such as confidentiality, integrity, identity access management (IAM), etc. Therefore, this paper will review and explore various access controls implemented in a cloud environment that achieve different security purposes. The methodology followed in this survey was conducting an assessment, evaluation, and comparison between those access controls mechanisms and technologies based on different factors, such as the security goals it achieves, usability, and cost-effectiveness. This assessment resulted in the fact that the technology used in an access control affects the security goals it achieves as well as there is no one access control method that achieves all security goals. Consequently, such a comparison would help decision-makers to choose properly the access controls that meet their requirements.

Keywords: access controls, cloud computing, confidentiality, identity and access management

Procedia PDF Downloads 35
3712 Requirements Gathering for Improved Software Usability and the Potential for Usage-Centred Design

Authors: Kholod J. Alotaibi, Andrew M. Gravell

Abstract:

Usability is an important software quality that is often neglected at the design stage. Although methods exist to incorporate elements of usability engineering, there is a need for more balanced usability focused methods that can enhance the experience of software usability for users. In this regard, the potential for Usage-Centered Design is explored with respect to requirements gathering and is shown to lead to high software usability besides other benefits. It achieves this through its focus on usage, defining essential use cases, by conducting task modeling, encouraging user collaboration, refining requirements, and so on. The requirements gathering process in UgCD is described in detail.

Keywords: requirements gathering, usability, usage-centred design, computer science

Procedia PDF Downloads 224
3711 Multi-Dimension Threat Situation Assessment Based on Network Security Attributes

Authors: Yang Yu, Jian Wang, Jiqiang Liu, Lei Han, Xudong He, Shaohua Lv

Abstract:

As the increasing network attacks become more and more complex, network situation assessment based on log analysis cannot meet the requirements to ensure network security because of the low quality of logs and alerts. This paper addresses the lack of consideration of security attributes of hosts and attacks in the network. Identity and effectiveness of Distributed Denial of Service (DDoS) are hard to be proved in risk assessment based on alerts and flow matching. This paper proposes a multi-dimension threat situation assessment method based on network security attributes. First, the paper offers an improved Common Vulnerability Scoring System (CVSS) calculation, which includes confident risk, integrity risk, availability risk and a weighted risk. Second, the paper introduces deterioration rate of properties collected by sensors in hosts and network, which aimed at assessing the time and level of DDoS attacks. Third, the paper introduces distribution of asset value in security attributes considering features of attacks and network, which aimed at assessing and show the whole situation. Experiments demonstrate that the approach reflects effectiveness and level of DDoS attacks, and the result can show the primary threat in network and security requirement of network. Through comparison and analysis, the method reflects more in security requirement and security risk situation than traditional methods based on alert and flow analyzing.

Keywords: DDoS evaluation, improved CVSS, network security attribute, threat situation assessment

Procedia PDF Downloads 106
3710 Survey Based Data Security Evaluation in Pakistan Financial Institutions against Malicious Attacks

Authors: Naveed Ghani, Samreen Javed

Abstract:

In today’s heterogeneous network environment, there is a growing demand for distrust clients to jointly execute secure network to prevent from malicious attacks as the defining task of propagating malicious code is to locate new targets to attack. Residual risk is always there no matter what solutions are implemented or whet so ever security methodology or standards being adapted. Security is the first and crucial phase in the field of Computer Science. The main aim of the Computer Security is gathering of information with secure network. No one need wonder what all that malware is trying to do: It's trying to steal money through data theft, bank transfers, stolen passwords, or swiped identities. From there, with the help of our survey we learn about the importance of white listing, antimalware programs, security patches, log files, honey pots, and more used in banks for financial data protection but there’s also a need of implementing the IPV6 tunneling with Crypto data transformation according to the requirements of new technology to prevent the organization from new Malware attacks and crafting of its own messages and sending them to the target. In this paper the writer has given the idea of implementing IPV6 Tunneling Secessions on private data transmission from financial organizations whose secrecy needed to be safeguarded.

Keywords: network worms, malware infection propagating malicious code, virus, security, VPN

Procedia PDF Downloads 281
3709 Requirements Management in Agile

Authors: Ravneet Kaur

Abstract:

The concept of Agile Requirements Engineering and Management is not new. However, the struggle to figure out how traditional Requirements Management Process fits within an Agile framework remains complex. This paper talks about a process that can merge the organization’s traditional Requirements Management Process nicely into the Agile Software Development Process. This process provides Traceability of the Product Backlog to the external documents on one hand and User Stories on the other hand. It also gives sufficient evidence that the system will deliver the right functionality with good quality in the form of various statistics and reports. In the nutshell, by overlaying a process on top of Agile, without disturbing the Agility, we are able to get synergic benefits in terms of productivity, profitability, its reporting, and end to end visibility to all Stakeholders. The framework can be used for just-in-time requirements definition or to build a repository of requirements for future use. The goal is to make sure that the business (specifically, the product owner) can clearly articulate what needs to be built and define what is of high quality. To accomplish this, the requirements cycle follows a Scrum-like process that mirrors the development cycle but stays two to three steps ahead. The goal is to create a process by which requirements can be thoroughly vetted, organized, and communicated in a manner that is iterative, timely, and quality-focused. Agile is quickly becoming the most popular way of developing software because it fosters continuous improvement, time-boxed development cycles, and more quickly delivering value to the end users. That value will be driven to a large extent by the quality and clarity of requirements that feed the software development process. An agile, lean, and timely approach to requirements as the starting point will help to ensure that the process is optimized.

Keywords: requirements management, Agile

Procedia PDF Downloads 279
3708 User Requirements Analysis for the Development of Assistive Navigation Mobile Apps for Blind and Visually Impaired People

Authors: Paraskevi Theodorou, Apostolos Meliones

Abstract:

In the context of the development process of two assistive navigation mobile apps for blind and visually impaired people (BVI) an extensive qualitative analysis of the requirements of potential users has been conducted. The analysis was based on interviews with BVIs and aimed to elicit not only their needs with respect to autonomous navigation but also their preferences on specific features of the apps under development. The elicited requirements were structured into four main categories, namely, requirements concerning the capabilities, functionality and usability of the apps, as well as compatibility requirements with respect to other apps and services. The main categories were then further divided into nine sub-categories. This classification, along with its content, aims to become a useful tool for the researcher or the developer who is involved in the development of digital services for BVI.

Keywords: accessibility, assistive mobile apps, blind and visually impaired people, user requirements analysis

Procedia PDF Downloads 23
3707 The Benefits of Security Culture for Improving Physical Protection Systems at Detection and Radiation Measurement Laboratory

Authors: Ari S. Prabowo, Nia Febriyanti, Haryono B. Santosa

Abstract:

Security function that is called as Physical Protection Systems (PPS) has functions to detect, delay and response. Physical Protection Systems (PPS) in Detection and Radiation Measurement Laboratory needs to be improved continually by using internal resources. The nuclear security culture provides some potentials to support this research. The study starts by identifying the security function’s weaknesses and its strengths of security culture as a purpose. Secondly, the strengths of security culture are implemented in the laboratory management. Finally, a simulation was done to measure its effectiveness. Some changes were happened in laboratory personnel behaviors and procedures. All became more prudent. The results showed a good influence of nuclear security culture in laboratory security functions.

Keywords: laboratory, physical protection system, security culture, security function

Procedia PDF Downloads 67
3706 Knowledge Audit Model for Requirement Elicitation Process

Authors: Laleh Taheri, Noraini C. Pa, Rusli Abdullah, Salfarina Abdullah

Abstract:

Knowledge plays an important role to the success of any organization. Software development organizations are highly knowledge-intensive organizations especially in their Requirement Elicitation Process (REP). There are several problems regarding communicating and using the knowledge in REP such as misunderstanding, being out of scope, conflicting information and changes of requirements. All of these problems occurred in transmitting the requirements knowledge during REP. Several researches have been done in REP in order to solve the problem towards requirements. Knowledge Audit (KA) approaches were proposed in order to solve managing knowledge in human resources, financial, and manufacturing. There is lack of study applying the KA in requirements elicitation process. Therefore, this paper proposes a KA model for REP in supporting to acquire good requirements.

Keywords: knowledge audit, requirement elicitation process, KA model, knowledge in requirement elicitation

Procedia PDF Downloads 200