An Analysis of Information Security ­Trends

INFORMATION SECURITY ­– RECENT AND PAST TRENDS

Abstract –  This document details about and highlights the trends about various analysis and researches done in the domain of Information Security, since the year 2000 to the present. Various academic papers were taken into account and analysis were done for what issues each of them addressed and the conclusions each of them reported.  The various information security domain covered in the report include the following;

• Threat,
• Risk Management,
• Business Continuity and Recovery,
• Cloud Security,
• Intrusion Detection and
• Security Technologies and Policies.

The aim of the report is to record the trends in the above listed domains by reviewing the academic papers and their increase or decrease. The findings from the analysis of various research resources led to a comprehensive and insightful examination of the currents issues, trends and challenges in the domain of Information Security around the world.

TREND ANALYSIS ­– REPORT

The spreadsheet below depicts the information about the trends noticed in various information security domains since the year 2004.

As shown, above is a tabulated report of the reviews and findings all the research papers taken into account. As evident above, one can realize that as businesses entered the 21^st century, the very age of information explosion, various aspects of data, information related to information security began to unfold. This, initially not only brought profits and benefits to the organizations but also raised some serious security concerns about their data privacy and protection,  which questioned their way of operations, as the time went by.

The modern organizations today depend heavily on information. Perhaps, it is one of their most crucial asset in the present times. However, as the volume of information increases exponentially, so is the rise in concern with its security. Today, the information is prone to numerous risks and threats that are much more sophisticated than what they were earlier. Any setback in the information security management can exacerbate the businesses and their operations severely.

As we examine the data above on the spreadsheet, something that we find ubiquitous is how there was almost negligible concern to deploy and practice information security mechanisms and policies during the early 2000s. Little did the founders and the senior management committee think from the information security perspective for the full-fledged operations of their business operations.
As the world advanced, new threats started to affect the businesses and caused concerns for the senior managements, making them realize the exceptional and explicit need of information security practices. Today, things have gotten somewhat better however, still many small or medium scale enterprises struggle to include appropriate information security measures in their business operations, such as:

• following international standards and codes of practices,
• security certifications,
•  risk assessments,
• threat analysis,
• Business Continuity and Disaster Recovery Plans etc.

Upon observing the trends on the spreadsheet, we find that during the first decade (from the year 2004 to 2010), not much attention was given to promote and address the practice of information security methodologies such as;

• adequate controls,
• threat-risk analysis,
• Various security policies etc.

By the end of the first decade, areas or domains that were given major attention included;
a.) Threat Analysis,     d.) Intrusion Detection,
b.) Business Continuity & Recovery,  e.) IS Security Policies & Technologies.
c.) Cloud Security,

Much was discussed about these areas as companies started to incorporate them into their as a part of their everyday business practices, accepting them as inextricable entities. This not helped business alleviate from their deep security concerns but also introduced them to the fair and legal standards of the code of conducts, whilst educating them about the potential threats and the ways on how to minimize their likelihood. It also enabled them to prepare for any unlikely security incident and what path to follow in order to recover to maintain the business continuity.

In the next page below, an in-detail analysis of each of the above-highlighted Information Security domains is done taking into account the findings from various academic papers analyzed.

1. Analysis and Impact of Cyber Threats on Online Social Networks

In recent years, the usage of online social network has increased tremendously. People use social media to share their information with others that share similar interests. With increase in the usage of the social platforms, possibilities of threats while using the online networks has also increased noticeably. If the users do not educate themselves about the potential threats (which often appear invisible but cause much damage), they are very likely to be the victim of those threats in terms of social, economic, and at psychological levels.

The report, now further discusses the current state of security breaches and available measures to counter them.

Cyber threats primarily increasing in four major categories, namely,

• Social
• Political
• Economical and,
• Cultural and application level.

Cyber threats can also be classified in two ways, first is, organizational level, which is used to gain sensitive information about the organization and second, which is used to gain information remotely using internet. Furthermore, Application level can be further classified in two ways;

• Classical threats ( such as phishing, spamming and stalking) and,
• Modern threats (such as fake profile attack, Location leakage attack, Account compromise Attack).

Online social network(s), such as Facebook, has a more than 150 billion users who upload more than 300 million photos on it every day.
Classical threats may exploit personal information of users, which is posted in social media. For example, attacker can send malicious codes that gains users’ details and from their social media account. Innocent users could be harmed or honey-trapped if they open such malicious messages.

Modern threats, are the ones in which the attacker targets users’ or their friends’ personal information. In cases where the victim’s profile details are only visible to their friends, an attacker can disguise into any known figure to the victim and can create a fake profile and send him/her a friend request. If the victim accepts the request, his/her details will be exposed to the attacker, which could then be used answer several security questions while setting new password to gain access over the victim’s account.

Account Compromise Attacks in social networks are mostly the activities of spammers. The attacker may exploit the trusted relationship between the legitimate users and their friends by sending them spam ads, phishing links, spamming or malware.
Analysis show that most spam are distributed via compromised accounts, instead of faithful spam accounts.

Overall, dealing with cyber threat is very important considering the online network scenario where the users post their personal information in public. Some of the key possible solutions that the report provides to deal with such threats is tabulated below:

Table: THREATS, their IMPACTS and possible SOLUTIONS

THREATS	IMPACT CATEGORY				POSSIBLE SOLUTION
	SOCIAL	POLITICAL	ECONOMICAL	CULTURAL
Account Compromise	*				Social Authentication.
Fake Profile Attack	*				Adversarial Model.
Identity Theft	*	*		*	a. Adjust privacy & security settings. b. install internet security software. c. remove installed third- party tools.
Phishing Attack	*		*		a. Authentication mechanism, security and privacy settings.   b. internal protection mechanism. c. report users.
Spammers	*				a. Authentication mechanism, security and privacy settings.   b. internal protection mechanism. c. report users
Stalking	*			*	a. creating awareness.   b. authentication and access controls.

2. Business Continuity Planning – Methodologies [8]

Abstract – Business Continuity Plan indicates how well an organization is prepared to survive in an unlikely event of disruptions or changes, assuring that the critical business processes will continue function in most situations with only some limitations.  The main objective to develop a Business Continuity Plan is to ensure that under all adversaries the business should sustain, maintain regulatory compliances and deliver its products or services with minimum losses to its clients, vendors and its employees.

Disruptions in businesses that lead to the enactment of the BCP can be with or without warning and the results can be predictable or unknown. The Business Continuity Plan and Management are the acts of preparing for such disruptions and responding to it in a well-planned manner in order to resume the business operations.

The main components of BCP are:

a.) Business Impact Analysis. b.) Risk Management. c.) Incident Handling.

Risk analysis along with its impact on business is an important component of BCP. Another important component to talk about is the BIA or Business Impact Analysis. It essentially the analysis of existing and future risks to all the critical business functions and calculating the effects of these functions for a given time. Once the disruptions occurs, the organization must know how to act immediately. This is called Incident Handling. Once the situation is taken into control, the other business continuity processes will do what is necessary to delivery of services and products to the intended parties.

 

planning >> analysis >> design >> training >> implementation >> review >> maintenance >> audit >> documentation

When all the above-mentioned components of BCP are linked into an end-to-end system with the following;

It forms a full cycle of Business Continuity Planning and Management framework. The BCP plan must be a part of every business culture and must be regularly tested against all types of threats with the worst possible consequences.
BCP Standards:
In order to ensure that a BCP framework is functional and meaningful, organizations must follow already established standards and guidelines. These standards provide a symmetric management approach to adopt best practice controls, quantify the level of acceptable risks and implement the appropriate measures of continuity and recovery of business thus protecting the organization’s and its stakeholder’s interests. Some of the important standards are listed below;

• BS 25999-1/2: Code of Practice and specifications for Business Continuity.
• ISO-27031: Business Continuity in ICT.
• ISO-22399: Incident Management and Business Continuity.
• HB 221: Business Continuity Standard in Australia.
• TR 19: Business Continuity Reference Singapore.

In addition the above standards, to make the BCP more effective in meeting the challenges, there are other compliances and regulations such as SOX, GLBA ITIL, COBIT etc. that are need to be followed.
Hence, to conclude, we infer that a Business Continuity Plan is certainly ‘a must’ for every enterprise or organization and must be planned if not already.

Implementing a BCP is an extra investment, which is like an insurance that will help and protect business in becoming more resilient to adopt changes, prepare for uncertainties and remain at operation at adverse situations thus adding values to business. However, such investments should not overweigh the business functions and the risks being protected. It should be business driven and carefully designed to achieve cost-effectiveness and return of investment (ROI).

The key suggestions the report provides to efficiently enhance a Business Continuity Plan are mentioned below ^[9];

• Defining and applying the detection instruction of threat of services and process of recovery.
• Implementing centralized and integrated network operation to monitor and control the whole network, with the increase in the speed of recovering from technical deficiencies.
• Assembling, implementing and improving the level of SLA, which would bring customer satisfaction.
• Integrated security systems, so that the required infrastructure of the security is in hands of one unit.

The Information Security Management System (ISMS) thus, plays a major role in establishing Business Continuity in todays’ information centric world. It is important to realize that BCP is not a one-time project that can be undertaken and then stopped after a specific time; rather it is a continuous process that should be followed as a regular business culture. The senior management plays a vital role in the entire process, right from the beginning. A successful Business Continuity plan also thrives for the best combination of people, processes, policies, procedures, standards, compliances and technologies.

3. Addressing Security Challenges in Cloud Computing [32]

Abstract – Cloud, in past couple of years has emerged as a rapidly growing paradigm for storing/sharing data and delivering services over the internet. It enables it users to handle information without investing in any new resources or technologies. Since, it is certainly a promising internet based computing platform however, the security challenges it poses are also striking, which remain to be unaddressed, due to which the adoption of the technology despite rapid development is hindered.
Cloud computing provides more option to users because the storage and processing are primarily handled by the cloud vendors. Therefore, the data is stored on a remote location, which leaves the user without an adequate understanding of the storage location.

There are many well-known cloud service providers in the market such as Google Drive (by Google), Amazon Drive (by Amazon), and OneDrive (by Microsoft) etc.

The cloud is known to have three deployment models namely;

• Private Cloud: functions solely for one organization, in a private network.
• Public Cloud: owned by the service provider, offers highest level of efficiency in shared resources.
• Hybrid Cloud: a combination of private and public cloud, which is a collaborative share between several organizations from the same community.

The cloud also consists of three service models namely;

• Software as a Service (SaaS): provides organizations with ready-to-use applications using a combination of cloud-based computing in storage services. Ex.: Microsoft Business Productivity Online Standard Suite.
• Platform as a Service (PaaS): where the organization is responsible for the development, maintenance and management of data in the cloud.                         Ex. Windows Azure Platform.
• Infrastructure as a Service (IaaS): where an organization gets infrastructure components and control over the entire IT infrastructure.

Talking about the information security issues, below are some challenges the cloud faces today:

Challenges based on encryption techniques: the cloud-based data access is possible from insecure protocols across any public networks, which means, any employee or the service provider has the access to the data stored on the cloud.

Challenges to maintain privacy: lack of knowledge and resources of where the resources run or who controls them, is a major security challenge. Cloud provider may not manipulate the data, but the fact that it can view the data stored without authorization is a serious security breach.

Challenges based on cloud types: Private clouds are much safer than public clouds since all the resources are managed by the organization that manages the cloud. In public clouds, the data is shared with a third-party service provider.

Other challenges that hinders the advantages the cloud offers include;
a.) Data Breach,     b.) Data Loss,        c.)Denial-of-Service Attacksd.) Traffic Hijacking.         e.) Abuse of cloud services.

The possible literature solutions provided in the report to mitigate the issues arising with the cloud are mentioned below ^[35];

• Personal Security Requirements: Cloud service providers must allow the customers to assign and manage the roles and allied levels of authorization for each of their users in accordance with the security policies.
• Backup and Disaster Recovery Management: The approach to cloud based disaster recovery follows that DR mechanisms; have minimal effect on the normal system operation, must be stored geographically separated, must guarantee privacy and confidentiality.
• Effective governance and risk analysis.
• Exception handling and fault tolerance.
• Cryptographic algorithms.
• Digital forensics tools and,
• Secure Virtualization.

Therefore, we can say that cloud technology definitely provides enormous advantages in data storage and access. However, maintaining security and privacy in clouds become a major challenge which often hinders the acceptance of cloud computing.

4. Intrusion Detection Techniques to Overcome Cyber Attacks [61]

Abstract – Some activities specifically intend to disturb the security of any system and try to attack the integrity of any network of concern. Intrusion refers to the activities that violate the security policy of the system, and detection of this intrusion is the process of identifying these attacks. Due to enormous increase in the usage of internet, incidents of breaking of security have increased many folds. The Intrusion Detection systems are an important part of defense mechanism systems to safeguard our systems and networks from attack.

The analysis further gives account of some of the Intrusion detection techniques that are useful for the security of systems and networks. To ensure the safety of information systems, the intrusion detection systems are implemented along with authentication and access control as a second line of defense. System security can be improved by employing intrusion detection accompanied by these protective mechanisms. It is always advisable to know about when the intrusion has actually happened and what type of intrusion has taken place.

The process of intrusion detection is used with wireless or wired networks via making use of hardware or software techniques.
In broader sense, there are two types of approaches employed for intrusion detection techniques:

• Anomaly Detection Technique.
• Misuse Detection Technique.

We know further describe about each of the techniques in detail that are used to detect intrusion in the information system network below.

01. Anomaly Detection Technique:

It is a mechanism were the recording of the normal behavior of the system is taken under examination and recorded. If any function is found which is not under normal behavior of the system or if any action or activity deviates from the normal functionality of the system, then these are termed as intrusive actions.

The real downside of this technique is indicating its rule set. The productivity of the system relies upon how well it is actualized and tried on all protocols. Moreover, for the detection to happen effectively, the directors should improve the itemized information as regards to the accepted network behavior.

Once the principles are described and the protocols are fabricated, then the entire anomaly detection system performs properly. For collection of information of behavior of users and to identify an attacker or normal user, statistical models are employed.

For example, the above technique can detect activities like:

• Excessive bandwidth usage,
• Excessive system calls from a process,
• More than one entity using a service.

02. Misuse Detection Technique

There are some instances of negligible intrusive activity and anomaly detection approach cannot be a successful mechanism to tackle it. For this purpose, misuse detection systems are employed to examine and record well-defined patterns of known attacks or vulnerabilities even if they are so negligible that anomaly detection approaches tend to ignore it.

The technique is a system of rules, either preconfigured by the system or setup manually by the administrator, one can use this mechanism as a specific deny rule firewall. For example;

• Detecting a port scan.
• Parsing user commands.
• Using one of many SMTP/SSH exploits.

The good thing about this system is that it is easy to update the rules. In addition, there are many servers specific for many IDS that automatically update the rules. ^[62]

CRITERIA	ANOMALY BASED	MISUSE BASED
Update	No	Yes
Detection Ability	Can detect known and unknown attacks.	Only known attacks can be detected with high accuracy.
Definition	Employs deviation idea from the standard pattern to detect intrusion.	Employs patterns of the well-known attacks to detect intrusion.
Characteristic of the System	High false alarm.	Low false alarm.
Implementation requirement	Needs fewer computations and resources.	Needs extra computations and resources.

Hence, in the analysis we have successfully detailed about what is Intrusion detection and how they are a threat to Information Security. We have also discussed and compared about various intrusion detection techniques that are employed to detect any intrusions.

5. Information Security Technology Application in Enterprises [67]

Network security incorporates mechanisms like protection of network system softwares, hardware facilities, and that, the system data is protected and cannot be damaged or manipulated by the accidental or malicious reasons. It also means that, systems can then run and operate reliably and the network service is not interrupted. Primarily, the network security is the information security on the network. The network security objectives for any corporate network include the following;

• Information confidentiality,
• Integrity,
• Availability,
• Authenticity and,
• Control.

The information network security architecture covers all aspects of information system. It is a dynamic process, the before, during and after equipment deployment should and technical means should be relatively complete. The enterprise network security model is shown below;

 

Implementation of Enterprise Information Security Architecture:

a.) Network access security mechanism: For common user network login, complete verification details such as login name, password, authentication code is checked to identify the logged users. The verification is validated to prevent the malicious attack to the network access. For administrator users, in addition to the complete verification of login name, password and authentication code, it will also require a correct IP in order to match the login user.
In addition, whether common user or administrator, the number of their login is limited, to ensure the security of the network access.

b.) Firewall Deployment: It is used to control the access to the network security zone, know the access source, access object and type of access, thus to ensure the normal run of legitimate access, and eliminate the illegal and unauthorized access. At the same time, it is also used to effectively detect, prevent and process unusual network access, to ensure normal access to the enterprise information network. On the firewall, in addition to increasing the protection of internal network, firewall logging record can also be used to record all the visits, to monitor the illegal access, thereby making it all the more dynamic, integrated, safe protection system.

c.) Deployment of an IPS System: In this scenario, instead of an intrusion detection system, an intrusion prevention system (IPS) is deployed. It is so because if an IDS system is deployed (which is used to only detect the intrusion activity), by the time it detects any intrusion activity, the attack may have reached its goal already and caused the intended damage.  On the other hand, the IPS systems have the ability to take immediate actions; they identify potential threats and respond to them swiftly.

In the above analysis, through the in-depth study of existing network information security technologies, combined with the actual scenario of information systems of small and medium enterprise systems, a security implementation program based on small and medium enterprise is proposed. The implementation details are described in detail confirming that the design is simple as well as easy to operate.

TASK: 02

1. Group meetings were organized often in order to discuss about the company’s management affairs and proceedings. The role of the CEO amongst all was quite crucial. The information that was necessary to undertake a particular task was conveyed clearly. Most of the group members were engaged in the discussions actively because of which no tasks were hindered or disturbed due to miscommunications. The team members contributed efficiently to the meetings in deciding to figure solutions to any particular complex situations. All the group members addressed their assigned responsibilities with all dedication throughout the session.
2. If there were conflicts in group agreements, then everyone were asked to come up with pros and cons of their very choices. In that way, the one with most efficient solution was taken into account. Moreover, the role of senior management committee (in our case, the CEO) was of vital importance as he/she analyzed the presented information and facts and arrived at the conclusion in cases where there were no single consensus on a given view.

3. Shared responsibility in the management group is very crucial, as there are numerous aspects in the business operations meant to be addressed in order to ensure efficient and hassle-free function of businesses. Shared responsibility increases one’s individual efficiency, thereby increasing the overall output of the management committee. It thus helps in making crucial and important decisions in order to tackle any critical task.

Describing in terms of Hue et al’s. (2014) research on influence of self-control on decision making; if the employee set in an organization comprises of majority high self-control people, then those employees are probably of great asset to the enterprise. The benefit of having such employees is, people with high self-control take decisions taking into account long-term rewards or consequences hence, they are useful in critical decision-making.
Furthermore, such employees are think for the mutual welfare of company and themselves with the progression of time. They are likely to retain to their duties and responsibilities in the very company for a long time and are highly unlikely to commit any insider threats.

REFERENCES

Information Technology Disaster Recovery in the Network Economy, Benjamin B.M. Shao, Department of Information Systems, W.P. Carey School of Business, Arizona State University, Tempe, AZ. Examining Factors Associated with IT Disaster Preparedness, Klara Nelson, The University of Tampa. Disaster Recovery Sites as a Tool of Managing Extreme Attacks, Emmanouil Serrelis, Nikos Alexandris, Department of Informatics, University of Piraeus,18534, Piraeus, Greece. Selecting Technology for Disaster Recovery, Rafal Cegiela, Warsaw University of Technology, Institute of Control and Computation Engineering, ul. Nowowiejska 15/19, 00-665 Warsaw, Poland. Assessing Business Continuity risks in IT, Ype Wijnia, Igor Nikolic. Energy & Industry, Faculty of Technology, Policy and Management at the Delft University of Technology. The Research on Business Continuity Planning of E-govt., Wenxin Xiang, Yinghai Wang,  Zhaoyu Zhang, Archives Dept. of Soochow University, 215021, China. Optimization Strategy for Disaster Recovery, Montri Wiboonrat, Kitti Kosavisutte, Graduate School of Information Technology, Assumption University, Bangkok, Thailand. Department of Computer Science and Information Mathematics, The University of Electro-Communications, Tokyo, Japan. BUSINESS CONTINUITY PLANNING (BCP) METHODOLOGY – ESSENTIAL FOR EVERY BUSINESS, Dr. Manik Dey PhD, CISSP Kuwait Institute for Scientific Research (KISR), The Requirement Needs and Impact of Business Continuity Plan on Security Strategies, Dr Nasser Modiri, Department of Computer Engineering, Zanjan Branch & Tehran Branch, Islamic Azad University, Iran. Data Validation for Business Continuity Planning, Soujanya Soni  Sameep Mehta, IBM Research India Sandeep Hans, Technion University, Israel. Models and Methodology for Automated Business Continuity Analysis, Ulrich Winkler, SAP Research and Wasif Gilani, SAP Research and Alex Guitman, SAP Global IT and Alan Marshal, Queen’s University Belfast. Embedding Organizational Culture Values towards Successful Business Continuity Management (BCM) Implementation, Noorul Halimin Mansol, Najwa Hayaati Mohd Alwi, Waidah Ismail, Faculty of Science and Technology, Universiti Sains Islam Malaysia, USIM Nilai, Negeri Sembilan, Malaysia. A Framework for Post-Crisis Business Continuity Plans Sharvari Kulkarni Gezinus J. Hidding Serhat Cicekoglu, Quinlan School of Business, Loyola University Chicago. Exploring Disaster Recovery Parameters in an Enterprise Application, Viral Gupta, Amity Institute of information Technology, P. K. Kapur, Centre for Interdisciplinary Research, Amity University, Noida, UP, India. Information Technology Disaster Recovery Process                      Improvement in Organization, Dinesh Alawanthan,                                                          Faculty of Management,Multimedia University,Cyberjaya, Malaysia. Magiswary Dorasamy, Faculty of Management, Multimedia University,Cyberjaya,   Malaysia. Murali Raman, Faculty of Management Multimedia University Cyberjaya, Malaysia Using Enterprise Architecture to Assist Business  Continuity Planning in Large Public Organizations, Pedro Gomes, Universidade Aberta Lisboa, Portugal. Gonçalo Cadete, Miguel Mira da Silva Instituto Superior Técnico Universidade de Lisboa, Lisboa, Portugal. Cloud security technologies, Igor Muttik*, Chris Barton, McAfee Avert Labs, Alton House, Gatehouse Way, Aylesbury, Herts HP19 8YD, UK Addressing cloud computing security issues, Dimitrios Zissis, Dimitrios Lekkas, Department of Product and Systems Design Engineering, University of the Aegean, Syros 84100, Greece Digital evidence in cloud computing systems, M. Taylor, J.Haggerty , D.Gresty, R.Hegarty, School of Computing and Mathematical Sciences, Liverpool, JohnMooresUniversity,UK. School of Computing, Science and Engineering, University of Salford, UK Privacy and consumer risks in cloud computing, Dan Svantesson, Roger Clarke. Study on the security models and strategies of cloud computing, Jianhua Chea*, Yamin Duanb, Tao Zhanga, Jie Fana, State Grid Electrics Power Research Insititute, No.8 Nanrui Road, Nanjing 210003, China. Shijiazhuang University of Economics, No.136, Huaian East Road, Shijiazhuang 050031, China Positive perspectives on cloud security, Piers Wilson, Price Waterhouse Coopers LLP, United Kingdom. Surveying and Analyzing Security, Privacy and Trust Issues                       in Cloud Computing Environments, Dawei Suna, Guiran Changb, Lina Suna and Xingwei Wanga. School of Information Science and Engineering, Northeastern University, Shenyang, P.R. China. Computing Center, Northeastern University, Shenyang, 110819, P.R. China. Protecting the privacy and security of sensitive customer data                       in the cloud, Nancy J. King, V.T. Raja, College of Business, Oregon State University, USA A combined approach to ensure data security in cloud computing, Sandeep K. Sood, Department of Computer Science and Engineering, GNDU, Regional Campus, Punjab, India. Cloud computing security: The scientific challenge, and a survey of solutions, Mark D., Ryan School of Computer Science, University of Birmingham, Birmingham B15 2TT, UK How much privacy do clouds provide? An Australian perspective, Angela Adrian, School of Law & Justice, Southern Cross University, Australia Privacy and security issues in cloud computing: The role of institutions and institutional evolution, Nir Kshetri, Bryan School of Business and Economics, University of North Carolina at Greensboro, Greensboro, NC27402-6165,USA. Security and privacy for storage and computation in cloud                      computing, Lifei Wei a, Haojin Zhu a, Zhenfu Cao a,⇑, Xiaolei Dong, Weiwei Jia, Yunlu Chen, Athanasios V. Vasilakos, Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China Department of Computer and Telecommunications Engineering, University of Western Macedonia, Kozani, Greece. Security in cloud computing: Opportunities and challenges, Mazhar Ali, Samee U. Khan, Athanasios V. Vasilakos, North Dakota State University, USA. Kuwait University, Kuwait. COMSATS Institute of Information Technology, Pakistan State-of-the-art Survey on Cloud Computing Security Challenges, Approaches and Solutions, Farrukh Shahzada, King Fahd University of Petroleum and Minerals, Dhahran, KSA.   Addressing security challenges in cloud computing a pattern-based approach, Priya Anand, Jungwoo Ryoo, College of Information Sciences and Technology, Pennsylvania State University, University Park, PA, USA – 16802. Hyoungshick Kim, Department of Computer Science and Engineering Sungkyunkwan University, Suwon, Gyeonggi-Do, Republic of Korea. Cloud security engineering: Early stages of SDLC, Shadi A. Aljawarneh, Ali Alawneh, Reem Jaradat. Software Engineering Department Jordan University of Science and Technology, Irbid, Jordan. MIS & CIS – Faculty of IT, Philadelphia University, Jordan. Reem Jaradat, Faculty of IT, Isra University, Jordan. Novel efficient techniques for real-time cloud security assessment, Jolanda Modic, Ruben Trapero, Ahmed Taha, Jesus Luna,Miha Stopar, Neeraj Suri, Slovenia. Department of Computer Science, Technische Universität Darmstadt, 64289 Darmstadt, Germany. Cloud Security Alliance (Europe), Scotland, UK A survey on cloud computing security: Issues, threats, and solutions, Saurabh Singh, Young-SikJeong, Jong Hyuk Park, Department of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech), Seoul 01811, Republic of Korea. Department of Multimedia Engineering, Dongguk University, Seoul 04620, Republic of Korea. Cloud security: Emerging threats and current solutions, Luigi Coppolino , Salvatore D’Antonio, Giovanni Mazzeo, Luigi Romano, Dipt. Ingegneria, Univ. of Naples Parthenope (DI), Naples, Italy. Component Based Security Control for Information Network, Yu Wang, Jun Lu and Zhongwang Wu, Network Security Lab, The Academy of Equipment Command & Technology. Yu Lu, Department of Training, The Academy of Equipment Command & Technology, Beijing, 101400 China. Information security management standards: Problems and solutions, Mikko Siponen, Robert Willis, University of Oulu, IS Security Research Center and Department of Information Processing Science, Linnanmaa, Finland. Copenhagen Business School, Howitzvej 60, DK-2000 Frederiksberg, Denmark. Information security policy: An organizational-level process model, Kenneth J. Knappa, R. Franklin Morris, Jr., Thomas E. Marshallc, Terry Anthony Byrd, John H. Sykes College of Business, The University of Tampa, 401 W. Kennedy Blvd, Tampa, FL 33606-1490, USA. School of Business Administration, The Citadel, Charleston, SC 29409, USA College of Business, Auburn University, Auburn, Alabama 36849, USA. An information security control assessment methodology for                      organizations’ financial information, Angel R. Otero,Florida Institute of Technology, Nathan M. Bisk College of Business, 150 W. University Blvd., Melbourne, FL 32901, United States. A Multi-criteria Evaluation Method of Information Security Controls, Jun-Jie Lv Yong-Sheng Zhou, Business School of Beijing Technology and Business University Beijing, China.                      Yuan Zhuo Wang, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China. Understanding the management of information security controls in practice, Daniel Bachlechner, University of Innsbruck Ronald Maier, University of Innsbruck, Frank Innerhofer-Oberperfler, University of Innsbruck, Lukas Demetz, University of Innsbruck On Selecting Critical Security Controls, Jakub Breier, Ladislav Hudec, Faculty of Informatics and Information Technologies, Slovak University of Technology Bratislava, Slovakia. Information Security Controls, YAU Hon Keung, Department of Systems Engineering and Engineering Management, City University of Hong Kong, Kowloon Tong, Kowloon, Hong Kong. Security Awareness and Adoption of Security Controls by Smartphone Users, Fayyaadh Parker, Jacques Ophoff and Jean-Paul Van Belle, Department of Information Systems,University of Cape Town, Cape Town, South Africa. Ross Karia, School of Criminal Justice, Rutgers University Newark, United States.   Security Controls for Monitored Use of USB Devices Based on the NIST Risk Management Framework, Rajbhooshan Bhakte, Pavol Zavarsky, Sergey Butakov Information Systems Assurance Management, Concordia University of Edmonton. 7128 Ada Boulevard, Edmonton, Alberta, T5B4E4. Methodology for the Information Security Controls Selection, Mauricio Diéguez, Carlos Cares, Depto. Ciencias de la Computación e Informática, Universidad de La Frontera Temuco, Chile. Cristina Cachero, Depto. Lenguajes y Sistemas Informáticos, Universidad de Alicante, Alicante, España. Towards Survivable Intrusion Detection System, Dong Yu, Deborah Frincke, Center for Secure and Dependable Software, University of Idaho. A Survey on Intrusion Detection Approaches, A Murali M Rao, Computer Centre University of Hyderabad Hyderabad – 500 046, India. Automatic Evaluation of Intrusion Detection Systems, Frédéric Massicotte, Canada Communication Research Center, 3701 Carling Ottawa, Canada. François Gagnon, Yvan Labiche, Lionel Briand and Mathieu Couture, Carleton University, 1125 Colonel By, Ottawa, Canada. A Cognitive Approach to Intrusion Detection, D. Paul Benjamin, Computer Science Department, Pace University 1 Pace Plaza, New York, NY 10038.

Intrusion Detection in Cloud Computing, Massimo Ficco, Luca Tasquier, and Rocco Aversa, Dipartimento di Ingegneria Industriale e dell’Informazione, Second University of Naples (SUN), Via Roma 29, 81031 Aversa, Italy. Temporal Analysis Of Intrusion Detection, Mofreh A. Hogo, Electrical Engineering Technology Department, Faculty of Engineering Benha, Benha University Benha, Egypt. Security challenges in intrusion detection, Mohammed Jouad and Sara Diouani, Hanane Houmani and Ali Zaki ENSEM Hassan II University, Casablanca, Morocco. Intrusion detection in cloud computing based attacks patterns and risk assessment, BEN CHARHI Youssef, MANNANE Nada, BENDRISS Elmehdi, REGRAGUI Boubker, TIES Team, ENSIAS, Mohammed V University in Rabat, MOROCCO. Enhancing effectiveness of intrusion detection systems: A hybrid approach, Basant Subba , Santosh Biswas, Sushanta Karmakar, Department of Computer Science & Engineering, Indian Institute of Technology, Guwahati Assam, India 781039. A Brief Study Of Intrusion Detection Techniques To Overcome Cyber Attacks, Prof.(Dr.) Pradeep Kumar Sharma, University of Engineering & Management Jaipur, Rajasthan, India. Study of Intrusion Detection Systems (IDSs) in Network Security, Wu Junqi, Hu Zhengbing Huazhong Normal University, Engineering & Research Center For Information Technology On Education. Huazhong Normal University, Department of Information Technology.430073,Wuhan,China. A Service Based Approach to a New Generation of Intrusion Detection Systems, Andrea Bosin, Nicoletta Dessì, Barbara Pes, Università degli Studi di Cagliari, Dipartimento di Matematica e Informatica, Via Ospedale 72, 09124 Cagliari, Italy. Review of Network Intrusion Detection,           XueYan, Department of Business Administration, Binzhou Polytechnic, Binzhou, Shandong, China. SELF CONFIGURING INTRUSION DETECTION SYSTEM, Sandip Sonawane, Saurabh Karsoliya, Praneet Saurabh, Bhupendra Verma, Dept of CSE, TIT Bhopal, Madhya Pradesh, India. A Review of Intrusion Detection Systems, Hawkar Kh. Shaikha, Wafaa Mustafa Abduallah, Department of Computer Science, Faculty of Science, Zakho University, Duhok, Kurdistan Region – Iraq. Department of Computer Science and Information Technology, College of Computer Science & Information Technology, Nawroz University, Duhok, Iraq Information Security Technologies, Benjamin Tomhave, The George Washington University, US.         SECURITY TECHNIQUES FOR THE GLOBAL INFORMATION INFRASTRUCTURE, Walter Fumy’ and Ingbert Haas, Siemens AG ‘Corporate Technology – Security Technologies, Siemens Business Services – Center for Information Security Services, D-81730 Munich, Germany. Information security policy: An organizational-level process model, Kenneth J. Knappa, R. Franklin Morris, Jr., Thomas E. Marshallc, Terry Anthony Byrdc John H.,  Sykes College of Business, The University of Tampa, 401 W. Kennedy Blvd, Tampa, FL 33606-1490, USA. School of Business Administration, The Citadel, Charleston, SC 29409, USA. College of Business, Auburn University, Auburn, Alabama 36849, USA. Information security management standards: Problems and solutions, Mikko Siponen, Robert Willison. University of Oulu, IS Security Research Center and Department of Information Processing Science, Linnanmaa, P.O. Box 3000, FIN-90014, Finland. Copenhagen Business School, Howitzvej 60, DK-2000 Frederiksberg, Denmark. Research of Information Security Technology Application in Enterprises, Guo zheng hong Zhu ping,  Xu zhe, School of Information Science and Engineering ,Hebei North University 075000. Context-Sensitive Information Security Risk Identification and Evaluation Techniques, Dan Ionita, Services, Cybersecurity and Safety Research Group, University of Twente, The Netherlands. Information security policy compliance model in organizations, Nader Sohrabi Safa, Rossouw Von Solms, Steven Furnell,Centre for Research in Information and Cyber Security, School of ICT, Nelson Mandela Metropolitan University,Port Elizabeth, South Africa, Centre for Security, Communications and Network Research, Plymouth University, United Kingdom. Information security policy development and implementation: The what, how and who, Stephen V. Flowerday, Tite Tuyikeze, Department of Information Systems, University of Fort Hare, 50 Church Street, East London, 5241, South Africa. Network Security Risk Level Estimation Tool for Information Security Measure, Umesh Kumar, School of Engineering and Technology, Vikram university, Ujjain, MP, India.   Problems of Information Security Technology the “Internet of Things”, Valeriy G. Semin, Russian State Social University Moscow, Russia. Eugeniy R. Khakimullin, Academy of State fire service of EMERCOM of Russia, Moscow, Russia. Artem S. Kabanov, lexei B. Los, Research University Higher School of Economics, Moscow, Russia.   RISK ASSESSMENT OF HUMAN ERROR IN INFORMATION SECURITY, XIANG-YUN CHENG, YING-MEI WANG, ZI-LING XU, University of Science and Technology Beijing, Beijing 100083, China. Reconnaissance Centre of Second Artillery of PLA, China. Equipment Academy of Second Artillery of PLA, China. Work in Progress: Streamlined IT Risk Management through a Micro Risk Management System (,uRMS), Timothy Wright Michael J. Chapple Robert Winding, University of Notre Dame, Notre Dame, IN. TOWARDS A SYSTEMATIC APPROACH FOR IMPROVING INFORMATION SECURITY RISK MANAGEMENT METHODS, Katerina Papadaki, Nineta Polemi, National Technical University of Athens & Bank of Greece. University of Piraeus Athens, Greece Piraeus, Greece. A Holistic, Collaborative, Knowledge-sharing Approach for Information Security Risk Management, Ekaterini Papadaki, Despina Polemi, Dimitrios Kon/nos Damilos National Technical University of Athens & Bank of Greece. University of Pireaus Technical University of Athens. Information Security Risk Management: An Empirical Study on the Importance and Practices in ICT Outsourcing, Nik Zulkarnaen Khidzir, Noor Habibah Hj Arshad, Azlinah Mohamed, Department of System Sciences, Faculty of Computer & Mathematical Sciences, Universiti Teknologi MARA 40450 Shah Alam, Malaysia. Towards Agile Security Risk Management in RE and Beyond, Virginia N. L. Franqueira† , Zornitza Bakalova†, Thein Than Tun and Maya Daneva, University of Twente, Enschede, The Netherlands. The Open University Milton Keynes, UK. A situation awareness model for information security risk management, Jeb Webb, Atif Ahmad, Sean B. Maynard, Graeme Shanks, Department of Computing and Information Systems, Melbourne School of Engineering, University of Melbourne, Victoria 3172, Australia. Information Security Risk Management in a World of Services, Vincent Lalanne and Manuel Munier, LIUPPA, Universit´e Pau & Pays Adour, Pau, France. Alban Gabillon, GePaSud EA 4238, Universit´e Polyn´esie Franc¸aise, France. Information Security Risk Management in Critical Informative Systems, K. V.D. Kiran t, L.S.S. Reddy, VeJagapudi Pavan Kumar Kalluri Krishna Sai Dheeraj, Department o/Computer Science & Engineering, Koneru Lakshmaiah Education Foundation-K L University, Green Fields, Vaddeswaram, Guntur Dist. Andhra Pradesh, India. Security Risk Management in Complex Organization, Ivan Sedinić, Tamara Perušić, Croatian Telecom, Cyber & Data Security Section, Opatija, Croatia. Improvement of Information System Security Risk Management, Wissam ABBASS, Amine BAINA, Mostafa BELLAFKIH, RAI2S team, STRS Laboratory, National Institute of posts and telecommunications – INPT Rabat, Morocco. Towards Automation in Information Security Management Systems, Michael Brunner, Christian Sillaber, Ruth Breu, Institute of Computer Science, University of Innsbruck, Innsbruck, Austria. WEB SERVICE SECURITY – VULNERABILITIES AND THREATS WITHIN THE CONTEXT OF WS-SECURITY, Jesper Holgersson and Eva Soderstrom, University of Skovde, Skovde. Preventing Unauthorized Islanding: Cyber-Threat Analysis, Sharon Simmons, Dennis Edwards, Norman Wilde Jiri Just, and Mahidhar Satyanarayana, Department of Computer Science, University of West Florida, Pensacola, FL, USA. Understanding Hidden Information Security Threats: The Vulnerability Black Market, Jaziar Radianti, Jose. J. Gonzalez, Research Cell “Security and Quality in Organizations”, Faculty of Engineering and Science, Agder University College, Serviceboks 509, NO-4898 Grimstad, Norway. Using Nature to best Clarify Computer Security and Threats, George S. Oreku, Tanzania Industrial Research and Development Organization, Tanzania. Fredrick J. Mtenzi, Dublin Institute of Technology, Faculty of Science, Dublin, Ireland. Information Security Threats Classification Pyramid, Mohammed Alhabeeb, Abdullah Almuhaideb, Phu Dung Le and Bala Srinivasan, School of Information Technology, Monash University, Melbourne, Australia. FUZZBUSTER: Towards Adaptive Immunity from Cyber Threats, David J. Musliner, Jeffrey M. Rye, Dan Thomsen, David D. McDonald, Mark H. Burstein, SIFT. Paul Robertson, DOLL. Current Cyber Security Threats and Challenges in Critical Infrastructures Protection, Rafał Kozik and Michał Chora´s University of Technology and Life Sciences, Institute of Telecommunications, Bydgoszcz, Poland. A Study on Trend & Detection Technology for Cyber Threats in Mobile Environment, Won Hyung Park, Dae Hyeob Kim, Myung Soo Kim, Neo Park(Corresponding Author), Department of Cyber Security, Far East University, Wangjang-ri, Gamgok-myeon, Eumseong-gun, Chungcheongbuk-do, Republic of Korea. Insider Threats in Information Security Categories and Approaches, Nebrase Elmrabit, Shuang-Hua Yang, Lili Yang, Department of Computer Science, School of Business & Economics, Loughborough University, UK. An Investigation on Cyber Security Threats and Security Models Kutub Thakur, Meikang Qiu, Keke Gai, Md Liakat Ali. Department of Computer Science, Pace University, New York, NY 10038, USA,   Analysis and Impact of Cyber Threats on Online Social Networks, Seema D. Trivedi, Asst. Professor FCA Dhaivat Dave, FCA and R. Sridaran (Dean) FCA, MEF Group of Institutions, Rajkot, Gujrat, India.   A Statistical Approach to the Assessment of Security                      threats Information System, Valeriy G. Semin,Russian State Social University,Moscow, Russia. Artem S. Kabanov, lexei B. Los, Research University Higher School of Economics, Moscow, Russia.     Information Sharing & Cyber Threats, Sonya HY Hsu, Ph.D., School of Computing and Informatics, RPA College of Sciences, University of Louisiana at Lafayette Lafayette, LA, USA. Steven J Dick, Ph.D., Senior Research Scientist, Cecil J. Picard Center, University of Louisiana at Lafayette Lafayette, LA, USA.