Abstract: Security audit is an important aspect or feature to be considered in cloud service customer. It is basically a certification process to audit the controls that deliver the security requirements. Security audits are conducted by trained and qualified staffs that belong to an independent auditing organization. Security audits must be carried as a standard of security controls. Proper check to be made that the cloud user has a proper reporting and logging facilities with the customer's system and hence ensuring appropriate business and operational flow of data through cloud service. We propose a cloud-based secure auditing framework, which enables confided in power to safely store their mystery information on the semi-believed cloud specialist co-ops, and specifically share their mystery information with a wide scope of information recipient, to diminish the key administration intricacy for power proprietors and information collectors. Unique in relation to past cloud-based information framework, data proprietors transfer their mystery information into cloud utilizing static and dynamic evaluating plan. Another propelled determination is, if any information beneficiary needs individual record to download, the information collector will send the solicitation to the expert. The specialist proprietor has the Access Control. At the off probability, the businessman must impart the primary record to the knowledge collector, acknowledge statistics beneficiary solicitation. Once the acknowledgement for the records is over, the recipient downloads the first record and this record shifting time with date and downloading time with date are monitored by the inspector. In addition to deduplication concept, diminished cloud memory area using dynamic document distribution has been proposed.
Abstract: With the increasing dependence of countries on the
critical infrastructure, it increases their vulnerability. Big threat is
primarily in the human factor (personnel of the critical infrastructure)
and in terrorist attacks. It emphasizes the development of
methodology for searching of weak points and their subsequent
elimination. This article discusses methods for the analysis of safety
in the objects of critical infrastructure. It also contains proposal for
methodology for training employees of security services in the
objects of the critical infrastructure and developing scenarios of
attacks on selected objects of the critical infrastructure.
Abstract: The paper is focused on the application of the security
audit method on the selected objects of the critical infrastructure. The
emphasis is put on security audit method to find gaps in the critical
infrastructure security. The theoretical part describes objects of the
critical infrastructure. The practical part describes using of the
security audit method. The main emphasis was put on the protection
of the critical infrastructure in the Czech Republic.
Abstract: Insider abuse has recently been reported as one of
the more frequently occurring security incidents, suggesting that
more security is required for detecting and preventing unauthorised
financial transactions entered by authorised users. To address the
problem, and based on the observation that all authorised interbanking
financial transactions trigger or are triggered by other
transactions in a workflow, we have developed a security solution
based on a redefined understanding of an audit workflow. One audit
workflow where there is a log file containing the complete workflow
activity of financial transactions directly related to one financial
transaction (an electronic deal recorded at an e-trading system). The
new security solution contemplates any two parties interacting on
the basis of financial transactions recorded by their users in related
but distinct automated financial systems. In the new definition interorganizational
and intra-organization interactions can be described
in one unique audit trail. This concept expands the current ideas of
audit trails by adapting them to actual e-trading workflow activity, i.e.
intra-organizational and inter-organizational activity. With the above,
a security auditing service is designed to detect integrity drifts with
and between organizations in order to detect unauthorised financial
transactions entered by authorised users.