- Ali A R Aldallal added an answer:54What is information security?
Dear collegues. Your answer is highly appreciated. I think the points that you mentioned, have been prolific for me and many of RG members.
Information security - the state of preservation of information resources and protection of the legitimate rights of the individual and society in the information sphere. Information Security - is the process of ensuring the confidentiality, integrity and availability of information.
With kind regards, Shafagat
Safe-guarding an organization's data from unauthorized access or modification to ensure its availability, confidentiality, and integrity.
Read more: http://www.businessdictionary.com/definition/information-security.html#ixzz3zVvKKS7eFollowing
- Pascal Paillier added an answer:12How to encrypt/decrypt a database using elliptic curve cryptography?I want to know about process of encryption and decryption of a database by using elliptic curve cryptography.
The well-established way to public-key encrypt using elliptic curves is the ElGamal scheme, known as ECIES-KEM in standards. Just Google ECIES, you will find 4 different standards that specify it. It is trivial to implement once you have a scalar multiplication working.Following
- Cem Onat Karagun added an answer:5Can we perform ARP poisoning in one subnet, say A while we are sitting in another subnet B. These subnets are connected to each other using a router.I want to check whether we can launch ARP poisoning attack in a subnet without really sitting in that subnet. Can we do it from a subnet which is connected to that subnet using a router?
No my friend,
You just can not without (!) Vlan hopping
If u wanna learn how it could be done, search on google
"Trunk port spoofing with Yersinia"
- Ramon López de Mántaras added an answer:1Hi, could someone please point me to a numerical example showing how Mantaras distance is used to compare two partitions?
As additional context, I am planning to use this metric in clustering evaluation to calculate the distance between two partitions (each one with a set of clusters). However, I am always getting a distance of 1 (regardless of the input clusters). This issue leads me to believe that I might be interpreting incorrectly a part of the equation: Dist(Pa,Pb) = 2 - (I(Pa) + I(Pb)/I(Pa ∩ Pb)). Unfortunately, all the references I have found only show the involved equations without a detailed example.
I am the person that proposed this distance. In my paper "A distance based attribute selection measure for decision tree induction" (Machine Learning Journal, Vol. 6,nº 1, pp. 81-92, 1991. you can find all the necessary information to understand correctly my distance. If you have any difficulties please contact me (email@example.com)Following
- Hugh Jensen Mclarty added an answer:2Has single/dual n-back training any lasting effects?
Does single or dual-n-back training have any lasting, transferable effects on other cognitive skills, apart from improving the performance in running the dual-n-back game? Some research studies indicate that it may have some effect for some people with some conditions (e.g. older people, people with dysphoria etc.), however larger meta-studies indicate no or very small effect in general as well as methodological problems in the underlying studies. The research therefore seems inconclusive.
What is your research experience with this? Are there any groups or conditions where such training has been shown to have transferable, lasting effects?
If you are reading in this area you have probably already found him, but I know from his work with ACT-R that Niels Taatgen has worked with N-back, cognitive modeling, and has a long interest in transfer.Following
- Ali Farooq added an answer:16Can you please help in completing the survey on "Students' Perceived Information Security and Privacy Threats"?
I am conducting a study to explore students' perceived information security and privacy (IS&P) threats landscape. For this purpose I have designed a survey and uploaded it at the following link:
The survey targets university students (undergraduate/postgraduate/PhD). It will take 15-20 minutes to fill in the survey.
It will be really appreciated if you could help me in getting response for this survey by:
1. filling in the survey and share with your friends, if you are a student
2. sharing it among your students, if you are a faculty member
The survey doesn't have any restriction, so ANY university student from ANY university from ANY where in the world can fill this survey.A large response set is crucial for this study.
Thanking in anticipation.
University of Turku, Finland
Indeed there is need to educate youngsters (teenagers especially) regarding security and privacy issues, social networks is one of them. Following article by our team provides Taxonomy of Information Security and Privacy Threats that our young adults (18-35 Students) are prone too. This paper also provide a Domain model to examine and classify different threats to the students:
Moreover, the survey for which I have sought your help is continuation of the same publication.
It would be great, if you could share the survey link among students from your university as well.Following
- Günter Fahrnberger added an answer:3How can I use decode and forward with untrusted relay?
I am a new researcher and i am working on physical layer security. I find a problem but stuck in a solving this issue.
How can we use decode and forward protocol with untrusted relay, means we want to use it and also want to hide data from him.
I am searching for any physical layer security technique to solve this problem
@Peter: Beijing was a worthwhile trip. Nonetheless, I have not relaxed meanwhile and will publish an improved IM sifter soon.Following
- Abdullah A. Mohamed added an answer:8I aim to design on-line IDS by using nsl-kDD data set. is there any way to extract the features of NSL-KDD from a real packet?NSL-KDD features consist of 42 features, divided into three classes TCP header, domain and 2-Minette connection. The first type is extracted easily, but the last tow type i can't seem to get. Is there any tool, program language lib. C#.net or other that could be of help?
The feature is shown below.
10 hot no. of hot indicators
11 number failed logins no. of failed logins
12 logged in (discrete)
13 number compromised no. of compromised conditions
14 root shell
15 su attempted
16 num root no. of root accesses
17 num file creations no. of file creation operations
18 num shells no. of shell prompts
19 num access files no. of operations on access control files
20 num outbound cmds no. of outbound commands in an ftp sessionc
21 is host login (if the login belongs to the hot List)
22 is guest login
23 count no. of connections to the same host as the current connection in
24 srv count no. of connections to the same service as the current connection in the past two seconds
25 Serror rate % of connections that have SYN errors
26 srv Serror rate % of connections that have SYN errors
27 rerror rate % of connections that have REJ errors
28 srv rerror rate % of connections that have REJ errors
29 same srv rate % of connections to the same ser-vice
30 diff srv rate % of connections to different service
31 srv diff host rate
32 dst host count
33 dst host srv count
thanx my friendFollowing
- Patrick Kamongi added an answer:10Is there any systematic way to identify assets during threat modeling and risk analysis?
Identifying assets is the primary, and most critical step in threat modeling, because assets are essentially threat targets.
So, How we could determine that the list of assets is complete and be sure that we have not overlooked relevant assets?
In addition to the above great feedbacks, you should also take in consideration all dependencies(1st, 2nd, etc... Order Levels) that each asset leverages and how many assets may share common dependencies.Following
- Ryan Heartfield added an answer:5Are there any new Social Engineering detection techniques?It seems that not much work - too little in fact, is being done to find solutions to detect SE attacks. I would appreciate any references to the latest SE detection techniques research.
I have recently had a journal paper approved for publication in ACM Computing Surveys titled "A taxonomy of attacks and survey of defence mechanisms for semantic social engineering attacks".
The taxonomy proposed provides a generic, linear classification structure for technically classifying any semantic attack. It is designed to inform developers/researchers of the key technical concepts that should be considered when implementing SE defence mechanisms. The paper also includes a literature on current defenses mechanisms for semantic attacks, contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix.
For the pre-publication copy of the journal paper please see:
I expect it to be available in ACM CSUR early next year. I hope it helps!Following
- Majid Bakhtiari added an answer:12What are the encryption schemes used in SMS?
I would like to know about the encryption systems used in SMS coding (both for the purpose of transmission data security) in mobile modern phones.
1- SMS does not encrypt in GSM .
Related to key management in GSM, this is why they using from IV.Following
- Zakir Khan added an answer:5What are the main parameters used to measure the strength of an information security algorithm?To compare different techniques/algorithm what parameters are used and how can they be implemented in matlab.
for signals processing
Low pass filtering
another aspects parameters
- Natalia G. Miloslavskaya added an answer:13Do we need Information Security Theory?Any thoughts about the need for and possibility of creating a complete IS Theory as a basic science?
I would like to add we should ensure also availability, confidentiality, autenticity, non-repudiation etc. All these qualities of information and IT infrastructure assets are very important, not only integrity.Following
- Mel Griffiths added an answer:2What are the dangers and benefits of "mass" surveillance systems and data profiling?I would like to know the impact on both sides: people's privacy and government security.
In terms of mass surveillance, use of metadata and the security versus privacy implications, have a look at the following papers. All are very recent and offer some insight into the dangers and benefits of mass surveillance and big data.
Lyon, D. (2014). Surveillance, snowden, and big data: capacities, consequences, critique. Big Data & Society, 1(2), 2053951714541861.
Schneier, B. (2014). Metadata= Surveillance. IEEE Security & Privacy, (2), 84-84.
Miller, K. (2014). Total Surveillance, Big Data, and Predictive Crime Technology: Privacy's Perfect Storm. J. Tech. L. & Pol'y, 19, 105.Following
- Quist-Aphetsi Kester added an answer:9How can I process data loss when applying steganography using DCT?
when hide some bits of secret message in DCT coefficients ,we note some lossy in extracting message(sorry for bad English)
Gusharanjeet Singh Kalra is right in his explanationFollowing
- Mehdi Kargar added an answer:7What is penetration testing? How it is implemented in information security?I need information on penetration testing to find out the vulnerabilities in the network.
The action is to find security holes in a company or an organization to protect and secure sensitive informationFollowing
- Sirapat Boonkrong added an answer:3Is there any way to perform manual assocation of random MAC addresses with the access point in a wireless environment?
I wanted to know if an attacker can do manual associations of random MAC addresses with the access point.
Can it be done in case of WPA2 encrypted networks too, i mean the complete four way handshaking involved during authentication?
It depends what type of authentication you are doing.
If you do "open authentication", it is possible for any attacker to fake a MAC address.
If you do "shared-key authentication", then it becomes more difficult because authentication is done using the pre-shared secret key, rather than a MAC address.
Bear in mind that if your wireless network uses DHCP, it is very likely that you will need to have an additional authentication layer to stop DHCP from giving out IP address automatically.Following
- Nils Ulltveit-Moe added an answer:11What steps should be considered before implementing ISMS in an organization?
I am providing the scope of ISMS for an organization who has contract with us. We are going to test the feasibility before implementing ISMS. Does anyone have any idea about such an issue?
Thank you so much.
We have now released a set of resources from the PRECYSE EU project that are useful for implementing an Information Security Management System:
I have released a course on using the Verinice ISMS:
The YouTube playlist "PRECYSE Verinice Course" with screencast videos is here:
The arftoverinice import filter for importing OpenVAS scans into Verinice is here:
The Magerit control catalogue and OCIL test suite is here:
- Nils Ulltveit-Moe added an answer:7How can we authenticate a remote program?
Suppose we have a set of API hosted on a local server. I only want legal remote programs to invoke those APIs. If the remote program is, let's say the original program that I uploaded to the remote machine, then I allow the invoke. If the remote program is a version tampered by the attacker, then I disallow it. How can I bind the program's identity to the function invocation to determine whether the remote program is not tampered?
Remote attestation based on trusted computing supports detecting changes of the remote software.Following
- Priti Puri added an answer:3What is the most appropriate classification method to classify qualitative parameters of bank's risk (i.e. reputation, legal and compliance) ?
Regarding to Basel II Pillar 2, they spelled out that bank should notice other inherent risk such as compliance, reputation, legal and strategic risk. These are qualitative (as far as I know, except there is a way to quantify them).
I was thinking about Fuzzy Inference System, but looking at the high dynamic economic condition, this method is no longer applicable or not proper enough to cover the possibilities.
Any answer and discussion are welcome, it will be my pleasure to catch your answer/ideas.
- Louis Brassard added an answer:47Do you support Tom Leinster's call not to help intelligence services through mathematics?"Intelligence agencies hire lots of mathematicians, but would-be employees must realise that their work is misused to snoop on everyone, says Tom Leinster"
New Scientist has published an article recently, where Tom Leinster asks mathematicians to stay away from supporting NSA, CIA, GCHQ, (former) KGB and all the other organizations that spy on us. I even don't know the name of their Chinese colleagues' organization.
What are your thoughts on this?
I recommend the 2014 documentary film (can be freely seen on the internet) : Citizenfour ; it shows the behind the scene of the Edward Snowden and the NSA spying scandal. It was shot during the events. It won the Academy Award for Best Documentary Feature at the 2015 Oscars.Following
- Xavier Bonnaire added an answer:15Can anyone help me to find research in using encryption algorithms to secure Peer to peer network?
I try to find some research papers for securing Peer to peer network,
You can have a look to the following publication. This is a particular case about certification, but you may find useful ideas.Following
- Muhammad Imran Tariq added an answer:2How can I simulate SLA based Information Security metrics for Cloud Computing?
I have made SLA based Information Security Metrics for Cloud Computing and desired to simulate on any simulator..
Would you please suggest me appropriate simulator and the way to simulate it
Thanks Hamza Kheddar, It is really a good material for initial study.....
I installed CloudSim and now working on this.... if you have any other material relates to my request then please send and oblige.
- Muhammad Imran Tariq added an answer:16Which Information Security framework / standard/certification/guide is best for cloud organizations to maintain their security?There are several Information Security frameworks, standards, certifications and guides to maintain security in an organization.
Would you share which one is best for said purpose?
Thanks Vito for your appreciation and Acknowledge. It is Book not paper. I will find out ISO 27001:20013 on internet :)
Muhammad Imran TariqFollowing
- Quist-Aphetsi Kester added an answer:9How to provide better security in our online communication?If it is on internet it is not private!!!
by using the state of the arts cryptographic methods like post quantum cryptographyFollowing
- Ahmad T Siddiqui added an answer:2Is there any article which discussed case study / application of privacy in distributed data mining?
I want to know about real case study of privacy threat cause of association rule mining (Distributed or centralized database).
try these links:
Hope it helps...Following
- Per M. Gustavsson added an answer:7Can anyone help me with main principles and models usually used for visualization of information security events and incidents?For information security managers in SIEM systems
Look at the start-ups that showed their products at CyberTech2014 as an example (https://www.cybertechisrael.com/) - there you have both common and innovative methods.
Is it real-time monitoring or is it to reconstruct an event chain?
Should it be used for informed decision making? Purpose ?
Real-time monitoring then the process views etc. in ITIL CORBIT may be to complicated. Often different gauge meters dashboards, network views are used, which do not provide with insightin whats happening (compare to balanced score card dashboards or lean dashboards...) In a reconstruction analysis phase ITIL, CORBIT or rather the business process view will add value for visualization.Following
- Devi Thiyagarajan added an answer:4Does anyone know of a simulator that supports implementing cryptography algorithms in the cloud?I’m conducting a research on cloud computing security. I need a cloud computing simulator that supports implementation of cryptography algorithms. Please advise me which simulator to use.
I would like to implement ECC algorithm in for securing files in CLoud.. Wat kind of implementation i can do...Following
- Mojtaba Alizadeh added an answer:3Is this statement correct: "Mobile devices such as laptops, mobile phones, USB memories, and PDAs do not posses tamper-resistant characteristics"?
The problem is that most of authentication methods that use smart card in authentication procedures, are vulnerable against theft. Is it correct?
Ref: "Cryptanalysis and Improvement of “An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems” (Khan and Kumari, 2014)
Thank you so much for your comprehensive answer, and for your time to answer this question. Your answer is completely helpful.