Information Security Journal: A Global Perspective 

About: Information Security Journal: A Global Perspective is an academic journal published by Taylor & Francis. The journal publishes majorly in the area(s): Encryption & Information security. It has an ISSN identifier of 1939-3547. Over the lifetime, 425 publications have been published receiving 4713 citations.

The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set

Abstract: Over the last three decades, Network Intrusion Detection Systems NIDSs, particularly, Anomaly Detection Systems ADSs, have become more significant in detecting novel attacks than Signature Detection Systems SDSs. Evaluating NIDSs using the existing benchmark data sets of KDD99 and NSLKDD does not reflect satisfactory results, due to three major issues: 1 their lack of modern low footprint attack styles, 2 their lack of modern normal traffic scenarios, and 3 a different distribution of training and testing sets. To address these issues, the UNSW-NB15 data set has recently been generated. This data set has nine types of the modern attacks fashions and new patterns of normal traffic, and it contains 49 attributes that comprise the flow based between hosts and the network packets inspection to discriminate between the observations, either normal or abnormal. In this paper, we demonstrate the complexity of the UNSW-NB15 data set in three aspects. First, the statistical analysis of the observations and the attributes are explained. Second, the examination of feature correlations is provided. Third, five existing classifiers are used to evaluate the complexity in terms of accuracy and false alarm rates FARs and then, the results are compared with the KDD99 data set. The experimental results show that UNSW-NB15 is more complex than KDD99 and is considered as a new benchmark data set for evaluating NIDSs.

Business Continuity Management: A Standards-Based Approach

Abstract: Business enterprises are increasingly realizing the importance of business continuity management (BCM). Availability BS 25999 Standard has facilitated a consistent methodology that organizations can follow in designing their BCM System. This paper intends to provide a conceptual understanding of BCM right from BCM Policy to BCM maturity by describing the steps involved in the implementation of BCM Standard-BS 25999-to ensure business continuity in the event of an outage. The key BCM tasks have been categorized into three phases of business continuity-Pre-event Preparation, Event Management, and Post-event Continuity. This paper also highlights some of the challenges experienced by the author in carrying out Risk Assessment and Business Impact Analysis. The Business Continuity Maturity Model® of Virtual Corporation is provided (with their permission) as a tool to strengthen business continuity maturity or organizations.

Current Trends in Fraud and its Detection

Abstract: This article discusses the basic nature of fraud, including the major accounting scandals of the last decade. The article also discusses the role of auditors and if auditors should be held liable for not detecting financial statement fraud. The article examines recent standards, rules, and acts put in place after the major frauds of the 1990s and early 2000s, including Sarbanes-Oxley, new rules by the NYSE and NASDAQ, and SAS 92. Finally, the article discusses whether these new standards, rules, and acts will have an impact to deter financial statement frauds from occurring in the future.

Internet of things: Survey on security

Abstract: The Internet of things (IoT) is intended for ubiquitous connectivity among different entities or “things”. While it provides effective and efficient solutions to many real world challenges, the sec...

Security and Control in the Cloud

Abstract: Cloud computing is a new IT delivery paradigm that offers computing resources as on-demand services over the Internet. Like all forms of outsourcing, cloud computing raises serious concerns about the security of the data assets that are outsourced to providers of cloud services. To address these security concerns, we show how today's generation of information security management systems (ISMSs), as specified in the ISO/IEC 27001:2005, must be extended to address the transfer of security controls into cloud environments. The resulting virtual ISMS is a standards-compliant management approach for developing a sound control environment while supporting the various modalities of cloud computing. This article addresses chief security and/or information officers of cloud client and cloud provider organizations. Cloud clients will benefit from our exposition of how to manage risk when corporate assets are outsourced to cloud providers. Providers of cloud services will learn what processes and controls they can offer in order to provide superior security that differentiates their offerings in the market.