Figure 3-1 - uploaded by Karen Scarfone
Content may be subject to copyright.
Similar publications
The image of the heritage cities is an interactive process between interior and exterior design. Visitors can perceive the reality of the place after matching what they have in their mental image with the existing form. The preservation of this matching lead to preserving the heritage places' image. Conservation processes should follow the original...
Now that artificial intelligence (AI) tools are being widely used across academic publishing, how can we make informed assessments of these utilities? There is a need for a set of skills for evaluating new tools and measuring existing ones, which should enable anyone commissioning or managing AI utilities to understand what questions to ask, what p...
Background
Integrative Chinese and western medicine (ICWM) is commonly used for the treatment of ulcerative colitis (UC) in clinical practice. However, it is unclear whether the details of ICWM interventions, such as selection rationale, implement design and potential interactions, were adequately reported. Therefore, this study aimed to assess the...
A execução inadequada do processo de acompanhamento de disciplina — checklist — causa, entre vários problemas, o atraso na evolução do processo de conclusão das atividades que estão relacionadas ao checklist. Pretende-se, a partir desta monografia, utilizando as técnicas de workflow, propor uma melhor organização e divisão das atividades para que h...
Safety climate influences safety behavior and tends to unsafe behavior. Accidents caused by unsafe behavior are quite high, 80%-85% than unsafe conditions. Previous research has addressed the safety climate to safety behavior by looking at the impact and involvement of individuals and the result is controlled safety climate to increase in safety be...
Citations
... NIST SP 800-60 [183] outlines an approach for categorizing information and information systems according to security impact levels (based on FIPS 199). The NIST 800-70 standard [168] promotes the use of security configuration checklists (e.g., best practice settings for commercial information technology products). It shows users how to retrieve checklists through the NIST National Checklist Program and provides developers with the requirements for participation. ...
Contemporary industrial control systems no longer operate in isolation, but use other networks (e.g., corporate networks and the Internet) to facilitate and improve business processes. The consequence of this development is the increased exposure to cyber threats. This paper surveys the latest methodologies and research for measuring and managing this risk. A dearth of industrial-control-system-specific security metrics has been identified as a barrier to implementing these methodologies. Consequently, an agenda for future research on industrial control system security metrics is outlined. The “functional assurance” concept is also introduced to deal with fail-safe and fail-secure industrial control system operations.
... Using existing checklists is one of the most common ways to evaluating software. Security checklists are presented by different organizations; some examples of them are SSE-CMM [2], BSMM [3], OWASP [4], DISA [5], NISPOM [6], SANS [7], and NIST [8]. Additionally the Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification [9]. ...
Nowadays, security evaluation of software is a substantial matter in software world. Security level of software will be determined by wealth of data and operation which it provides for us. The security level is usually evaluated by a third party, named Software Security Certification Issuance Centers. It is important for software security evaluators to perform a sound and complete evaluation, which is a complicated process considering the increasing number of emerging threats. In this paper we propose a Threatened-based Software Security Evaluation method to improve the security evaluation process of software. In this method, we focus on existing threatened entities of software which in turn result in software threats and their corresponding controls and countermeasures. We also demonstrate a Security Evaluation Assistant (SEA) tool to practically show the effectiveness of our evaluation method.
In the Infrastructure as a Service (IaaS) industry, the decision-making to choose the prioritized trust improvement actions is significant as to ensure the trustworthiness and service continuity of the IaaS cloud providers. This is done by checking the trust control elements (TCEs) of IaaS cloud regularly so as to put together an efficient and effective improvement plan. However, it is very difficult to put such improvement plan unless it is based on the results of a preparatory evaluation. This paper, present rigorous and reliable evaluation framework based evaluation theory called trust evaluation of IaaS cloud framework. The main goal of this evaluation framework is to help IaaS cloud providers to identify the unimproved gaps according to particular TCEs. Diagrammatic trust tree and hybrid evaluation and ranking technique combining fuzzy set, simple additive weight, and important performance analysis (IPA) are the main components of this novel framework. The proposed framework is applied to evaluate the IaaS cloud of two providers. The results show that each provider has several different unimproved gaps that need urgent improvement actions. Moreover, based on the analysis results of IPA, several recommendations have been suggested to fill these gaps.
The aim of this study is to formulate an analysis model which can express the security grades of software vulnerability and serve as a basis for evaluating danger level of information program or filtering hazardous weaknesses of the system and improve it to counter the threat of different danger factors. Through the utilization of fuzzy analytic hierarchy process (FAHP), we will organize the crossover factors of the software blind spots and build an evaluation framework. First of all, via the fuzzy Delphi method the aspects and relative determinants affecting security will be filtered out. Then we will identify the value equation of each factor and settle down the fuzzy synthetic decision making model of software vulnerability. Thanks to this model we will be able to analyze the various degrees to which the vulnerability is affecting the security and this information will serve as a basis for future ameliorations of the system itself. The higher the security score obtained therefore imply securer system. Beside this, this study also propose an improvement from the traditional fuzzy synthetic decision making model for measuring the fuzziness between enhancement and independence of various aspects and criteria. Furthermore taking into consideration the subjectivity of human in reality and constructing the fuzzy integral decision making model. Through case study, we show that the evaluation model in question is practical and can be applied on the new software vulnerabilities and measure their degree of penetration. The fuzzy integral decision making emphasize through formulation the multiply-add effect between different factors influencing information security.
This paper gives an overview of the existing standards to describe security content. We discuss the challenges security organizations are facing and present approaches for automation of security checks. The OVAL and XCCDF languages are examined in greater detail and an example for their use is given. We describe use cases for these languages and explain the benefits of their deployment.
