More Subjects
Executive Summary
GFI is a worldwide foundation offering financial servicing and items over the United States and encompassing nations. The company confronted difficulties prompting capital loss of assets to clients and jeopardization of business integrity to the all-inclusive community while directing business. At a certain point, fortune magazine highlighted the company for their scaling operational management strategies. Also, the key takeaway in this composing is to show the rationale, procedures, and steps associated with deciding vulnerabilities and moderating dangers for the the company WLAN. The company loss of capital of up to 1.7 million throughout the long periods of business due to digital incidents that brought about payouts to clients and bringing into inquiry to people in general about the company’s confidentiality, integrity, accessibility security rehearses. The rating of vulnerabilities ranges from extremely high hazard to generally safe contingent upon the shortcomings found and the execution of procedures towards them. The inclusion of the assessment ranges to these particular regions of interest: the whole WLAN, WAP and remote security, encryption methods, WLAN policies, convention use, and edge security.
Inventory Asset Analysis
The company has a noteworthy interest in physical asset investment and inventory management. Every class of gadget is essential to the general WLAN; in any case, these assets are organized dependent on the sum hazard they weigh dependent on expense and effect they have on accessibility of the WLAN. On the off chance that the user workstations were lost, the company representatives would not have the capacity to process client data or complete solicitations. This would make a huge misfortune every day operations of the association, which implies lost income.
The company’s internal servers are a high-chance asset on the grounds that without those essential WLAN services, the framework is constrained or non-utilitarian. User workstations and different gadgets depend on these WLAN services to most likely communicate over the WLAN and with different branches. Likewise, the outskirt, appropriation, and access layer switches and switches are a high need in light of the communication mediums they give.
Also, the communication over the WLAN would be affected in the event that at least one of these switches were lost. Be that as it may, in light of the fact that there are redundancies set up, the WLAN would in any case have the capacity to work yet possibly at a lower threshold. The effect of the vpn passages is high a result of the branch areas. The hazard here is that different branches may have no entrance to the inner client database which specifically impacts day by day operations and the capacity to compete demands.
The printers allocated to Private Branch Exchange/ remote access server, and remote passageways are lower need since day by day operations can proceed without them. Frequently nowadays, printing is an extravagance and not completely required. The remote access server is for dial-up remote users however is a lower utilized situation these days. If remote access, somehow happened to be lost, wired is as yet a suitable alternative, representatives would just not have the capacity to be as versatile as previously.
Following table lists the assets in Priority order:
Priority
Asset
1
Oracle Database Server
2
SUS Server
3
File / Printer Server
4
Internal DNS
5
Intranet Web Server
6
E-mail Server
7
TCB Workstation
8
CISCO Switches
9
VLAN Switches
10
Department Workstations
11
Distribution Routers
12
VPN Gateway
13
Remote Access Server
14
Private Branch
15
Exchange Branch
16
Core Routers
17
Wireless Router and Antenna
Vulnerability Assessment for Remote Access
The company’s WLAN have both internal and external WAP. Internal routes incorporate wired user workstations and remote access, while, the external passageways incorporate the remote dial-up and vpn associations. As of now, the company has no edge security for its topology. While the fringe switches can sift through some traffic, they are extremely helpless due to being straightforwardly between the untrusted internet and the internal WLAN. This sort of equipment set-up is helpless against denial of service (dos) incidents in light of the fact that the outskirt switches are the sole channel (wilkins, 2015). The company has been encountering a spike in WLAN traffic over these switches and it is hard to state who or what is causing the expansion. To all the more likely help guard the WLAN, secure firewalls ought to be actualized to include an extra layer of security for separating traffic coming in.
The company allows the remote access of applications and services for remotely connecting to the systems with in a WLAN without any continuous monitoring of WLAN. So such WLAN can be exploited easily and creates several threats for the critical data. Unfortunately, the company is not using such technology of remote access securely by neither updating the tools of remote access and nor configuring it according to best practices of security. It has been believed that more than ninety percent of security breaches are done through remotely access servers.
Although vpn encryption and authentication system of the company are strong, but its current infrastructure is still vulnerable for attacking if the server of vpn can be bypassed.
in this WLAN it is clearly shown that all the wireless client can access the WLAN with the help of wep for associating with an hotspot which can help the hacker to get a private ip easily and can successfully break into the intranet of the company.
The company is using wep to provide wireless security to its byod users but now many WLAN engineers believe that wep has some critical drawbacks and it is not sufficient for the security. In this WLAN client is configured for using wep in order to associate with the aps (WAP) but it does not provide any particular security level. The protocol is wep of weak fundamentally because it uses a key of static encryption as a result of which hackers can easily crack the encryption of wep through using free tools of hacking.
WLAN engineers have revealed the breakthrough of ms-chap v2 authentication to an encryption of single des (2^56) regardless of length of password. With the help of man in the middle attack the hackers can get all the secret data between the authenticator and client. There are several vulnerabilities in such algorithm which can combine together for the success of such kind of attack.
The company also lacks a physical security control of their access WLAN which creates a risk of device theft or loss.
Internal Analysis
The greater part of the company’s internal WLAN services are housed at central command inside the trusted computing base (tcb) internal WLAN. The tcb is intended to empower a top down secure condition for the internal servers by having numerous controls set up that all work together [2].
Nonetheless, as observed with the past incidents on assets that live in the tcb, there are some security imperfections present. Internal users just as external or remote users approach assets inside the tcb. Internal users ought to have effectively validated to the physical WLAN, so they for the most part approach these assets. External users get entrance either through a vpn passage or dial-up association through a Private Branch Exchange and remote access server. Be that as it may, as recently talked about, the vpn at present does not encrypt traffic and the dial-up association is obsolete and has security defects. While the tcb may appear to be physically secure, it isn't consistently secure because of the insecure conventions utilized inside the internal condition.
Workers right now have the choice to interface with the WLAN assets remotely through a dial-up association through a Private Branch Exchange and remote access server. The Private Branch Exchange straightforwardly associates with the open changed phone WLAN to take into account dial-up associations with the the company WLAN. At present, there are actually no security measures set up to shield the Private Branch Exchange from the external dedicated. This implies each association ask for that it gets, it will endeavor to process through the remote access server. This makes the Private Branch Exchange extremely defenseless against beast power and dos incidents through the phone framework [2].
In spite of the fact that the possibility of an assailant picking the phone framework to get entrance may appear to be fantastical, it is entirely conceivable particularly when different techniques for passage are hardened to deny unapproved access. This innovation is maturing, so more up to date framework overseers are not familiar with how the dedicated functions and the associated equipment that interfaces with it. In any case, it is as yet an immediate line from an external WLAN to the company’s internal WLAN and should be tended to and secured.
The most straightforward approach to moderate this hazard is to remove the alternative for users to go through the dial association for WLAN access. The company should just offer a vpn association for remote access as it is substantially more secure and decreases the external WLAN WAP. One would likewise assume that the company is as of now using Voice over IP (VoIP) for their voice services which takes a shot at a similar WLAN and uses indistinguishable assets from data. VoIP is a less expensive, progressively scalable, and more reasonable choice than the customary telephone lines [2]. VoIP additionally takes into account in house management as opposed to having external telephone company professionals requiring physical access to various zones of The company’s central station at whatever point there is an issue. This choice could completely wipe out The company’s unwavering quality on the dedicated and moderate the dangers associated with it.
Security Improvement
Monitoring-Based solutions will be effective in such type of wireless WLAN. Detection of hidden wireless routers is very critical because in this scenario WLAN security is compromised as in this scenario non-VPN-authenticated user can gain the access to the WLAN of the company bypassing their VPNs server. So monitoring the cross-traffic which is the traffic from the station of wireless that is not authenticated to the server of VPN but to another station of wireless is key to detect the hidden wireless routers. Such traffic can be identified with the help of sniffer as it has the ability to identify the cross traffic.
Solution of Access-point based can react to a detected Hidden Wireless Router for preventing it from operating. WAP can use frame filtering which is based on the MAC destination and source address. This help WAP to take into account only authorized IP address which can help them to allow or deny cross traffics.
The unauthorized access to the remote server can also be prevented by using the certificates of the server. The Company authentication must have a trusted or identified certificate which is issued by the higher authorities of IT department in the type of private certificate. The WLAN can verify that user it is contacting has the trusted certificate and can be allowed to access the WLAN. In BYOD platforms JoinNow can be used for configuring the device in order to check for particular certificates and also to verify that it is connected to the authentic WLANs.
In order to mitigate the issues associated with the WEP, Wi-Fi Protected Access (WPA) can be used which is considered to be the much stronger algorithm of encryption than WEP. Both these protocol uses the same encryption and decryption method but have different master keys. WPA uses a protocol of temporary key integrity that dynamically transforms the key when packets of data are sent to the WLAN. As the key is changing constantly, it can make the cracking of key more complex than that of WEP.
Moreover, MS-CHAP v2 is easily crack able so in order to fix this issue GIF should use PEAP or adopt a more tunnel of secure VPN like SSTP, VPN Reconnect or L2TP.
Remote access Interface Vulnerabilities
The remote system is considered to be the most significant vulnerabilities in the WLAN. It allows the hackers to access direct channel to the intranet of the company and after entering into the intranet they can do everything they want. In such type of infrastructure overflow technique of buffer can be used for forcing execution of remote code on the machines of the company.
Wireless WAP are considered to be the insecure regardless whether the encryption is used or not. This remotely access WLAN is very convenient but it is very difficult for understanding it when it comes to vulnerability. This remote access can give the hackers a path for compromising the WLANs of organization and gaining access to the critical data. If the hacker can gain the access to the remote access infrastructure, it can easily gain access to the internal system of the company. Moreover, the most severe disadvantage of this WLAN is that there is no firewall installed in this infrastructure which can easily allow the hackers to hack the WLAN and can remotely access to the internal WLAN for breaching the data.
In order to prevent the vulnerabilities of remote access infrastructure methodology of testing can be used which is then divided into three phases such as Profiling, Assessment, and Exploitation.
In profiling phase, the techniques of information gathering such as fingerprinting, foot-printing, and enumeration can be performed for gathering enough information about the company’s remote access infrastructure. Such techniques can help to identify the supported modes, encryption hashes or algorithms, and authentication protocols such as digital certificates or pre-shared key. Both manual and automated assessment of vulnerability can be performed in the assessment phase on the basis of the information gathered from the profiling phase against the remote access infrastructure of THE COMPANY for ensuring that all unknown and known vulnerabilities can be identified. In this phase following techniques can be used:
Lack of Patching- identifies the out-of-date services and systems.
Force Aggressive Mode- gives the possibilities for enabling mode of insecure aggression.
Capture Pre-Shared Key- gives the possibilities for capturing the pre-shared key.
In the exploitation phase THE COMPANY can try to validate and exploit identified vulnerabilities existence. Both offline and online techniques of password cracking can be performed against the hashes of password. In case of successful exploitation THE COMPANY can escalate privileges within WLANs, host, and applications. After knowing all the possible vulnerabilities effective measurements can be done to prevent all the cyber-threats to the organization. It is considered to be the most significant technique of cyber threat prevention.
Installation of up-to-date firewall is necessary for ensuring the rules of inbound which provide sufficient protection. Without firewalls every WLAN is considered to be insecure and can easily be accessible by a junior level hacker. THE COMPANY should limit its remotely access WLAN and can provide access to only those who needs it. The credentials for remotely access the WLAN should not be shared with anyone and everyone must have a unique password and username.
Intranet
Internal machines connected through the VPNs to the external WLAN can be considered somewhat in terms of security risk as internal WLAN of this company is connected to the internet with very less security controls. The webserver can be accessed from both outside and inside the WLAN so it can be used for creating a gateway of attack and can also compromised other machines of internal WLAN. The worst scenario of web server is that it can allow the user to modify or upload the data which is hosted on the webserver at some point. So for the instance hacker can insert malicious data into the content of webserver such as links to the code of exploitation and then can be automatically or transparently accessed by any users through browsing the web server.
Solution of Web Servers
In order to prevent the webserver of the company from any vulnerabilities it is necessary to identify the flow of WLAN regarding request. If one can get the information regarding the flow of regular WLAN which the server is supposed to send or receive, then he can check and allow the request or content while the other flow or traffic would be prevented to enter with the help of an effective firewall. It is considered to be the measure of WLAN isolation which can decrease the threats of malware spread or any intrusion which can get deeper. It should also be ensured that there must be no way for directly requesting the web servers and through by passing the filtering layers of security and the users should not have any possibility for directly utilizing the LAN. Another efficient way to overcome such vulnerabilities is to deploy the detection system of WLAN intrusion which can block or detect the malicious requests of WLAN. In this scenario MAPP is the best option which is also considered to be the official partner of Microsoft. Deployment of Firewall of Web Application as a webserver front end can play an important role in overcoming the vulnerabilities of the server. It will allow to strengthen the control of requests and also to tighten the filter for matching the specifications of the web applications. ModSecurity can be best solution for this vulnerability. URLscan can also be helpful in this regard for securing the data inputs, URL, and the protection against the injection of code.
Cloud Computing Policies
Cloud computing has become the technological turning point that is rapidly taking the business and economic domains to the new levels of global consumerism and connectivity. As the selection and transitioning of the Cloud Computing is expanding with the time, the consumers are also reporting a few issues and breaches over the cloud computing environment. In addition, these issues are generally legal and architectural loopholes and vulnerabilities that are debilitating the future and the security of the consumers, suppliers and the cloud computing services as well (Carlin & Curran, 2011). There is a genuine need to take measures against these issues to make the cloud computing more effective and reliable wellspring of showcasing and business (Carlin & Curran, 2011).
The major contributors of the internet business and the cloud computing service providers have made their own policies to handle these issues; however, the principle issues still hold on the cloud environment. Keeping in mind the end goal to handle these issues there is a prompt need to frame the law under the federal government that must be actualized for all the cloud computing concerned authorities (Carlin & Curran, 2011). Any company, client or supplier conflicting with this law ought to be held culpable and liable to keep the spirit of the cloud computing intact and thriving.
Gartner, being the market leader has composed certain policies and regulations (Heiser & Nicolett, 2008) as a startup for the need of comparative laws and legislation. Till now there are no proper federal laws, legislations or procedures for controlling the misuse or abuse of the cloud computing environment.
Gartner, that has also established the Global IT Council (Heiser & Nicolett, 2008), as a collaborative platform between the cloud service providers and consumers by defining six rights and one responsibility for the cloud computing consumers (Heiser & Nicolett, 2008). Following are the procedures defined by Gartner for the foundation of Cloud Computing Legislature:
Right to retain the ownership
This policy clarifies that the consumer must withhold the ownership and the rights of their own data and their intellectual property.
Right to Service Level Agreements
The cloud consumers must indicate their philosophy of the remediation or the recuperation of the data exploitation.
Right to know of warnings and changes that may influence the consumer
Right to know about the technical framework and the requirements
The cloud service suppliers must clarify their technical framework and the requirements completely to their clients with the goal that they may not confront any legal issues later on furthermore let the consumer arrangement out his work on the premise of these technical clarifications.
Right to know about the legal architecture over which the Cloud Supplier Operates
The consumer must research about the legal infrastructure over which the cloud supplier is processing. This important to know how secure your business with the respective supplier is.
Right to Know of the Security Measures
The supplier of the cloud service must let its client know about the measures and their methodologies they have detailed to keep the security of the client's business over the cloud intact.
Responsibility to Understand the Software License Requirements
The consumers must comprehend the requirements to accomplish the legal rights of any software or adware that they might requirement for their business or comparative use.
Similarly, the Microsoft (Martin, 2010) have also started forcing the federal government and the congress to figure the legislation for the broad utilization of the cloud computing services. The Microsoft has stressed for this stride remembering the colossal blow in the utilization of the cloud service by a large portion of the business holders (Martin, 2010). The legislation must give complete assurance to the consumer and in addition figure the regulations in a manner that the dangers to the service might decrease to the base level and make this cloud service a productive and efficient. (Martin, 2010).
Cloud Computing Security Features
Each time a breach or security exploitation happens, data is lost due to hacker’s incident or intrudes, and the inquiry emerges about who ought to be considered responsible for this carelessness or the misfortune. The cloud consumers are frequently left all alone and bear the misfortune without any compensation. As a prompt thought, the respective issue can be resolved by planning associations alongside the IT technicians for redoing their architectures, domains and brain frames according to the requirements of the Cloud Computing. At exactly that point the transition from the traditional to cloud computing will be a smooth and attractive one.
Risk Assessment and Recommendations for WLAN Security
Perimeter Security
The most astounding need defenselessness to address on the company WLAN is the absence of edge security. At present, the whole internal WLAN depends on the insurance offered by the two fringe switches. Switches alone channel through some traffic yet are unequipped for properly securing the whole WLAN. With the ongoing spike in rush hour gridlock coming into the WLAN, there is no chance to get for the switches to channel through every last bit of it. This implies there could be noxious users utilizing the WLAN at the present time. The company WLAN requires a firewall to be set before the switches that have direct contact with the untrusted network. These firewalls equipped for sifting through all usage and deny possibly destructive usage from utilizing the WLAN. Without protection components set up on the edge of the company WLAN, it would not be troublesome for a malevolent user to access the WLAN and every one of that data put away there. This recommendation requires the buy of two firewalls and would cost roughly ten thousand dollars for two endeavor level firewalls. For a propelled dimension of assurance, a mark based Intrusion Detection Systems (IDS)should be actualized. IDS frameworks screen WLAN exercises and produce reports that IT work force can break down and use to all the more likely protect the WLAN. The IDS components combined with the firewalls will check all outbound and inbound usage. An IDS fit for securing the whole WLAN can be bought for roughly ten thousand dollars.
The current VPN utilized is unencrypted. To moderate this and guarantee usage being transmitted from site to site isn't intercepted IPSec will be utilized. IPSec guarantees data confidentiality and integrity while in course starting with one area then onto the next.
Linking business objectives with security
In order to succeed and develop properly, the SMEs must link and bind their organizational and business objectives with the security measures (Piazza, 2013). It is the responsibility of the managers and in accordance to the modern objectives of technologists as “primarily technologists predominantly focused on keeping bad people out. Now we see them as significant protectors of the brand, leaders of risk management for the organization, at least within IT, as well as a significant part in most organizations’ compliance with regulations” (Piazza, 2013). This is important because the major and most valuable asset for SMEs is their information and data that is also responsible for building their market reputation and help them expand by competing with market giants (Piazza, 2013). Therefore, their ultimate goal is to keep security on top of their organizational objectives. Later, all of the objectives and goals must ensure proper information security, otherwise, they can land in severe trouble and challenges that may involve legal issues, information theft, and reputation put at stake, etc. (Piazza, 2013)
Incident Response Management and Disaster Recovery
In the world of information security the incident response is a trait of companies, in which they primarily claim the guarantee of information sanctity and to control that feature of information the events that involve such transactions are deeply evaluated and a program is continuously detecting for any factor that can lead to breach in the information CITATION Ers05 \l 1033 (Ersatz, 2005). The managing of security in such technological events requires a complete form of incident management. This incident management specifically is designed for the understanding of the response of the company to those aspects and reduce the damaging made by due to that incidents CITATION Ers05 \l 1033 (Ersatz, 2005). There are two teams included in the incident management department of any company; among those one team is process team and the other is evaluating team that evaluates the impact of the damage. It is a major component of any company and is acting on daily basis by detecting the threats and vulnerabilities and this evaluation routine is setup on the basis of diversity found in company’s portfolio and its dependence on the external network to communicate and diversify through the usage of external networking CITATION Isa07 \l 1033 (Isaca, 2012). If the incident management program is sound then only the number of such issues happening can be reduced.
Mobile device security management
One of the characteristic features of SMEs is that they are small in scale but they are extensively interconnected with extensive use of networking technology and mobile gadgets such as smart phones, tablets, etc. This is to help them virtually connected rather than physically connected that needs much more financial investment (such as purchasing buildings, etc.). (IBM, 2013) This interconnection, however, is not safe and is extremely vulnerable against mobile security risks involving data breaches, loss of confidential data, eavesdropping, etc. Done by malicious attackers and even market competitors, such risks can lead to severe loss of reputation and can degrade the establishment of brand power (IBM, 2013). Therefore, it is important that SMEs must ensure and deploy proper Mobile Device Security Management. Mobile Device Security Management is formally defined as “Facilitating mobile device management remotely, including asset, software, configuration, and security management.” (Symantec, 2013)
Remote accessibility and mobility of the employees need to be controlled and managed through proper Mobile Device Security Management. Some of the measure and objectives that can be taken to ensure this security are proposed a very well-known Mobile Device security providing organization named Symantec that not only supports the management but also provides guidelines and roadmap for the security managers. According to Symantec.com following procedures are specified that can help in reducing the overall risk and exposure for the mobile devices: “Achieve real-time systems management including remote device reset; Mobile device manager gives IT the ability to have remote control of smartphones; Conduct over-the-air hardware, software and network inventory; Effective mobile software management, including software delivery and automated application repair; Create ad-hoc reports; Mobile device manager seamlessly integrates with Symantec security solutions, including file encryption, device lock and device wipe” (Symantec, 2013). These strategies and approaches can help the IT managers in minimizing the possibility of IT related vulnerabilities and risks.
Biometric security devices and their use
In order to control authorization and authenticity of the employees and officials that have access to the sensitive information, data and other confidential assets of the company. For this purpose, Biometric Security Devices can help in protecting the physical authorization and accessibility for the SMEs. In order to deploy Biometric security devices, it is important for the IT managers to create complete profile and documentations of the authorized employees (Jain, Hong & Pankanti, 2000). This can also involve certain ethical and legal issues. Yet it is one of the most secure and fool proof authorization methodology.
References
Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.
Grobauer, B., & Schreck, T. (2010, October). Towards incident handling in the cloud: challenges and approaches. In Proceedings of the 2010 ACM workshop on Cloud computing security workshop (pp. 77-86). ACM.
Munteanu, V. I., Edmonds, A., Bohnert, T. M., & Fortis, T. F. (2014, December). Cloud incident management, challenges, research directions, and architectural approach. In Proceedings of the 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing (pp. 786-791). IEEE Computer Society.
Wolthusen, S. D. (2009, September). Overcast: Forensic discovery in cloud environments. In IT Security Incident Management and IT Forensics, 2009. IMF'09. Fifth International Conference on (pp. 3-9). IEEE.
Gupta, R., Prasad, K. H., Luan, L., Rosu, D., & Ward, C. (2009, September). Multi-dimensional knowledge integration for efficient incident management in a services cloud. In Services Computing, 2009. SCC'09. IEEE International Conference on (pp. 57-64). IEEE.
Zhang, X., Wuwong, N., Li, H., & Zhang, X. (2010, June). Information security risk management framework for the cloud computing environments. In Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on (pp. 1328-1334). IEEE.
Sarkar, S., Mahindru, R., Hosn, R., Vogl, N. G., & Ramasamy, H. V. (2011, March). Automated Incident Management for a Platform-as-a-Service Cloud. In Hot-ICE.
Carlin, S., & Curran, K. (2011). Cloud computing security.
Heiser, J., & Nicolett, M. (2008). Assessing the security risks of cloud computing. Gartner Report.
Martin, T. D. (2010). Hey-You-Get off of My Cloud: Defining and Protecting the Metes and Bounds of Privacy, Security, and Property in Cloud Computing. J. Pat. & Trademark Off. Soc'y, 92, 283.
Anning, R. (2013). 10 steps to online security for SMEs. Economia.
B. Khoo, P. Harris, and S. Hartman. Information security governance of enterprise information systems: An approach to legislative compliant. International Journal of Management and Information Systems, 14(3):49–55, Third Quarter 2010.
Boon, O. C. (2010). The Need for Good Information Security Management in Small to Medium Size. Java.sg, 13.
Ersatz. (2005). Information Technology- Security techniques-Code of practice for ISM. SNV Schweizerische.
Fink, Steven (2002). Sticky Fingers: Managing the Global Risk of Economic Espionage. Chicago: Dearborn Trade. p. 368. ISBN 978-0-7931-4827-1.
IBM. 2013. Hosted mobile device security management. http://www-935.ibm.com/services/us/en/it-services/managed-security-services-cloud-computing-hosted-mobile-device-security-management.html
Isaca. (2012). Incident Management and Response. ISACA.
McAfee. 2013a. Mobile Security. http://www.mcafee.com/us/products/mobile-security/
McAfee. 2013b. Security Awareness Program Development & Training. http://www.mcafee.com/us/services/strategic-consulting/program-development/security-awareness-program-development-and-training.aspx
PRC. 2013. Workplace Privacy and Employee Monitoring. https://www.privacyrights.org/fs/fs7-work.htm
Siemons, F. (2012). Security for Small and Medium Enterprises. InfoSec Resources.
Symantec. 2013. Business Challenge: Mobile Device Management. http://www.symantec.com/mobile-device-management
T. Aura, P. Nikander, and J. Leiwo. Dos resistant authentication with client puzzles. In Proceedings of the Cambridge Security Protocols Workshop 2000, LNCS,, April 2000.
V. Dimopoulos, S. F. (2004). Approaches to IT Security in Small and Medium Enterprises. Research Gate, 9.
Piazza, Peter. (2013). Aligning Security With Business Objectives. http://www.securitymanagement.com/article/aligning-security-business-objectives
Gilad, Ben. "The Future of Competitive Intelligence: Contest for the Profession's Soul", Competitive Intelligence Magazine, 2008, 11(5), 22
Fuld, Leonard M., Competitor Intelligence: How to Get It, How to Use It. NY: Wiley, 1985.
Blenkhorn, D. and C.S. Fleisher. Competitive Intelligence and Global Business. Westport, CT: Praeger, 2005
Jain, A., Hong, L., & Pankanti, S. (2000). "Biometric Identification". Communications of the ACM, 43(2), p. 91-98. DOI 10.1145/328236.328110
Herman T. Tavani (2004). Ethics & Technology: Ethical Issues in an Age of Information and Communication Technology. New Jersey: John Wiley and Sons, Inc..
More Subjects
Join our mailing list
© All Rights Reserved 2024