Filters
total: 437
filtered: 411
Search results for: SECURITY OF DATA
-
Integrated functional safety and cyber security analysis
PublicationThe chapter is devoted some important issues of the functional safety analysis, in particular the safety integrity level (SIL) verification of safety functions to be implemented within the distributed control and protection systems with regard to security aspects. A method based on quantitative and qualitative information is proposed for the SIL (IEC 61508, 61511) verification with regard of the evaluation assurance levels (EAL)...
-
Standards on Cyber Security Assessment of Smart Grid
PublicationSecurity evaluation of communication systems in smart grid poses a great challenge to the developers and operators. In recent years many new smart grid standards were proposed, which paradoxically results in the difficulty in finding a relevant publication in this plethora of literature. This paper presents the results of a systematic analysis which aimed at addressing this issue by identifying standards that present sound security...
-
Security Information Sharing for the Polish Power System
PublicationThe Polish Power System is becoming increasingly more dependent on Information and Communication Technologies which results in its exposure to cyberattacks, including the evolved and highly sophisticated threats such as Advanced Persistent Threats or Distributed Denial of Service attacks. The most exposed components are SCADA systems in substations and Distributed Control Systems in power plants. When addressing this situation...
-
Wybrane problemy ochrony żeglugi (Maritime Security)
Publicationprzedstawiono zagadnienia ochrony żeglugi w aspekcie uwarunkowań związanych z radiokomunikacją morską. Opisano Międzynarodowy Kodeks Ochrony Statków i Urządzeń Portowych - ISPS (International Ship and Port Facility Security Code) i Statkowy System Alarmowania - SSAS (Ship Security Alert System) oraz także scharakteryzowano system AIS (Automated Information System) i System Identyfikacji i Śledzenia Dalekiego Zasięgu - LRIT (Long...
-
Security Assessment of a Turbo-Gas Power Plant
PublicationCritical infrastructures are exposed to new threats due to the large number of vulnerabilities and architectural weaknesses introduced by the extensive use of information and communication technologies. This paper presents the results of an exhaustive security assessment for a turbo-gas power plant.
-
Distributed measurement system with data transmission secured using XXTEA algorithm
PublicationThe paper deals with wireless data transmission security in the distributed measurement and control system. An overview of cryptographic algorithms was presented paying special attention to the algorithm dedicated to units with low processing power, which is important due to minimization of energy consumption. Measurement modules equipped with simple microcontrollers send data wirelessly to the central unit. The transmission was...
-
CIP Security Awareness and Training: Standards and Practice
PublicationThese are critical infrastructure employees who have access to the critical cyber assets in the first place. This situation is well recognized by international and national standardization bodies which recommend security education, training and awareness as one of the key elements of critical infrastructure protection. In this chapter the standards are identified and their relevant areas are described. A practical implementation...
-
CIP Security Awareness and Training: Standards and Practice
PublicationThese are critical infrastructure employees who have access to the critical cyber assets in the first place. This situation is well recognised by international and national standardisation bodies which recommend security education, training and awareness as one of the key elements of critical infrastructure protection. In this chapter the standards are identified and their relevant areas are described. A practical implementation...
-
An integrated method for security protocols analysis
Publication -
Architecture supporting security of agent systems
PublicationW rozprawie zaproponowano nową architekturę bezpieczeństwa wspomagającą anonimowość w systemach agentowych. Moduł I architektury zapewnia funkcjonalność protokołu ochrony przed tropieniem (ang. untraceability), z tą zaletą, że nie wprowadza ograniczeń wobec agentów samodzielnie ustalających trasę własnej wędrówki. Stanowi rdzeń architektury, który zaimplementowano jako rozszerzenie platformy agentowej JADE, udostępniane publicznie...
-
Aspects of maritime security and safety of Poland
PublicationReferat przedstawia wybrane aspekty morskiego bezpieczeństwa Polski. Prezentacja problematyki jest ukierunkowana na problemy techniczne związane z bezpieczeństwem, pozostawiając na uboczu problemy prawne, logistyczne i społeczne. Na wstępie przedstawiono analizę zagrożeń dla bezpieczeństwa Bałtyku. Następnie opisano wybrane instytucje odpowiedzialne za morskie bezpieczeństwo Polski, ze szczegółowym uwzględnieniem Morskiej Straży...
-
Indo-French Defence and Security Partnership
Publication -
The Impact of Terrorism on International Peace and Security
Publication -
Interaction with medical data using QR-codes
PublicationBar-codes and QR-codes (Quick Response ) are often used in healthcare. In this paper an application of QR-codes to exchange of laboratory results is presented. The secure data exchange is proposed between a laboratory and a patient and between a patient and Electronic Health Records. Advanced Encryption Standard was used to provide security of data encapsulated within a QR-code. The experimental setup, named labSeq is described....
-
Determining and verifying the safety integrity level with security aspects
PublicationSafety and security aspects consist of two different group of functional requirements for the control and protection systems. It is the reason why the analyses of safety and security shouldnt be integrated directly. The paper proposes extension of the currently used methods of functional safety analyses. It can be done with inclusion of the level of information security assigned to the technical system. The article addresses some...
-
Adapting Agile Practices to Security Context – Practitioners’ Perspective
PublicationIn this paper we explore the problem of introducing agile practices to projects dealing with systems with high security requirements. We also propose an approach based on AgileSafe method and OWASP ASVS guidelines, that could support such introduction. What is more, we present the results of two surveys aimed at analyzing IT practitioners’ views on applying agile methods to security reliant systems as well as evaluating the set...
-
Is Artificial Intelligence Ready to Assess an Enterprise’s Financial Security?
PublicationThis study contributes to the literature on financial security by highlighting the relevance of the perceptions and resulting professional judgment of stakeholders. Assessing a company’s financial security using only economic indicators—as suggested in the existing literature—would be inaccurate when undertaking a comprehensive study of financial security. Specifically, indices and indicators based on financial or managerial reporting...
-
Managing the security vulnerabilities of critical systems and hazardous plants
PublicationRozdział poświęcono aktualnym problemom zarządzania ochroną obiektów podwyższonego ryzyka jako ważnych systemów infrastruktury krytycznej. Zarządzanie odpornością na ataki takich obiektów jest oparte na ocenach ryzyka. Podkreśla się, że występują ważne instalacje i systemy wymagające specjalnej uwagi i zabezpieczeń, szczególnie systemy kontroli dostępu do sterowni i urządzeń komunikacji. Opisuje się przykładowe technologie ochrony....
-
Security Evaluation of IT Systems Underlying Critical Networked Infrastructures
PublicationCritical infrastructures have become highly dependent on information and communication technology (ICT). The drawback of this situation is that the consequences of disturbances of the underlying ICT networks may be serious as cascading effects can occur. This raises a high demand for security assurance, with a high importance assigned to security evaluations. In this paper we present an experiment-centric approach for the characterisation...
-
Security-oriented agile approach with AgileSafe and OWASP ASVS
PublicationIn this paper we demonstrate a security enhancing approach based on a method called AgileSafe that can be adapted to support the introduction of OWASP ASVS compliant practices focused on improving security level to the agile software development process. We also present results of the survey evaluating selected agile inspired security practices that can be incorporated into an agile process. Based on the survey’s results, these...
-
Approach to security assessment of critical infrastructures' information systems
PublicationThis study presents an approach to the security assessment of the information systems of critical infrastructures. The approach is based on the faithful reconstruction of the evaluated information system in a computer security laboratory followed by simulations of possible threats against the system. The evidence collected during the experiments, stored and organised using a proprietary system InSAW, may later be used for the creation...
-
Functional safety and security assessment of the control and protection systems
PublicationW artykule zostały poruszone kluczowe aspekty integracji podejścia bezpieczeństwa funkcjonalnego ''safety'' i ochrony informacji ''security'' w rozproszonych systemach sterowania i zabezpieczeniowych. Próba integracji zagadnień ''safety'' @ ''security'' została zilustrowana na przykładzie systemu monitoringu i zabezpieczeń pracującego w obiekcie podwyższonego ryzyka.
-
Agents in Simulation of Cyberattacks to Evaluate Security of Critical Infrastructures
PublicationIn the last years critical infrastructures have become highly dependent on the information technologies and exposed to cyberattacks. Because the effects of the attacks can be detrimental, it is crucial to comprehensively asses the security of the infrastructures' information systems. This chapter describes MAlSim - the simulator of malicious software based on software agents, developed for the needs of a testbed for critical infrastructures...
-
Integrated monitoring, control and security of Critical Infrastructure Systems
PublicationModern societies have reached a point where everyday life relies heavily on desired operation of critical infrastructures, in spite of accidental failures and/or deliberate attacks. The issue of desired performance operation of CIS at high security level receives considerable attention worldwide. The pioneering generic methodologies and methods are presented in the paper project for designing systems capable of achieving these...
-
User Trust Levels and Their Impact on System Security and Usability
PublicationA multilateral trust between a user and a system is considered. First of all we concentrate on user trust levels associated with the context-oriented CoRBAC model. Consequently, there were computed user profiles on the basis of its implementation in the information processing system “My GUT”. Furthermore, analysis of these profiles and the impact of user trust levels on system security and usability have been discussed.
-
VISUALIZATION OF SCANTER AND ARPA RADAR DATA IN THE DISTRIBUTED TELEINFORMATION SYSTEM FOR THE BORDER GUARD
PublicationMonitoring of country maritime border is an important task of the Border Guard. This activity can be enhanced with the use of the technology enabling gathering information from distributed sources, processing of that information and its visualization. The paper presents the next stage of development of the STRADAR project (Streaming of real-time data transmission in distributed dispatching and teleinformation systems of the Border...
-
Uncertainty assessment in the safety and security oriented risk analyses
PublicationW artykule przedstawiono uwzględnienie oceny niepewności w procesie związanym z analizą ryzyka i analizą bezpieczeństwa oraz ochroną informacji. Przedstawiona została koncepcja oceny bezpieczeństwa i zarządzania ryzykiem z uwzględnieniem analizy warstw zabezpieczeń LOPA. W artykule nakreślono wyzwania związane z integracją podejścia oceny bezpieczeństwa (safety) i ochrony informacji (security) w projektowaniu systemów zabezpieczeń...
-
Supporting Compliance with Security Standards by Trust Case Templates
PublicationTrust Cases are used to justify that a given object (a system, an infrastructure, an organization) exhibits certain properties. One of possible applications of trust cases is related to the processes of achieving and demonstrating the compliance with standards. A Trust Case Template derived from a given standard constitutes a skeleton of justification (encompassing evidence and argumentation) of the compliance with the standard....
-
Macro-nutrients recovery from liquid waste as a sustainable resource for production of recovered mineral fertilizer: Uncovering alternative options to sustain global food security cost-effectively
PublicationGlobal food security, which has emerged as one of the sustainability challenges, impacts every country. As food cannot be generated without involving nutrients, research has intensified recently to recover unused nutrients from waste streams. As a finite resource, phosphorus (P) is largely wasted. This work critically reviews the technical applicability of various water technologies to recover macro-nutrients such as P, N, and...
-
Anti-theft lab security system based on RFID
PublicationThe aim of the project is to design and create an electronic system, which can be used to protect laboratory equipment against theft. The main task of the system is to warn a person responsible for the facilities about any attempts made to steal equipment from a laboratory. In a case of an alarm situation, the system emits a sound signal. The concept of the anti-theft security system based on RFID was developed on the basis of...
-
Lab security improvement using RFID technologies
PublicationTechnologia RFID stanowi nie tylko technologię bliźniaczą w stosunku do kodów paskowych, ale posiada również dodatkowe cechy takie jak zdalna identyfikacja przy użyciu fal radiowych. Technologia ta staje się coraz bardziej dostępna i koszty jej wdrożenia są coraz mniejsze. W artykule przedstawiono wykorzystanie technologii RFID do ochrony sprzętu laboratoryjengo przed kradzieżą. Zawarto opis laboratorium wyposażonego w urządzenia...
-
The Sense of Security of the Prison Service Offi cers
Publication -
Water resources security and management for sustainable communities
Publication -
Climate Changes in Southeastern Poland and Food Security
Publication -
Network-centric warfare: a strategy for homeland security
PublicationPojawienie się międzynarodowego terroryzmu skutkuje nowym podejście do identyfikacji potencjalnych zagrożeń dla bezpieczeństwa krajowego. Powstał strategiczny dylemat - jak zidentyfikować przeciwnika? Utworzono pojęcie asymetrycznego zagrożenia i, w konsekwencji, asymetrycznej wojny. Z dużym prawdopodobieństwem można założyć, że kolejne zagrożenia będą dotyczyć takich elementów krajowej infrastruktury, jak źródła energii, elektrownie,...
-
Web-based marine gis for littoral security
PublicationW artykule opisano koncepcję oraz przykładowe zastosowania systemu informacji geograficznej umożliwiającego zbieranie, przetwarzanie, integrowanie oraz wizualizację danych pochodzących z pomiarów bezpośrednich, obrazów lotniczych i satelitarnych oraz systemów hydroakustycznych.Przedstawiono przykłady zastosowania systemu w dziedzinie ochrony strefy przybrzeżnej takie, jak: -monitoring rozprzestrzeniania wylewu olejowego, -monitoring...
-
Functional safety and security management in critical systems
PublicationGłównym celem referatu jest przedstawienie wybranych kwestii zarządzania bezpieczeństwem i ochroną w systemach podwyższonego ryzyka i systemach krytycznych. Zarysowuje się kilka praktycznych problemów analizy bezpieczeństwa funkcjonalnego w celu podejmowania decyzji zgodnie z normami międzynarodowymi IEC 61508 i IEC 61511. Podkreśla się, że aspekty związane z ochroną powinny być starannie rozpatrzone zarówno w fazie projektowania,...
-
Hierarchical approach to security monitoring and risk evaluation
PublicationPrzedstawiono problemy bezpieczeństwa sieciowego z uwzględnieiem metod szacowania i oceny bezpieczeństwa w skali lokalnej i globalnej. Podano przykłady analizy 3 systemów wraz z wnioskami oraz sugestie dotyczące trendów przyszłościowych.
-
Sectarianism as a Factor Shaping Persian Gulf Security
Publication -
Assessment of port facilities security in crisis management
PublicationZ punktu widzenia transportu międzynarodowego oraz przemysłowego charakteru systemu portowego, bezpieczeństwo obiektów portowych stanowi ważny element zarówno w zarządzaniu strategicznym portów morskich, jak również element ogólnej koncepcji zarządzania kryzysowego w ujęciu lokalnym, regionalnym, krajowym i międzynarodowym. W celu zapewnienia bezpieczeństwa portów morskich, muszą być prowadzone działania w celu przygotowania administracji...
-
Security level estimation as a function of residual risks
PublicationArtykuł przedstawia sposób oceny poziomu bezpieczeństwa organizacji IT w oparciu o metodę oceny ryzyka. Opisane są podstawowe kroki wspomnianej metody, proponowane rozwiązania i zastosowania. Zaproponowano prosty sposób oceny bezpieczeństwa systemów informatycznych organizacji w oparciu o wielkość wyznaczoną na podstawie wyliczonego ryzyka rezydualnego tychże systemów.
-
Coastal zone monitoring using Sentinel-1 SAR polarymetry data
PublicationIn recent years the role of the surveillance and security of Polish boundaries has significantly increased. Polish coastal zone monitoring requires various approaches using various technological means in order to ensure the protection of Polish boundaries. In this paper, the authors discuss and present alternatives to underwater surveillance methods of coastal area analysis and monitoring using data retrieved from the newly developed...
-
On Software Unit Testing For Security and Performance Gain At Unit Level
PublicationPerformance and security are software (SW) application attributes situated on the opposite corners of system design. In the most drastic example the most secure component is the one totally isolated from the outside world, with communication performance reduced to zero level (e.g. disconnected physically from the network, placed inside a Faraday cage to eliminate possible wireless accessibility). On the other hand the most performance-optimized...
-
On Software Unit Testing For Improving Security And Performance Of Distributed Applications
PublicationPerformance and security are software (SW) application attributes situated on the opposite corners of system design. In the most drastic example the most secure component is the one totally isolated from the outside world, with communication performance reduced to zero level (e.g. disconnected physically from the network, placed inside a Faraday cage to eliminate possible wireless accessibility). On the other hand the most performance-optimized...
-
China-Russia Bilateral Security and Military Partnership in Changing World Order: Security Challenges for the United States of America in Asia and Beyond
Publication -
Evaluating Security and Resilience of Critical Networked Infrastructures after Stuxnet
PublicationThe chapter presents the current configuration of the simulation environment for the evaluations of the security and resilience of critical networked infrastructures, which enables simulations of Stuxnet-like attacks. The configuration includes new features added to the MAlSim - Mobile Agent Malware Simulator after the advent of Stuxnet in reference to the experiments aiming at the security evaluation of a power plant which we...
-
Security of Cryptocurrencies: A View on the State-of-the-Art Research and Current Developments
Publication[Context] The goal of security is to protect digital assets, devices, and services from being disrupted, exploited or stolen by unauthorized users. It is also about having reliable information available at the right time. [Motivation] Since the inception in 2009 of the first cryptocurrency, few studies have been undertaken to analyze and review the state-of-the-art research and current developments with respect to the security...
-
Towards systemic functional safety and security management in hazardous plants
PublicationThe aim of this article is to identify and discuss some issues related to functional safety and security management in hazardous industrial plants. The safety functions are to be realised using the electric / electronic / programmable electronic systems (E/E/PESs) or the safety instrumented systems (SISs) that are designed and operated respectively according to IEC 61508 and IEC 61511 requirements in life cycle. Although the role...
-
Radio system for monitoring and acquisition of data from traffic enforcement cameras - features and assumptions of the system
PublicationThe study presents the architecture and selected functional assumptions of Radio System for Monitoring and Acquisition of Data from Traffic Enforcement Cameras (RSMAD). Ultimately, the system will be used for transmission and archiving image data of traffic offenses, but can also perform other duties related to traffic safety. Implementation of the RSMAD system will facilitate, inter alia, issuing the fine process and supervision...
-
Security of export transactions in the offer of leading banks on the Polish market
PublicationThe following article presents the so-called conditioned payment methods, i.e. instruments for securing export transactions, such as letter of credit, documentary collection, bank guarantees, factoring and forfaiting. The characteristics of each particular method are presented as well as the transactions using them are described. In the following paper, the author included also the leading Polish banks, which offer the above- mentioned...