Visible to the public Biblio

Filters: Keyword is best practices  [Clear All Filters]
Jmila, Houda, Blanc, Gregory.  2019.  Designing Security-Aware Service Requests for NFV-Enabled Networks. 2019 28th International Conference on Computer Communication and Networks (ICCCN). :1—9.

Network Function Virtualization (NFV) is a recent concept where virtualization enables the shift from network functions (e.g., routers, switches, load-balancers, proxies) on specialized hardware appliances to software images running on all-purpose, high-volume servers. The resource allocation problem in the NFV environment has received considerable attention in the past years. However, little attention was paid to the security aspects of the problem in spite of the increasing number of vulnerabilities faced by cloud-based applications. Securing the services is an urgent need to completely benefit from the advantages offered by NFV. In this paper, we show how a network service request, composed of a set of service function chains (SFC) should be modified and enriched to take into consideration the security requirements of the supported service. We examine the well-known security best practices and propose a two-step algorithm that extends the initial SFC requests to a more complex chaining model that includes the security requirements of the service.

Moore, A. P., Cassidy, T. M., Theis, M. C., Bauer, D., Rousseau, D. M., Moore, S. B..  2018.  Balancing Organizational Incentives to Counter Insider Threat. 2018 IEEE Security and Privacy Workshops (SPW). :237–246.

Traditional security practices focus on negative incentives that attempt to force compliance through constraints, monitoring, and punishment. This paper describes a missing dimension of most organizations' insider threat defense-one that explicitly considers positive incentives for attracting individuals to act in the interests of the organization. Positive incentives focus on properties of the organizational context of workforce management practices - including those relating to organizational supportiveness, coworker connectedness, and job engagement. Without due attention to the organizational context in which insider threats occur, insider misbehaviors may simply reoccur as a natural response to counterproductive or dysfunctional management practices. A balanced combination of positive and negative incentives can improve employees' relationships with the organization and provide a means for employees to better cope with personal and professional stressors. An insider threat program that balances organizational incentives can become an advocate for the workforce and a means for improving employee work life - a welcome message to employees who feel threatened by programs focused on discovering insider wrongdoing.

Fletcher, Kathryn.  2016.  Developing Best Practices for Qualtrics Administration. Proceedings of the 2016 ACM on SIGUCCS Annual Conference. :89–94.

In 2013 West Virginia University consolidated a few individually purchased college and individual licenses for Qualtrics survey software into a single campus-wide license that includes all of our colleges and regional campuses, to be implemented as a campus standard and enterprise solution for our campus. Due to some staff reorganizations over the past two years, I and the other Qualtrics brand administrators at WVU are all new to this administrative role. In this paper, I plan to share lessons that I learned while (1) participating in developing and documenting new business processes, (2) transitioning to serve as the main brand administrator, (3) cleaning up user accounts that had not been actively managed for years, and (4) working with the Qualtrics vendor, local group administrators, my IT colleagues, and campus users as we refine a set of best practices for product usage and administration. Although this paper discusses a campus-wide implementation of Qualtrics survey software, I feel that the lessons I learned during this process could be extrapolated to the development of best practices for other products or IT services.

Harsch, A., Idler, S., Thurner, S..  2014.  Assuming a State of Compromise: A Best Practise Approach for SMEs on Incident Response Management. IT Security Incident Management IT Forensics (IMF), 2014 Eighth International Conference on. :76-84.

Up-to-date studies and surveys regarding IT security show, that companies of every size and branch nowadays are faced with the growing risk of cyber crime. Many tools, standards and best practices are in place to support enterprise IT security experts in dealing with the upcoming risks, whereas meanwhile especially small and medium sized enterprises(SMEs) feel helpless struggling with the growing threats. This article describes an approach, how SMEs can attain high quality assurance whether they are a victim of cyber crime, what kind of damage resulted from a certain attack and in what way remediation can be done. The focus on all steps of the analysis lies in the economic feasibility and the typical environment of SMEs.