Netværkssikkerhed

This book covers selected research works presented at the fifth International Conference on Networking, Information Systems and Security (NISS 2022), organized by the Research Center for Data and Information Sciences at the National Research and Innovation Agency (BRIN), Republic of Indonesia, and Moroccan Mediterranean Association of Sciences and Sustainable Development, Morocco, during March 30-31, 2022, hosted in online mode in Bandung, Indonesia. Building on the successful history of the conference series in the recent four years, this book aims to present the paramount role of connecting researchers around the world to disseminate and share new ideas in intelligent information systems, cyber-security, and networking technologies. The 49 chapters presented in this book were carefully reviewed and selected from 115 submissions. They focus on delivering intelligent solutions through leveraging advanced information systems, networking, and security for competitive advantage and cost savings in modern industrial sectors as well as public, business, and education sectors. Authors are eminent academicians, scientists, researchers, and scholars in their respective fields from across the world.

A must-read guide to a new and rapidly growing field in cybersecurityIn The DevSecOps Playbook: Deliver Continuous Security at Speed, Wiley CISO and CIO Sean D. Mack delivers an expert analysis of how to keep your business secure, relying on the classic triad of people, process, and technology to examine--in depth--every component of DevSecOps. In the book, you'll learn why DevSecOps is as much about people and collaboration as it is about technology and how it impacts every part of our cybersecurity systems.You'll explore the shared responsibility model at the core of DevSecOps, as well as the people, processes, and technology at the heart of the framework. You'll also find:* An insightful overview of DevOps and DevSecOps principles and practices* Strategies for shifting security considerations to the front-end of the development cycle* Ways that the standard security model has evolved over the years and how it has impacted our approach to cybersecurityA need-to-read resource for security leaders, security engineers, and privacy practitioners across all industries, The DevSecOps Playbook will also benefit governance, risk, and compliance specialists who seek to better understand how a transformed approach to cybersecurity can impact their business for the better.

This book sonstitutes selected papers from the first International Conference on Cyber Warfare, Security and Space Research, SpacSec 2021, held in Jaipur, India, in December 2021.The 19 full and 6 short papers were thoroughly reviewed and selected from the 98 submissions. The papers present research on cyber warfare, cyber security, and space research area, including the understanding of threats and risks to systems, the development of a strong innovative culture, and incident detection and post-incident investigation.

"Teaches how to identify vulnerabilities in apps that use GraphQL. Describes GraphQL, its query language, and the mechanisms of GraphQL APIs, then guides readers through setting up a hacking lab for targeting GraphQL applications. Shows how to conduct offensive security tests against production GraphQL systems, how to glean information from GraphQL implementations during reconnaissance, and how to probe APIs for vulnerabilities"--

This book constitutes the refereed proceedings of the 17th International Workshop on Security, IWSEC 2022, which took place as a hybrid event in Tokyo, Japan, in August/September 2022. The 12 full papers presented in this book were carefully reviewed and selected from 34 submissions. They were organized in topical sections as follows: mathematical cryptography; system security and threat intelligence; symmetric-key cryptography; post-quantum cryptography; advanced cryptography. 

This book provides an advanced understanding of cyber threats as well as the risks companies are facing. It includes a detailed analysis of many technologies and approaches important to decreasing, mitigating or remediating those threats and risks. Cyber security technologies discussed in this book are futuristic and current. Advanced security topics such as secure remote work, data security, network security, application and device security, cloud security, and cyber risk and privacy are presented in this book. At the end of every chapter, an evaluation of the topic from a CISO¿s perspective is provided. This book also addresses quantum computing, artificial intelligence and machine learning for cyber securityThe opening chapters describe the power and danger of quantum computing, proposing two solutions for protection from probable quantum computer attacks: the tactical enhancement of existing algorithms to make them quantum-resistant, and the strategic implementation of quantum-safe algorithms and cryptosystems. The following chapters make the case for using supervised and unsupervised AI/ML to develop predictive, prescriptive, cognitive and auto-reactive threat detection, mitigation, and remediation capabilities against advanced attacks perpetrated by sophisticated threat actors, APT and polymorphic/metamorphic malware.CISOs must be concerned about current on-going sophisticated cyber-attacks, and can address them with advanced security measures. The latter half of this book discusses some current sophisticated cyber-attacks and available protective measures enabled by the advancement of cybersecurity capabilities in various IT domains. Chapters 6-10 discuss secure remote work; chapters 11-17, advanced data security paradigms; chapters 18-28, Network Security; chapters 29-35, application and device security; chapters 36-39, Cloud security; and chapters 40-46 organizational cyber risk measurementand event probability.Security and IT engineers, administrators and developers, CIOs, CTOs, CISOs, and CFOs will want to purchase this book. Risk personnel, CROs, IT and Security Auditors as well as security researchers and journalists will also find this useful.

This Open Access book explores the dilemma-like stalemate between security and regulatory compliance in business processes on the one hand and business continuity and governance on the other. The growing number of regulations, e.g., on information security, data protection, or privacy, implemented in increasingly digitized businesses can have an obstructive effect on the automated execution of business processes. Such security-related obstructions can particularly occur when an access control-based implementation of regulations blocks the execution of business processes. By handling obstructions, security in business processes is supposed to be improved. For this, the book presents a framework that allows the comprehensive analysis, detection, and handling of obstructions in a security-sensitive way. Thereby, methods based on common organizational security policies, process models, and logs are proposed. The Petri net-based modeling and related semantic and language-based research, aswell as the analysis of event data and machine learning methods finally lead to the development of algorithms and experiments that can detect and resolve obstructions and are reproducible with the provided software.

For ensuring a software system's security, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves. An additional burden are variants of software systems. To ensure security in this context, we present an approach based on continuous automated change propagation, allowing security experts to specify security requirements on the most suitable system representation. We automatically check all system representations against these requirements and provide security-preserving refactorings for preserving security compliance. For both, we show the application to variant-rich software systems. To support legacy systems, we allow to reverse-engineer variability-aware UML models and semi-automatically map existing design models to the implementation. Besides evaluations of the individual contributions, we demonstrate the approach in two open-source case studies, the iTrust electronics health records system and the Eclipse Secure Storage.

This book constitutes the refereed proceedings of the 36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2022, held in Newark, NJ, USA, in July 2022.The 12 full papers and 6 short papers presented were carefully reviewed and selected from 33 submissions. The conference covers research in data and applications security and privacy.

This book constitutes revised selected papers from the refereed conference proceedings of the 11th International Workshop on Socio-Technical Aspects in Security and Trust, STAST 2021, held in conjunction with ESORICS, the European Symposium on Research in Computer Security, as a virtual event, in October 2021.The 10 full papers included in this book were carefully reviewed and selected from 25 submissions. They were organized in topical sections as follows: web and apps; context and modelling; and from the present to the future.