A Review of Cyber-security Measuring and Assessment Methods for Modern Enterprises
DOI: http://dx.doi.org/10.30630/joiv.3.2.239
Abstract
Keywords
Full Text:
PDFReferences
J. L. Bayuk, J. Healey, P. Rohmeyer, Marcus H. Sachs, Jeffrey Schmidt, Joseph Weiss. “Cyber Security Policy Guidebookâ€, First Edition. © 2012 John Wiley & Sons, Inc. Published by John Wiley & Sons, Inc )2012(.
Verzon Data Breach Investigations Report https://enterprise.verizon.com/resources/reports/DBIR_2018_Report_execsummary.pdf (2018)
IoD Policy Report, Cyber Security Underpinning the digital economy,https://www.iod.com/Portals/0/PDFs/Campaigns%20and%20Reports/Digital%20and%20Technology/Cyber%20Security%20-Underpinning%20the%20digital%20economy.pdf?ver=2016-09-13-171033-407, (2016)
R. Bronson, 4 Reasons Cybersecurity Is More Important Than Ever, https://www.techwell.com/techwell-insights/2018/12/4-reasons-cybersecurity-more-important-ever, (2018)
Sucuri security provider, Cryptocurrency Mining Malware Trends & Threat Predictions, https://sucuri.net/documentation/Sucuri-eBook-Cryptomining-Malware.pdf (2018)
Components of a Cyber Security Program at maricopa countyaz, USA, https://www.maricopa.gov/1948/Components-of-a-Cyber-Security-Program
Accenture company, “COST OF CYBER CRIME STUDY†Ponemon Institute LLC Attn: Research Department, 2308 US 31 North Traverse City, Michigan 49629 USA, 1.800.887.3118, [email protected] (2017).
D. Worth, negative impacts from cyber-attacks, University of Kent,https://phys.org/news/2018-10-negative-impacts-cyber-attacks.html, (2018)
M. Gerami, Impact of Cyber Threats on Business Profitability, ITU- ICT Faculty training on “Cybersecurityâ€, Iran, https://www.itu.int/en/ITU-D/Regional-Presence/AsiaPacific/SiteAssets/Pages/Events/2018/CybersecurityASPCOE/cybersecurity/Impact%20of%20Cyber%20Threats%20on%20Business%20Profitability.pdf, (2018)
Yang, Y., Littler, T., Sezer, S., McLaughlin, K., & Wang, H. F.. Impact of cyber-security issues on Smart Grid. 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies (2011).
Antiy CERT. Report on the Worm Stuxnet's Attack. Antiy Corp., Harbin, China. [Online]. Available: http://www.antiy.net/en/analysts/Report_On_the_Attacking_of_Worm_ Struxnet_by_antiy_labs.pdf . (2019).
W. Bhaya, M. Ebady Manaa†Review Clustering Mechanisms of Distributed Denial of Service Attacksâ€, Journal of Computer Science 10 (10): 2037-2046,ISSN: 1549-3636 (2014).
Scaife, N., Carter, H., Traynor, P., & Butler, K. R. B.. CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. IEEE 36th International Conference on Distributed Computing Systems (ICDCS). doi:10.1109/icdcs.2016.46 (2016).
Databases of vulnerabilities generally include information from active vulnerability repositories, such as the United States Computer Emergency Readiness Team (US-CERT) (http://www.kb.cert.org/vuls/), or vendor advisories, such as BugTraq (http://www.securityfocus.com/archive/1).
Cynthia K. Veitch, Susan Wade, and John T. Michalski, Cyber Security Assessment Tools and Methodologies for the Evaluation of Secure Network Design at Nuclear Power Plants, Sandia National Laboratories P.O. Box 5800 Albuquerque, New Mexico 87185 (2012)
Kavita S.Kumavat, Ranjana P. Dahake, Dr.M.U.Kharat, Overview of Vulnerability Analysis, International Journal of Emerging Technology and Advanced Engineering, ISSN 2250-2459, ISO 9001:2008 Certiï¬ed Journal, Volume 3, Issue 10,October (2013)
K. Williams,Vulnerability list, VISTA Penetration Study Internet and inter-nal network security testing, Available at: http://www.internetbankingaudits.com/list_of_vulnerabilities.htm.
John Matherly. Shodan official Website. hps://www.shodan.io/
S. Lee, S. H. Shin, and B. h. Roh. Abnormal Behavior-Based Detection of Shodan and Censys-Like Scanning. In 2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN). 1048–1052. DOI:hp://dx.doi.org/10. 1109/ICUFN.2017.7993960, (2017)
Censys, official Website: https://www.censys.io/
Z. Durumeric, D. Adrian, A. Mirian, M. Bailey, and J. Alex Halderman.†A Search Engine Backed by Internet-Wide Scanning†In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, (2015).
The Zmap Project, official Website https://zmap.io/
zoomeye official Website. www.zoomeye.org
Google Hacking Database (GHDB). [Online]. Available: https://www.exploit-db.com/google-hacking-database/
Toffalini, F., Abbà , M., Carra, D., & Balzarotti, D. Google Dorks: Analysis, Creation, and New Defenses. Lecture Notes in Computer Science, 255–275.doi:10.1007/978-3-319-40667-1_13, (2016)
pentest-tools official Website. https://pentest-tools.com
Lee, N. M. Z., Ooi, S. Y., & Pang, Y. H.. Vulnerability Reports Consolidation for Network Scanners. Computational Science and Technology, 11–20.doi:10.1007/978-981-10-8276-4_2, (2018)
N. JHALA Network Scanning and Vulnerability Assessment with Report Generation, CSE-INS,IT,Nirma University May 13, 2014 CSE Department CSE-INS,IT,Nirma University, (2014)
Security tools https://sectools.org
Imperva official Website www.imperva.com
Retina Network Security Scanner official Website: https://www.beyondtrust.com/products/retina-network-security-scanner/
Acunetix Network Security Scanner official Website: https://www.acunetix.com/
Kindsight Security Labs, The Case for Network-based Malware Detection https://www.tmcnet.com/tmc/whitepapers/documents/whitepapers/2014/9599-case-network-based-malware-detection.pdf, (2014)
R. Sihwail, K. Omar, K. Akram Zainol Ariffin. A Survey on Malware Analysis Techniques: Static, Dynamic, Hybrid and Memory Analysi, DOI: http://dx.doi.org/10.18517/ijaseit.8.4-2.6827, (2018).
Damodaran, A., Troia, F. D., Visaggio, C. A., Austin, T. H., & Stamp, M. A comparison of static, dynamic, and hybrid analysis for malware detection. Journal of Computer Virology and Hacking Techniques, 13(1), 1–12. doi:10.1007/s11416-015-0261-z, (2015).
Best Antivirus Software of 2019 https://www.toptenreviews.com/software/security/best-antivirus-software/
D. P. Tshilombo , V. V. Gopala Rao, Two Way Authentication for Analytics as a Service in Cloud, ISSN (Online): 2581-5792, (2019)
G.Johansen, L.Allen, T.Heriyanto, S.Ali, Kali Linux 2 Assuring Security by Penetration Testing, Copyright © 2016 Packt Publishing,(2016)
R. Singh Patel, Kali Linux Social Engineering, Ref: 1171213,(2013)
A.KOYUN, E.Al Janabi, Social Engineering Attacks, Journal of Multidisciplinary Engineering Science and Technology (JMEST) (2017)
M. Corpuz, Enterprise Information Security Policy Assessment - An Extended Framework for Metrics Development Utilising the Goal-Question-Metric Approach, IS Institute, Queensland University of Technology, Brisbane, Queensland/4000, Australia, (â€2011).
Key Elements of an Information Security Policy, https://resources.infosecinstitute.com/key-elements-information-security-policy/#gref , (2018)