Search results for: INFORMATION SECURITY.
-
Information Security Journal
Journals -
Approach to security assessment of critical infrastructures' information systems
PublicationThis study presents an approach to the security assessment of the information systems of critical infrastructures. The approach is based on the faithful reconstruction of the evaluated information system in a computer security laboratory followed by simulations of possible threats against the system. The evidence collected during the experiments, stored and organised using a proprietary system InSAW, may later be used for the creation...
-
Security Information Sharing for the Polish Power System
PublicationThe Polish Power System is becoming increasingly more dependent on Information and Communication Technologies which results in its exposure to cyberattacks, including the evolved and highly sophisticated threats such as Advanced Persistent Threats or Distributed Denial of Service attacks. The most exposed components are SCADA systems in substations and Distributed Control Systems in power plants. When addressing this situation...
-
Data Model Development for Security Information Sharing in Smart Grids
PublicationThe smart grid raises new security concerns which require novel solutions. It is commonly agreed that to protect the grid, the effective collaboration and information sharing between the relevant stakeholders is prerequisite. Developing a security information sharing platform for the smart grid is a new research direction which poses several challenges related to the highly distributed and heterogeneous character of the grid. In...
-
IET Information Security
Journals -
Journal of Information Security and Applications
Journals -
EURASIP Journal on Information Security
Journals -
Procedure based functional safety and information security management of industrial automation and control systems on example of the oil port installations
PublicationThe approach addresses selected technical and organization aspects of risk mitigation in the oil port installations with regard to functional safety and security requirements specified in standards IEC 61508, IEC 61511 and IEC 62443. The procedure for functional safety management includes the hazard identification, risk analysis and assessment, specification of overall safety requirements and definition of...
-
Security Requirements and Controls for Incident Information Sharing in the Polish Power System
PublicationAmong the strategies of protecting information assets of the power system, sharing of information about current cybersecurity incidents between energy operators appears to be a prerequisite. Exchange of information leads to the effective detection of attacks and exploited vulnerabilities as well as the identification of countermeasures. This paper presents the results of continuation of our works on developing a secure and efficient...
-
Security information sharing for smart grids: Developing the right data model
PublicationThe smart grid raises new security concerns which require novel solutions. It is commonly agreed that to protect the grid the effective collaboration and information sharing between the relevant stakeholders is prerequisite. Developing a security information sharing platform for the smart grid is a new research direction which poses several challenges related to the highly distributed and heterogeneous character of the grid. In...
-
International Journal of Information Security and Privacy
Journals -
Journal of Internet Services and Information Security
Journals -
Chinese Journal of Network and Information Security
Journals -
Information and Computer Security
Journals -
ISeCure-ISC International Journal of Information Security
Journals -
International Journal of Computer Network and Information Security
Journals -
International Journal of Communication Networks and Information Security
Journals -
Journal of Information Assurance and Security
Journals -
Journal of Information Systems Security
Journals -
International Journal of Information and Computer Security
Journals -
IEEE Transactions on Information Forensics and Security
Journals -
ACM Transactions on Information and System Security
Journals -
Innovative Web-Based Geographic Information System for Municipal Areas and Coastal Zone Security and Threat Monitoring Using EO Satellite Data
PublicationThe paper presents a novel design of a Web-based Safe City & Coastal Zone GIS (SCCZ-GIS). The system integrates data acquired from different remote sensing and geospatial data sources for the purpose monitoring the security of the coastal zone, its inhabitants and Critical Infrastructure. The system utilises several innovative technologies and solutions, and is capable of direct co-operation with different remote sensing data sources...
-
International Journal of Information Security
Journals -
International Journal for Information Security Research
Journals -
Information Systems Security 2023
e-Learning CoursesThe e-learning course for the Information Systems Security, in the field of Electronics and Telecommunications in the II degree studies (2nd year of studies, 3rd semester).
-
International Journal on Information Technologies and Security
Journals -
Approaching Secure Industrial Control Systems
PublicationThis study presents a systematic approach to secure industrial control systems based on establishing a business case followed by the development of a security programme. To support these two fundamental activities the authors propose a new method for security cost estimation and a security assessment scheme. In this study they explain the cost evaluation technique and illustrate with a case study concerning the assessment of the...
-
Operating system security by integrity checking and recovery using write-protected storage
PublicationThe paper presents an Integrity Checking and Recovery (ICAR) system which protects file system integrity and automatically restores modified files. The system enables files cryptographic hashes generation and verification, as well as configuration of security constraints. All of the crucial data, including ICAR system binaries, file backups and hashes database are stored in a physically write protected storage to eliminate the...
-
Information Systems Security 2023/2024
e-Learning CoursesThe e-learning course for the Information Systems Security, in the field of Electronics and Telecommunications in the II degree studies (2nd year of studies, 3rd semester).
-
Information Security Symposium
Conferences -
Information Security Conference
Conferences -
Australasian Information Security Conference
Conferences -
Activity-based payments: alternative (anonymous) online payment model
PublicationElectronic payments are the cornerstone of web-based commerce. A steady decrease in cash usage has been observed, while various digital payment technologies are taking over. They process sensitive personal information raising concerns about its potentially illicit usage. Several payment models that confront this challenge have been proposed. They offer varying levels of anonymity and readiness for adoption. The aim of this study...
-
International Conference on Information Security and Assurance
Conferences -
Australian Information Security Management Conference
Conferences -
IFIP Information Security & Privacy Conference
Conferences -
Australasian Conference on Information Security and Privacy
Conferences -
International Workshop on Information Security Applications
Conferences -
International Conference on Information Security and Cryptology
Conferences -
Workshop in Information Security Theory and Practices
Conferences -
International Conference on Information Security and Cryptography
Conferences -
Australasia Conference on Information Security and Privacy
Conferences -
Symposium on Requirements Engineering for Information Security
Conferences -
SKLOIS Conference on Information Security and Cryptology
Conferences -
Information Security Practice and Experience Conference
Conferences -
International Conference on the Theory and Application of Cryptology and Information Security
Conferences -
Australasian Information Security Workshop 2007 (Privacy Enhancing Technologies)
Conferences -
Information Hiding and Multimedia Security Workshop
Conferences -
International Conference on Information and Communications Security
Conferences -
International Conference on Information Theoretic Security
Conferences -
Computational Intelligence in Security for Information Systems
Conferences -
International Conference on Security of Information and Networks
Conferences -
International Conference on Information Systems Security
Conferences -
Australian Information Warfare and Security Conference
Conferences -
International Symposium on Information Assurance and Security
Conferences -
International Workshop on Security in Information Systems
Conferences -
Asia Conference on Information, Computer and Communications Security (ACM Symposium on Information, Computer and Communications Security)
Conferences -
Immersive Technologies that Aid Additive Manufacturing Processes in CBRN Defence Industry
PublicationTesting unique devices or their counterparts for CBRN (C-chemical, B-biological, R-radiological, N-nuclear) defense relies on additive manufacturing processes. Immersive technologies aid additive manufacturing. Their use not only helps understand the manufacturing processes, but also improves the design and quality of the products. This article aims to propose an approach to testing CBRN reconnaissance hand-held products developed...
-
International Workshop on Critical Information Infrastructures Security
Conferences -
International Conference on Information Systems Security and Privacy
Conferences -
Conference on Security in Network Architectures and Information Systems
Conferences -
Workshop on Australasian Information Security, Data Mining and Web Intelligence, and Software Internationalisation
Conferences -
Joint Working Conference on Secure Information Networks: Communications and Multimedia Security
Conferences -
Rafał Leszczyna dr hab. inż.
PeopleDr hab. Rafal Leszczyna is an associate professor at Gdansk University of Technology, Faculty of Management and Economics. He holds the M.Sc. degrees of Computer Science and Business Management. In December, 2006 he earned a Ph.D. in Computer Science, specialisation - Computer Security at the Faculty of Electronics, Telecommunications and Informatics of Gdansk University of Technology. Between 2004 and 2008 he worked in the European...
-
Security Evaluation of IT Systems Underlying Critical Networked Infrastructures
PublicationCritical infrastructures have become highly dependent on information and communication technology (ICT). The drawback of this situation is that the consequences of disturbances of the underlying ICT networks may be serious as cascading effects can occur. This raises a high demand for security assurance, with a high importance assigned to security evaluations. In this paper we present an experiment-centric approach for the characterisation...
-
Jerzy Konorski dr hab. inż.
PeopleJerzy Konorski received his M. Sc. degree in telecommunications from Gdansk University of Technology, Poland, and his Ph. D. degree in computer science from the Polish Academy of Sciences, Warsaw, Poland. In 2007, he defended his D. Sc. thesis at the Faculty of Electronics, Telecommunications and Informatics, Gdansk University of Technology. He has authored over 150 papers, led scientific projects funded by the European Union,...
-
Cost assessment of computer security activities
PublicationComprehensive cost-benefit analysis plays a crucial role in the decision-making process when it comes to investments in information security solutions. The cost of breaches needs to be analysed in the context of spending on protection measures. However, no methods exist that facilitate the quick and rough prediction of true expenditures on security protection systems. Rafal Leszczyna of Gdansk University of Technology presents...
-
Agents in Simulation of Cyberattacks to Evaluate Security of Critical Infrastructures
PublicationIn the last years critical infrastructures have become highly dependent on the information technologies and exposed to cyberattacks. Because the effects of the attacks can be detrimental, it is crucial to comprehensively asses the security of the infrastructures' information systems. This chapter describes MAlSim - the simulator of malicious software based on software agents, developed for the needs of a testbed for critical infrastructures...
-
Determining and verifying the safety integrity level with security aspects
PublicationSafety and security aspects consist of two different group of functional requirements for the control and protection systems. It is the reason why the analyses of safety and security shouldnt be integrated directly. The paper proposes extension of the currently used methods of functional safety analyses. It can be done with inclusion of the level of information security assigned to the technical system. The article addresses some...
-
Security Assessment of a Turbo-Gas Power Plant
PublicationCritical infrastructures are exposed to new threats due to the large number of vulnerabilities and architectural weaknesses introduced by the extensive use of information and communication technologies. This paper presents the results of an exhaustive security assessment for a turbo-gas power plant.
-
Integrated functional safety and cyber security analysis
PublicationThe chapter is devoted some important issues of the functional safety analysis, in particular the safety integrity level (SIL) verification of safety functions to be implemented within the distributed control and protection systems with regard to security aspects. A method based on quantitative and qualitative information is proposed for the SIL (IEC 61508, 61511) verification with regard of the evaluation assurance levels (EAL)...
-
A Set of Experience-Based Smart Synergy Security Mechanism in Internet of Vehicles
PublicationIn this article, we introduce a novel security mechanism, the Smart Synergy Security (3S). The mechanism uses the Set of Experience Knowledge Structure (SOEKS) and the synergy of security methods in different domains to provide the global optimal security strategy. The proposed strategy is taking into account the characteristics of information security (i.e. confidentiality, integrity, availability, controllability, and reviewability)...
-
Wybrane problemy ochrony żeglugi (Maritime Security)
Publicationprzedstawiono zagadnienia ochrony żeglugi w aspekcie uwarunkowań związanych z radiokomunikacją morską. Opisano Międzynarodowy Kodeks Ochrony Statków i Urządzeń Portowych - ISPS (International Ship and Port Facility Security Code) i Statkowy System Alarmowania - SSAS (Ship Security Alert System) oraz także scharakteryzowano system AIS (Automated Information System) i System Identyfikacji i Śledzenia Dalekiego Zasięgu - LRIT (Long...
-
Security ontology construction and integration
PublicationThere are many different levels on which we can examine security. Each one is different from others, all of them are dependent on the context. Hence the need to bear additional knowledge enabling efficient utilization of the knowledge by the computers. Such information can be provided by ontologies. The paper presentsgathered requirements needed to be taken into account when creating an ontology. The method of ontology creation...
-
User Trust Levels and Their Impact on System Security and Usability
PublicationA multilateral trust between a user and a system is considered. First of all we concentrate on user trust levels associated with the context-oriented CoRBAC model. Consequently, there were computed user profiles on the basis of its implementation in the information processing system “My GUT”. Furthermore, analysis of these profiles and the impact of user trust levels on system security and usability have been discussed.
-
Integrated approach for functional safety and cyber security management in maritime critical infrastructures
PublicationThe work is devoted important issues of the management in maritime critical infrastructure of functional safety analysis, in particular the safety integrity level (SIL) verification of safety functions to be implemented within the distributed control and protection systems with regard to cyber security aspects. A method based on quantitative and qualitative information is proposed for the SIL (IEC 61508, 61511) verification with...
-
Simulating Malware with MAlSim
PublicationThis paper describes MAlSim - Mobile Agent Malware Simulator - a mobile agent framework developed to address one of the most important problems related to the simulation of attacks against information systems i.e. the lack of adequate tools for reproducing behaviour of malicious software (malware). The framework can be deployed over the network of an arbitrary information system and it aims at simulating behaviour of each instance...
-
Simulating malware with MAlSim
PublicationThis paper describes MAlSim - Mobile Agent Malware Simulator - a mobile agent framework developed to address one of the most important problems related to the simulation of attacks against information systems, i.e. the lack of adequate tools for reproducing behaviour of malicious software (malware). The framework can be deployed over the network of an arbitrary information system and it aims at simulating behaviour of each instance...
-
Redesign of the Research Platform for Monitoring, Control and Security of Critical Infrastructure Systems
PublicationCritical Infrastructure Systems (CISs) play a key role in modern societies. Their sustainable operation depends heavily on the performance of dedicated structures and algorithms targeting monitoring, control and security aspects. In previous work a Research Platform (RP) for the design and simulation of such systems was presented. This works updates the information on the RP through the description of major hardware and software...
-
Security of Cryptocurrencies: A View on the State-of-the-Art Research and Current Developments
Publication[Context] The goal of security is to protect digital assets, devices, and services from being disrupted, exploited or stolen by unauthorized users. It is also about having reliable information available at the right time. [Motivation] Since the inception in 2009 of the first cryptocurrency, few studies have been undertaken to analyze and review the state-of-the-art research and current developments with respect to the security...
-
Janusz Górski prof. dr hab. inż.
People -
Clustering Context Items into User Trust Levels
PublicationAn innovative trust-based security model for Internet systems is proposed. The TCoRBAC model operates on user profiles built on the history of user with system interaction in conjunction with multi-dimensional context information. There is proposed a method of transforming the high number of possible context value variants into several user trust levels. The transformation implements Hierarchical Agglomerative Clustering strategy....
-
Safety integrity level verification for safety-related functions with security aspects
PublicationThe article is devoted some important issues of the functional safety analysis, in particular the safetyintegrity level (SIL) verification of safety functions to be implemented within the distributed controland protection systems with regard to cyber security aspects. The procedure for functional safety man-agement includes hazard identification, risk analysis and assessment, specification of overall safetyrequirements and definition...
-
Information-driven network resilience: Research challenges and perspectives
PublicationInternet designed over 40 years ago was originally focused on host-to-host message delivery in a best-effort manner. However, introduction of new applications over the years have brought about new requirements related with throughput, scalability, mobility, security, connectivity, and availability among others. Additionally, convergence of telecommunications, media, and information technology was responsible for transformation...
-
Threat intelligence platform for the energy sector
PublicationIn recent years, critical infrastructures and power systems in particular have been subjected to sophisticated cyberthreats, including targeted attacks and advanced persistent threats. A promising response to this challenging situation is building up enhanced threat intelligence that interlinks information sharing and fine-grained situation awareness. In this paper a framework which integrates all levels of threat intelligence...
-
Mobile Security: Threats and Best Practices
PublicationCommunicating mobile security threats and best practices has become a central objective due to the ongoing discovery of new vulnerabilities of mobile devices. To cope with this overarching issue, the goal of this paper is to identify and analyze existing threats and best practices in the domain of mobile security. To this extent, we conducted a literature review based on a set of keywords. The obtained results concern recognizable...
-
Andrzej Chybicki dr inż.
PeopleA graduate of the Faculty of Electronics, Telecommunications and Informatics at the Gdańsk University of Technology, PhD in technical sciences in the field of IT specializing in distributed data processing in IT . Aimed at exploiting the achievements and knowledge in the field of industrial research. He cooperated with a number of companies including OpeGieka Elbląg, Reson Inc., Powel Sp. z o. o., Wasat, Better Solutions, the European...
-
Paweł Lubomski dr inż.
PeoplePaweł Lubomski is the director of the IT Services Centre at the Gdańsk University of Technology. He is responsible for developing and maintaining the central information systems of the university. He is also in charge of the R&D team and works on new approaches to IT systems’ protection. He also acts as the project manager of two big innovative IT projects co-financed by the European Funds. He received a PhD degree in computer...
-
Secure access control and information protection mechanisms in radio system for monitoring and acquisition of data from traffic enforcement cameras
PublicationThe study presents the architecture of the Radio System for Monitoring and Acquisition of Data from Traffic Enforcement Cameras (in short: RSMAD), particularly concerning access control and protection of confidential data. RSMAD security structure will be discussed in relation to network security issues. Additionally, the paper presents the results of the work associated with the modelling of potential threats to system security.
-
Situational Awareness Network for the Electric Power System: the Architecture and Testing Metrics
PublicationThe contemporary electric power system is highly dependent on Information and Communication Technologies which results in its exposure to new types of threats, such as Advanced Persistent Threats (APT) or Distributed-Denial-of-Service (DDoS) attacks. The most exposed components are Industrial Control Systems in substations and Distributed Control Systems in power plants. Therefore, it is necessary to ensure the cyber security of...
-
AUTONOMOUS PLATFORM TO PROTECT MARITIME INFRASTRUCTURE FACILITIES
PublicationProblems regarding the security of maritime infrastructure, especially harbours and offshore infrastructure, are currently a very hot topic. Due to these problems, there are some research projects in which the main goal is to decrease the gap and improve the methods of observation in the chosen area, for both in-air and underwater areas. The main goal of the paper is to show a new complex system for improving the security of the...
-
Systems engineering approach to functional safety and cyber security of industrial critical installations
PublicationThis chapter addresses the systems engineering approach to integrated functional safety and cybersecurity analysis and management regarding selected references, standards and requirements concerning critical installations and their industrial automation and control system (IACS). The objective is to mitigate the vulnerability of industrial installations that include the information technology (IT) and the operational technology...
-
Systems engineering approach to functional safety and cyber security of industrial critical installations
PublicationThis chapter addresses the systems engineering approach to integrated functional safety and cybersecurity analysis and management regarding selected references, standards and requirements concerning critical installations and their industrial automation and control system (IACS). The objective is to mitigate the vulnerability of industrial installations that include the information technology (IT) and the operational technology...
-
Evaluation of Open Source SIEM for Situation Awareness Platform in the Smart Grid Environment
PublicationThe smart grid as a large-scale system of systems has an exceptionally large surface exposed to cyber-attacks, including highly evolved and sophisticated threats such as Advanced Persistent Threats (APT) or Botnets. When addressing this situation the usual cyber security technologies are prerequisite, but not sufficient. The smart grid requires developing and deploying an extensive ICT infrastructure that supports significantly...
-
Zarządzanie bezpieczeństwem informacji - specjalność ISI -2022
e-Learning CoursesThe aim of the course is for a student to develop the understanding of terminology, objectives and scope of information security management and privacy management and to learn about related assurance and assessment methods.
-
Zarządzanie bezpieczeństwem informacji - specjalność ISI -2023
e-Learning CoursesThe aim of the course is for a student to develop the understanding of terminology, objectives and scope of information security management and privacy management and to learn about related assurance and assessment methods.
-
Zarządzanie bezpieczeństwem informacji - specjalność ISI -2024
e-Learning CoursesThe aim of the course is for a student to develop the understanding of terminology, objectives and scope of information security management and privacy management and to learn about related assurance and assessment methods.
-
Business continuity management framework for Industry 4.0 companies regarding dependability and security of the ICT and ICS/SCADA system
PublicationThis chapter addresses a business continuity management (BCM) framework for the Industry 4.0 companies including the organizational and technical solutions, regarding the dependability and security of the information and telecommunication technology (ICT), and the industrial control system (ICS) / supervisory control and data acquisition (SCADA) system. These technologies and systems play nowadays important roles in modern advanced...
-
Horizon Europe proposals - Administrative Part
Open Research DataThe dataset contains data collected during the HE National Contact Point training on Oct. 12, 2022, reg. the administrative part of Horizon Europe grant proposals. The data set includes presentations concerning administrative forms of 2022 proposals and their content, including participant data; information about abstract writing, keyword choice and...