Eduardo Fernández-Medina

Eduardo Fernández-Medina
University of Castilla-La Mancha · Department of Information Technologies and Systems

About

316
Publications
118,551
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
4,275
Citations

Publications

Publications (316)
Article
Cyber-physical systems (CPSs) are smart systems that include engineered interacting networks of physical and computational components. CPSs have an increasingly presence on critical infrastructures and an impact in almost every aspect of our daily life, including transportation, healthcare, electric power, and advanced manufacturing. However, CPSs...
Article
The importance of data security is currently increasing owing to the number of data transactions that are continuously taking place. Large amounts of data are generated, stored, modified and transferred every second, signifying that databases require an appropriate capacity, control and protection that will enable them to maintain a secure environm...
Article
In the last years, cyber-physical systems (CPS) are receiving substantial mainstream attention especially in industrial environments, but this popularity has been accompanied by serious security challenges. A CPS is a complex system that includes hardware and software components, with different suppliers and connection protocols, forcing complex da...
Article
Full-text available
NoSQL technologies have become a common component in many information systems and software applications. These technologies are focused on performance, enabling scalable processing of large volumes of structured and unstructured data. Unfortunately, most developments over NoSQL technologies consider security as an afterthought, putting at risk pers...
Article
Full-text available
Cyber-physical systems (CPS) are the next generation of engineered systems into which computing, communication, and control technologies are now being closely integrated. They play an increasingly important role in critical infrastructures, governments and everyday life. Security is crucial in CPS, but they were not, unfortunately, initially concei...
Conference Paper
Full-text available
The proliferation of Cyber-Physical Systems (CPSs) is raising serious security challenges. These are complex systems, integrating physical elements into automated networked systems, often containing a variety of devices, such as sensors and actuators, and requiring complex management and data storage. This makes the construction of secure CPSs a ch...
Article
Data is one of the most important assets for all types of companies, which have undoubtedly grown their quantity and the ways of exploiting them. Big Data appears in this context as a set of technologies that manage data to obtain information that supports decision-making. These systems were not conceived to be secure, resulting in significant risk...
Article
Big Data environments are typically very complex ecosystems; this means that implementing them is complicated. One possible technique with which to address this complexity is the use of abstraction. Reference architecture (RA) can be useful for an improved understanding of the main components of Big Data. Herein, we propose a security RA that inclu...
Article
Full-text available
A Big Data environment is a powerful and complex ecosystem that helps companies extract important information from data to make the best business and strategic decisions. In this context, due to the quantity, variety and sensitivity of the data managed by these systems, as well as the heterogeneity of the technologies involved, privacy and security...
Conference Paper
Big Data is changing the perspective on how to obtain valuable information from data stored by organizations of all kinds. By using these insights, companies can make better decisions and thus achieve their business goals. However, each new technology can create new security problems, and Big Data is no exception. One of the major security issues i...
Chapter
Big Data is becoming a prominent trend in our society. Ever larger amounts of data, including sensitive and personal information, are being loaded into NoSQL and other Big Data technologies for analysis and processing. However, current security approaches do not take into account the special characteristics of these technologies, leaving sensitive...
Article
Full-text available
Society is increasingly dependent on Information Security Management Systems (ISMS), and having these kind of systems has become vital for the development of Small and Medium-Sized Enterprises (SMEs). However, these companies require ISMS that have been adapted to their special features and have been optimized as regards the resources needed to dep...
Article
Full-text available
The information society is increasingly more dependent on Information Security Management Systems (ISMSs), and the availability of these kinds of systems is now vital for the development of Small and Medium-Sized Enterprises (SMEs). However, these companies require ISMSs that have been adapted to their special features, and which are optimized as r...
Article
Full-text available
The concept of competence, which emerged during the reform of computer engineering degrees, has not brought benefits to companies when attempting to select the most suitable candidates for their jobs. This article aims to show some of the research that has been conducted to determine why companies have not found these skills useful and how both can...
Conference Paper
Full-text available
The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLETM framework has been developed for the extraction of business process models from their source code. Building on top of that work,...
Article
Security risks to organizations’ information assets are hindering the development of cloud computing services. A comprehensive security governance process is needed to foster the massive adoption of cloud services and to facilitate the deployment of a security culture within any company. In this paper, we present a framework focused on the security...
Conference Paper
Full-text available
We enhance an existing security governance framework for migrating legacy systems to the cloud by holisti-cally modelling the cloud infrastructure. To achieve this we demonstrate how components of the cloud infrastructure can be identified from existing security requirements models. We further extend the modelling language to capture cloud security...
Article
Full-text available
Decision makers query enterprise information stored in DataWarehouses (DW) by using tools (such as On-Line Analytical Processing (OLAP) tools) which employ specific views or cubes from the corporate DW or Data Marts, based on multidimensional modelling. Since the information managed is critical, security constraints have to be correctly established...
Conference Paper
The emergence of cloud computing as a major trend in the IT industry signifies that corporate users of this paradigm are confronted with the challenge of securing their systems in this new environment. An important aspect of that, includes the secure migration of an organization’s legacy systems, which run in data centers that are completely contro...
Article
Context Cloud computing is a thriving paradigm that supports an efficient way to provide IT services by introducing on-demand services and flexible computing resources. However, significant adoption of cloud services is being hindered by security issues that are inherent to this new paradigm. In previous work, we have proposed ISGcloud, a security...
Article
Decision makers query enterprise information stored in Data Warehouses (DW) by using tools (such as On-Line Analytical Processing (OLAP) tools) which use specific views or cubes from the corporate DW or Data Marts, based on the multidimensional modeling. Since the information managed is critical, security constraints have to be correctly establishe...
Conference Paper
Full-text available
Desarrollando una metodología de análisis de riesgos para que el sector asegurador pueda tasar los riesgos en las PYMES Resumen—En una sociedad gobernada por la información , las empresas y en particular las PYMES, dependen cada vez más de la capacidad de poder asegurar la información , no solo internamente, sino con terceros que estén dispuestos a...
Article
Full-text available
Las empresas y los profesionales están demandando perfiles cada vez más especializados, por lo que es deseable que los futuros graduados cuenten con una o varias certificaciones profesionales internacionales en seguridad y auditoría informática, o al menos que tengan el camino preparado para conseguirlas. Por lo tanto es muy importante que los nuev...
Article
The majority of the organizations store their historical business information in data warehouses which are queried to make strategic decisions by using online analytical processing (OLAP) tools. This information has to be correctly assured against unauthorized accesses, but nevertheless there are a great amount of legacy OLAP applications that have...
Article
Data Warehouses (DW) manage enterprise information that is queried for decision making purposes by using On-Line Analytical Processing (OLAP) tools. The establishment of security constraints in all development stages and operations of the DW is highly important since otherwise, unauthorized users may discover vital business information. The final u...
Conference Paper
Full-text available
In some sectors, where common business processes are run, quality and security of data play a paramount role. In order to better estimate if levels of quality and security of data are properly achieved, some process-focused methodological artifacts are required. Given the very nature of each sector, such artifacts should be conveniently adapted and...
Conference Paper
Full-text available
En una sociedad basada en la información, los Sistemas de Gestión de Seguridad (SGSIs) son cada vez más críticos para las empresas, pero no sólo estos sistemas, sino también la posibilidad de poder conocer con exactitud los riesgos a los que están sometidos los activos de información y el valor objetivo que tienen estos activos. El presente artícul...
Article
Context: Data warehouses are systems which integrate heterogeneous sources to support the decision making process. Data from the Web is becoming increasingly more important as sources for these systems, which has motivated the extensive use of XML to facilitate data and metadata interchange among heterogeneous data sources from the Web and the data...
Conference Paper
Full-text available
Las empresas y los profesionales están demandando perfiles cada vez más especializados, por lo que es deseable que los futuros graduados cuenten con una o varias certificaciones profesionales internacionales en seguridad y auditoría informática, o al menos que tengan el camino preparado para conseguirlas. Por lo tanto es muy importante que los nuev...
Article
Full-text available
In a globalised and competitive business environment like that of the present, companies are increasingly more dependent upon their information systems, since these systems have proved to be a highly important factor in increasing their level of competitiveness. Companies have therefore become aware that the information and the processes that suppo...
Article
Full-text available
Cloud Computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. However, cloud Computing presents an added level of risk because essential services are often outsourced to a third party, which makes it harder to maintain data security and privacy, support data and service...
Article
To secure their information assets, organizations should seek support from enterprise security architectures. Security patterns are a good way to build and test new security mechanisms, but they have some limitations related to their usability. In previous work, we defined a new type of security pattern called Enterprise Security Pattern. The main...
Chapter
The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics, and these system...
Chapter
Detecting malicious software or malware is one of the major concerns in information security governance as malware authors pose a major challenge to digital forensics by using a variety of highly sophisticated stealth techniques to hide malicious code in computing systems, including smartphones. The current detection techniques are futile, as foren...
Chapter
Full-text available
Cloud computing is a new computing model that allows providers to deliver services on demand by means of virtualization. One of the main concerns in cloud computing is security. In particular, the authors describe some attacks in the form of misuse patterns, where a misuse pattern describes how an attack is performed from the point of view of the a...
Chapter
Nowadays, there is an increasing dependence on information and on the systems that provide such information. So, for many organizations, the information and technology that supports them represent the most valuable assets of the company. Research on Information Technology (IT) management practices in many organizations around the world has revealed...
Chapter
This chapter presents the findings of an investigation on current security practices in Cypriot organizations, including enterprises and public sector divisions. In order to gain knowledge on the deployed security technologies by organizations, a survey was conducted and concluded in late 2010. The survey primarily examined compliance of enterprise...
Chapter
To establish the identity of an individual is very critical with the advancement of technology in networked society. Thus, there is need for reliable user authentication technique to solve the growing demand for high level of Information Security Governance (ISG) depending on the requirement. Biometrics can be explained as the method to recognize a...
Chapter
The protection of the investment and creativity made in producing computer programs and databases by intellectual property rights is still not harmonised internationally. Taking into account that IT is used not only to produce these goods, but also to infringe their intellectual property rights, national laws nowadays also protect the so-called tec...
Chapter
Systems of systems are collections of systems interconnected through the exchange of services. Their often complex service dependencies and very dynamic nature make them hard to analyze and predict with respect to quality in general, and security in particular. In this chapter, the authors put forward a method for the capture and monitoring of impa...
Chapter
The purpose of this paper is to propose an IS security governance model to enhance the security of information systems in an organisation by viewing security from a holistic perspective of encompassing information security, information assurance, audit, governance, and compliance. This is achieved through the strategic integration of appropriate fr...
Chapter
IT security governance bridges the gap between corporate governance and information security which is defined as the protection of information and other valuable assets in the organization from a wide range of threats in order to maximize ROI (Return On Investment) and minimize risk. These risks emanate from multiple sources like espionage, sabotag...
Chapter
Banking sector in Egypt is one of the largest business sectors in terms of contributing to country economic growth and in terms of investing in information technology (IT). Thus, implementing a good Information Technology (IT) governance framework inside Egyptian banks is a rather critical issue. The purpose of this chapter is to assess the importa...
Chapter
Security awareness has spread inside many organizations leading them to tackle information security not just as a technical matter, but from a corporate point of view. Information Security Governance (ISG) provides enterprises with means of dealing with the security of their information assets in a comprehensive manner, involving every stakeholder...
Chapter
Most industries have been influenced in different ways by e-commerce, and the banking industry is no exception. Particularly, banks are embracing electronic banking (e-banking) as a service to reach a wider market share, increase customer satisfaction and lower operational costs. This increased supply and demand in e-banking services has caused not...
Article
Full-text available
Cloud computing is a new paradigm that combines several computing concepts and technologies of the Internet creating a platform for more agile and cost-effective business applications and IT infrastructure. The adoption of Cloud computing has been increasing for some time and the maturity of the market is steadily growing. Security is the question...
Article
Full-text available
There is currently a need to optimize the levels of perceived quality in most public services. Some of the most critical services are those related to Health, since health and welfare are fundamental to the population as a whole. Both public and private Health organizations are therefore interested in quantifying how good their services are, and to...
Book
Information technology in the workplace is vital to the management of workflow in the company; therefore, IT security is no longer considered a technical issue but a necessity of an entire corporation. The practice of IT security has rapidly expanded to an aspect of Corporate Governance so that the understanding of the risks and prospects of IT sec...
Conference Paper
Full-text available
La sociedad de la información cada vez depende más de los Sistemas de Gestión y Análisis del Riesgo al que se encuentran sometidos sus principales activos de información, y poder disponer de estos sistemas ha llegado a ser vital para la evolución de las PYMES. Sin embargo, este tipo de compañías requiere que estos sistemas estén adaptados a sus esp...
Conference Paper
Full-text available
The process of writing honours theses is based on a set of general and specific competences which, in the majority of cases, entail a high level of abstraction and ambiguity. What is more, the apparition of these competences has not helped students towards a better understanding of the extent to which they attain the objectives of their various sub...
Conference Paper
Full-text available
As a result of the growing dependence of information society on ICTs, the need to know the risks that can affect information is enormously increasing with the purpose of protecting it. This article shows advances in the identification and management of risks in ICTs, particularly in the case of SMEs, along with the first proposal of a methodology f...
Article
Full-text available
In a society based on information, the Safety Management Systems (ISMS) are increasingly critical for businesses. Within the Management of Information Security issues are very critical in certain sectors, such as the processing of personal data for the Health Sector, where a bad use of them can mean irreparable damage to their owners and organizati...
Article
Data warehouses are systems that provide useful information to support the decision making process, thus improving organizations' business processes. These systems integrate heterogeneous sources which are not only limited to their internal business data but also include data from the Web, the latter of which have become increasingly more important...
Article
Full-text available
Information Systems Security is one of the most pressing challenges facing all kinds of organizations today. Although many companies have discovered how critical information is to the success of their business or operations, very few have managed to be effective in maintaining their information secure, avoiding unauthorized access, preventing intru...
Article
Full-text available
La sociedad de la información cada vez depende más de los Sistemas de Gestión de la Seguridad de la Información (SGSI), y poder disponer de estos sistemas ha llegado a ser vital para la evolución de las PYMES. Sin embargo, este tipo de compañías requiere de SGSIs adaptados a sus especiales características, y que estén optimizados desde el punto de...
Article
The senior management of any enterprise that plans to start using Cloud Computing services needs to define a clear governance strategy with regard to the security of its information assets. This paper presents a systematic literature review whose objective is to seek existing Information Security Governance frameworks that may assist companies with...
Conference Paper
Full-text available
The information society is ever-increasingly dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has come to be vital to the evolution of SMEs. However, this type of companies requires ISMSs which have been adapted to their particular characteristics, and which are optimised from the point of view o...
Conference Paper
Full-text available
In a society based on information, the Information Security Management Systems (ISMSs) are increasingly critical for businesses. Within the Management of Information Security issues are very critical in certain sectors, such as processing of personal data for the Health Sector where the misuse of them can mean irreparable damage to their owners and...
Article
Full-text available
This paper describes a pattern for the architecture of web-based wireless sensor network monitoring. Sensor nodes are used to measure characteristics of the physical environment and sensed data is stored on the Internet using web-based technologies. Users can access data remotely as long as they have Internet connectivity. Many wireless sensor netw...
Conference Paper
Full-text available
El proceso de elaboración de las memorias de grado (en concreto en el caso del Grado en Ingeniería Informática), se ha basado en un conjunto de competencias generales y específicas, que en la mayoría de los casos entrañan un alto nivel de abstracción y ambigüedad. Este hecho ha dificultado considerablemente la forma de asociar asignaturas con compe...
Conference Paper
Full-text available
Con la implantación del Grado en Ingeniería Informática, se ha elaborado una memoria donde se recogen, entre otras cosas, información sobre su organización en módulos, que a su vez contiene materias, y que éstas están formadas por asignaturas, que son definidas en términos de unos descriptores generales. Para estas asignaturas, se incluye también i...
Conference Paper
Both new technology business models and the new tendencies in the field of computing are forcing organizations to undergo a constant evolution in order to maintain their competitiveness in markets. This evolution has led to a continuous remodeling of companies 'systems to enable them to adapt to the new needs. These changes increase these systems'...