Netværkssikkerhed

This SpringerBrief presents a brief introduction to probabilistic risk assessment (PRA), followed by a discussion of abnormal event detection techniques in industrial control systems (ICS). It also provides an introduction to the use of game theory for the development of cyber-attack response models and a discussion on the experimental testbeds used for ICS cyber security research. The probabilistic risk assessment framework used by the nuclear industry provides a valid framework to understand the impacts of cyber-attacks in the physical world. An introduction to the PRA techniques such as fault trees, and event trees is provided along with a discussion on different levels of PRA and the application of PRA techniques in the context of cybersecurity. A discussion on machine learning based fault detection and diagnosis (FDD) methods and cyber-attack detection methods for industrial control systems are introduced in this book as well.A dynamic Bayesian networks based method that can be used to detect an abnormal event and classify it as either a component fault induced safety event or a cyber-attack is discussed. An introduction to the stochastic game formulation of the attacker-defender interaction in the context of cyber-attacks on industrial control systems to compute optimal response strategies is presented. Besides supporting cyber-attack response, the analysis based on the game model also supports the behavioral study of the defender and the attacker during a cyber-attack, and the results can then be used to analyze the risk to the system caused by a cyber-attack. A brief review of the current state of experimental testbeds used in ICS cybersecurity research and a comparison of the structures of various testbeds and the attack scenarios supported by those testbeds is included. A description of a testbed for nuclear power applications, followed by a discussion on the design of experiments that can be carried out on the testbed and the associated results is covered as well.This SpringerBrief  is a useful resource tool for researchers working in the areas of cyber security for industrial control systems, energy systems and cyber physical systems. Advanced-level students that study these topics will also find this SpringerBrief useful as a study guide.

This book LNCS 13547 constitutes the proceedings of the 14th International Symposium on Cyberspace Safety and Security, CSS 2022, held in Xi'an, China, in October 2022.The 26 revised full papers presented were carefully reviewed and selected from 104 initial submissions. The papers focus on Cyberspace Safety and Security, such as authentication, access control, availability, integrity, privacy, confidentiality, dependability and sustainability issues of cyberspace.

This book constitutes the proceedings of the 5th International Conference, ICC3 2021, held in Coimbatore, India, during December 16-18, 2021.  The 14 full papers included in this book were carefully reviewed and selected from 84 submissions. They were organized in topical sections as follows: computational intelligence; cyber security; and computational models.

Mit dem Phanomen Big Data"e; als Teil einer datengetriebenen Zukunft verbinden sich seit Jahren enorme Hoffnungen und groe Angste. Immer mehr Akteure aus dem privaten und offentlichen Sektor sammeln und nutzen solche Datenmassen zu vielfaltigen Zwecken. Dabei stellt sich aus datenschutzrechtlicher Perspektive die Frage: Ist es moglich, Big-Data-Verfahren im Einklang mit der Datenschutz-Grundverordnung durchzufuhren oder bedeutet Big Data zwangslaufig Small Privacy"e;? Am Beispiel der Betrugsbekampfung mit Big Data in der Kraftfahrzeughaftpflichtversicherung analysiert Constantin Herfurth die datenschutzrechtlichen Rahmenbedingungen und entwickelt neue Modelle, um bewahrte Datenschutzgrundsatze innovativ anwenden zu konnen und eine "e;Big Accountability"e; zu schaffen. Dabei zeichnet er nicht nur ein differenzierteres Bild von Big Data, sondern zeigt auch Wege fur eine datenschutzkonforme Gestaltung auf und regt die Weiterentwicklung bestehender Mechanismen und Instrumente der Datenschutz-Grundverordnung an.

This SpringerBrief presents the underlying principles of machine learning and how to deploy various deep learning tools and techniques to tackle and solve certain challenges facing the cybersecurity industry.By implementing innovative deep learning solutions, cybersecurity researchers, students and practitioners can analyze patterns and learn how to prevent cyber-attacks and respond to changing malware behavior. The knowledge and tools introduced in this brief can also assist cybersecurity teams to become more proactive in preventing threats and responding to active attacks in real time. It can reduce the amount of time spent on routine tasks and enable organizations to use their resources more strategically. In short, the knowledge and techniques provided in this brief can help make cybersecurity simpler, more proactive, less expensive and far more effectiveAdvanced-level students in computer science studying machine learning with a cybersecurity focus will find this SpringerBrief useful as a study guide. Researchers and cybersecurity professionals focusing on the application of machine learning tools and techniques to the cybersecurity domain will also want to purchase this SpringerBrief.

Der menschliche Verstand ist evolutionär darauf ausgelegt, Abkürzungen zu nehmen, um zu überleben. Wir ziehen voreilige Schlüsse, weil unser Gehirn uns in Sicherheit wiegen will. Die meisten unserer Voreingenommenheiten wirken sich zu unseren Gunsten aus, z. B. wenn wir ein Auto, das in unsere Richtung fährt, für gefährlich halten und sofort ausweichen oder wenn wir beschließen, einen Bissen Essen, der verdorben zu sein scheint, nicht zu essen. Allerdings wirken sich inhärente Vorurteile negativ auf das Arbeitsumfeld und die Entscheidungsfindung in unseren Gemeinschaften aus. Mit der Entwicklung von Algorithmen und maschinellem Lernen wird zwar versucht, Voreingenommenheit zu beseitigen, aber schließlich werden sie doch von Menschen geschaffen und sind daher anfällig für das, was wir als algorithmische Voreingenommenheit bezeichnen.In Understand, Manage, and Prevent Algorithmic Bias (Algorithmische Voreingenommenheit verstehen, verwalten und verhindern) hilft Ihnen der Autor Tobias Baer zu verstehen, woher algorithmische Voreingenommenheit kommt, wie man sie als Geschäftsanwender oder Regulierungsbehörde handhaben kann und wie die Datenwissenschaft verhindern kann, dass Voreingenommenheit in statistische Algorithmen einfließt. Baer befasst sich fachkundig mit einigen der mehr als 100 Arten natürlicher Verzerrungen wie Confirmation Bias, Stability Bias, Pattern Recognition Bias und vielen anderen. Algorithmische Voreingenommenheit spiegelt diese menschlichen Tendenzen wider und hat ihren Ursprung in ihnen.Während sich die meisten Schriften über algorithmische Voreingenommenheit auf die Gefahren konzentrieren, weist der Kern dieses positiven, unterhaltsamen Buches auf einen Weg hin, auf dem Voreingenommenheit in Schach gehalten und sogar beseitigt wird. Sie erhalten Managementtechniken, um unvoreingenommene Algorithmen zu entwickeln, die Fähigkeit, Voreingenommenheit schneller zu erkennen, und das Wissen, um unvoreingenommene Daten zu erstellen. Algorithmic Bias verstehen, verwalten und verhindern ist ein innovatives, zeitgemäßes und wichtiges Buch, das in Ihr Regal gehört. Ganz gleich, ob Sie eine erfahrene Führungskraft, ein Datenwissenschaftler oder einfach nur ein Enthusiast sind - jetzt ist ein entscheidender Zeitpunkt, um sich über die größeren soziologischen Auswirkungen von Verzerrungen im digitalen Zeitalter zu informieren.Dieses Buch stellt die Übersetzung einer englischsprachigen Originalausgabe dar. Die Übersetzung wurde mit Hilfe von künstlicher Intelligenz erstellt (maschinelle Übersetzung mit DeepL.com). Eine anschließende manuelle Überarbeitung erfolgte vor allem nach inhaltlichen Gesichtspunkten, so dass das Buch stilistisch von einer herkömmlichen Übersetzung abweichen kann.

The book highlights the challenges faced by emerging paradigms and presents the recent developments made to address the challenges. It presents a detailed study on security issues in distributed computing environments and their possible solutions, followed by applications of medical IoT, deep learning, IoV, healthcare, etc.

Web3 is the next evolution for the World Wide Web based on Blockchain technology. This book will equip entrepreneurs with the best preparation for the megatrend of Web3 by reviewing its core concepts such as DAOs, tokens, dApps, and Ethereum.With Web2, much of the valuable data and wealth has been concentrated with a handful of mega tech operators like Apple, Facebook, Google and Amazon. This has made it difficult for startups to get an edge. It has also meant that users have had little choice but to give up their value data for free. Web3 aims to upend this model using a decentralized approach that is on the blockchain and crypto. This allows for users to become stakeholders in the ecosystem. Along with exploring core concepts of Web3 like DAOs, tokens, dApps, and Ethereum, this book will also examine the main categories that are poised for enormous opportunities. They include infrastructure, consumer apps, enterprise apps, and the metaverse.  For each of these, I will have use cases of successful companies. How To Create a Web3 Startup  covers the unique funding strategies, the toolsets needed, the talent required, the go-to-market approaches, and challenges faced. What You'll LearnWork with the dev stack componentsExamine the success factors for infrastructure, consumer, enterprise, verticals, and the MetaverseUnderstand the risks of Web3, like the regulatory structure and security breachesWho This Book Is ForStartup entrepreneurs and those looking to work in the Web3 industry.

Wenn Sie neugierig auf die Grundlagen der künstlichen Intelligenz, der Blockchain-Technologie und des Quantencomputings sind, die für die digitale Transformation und Innovation von entscheidender Bedeutung sind, ist Digital Fluency Ihr praktischer Leitfaden. Die realen Anwendungen dieser Spitzentechnologien nehmen rapide zu, und Ihr tägliches Leben wird weiterhin von jeder dieser Technologien beeinflusst werden. Es gibt keinen besseren Zeitpunkt als jetzt, um anzufangen und sich digital fit zu machen.Sie müssen keine Vorkenntnisse über diese vielseitigen Technologien haben, denn der Autor Volker Lang führt Sie kompetent durch das digitale Zeitalter. In zahlreichen Praxisbeispielen und mehr als 48 einprägsamen Abbildungen veranschaulicht er in Digital Fluency zentrale Konzepte und Anwendungen. Am Ende jedes Kapitels finden Sie eine hilfreiche Checkliste zur Umsetzung der zentralen Lektionen, bevor Sie zum nächsten Kapitel übergehen. Dieses Buch geht den digitalen Schlagwörtern und Konzepten auf den Grund und sagt Ihnen, was sie wirklich bedeuten.Das Aufschlüsseln von Themen wie automatisiertes Fahren und intelligente Robotik mit künstlicher Intelligenz, Blockchain-basierte Kryptowährungen und Smart Contracts, Medikamentenentwicklung und Optimierung von Finanzinvestitionsportfolios durch Quantencomputing und vieles mehr ist unerlässlich, um für die Zukunft der Industrie gerüstet zu sein. Unabhängig davon, ob Ihre eigene digitale Transformation in Ihrem privaten oder öffentlichen Unternehmen, in Ihrem Studium oder in Ihrem Privathaushalt stattfindet, Digital Fluency erstellt einen konkreten digitalen Aktionsplan für alle Ihre Anforderungen an Technologie- und Innovationsstrategien.Was Sie lernen werden Sich im digitalen Zeitalter orientieren, ohne Vorkenntnisse über digitale Technologien und digitale Transformation zu benötigen Lernen Sie die beliebtesten aktuellen und zukünftigen Anwendungen von künstlicher Intelligenz, Blockchain-Technologie und Quantencomputing in einer Vielzahl von Branchen kennen, darunter das Gesundheitswesen, Finanzdienstleistungen und die Automobilindustrie Machen Sie sich mit den digitalen Innovationsmodellen von Amazon, Google, Microsoft, IBM und anderen weltweit führenden Unternehmen vertraut. Setzen Sie Ihre eigene digitale Transformation entlang der acht Kerndimensionen eines konkreten digitalen Aktionsplans erfolgreich um.Für wen dieses Buch bestimmt ist Vordenker, Führungskräfte und Industriestrategen, Management- und Strategieberater, Politiker und Entscheidungsträger, Unternehmer, Finanzanalysten, Investoren und Risikokapitalgeber, Studenten und Forscher sowie allgemeine Leser, die sich digital fit machen wollen.

This book constitutes the proceedings of the Blockchain, Robotic Process Management (RPA), and Central and Eastern Europe (CEE) Forum which were held as part of the 20th International Conference on Business Process Management, BPM 2022, which took place in Munster, Germany, during September 11-15, 2022.The Blockchain Forum is dealing with techniques for and applications of blockchains, distributed ledger technologies, and related topics."e;The RPA Forum brings together researchers from various communities to discuss challenges, opportunities, and new ideas related to robotic process automation and its application to business processes in private and public sectors."e; The CEE Forum provides a discussion platform for BPM academics from Central and Eastern Europe to disseminate their research, compare results and share experiences. The 20 papers presented in this volume were carefully reviewed and selected from a total of 40 submissions. 

This SpringerBrief introduces methodologies and tools for quantitative understanding and assessment of supply chain risk to critical infrastructure systems. It unites system reliability analysis, optimization theory, detection theory and mechanism design theory to study vendor involvement in overall system security. It also provides decision support for risk mitigation.This SpringerBrief introduces I-SCRAM, a software tool to assess the risk. It enables critical infrastructure operators to make risk-informed decisions relating to the supply chain, while deploying their IT/OT and IoT systems.The authors present examples and case studies on supply chain risk assessment/mitigation of modern connected infrastructure systems such as autonomous vehicles, industrial control systems, autonomous truck platooning and more. It also discusses how vendors of different system components are involved in the overall security posture of the system and how the risk can be mitigated through vendor selection and diversification. The specific topics in this book include: Risk modeling and analysis of IoT supply chains Methodologies for risk mitigation, policy management, accountability, and cyber insurance Tutorial on a software tool for supply chain risk management of IoT  These topics are supported by up-to-date summaries of the authors' recent research findings. The authors introduce a taxonomy of supply chain security and discusses the future challenges and directions in securing the supply chains of IoT systems. It also focuses on the need for joint policy and technical solutions to counter the emerging risks, where technology should inform policy and policy should regulate technology development.This SpringerBrief has self-contained chapters, facilitating the readers to peruse individual topics of interest. It provides a broad understanding of the emerging field of cyber supply chain security in the context of IoT systems to academics, industry professionals and government officials.

Navigating the fragmented IoT connectivity ecosystem of standards, protocols, and architectures can be a challenge. Not to mention scaling a solution to a viable product. This book guides you through this fractured landscape with real world examples and projects that can be leverage for an IoT product. Backed by an overview of IoT use cases and key connectivity elements of IoT solutions, you'll gain an understanding of the breadth of the IoT landscape and the fragmentation of connectivity standards and solutions and the challenge in navigating the many standards and technologies. You'll also be able to understand the essentials of connectivity including, hardware, software, and business models. ¿IoT is essential for increasing productivity of many industries and quality of life (making the world smart and autonomous). Both wired and wireless connectivity technologies are essential ingredients in an IoT product. Writtenby Intel engineers and architects, Connecting the Internet of Things understands that connectivity is a key topic of IoT and comprehensively covers the topic from a system engineering and practical perspective.What You'll LearnUnderstand the trade offs between different wireless technologies and network topologiesUse wireless technologies in IoT productsExamine connectivity technologies and considerations on selecting it for the IoT use casesAssemble all of the components of a working solution Scale your solution to a productReview emerging connectivity technologies for addressing new use casesAdvance and optimize the performance of existing technologiesWho This Book Is ForResearchers, managers, strategists, technologists, makers, and students in the embedded and Internet of Things (IoT) space trying to understand and implement connectivity in the devices/platforms.

In introducing the National Security Commission on AI's final report, Eric Schmidt, former Google CEO, and Robert Work, former Deputy Secretary of Defense, wrote: "e;The human talent deficit is the government's most conspicuous AI deficit and the single greatest inhibitor to buying, building, and fielding AI-enabled technologies for national security purposes."e; Drawing upon three decades of leading hundreds of advanced analytics and AI programs and projects in government and industry, Chris Whitlock and Frank Strickland address in this book the primary variable in the talent deficit, i.e., large numbers of qualified AI leaders.The book quickly moves from a case for action to leadership principles and practices for effectively integrating AI into programs and driving results in AI projects. The chapters convey 37 axioms - enduring truths for developing and deploying AI - and over 100 leader practices set among 50 cases and examples, 40 of which focus on AI in national security. Emphasizing its impact and practical nature, LTG (ret.) Ken Tovo, former commander of U.S. Army special forces, characterized the book as "e;the Ranger Handbook for AI implementation!"e;Whether you are a senior or mid-level leader who lacks hands-on experience with AI, or an AI practitioner who lacks leadership experience, this book will equip you to lead AI programs, projects, people, and technology. As the Honorable Robert Work wrote in the foreword: "e;This book is not the last word on leading AI in the national security enterprise, but I believe it is an essential starting point."e;You will:Review axioms or enduring truths at work in six dimensions of AI: program, budget, project, data science, people, and technologyApply best practices-such as decision frameworks, processes, checklists-for leading work in each of the six dimensions.See how the axioms and best practices are contextualized to national security missions.

This in-depth look at the encryption tools available in SQL Server shows you how to protect data by encrypting it at rest with Transparent Data Encryption (TDE) and in transit with Transport Level Security (TLS). You will know how to add the highest levels of protection for sensitive data using Always Encrypted to encrypt data also in memory and be protected even from users with the highest levels of access to the database. The book demonstrates actions you can take today to start protecting your data without changing any code in your applications, and the steps you can subsequently take to modify your applications to support implementing a gold standard in data protection.The book highlights work that Microsoft has been doing since 2016 to make encryption more accessible, by making TDE available in the standard edition, and the introduction of Always Encrypted that requires minimal work on your part to implement powerful and effective encryption, protecting your data and meeting regulatory requirements. The book teaches you how to work with the encryption technologies in SQL Server with the express goal of helping you understand those technologies on an intuitive level. You'll come away with a deep level of understanding that allows you to answer questions and speak as an expert. The book's aim is to make you as comfortable in deploying encryption in SQL Server as you would be in driving your car to buy groceries. Those with a data security mindset will appreciate the discussion of how each feature protects you and what it protects you from, as well as how to implement things in the most secure manner. Database administrators will appreciate the high level of detail around managing encryption over time and the effect of encryption on database performance. All readers will appreciate the advice on how to avoid common pitfalls, ensuring that your projects to implement encryption run smoothly.What You Will LearnArchitect an effective encryption strategy for new applicationsRetrofit encryption into your existing applicationsEncrypt data at rest, in memory, and in transitManage key and certificate life cycles, including backup and restoreRecover encrypted databases in case of server failureWork with encryption in cloud-based scenariosWho This Book Is ForDatabase developers, architects, and administrators who want to work with encryption in SQL Server; those who want to maintain encryption whether data is at rest or being transmitted over the network; and those who wish to encrypt their data even when in the server's own memory. Readers should be familiar with SQL Server, but no existing knowledge of encryption is assumed.

Understand the IT security features that are needed to secure the IT infrastructure of a small to medium-size business. This book will give IT managers and executives a solid understanding of the different technology solutions that their business relies upon-or should be employing-in order to make reasoned decisions regarding the implementation of those features. Coverage includes multi-factor authentication, firewalls, zero-trust environments, network segmentation, remote access solutions, and the people aspects of security that are often overlooked and represent an organization's biggest vulnerability. Chapters on the various technologies such as multi-factor authentication and zero-trust environments explain in plain English the values and benefits that each technology provides. Clear technical explanations are accompanied by business case explanations that explain the "e;why"e; of each technology and when each technology should be implemented. You will come away equipped to have business-driven discussions with your IT staff that allow for a productive balancing of the need for security with the need to do business and drive profits. You Will LearnThe importance of multi-factor authenticationThe limits of what multi-factor authentication can protectHow firewalls are used to protect your company from attackersWhat zero-trust environments are and what they meanWhether zero-trust networks are what is needed to secure your own environmentThe security benefits from implementing a network segmentation policyThe best ways to access files and resources from remote locations outside the officeWho This Book Is ForManagers and executives at small to medium-size businesses who want to understand the core aspects of IT security on which their business relies, business leaders who want to be able to follow along with and engage in discussions with IT professionals about security features, and leaders who are tasked with making decisions on which IT security features to implement

"Cybersecurity is broken. Year after year, attackers remain unchallenged and undeterred, while engineering teams feel pressure to design, build, and operate 'secure' systems. Failure can't be prevented, mental models of systems are incomplete, and our digital world constantly evolves. How can we verify that our systems behave the way we expect? What can we do to improve our systems' resilience? In this comprehensive guide, authors Kelly Shortridge and Aaron Rinehart help you navigate the challenges of sustaining resilience in complex software systems by using the principles and practices of security chaos engineering. By preparing for adverse events, you can ensure they don't disrupt your ability to innovate, move quickly, and achieve your engineering and business goals"--Back cover.

Dieses Buch beinhaltet eine Untersuchung der rechtlichen Rahmenbedingungen von Mobile Health Applications (mHealth-Anwendungen). Im Zuge der Digitalisierung des Gesundheitswesens halten Gesundheits-Apps vermehrt Einzug in die Gesundheitsversorgung. Ihr Einsatz ist für einen Großteil der Bevölkerung ein fester Bestandteil des Alltags geworden. Hersteller, Leistungserbringer aber auch die Patienten selbst stellen dabei große Erwartungen an die positiven Versorgungseffekte der Apps. Neue technische Errungenschaften bergen allerdings oftmals auch Risiken und Gefahren, stellen damit rechtliche Herausforderungen dar. Mit Inkrafttreten des Digitale¿Versorgung-Gesetzes und unmittelbarer Anwendbarkeit der EU-Medizinprodukteverordnung hat sich ein wesentlicher Teil des für mHealth¿Anwendungen maßgeblichen Regelungsgefüges grundlegend verändert. Die vorliegende Forschungsarbeit untersucht, inwieweit das Recht Innovationsoffenheit und Innovationsverantwortung in Bezug auf mHealth¿Anwendungen in einen gerechten Ausgleich bringen kann. Hierzu werden die einschlägigen Rechtsvorschriften aus dem Medizinprodukterecht, dem Haftungsrecht, dem Datenschutzrecht und dem Sozialversicherungsrecht einer eingehenden Analyse unterzogen und Vorschläge zur Weiterentwicklung des Rechtsrahmens unterbreitet.