International Science Index

5
10007817
Digital Forensics Compute Cluster: A High Speed Distributed Computing Capability for Digital Forensics
Abstract:
We have developed a distributed computing capability, Digital Forensics Compute Cluster (DFORC2) to speed up the ingestion and processing of digital evidence that is resident on computer hard drives. DFORC2 parallelizes evidence ingestion and file processing steps. It can be run on a standalone computer cluster or in the Amazon Web Services (AWS) cloud. When running in a virtualized computing environment, its cluster resources can be dynamically scaled up or down using Kubernetes. DFORC2 is an open source project that uses Autopsy, Apache Spark and Kafka, and other open source software packages. It extends the proven open source digital forensics capabilities of Autopsy to compute clusters and cloud architectures, so digital forensics tasks can be accomplished efficiently by a scalable array of cluster compute nodes. In this paper, we describe DFORC2 and compare it with a standalone version of Autopsy when both are used to process evidence from hard drives of different sizes.
Paper Detail
6
downloads
4
10007172
Benchmarking of Pentesting Tools
Abstract:
The benchmarking of tools for dynamic analysis of vulnerabilities in web applications is something that is done periodically, because these tools from time to time update their knowledge base and search algorithms, in order to improve their accuracy. Unfortunately, the vast majority of these evaluations are made by software enthusiasts who publish their results on blogs or on non-academic websites and always with the same evaluation methodology. Similarly, academics who have carried out this type of analysis from a scientific approach, the majority, make their analysis within the same methodology as well the empirical authors. This paper is based on the interest of finding answers to questions that many users of this type of tools have been asking over the years, such as, to know if the tool truly test and evaluate every vulnerability that it ensures do, or if the tool, really, deliver a real report of all the vulnerabilities tested and exploited. This kind of questions have also motivated previous work but without real answers. The aim of this paper is to show results that truly answer, at least on the tested tools, all those unanswered questions. All the results have been obtained by changing the common model of benchmarking used for all those previous works.
Paper Detail
90
downloads
3
10007724
Perceptions of Cybersecurity in Government Organizations: Case Study of Bhutan
Abstract:

Bhutan is becoming increasingly dependent on Information and Communications Technologies (ICTs), especially the Internet for performing the daily activities of governments, businesses, and individuals. Consequently, information systems and networks are becoming more exposed and vulnerable to cybersecurity threats. This paper highlights the findings of the survey study carried out to understand the perceptions of cybersecurity implementation among government organizations in Bhutan. About 280 ICT personnel were surveyed about the effectiveness of cybersecurity implementation in their organizations. A questionnaire based on a 5 point Likert scale was used to assess the perceptions of respondents. The questions were asked on cybersecurity practices such as cybersecurity policies, awareness and training, and risk management. The survey results show that less than 50% of respondents believe that the cybersecurity implementation is effective: cybersecurity policy (40%), risk management (23%), training and awareness (28%), system development life cycle (34%); incident management (26%), and communications and operational management (40%). The findings suggest that many of the cybersecurity practices are inadequately implemented and therefore, there exist a gap in achieving a required cybersecurity posture. This study recommends government organizations to establish a comprehensive cybersecurity program with emphasis on cybersecurity policy, risk management, and awareness and training. In addition, the research study has practical implications to both government and private organizations for implementing and managing cybersecurity.

Paper Detail
26
downloads
2
10005256
CyberSecurity Malaysia: Towards Becoming a National Certification Body for Information Security Management Systems Internal Auditors
Abstract:
Internal auditing is one of the most important activities for organizations that implement information security management systems (ISMS). The purpose of internal audits is to ensure the ISMS implementation is in accordance to the ISO/IEC 27001 standard and the organization’s own requirements for its ISMS. Competent internal auditors are the main element that contributes to the effectiveness of internal auditing activities. To realize this need, CyberSecurity Malaysia is now in the process of becoming a certification body that certifies ISMS internal auditors. The certification scheme will assess the competence of internal auditors in generic knowledge and skills in management systems, and also in ISMS-specific knowledge and skills. The certification assessment is based on the ISO/IEC 19011 Guidelines for auditing management systems, ISO/IEC 27007 Guidelines for information security management systems auditing and ISO/IEC 27001 Information security management systems requirements. The certification scheme complies with the ISO/IEC 17024 General requirements for bodies operating certification systems of persons. Candidates who pass the exam will be certified as an ISMS Internal Auditor, whose competency will be evaluated every three years.
Paper Detail
480
downloads
1
10004034
Cybersecurity Awareness through Laboratories and Cyber Competitions in the Education System: Practices to Promote Student Success
Abstract:

Cybersecurity is one of the greatest challenges society faces in an age revolving around technological development. With cyber-attacks on the continuous rise, the nation needs to understand and learn ways that can prevent such attacks. A major contribution that can change the education system is to implement laboratories and competitions into academia. This method can improve and educate students with more hands-on exercises in a highly motivating setting. Considering the fact that students are the next generation of the nation’s workforce, it is important for students to understand concepts not only through books, but also through actual hands-on experiences in order for them to be prepared for the workforce. An effective cybersecurity education system is critical for creating a strong cyber secure workforce today and for the future. This paper emphasizes the need for awareness and the need for competitions and cybersecurity laboratories to be implemented into the education system.

Paper Detail
388
downloads