Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 3

Search results for: cyber-attack

3 Towards Resilient Cloud Computing through Cyber Risk Assessment

Authors: Hilalah Alturkistani, Alaa AlFaadhel, Nora AlJahani, Fatiha Djebbar

Abstract:

Cloud computing is one of the most widely used technology which provides opportunities and services to government entities, large companies, and standard users. However, cybersecurity risk management studies of cloud computing and resiliency approaches are lacking. This paper proposes resilient cloud cybersecurity risk assessment and management tailored specifically, to Dropbox with two approaches:1) technical-based solution motivated by a cybersecurity risk assessment of cloud services, and 2)a target personnel-based solution guided by cybersecurity-related survey among employees to identify their knowledge that qualifies them withstand to any cyberattack. The proposed work attempts to identify cloud vulnerabilities, assess threats and detect high risk components, to finally propose appropriate safeguards such as failure predicting and removing, redundancy or load balancing techniques for quick recovery and return to pre-attack state if failure happens.

Keywords: cybersecurity risk management plan, resilient cloud computing, cyberattacks, cybersecurity risk assessment

Procedia PDF Downloads 64
2 Security Report Profiling for Mobile Banking Applications in Indonesia Based on OWASP Mobile Top 10-2016

Authors: Bambang Novianto, Rizal Aditya Herdianto, Raphael Bianco Huwae, Afifah, Alfonso Brolin Sihite, Rudi Lumanto

Abstract:

The mobile banking application is a type of mobile application that is growing rapidly. This is caused by the ease of service and time savings in making transactions. On the other hand, this certainly provides a challenge in security issues. The use of mobile banking can not be separated from cyberattacks that may occur which can result the theft of sensitive information or financial loss. The financial loss and the theft of sensitive information is the most avoided thing because besides harming the user, it can also cause a loss of customer trust in a bank. Cyberattacks that are often carried out against mobile applications are phishing, hacking, theft, misuse of data, etc. Cyberattack can occur when a vulnerability is successfully exploited. OWASP mobile Top 10 has recorded as many as 10 vulnerabilities that are most commonly found in mobile applications. In the others, android permissions also have the potential to cause vulnerabilities. Therefore, an overview of the profile of the mobile banking application becomes an urgency that needs to be known. So that it is expected to be a consideration of the parties involved for improving security. In this study, an experiment has been conducted to capture the profile of the mobile banking applications in Indonesia based on android permission and OWASP mobile top 10 2016. The results show that there are six basic vulnerabilities based on OWASP Mobile Top 10 that are most commonly found in mobile banking applications in Indonesia, i.e. M1:Improper Platform Usage, M2:Insecure Data Storage, M3:Insecure Communication, M5:Insufficient Cryptography, M7:Client Code Quality, and M9:Reverse Engineering. The most permitted android permissions are the internet, status network access, and telephone read status.

Keywords: mobile banking application, OWASP mobile top 10 2016, android permission, sensitive information, financial loss

Procedia PDF Downloads 59
1 Cybersecurity Policy Recommendations for Public and Private Sector

Authors: Bradley Fowler, Kennedy Maranga

Abstract:

The purpose of this research is to share qualitative results of a document study deployed to comprehend how to improve cybersecurity public policy and compliance in public and private sector. Government published documents were collected from 43 countries, who publicly share a cybersecurity public policy or national cyber security strategy. Attaining these official documents enables the opportunity to analyze the strengths, weaknesses, opportunities, and threats enveloped in each one of these 43 countries cybersecurity public policy or national cybersecurity strategy. Utilizing a SWOT analysis helped comprehend the strengths embedded in the current policy to outweigh the threats. Evaluating opportunities engulfed in each policy helps define methods to diminish weaknesses. This strategy benefits all countries; enabling any country to mirror the methodologies deployed by these 43 countries to achieve optimal resilience against cyber-attacks, cyber-crime, cyber-terrorism, cyber warfare, cyber stalking, cyber sabotaging, and cyber-espionage The increasing reliance on information systems, software, APIs (Application Programming Interfaces), cloud computing architecture, Internet of Things, and technology tools enhanced or infused in public and private sector, requires an increased knowledge of cybersecurity public policy and the benefits of public private sector partnership, to enhance cybersecurity policy compliance. Thus, this research conveys what the U.S. Department of Homeland Security, National Security Agency, The White House, and industry practitioners are wrestling with regarding cybersecurity public policy and how these policies play a role in helping public and private sector effectively safeguard against cyberattack victimization. This research also shares details regarding global leadership and how invaluable effective leadership is in establishing resolutions to improve cybersecurity public policy development, implementation, and compliance in alignment with domestic and international cybersecurity laws. Furthermore, this research enables public and private sector to attain access to open-source information to increase knowledge of cybersecurity public policy and law worldwide. Additionally, this research delivers chronological events of cybercrimes that continues impacting decisions on what type of cybersecurity public policy can be useful to help private sector integrate cybersecurity public policy into the fabric of workplace cyber policy, to deter and decrease the number of successful cyber incidences incurred by human error. Finally, this research introduces cybersecurity policy-i.e., NIST SP 800 series publications, to improve policy modifications to meet the needs of public or private sector who rely on information technology, computer and information systems, cloud computing architecture, hardware, software, the Internet, or WIFI, for data collection, development, storage, and transmission. Data collection for this qualitative document research study, derives from official government published open sources that provides comprehension of this central phenomena. These official documents offer valid information to implement effective cybersecurity policy design and workplace compliance education and awareness training resolutions.

Keywords: cloud security policy, cybersecurity public policy, cybersecurity SWOT analysis, foreign cyber policy, information security policy, public policy

Procedia PDF Downloads 1