|INFORMATION SECURITY – RECENT AND PAST TRENDS|
Controls,Abstract – This document details about and highlights the trends about various analysis and researches done in the domain of Information Security, since the year 2000 to the present. Various academic papers were taken into account and analysis were done for what issues each of them addressed and the conclusions each of them reported. The various information security domain covered in the report include the following;
- Risk Management,
- Business Continuity and Recovery,
- Cloud Security,
- Intrusion Detection and
- Security Technologies and Policies.
The aim of the report is to record the trends in the above listed domains by reviewing the academic papers and their increase or decrease. The findings from the analysis of various research resources led to a comprehensive and insightful examination of the currents issues, trends and challenges in the domain of Information Security around the world.
|TREND ANALYSIS – REPORT|
The spreadsheet below depicts the information about the trends noticed in various information security domains since the year 2004.
As shown, above is a tabulated report of the reviews and findings all the research papers taken into account. As evident above, one can realize that as businesses entered the 21st century, the very age of information explosion, various aspects of data, information related to information security began to unfold. This, initially not only brought profits and benefits to the organizations but also raised some serious security concerns about their data privacy and protection, which questioned their way of operations, as the time went by.
The modern organizations today depend heavily on information. Perhaps, it is one of their most crucial asset in the present times. However, as the volume of information increases exponentially, so is the rise in concern with its security. Today, the information is prone to numerous risks and threats that are much more sophisticated than what they were earlier. Any setback in the information security management can exacerbate the businesses and their operations severely.
As we examine the data above on the spreadsheet, something that we find ubiquitous is how there was almost negligible concern to deploy and practice information security mechanisms and policies during the early 2000s. Little did the founders and the senior management committee think from the information security perspective for the full-fledged operations of their business operations.
As the world advanced, new threats started to affect the businesses and caused concerns for the senior managements, making them realize the exceptional and explicit need of information security practices. Today, things have gotten somewhat better however, still many small or medium scale enterprises struggle to include appropriate information security measures in their business operations, such as:
- following international standards and codes of practices,
- security certifications,
- risk assessments,
- threat analysis,
- Business Continuity and Disaster Recovery Plans etc.
Upon observing the trends on the spreadsheet, we find that during the first decade (from the year 2004 to 2010), not much attention was given to promote and address the practice of information security methodologies such as;
- adequate controls,
- threat-risk analysis,
- Various security policies etc.
By the end of the first decade, areas or domains that were given major attention included;
a.) Threat Analysis, d.) Intrusion Detection,
b.) Business Continuity & Recovery, e.) IS Security Policies & Technologies.
c.) Cloud Security,
Much was discussed about these areas as companies started to incorporate them into their as a part of their everyday business practices, accepting them as inextricable entities. This not helped business alleviate from their deep security concerns but also introduced them to the fair and legal standards of the code of conducts, whilst educating them about the potential threats and the ways on how to minimize their likelihood. It also enabled them to prepare for any unlikely security incident and what path to follow in order to recover to maintain the business continuity.
In the next page below, an in-detail analysis of each of the above-highlighted Information Security domains is done taking into account the findings from various academic papers analyzed.
|1. Analysis and Impact of Cyber Threats on Online Social Networks|
In recent years, the usage of online social network has increased tremendously. People use social media to share their information with others that share similar interests. With increase in the usage of the social platforms, possibilities of threats while using the online networks has also increased noticeably. If the users do not educate themselves about the potential threats (which often appear invisible but cause much damage), they are very likely to be the victim of those threats in terms of social, economic, and at psychological levels.
The report, now further discusses the current state of security breaches and available measures to counter them.
Cyber threats primarily increasing in four major categories, namely,
- Economical and,
- Cultural and application level.
Cyber threats can also be classified in two ways, first is, organizational level, which is used to gain sensitive information about the organization and second, which is used to gain information remotely using internet. Furthermore, Application level can be further classified in two ways;
- Classical threats ( such as phishing, spamming and stalking) and,
- Modern threats (such as fake profile attack, Location leakage attack, Account compromise Attack).
Online social network(s), such as Facebook, has a more than 150 billion users who upload more than 300 million photos on it every day.
Classical threats may exploit personal information of users, which is posted in social media. For example, attacker can send malicious codes that gains users’ details and from their social media account. Innocent users could be harmed or honey-trapped if they open such malicious messages.
Modern threats, are the ones in which the attacker targets users’ or their friends’ personal information. In cases where the victim’s profile details are only visible to their friends, an attacker can disguise into any known figure to the victim and can create a fake profile and send him/her a friend request. If the victim accepts the request, his/her details will be exposed to the attacker, which could then be used answer several security questions while setting new password to gain access over the victim’s account.
Account Compromise Attacks in social networks are mostly the activities of spammers. The attacker may exploit the trusted relationship between the legitimate users and their friends by sending them spam ads, phishing links, spamming or malware.
Analysis show that most spam are distributed via compromised accounts, instead of faithful spam accounts.
Overall, dealing with cyber threat is very important considering the online network scenario where the users post their personal information in public. Some of the key possible solutions that the report provides to deal with such threats is tabulated below:
Table: THREATS, their IMPACTS and possible SOLUTIONS
|THREATS||IMPACT CATEGORY||POSSIBLE SOLUTION|
|Account Compromise||*||Social Authentication.|
|Fake Profile Attack||*||Adversarial Model.|
|Identity Theft||*||*||*||a. Adjust privacy & security
b. install internet security
c. remove installed third-
|Phishing Attack||*||*||a. Authentication
mechanism, security and
b. internal protection
c. report users.
mechanism, security and
b. internal protection
|Stalking||*||*||a. creating awareness.
b. authentication and access
|2. Business Continuity Planning – Methodologies |
Abstract – Business Continuity Plan indicates how well an organization is prepared to survive in an unlikely event of disruptions or changes, assuring that the critical business processes will continue function in most situations with only some limitations. The main objective to develop a Business Continuity Plan is to ensure that under all adversaries the business should sustain, maintain regulatory compliances and deliver its products or services with minimum losses to its clients, vendors and its employees.
Disruptions in businesses that lead to the enactment of the BCP can be with or without warning and the results can be predictable or unknown. The Business Continuity Plan and Management are the acts of preparing for such disruptions and responding to it in a well-planned manner in order to resume the business operations.
The main components of BCP are:
a.) Business Impact Analysis. b.) Risk Management. c.) Incident Handling.
Risk analysis along with its impact on business is an important component of BCP. Another important component to talk about is the BIA or Business Impact Analysis. It essentially the analysis of existing and future risks to all the critical business functions and calculating the effects of these functions for a given time. Once the disruptions occurs, the organization must know how to act immediately. This is called Incident Handling. Once the situation is taken into control, the other business continuity processes will do what is necessary to delivery of services and products to the intended parties.
|planning >> analysis >> design >> training >> implementation >> review >> maintenance >> audit >> documentation|
When all the above-mentioned components of BCP are linked into an end-to-end system with the following;
It forms a full cycle of Business Continuity Planning and Management framework. The BCP plan must be a part of every business culture and must be regularly tested against all types of threats with the worst possible consequences.
In order to ensure that a BCP framework is functional and meaningful, organizations must follow already established standards and guidelines. These standards provide a symmetric management approach to adopt best practice controls, quantify the level of acceptable risks and implement the appropriate measures of continuity and recovery of business thus protecting the organization’s and its stakeholder’s interests. Some of the important standards are listed below;
- BS 25999-1/2: Code of Practice and specifications for Business Continuity.
- ISO-27031: Business Continuity in ICT.
- ISO-22399: Incident Management and Business Continuity.
- HB 221: Business Continuity Standard in Australia.
- TR 19: Business Continuity Reference Singapore.
In addition the above standards, to make the BCP more effective in meeting the challenges, there are other compliances and regulations such as SOX, GLBA ITIL, COBIT etc. that are need to be followed.
Hence, to conclude, we infer that a Business Continuity Plan is certainly ‘a must’ for every enterprise or organization and must be planned if not already.
Implementing a BCP is an extra investment, which is like an insurance that will help and protect business in becoming more resilient to adopt changes, prepare for uncertainties and remain at operation at adverse situations thus adding values to business. However, such investments should not overweigh the business functions and the risks being protected. It should be business driven and carefully designed to achieve cost-effectiveness and return of investment (ROI).
The key suggestions the report provides to efficiently enhance a Business Continuity Plan are mentioned below ;
- Defining and applying the detection instruction of threat of services and process of recovery.
- Implementing centralized and integrated network operation to monitor and control the whole network, with the increase in the speed of recovering from technical deficiencies.
- Assembling, implementing and improving the level of SLA, which would bring customer satisfaction.
- Integrated security systems, so that the required infrastructure of the security is in hands of one unit.
The Information Security Management System (ISMS) thus, plays a major role in establishing Business Continuity in todays’ information centric world. It is important to realize that BCP is not a one-time project that can be undertaken and then stopped after a specific time; rather it is a continuous process that should be followed as a regular business culture. The senior management plays a vital role in the entire process, right from the beginning. A successful Business Continuity plan also thrives for the best combination of people, processes, policies, procedures, standards, compliances and technologies.
|3. Addressing Security Challenges in Cloud Computing |
Abstract – Cloud, in past couple of years has emerged as a rapidly growing paradigm for storing/sharing data and delivering services over the internet. It enables it users to handle information without investing in any new resources or technologies. Since, it is certainly a promising internet based computing platform however, the security challenges it poses are also striking, which remain to be unaddressed, due to which the adoption of the technology despite rapid development is hindered.
Cloud computing provides more option to users because the storage and processing are primarily handled by the cloud vendors. Therefore, the data is stored on a remote location, which leaves the user without an adequate understanding of the storage location.
There are many well-known cloud service providers in the market such as Google Drive (by Google), Amazon Drive (by Amazon), and OneDrive (by Microsoft) etc.
The cloud is known to have three deployment models namely;
- Private Cloud: functions solely for one organization, in a private network.
- Public Cloud: owned by the service provider, offers highest level of efficiency in shared resources.
- Hybrid Cloud: a combination of private and public cloud, which is a collaborative share between several organizations from the same community.
The cloud also consists of three service models namely;
- Software as a Service (SaaS): provides organizations with ready-to-use applications using a combination of cloud-based computing in storage services. Ex.: Microsoft Business Productivity Online Standard Suite.
- Platform as a Service (PaaS): where the organization is responsible for the development, maintenance and management of data in the cloud. Ex. Windows Azure Platform.
- Infrastructure as a Service (IaaS): where an organization gets infrastructure components and control over the entire IT infrastructure.
Talking about the information security issues, below are some challenges the cloud faces today:
Challenges based on encryption techniques: the cloud-based data access is possible from insecure protocols across any public networks, which means, any employee or the service provider has the access to the data stored on the cloud.
Challenges to maintain privacy: lack of knowledge and resources of where the resources run or who controls them, is a major security challenge. Cloud provider may not manipulate the data, but the fact that it can view the data stored without authorization is a serious security breach.
Challenges based on cloud types: Private clouds are much safer than public clouds since all the resources are managed by the organization that manages the cloud. In public clouds, the data is shared with a third-party service provider.
Other challenges that hinders the advantages the cloud offers include;
a.) Data Breach, b.) Data Loss, c.)Denial-of-Service Attacksd.) Traffic Hijacking. e.) Abuse of cloud services.
The possible literature solutions provided in the report to mitigate the issues arising with the cloud are mentioned below ;
- Personal Security Requirements: Cloud service providers must allow the customers to assign and manage the roles and allied levels of authorization for each of their users in accordance with the security policies.
- Backup and Disaster Recovery Management: The approach to cloud based disaster recovery follows that DR mechanisms; have minimal effect on the normal system operation, must be stored geographically separated, must guarantee privacy and confidentiality.
- Effective governance and risk analysis.
- Exception handling and fault tolerance.
- Cryptographic algorithms.
- Digital forensics tools and,
- Secure Virtualization.
Therefore, we can say that cloud technology definitely provides enormous advantages in data storage and access. However, maintaining security and privacy in clouds become a major challenge which often hinders the acceptance of cloud computing.
|4. Intrusion Detection Techniques to Overcome Cyber Attacks |
Abstract – Some activities specifically intend to disturb the security of any system and try to attack the integrity of any network of concern. Intrusion refers to the activities that violate the security policy of the system, and detection of this intrusion is the process of identifying these attacks. Due to enormous increase in the usage of internet, incidents of breaking of security have increased many folds. The Intrusion Detection systems are an important part of defense mechanism systems to safeguard our systems and networks from attack.
The analysis further gives account of some of the Intrusion detection techniques that are useful for the security of systems and networks. To ensure the safety of information systems, the intrusion detection systems are implemented along with authentication and access control as a second line of defense. System security can be improved by employing intrusion detection accompanied by these protective mechanisms. It is always advisable to know about when the intrusion has actually happened and what type of intrusion has taken place.
The process of intrusion detection is used with wireless or wired networks via making use of hardware or software techniques.
In broader sense, there are two types of approaches employed for intrusion detection techniques:
- Anomaly Detection Technique.
- Misuse Detection Technique.
We know further describe about each of the techniques in detail that are used to detect intrusion in the information system network below.
01. Anomaly Detection Technique:
It is a mechanism were the recording of the normal behavior of the system is taken under examination and recorded. If any function is found which is not under normal behavior of the system or if any action or activity deviates from the normal functionality of the system, then these are termed as intrusive actions.
The real downside of this technique is indicating its rule set. The productivity of the system relies upon how well it is actualized and tried on all protocols. Moreover, for the detection to happen effectively, the directors should improve the itemized information as regards to the accepted network behavior.
Once the principles are described and the protocols are fabricated, then the entire anomaly detection system performs properly. For collection of information of behavior of users and to identify an attacker or normal user, statistical models are employed.
For example, the above technique can detect activities like:
- Excessive bandwidth usage,
- Excessive system calls from a process,
- More than one entity using a service.
02. Misuse Detection Technique
There are some instances of negligible intrusive activity and anomaly detection approach cannot be a successful mechanism to tackle it. For this purpose, misuse detection systems are employed to examine and record well-defined patterns of known attacks or vulnerabilities even if they are so negligible that anomaly detection approaches tend to ignore it.
The technique is a system of rules, either preconfigured by the system or setup manually by the administrator, one can use this mechanism as a specific deny rule firewall. For example;
- Detecting a port scan.
- Parsing user commands.
- Using one of many SMTP/SSH exploits.
The good thing about this system is that it is easy to update the rules. In addition, there are many servers specific for many IDS that automatically update the rules. 
|CRITERIA||ANOMALY BASED||MISUSE BASED|
|Detection Ability||Can detect known and unknown attacks.||Only known attacks can be detected with high accuracy.|
|Definition||Employs deviation idea from the standard pattern to detect intrusion.||Employs patterns of the well-known attacks to detect intrusion.|
|Characteristic of the System||High false alarm.||Low false alarm.|
|Implementation requirement||Needs fewer computations and resources.||Needs extra computations and resources.|
Hence, in the analysis we have successfully detailed about what is Intrusion detection and how they are a threat to Information Security. We have also discussed and compared about various intrusion detection techniques that are employed to detect any intrusions.
|5. Information Security Technology Application in Enterprises |
Network security incorporates mechanisms like protection of network system softwares, hardware facilities, and that, the system data is protected and cannot be damaged or manipulated by the accidental or malicious reasons. It also means that, systems can then run and operate reliably and the network service is not interrupted. Primarily, the network security is the information security on the network. The network security objectives for any corporate network include the following;
- Information confidentiality,
- Authenticity and,
The information network security architecture covers all aspects of information system. It is a dynamic process, the before, during and after equipment deployment should and technical means should be relatively complete. The enterprise network security model is shown below;
Implementation of Enterprise Information Security Architecture:
a.) Network access security mechanism: For common user network login, complete verification details such as login name, password, authentication code is checked to identify the logged users. The verification is validated to prevent the malicious attack to the network access. For administrator users, in addition to the complete verification of login name, password and authentication code, it will also require a correct IP in order to match the login user.
In addition, whether common user or administrator, the number of their login is limited, to ensure the security of the network access.
b.) Firewall Deployment: It is used to control the access to the network security zone, know the access source, access object and type of access, thus to ensure the normal run of legitimate access, and eliminate the illegal and unauthorized access. At the same time, it is also used to effectively detect, prevent and process unusual network access, to ensure normal access to the enterprise information network. On the firewall, in addition to increasing the protection of internal network, firewall logging record can also be used to record all the visits, to monitor the illegal access, thereby making it all the more dynamic, integrated, safe protection system.
c.) Deployment of an IPS System: In this scenario, instead of an intrusion detection system, an intrusion prevention system (IPS) is deployed. It is so because if an IDS system is deployed (which is used to only detect the intrusion activity), by the time it detects any intrusion activity, the attack may have reached its goal already and caused the intended damage. On the other hand, the IPS systems have the ability to take immediate actions; they identify potential threats and respond to them swiftly.
In the above analysis, through the in-depth study of existing network information security technologies, combined with the actual scenario of information systems of small and medium enterprise systems, a security implementation program based on small and medium enterprise is proposed. The implementation details are described in detail confirming that the design is simple as well as easy to operate.
- Group meetings were organized often in order to discuss about the company’s management affairs and proceedings. The role of the CEO amongst all was quite crucial. The information that was necessary to undertake a particular task was conveyed clearly. Most of the group members were engaged in the discussions actively because of which no tasks were hindered or disturbed due to miscommunications. The team members contributed efficiently to the meetings in deciding to figure solutions to any particular complex situations. All the group members addressed their assigned responsibilities with all dedication throughout the session.
- If there were conflicts in group agreements, then everyone were asked to come up with pros and cons of their very choices. In that way, the one with most efficient solution was taken into account. Moreover, the role of senior management committee (in our case, the CEO) was of vital importance as he/she analyzed the presented information and facts and arrived at the conclusion in cases where there were no single consensus on a given view.
- Shared responsibility in the management group is very crucial, as there are numerous aspects in the business operations meant to be addressed in order to ensure efficient and hassle-free function of businesses. Shared responsibility increases one’s individual efficiency, thereby increasing the overall output of the management committee. It thus helps in making crucial and important decisions in order to tackle any critical task.
Describing in terms of Hue et al’s. (2014) research on influence of self-control on decision making; if the employee set in an organization comprises of majority high self-control people, then those employees are probably of great asset to the enterprise. The benefit of having such employees is, people with high self-control take decisions taking into account long-term rewards or consequences hence, they are useful in critical decision-making.
Furthermore, such employees are think for the mutual welfare of company and themselves with the progression of time. They are likely to retain to their duties and responsibilities in the very company for a long time and are highly unlikely to commit any insider threats.
Rafal Cegiela, Warsaw University of Technology, Institute of Control and Computation Engineering, ul. Nowowiejska 15/19, 00-665 Warsaw, Poland.
Department of Computer Science and Information Mathematics, The University of Electro-Communications, Tokyo, Japan.
Kuwait Institute for Scientific Research (KISR),
Soujanya Soni Sameep Mehta, IBM Research India
Sandeep Hans, Technion University, Israel.
Improvement in Organization, Dinesh Alawanthan,
Murali Raman, Faculty of Management Multimedia University Cyberjaya, Malaysia
Gonçalo Cadete, Miguel Mira da Silva Instituto Superior
School of Computing, Science and Engineering, University of
in Cloud Computing Environments, Dawei Suna, Guiran
in the cloud, Nancy J. King, V.T. Raja, College of Business,
computing, Lifei Wei a, Haojin Zhu a, Zhenfu Cao a,⇑, Xiaolei
Department of Computer and Telecommunications
Mazhar Ali, Samee U. Khan, Athanasios V. Vasilakos,
North Dakota State University, USA.
King Fahd University of Petroleum and Minerals, Dhahran,
Hyoungshick Kim, Department of Computer Science and
Reem Jaradat, Faculty of IT, Isra University, Jordan.
Department of Computer Science, Technische Universität
Luigi Coppolino , Salvatore D’Antonio, Giovanni Mazzeo,
Yu Wang, Jun Lu and Zhongwang Wu, Network Security Lab,
Copenhagen Business School, Howitzvej 60, DK-2000
School of Business Administration, The Citadel, Charleston,
College of Business, Auburn University, Auburn, Alabama
organizations’ financial information, Angel R. Otero,Florida
Yuan Zhuo Wang, Institute of Computing Technology,
Lukas Demetz, University of Innsbruck
Controls by Smartphone Users, Fayyaadh Parker, Jacques Ophoff and Jean-Paul Van Belle, Department of Information Systems,University of Cape Town, Cape Town, South Africa.
Ross Karia, School of Criminal Justice, Rutgers University
Newark, United States.
Rajbhooshan Bhakte, Pavol Zavarsky, Sergey Butakov
Information Systems Assurance Management, Concordia University of Edmonton. 7128 Ada Boulevard, Edmonton, Alberta, T5B4E4.
Mauricio Diéguez, Carlos Cares, Depto. Ciencias de la Computación e Informática, Universidad de La Frontera
Cristina Cachero, Depto. Lenguajes y Sistemas Informáticos,
Universidad de Alicante, Alicante, España.
Dong Yu, Deborah Frincke, Center for Secure and Dependable Software, University of Idaho.
A Murali M Rao, Computer Centre University of Hyderabad
Hyderabad – 500 046, India.
François Gagnon, Yvan Labiche, Lionel Briand and Mathieu Couture, Carleton University, 1125 Colonel By, Ottawa, Canada.
1 Pace Plaza, New York, NY 10038.
Mofreh A. Hogo, Electrical Engineering Technology Department, Faculty of Engineering Benha, Benha University
ENSEM Hassan II University, Casablanca, Morocco.
patterns and risk assessment,
BEN CHARHI Youssef, MANNANE Nada, BENDRISS Elmehdi, REGRAGUI Boubker, TIES Team, ENSIAS,
Mohammed V University in Rabat, MOROCCO.
systems: A hybrid approach, Basant Subba , Santosh Biswas, Sushanta Karmakar, Department of Computer Science & Engineering, Indian Institute of Technology, Guwahati
Assam, India 781039.
Overcome Cyber Attacks, Prof.(Dr.) Pradeep Kumar Sharma,
University of Engineering & Management
Jaipur, Rajasthan, India.
Huazhong Normal University, Engineering & Research Center For Information Technology On Education.
Huazhong Normal University, Department of Information Technology.430073,Wuhan,China.
XueYan, Department of Business Administration, Binzhou
Sandip Sonawane, Saurabh Karsoliya, Praneet Saurabh,
Department of Computer Science and Information Technology,
Siemens AG ‘Corporate Technology – Security Technologies,
Siemens Business Services – Center for Information Security Services, D-81730 Munich, Germany.
process model, Kenneth J. Knappa, R. Franklin Morris, Jr., Thomas E. Marshallc, Terry Anthony Byrdc
John H., Sykes College of Business, The University of Tampa, 401 W. Kennedy Blvd, Tampa, FL 33606-1490, USA.
School of Business Administration, The Citadel, Charleston, SC 29409, USA.
College of Business, Auburn University, Auburn, Alabama 36849, USA.
University of Oulu, IS Security Research Center and Department of Information Processing Science, Linnanmaa, P.O. Box 3000, FIN-90014, Finland.
Copenhagen Business School, Howitzvej 60, DK-2000 Frederiksberg, Denmark.
School of Information Science and Engineering ,Hebei North University 075000.
Identification and Evaluation Techniques,
Dan Ionita, Services, Cybersecurity and Safety Research Group,
University of Twente, The Netherlands.
model in organizations, Nader Sohrabi Safa, Rossouw
implementation: The what, how and who,
Stephen V. Flowerday, Tite Tuyikeze, Department of Information Systems, University of Fort Hare, 50 Church Street, East London, 5241, South Africa.
Eugeniy R. Khakimullin, Academy of State fire service of
Artem S. Kabanov, lexei B. Los, Research University Higher
University of Science and Technology Beijing, Beijing 100083,
Equipment Academy of Second Artillery of PLA, China.
Timothy Wright Michael J. Chapple Robert Winding,
University of Notre Dame, Notre Dame, IN.
Katerina Papadaki, Nineta Polemi, National Technical University
University of Piraeus Athens, Greece Piraeus, Greece.
Ekaterini Papadaki, Despina Polemi, Dimitrios Kon/nos Damilos
National Technical University of Athens & Bank of Greece.
University of Pireaus Technical University of Athens.
Nik Zulkarnaen Khidzir, Noor Habibah Hj Arshad,
40450 Shah Alam, Malaysia.
Virginia N. L. Franqueira† , Zornitza Bakalova†, Thein Than Tun
Vincent Lalanne and Manuel Munier, LIUPPA,
Universit´e Pau & Pays Adour, Pau, France.
Alban Gabillon, GePaSud EA 4238, Universit´e Polyn´esie Franc¸aise, France.
Critical Informative Systems,
K. V.D. Kiran t, L.S.S. Reddy, VeJagapudi Pavan Kumar Kalluri Krishna Sai Dheeraj, Department o/Computer Science & Engineering, Koneru Lakshmaiah Education Foundation-K L University, Green Fields, Vaddeswaram, Guntur Dist. Andhra Pradesh, India.
Ivan Sedinić, Tamara Perušić, Croatian Telecom, Cyber & Data Security Section, Opatija, Croatia.
Management Systems, Michael Brunner, Christian Sillaber, Ruth Breu, Institute of Computer Science, University of Innsbruck, Innsbruck, Austria.
WITHIN THE CONTEXT OF WS-SECURITY, Jesper Holgersson and Eva Soderstrom, University of Skovde, Skovde.
Analysis, Sharon Simmons, Dennis Edwards, Norman Wilde
Jiri Just, and Mahidhar Satyanarayana, Department of Computer Science, University of West Florida, Pensacola, FL, USA.
The Vulnerability Black Market,
Jaziar Radianti, Jose. J. Gonzalez, Research Cell “Security and Quality in Organizations”, Faculty of Engineering and Science, Agder University College, Serviceboks 509, NO-4898 Grimstad, Norway.
George S. Oreku, Tanzania Industrial Research and Development Organization, Tanzania.
Fredrick J. Mtenzi, Dublin Institute of Technology, Faculty of Science, Dublin, Ireland.
Mohammed Alhabeeb, Abdullah Almuhaideb, Phu Dung Le and Bala Srinivasan, School of Information Technology,
Monash University, Melbourne, Australia.
David J. Musliner, Jeffrey M. Rye, Dan Thomsen, David D. McDonald, Mark H. Burstein, SIFT.
Paul Robertson, DOLL.
University of Technology and Life Sciences, Institute of Telecommunications, Bydgoszcz, Poland.
Threats in Mobile Environment,
Won Hyung Park, Dae Hyeob Kim, Myung Soo Kim, Neo Park(Corresponding Author), Department of Cyber Security,
Far East University, Wangjang-ri, Gamgok-myeon, Eumseong-gun, Chungcheongbuk-do, Republic of Korea.
Kutub Thakur, Meikang Qiu, Keke Gai, Md Liakat Ali.
threats Information System,
RPA College of Sciences, University of Louisiana at Lafayette
Lafayette, LA, USA.
Steven J Dick, Ph.D., Senior Research Scientist, Cecil J. Picard Center, University of Louisiana at Lafayette
Lafayette, LA, USA.