research-article

Cybersecurity Standards in the Context of Operating System: Practical Aspects, Analysis, and Comparisons

Authors:

Syed Wasif Abbas Hamdani,

Abdul Rehman Janjua,

Waleed Bin Shahid,

Muhammad Faisal Amjad,

Jahanzaib Malik,

Malik Hamza Murtaza,

Mohammed Atiquzzaman,

Abdul Waheed KhanAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 54, Issue 3

Article No.: 57, Pages 1 - 36

https://doi.org/10.1145/3442480

Published: 08 May 2021 Publication History

Abstract

Cyber threats have been growing tremendously in recent years. There are significant advancements in the threat space that have led towards an essential need for the strengthening of digital infrastructure security. Better security can be achieved by fine-tuning system parameters to the best and optimized security levels. For the protection of infrastructure and information systems, several guidelines have been provided by well-known organizations in the form of cybersecurity standards. Since security vulnerabilities incur a very high degree of financial, reputational, informational, and organizational security compromise, it is imperative that a baseline for standard compliance be established. The selection of security standards and extracting requirements from those standards in an organizational context is a tedious task. This article presents a detailed literature review, a comprehensive analysis of various cybersecurity standards, and statistics of cyber-attacks related to operating systems (OS). In addition to that, an explicit comparison between the frameworks, tools, and software available for OS compliance testing is provided. An in-depth analysis of the most common software solutions ensuring compliance with certain cybersecurity standards is also presented. Finally, based on the cybersecurity standards under consideration, a comprehensive set of minimum requirements is proposed for OS hardening and a few open research challenges are discussed.

References

[1]

Tom Huddleston Jr. Staples: Breach May Have Affected 1.16 Million Customers’ Cards. 2014. Retrieved from https://fortune.com/2014/12/19/staples-cards-affected-breach/.

[2]

Rajesh Kumar Goutam. 2015. Importance of cyber security. Int. J. Comput. Applic. 111, 7 (2015).

[3]

Yaniv Harel, Irad Ben Gal, and Yuval Elovici. 2017. Cyber security and the role of intelligent systems in addressing its challenges. ACM Trans. Intell. Syst. Technol. 8, 4, Article 49 (May 2017), 12 pages.

Digital Library

[4]

Jason Andress. 2014. The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice. Syngress.

[5]

Georgie Pender-Bey. 2016. The Parkerian hexad: The CIA expanded. Žiūrėta 5 (2016), 15.

[6]

Y. Yang, Tim Littler, Sakir Sezer, Kieran McLaughlin, and H. F. Wang. 2011. Impact of cyber-security issues on smart grid. In Proceedings of the 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies. IEEE, 1--7.

[7]

John Blackburn and Gary Waters. 2011. Optimising Australia’s Response to the Cyber Challenge. Kokoda Foundation.

[8]

Louise Bennett. 2012. Cyber security strategy. ITNow 54, 1 (2012), 10--11.

[9]

Microsoft. Microsoft Security Compliance Manager (SCM). 2013.

[10]

Nuno Teodoro, Luís Gonçalves, and Carlos Serrão. 2015. NIST CyberSecurity framework compliance: A generic model for dynamic assessment and predictive requirements. In Proceedings of the IEEE Trustcom/BigDataSE/ISPA, Vol. 1. IEEE, 418--425.

Digital Library

[11]

Craig N. Murphy and JoAnne Yates. 2009. The International Organization for Standardization (ISO): Global Governance through Voluntary Consensus. Routledge.

[12]

Peter Mell and Tim Grance. 2011. Definition of Cloud Computing--US Department of Commerce. Special Publication 800, 145 (2011). NIST, National Institute of Standards and Technology.

[13]

CIS. Center for Internet Security(CIS). 2000. Retrieved from https://www.cisecurity.org/.

[14]

ISACA. Information Technology-Information Security—Information Assurance (ISACA). 1994. Retrieved from https://www.isaca.org/pages/default.aspx.

[15]

ISACA, Information Systems Audit, and Control Association. 2011. IT Control Objectives for Cloud Computing: Controls and Assurance in the Cloud. ISACA.

[16]

ISF. Information Security Forum (ISF). 1989. Retrieved from https://www.securityforum.org/.

[17]

ITU. International Telecommunication Union (ITU). 1865. Retrieved from https://www.itu.int/en/Pages/default.aspx.

[18]

M.-O. Beau. 2010. lnternational Telecommunication Union.

[19]

ETSI. The European Telecommunications Standards Institute (ETSI). 1988. Retrieved from https://www.etsi.org/.

[20]

X12. X12, Charted by the American National Standards Institute. 1979. Retrieved from http://www.x12.org/.

[21]

Sharon Cline McKay and Charles J. Piazza Jr. 1992. EDI and X12: What, why, who? Ser. Rev. 18, 4 (1992), 7--10.

[22]

ITIL. Information Technology Infrastructure Library (ITIL) Guide. 2003. Retrieved from https://www.ibm.com/cloud/learn/it-infrastructure-library.

[23]

T. D. Dabade. 2012. Information technology infrastructure library (ITIL). In Proceedings of the 4th National Conference. 25--26.

[24]

IEEE. Institute of Electrical and Electronics Engineers (IEEE). 1963. Retrieved from https://www.ieee.org/.

[25]

PROPOSED AMENDMENTS TO. 2007. Institute of Electrical and Electronics Engineers (IEEE). (2007).

[26]

PCI Security Standards Council. Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards. 2006. Retrieved from https://www.pcisecuritystandards.org/.

[27]

IETF. Internet Engineering Task Force (IETF). 1986. Retrieved from https://www.ietf.org/.

[28]

Paul Hoffman and Susan Harris. 2006. The Tao of IETF—A Novice's Guide to the Internet Engineering Task Force. Technical Report, The Internet Society (ISOC).

[29]

OWASP Foundation. Open Web Application Security Project (OWASP). 2004. Retrieved from https://www.owasp.org/index.php/Main_Page.

[30]

ILTA. International Legal Technology Association (ILTA). 1980. Retrieved from https://www.iltanet.org/home?ssopc=1.

[31]

CC. Common Criteria: New CC Portal. 1994. Retrieved from https://www.commoncriteriaportal.org/.

[32]

Alexander Fekete. 2011. Common criteria for the assessment of critical infrastructures. Int. J. Dis. Risk Sci. 2, 1 (2011), 15--24.

[33]

OASIS-Group. Advancing Open Standards for the Information Socitey (OASIS). 1993. Retrieved from https://www.oasis-open.org/.

[34]

Abbie Barbir and OASIS Diplomat. 2015. Organization for the Advancement of Structured Information Standards (OASIS). https://www.itu.int/dms_pub/itu-t/oth/15/07/T15070000060001PDFE.pdf.

[35]

Aysha K. Alharam and Wael El-Madany. 2017. The effects of cyber-security on healthcare industry. In Proceedings of the 9th IEEE-GCC Conference and Exhibition (GCCCE’17). IEEE, 1--9.

[36]

Hai Tao, Md Zakirul Alam Bhuiyan, Jing Wang, Tian Wang, D. Frank Hsu, Penghui Liu, Sinan Q. Salih, Jie Wu, and Yafeng Li. 2020. DependData: Data collection dependability through three-layer decision-making in BSNs for healthcare monitoring. Information Fusion 62 (2020), 32--46.

[37]

Chien-Ding Lee, Kevin I.-J. Ho, and Wei-Bin Lee. 2011. A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 15, 4 (2011), 550--556.

Digital Library

[38]

D. Lyon. 2017. Making trade-offs for safe, effective, and secure patient care. J. Diabetes Sci. Technol. 11 (2017), 446--464.

[39]

Entao Luo, Md Zakirul Alam Bhuiyan, Guojun Wang, Md Arafatur Rahman, Jie Wu, and Mohammed Atiquzzaman. 2018. Privacyprotector: Privacy-protected patient data collection in IoT-based healthcare systems. IEEE Commun. Mag. 56, 2 (2018), 163--168.

Digital Library

[40]

FFIEC-IT Handbook. 2016. Retrieved from https://www.ffiec.gov/.

[41]

Sam Adam Elnagdy, Meikang Qiu, and Keke Gai. 2016. Understanding taxonomy of cyber risks for cybersecurity insurance of financial industry in cloud computing. In Proceedings of the IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud’16). IEEE, 295--300.

[42]

David W. Opderbeck. 2015. Cybersecurity, data breaches, and the economic loss doctrine in the payment card industry. Md. L. Rev. 75 (2015), 935.

[43]

The Cybersecurity Regulations Healthcare, Financial Services, and Retail Industries Must Know About. ([n. d.]). Retrieved from https://www.csoonline.com/article/3298962/the-cybersecurity-regulations-healthcare-financial-services-and-retail-industries-must-know-about.html.

[44]

Rhonda Chorney. 2016. Payment Card Industry Data Security Standards (PCI DSS). University of Manitoba. https://www.umanitoba.ca/admin/financial_services/media/PCI_DSS_Compliance_FinalNov_01_-_PDF.pdf.

[45]

Semi Yulianto, Charles Lim, and Benfano Soewito. 2016. Information security maturity model: A best practice driven approach to PCI DSS compliance. In Proceedings of the IEEE Region 10 Symposium (TENSYMP’16). IEEE, 65--70.

[46]

A. Barichella. 2018. Cybersecurity in the energy sector: A comparative analysis between Europe and the United States. Études de l'Ifri. 2018.

[47]

M. D. Smith and M. E. Pate-Cornell. 2018. Cyber risk analysis for a smart grid: How smart is smart enough? A multiarmed bandit approach to cyber security investment. IEEE Trans. Eng. Manag. 65, 3 (2018), 434--447.

[48]

K. Akkaya, M. H. Cintuglu, O. A. Mohammed, and A. S. Uluagac. 2017. A survey on smart grid cyber-physical system testbeds. IEEE Commun. Surv. Tutor. 19, 1 (2017), 446--464.

Digital Library

[49]

Sanjana Sharma. 2017. Cyber security for the defence industry. Cyber Sec. Rev. Retrieved from http://www.cybersecurity-review.com/industry-perspective/cybersecurity-for-the-defence-industry.

[50]

B. J. Murrill, E. C. Liu, and R. M. Thompson. 2012. Smart meter data: Privacy and cybersecurity. Congressional Research Service. CRS Report for Congress. https://ipmall.law.unh.edu/sites/default/files/hosted_resources/crs/R42338_120203.pdf.

[51]

World Economic Forum. 2018. The Global Risks Report 2018. Technical Report. Retrieved from http://www3.weforum.org/docs/WEF.

[52]

British Airways, Latest information | Data theft | British Airways. 2018. Retrieved from https://www.britishairways.com/en-gb/information/incident/data-theft/latest-information.

[53]

MyFitnessPal, MyFitnessPal Security Information FAQ. 2018. Retrieved from https://content.myfitnesspal.com/security-information/FAQ.html.

[54]

Ticketfly, Ticketfly cyber incident information. 2018. Retrieved from https://support.ticketfly.com/s/article/41507.

[55]

MyHeritage, MyHeritage Statement About a Cybersecurity Incident - MyHeritage Blog. 2018. Retrieved from https://blog.myheritage.com/2018/06/myheritage-statement-about-a-cybersecurity-incident/.

[56]

Steve Morgan. 2017. Cyber security Ventures, Cybercrime Report, Herjavec Group. Retrieved from https://cybersecurityventures.com/2015-wp/wp-content/uploads/2017/10/2017-Cybercrime-Report.pdf.

[57]

B. Kaspersky Levine. 2017. The state of industrial Cybersecurity 2017. ScientistJune (2017), 38--42. Retrieved from https://go.kaspersky.com/rs/802-IJN-240/images/ICSWHITEPAPER.pdf.

[58]

O. H. Alhazmi, Y. K. Malaiya, and I. Ray. 2004. Vulnerabilities in Major Operating Systems. Colorado State University. Technical Report.

[59]

AV Test. 2018. AV-Test 2017-18. (2018), 1--13.

[60]

AV-TEST, GmbH. 2018. Security report 2017/18. Tech. Report, The Independent-IT Security Institute. Retrieved from https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2017-2018.pdf.

[61]

CVE MITRE Corporation. 2008. Microsoft Windows 95: CVE Security Vulnerabilities, Versions and Detailed Reports. Retrieved from https://www.cvedetails.com/product/112/Microsoft-Windows-95.html?vendor.

[62]

ZDNet CBS Interactive. Cybersecurity is Broken: Here’s How We Start to Fix it | ZDNet. 2019. Retrieved from https://www.zdnet.com/article/cybersecurity-is-broken-heres-how-we-start-to-fix-it/.

[63]

The SSL Store. 70% of US Employees Don’t Know Privacy and Security Best Practices. 2017. Retrieved from https://www.thesslstore.com/blog/report-70-us-employees-lack-strong-knowledge-privacy-security-best-practices/.

[64]

ImmuniWeb. Abandoned Web Applications: Achilles’ Heel of FT 500 Companies | ImmuniWeb Security Blog. 2018. Retrieved from https://www.immuniweb.com/blog/FT500-application-security.html.

[65]

Verizon.2018. Payment security compliance drops for the first time in six years. https://www.bloomberg.com/press-releases/2018-09-25/payment-security-compliance-drops-for-the-first-time-in-six-years-states-verizons-2018-payment-security-report.

[66]

Troy Hunt. Why No HTTPS? The World’s Most Popular Websites Loaded Insecurely. 2020. Retrieved from https://whynohttps.com/.

[67]

TechRepublic. 93% of Companies Have Password Rules, But It May Not Protect Them from Data Breaches - TechRepublic. 2017. Retrieved from https://www.techrepublic.com/article/93-of-companies-have-password-rules-but-it-may-not-protect-them-from-data-breaches/.

[68]

BulletProof. 2019. Bulletproof annual cyber security report. https://www.bulletproof.co.uk/industryreports/2019.pdf.

[69]

Cisco. 2018. Cyber security and insurance. Retrieved from https://www.cisco.com/c/en/us/solutions/security/cyber-insurance/index.html.

[70]

NationWide. Small Business Disaster Recovery Survey Results. 2017. Retrieved from https://blog.nationwide.com/news/disaster-recovery-plan-study-results/.

[71]

Ncipher and P. Institute. 2018. Global encryption trends study. https://go.ncipher.com/rs/104-QOX-775/images/2018-nCipher-Ponemon-Global-Encryption-Trends-Study-es.pdf.

[72]

B. U. States. 2018. Bdo cyber governance survey. Retrieved from https://www.bdo.com/insights/assurance/corporate-governance/2018-bdo-cyber-governance-survey-board-perspecti.

[73]

PR Newswire. Cybersecurity Market Worth Over $300bn by 2024: Global Market Insights, Inc. 2019. Retrieved from https://www.prnewswire.com/news-releases/cybersecurity-market-worth-over-300bn-by-2024-global-market-insights-inc--863930577.html.

[74]

The SSL Store. 2018 Cybercrime Statistics: A Closer Look at the “Web of Profit.” 2018. Retrieved from https://www.thesslstore.com/blog/2018-cybercrime-statistics/.

[75]

HIMSS North America. 2016. 2016 HIMSS cybersecurity survey. Retrieved from http://www.himss.org/library/2016-himss-cybersecurity-survey.

[76]

Nuno Teodoro, Luís Gonçalves, and Carlos Serrão. 2015. NIST cybersecurity framework compliance: A generic model for dynamic assessment and predictive requirements. In Proceedings of the IEEE Trustcom/BigDataSE/ISPA, Vol. 1. IEEE, 418--425.

Digital Library

[77]

Carlo Di Giulio, Read Sprabery, Charles Kamhoua, Kevin Kwiat, Roy Campbell, and Masooda N. Bashir. 2017. IT security and privacy standards in comparison: Improving FedRAMP authorization for cloud service providers. In Proceedings of the 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID’17). IEEE, 1090--1099.

[78]

Bob Duncan and Mark Whittington. 2014. Compliance with standards, assurance and audit: Does this equal security? In Proceedings of the 7th International Conference on Security of Information and Networks. ACM, 77.

Digital Library

[79]

Krerk Piromsopa, Tomas Klima, and Lukas Pavlik. 2017. Designing model for calculating the amount of cyber risk insurance. In Proceedings of the 4th International Conference on Mathematics and Computers in Sciences and in Industry (MCSI’17). IEEE, 196--200.

[80]

César Pardo, Francisco J. Pino, Félix García, Mario Piattini, and Maria Teresa Baldassarre. 2012. An ontology for the harmonization of multiple standards and models. Comput. Stand. Interf. 34, 1 (2012), 48--59.

Digital Library

[81]

COBIT. Control Objectives for Information and Related Technology. 2019. Retrieved from http://www.isaca.org.

[82]

César Pardo, Francisco J. Pino, Félix García, Mario Piattini Velthius, and Maria Teresa Baldassarre. 2010. Trends in harmonization of multiple reference models. In Proceedings of the International Conference on Evaluation of Novel Approaches to Software Engineering. Springer, 61--73.

[83]

Daniel Mellado, Eduardo Fernández-Medina, and Mario Piattini. 2007. A common criteria based security requirements engineering process for the development of secure information systems. Comput. Stand. Interf. 29, 2 (2007), 244--253.

Digital Library

[84]

Shing-Han Li, David C. Yen, Shih-Chih Chen, Patrick S. Chen, Wen-Hui Lu, and Chien-Chuan Cho. 2015. Effects of virtualization on information security. Comput. Stand. Interf. 42 (2015), 1--8.

Digital Library

[85]

Mohammed Noraden Alsaleh, Ghaith Husari, and Ehab Al-Shaer. 2016. Optimizing the ROI of cyber risk mitigation. In Proceedings of the 12th International Conference on Network and Service Management (CNSM’16). IEEE, 223--227.

Digital Library

[86]

Scott J. Shackelford, Andrew A. Proia, Brenton Martell, and Amanda N. Craig. 2015. Toward a global cybersecurity standard of care: Exploring the implications of the 2014 NIST cybersecurity framework on shaping reasonable national and international cybersecurity practices. Texas Int. Law J. 50 (2015), 305.

[87]

Teodor Sommestad, Göran N. Ericsson, and Jakob Nordlander. 2010. SCADA system cyber security—A comparison of standards. In Proceedings of the IEEE PES General Meeting. IEEE, 1--8.

[88]

M. Azuwa, Rabiah Ahmad, Shahrin Sahib, and Solahuddin Shamsuddin. 2012. Technical security metrics model in compliance with ISO/IEC 27001 standard. Int. J. Cyber-Sec. Dig. Forens. 1, 4 (2012), 280--288.

[89]

Mohamed Saad Saleh, Abdullah Alrabiah, and Saad Haj Bakry. 2007. A STOPE model for the investigation of compliance with ISO 17799-2005. Inf. Manag. Comput. Sec. 15, 4 (2007), 283--294.

[90]

Sultan Almuhammadi and Majeed Alsaleh. 2017. Information security maturity model for nist cyber security framework. Comput. Sci. Inf. Technol. 51 (2017).

[91]

Lukasz Cyra and Janusz Gorski. 2011. SCF---A framework supporting achieving and assessing conformity with standards. Comput. Stand. Interf. 33, 1 (2011), 80--95.

Digital Library

[92]

M Azuwa, Rabiah Ahmad, Shahrin Sahib, and Solahuddin Shamsuddin. 2012. Technical security metrics model in compliance with ISO/IEC 27001 standard. Int. J. Cyber-Sec. Dig. Forens. 1, 4 (2012), 280--288.

[93]

National Institute of Standards and Technology. National Institute of Standards and Technology | NIST. 2019. Retrieved from https://www.nist.gov/.

[94]

NIST. Federal Information Processing Standards Publications (FIPS PUBS) | NIST. 2015. Retrieved from https://www.nist.gov/topics/federal-information-standards-fips.

[95]

International Organization for Standardization. ISO—International Organization for Standardization. 1947. Retrieved from https://www.iso.org/home.html.

[96]

International, Electrotechnical, and Commission. Welcome to the IEC - International Electrotechnical Commission. 1904. Retrieved from https://www.iec.ch/.

[97]

Edward Humphreys. 2016. Implementing the ISO/IEC 27001: 2013 ISMS Standard. Artech House.

[98]

Common Criteria. Common Criteria : New CC Portal. 2017. Retrieved from https://www.commoncriteriaportal.org/.

[99]

Acuity. Store | Acuity Risk Management. 2018. Retrieved from https://acuityrm.com/store/Personal-Editions.

[100]

Vigilant Software. VsRisk. 2019. Retrieved from https://www.vigilantsoftware.co.uk/topic/free-trial.

[101]

Microsoft. Download Microsoft Baseline Security Analyzer 2.1.1 (for IT Professionals) from Official Microsoft Download Center. 2015. Retrieved from https://www.microsoft.com/en-pk/download/details.aspx?id=19892.

[102]

Microsoft (MS). Download Microsoft Security Assessment Tool 4.0 from Official Microsoft Download Center. 2009. Retrieved from https://systemscenter.ru/scm.en/.

[103]

Belarc. Products: Belarc Advisor. 2010. Retrieved from https://www.belarc.com/products.

[104]

Michael Boelen. GitHub - CISOfy/lynis: Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with Compliance Testing (HIPAA/ISO27001/PCI DSS) and System Hardening. Agentless, and Installation Optional. 2013. Retrieved from https://github.com/CISOfy/lynis.

[105]

OpenSCAP, Download | OpenSCAP portal. 2014. Retrieved from http://www.open-scap.org/download/.

[106]

J. Fernández-Sanguino, Tiger - the unix security audit and intrusion detection tool. 2010. Retrieved from https://www.nongnu.org/tiger/index.html{#}download.

[107]

Center for Internet Security. CIS Configuration Assessment Tool CIS-CAT. 2015. Retrieved from https://learn.cisecurity.org/cis-cat-lite.

[108]

Fang Liu, Jin Tong, Jian Mao, Robert Bohn, John Messina, Lee Badger, and Dawn Leaf. 2011. NIST cloud computing reference architecture. NIST Special Publication 500, 2011 (2011), 1--28.

[109]

David Dolezilek and Laura Hussey. 2011. Requirements or recommendations? Sorting out NERC CIP, NIST, and DOE cybersecurity. In Proceedings of the 64th Conference for Protective Relay Engineers. IEEE, 328--333.

[110]

Lei Shen. 2014. The NIST cybersecurity framework: Overview and potential impacts. Scitech Lawyer 10, 4 (2014), 16.

[111]

Debra S. Herrmann. 2002. Using the Common Criteria for IT Security Evaluation. Auerbach Publications.

Digital Library

[112]

R. Kruger and Jan H. P. Eloff. 1997. A common criteria framework for the evaluation of information technology systems security. In Information Security in Research and Business. Springer, 197--209.

[113]

Martin Brodin. 2015. Combining ISMS with strategic management: The case of BYOD. In Proceedings of the 8th IADIS International Conference on Information Systems. IADIS Press, 161--168.

[114]

E. Disson, G. Collard, S. Ducroquet, and G. Talens. 2017. A definition of information security classification in cybersecurity context. Proceedings of the International Conference on Challenges in Information Science 65, 3 (2017), 77--82.

[115]

T. Caddy. 2011. FIPS 140-2. In Encyclopedia of Cryptography and Security (2nd Ed.) Springer, 468--471. https://doi.org/10.1007/978-1-4419-5906-5_205

[116]

Ferdiansyah Ferdiansyah. 2018. Analisis aktivitas dan pola jaringan terhadap eternal blue dan wannacry ransomware. JUSIFO (Jurnal Sistem Informasi) 2, 1 (2018), 44--59.

[117]

Ralph Langner. 2011. Stuxnet: Dissecting a cyberwarfare weapon. IEEE Sec. Priv. 9, 3 (2011), 49--51.

Digital Library

Cited By

Komalasari R(2024)Safeguarding the FutureBlockchain and IoT Approaches for Secure Electronic Health Records (EHR)10.4018/979-8-3693-1662-7.ch003(48-72)Online publication date: 28-May-2024
https://doi.org/10.4018/979-8-3693-1662-7.ch003
Silonosov AHenesey L(2024)Telemetry data sharing based on Attribute-Based Encryption schemes for cloud-based Drone Management systemProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670909(1-8)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670909
Echeverría APinilla MCarvajal Mora H(2024)Securing the IoT: An In-Depth Analysis of Ubuntu Core Hardening Measures Using CIS LTS Guide2024 4th Interdisciplinary Conference on Electrics and Computer (INTCEC)10.1109/INTCEC61833.2024.10603300(1-8)Online publication date: 11-Jun-2024
https://doi.org/10.1109/INTCEC61833.2024.10603300
Show More Cited By

Index Terms

Cybersecurity Standards in the Context of Operating System: Practical Aspects, Analysis, and Comparisons
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

The landscape of cybersecurity vulnerabilities and challenges in healthcare: Security standards and paradigm shift recommendations
ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

Digital technology provides unique opportunities to revolutionize the healthcare ecosystem and health research. However, this comes with serious security, safety, and privacy threats. The healthcare sector has been proven unequipped and unready to face ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Use of the "smart transducer" concept and IEEE 1451 standards in system integration for precision agriculture

As an increasing number of electronic control units with various types of sensors and actuators are embedded in agricultural machines and processes, efficient system integration has become a critical issue. A recently developed agricultural bus standard,...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 54, Issue 3

April 2022

836 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3461619

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 May 2021

Accepted: 01 December 2020

Revised: 01 October 2020

Received: 01 February 2020

Published in CSUR Volume 54, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Higher Education Commission (HEC)
National Center for Cyber Security for the affiliated lab National Cyber Security Auditing and Evaluation Lab (NCSAEL)

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
1,776
Total Downloads

Downloads (Last 12 months)569
Downloads (Last 6 weeks)54

Reflects downloads up to 02 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Komalasari R(2024)Safeguarding the FutureBlockchain and IoT Approaches for Secure Electronic Health Records (EHR)10.4018/979-8-3693-1662-7.ch003(48-72)Online publication date: 28-May-2024
https://doi.org/10.4018/979-8-3693-1662-7.ch003
Silonosov AHenesey L(2024)Telemetry data sharing based on Attribute-Based Encryption schemes for cloud-based Drone Management systemProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670909(1-8)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670909
Echeverría APinilla MCarvajal Mora H(2024)Securing the IoT: An In-Depth Analysis of Ubuntu Core Hardening Measures Using CIS LTS Guide2024 4th Interdisciplinary Conference on Electrics and Computer (INTCEC)10.1109/INTCEC61833.2024.10603300(1-8)Online publication date: 11-Jun-2024
https://doi.org/10.1109/INTCEC61833.2024.10603300
Patil HBiswas SPatil C(2023)A Deep Dive into Information and Cybersecurity Frameworks2023 2nd International Conference on Futuristic Technologies (INCOFT)10.1109/INCOFT60753.2023.10425248(1-5)Online publication date: 24-Nov-2023
https://doi.org/10.1109/INCOFT60753.2023.10425248
Javaid MHaleem ASingh RSuman R(2023)Towards insighting cybersecurity for healthcare domains: A comprehensive review of recent practices and trendsCyber Security and Applications10.1016/j.csa.2023.1000161(100016)Online publication date: Dec-2023
https://doi.org/10.1016/j.csa.2023.100016
Urtamo ICostin A(2023)On Tools for Practical and Effective Security Policy Management and Vulnerability ScanningBusiness Modeling and Software Design10.1007/978-3-031-36757-1_28(375-382)Online publication date: 2-Jul-2023
https://doi.org/10.1007/978-3-031-36757-1_28
Khusainov PToliupa SShtanenko S(2022)A Secure State of the OSI-Based Distributed System in the Context of Evaluating Cyber Security2022 IEEE 9th International Conference on Problems of Infocommunications, Science and Technology (PIC S&T)10.1109/PICST57299.2022.10238670(33-37)Online publication date: 10-Oct-2022
https://doi.org/10.1109/PICST57299.2022.10238670
Korać DDamjanović BSimić DChoo K(2022)A hybrid XSS attack (H XSS ) based on fusion approach: Challenges, threats and implications in cybersecurityJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2022.09.00834:10(9284-9300)Online publication date: Nov-2022
https://doi.org/10.1016/j.jksuci.2022.09.008

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents