Rising concerns about the security of our data have made quantum cryptography a very active research field in recent years. Quantum cryptographic protocols promise everlasting security by exploiting distinctive quantum properties of nature. The most extensively implemented protocol is quantum key distribution (QKD), which enables secure communication between two users. The aim of this book is to introduce the reader to state-of-the-art QKD and illustrate its recent multi-user generalization: quantum conference key agreement. With its pedagogical approach that doesn't disdain going into details, the book enables the reader to join in cutting-edge research on quantum cryptography.

A complete and definitive guide to auditing the security of IT systems for managers, CIOs, controllers, and auditors

This up-to-date resource provides all the tools you need to perform practical security audits on the entire spectrum of a company’s IT platforms–from the mainframe to the individual PC–as well as the networks that connect them to each other and to the global marketplace. Auditing and Security: AS/400, NT, Unix, Networks, and Disaster Recovery Plans is the first book on IT security written specifically for the auditor, detailing what controls are necessary to ensure a secure system regardless of the specific hardware, software, or architecture a company runs. The author uses helpful checklists and diagrams and a practical, rather than theoretical, method to understanding and auditing a company’s IT security systems and their requirements. This comprehensive volume covers the full range of issues relating to security audits, including:

• Hardware and software
• Operating systems
• Network connections
• The cooperation of logical and physical security systems
• Disaster recovery planning

Emerging Cyber Threats and Cognitive Vulnerabilities identifies the critical role human behavior plays in cybersecurity and provides insights into how human decision-making can help address rising volumes of cyberthreats. The book examines the role of psychology in cybersecurity by addressing each actor involved in the process: hackers, targets, cybersecurity practitioners and the wider social context in which these groups operate. It applies psychological factors such as motivations, group processes and decision-making heuristics that may lead individuals to underestimate risk. The goal of this understanding is to more quickly identify threat and create early education and prevention strategies. This book covers a variety of topics and addresses different challenges in response to changes in the ways in to study various areas of decision-making, behavior, artificial intelligence, and human interaction in relation to cybersecurity.

In this book the author draws inspiration from Sun Tzu's Art of War, a work that explains conflict between nations, and he applies this to the computer security setting, examining how we should consider protecting information systems from accidents or malicious attacks. The author first briefly introduces Sun Tzu. Then each chapter in the book takes its inspiration from an original title in The Art of War, where the author offers a general introduction to the content and then describes its application in a cybersecurity setting. These chapters cover estimates; waging war; offensive strategy; how you prepare for an attack; energy; weaknesses and strengths; the variables that need consideration before embarking on a war; how infrastructure is related to the concept of ground; attack by fire or how skilled attackers hide behind noise; and employing secret agents. The book will be interesting for computer security researchers and professionals who would like some grounding in a security mindset.

The aim of the book is to create a bridge between two 'lands' that are usually kept separate: technical tools and legal rules should be bound together for moulding a special 'toolbox' to solve present and future issues. The volume is intended to contribute to this 'toolbox' in the area of software services, while addressing how to make legal studies work closely with engineers' and computer scientists' fields of expertise, who are increasingly involved in tangled choices on daily programming and software development. In this respect, law has not lost its importance and its own categories in the digital world, but as well as any social science needs to experience a new realistic approach amid technological development and individuals' fundamental rights and freedoms.

In the wake of fresh allegations that personal data of Facebook users have been illegally used to influence the outcome of the US general election and the Brexit vote, the debate over manipulation of social Big Data continues to gain more momentum. Cyber Influence and Cognitive Threats addresses various emerging challenges in response to cybersecurity, examining cognitive applications in decision-making, behaviour and basic human interaction. The book examines the role of psychology in cybersecurity by addressing each factor involved in the process: hackers, targets, cybersecurity practitioners, and the wider social context in which these groups operate. Cyber Influence and Cognitive Threats covers a variety of topics including information systems, psychology, sociology, human resources, leadership, strategy, innovation, law, finance and others.

This book analyzes the fundamental issues faced when blockchain technology is applied to real-life applications. These concerns, not only in the realm of computer science, are caused by the nature of technological design. Blockchain is considered the foundation of a wide range of flexible ecosystems; its technology is an excellent mixture of mathematics, cryptography, incentive mechanisms, economics, and pertinent regulations. The book provides an essential understanding of why such fundamental issues arise, by revising the underlying theories. Blockchain theory is thus presented in an easy-to-understand, useful manner. Also explained is the reason why blockchain is hard to adopt for real-life problems but is valuable as a foundation for flexible ecosystems. Included are directions for solving those problems and finding suitable areas for blockchain applications in the future. The authors of this work are experts from a wide range of backgrounds such as cryptography, distributed computing, computer science, trust, identity, regulation, and standardization. Their contributions collected here will appeal to all who are interested in blockchain and the elements surrounding it.

This book features peer reviewed contributions from across the disciplines on themes relating to protection of data and to privacy protection. The authors explore fundamental and legal questions, investigate case studies and consider concepts and tools such as privacy by design, the risks of surveillance and fostering trust. Readers may trace both technological and legal evolution as chapters examine current developments in ICT such as cloud computing and the Internet of Things. Written during the process of the fundamental revision of revision of EU data protection law (the 1995 Data Protection Directive), this volume is highly topical. Since the European Parliament has adopted the General Data Protection Regulation (Regulation 2016/679), which will apply from 25 May 2018, there are many details to be sorted out. This volume identifies and exemplifies key, contemporary issues. From fundamental rights and offline alternatives, through transparency requirements to health data breaches, the reader is provided with a rich and detailed picture, including some daring approaches to privacy and data protection. The book will inform and inspire all stakeholders. Researchers with an interest in the philosophy of law and philosophy of technology, in computers and society, and in European and International law will all find something of value in this stimulating and engaging work.

This book provides insights into smart ways of computer log data analysis, with the goal of spotting adversarial actions. It is organized into 3 major parts with a total of 8 chapters that include a detailed view on existing solutions, as well as novel techniques that go far beyond state of the art. The first part of this book motivates the entire topic and highlights major challenges, trends and design criteria for log data analysis approaches, and further surveys and compares the state of the art. The second part of this book introduces concepts that apply character-based, rather than token-based, approaches and thus work on a more fine-grained level. Furthermore, these solutions were designed for "online use", not only forensic analysis, but also process new log lines as they arrive in an efficient single pass manner. An advanced method for time series analysis aims at detecting changes in the overall behavior profile of an observed system and spotting trends and periodicities through log analysis. The third part of this book introduces the design of the AMiner, which is an advanced open source component for log data anomaly mining. The AMiner comes with several detectors to spot new events, new parameters, new correlations, new values and unknown value combinations and can run as stand-alone solution or as sensor with connection to a SIEM solution. More advanced detectors help to determines the characteristics of variable parts of log lines, specifically the properties of numerical and categorical fields. Detailed examples throughout this book allow the reader to better understand and apply the introduced techniques with open source software. Step-by-step instructions help to get familiar with the concepts and to better comprehend their inner mechanisms. A log test data set is available as free download and enables the reader to get the system up and running in no time. This book is designed for researchers working in the field of cyber security, and specifically system monitoring, anomaly detection and intrusion detection. The content of this book will be particularly useful for advanced-level students studying computer science, computer technology, and information systems. Forward-thinking practitioners, who would benefit from becoming familiar with the advanced anomaly detection methods, will also be interested in this book.

Big data is a field of research that is growing rapidly, and as the Covid-19 crisis has shown, health care is an area that could benefit greatly from its increased use and application. Big data, as derived partly from the internet of things and analysed according to specific algorithms, has a large and beneficial role to play in preventative medicine, in monitoring the health of specific groups, and in improving diagnostics. Big Data Analytics and Intelligence: A Perspective for Health Care focuses on various areas of health care, ranging from nutrition to cancer, and providing diverse perspectives on all of them. This book explores the entire life-cycle of big data, from information retrieval to analysis, and it shows how big data's applications can enhance, streamline and improve services for patients and health-care professionals. Each chapter focuses on a specific area of health care and how big data is applicable to it, with background and current examples provided.

This open access book aims to educate data space designers to understand what is required to create a successful data space. It explores cutting-edge theory, technologies, methodologies, and best practices for data spaces for both industrial and personal data and provides the reader with a basis for understanding the design, deployment, and future directions of data spaces. The book captures the early lessons and experience in creating data spaces. It arranges these contributions into three parts covering design, deployment, and future directions respectively. The first part explores the design space of data spaces. The single chapters detail the organisational design for data spaces, data platforms, data governance federated learning, personal data sharing, data marketplaces, and hybrid artificial intelligence for data spaces. The second part describes the use of data spaces within real-world deployments. Its chapters are co-authored with industry experts and include case studies of data spaces in sectors including industry 4.0, food safety, FinTech, health care, and energy. The third and final part details future directions for data spaces, including challenges and opportunities for common European data spaces and privacy-preserving techniques for trustworthy data sharing. The book is of interest to two primary audiences: first, researchers interested in data management and data sharing, and second, practitioners and industry experts engaged in data-driven systems where the sharing and exchange of data within an ecosystem are critical.

This book presents current trends that are dominating technology and society, including privacy, high performance computing in the cloud, networking and IoT, and bioinformatics. By providing chapters detailing accessible descriptions of the research frontiers in each of these domains, the reader is provided with a unique understanding of what is currently feasible. Readers are also given a vision of what these technologies can be expected to produce in the near future. The topics are covered comprehensively by experts in respective areas. Each section includes an overview that puts the research topics in perspective and integrates the sections into an overview of how technology is evolving. The book represents the proceedings of the International Symposium on Sensor Networks, Systems and Security, August 31 - September 2, 2017, Lakeland Florida.

Application vulnerabilities continue to top the list of cyber security concerns. While attackers and researchers continue to expose new application vulnerabilities, the most common application flaws are previous, rediscovered threats. For example, SQL injection and cross-site scripting (XSS) have appeared on the Open Web Application Security Project (OWASP) Top 10 list year after year over the past decade. This high volume of known application vulnerabilities suggests that many development teams do not have the security resources needed to address all potential security flaws and a clear shortage of qualified professionals with application security skills exists. Without action, this soft underbelly of business and governmental entities has and will continue to be exposed with serious consequences-data breaches, disrupted operations, lost business, brand damage, and regulatory fines. This is why it is essential for software professionals to stay current on the latest advances in software development and the new security threats they create. Recognized as one of the best application security tools available for professionals involved in software development, the Official (ISC)2 (R) Guide to the CSSLP (R) CBK (R), Second Edition, is both up-to-date and relevant, reflecting the latest developments in this ever-changing field and providing an intuitive approach to the CSSLP Common Body of Knowledge (CBK). It provides a robust and comprehensive study of the 8 domains of the CBK, covering everything from ensuring software security requirements are included in the software design phase to programming concepts that can effectively protect software from vulnerabilities to addressing issues pertaining to proper testing of software for security, and implementing industry standards and practices to provide a high level of assurance that the supply chain is secure-both up-stream. The book discusses the issues facing software professionals today, such as mobile app development, developing in the cloud, software supply chain risk management, and more. Numerous illustrated examples and practical exercises are included in this book to help the reader understand the concepts within the CBK and to enable them to apply these concepts in real-life situations. Endorsed by (ISC)2 and written and reviewed by CSSLPs and other (ISC)2 members, this book serves as an unrivaled study tool for the certification exam and an invaluable career reference. Earning your CSSLP is an esteemed achievement that validates your efforts in security leadership to help your organization build resilient software capable of combating the security threats of today and tomorrow.

This descriptive, practical guide explains how to build a commercially impactful, operationally effective and technically robust IoT ecosystem that takes advantage of the IoT revolution and drives business growth in the consumer IoT as well as industrial internet spaces. With this book, executives, business managers, developers and decision-makers are given the tools to make more informed decisions about IoT solution development, partner eco-system design, and the monetization of products and services. Security and privacy issues are also addressed. Readers will explore the design guidelines and technology choices required to build commercially viable IoT solutions, but also uncover the various monetization and business modeling for connected products.

This book proposes essential methods, models, and case studies for Sustainable Logistics and Production in Industry 4.0. In addition to identifying and discussing various challenges and future prospects, it also features numerous case studies and quantitative research from different sectors. The authors (which include academics and managers) present insightful tips on the technical, organizational and social aspects of implementing Sustainable Logistics and Production in Industry 4.0. In today's world, changes are coming faster and more unpredictably. Production is becoming more automated, computerized and complex. In short, Industry 4.0 is creating many new opportunities, but at the same time several new challenges. This book offers a valuable resource for all academics and practitioners who want to deepen their knowledge of Sustainable Logistics and Production in Industry 4.0.

In the world of e-commerce, security has quickly become of paramount importance. This unique book provides an in-depth understanding of basic security problems and relevant e-commerce solutions. From designing secure Web, e-commerce, and mobile commerce applications to securing internal networks to providing secure employee/user authentication, this cutting-edge book gives professionals the tools they need to solve their e-commerce security problems.

This book provides an advanced understanding of cyber threats as well as the risks companies are facing. It includes a detailed analysis of many technologies and approaches important to decreasing, mitigating or remediating those threats and risks. Cyber security technologies discussed in this book are futuristic and current. Advanced security topics such as secure remote work, data security, network security, application and device security, cloud security, and cyber risk and privacy are presented in this book. At the end of every chapter, an evaluation of the topic from a CISO's perspective is provided. This book also addresses quantum computing, artificial intelligence and machine learning for cyber security The opening chapters describe the power and danger of quantum computing, proposing two solutions for protection from probable quantum computer attacks: the tactical enhancement of existing algorithms to make them quantum-resistant, and the strategic implementation of quantum-safe algorithms and cryptosystems. The following chapters make the case for using supervised and unsupervised AI/ML to develop predictive, prescriptive, cognitive and auto-reactive threat detection, mitigation, and remediation capabilities against advanced attacks perpetrated by sophisticated threat actors, APT and polymorphic/metamorphic malware. CISOs must be concerned about current on-going sophisticated cyber-attacks, and can address them with advanced security measures. The latter half of this book discusses some current sophisticated cyber-attacks and available protective measures enabled by the advancement of cybersecurity capabilities in various IT domains. Chapters 6-10 discuss secure remote work; chapters 11-17, advanced data security paradigms; chapters 18-28, Network Security; chapters 29-35, application and device security; chapters 36-39, Cloud security; and chapters 40-46 organizational cyber risk measurement and event probability. Security and IT engineers, administrators and developers, CIOs, CTOs, CISOs, and CFOs will want to purchase this book. Risk personnel, CROs, IT and Security Auditors as well as security researchers and journalists will also find this useful.

The book serves as a connecting medium between various domains and Blockchain technology, discussing and embracing how Blockchain technology is transforming all the major sectors of the society. The book facilitates sharing of information, case studies, theoretical and practical knowledge required for Blockchain transformations in various sectors. The book covers different areas that provide the foundational knowledge and comprehensive information about the transformations by Blockchain technology in the fields of business, healthcare, finance, education, supply-chain, sustainability and governance. The book pertains to students, academics, researchers, professionals, and policy makers working in the area of Blockchain technology and related fields.

AAA (Authentication, Authorization, Accounting) describes a framework for intelligently controlling access to network resources, enforcing policies, and providing the information necessary to bill for services.

"AAA and Network Security for Mobile Access" is an invaluable guide to the AAA concepts and framework, including its protocols Diameter and Radius. The authors give an overview of established and emerging standards for the provision of secure network access for mobile users while providing the basic design concepts and motivations.

"AAA and Network Security for Mobile Access: " Covers trust, i.e., authentication and security key management for fixed and mobile users, and various approaches to trust establishment. Discusses public key infrastructures and provides practical tips on certificates management. Introduces Diameter, a state-of-the-art AAA protocol designed to meet today's reliability, security and robustness requirements, and examines Diameter-Mobile IP interactions. Explains RADIUS (Remote Authentication Dial-In User Services) and its latest extensions. Details EAP (Extensible Authentication Protocol) in-depth, giving a protocol overview, and covering EAP-XXX authentication methods as well as use of EAP in 802 networks. Describes IP mobility protocols including IP level mobility management, its security and optimizations, and latest IETF seamless mobility protocols. Includes a chapter describing the details of Mobile IP and AAA interaction, illustrating Diameter Mobile IP applications and the process used in CDMA2000. Contains a section on security and AAA issues to support roaming, discussing a variety of options for operator co-existence, including an overviewof Liberty Alliance.

This text will provide researchers in academia and industry, network security engineers, managers, developers and planners, as well as graduate students, with an accessible explanation of the standards fundamental to secure mobile access.

This book presents an overview of the latest smart transportation systems, IoV connectivity frameworks, issues of security and safety in VANETs, future developments in the IoV, technical solutions to address key challenges, and other related topics. A connected vehicle is a vehicle equipped with Internet access and wireless LAN, which allows the sharing of data through various devices, inside as well as outside the vehicle. The ad-hoc network of such vehicles, often referred to as VANET or the Internet of vehicles (IoV), is an application of IoT technology, and may be regarded as an integration of three types of networks: inter-vehicle, intra-vehicle, and vehicular mobile networks. VANET involves several varieties of vehicle connectivity mechanisms, including vehicle-to-infrastructure (V2I), vehicle-to-vehicle (V2V), vehicle-to-cloud (V2C), and vehicle-to-everything (V2X). According to one survey, it is expected that there will be approximately 380 million connected cars on the roads by 2020. IoV is an important aspect of the new vision for smart transportation. The book is divided into three parts: examining the evolution of IoV (basic concepts, principles, technologies, and architectures), connectivity of vehicles in the IoT (protocols, frameworks, and methodologies), connected vehicle environments and advanced topics in VANETs (security and safety issues, autonomous operations, machine learning, sensor technology, and AI). By providing scientific contributions and workable suggestions from researchers and practitioners in the areas of IoT, IoV, and security, this valuable reference aims to extend the body of existing knowledge.

This groundbreaking text examines the problem of user authentication from a completely new viewpoint. Rather than describing the requirements, technologies and implementation issues of designing point-of-entry authentication, the book introduces and investigates the technological requirements of implementing transparent user authentication - where authentication credentials are captured during a user's normal interaction with a system. This approach would transform user authentication from a binary point-of-entry decision to a continuous identity confidence measure. Topics and features: discusses the need for user authentication; reviews existing authentication approaches; introduces novel behavioural biometrics techniques; examines the wider system-specific issues with designing large-scale multimodal authentication systems; concludes with a look to the future of user authentication.

This textbook provides an introduction to digital forensics, a rapidly evolving field for solving crimes. Beginning with the basic concepts of computer forensics, each of the book's 21 chapters focuses on a particular forensic topic composed of two parts: background knowledge and hands-on experience through practice exercises. Each theoretical or background section concludes with a series of review questions, which are prepared to test students' understanding of the materials, while the practice exercises are intended to afford students the opportunity to apply the concepts introduced in the section on background knowledge. This experience-oriented textbook is meant to assist students in gaining a better understanding of digital forensics through hands-on practice in collecting and preserving digital evidence by completing various exercises. With 20 student-directed, inquiry-based practice exercises, students will better understand digital forensic concepts and learn digital forensic investigation techniques. This textbook is intended for upper undergraduate and graduate-level students who are taking digital-forensic related courses or working in digital forensics research. It can also be used by digital forensics practitioners, IT security analysts, and security engineers working in the IT security industry, particular IT professionals responsible for digital investigation and incident handling or researchers working in these related fields as a reference book.

This book features selected research papers presented at the International Conference on Evolutionary Computing and Mobile Sustainable Networks (ICECMSN 2020), held at the Sir M. Visvesvaraya Institute of Technology on 20-21 February 2020. Discussing advances in evolutionary computing technologies, including swarm intelligence algorithms and other evolutionary algorithm paradigms which are emerging as widely accepted descriptors for mobile sustainable networks virtualization, optimization and automation, this book is a valuable resource for researchers in the field of evolutionary computing and mobile sustainable networks.

This volume comprises the proceedings of ICITCS 2020. It aims to provide a snapshot of the latest issues encountered in IT convergence and security. The book explores how IT convergence and security is core to most current research, industrial and commercial activities. Topics covered in this volume include machine learning & deep learning, communication and signal processing, computer vision and applications, future network technology, artificial intelligence and robotics, software engineering and knowledge engineering, intelligent vehicular networking and applications, healthcare and wellness, web technology and applications, internet of things, and security & privacy. Through this volume, readers will gain an understanding of the current state-of-the-art information strategies and technologies in IT convergence and security. The book will be of use to researchers in academia, industry and other research institutes focusing on IT convergence and security.

In the modern world, natural disasters are becoming more commonplace, unmanned systems are becoming the norm, and terrorism and espionage are increasingly taking place online. All of these threats have made it necessary for governments and organizations to steel themselves against these threats in innovative ways. Developing Next-Generation Countermeasures for Homeland Security Threat Prevention provides relevant theoretical frameworks and empirical research outlining potential threats while exploring their appropriate countermeasures. This relevant publication takes a broad perspective, from network security, surveillance, reconnaissance, and physical security, all topics are considered with equal weight. Ideal for policy makers, IT professionals, engineers, NGO operators, and graduate students, this book provides an in-depth look into the threats facing modern society and the methods to avoid them.