Your search keyword '"enterprise security"' showing total 67 results

1. ENSURING THE ECONOMIC SECURITY OF THE ENTERPRISE IN A MARKET ECONOMY.

Author

Musostova, Deshy, Dzobelova, Valentina, and Markaryan, Varvara

Subjects

*BUSINESS enterprises, *CAPITALISM, *ECONOMIC security

Abstract

The modern market environment is characterized by a high degree of uncertainty, fluctuations in supply and demand, as well as the influence of various external factors, such as inflation, currency fluctuations and legal changes. In these conditions, the enterprise must develop effective strategies to protect its financial, material and intellectual resources. In practice, economic security is implemented through a set of measures aimed at protecting capital, increasing the financial transparency and improvement of operational efficiency. A set of measures to ensure economic security allows you to minimize potential risks and strengthen the company's position in the market. [ABSTRACT FROM AUTHOR]

Published

2024

2. Zero Trust VPN (ZT-VPN): A Systematic Literature Review and Cybersecurity Framework for Hybrid and Remote Work.

Author

Zohaib, Syed Muhammad, Sajjad, Syed Muhammad, Iqbal, Zafar, Yousaf, Muhammad, Haseeb, Muhammad, and Muhammad, Zia

Subjects

*FLEXIBLE work arrangements, *TELECOMMUTING, *PRIVATE security services, *VIRTUAL private networks, *INFORMATION technology security, *WIDE area networks

Abstract

Modern organizations have migrated from localized physical offices to work-from-home environments. This surge in remote work culture has exponentially increased the demand for and usage of Virtual Private Networks (VPNs), which permit remote employees to access corporate offices effectively. However, the technology raises concerns, including security threats, latency, throughput, and scalability, among others. These newer-generation threats are more complex and frequent, which makes the legacy approach to security ineffective. This research paper gives an overview of contemporary technologies used across enterprises, including the VPNs, Zero Trust Network Access (ZTNA), proxy servers, Secure Shell (SSH) tunnels, the software-defined wide area network (SD-WAN), and Secure Access Service Edge (SASE). This paper also presents a comprehensive cybersecurity framework named Zero Trust VPN (ZT-VPN), which is a VPN solution based on Zero Trust principles. The proposed framework aims to enhance IT security and privacy for modern enterprises in remote work environments and address concerns of latency, throughput, scalability, and security. Finally, this paper demonstrates the effectiveness of the proposed framework in various enterprise scenarios, highlighting its ability to prevent data leaks, manage access permissions, and provide seamless security transitions. The findings underscore the importance of adopting ZT-VPN to fortify cybersecurity frameworks, offering an effective protection tool against contemporary cyber threats. This research serves as a valuable reference for organizations aiming to enhance their security posture in an increasingly hostile threat landscape. [ABSTRACT FROM AUTHOR]

Published

2024

3. Use of special technical means (polygraph) on personnel recruitment in corporate structures

Author

A. Yu. Tsygankov and A. A. Kravchuk

Subjects

screening, polygraph, psychophysiological studies, a survey with the use of a polygraph, trade secret, enterprise security, Sociology (General), HM401-1281, Economics as a science, HB71-74

Abstract

The article studies some aspects of specialized polygraph device application in the process of personnel recruitment in corporate structures. The authors cite the sociological surveys results that reflect the attitude of employers and employees towards polygraph checks at the stage of their employment. The methods and spheres of polygraph application for professional-psychological selection have been analyzed. The special psychophysiological research procedure with the use of the polygraph has been described, including recommendations on the questions formulation to obtain reliable results. The legislation of the Russian Federation regulating the conduct of such research has also been considered. The authors concluded that the use of the polygraph device is a relevant and promising tool, which is increasingly used in the personnel recruitment in corporate structures, as evidenced by the sociological surveys results. However, the research peculiarity on the polygraph tests prospects in personnel recruitment is currently complicated by the lack of open data from the companies themselves, since such data constitute commercial secrets and are not subject to public disclosure in accordance with the Federal Law “On Trade Secrets”.

Published

2024

4. METHODOLOGICAL APPROACHES TO ENTERPRISE SECURITY MANAGEMENT: TRADITIONAL AND TRANSFORMED TO THE CONDITIONS OF FUNCTIONING.

Author

Kapeliushna, T., Lehominova, S., Goloborodko, A., Lysetskyi, Yu., and Nosova, T.

Subjects

HOUSEKEEPING, BUSINESS enterprises

Abstract

Purpose. To analyse the methodological approaches to enterprise security management with the allocation of traditional ones and those transformed to modern uncertain conditions of functioning. Methodology. The methodological basis of the study was the scientific works by domestic and foreign scholars to identify the main theoretical provisions on approaches to security management, which were further analysed for their essence and feasibility of use in specific conditions of enterprise functioning. By combining the methods of analysis, synthesis, morphological analysis, and generalisations, the authors have managed to identify traditional approaches to enterprise management and those transformed to modern conditions which are inter-integrated and complementary. Findings. A map of the integration of traditional methodological approaches of enterprise security management and those transformed to modern conditions was formed and proposed, which can be used by enterprises to find effective approaches to security management depending on the object to which the management vector is immediately directed. Originality. The authors analyse a number of approaches to enterprise security management, starting with traditional approaches and moving towards their change depending on the conditions and environment of enterprise functioning. The authors trace the layering of several approaches on the traditional ones simultaneously, which is explained by the complication of the conditions of functioning of enterprises. The importance of finding approaches to management depending on the conditions of functioning of the enterprise and the security object to which security management is focused is emphasised. Practical value. The analysis and the results obtained are of practical value in terms of the feasibility of application at enterprises regardless of their industry, in addition to the effectiveness of the proposed map of approaches, which is variably integrated, taking into account the conditions and the object of management. This will allow one to broadly cover security issues and methodically solve them using a specifically selected approach. [ABSTRACT FROM AUTHOR]

Published

2024

5. Using a Digital Transformation to Improve Enterprise Security—A Case Study

Author

Conner, David Brookshire, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, van Leeuwen, Jan, Series Editor, Hutchison, David, Editorial Board Member, Kanade, Takeo, Editorial Board Member, Kittler, Josef, Editorial Board Member, Kleinberg, Jon M., Editorial Board Member, Kobsa, Alfred, Series Editor, Mattern, Friedemann, Editorial Board Member, Mitchell, John C., Editorial Board Member, Naor, Moni, Editorial Board Member, Nierstrasz, Oscar, Series Editor, Pandu Rangan, C., Editorial Board Member, Sudan, Madhu, Series Editor, Terzopoulos, Demetri, Editorial Board Member, Tygar, Doug, Editorial Board Member, Weikum, Gerhard, Series Editor, Vardi, Moshe Y, Series Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, and Moallem, Abbas, editor

Published

2024

6. Log Analysis for Feature Engineering and Application of a Boosting Algorithm to Detect Insider Threats

Author

Besnaci, Samiha, Hafidi, Mohamed, Lamia, Mahnane, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Bennour, Akram, editor, Bouridane, Ahmed, editor, and Chaari, Lotfi, editor

Published

2024

7. Formation of the Security Plane of Enterprise under the Influence of Risks and Threats

Author

Kapeliusha Tetiana V.

Subjects

enterprise security, threat, risk, uncertainty, hazard, security plane, states of security, Business, HF5001-6182

Abstract

The article is devoted to the issue of security, which is currently in sight as the most demanded and necessary need for the functioning of economic entities, the population, and the world. The etymology of the concepts of «risk» and «threat» is analyzed, arguments on the need for a clear distinction between these categories are provided. It is noted that risk is the probability of occurrence of an event and does not always lead to negative consequences. The threat is the result of the realization of the risk, the degree of its impact on the results of activities is significant, and sometimes destructive, which can lead to significant losses on the part of the enterprise. Definitions of the concepts of security and danger, which correlate and are a reflection of each other, are provided. It is emphasized that security and danger are opposite in their meanings, since security consists in the absence of danger, in addition, the enterprise is secure when it is really protected from dangers. It is found that both concepts are states, while security is characterized by development, and danger is characterized by decline and stagnation. It is proposed to consider security and danger in the formed plane to eliminate the confusion of the concepts of risks and threats. The areas of display of the state of security (danger) under the influence of risks and threats are allocated, their graphical representation is provided. The reflection of the difference between the impact of risks and threats, their action in the form of the results of changes in the signs of security with the formation of prerequisites for danger is presented. It is proposed to consider the features of enterprise through the following results of activity: ability to develop, competitiveness, sustainability, solvency, profitability and profitability, interests of stakeholders. The plane of security along the vector of movement of risks and threats depending on the strength of their action is outlined. In this way, the state of security varies, starting from the traditional absolutely sustainable; followed by sustainable and conditionally sustainable – up to the states that will be destructive. The key features of the security status are defined by reflecting the difference in the impact of risks and threats. The importance of the obtained results of the study, in particular the differentiation of risks and threats, for the formation of the security plane of the enterprise and the choice of effective approaches to security management depending on the location of the enterprise in a specific plane is proved.

Published

2024

8. Zero Trust VPN (ZT-VPN): A Systematic Literature Review and Cybersecurity Framework for Hybrid and Remote Work

Author

Syed Muhammad Zohaib, Syed Muhammad Sajjad, Zafar Iqbal, Muhammad Yousaf, Muhammad Haseeb, and Zia Muhammad

Subjects

zero trust architecture (ZTA), virtual private network (VPN), security and privacy, enterprise security, security services, secure remote access, Information technology, T58.5-58.64

Abstract

Modern organizations have migrated from localized physical offices to work-from-home environments. This surge in remote work culture has exponentially increased the demand for and usage of Virtual Private Networks (VPNs), which permit remote employees to access corporate offices effectively. However, the technology raises concerns, including security threats, latency, throughput, and scalability, among others. These newer-generation threats are more complex and frequent, which makes the legacy approach to security ineffective. This research paper gives an overview of contemporary technologies used across enterprises, including the VPNs, Zero Trust Network Access (ZTNA), proxy servers, Secure Shell (SSH) tunnels, the software-defined wide area network (SD-WAN), and Secure Access Service Edge (SASE). This paper also presents a comprehensive cybersecurity framework named Zero Trust VPN (ZT-VPN), which is a VPN solution based on Zero Trust principles. The proposed framework aims to enhance IT security and privacy for modern enterprises in remote work environments and address concerns of latency, throughput, scalability, and security. Finally, this paper demonstrates the effectiveness of the proposed framework in various enterprise scenarios, highlighting its ability to prevent data leaks, manage access permissions, and provide seamless security transitions. The findings underscore the importance of adopting ZT-VPN to fortify cybersecurity frameworks, offering an effective protection tool against contemporary cyber threats. This research serves as a valuable reference for organizations aiming to enhance their security posture in an increasingly hostile threat landscape.

Published

2024

9. A Framework for Migrating to Post-Quantum Cryptography: Security Dependency Analysis and Case Studies

Author

Khondokar Fida Hasan, Leonie Simpson, Mir Ali Rezazadeh Baee, Chadni Islam, Ziaur Rahman, Warren Armstrong, Praveen Gauravaram, and Matthew McKague

Subjects

Cryptography, enterprise security, information security, post-quantum cryptography, PQC migration, quantum threat, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Quantum computing is emerging as a significant threat to information protected by widely used cryptographic systems. Cryptographic methods, once deemed secure for decades, are now at risk of being compromised, posing a massive threat to the security of sensitive data and communications across enterprises worldwide. As a result, there is an urgent need to migrate to quantum-resistant cryptographic systems. This is no simple task. Migrating to a quantum-safe state is a complex process, and many organisations lack the in-house expertise to navigate this transition without guidance. In this paper, we present a comprehensive framework designed to assist enterprises with this migration. Our framework outlines essential steps involved in the cryptographic migration process, and leverages existing organisational inventories. The framework facilitates the efficient identification of cryptographic assets and can be integrated with other enterprise frameworks smoothly. To underscore its practicality and effectiveness, we have incorporated case studies that utilise graph-theoretic techniques to pinpoint and assess cryptographic dependencies. This is useful in prioritising crypto-systems for replacement.

Published

2024

10. Enterprise Data Security in the Cloud Environment: Threat Analysis

Author

Tetiana Kapeliushna

Subjects

enterprise security, uncertain conditions, cloud services security, virtual it infrastructure, cyber incidents, Accounting. Bookkeeping, HF5601-5689, Finance, HG1-9999

Abstract

Wider use of cloud services leads to increased cyber attacks on data arrays in cloud storage. Ensuring privacy in the cloud comes at a cost, and businesses are willing to bear these costs for data security. However, there is still a high risk of data being tracked and stolen due to existing vulnerabilities in the Internet environment. The purpose of the article is to analyze threats to data in the cloud environment under conditions of uncertainty and to reveal their increase in the virtual IT infrastructure of the enterprise. The advantages and disadvantages of enterprises using cloud services for data storage were revealed. Considering the amount of financial losses and reputational risks, the issue of protecting networks and services in the cloud, especially when hosting confidential or secret information, is a priority for enterprises of all industries. According to Significant Cyber Incidents, cyber incidents against government, defence and high-tech companies in the world were analyzed during 2021-2022. It was found that the attacks were primarily aimed at critical infrastructure enterprises and government organizations. Analysis of data from the Future Risk Report 2022 shows that climate change, geopolitical tensions, cyber security risks, and energy risks will remain the most significant risks over the next decade. It was revealed that since the beginning of the full-scale invasion, the number of attacks on Ukrainian enterprises of critical infrastructure and the telecommunications sphere has increased significantly. This shows that hacker attacks are one of the tools of hybrid warfare, capable of causing significant damage to the country's economy. The revealed trend in Ukraine confirms the predictions of international experts that cyber threats will grow in conditions of uncertainty and geopolitical instability. The article provides a chronology of massive cyberattacks on Ukrainian enterprises and organizations in the IT sphere over the past two years. It was determined that the means of reducing risks in the field of cyber security, which lead to the saving of costs of enterprises for data security, are the tools of artificial intelligence of security and further automation of threat identification. Thus, cyber security becomes an integral component in ensuring the full functioning of the enterprise, and the ways and means of its achievement require further research.

Published

2023

11. Enterprise Data Security in the Cloud Environment: Threat Analysis.

Author

Kapeliushna, Tetiana

Subjects

INFORMATION technology, INFORMATION technology industry, CLOUD computing, INFRASTRUCTURE (Economics), CLOUD storage

Abstract

Wider use of cloud services leads to increased cyber attacks on data arrays in cloud storage. Ensuring privacy in the cloud comes at a cost, and businesses are willing to bear these costs for data security. However, there is still a high risk of data being tracked and stolen due to existing vulnerabilities in the Internet environment. The purpose of the article is to analyze threats to data in the cloud environment under conditions of uncertainty and to reveal their increase in the virtual IT infrastructure of the enterprise. The advantages and disadvantages of enterprises using cloud services for data storage were revealed. Considering the amount of financial losses and reputational risks, the issue of protecting networks and services in the cloud, especially when hosting confidential or secret information, is a priority for enterprises of all industries. According to Significant Cyber Incidents, cyber incidents against government, defence and high-tech companies in the world were analyzed during 2021-2022. It was found that the attacks were primarily aimed at critical infrastructure enterprises and government organizations. Analysis of data from the Future Risk Report 2022 shows that climate change, geopolitical tensions, cyber security risks, and energy risks will remain the most significant risks over the next decade. It was revealed that since the beginning of the full-scale invasion, the number of attacks on Ukrainian enterprises of critical infrastructure and the telecommunications sphere has increased significantly. This shows that hacker attacks are one of the tools of hybrid warfare, capable of causing significant damage to the country's economy. The revealed trend in Ukraine confirms the predictions of international experts that cyber threats will grow in conditions of uncertainty and geopolitical instability. The article provides a chronology of massive cyberattacks on Ukrainian enterprises and organizations in the IT sphere over the past two years. It was determined that the means of reducing risks in the field of cyber security, which lead to the saving of costs of enterprises for data security, are the tools of artificial intelligence of security and further automation of threat identification. Thus, cyber security becomes an integral component in ensuring the full functioning of the enterprise, and the ways and means of its achievement require further research. [ABSTRACT FROM AUTHOR]

Published

2023

12. Theoretical-definitive exposition of the categorical apparatus for investigating the management of environmental safety in an enterprise

Author

Arthur Amber

Subjects

security, national security, enterprise security, environmental security, environmental security of enterprise, enterprise environmental security management, Economic growth, development, planning, HD72-88, Economics as a science, HB71-74

Abstract

Relevance of the research topic. Modern requirements for enterprises include compliance with environmental norms and standards to ensure not only the safety of people's lives and health but also the preservation of the natural environment. Such an approach is a necessary condition for the development of sustainable business and ensuring economic stability of enterprises in the long term. Problem statement. Environmental safety management of enterprises is one of the most pressing and complex problems faced by business structures today. On the one hand, companies are interested in maximizing sales of their goods and services, while on the other hand, they must comply with the requirements of state legislation and international recommendations in the field of environmental protection. Analysis of recent research and publications. The works of such Ukrainian scientists as O.I. Basarab, Ye.S. Belash, I.V. Breslavska, V.I. Danylevsky, H.M. Drozd, O.O. Drozdova, M.I. Zhurba, I.P. Kalinina, and others are devoted to the study of theoretical, methodological, and practical aspects of environmental safety management of enterprises. Highlighting previously unresolved parts of a common issue. Despite the abundance of scientific studies on the management of environmental safety in enterprises, the question of its role and position within the broader system of national security of the state remains a topic of ongoing discussion. The aim of the article is to develop a theoretical and definitive exposition of the categorical apparatus for managing the environmental safety of enterprises. The main objectives of the study are: to investigate existing approaches to interpreting the essence of the concept of «environmental safety management of enterprises» and to develop, based on their analysis, a theoretical and definitive exposition of the categorical apparatus for managing the environmental safety of enterprises, taking into account modern trends and challenges of sustainable development. Research methods. The article utilized a historical approach, a systems approach, methods of analysis and synthesis, deduction, logical method, and generalization as the basis of the research. Results of the research. The following approaches to interpreting the essence of the concept of «environmental safety management of enterprises» were identified: social, complex, sectoral, legal, regional, natural resource, risk-oriented, process-oriented, and results-oriented approaches. Each of these approaches has its own characteristics and is used depending on the needs of the enterprise and the specific situation. A theoretical and definitive exposition of the categorical apparatus for managing the environmental safety of enterprises was developed. Field of application of the results. The research findings can be used to improve theoretical approaches and develop effective strategies for managing the environmental safety of enterprises. Conclusions. Thus, the environmental safety of an enterprise is an integral part of national security. The theoretical and definitive exposition of the categorical apparatus for managing the environmental safety of an enterprise is presented as follows: Safety is a comprehensive state of absence of threats and risks that can cause harm to people, the environment, and property, which is ensured not only by reactive responses to potential threats but also by a proactive approach to ensuring safety through preventive measures and reducing the potential consequences of potential threats. Environmental safety of an enterprise is a complex state in which the activities of the enterprise do not violate the self-regulation ability of natural ecosystems, ensure the preservation of biodiversity and climate, avoid the creation of new environmental risks, reduce the negative impact of anthropogenic factors on the environment, and ensure the safety and health of the population. Management of the environmental safety of an enterprise is a system of strategic planning, coordination, and implementation of measures to minimize the negative impact of the enterprise on the environment, ensure compliance with environmental legislation and standards, reduce environmental risks, and promote the principles of sustainable development.

Published

2023

13. ANALYSIS OF DIGITALIZATION CHANGES AND THEIR IMPACT ON ENTERPRISE SECURITY MANAGEMENT UNDER UNCERTAINTY.

Author

Kapeliushna, T., Goloborodko, A., Nesterenko, S., Bezhenar, I., and Matviichuk, B.

Subjects

INTRUSION detection systems (Computer security), MARTIAL law, DIGITAL technology, THIRD-party software, CYBERTERRORISM, ELECTRONIC services

Abstract

Copyright of Scientific Bulletin of National Mining University is the property of National Mining University, State Higher Educational Institution and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

14. A Model for Implementing Digital Personnel Management in Security and Safety for Engineering Enterprises.

Author

Krasivskyу, Orest, Pirozhenko, Natalija, Samborska, Oksana, Harbusiuk, Valerii, and Inozemtseva, Oksana

Subjects

INDUSTRIAL safety, PERSONNEL management, SECURITY personnel, ENGINEERING services, BUSINESS enterprises

Abstract

The main purpose of the article is to study the key aspects of digital personnel management of socio-economic systems in terms of security and safety. The object of the study will be enterprises providing engineering services to ensure safety and security. According to the results of the study, the main scientific and theoretical novelty was the formation of a model for the implementation of digital personnel management in terms of ensuring security and safety for an enterprise providing engineering services. The study has limitations and they consist in considering only enterprises providing engineering services, which are a specific type of activity. Further research should be devoted to the study of personnel security against the background of the formation of new principles of digital human resource management. The focus of the study is to focus on the features of digital personnel management and how it can be improved within the framework of security and safety as part of the active development of Industry 4.0. For practitioners and scientists, the consequences of the results of the study may have some beneficial effect on the way the proposed model and its components work. [ABSTRACT FROM AUTHOR]

Published

2023

15. Securing ERP Cyber Systems by Preventing Holistic Industrial Intrusion

Author

Kaushik, Sunil, Chlamtac, Imrich, Series Editor, Bhardwaj, Akashdeep, editor, and Sapra, Varun, editor

Published

2021

16. Analysis of the Problems of Industrial Enterprises Information Security Audit

Author

Barankova, I. I., Mikhailova, U. V., Kalugina, O. B., Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Hirche, Sandra, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Möller, Sebastian, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zhang, Junjie James, Series Editor, Radionov, Andrey A., editor, and Karandaev, Alexander S., editor

Published

2020

17. Smart Assistants in IT Security – An Approach to Addressing the Challenge by Leveraging Assistants’ Specific Features

Author

Kubach, Michael, Roßnagel, Heiko, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, and Moallem, Abbas, editor

Published

2020

18. 제로 트러스트 기반 접근제어를 위한 기업 보안 강화 연구.

Author

이선아, 김범석, 이혜인, and 박원형

Subjects

INDUSTRY 4.0, ACCESS control, SECURITY systems, TELECOMMUTING, CLOUD computing, COVID-19

Abstract

With the advent of the Fourth Industrial Revolution, the paradigm of finance is also changing. As remote work becomes more active due to cloud computing and coronavirus, the work environment changes and attack techniques are becoming intelligent and advanced, companies should accept new security models to further strengthen their current security systems. Zero trust security increases security by monitoring all networks and allowing strict authentication and minimal access rights for access requesters with the core concept of doubting and not trusting everything. In addition, the use of NAC and EDR for identification subjects and data to strengthen access control of the zero trust-based security system, and strict identity authentication through MFA will be explained. Therefore, this paper introduces a zero-trust security solution that strengthens existing security systems and presents the direction and validity to be introduced in the financial sector. [ABSTRACT FROM AUTHOR]

Published

2022

19. Theoretical and Methodological Basis of Management of Enterprise Development Security

Author

Mushnykova Svitlana A.

Subjects

theoretical and methodological basis, enterprise development, enterprise security, mechanism for managing enterprise development security, Finance, HG1-9999, Economics as a science, HB71-74

Abstract

The aim of the article is to justify the theoretical and methodological basis of management of enterprise development security. The article determines that, under modern conditions, the complexity of the functioning of all levels of the national economy, including industrial enterprises, requires revolutionary changes in their management system if an enterprise is considered as a complex multi-structural system. The crisis signs observed over the past ten years can have both negative and positive impact on the transformation in activities of individual enterprises, lead to both development and degradation of an enterprise. Therefore, the theoretical and methodological basis of management of enterprise development security is proposed. The fundamental components of the theoretical and methodological basis of management of enterprise development security include: management goal, objectives, management principles, approaches, management methods and tools, which, in turn, is the basis for the formation of a convergent integrated mechanism for managing development security with a synergistic effect. In particular, the choice of a mechanism for managing enterprise development security is based on appropriate approaches. Along with the existing general scientific theoretical approaches to forming an effective enterprise management system, there proposed approaches to creating a system for managing enterprise development security, namely: aspectual, situational, systems, process, synergistic and systems-synergistic ones. The convergent integrated mechanism with a synergistic effect is based on the process of convergence of all methodological bases of security and development of an enterprise with obtaining a synergetic effect on its individual components.

Published

2020

20. The Level of Security of the Enterprise’s Development as a Balance of Statics and Dynamics: Parameterization of the Main Indicators of Activity

Author

Mushnykova Svitlana A.

Subjects

economic statics and dynamics, enterprise development, enterprise security, assessment of the security of the enterprise’s development, Business, HF5001-6182

Abstract

The article is aimed at forming a system of key indicators of activity in evaluating the optimal level of security of industrial enterprise through the balance of statics and dynamics. It is defined that in order to obtain the optimal level of security of the industrial enterprise development, it is necessary to achieve a balance of the factors wth both static and dynamic nature of action. Moreover, the dynamic status provides two possibilities: to cover statics and characterize the transformation of the totality of all economic systems, which are not static, for a certain time. In the course of the research, considering the experience of scholars on the general economic theory, the choice of static indicators within the activities of a separate industrial enterprise is substantiated, which can include the following: value of non-current assets, including average fixed assets value and depreciation; number of production staff with a fixed salary level; constant part of the cost of sold products; amount and value of equity capital. As a result of production, investment, innovation, financial and management activities, static indicators, which are basic, are transforming into indicators of dynamics that characterize the enterprise’s activities over a certain time along with change of the positive or negative nature of its development. The level of security of industrial enterprise can be evaluated by an integral indicator, which takes into account the specific characteristics of the enterprise and the limitedness of the resources available.

Published

2019

21. Cyber-Warranties as a Quality Signal for Information Security Products

Author

Woods, Daniel W., Simpson, Andrew C., Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Bushnell, Linda, editor, Poovendran, Radha, editor, and Başar, Tamer, editor

Published

2018

22. Enterprise network security from cloud computing perspective.

Author

Rongstad, Katherine and Ruidong Zhang

Subjects

COMPUTER network security, BUSINESS enterprises, CLOUD computing, DIRECTORIES

Abstract

This paper explains why Active Directory is becoming the core of enterprise security, and how identity management moving from on-premises Active Directory to Azure Active Directory is encouraging IT professionals to redesign their IT infrastructure. This paper is partly based on online research that is drawn from Attosol Technologies and Cyware Social resources. A case study was also conducted to further understand key concepts related to enterprise security. [ABSTRACT FROM AUTHOR]

Published

2021

23. The System Analysis of Ensuring the Stability of Innovative and Digital Economy on the Basis of Intellectual Comprehensive Security System

Author

Petr Ivanovich Ogorodnikov, Galina Mikhaylovna Zaloznaya, and Aleksandr Sergeevich Borovsky

Subjects

regional economic security, system approach, subsystems, general system, national security, comprehensive security, enterprise security, enterprise vulnerability, uncertainty of information, multi-criteria analysis, Regional economics. Space in economics, HT388

Abstract

The article is based on the system approach and the analysis of ensuring economic security as well as on the developed conceptual techniques devoted to the security of regional enterprises. We consider the issues of the interaction of subsystems of the general system of national security in regions. The purpose of the study is to develop a comprehensive methodology for the assessment of the national security in regions including all main directions: economy, ecology, information, etc. Currently, the need for a theory of security of regional enterprises has, first of all, an applied nature. At the same time, without basic fundamental knowledge of the theory of comprehensive security, it is impossible to provide sustainable development of regional enterprises. We conduct a comprehensive research of all types of security on the basis of the system approach and the analysis. Furthermore, we move from task-specific study to the system research of the examined objects and systems. It has allowed analysing the internal interrelations of subsystems including the subsystems of economic security in the framework of the general system of national security. We propose the method, which substantiates the quality of enterprise security using the fuzzy set method and fuzzy multi-criteria method in relation to the paper’s topic. Moreover, we apply the Bellman and Zadeh’s principle allowing to choose an option, which satisfies all criteria in the maximum degree. The developed approach to the formation of a comprehensive assessment of all types of security will allow providing sufficient explanations to the influence and interaction of subsystems within the national security’s general system as well as will significantly increase the economic stability of regional enterprises and organizations.

Published

2018

24. Adapting Enterprise Security Approaches for Evolving Cloud Processing and Networking Models

Author

Hutchison, Andrew, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Rak, Jacek, editor, Bay, John, editor, Kotenko, Igor, editor, Popyack, Leonard, editor, Skormin, Victor, editor, and Szczypiorski, Krzysztof, editor

Published

2017

25. Obfuscation and Diversification for Securing Cloud Computing

Author

Hosseinzadeh, Shohreh, Laurén, Samuel, Rauti, Sampsa, Hyrynsalmi, Sami, Conti, Mauro, Leppänen, Ville, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Chang, Victor, editor, Ramachandran, Muthu, editor, Walters, Robert J., editor, and Wills, Gary, editor

Published

2017

26. Mobile fog based secure cloud-IoT framework for enterprise multimedia security.

Author

Sood, Sandeep Kumar

Subjects

MESSAGE authentication codes, ADVANCED Encryption Standard, SECURE Sockets Layer (Computer network protocol), FOG, COMPUTER systems, DATA integrity

Abstract

With the dawn of computing era in the enterprise business, the methodologies for business have changed significantly. The enterprise information in the form of multimedia data is now being created and extensively shared over the internet. On the other side, the rapid and continuous growth of enterprises is causing the computing systems to evolve rapidly and continuously to match the pace of growth. This has led to the evolution of new technologies related to the enterprise environment. The advent of Internet of Things (IoT) and Cloud Computing in the enterprise environment is the result of its rapid and continuous requirement. But, their use has increased the complexity of enterprise computing systems especially in the domain of Enterprises Multimedia Security (EMS). In Cloud-IoT environment, the Enterprise Multimedia Data (EMD) stored at remote Cloud premises and subject to various kinds of vulnerabilities like data leakage, data modification and confidentiality breach. Hence, this paper proposes a distinctive EMS approach using Fog and Cloud to store different types of data and maintains their co-relation to prevent various EMD security breaches. In this paper, a Mobile Fog based Cloud-IoT framework for EMS has been designed in which only encrypted data is stored at the Cloud and its keys are securely stored at the enterprise premises on the Fog layer. It uses Advanced Encryption Standard (AES) for encryption, Message Authentication Code (MAC) for data integrity, Secure Socket Layer (SSL) for safe data transmission, tokenizer, hashing and data pointers for easy data search on Fog and Cloud. It stores the encryption/decryption and MAC keys encrypted with Master Encryption Key (MEK) securely at the enterprise premises on the Fog layer. For assured security of keys, the framework doesn't store MEK at any place on the network. The experimental result analyses acknowledge the highest level of security, better scalability and storage management as well as searching time efficiency in the proposed framework. The overall results analysis show that the proposed framework is highly secure to protect the multimedia data of an enterprise from the inside and outside threats and access of data is provided to the authorized enterprise users. [ABSTRACT FROM AUTHOR]

Published

2020

27. Security Qualitative Metrics for Open Web Application Security Project Compliance.

Author

Sönmez, Ferda Özdemir

Subjects

WEBOMETRICS, WEB-based user interfaces, SECURITIES analysts, MANUFACTURING processes, JAVA programming language

Abstract

The focus of this study is to find out repeatable features for large-scale enterprise web application production process related to based on OWASP security requirement list. As a result of a rigorous work including domain analysis for Java language and development frameworks and the examination of a large set of technical documents, 230 security qualitative metrics are discovered, under six categories. These security qualitative metrics are beneficial for security analysts as well as other parties such as designers, developers, and testers. The findings provide a developer/designer point of view and would help to make better decisions related to the environment set up, technology selection, and the architecture, design, and implementation details. As a result of this effort, the overall vulnerability level of the web applications would diminish significantly. [ABSTRACT FROM AUTHOR]

Published

2020

28. Thwarting Sophisticated Enterprise Attacks: Data-Driven Methods and Insights

Author

Ho, Grant

Subjects

Computer science, detection, enterprise security, security, spearphishing

Abstract

This dissertation builds new defenses to thwart digital attacks on enterprises. Specifically, we develop a set of data-driven insights and methods that enable organizations to uncover and stymie three prominent enterprise attacks: spearphishing, lateral phishing, and lateral movement. For each of these threats, we present new conceptual models that deconstruct each attack into a set of fundamental actions that an attacker must perform in order to succeed, enabling organizations to more precisely search for signs of such malicious activity. The successful detection systems we construct based on these models highlight the value of decomposing and pursuing attacks along two facets: preventing attackers from gaining entry into an enterprise’s network and hunting for attacker activity within an organization’s internal environment.Even with a clear specification of what to look for, uncovering sophisticated attacks has long eluded enterprises because such attacks give rise to a detection problem with two challenging constraints: an extreme class imbalance and a lack of ground truth. In particular, targeted enterprise attacks occur at a low rate, reflect the work of stealthy attackers (and thus frequently remain unknown and unlabeled), and transpire amidst a sea of anomalous-but-benign activity that inherently occurs within modern enterprise networks. This setting poses fundamental challenges to traditional machine learning methods, causing them to detect an insufficient number of attacks or produce an intractable volume of false positives. To overcome these challenges, we present a new approach to anomaly detection for security settings, specification-based anomaly detection, which we use to construct new detection algorithms for identifying rare attacks in large, unlabeled datasets.Combining these algorithms with the attack models we develop, we design and implement a set of detection systems that collectively form a defense-in-depth approach to unearthing and mitigating enterprise attacks. Through collaborations with three large organizations, we validate the efficacy and practicality of our approach. Given the ability of our systems to detect a wide-range of attacks, the low volume of false positives they generate, and the real-world adoption of many of our ideas, this dissertation illustrates the utility and promise of a data-empowered approach to thwarting enterprise attacks.

Published

2020

29. Automatic Generation of Domain Specific Customized Signatures for an Enterprise Intrusion Detection System Based on Sentimental Analysis

Author

Rama Rao, K. V. S. N., Battula, Sudheer Kumar, Kacprzyk, Janusz, Series editor, Mandal, J. K., editor, Satapathy, Suresh Chandra, editor, Kumar Sanyal, Manas, editor, Sarkar, Partha Pratim, editor, and Mukhopadhyay, Anirban, editor

Published

2015

30. Bibliography

Author

Donaldson, Scott E., Siegel, Stanley G., Williams, Chris K., Aslam, Abdul, Donaldson, Scott E., Siegel, Stanley G., Williams, Chris K., and Aslam, Abdul

Published

2015

31. Теоретико-методичний базис управління безпекою розвитку підприємства

Author

Мушникова, С. А.

Subjects

SECURITY management, BUSINESS enterprises, CRISES

Abstract

Copyright of Problems of Economy is the property of Research Centre for Industrial Developmen Problems of Nas and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2020

32. Security Qualitative Metrics for Open Web Application Security Project Compliance.

Author

Sönmez, Ferda Özdemir

Subjects

WEBOMETRICS, WEB-based user interfaces, SECURITIES analysts, MANUFACTURING processes

Abstract

The focus of this study is to find out repeatable features for large-scale enterprise web application production process related to based on OWASP security requirement list. As a result of a rigorous work including domain analysis for Java language and development frameworks and the examination of a large set of technical documents, 230 security qualitative metrics are discovered, under six categories. These security qualitative metrics are beneficial for security analysts as well as other parties such as designers, developers, and testers. The findings provide a developer/designer point of view and would help to make better decisions related to the environment set up, technology selection, and the architecture, design, and implementation details. As a result of this effort, the overall vulnerability level of the web applications would diminish significantly. [ABSTRACT FROM AUTHOR]

Published

2019

33. МЕТОДИЧНІ АСПЕКТИ ОЦІНЮВАННЯ РІВНЯ ФІНАНСОВОЇ БЕЗПЕКИ МАЛИХ ПІДПРИЄМСТВ

Author

Пахненко, О. М. and Криклій, О. А.

Abstract

Urgency of the research. The complicated economic conditions of the functioning of small enterprises in Ukraine determine the urgency of the problem of maintaining their financial security. Target setting. Management of financial security of an enterprise should be based on the results of assessing its current level, which determines the need to develop a suitable methodology. Actual scientific researches and issues analysis. The issues of assessing the level of financial security of enterprises are investigated in the works of such scientists as I. Blank, A. Verhun, K. Horyacheva, M. Yermoshenko, I. Zhuravlyova, T. Kuzenko, H. Portnova, T. Rzayeva, O. Cherneha. Uninvestigated parts of general matters defining. Most of the methods for assessing the level of financial security of enterprises are not adapted to the analysis of financial security of small business entities. The research objective. To improve the methodology of assessing the level of financial security of small enterprises. The statement of basic materials. The article proposes a methodical approach to assessing the level of financial security of small enterprises, which includes five steps: 1) identification of factors of influence, collection of input data; 2) determination of reference values of indicators; 3) normalization of input data; 4) estimating the deviations of the actual values of indicators from their reference values, calculation of the components of the integral indicator; 5) calculation of the integral indicator, providing the qualitative interpretation of the results. Conclusions. The proposed method for assessing the level of financial security takes into account the impact of factors on the level of financial security of small enterprises; applies different approaches to defining the reference values; provides a qualitative interpretation of the results. [ABSTRACT FROM AUTHOR]

Published

2018

34. ОЦІНКА ЕКОНОМІЧНОЇ БЕЗПЕКИ ПІДПРИЄМСТВА НА БАЗІ КОНЦЕПЦІЇ VBM

Author

Тетяна, Азарова

Subjects

ECONOMIC security, ECONOMIC indicators, ENTERPRISE value, SAFETY factor in engineering, ECONOMIC impact

Abstract

Introduction. Effective business in today's conditions requires the formation of a progressive methodology that will manage and predict the development of all areas of business entities. The main objective of the study is the development and implementation of a universal assessment model and ensuring a high level of economic security from the impact of internal and external threats. Methods. The methods of analysis, deduction, abstraction and analogy are used to reveal and construct the interconnections between elements of the enterprise's value management, the components of economic security and the basic processes of enterprise activity. As a result, an integrated indicator of economic security of the company is formed on the basis of modeling and formalization method. Results. The economic added value (EVA) methodology was analyzed and the enterprise value management factors were identified. The interrelation of the allocated values factors and economic safety's resource-functional components is justified. A set of factors for assessing the value of an enterprise and the level of safety of resource-functional components of economic security is grouped. A criterion for assessing the enterprise's economic security has been developed and proposed. As a result, a model of enterprise management is constructed, with the help of which both the level of economic security and the value of the enterprise are assessed and managed simultaneously. Discussion. Prospects for further research are aimed at improving the methodology for calculating the integral indicator of economic security. The study of the factors and indicators influence on the level of economic security for different ownership forms and management forms. [ABSTRACT FROM AUTHOR]

Published

2018

35. Изменение политики кадровой безопасности на предприятии в условиях пандемии COVID-19

Author

Sukach Kristina Denisovna and Uskov Vladislav Vladimirovich

Subjects

human resources, enterprise security, безопасность предприятия, personnel security, кадровая политика, pandemic, трудовые ресурсы, COVID-19, кадровая безопасность, пандемия, personnel policy

Abstract

Кадровая политика не является частью или чем-то большим за пределами системы экономической безопасности государства, государственного управления и национальной безопасности. Понятие «кадровая политика» подразумевает то, что связано с общим управлением, стратегией развития всей системы человеческих ресурсов государства, а также с культурой организации этой системы как социально-управленческого института и процесса по своей сути для решения как текущих, так и стратегических задач. В период неопределенности и высокой тревожности важно не только то, что компания делает, но и то, как она это делает. Распространение коронавирусной инфекции COVID-19 стало неожиданностью для всего мира, что вызвало значительную неопределенность в отношении будущего и ряд проблем, требующих тщательного решения., Personnel policy is not a part or something more beyond the system of economic security of the state, public administration and national security. The concept of "personnel policy" implies that it is connected with the general management, the strategy of development of the entire system of human resources of the state, as well as with the culture of organization of this system as a socio-managerial institution and process in its essence for solving both current and strategic tasks. In a period of uncertainty and high anxiety, it is important not only what a company does, but also how it does it. The spread of the Covid-19 coronavirus infection came as a surprise to the whole world, which caused considerable uncertainty about the future and a number of problems that require careful solutions.

Published

2022

36. Arquitecturas de seguridad OT y protección mediante Deception

Author

Scatton Londero, Alejandro, García Font, Víctor, and Mendoza Flores, Manuel Jesús

Subjects

enterprise security, Seguridad informática -- TFM, privacidad, privacitat, cybersecurity, Computer security --TFM, seguretat empresarial, ciberseguridad, Seguretat informàtica -- TFM, ciberseguretat, privacy, seguridad empresarial

Abstract

La finalidad de este trabajo persigue ahondar sobre el estado del arte de un sector que hasta hace no demasiado no era considerado desde el punto de vista de la ciberseguridad: los entornos industriales. Este tipo de entornos se han caracterizado por sufrir una gran evolución en las últimas décadas de forma que se han incorporado multitud de tecnologías que han permitido mejorar los procesos productivos. Sin embargo, esta incorporación de tecnologías, como por ejemplo la incorporación de dispositivos IoT, han traído consigo una serie de amenazas y problemas de seguridad, que en este tipo de entornos una interrupción de la operación puede tener un impacto muy elevado ya que pueden ser infraestructuras críticas para la vida cotidiana. De forma que se apliquen principios de seguridad básicos como pueden ser defensa en profundidad o segmentación de red se ha definido una arquitectura de referencia en base a estándares del sector como el IEC 62443. Adicionalmente, se ha implantado de manera práctica un entorno industrial virtualizado que ha permitido realizar pruebas con una tecnología como Deception, la cual aporta capacidades avanzadas de detección y permite mejorar las capacidades de ciber inteligencia de las organizaciones. Las conclusiones del trabajo han sido satisfactorias y han permitido definir esta serie de requisitos de seguridad en torno a una arquitectura de referencia, además de la aplicación de tecnologías deception con un resultado satisfactorio, lo cual permite dilucidad su posible incorporación como un mecanismo adicional de seguridad como parte del ecosistema OT. The purpose of this work is to study in depth the state of the art of a sector that until recently was not considered from the point of view of cybersecurity: industrial environments. This type of environment has undergone a great evolution in recent decades, with the incorporation of a wide range of technologies that have made it possible to improve production processes. However, this incorporation of technologies, such as the incorporation of IoT devices, has brought with it a series of threats and security problems, which in this type of environment an interruption of the operation can have a very high impact since they can be critical infrastructures for everyday life. In order to apply basic security principles such as defense in depth or network segmentation, a reference architecture has been defined based on industry standards such as IEC 62443. Additionally, a virtualized industrial environment has been implemented in a practical way, which has allowed testing with a technology such as Deception, which provides advanced detection capabilities and allows improving the cyber intelligence capabilities of organizations. The results of the work were positive and have made it possible to define a set of security requirements based on a reference architecture, in addition to the application of deception technologies with a successful result, which suggests its possible incorporation as an additional security mechanism as part of the OT ecosystem. La finalitat d'aquest treball persegueix aprofundir sobre l'estat de l'art d'un sector que fins no fa gaire no era considerat des del punt de vista de la ciberseguretat: els entorns industrials. Aquest tipus d'entorns s'han caracteritzat per patir una gran evolució en les darreres dècades de manera que s'hi han incorporat multitud de tecnologies que han permès millorar els processos productius. No obstant això, aquesta incorporació de tecnologies, com per exemple la incorporació de dispositius IoT, han portat una sèrie d'amenaces i problemes de seguretat, que en aquest tipus d'entorns una interrupció de l'operació pot tenir un impacte molt elevat ja que poden ser infraestructures crítiques per a la vida quotidiana. De manera que s'apliquin principis de seguretat bàsics com ara defensa en profunditat o segmentació de xarxa s'ha definit una arquitectura de referència en base a estàndards del sector com l'IEC 62443. Addicionalment, s'ha implantat de manera pràctica un entorn industrial virtualitzat que ha permès fer proves amb una tecnologia com Deception, la qual aporta capacitats avançades de detecció i permet millorar les capacitats de ciber intel·ligència de les organitzacions. Les conclusions del treball han estat satisfactòries i han permès definir aquesta sèrie de requisits de seguretat al voltant d'una arquitectura de referència, a més de l'aplicació de tecnologies deception amb un resultat satisfactori, cosa que permet dilucitat la seva possible incorporació com un mecanisme addicional de seguretat com a part de l'ecosistema OT.

Published

2022

37. Levers of enterprise security control: a study on the use, measurement and value contribution.

Author

Harrer, Jürgen and Wald, Andreas

Abstract

The assets of enterprises are increasingly exposed to internal and external threats like fraud, theft, embezzlement, sabotage, terrorism and industrial espionage. As a result, enterprise security (ES) as a support function is becoming more important and expenses for ES are significant. An important characteristic of ES setting it apart from other support functions is that in addition to the protection of material and immaterial assets, it is concerned with the physical integrity and survival of employees as a the most valuable asset. The management and control of ES is a challenging task as it requires the cooperation and coordination of security experts, individual managers receiving protection and several functional areas of the enterprise. Notwithstanding this development, there is virtually no research on management control of ES. Therefore, the aim of the paper is to present first empirical evidence on the use, measurement, and value contribution of ES and to introduce fundamental concepts and processes of ES management. We present a study based on qualitative interviews with security experts of German DAX-30 companies which we supplement with a standardized survey. Applying Simons' levers of control-framework we find that all four levers of control are used although there are significant differences regarding their elaboration and measurement practice as well as their integration in a consistent management control system. Our study lays conceptual and empirical foundations for future research on ES control. We contribute to research on management control by unlocking a new and increasingly important field of study. [ABSTRACT FROM AUTHOR]

Published

2016

38. Técnicas y herramientas para el análisis de debilidades en volcados de memoria RAM de sistemas basados en Linux

Author

Betancor Olivares, Juan Ramón, García Font, Víctor, and Méndez Muñoz, Víctor

Subjects

enterprise security, dumps, volcados de memoria, Seguridad informática -- TFM, anàlisi forense, análisis forense, forensic analysis, seguretat empresarial, Seguretat informàtica -- TFM, bolcats de memòria, Computer security -- TFM, seguridad empresarial

Abstract

La sociedad en los últimos años ha migrado de lo analógico a lo digital, depositando en el ciberespacio gran parte de nuestras vidas, desde cuentas de banco hasta números de teléfonos. Las organizaciones y empresas al ver las posibilidades que el mundo digital ofrece, a lo largo de los años también han dado el paso al ciberespacio. Sin embargo, no son los únicos a los que la tecnología ha llamado la atención, los criminales también se han visto atraídos debido al mundo de posibilidades y anonimato que se les ofrece. Desde los años 90 hasta nuestros días, el cibercrimen ha ido creciendo de forma imparable, así como las medidas de seguridad y prevención hacia dicho fenómeno, siendo una de estas el análisis forense. En el presente trabajo se analizarán las metodologías y técnicas existentes para análisis de volcados de memoria, así como la implementación de estas herramientas sobre un volcado de memoria de un sistema IoT estándar con el objetivo de identificar las debilidades que este presenta. Posteriormente se generará un informe con los datos obtenidos durante el proceso de análisis de tal manera que nos permita ver de manera clara si existe problemas y debilidades en cuanto a diseño e implementación. Finalmente, teniendo las conclusiones presentes, se propondrá y analizará diferentes alternativas y soluciones a nivel de análisis y diseño a los problemas encontrados de tal manera se puedan mitigar y evitar que estos ocurran en un futuro. In recent years, society has migrated from analog to digital, depositing much of our lives in cyberspace, from bank accounts to phone numbers. Organizations and companies seeing the possibilities that the digital world offers, over the years have also taken the step to cyberspace. However, they are not the only ones to whom technology has attracted attention, criminals have also been attracted due to the world of possibilities and anonymity offered to them. From the 90s to the present day, cybercrime has been growing unstoppably, as well as security and prevention measures towards this phenomenon, one of these being forensic analysis. In the present work we will analyze the existing methodologies and techniques for memory dumps analysis, as well as the implementation of these tools on a memory dump of a standard IoT system with the objective of identifying the weaknesses that it presents. Then, a report will be generated with the data obtained during the analysis process in a way that allows us to see clearly if there are problems and weaknesses in terms of design and implementation. Finally, having the conclusions, different alternatives and solutions at the level of analysis and design will be proposed and analyzed to the problems encountered in such a way that they can be mitigated and prevented from occurring in the future. La societat en els últims anys ha migrat de l'analògic al digital, dipositant en el ciberespai gran part de les nostres vides, des de comptes de banc fins a nombres de telèfons. Les organitzacions i empreses en veure les possibilitats que el món digital ofereix, al llarg dels anys també han fet el pas al ciberespai. No obstant això, no són els únics als quals la tecnologia ha cridat l'atenció, els criminals també s'han vist atrets a causa del món de possibilitats i anonimat que se'ls ofereix. Des dels anys 90 fins als nostres dies, el ciberdelicte ha anat creixent de manera imparable, així com les mesures de seguretat i prevenció cap a aquest fenomen, sent una d'aquestes l'anàlisi forense. En el present treball s'analitzaran les metodologies i tècniques existents per a anàlisis de bolcats de memòria, així com la implementació d'aquestes eines sobre un bolcat de memòria d'un sistema IoT estàndard amb l'objectiu d'identificar les febleses que aquest presenta. Posteriorment es generarà un informe amb les dades obtingudes durant el procés d'anàlisi de tal manera que ens permeti veure de manera clara si existeix problemes i febleses quant a disseny i implementació. Finalment, tenint les conclusions presents, es proposarà i analitzarà diferents alternatives i solucions a nivell d'anàlisi i disseny als problemes oposats de tal manera es puguin mitigar i evitar que aquests ocorrin en un futur.

Published

2020

39. Seguridad en redes empresariales: Protegiendo el acceso privilegiado

Author

López Jiménez, Daniel, García Font, Víctor, and Albós Raya, Amadeu

Subjects

enterprise security, privileged access, FreeIPA, seguretat empresarial, Computer security -- TFM, seguridad empresarial, infraestructures internes, Active Directory, acceso privilegiado, Seguridad informática -- TFM, Seguretat informàtica -- TFM, infraestructuras internas, internal infrastructures, accés privilegiat

Abstract

Este trabajo busca explicar y visibilizar los beneficios de utilizar un diseño seguro de infraestructura interna en las empresas de la actualidad. En los primeros capítulos se presentan las problemáticas principales por las cuales un cibercriminal suele comprometer con relativa facilidad este tipo de entornos y el origen de las mismas. Una vez entendido el origen de las problemáticas, se presenta la necesidad de utilizar un diseño de infraestructura seguro, ordenado y fácil de administrar y monitorizar. En este aspecto, se estudian diferentes buenas prácticas que ayudan a la implementación de este tipo de diseños. A continuación, se realiza la implementación práctica de un diseño seguro concreto -Active Directory Red Forest- aplicando todas las buenas prácticas vistas anteriormente y comprobando su eficacia para solventar o minimizar las problemáticas expuestas inicialmente. Por último, este trabajo finaliza con la realización de unas conclusiones sobre todo lo que se ha visto a lo largo del documento. This project aims to explain and visualize the benefits of using a safe well-organized internal infrastructure in today's enterprises. In the first chapters, common reasons for which cybercriminals tend to compromise these environments are presented along with their root causes. After their analysis and understanding, the need of a secure and easy manageable infrastructure design is presented. Different good practices are then studied to help the implementation of this type of designs. Subsequently, a practical implementation of a specific security design -Active Directory Red Forest- is carried out. Within this design, all the good practices previously seen are adopted and tested to ensure their effectiveness in solving or minimizing the problems exposed in the first chapters. Finally, this document finishes with some conclusions about all the contents studied. Aquest treball busca explicar i visibilitzar els beneficis d'utilitzar un disseny segur d'infraestructura interna en les empreses de l'actualitat. En els primers capítols es presenten les problemàtiques principals per les quals un cibercriminal sol comprometre amb relativa facilitat aquest tipus d'entorns i l'origen de les mateixes. Un cop entès l'origen de les problemàtiques, es presenta la necessitat d'utilitzar un disseny d'infraestructura segur, ordenat i fàcil d'administrar i monitoritzar. En aquest aspecte, s'estudien diferents bones pràctiques que ajuden a la implementació d'aquest tipus de dissenys. A continuació, es realitza la implementació pràctica d'un disseny segur concret -Active Directory Xarxa Forest- aplicant totes les bones pràctiques vistes anteriorment i comprovant la seva eficàcia per solucionar o minimitzar les problemàtiques exposades inicialment. Finalment, aquest treball finalitza amb la realització d'unes conclusions sobre tot el que s'ha vist al llarg de el document.

Published

2020

40. ВЛИЯНИЕ САНКЦИЙ НА ЭКОНОМИЧЕСКУЮ БЕЗОПАСНОСТЬ ПРЕДПРИЯТИЙ НЕФТЕГАЗОВОЙ ОТРАСЛИ

Subjects

экономическая безопасность, enterprise security, economic sanctions, безопасность предприятия, economic security structure, структура экономической безопасности, economic security, экономические санкции

Abstract

В статье анализируется воздействие санкций на экономическую безопасность предприятия на примере нефтегазовой отрасли., The impact of sanctions on the economic security of enterprise on the example of the oil and gas industry is analyzed.

Published

2019

41. LOCKS

Author

Kumar, Rajesh, Rensink, Arend, Stoelinga, Mariëlle I.A., Haddad, Hisham M., Wainwright, Roger L., and Chbeir, Richard

Subjects

Multi-objective query language, Computer science, media_common.quotation_subject, 0102 computer and information sciences, 02 engineering and technology, Type (model theory), 01 natural sciences, Attack model, Denotational semantics, Formal specification, 0202 electrical engineering, electronic engineering, information engineering, Enterprise security, media_common, computer.programming_language, Grammar, business.industry, Threat models, 020207 software engineering, Enterprise information security architecture, 010201 computation theory & mathematics, Threat model, Property Specification Language, Property specification language, Software engineering, business, computer, Quantitative security goals

Abstract

We introduce a formal specification language locks, that allow security practitioners to express as well as compose security goals in a convenient manner. locks supports the specification of the most common security properties over generic attributes, both for qualitative and quantitative goals. To make our language independent of a specific security framework, we evaluate locks over a generic attack model, namely the structural attack model (sam), which over-arches the most prominent graphical threat models. Furthermore, we equip our language with a concise grammar, type rules and denotational semantics, thus laying the foundations of an automated tool. We take a number of informal security goals from the literature and show how they can be formally expressed in our language.

Published

2018

42. Системный анализ обеспечения стабильности эффективного функционирования инновационной и цифровой экономики на основе интеллектуализации системы комплексной безопасности

Author

Ogorodnikov, P. I., Zaloznaya, G. M., Borovsky, A. S., Огородников, П. И., Залозная, Г. М., Боровский, А. С., Ogorodnikov, P. I., Zaloznaya, G. M., Borovsky, A. S., Огородников, П. И., Залозная, Г. М., and Боровский, А. С.

Abstract

The article is based on the system approach and the analysis of ensuring economic security as well as on the developed conceptual techniques devoted to the security of regional enterprises. We consider the issues of the interaction of subsystems of the general system of national security in regions. The purpose of the study is to develop a comprehensive methodology for the assessment of the national security in regions including all main directions: economy, ecology, information, etc. Currently, the need for a theory of security of regional enterprises has, first of all, an applied nature. At the same time, without basic fundamental knowledge of the theory of comprehensive security, it is impossible to provide sustainable development of regional enterprises. We conduct a comprehensive research of all types of security on the basis of the system approach and the analysis. Furthermore, we move from task-specific study to the system research of the examined objects and systems. It has allowed analysing the internal interrelations of subsystems including the subsystems of economic security in the framework of the general system of national security. We propose the method, which substantiates the quality of enterprise security using the fuzzy set method and fuzzy multi-criteria method in relation to the paper’s topic. Moreover, we apply the Bellman and Zadeh’s principle allowing to choose an option, which satisfies all criteria in the maximum degree. The developed approach to the formation of a comprehensive assessment of all types of security will allow providing sufficient explanations to the influence and interaction of subsystems within the national security’s general system as well as will significantly increase the economic stability of regional enterprises and organizations. © 2018 Institute of Economics Ural Branch of the Russian Academy of Sciences., Предложен предметный подход к формированию комплексной оценки всех видов безопасности. Рассмотрено влияние и взаимодействие подсистем общей системы национальной безопасности. Проведено формализованное описание процессов поддержки принятия решений в исследовании вопросов связи устойчивого развития бизнеса и системы комплексной безопасности.

Published

2018

43. Система управления финансовой безопасностью предприятия

Author

Рубан, Т. Е. and Рубан, Т. Е.

Published

2018

44. Методичні аспекти оцінювання рівня фінансової безпеки малих підприємств

Author

Pakhnenko, Olena Mykhailivna and Kryklii, Olena Anatoliivna

Subjects

малый бизнес, enterprise security, financial security, безопасность предприятия, small business, малий бізнес, мале підприємство, small enterprise, финансовая безопасность, фінансова безпека, малое предприятие, безпека підприємства

Abstract

У статті запропоновано методичний підхід до оцінювання рівня фінансової безпеки малих підприємств, реалізація якого включає п’ять етапів: 1) ідентифікація факторів впливу, формування масиву вхідних даних; 2) визначення еталонних значень показників; 3) нормалізація вхідних даних; 4) оцінка відхилень фактичних значень показників від еталонних, розрахунок складових інтегрального показника; 5) розрахунок інтегрального показника, надання якісної інтерпретації результатів. Запропонована методика оцінювання рівня фінансової безпеки дозволяє врахувати характер впливу факторів на рівень фінансової безпеки малих підприємств; застосувати диференційований підхід до визначення еталонних значень індикаторів; надати якісну інтерпретацію результатів. В статье предложен методический подход к оценке уровня финансовой безопасности малых предприятий, реализация которого включает пять этапов: 1) идентификация факторов влияния, формирование массива входных данных; 2) определение эталонных значений показателей; 3) нормализация входных данных; 4) оценка отклонений фактических значений показателей от эталонных, расчет составляющих интегрального показателя; 5) расчет интегрального показателя, предоставление качественной интерпретации результатов. Предложенная методика оценки уровня финансовой безопасности позволяет учесть характер влияния факторов на уровень финансовой безопасности малых предприятий; применить дифференцированный подход к определению эталонных значений индикаторов; предоставить качественную интерпретацию результатов. The article proposes a methodical approach to assessing the level of financial security of small enterprises, which includes five steps: 1) identification of factors of influence, collection of input data; 2) determination of reference values of indicators; 3) normalization of input data; 4) estimating the deviations of the actual values of indicators from their reference values, calculation of the components of the integral indicator; 5) calculation of the integral indicator, providing the qualitative interpretation of the results. The proposed method for assessing the level of financial security takes into account the impact of factors on the level of financial security of small enterprises; applies different approaches to defining the reference values; provides a qualitative interpretation of the results.

Published

2018

45. The essence of the strategy and its significance for the enterprise security

Author

Borysiuk, Olena V. and Malenytskyi, Dmytro S.

Subjects

фактори конкурентоспроможності, enterprise security, competitiveness, стратегія підприємства, enterprise strategy, competitive advantages, factors of competitiveness, strategy of enterprise development, конкурентні переваги, конкурентоспроможність

Abstract

Статтю присвячено дослідженню сутності стратегії та її значенню для безпеки підприємства. Проаналізовано різні підходи до класифікації стратегії підприємства. Сформульовано основні завдання стратегії та розглянуто її види. Надано рекомендації щодо впровадження стратегії та забезпечення конкурентоспроможності підприємства. Обґрунтовано актуальність дослідження та необхідність забезпечення стратегії підприємства в сучасних умовах. Розроблено класифікацію стратегій підприємства та виділено основні етапи її впровадження. The article is devoted to the study of the essence of the strategy and its significance for the enterprise security. The article analyzes various approaches to the classification of enterprise strategy. The main tasks of the strategy are formulated and its types are considered. The recommendations for implementation of the strategy and ensuring the competitiveness of the enterprise are given. The relevance of the research and the necessity of providing a strategy of the enterprise in modern conditions is substantiated. The classification of enterprise strategies is developed and the main stages of implementation of the strategy are highlighted.

Published

2018

46. The system analysis of ensuring the stability of innovative and digital economy on the basis of intellectual comprehensive security system

Author

Ogorodnikov, P. I., Zaloznaya, G. M., and Borovsky, A. S.

Subjects

GENERAL SYSTEM, REGIONAL ECONOMIC SECURITY, ENTERPRISE VULNERABILITY, SUBSYSTEMS, MULTI-CRITERIA ANALYSIS, SYSTEM APPROACH, NATIONAL SECURITY, COMPREHENSIVE SECURITY, UNCERTAINTY OF INFORMATION, ENTERPRISE SECURITY

Abstract

The article is based on the system approach and the analysis of ensuring economic security as well as on the developed conceptual techniques devoted to the security of regional enterprises. We consider the issues of the interaction of subsystems of the general system of national security in regions. The purpose of the study is to develop a comprehensive methodology for the assessment of the national security in regions including all main directions: economy, ecology, information, etc. Currently, the need for a theory of security of regional enterprises has, first of all, an applied nature. At the same time, without basic fundamental knowledge of the theory of comprehensive security, it is impossible to provide sustainable development of regional enterprises. We conduct a comprehensive research of all types of security on the basis of the system approach and the analysis. Furthermore, we move from task-specific study to the system research of the examined objects and systems. It has allowed analysing the internal interrelations of subsystems including the subsystems of economic security in the framework of the general system of national security. We propose the method, which substantiates the quality of enterprise security using the fuzzy set method and fuzzy multi-criteria method in relation to the paper’s topic. Moreover, we apply the Bellman and Zadeh’s principle allowing to choose an option, which satisfies all criteria in the maximum degree. The developed approach to the formation of a comprehensive assessment of all types of security will allow providing sufficient explanations to the influence and interaction of subsystems within the national security’s general system as well as will significantly increase the economic stability of regional enterprises and organizations. © 2018 Institute of Economics Ural Branch of the Russian Academy of Sciences. Предложен предметный подход к формированию комплексной оценки всех видов безопасности. Рассмотрено влияние и взаимодействие подсистем общей системы национальной безопасности. Проведено формализованное описание процессов поддержки принятия решений в исследовании вопросов связи устойчивого развития бизнеса и системы комплексной безопасности.

Published

2018

47. Overall process model - Integrated security model

Author

Dilibal, Satilmis

Subjects

Sicherheitsmaßnahmen prüfen, Qualitative research method, Security concept, Security domain, Unternehmenswerte, Krisenmanagement, Notfallmanagement, Prozess, Sicherheitsmanagement, Risikomanagement, Sicherheitsmanagementsystem, Check the security measures, Sicherheitsmaßnahmen umsetzen, Reisesicherheit, Physische Sicherheit, Sicherheitsaspekte, Privacy management, Information security, Sicherheitsmaßnahmen aktualisieren, Crisis management, PDCA cycle, Corporate and Information Security Management, Travel security, Update the security measures, Sicherheitskonzept, Prozessmanagement, Security Risk Management, PDCA-Zyklus, Teilprozessmodell, Sicherheitsdomäne, Personal security, Modellierung, Strategisches Management, Deming-Kreislauf, Security Management, Enterprise Security, Set security measures, Sicherheitsmaßnahmen festlegen, Integriertes Security-Modell, Qualitativen Forschungsmethode, Corporate Values, Personelle Sicherheit, Informationssicherheit, Safety Management System, Process architecture, Produkt- und Know-how-Schutz, Prozessarchitektur, Modeling, Unternehmenssicherheit, Workflow management, Emergency management, Integrated security model, Process, Physical security, Part Process Model, Risk management, Product and know-how protection, Datenschutzmanagement, Implement security measures, Ablauforganisation, Deming cycle, Business Continuity Management, Process management, Security aspects

Abstract

Kontext und Fragestellung: Die vorliegende Masterarbeit beschäftigt sich mit der Problematik der einzelnen Sicherheitsdomänen des „Corporate and Information Security Management“, welche in vielen Unternehmen nicht ganzheitlich und mit getrennten Prozessen betrachtet werden. Um eine systematische Vorgehensweise mit geregelten Abläufen schaffen zu können, wurde die folgende zentrale Forschungsfrage aufgestellt: „Wie können die historisch getrennten Sicherheitsdisziplinen und die ausgearbeiteten Teilprozessmodelle, unter Berücksichtig der zugrunde liegenden Theorien, in ein gemeinsames geschäftsprozessorientiertes und unternehmensstrategieadjustiertes Vorgehensmodell als ein Gesamtprozessmodell überführt werden?" Ziele der Arbeit: Das Ziel der angestrebten wissenschaftlichen Arbeit war, die vorgegebenen Teilprozesse des „Corporate and Information Security Management“ zu einem Gesamtprozessmodell zusammenzuführen, zu visualisieren und deren Anwendbarkeit zu prüfen. Theorie: Für die Umsetzung des Forschungsauftrages wurden die theoretischen Grundlagen des Prozessmanagements und der Unternehmenssicherheit im Sinne des Security Management herangezogen. Wissenschaftliche Methoden Für die Überprüfung der aufgestellten Hypothesen und zur Beantwortung der forschungsleitenden Fragen wurde die qualitative Forschungsmethode herangezogen. Ergebnisse: Die Ergebnisse der Untersuchung haben gezeigt, dass es mit den theoretischen Grundlagen und mit den ausgewählten wissenschaftlichen Methoden möglich ist, einzelne Teilprozesse zu einem Gesamtprozessmodell zu bündeln. Weiterer relevanter Forschungsbedarf wurde hierbei auch aufgezeigt. Context of the Thesis: This master thesis deals engages with problem of the individual security domains of the "Corporate and Information Security Management", which are not considered holistically and with separated processes in many companies. In order to create a systematic approach with regulated procedures, the following essential research question was raised: “How can the historically separated security disciplines and the developed sub-process models, taking into account the underlying theories, be transformed ( oder converted ) into a common business-process oriented and company strategy-adjusted approach model as an overall process model?" Goal of the Thesis The intention of the scientific research was to integrate the given sub-processes of the "Corporate and Information Security Management" into an overall process model, to visualize them and to examine their applicability. Theory: The theoretical fundamentals of process management and enterprise security in the sense of security management were used for the implementation of the research assignment. Methodology: The qualitative research method was used for the examination of the hypotheses and for answering the research questions. Results: The results of the study have revealed that it is possible with the theoretical fundamentals and with the selected scientific methods to bundle individual sub-processes into a consistent overall process model. Further relevant research requirements were also indicated. vorgelegt von: Satilmis Dilibal Wien, FH Campus Wien, Masterarb., 2017

Published

2017

48. The Implementation of Personnel and Social Programs of the Enterprise in the Aspect of Work with Young Specialists

Author

Kapelzon, A. А.

Subjects

A YOUNG PROFESSIONAL, ПРЕДПРИЯТИЕ, YOUTH POLICY, МОЛОДОЙ СПЕЦИАЛИСТ, ENTERPRISE, КАДРОВЫЕ И СОЦИАЛЬНЫЕ ПРОГРАММЫ, БЕЗОПАСНОСТЬ ПРЕДПРИЯТИЯ, PERSONNEL AND SOCIAL PROGRAMS, ENTERPRISE SECURITY, МОЛОДЕЖНАЯ ПОЛИТИКА

Abstract

The article is devoted to the implementation of human resources and social programs one of the defense enterprises of the Sverdlovsk region. The author showed that the economic security of an enterprise due to the social benefits and human resource perspectives, which are available to young professionals. The author used methods of statistical analysis, comparative analysis, document analysis, surveys of departures. Статья посвящена вопросам реализации кадровых и социальных программ одного из оборонных предприятий Свердловской области. Автор показал, что экономическая безопасность предприятия обусловлена теми социальными льготами и кадровыми перспективами, которые предоставляются молодым специалистам. Использованы методы статистического анализа, сравнительного анализа данных, анализа документов, анкетирование увольняющихся сотрудников.

Published

2017

49. The BASC Standard and enterprise security for safe trade in supermarkets in Bogota

Author

Ramos Beltrán, José Froilan and Ruiz Rendón, Néstor Raúl

Subjects

enterprise security, big surfaces, SEGURIDAD INDUSTRIAL, LOGISTICA EN LOS NEGOCIOS, ALMACENES DE CADENA, grandes superficies, BASC, seguridad empresarial, cadena de suministro, supply chain

Abstract

El concepto de la Seguridad en las grandes superficies abarca con amplitud varias esferas, como en el proceso de importación de mercancías, controles físicos y verificación de inventarios en la cadena de suministros, donde los servicios prestados deben ser los más seguros y de calidad, con el fin de brindar una seguridad para satisfacer las expectativas del cliente. Para ello, la normatividad y los estándares que regula la Business Alliance for Secure Commerce –BASC- , que traducido al español significa Alianza Empresarial para un Comercio Seguro, se convierte en la forma más versátil en que una organización se acoge de forma voluntaria a sus parámetros. The concept of security in large areas covered with amplitude several areas, including in the process of importing goods, physical controls and verification of inventory in the supply chain, where the services provided must be the safest and quality, in order to provide security to meet customer expectations. To this end, the regulations and standards governing the Business Alliance for Secure Commerce -BASC-, which translated into Spanish means Business Alliance for Secure Commerce, becomes the most versatile way an organization is welcomed voluntarily to their settings. Pregrado

Published

2016

50. Best Practices for Enterprises to Prevent Social Engineering Attacks.

Author

eWeek Editors

Subjects

*SOCIAL engineering (Fraud), *BEST practices, *SOCIAL enterprises, *INVESTMENT risk

Abstract

eWEEK BEST PRACTICES: Every organization will have its own definition of what an acceptable level of risk is and should make strong security decisions and investments backed by their risk threshold. But there are still certain baseline practices to follow. [ABSTRACT FROM AUTHOR]

Published

2021