This book presents high-quality research papers presented at the International Conference on Smart Computing and Cyber Security: Strategic Foresight, Security Challenges and Innovation (SMARTCYBER 2020) held during July 7-8, 2020, in the Department of Smart Computing, Kyungdong University, Global Campus, South Korea. The book includes selected works from academics and industrial experts in the field of computer science, information technology, and electronics and telecommunication. The content addresses challenges of cyber security.

Hash functions are the cryptographer's Swiss Army knife. Even though they play an integral part in today's cryptography, existing textbooks discuss hash functions only in passing and instead often put an emphasis on other primitives like encryption schemes. In this book the authors take a different approach and place hash functions at the center. The result is not only an introduction to the theory of hash functions and the random oracle model but a comprehensive introduction to modern cryptography. After motivating their unique approach, in the first chapter the authors introduce the concepts from computability theory, probability theory, information theory, complexity theory, and information-theoretic security that are required to understand the book content. In Part I they introduce the foundations of hash functions and modern cryptography. They cover a number of schemes, concepts, and proof techniques, including computational security, one-way functions, pseudorandomness and pseudorandom functions, game-based proofs, message authentication codes, encryption schemes, signature schemes, and collision-resistant (hash) functions. In Part II the authors explain the random oracle model, proof techniques used with random oracles, random oracle constructions, and examples of real-world random oracle schemes. They also address the limitations of random oracles and the random oracle controversy, the fact that uninstantiable schemes exist which are provably secure in the random oracle model but which become insecure with any real-world hash function. Finally in Part III the authors focus on constructions of hash functions. This includes a treatment of iterative hash functions and generic attacks against hash functions, constructions of hash functions based on block ciphers and number-theoretic assumptions, a discussion of privately keyed hash functions including a full security proof for HMAC, and a presentation of real-world hash functions. The text is supported with exercises, notes, references, and pointers to further reading, and it is a suitable textbook for undergraduate and graduate students, and researchers of cryptology and information security.

This pocket guide is an introduction to the EU's NIS Directive (Directive on security of network and information systems). It outlines the key requirements, details which digital service providers are within scope, and explains how the security objectives from ENISA's Technical Guidelines and international standards can help DSPs achieve compliance. This pocket guide is a primer for any DSP that needs to comply with the NIS Directive. The pocket guide helps DSPs: Gain insight into the NIS Directive and who is regulating it; Identify if they are within the scope of the Directive; Understand the key requirements; and Understand how guidance from international standards and ENISA can help them comply. Your essential guide to understanding the EU's NIS Directive - buy this book today and get the help and guidance you need.

This open access book presents selected papers from International Symposium on Mathematics, Quantum Theory, and Cryptography (MQC), which was held on September 25-27, 2019 in Fukuoka, Japan. The international symposium MQC addresses the mathematics and quantum theory underlying secure modeling of the post quantum cryptography including e.g. mathematical study of the light-matter interaction models as well as quantum computing. The security of the most widely used RSA cryptosystem is based on the difficulty of factoring large integers. However, in 1994 Shor proposed a quantum polynomial time algorithm for factoring integers, and the RSA cryptosystem is no longer secure in the quantum computing model. This vulnerability has prompted research into post-quantum cryptography using alternative mathematical problems that are secure in the era of quantum computers. In this regard, the National Institute of Standards and Technology (NIST) began to standardize post-quantum cryptography in 2016. This book is suitable for postgraduate students in mathematics and computer science, as well as for experts in industry working on post-quantum cryptography.

The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an "application" of the risk management process as well as the fundamental elements of control formulation within an applied context.

This book concentrates on a wide range of advances related to IT cybersecurity management. The topics covered in this book include, among others, management techniques in security, IT risk management, the impact of technologies and techniques on security management, regulatory techniques and issues, surveillance technologies, security policies, security for protocol management, location management, GOS management, resource management, channel management, and mobility management. The authors also discuss digital contents copyright protection, system security management, network security management, security management in network equipment, storage area networks (SAN) management, information security management, government security policy, web penetration testing, security operations, and vulnerabilities management. The authors introduce the concepts, techniques, methods, approaches and trends needed by cybersecurity management specialists and educators for keeping current their cybersecurity management knowledge. Further, they provide a glimpse of future directions where cybersecurity management techniques, policies, applications, and theories are headed. The book is a rich collection of carefully selected and reviewed manuscripts written by diverse cybersecurity management experts in the listed fields and edited by prominent cybersecurity management researchers and specialists.

This book focuses on reversible steganography and authentication via transform encoding, fully discussing in detail the reversibility computation of six transformation techniques: DFT, DCT, wavelets, Z, binomial and grouplet, as well as chaos-based authentication. The book also describes algorithmic approaches based on all transformations along with implementation details and results. Further topics include embedding and extraction into the spatial domain, tuning using GA-based approaches and embedding into imaginary coefficients of the Z domain. Featuring detailed algorithms for encryption and descriptions of all techniques, including embedding techniques for all transform-based steganographic processes, the book also explores the adjustment of pixel values after embedding and presents numerical examples of reversible computations. In the context of chaos-based authentication, it also describes testing the quality of generator is using Monobit, Serial and Poker tests. The book then outlines 15 test cases recommended by NIST fifteen test cases, along with their implementation on six evolutionary algorithms for neural cryptographic systems in the context of wireless computations - TPM, KSOMSCT, DHLPSCT, CHDLPSCT, CTHLPSCT and CGTHLPSCT - and verifies their satisfiability based on the implementations of these six techniques. Lastly it presents various metrics of image processing systems. This book is a valuable reference resource for research scholars, PG/UG students and practicing engineers

This book is for cybersecurity leaders across all industries and organizations. It is intended to bridge the gap between the data center and the board room. This book examines the multitude of communication challenges that CISOs are faced with every day and provides practical tools to identify your audience, tailor your message and master the art of communicating. Poor communication is one of the top reasons that CISOs fail in their roles. By taking the step to work on your communication and soft skills (the two go hand-in-hand), you will hopefully never join their ranks. This is not a "communication theory" book. It provides just enough practical skills and techniques for security leaders to get the job done. Learn fundamental communication skills and how to apply them to day-to-day challenges like communicating with your peers, your team, business leaders and the board of directors. Learn how to produce meaningful metrics and communicate before, during and after an incident. Regardless of your role in Tech, you will find something of value somewhere along the way in this book.

The rapid growth of Internet-based technology has led to the widespread use of computer networks such as Web search and email service. With this increased use, computer systems have inevitably become targets for attack. Once these attacks successfully explore the vulnerabilities of an information system, the confidential information in the system can be accessed and used by those attackers who are not authorized to access to the information. Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances details current trends and advances in information assurance and security, as well as explores emerging applications. The book aims to provides the readers with an opportunity to build a strong, fundamental understanding of theory and methods and, thus, to find solutions for many of today s most interesting and challenging problems regarding information assurance and security.

This new book establishes a comprehensive framework for network security design, unifying the many concepts and aspects of network security and enabling all users to employ a common security foundation. It is presented from the perspective of fundamental principles underlying networking, network control algorithms and security. Using an accessible style and careful explanations, the principles and methodology address design concepts for current and future security concerns for networks. "Principles of Secure Network Systems Design" presents the topic in three basic parts. Part one covers the basic background of network security and the current scope for security in all types of networks and organizations. Part two focuses on the essential nature of network security and a scientific methodology for secure network design. Lastly, part three discusses concrete applications of the design concepts with real world networks, using three comprehensive case studies oriented around ATM networks. Topics and Features: * Holistic view of network security design, going beyond cryptographic issues * Comprehensive framework for a scientific basis of network security design * Integrated view of network security with networks¿ operational and management processes * Extensive case study through modeling & large-scale distributed simulation of ATM network * New approach to both security attack detection and strengthening networks against security attacks and vulnerabilities The book is an essential and practical resource for all professionals, policy makers, practitioners, and advanced students in networking, information systems, computer engineering & science, communications engineering, network design, and security consultants seeking a comprehensive framework for secure network systems design. It is also suitable for self-study purposes by professionals, as well as for advanced course use in network security.

This comprehensive book is primarily intended for researchers, engineers, mathematicians and computer security specialists who are interested in multimedia security, steganography, encryption, and related research fields. It is also a valuable reference resource for postgraduate and senior undergraduate students who are studying multimedia, multimedia security, and information security, as well as for professionals in the IT industry.

This book explores the genesis of ransomware and how the parallel emergence of encryption technologies has elevated ransomware to become the most prodigious cyber threat that enterprises are confronting. It also investigates the driving forces behind what has been dubbed the 'ransomware revolution' after a series of major attacks beginning in 2013, and how the advent of cryptocurrencies provided the catalyst for the development and increased profitability of ransomware, sparking a phenomenal rise in the number and complexity of ransomware attacks. This book analyzes why the speed of technology adoption has been a fundamental factor in the continued success of financially motivated cybercrime, and how the ease of public access to advanced encryption techniques has allowed malicious actors to continue to operate with increased anonymity across the internet. This anonymity has enabled increased collaboration between attackers, which has aided the development of new ransomware attacks, and led to an increasing level of technical complexity in ransomware attacks. This book highlights that the continuous expansion and early adoption of emerging technologies may be beyond the capacity of conventional risk managers and risk management frameworks. Researchers and advanced level students studying or working in computer science, business or criminology will find this book useful as a reference or secondary text. Professionals working in cybersecurity, cryptography, information technology, financial crime (and other related topics) will also welcome this book as a reference.

This pocket guide is a primer for any OES (operators of essential services) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them. An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law. This guide outlines the requirements for operators of essential services based on the Cyber Assessment Framework established by the National Cyber Security Centre (NCSC), including an explanation of the objectives, principles and indicators of good practice, and offers implementation guidance. This guide will help you: Understand how to comply with NIS Regulations, and avoid penalties associated with non-compliance Unravel the key definitions, authorities and points of contact Learn the benefits of a good Cyber Resilience plan Interpret and ensure compliance with the Cyber Assessment Framework Establish the NCSC's cyber security objectives, principles and indicators of good practice Your essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need.

This book constitutes the refereed proceedings of the 13th IFIP WG 11.8 World Conference on Information Security Education, WISE 13, held in Maribor, Slovenia, in September 2020. The conference was held virtually due to the COVID-19 pandemic. The 13 full papers presented were carefully reviewed and selected from 28 submissions. The papers are organized in the following topical sections: teaching methods and tools; cybersecurity knowledge within the organization; and teaching of detection and forensics.

This book consists of refereed selected papers from the International Conference on Security & Privacy - ICSP 2020. The book is focused on the state-of-the-art developments of network security, secure cryptographic protocols, post-quantum cryptography, quantum cryptography, block-chain and cryptocurrency, IoT security and privacy, cloud security, machine learning in cybersecurity, and other disciplines related to security and privacy. In this book, a wide variety of basic security primitives are discussed along with recent developments in some advanced topics like functional encryption, two-party/multi-party computation, bitcoin, cryptocurrency, and post-quantum security.

This book sets the stage of the evolution of corporate governance, laws and regulations, other forms of governance, and the interaction between data governance and other corporate governance sub-disciplines. Given the continuously evolving and complex regulatory landscape and the growing number of laws and regulations, compliance is a widely discussed issue in the field of data. This book considers the cost of non-compliance bringing in examples from different industries of instances in which companies failed to comply with rules, regulations, and other legal obligations, and goes on to explain how data governance helps in avoiding such pitfalls. The first in a three-volume series on data governance, this book does not assume any prior or specialist knowledge in data governance and will be highly beneficial for IT, management and law students, academics, information management and business professionals, and researchers to enhance their knowledge and get guidance in managing their own data governance projects from a governance and compliance perspective.

This book discusses the current research concerning public key cryptosystems. It begins with an introduction to the basic concepts of multivariate cryptography and the history of this field. The authors provide a detailed description and security analysis of the most important multivariate public key schemes, including the four multivariate signature schemes participating as second round candidates in the NIST standardization process for post-quantum cryptosystems. Furthermore, this book covers the Simple Matrix encryption scheme, which is currently the most promising multivariate public key encryption scheme. This book also covers the current state of security analysis methods for Multivariate Public Key Cryptosystems including the algorithms and theory of solving systems of multivariate polynomial equations over finite fields. Through the book's website, interested readers can find source code to the algorithms handled in this book. In 1994, Dr. Peter Shor from Bell Laboratories proposed a quantum algorithm solving the Integer Factorization and the Discrete Logarithm problem in polynomial time, thus making all of the currently used public key cryptosystems, such as RSA and ECC insecure. Therefore, there is an urgent need for alternative public key schemes which are resistant against quantum computer attacks. Researchers worldwide, as well as companies and governmental organizations have put a tremendous effort into the development of post-quantum public key cryptosystems to meet this challenge. One of the most promising candidates for this are Multivariate Public Key Cryptosystems (MPKCs). The public key of an MPKC is a set of multivariate polynomials over a small finite field. Especially for digital signatures, numerous well-studied multivariate schemes offering very short signatures and high efficiency exist. The fact that these schemes work over small finite fields, makes them suitable not only for interconnected computer systems, but also for small devices with limited resources, which are used in ubiquitous computing. This book gives a systematic introduction into the field of Multivariate Public Key Cryptosystems (MPKC), and presents the most promising multivariate schemes for digital signatures and encryption. Although, this book was written more from a computational perspective, the authors try to provide the necessary mathematical background. Therefore, this book is suitable for a broad audience. This would include researchers working in either computer science or mathematics interested in this exciting new field, or as a secondary textbook for a course in MPKC suitable for beginning graduate students in mathematics or computer science. Information security experts in industry, computer scientists and mathematicians would also find this book valuable as a guide for understanding the basic mathematical structures necessary to implement multivariate cryptosystems for practical applications.

This book constitutes the thoroughly refereed post-conference proceedings of the 4th International Conference on Computing and Network Communications (CoCoNet'20), October 14-17, 2020, Chennai, India. The papers presented were carefully reviewed and selected from several initial submissions. The papers are organized in topical sections on Signal, Image and Speech Processing, Wireless and Mobile Communication, Internet of Things, Cloud and Edge Computing, Distributed Systems, Machine Intelligence, Data Analytics, Cybersecurity, Artificial Intelligence and Cognitive Computing and Circuits and Systems. The book is directed to the researchers and scientists engaged in various fields of computing and network communication domains.

Attacks on information systems and applications have become more prevalent with new advances in technology. Management of security and quick threat identification have become imperative aspects of technological applications. Information Technology Risk Management and Compliance in Modern Organizations is a pivotal reference source featuring the latest scholarly research on the need for an effective chain of information management and clear principles of information technology governance. Including extensive coverage on a broad range of topics such as compliance programs, data leak prevention, and security architecture, this book is ideally designed for IT professionals, scholars, researchers, and academicians seeking current research on risk management and compliance.

This book is focused on the use of deep learning (DL) and artificial intelligence (AI) as tools to advance the fields of malware detection and analysis. The individual chapters of the book deal with a wide variety of state-of-the-art AI and DL techniques, which are applied to a number of challenging malware-related problems. DL and AI based approaches to malware detection and analysis are largely data driven and hence minimal expert domain knowledge of malware is needed. This book fills a gap between the emerging fields of DL/AI and malware analysis. It covers a broad range of modern and practical DL and AI techniques, including frameworks and development tools enabling the audience to innovate with cutting-edge research advancements in a multitude of malware (and closely related) use cases.

Understand how to protect your critical information infrastructure (CII). Billions of people use the services of critical infrastructure providers, such as ambulances, hospitals, and electricity and transport networks. This number is increasing rapidly, yet there appears to be little protection for many of these services. IT solutions have allowed organisations to increase their efficiency in order to be competitive. However, do we even know or realise what happens when IT solutions are not working - when they simply don't function at all or not in the way we expect? This book aims to teach the IT framework from within, allowing you to reduce dependence on IT systems and put in place the necessary processes and procedures to help protect your CII. Lessons Learned: Critical Information Infrastructure Protection is aimed at people who organise the protection of critical infrastructure, such as chief executive officers, business managers, risk managers, IT managers, information security managers, business continuity managers and civil servants. Most of the principles and recommendations described are also valid in organisations that are not critical infrastructure service providers. The book covers the following: - Lesson 1: Define critical infrastructure services. - Lesson 2: Describe the critical infrastructure service and determine its service level. - Lesson 3: Define the providers of critical infrastructure services. - Lesson 4: Identify the critical activities, resources and responsible persons needed to provide the critical infrastructure service. - Lesson 5: Analyse and identify the interdependencies of services and their reliance upon power supplies. - Lesson 6: Visualise critical infrastructure data. - Lesson 7: Identify important information systems and assess their importance. - Lesson 8: Identify and analyse the interconnections and dependencies of information systems. - Lesson 9: Focus on more critical services and prioritise your activities. - Lesson 10: Identify threats and vulnerabilities. - Lesson 11: Assess the impact of service disruptions. - Lesson 12: Assess the risks associated with the service and information system. - Lesson 13: Implement the necessary security measures. - Lesson 14: Create a functioning organisation to protect CII. - Lesson 15: Follow regulations to improve the cyber resilience of critical infrastructure services. - Lesson 16: Assess the security level of your information systems yourself and ask external experts to assess them as well. - Lesson 17: Scan networks yourself and ask external experts to scan them as well to find the systems that shouldn't be connected to the Internet but still are. - Lesson 18: Prepare business continuity and disaster recovery plans and test them at reasonable intervals. - Lesson 19: Establish reliable relations and maintain them. - Lesson 20: Share information and be a part of networks where information is shared. - Lesson 21: Train people to make sure they are aware of cyber threats and know the correct behaviour. - Lesson 22: If the CII protection system does not work as planned or give the desired output, make improvements. - Lesson 23: Be prepared to provide critical infrastructure services without IT systems. If possible, reduce dependence on IT systems. If possible, during a crisis, provide critical services at reduced functionality and/or in reduced volumes. Author Toomas Viira is a highly motivated, experienced and results-orientated cyber security risk manager and IT auditor. He has more than 20 years' experience in the IT and cyber security sectors.