Alevizos et al., 2023 - Google Patents
Cyber threat modeling for protecting the crown jewels in the Financial Services Sector (FSS)Alevizos et al., 2023
View PDF- Document ID
- 15972096082185907374
- Author
- Alevizos L
- Stavrou E
- Publication year
- Publication venue
- Information Security Journal: A Global Perspective
External Links
Snippet
Financial institutions are undergoing the so-called “de-perimeterization.” The security model up to today is heavily dependent on” border patrols” focusing mostly on providing a secure perimeter while the internal network is inherently trusted. In the upcoming borderless …
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Calder | Implementing information security based on ISO 27001/ISO 27002 | |
| Alwaheidi | A data-driven threat modelling language for ensuring cyber security assurance | |
| Schreiber et al. | AI for cyber-security risk: harnessing AI for automatic generation of company-specific cybersecurity risk profiles | |
| Aslaner | Cybersecurity Strategies and Best Practices: A comprehensive guide to mastering enterprise cyber defense tactics and techniques | |
| Zangana | Harnessing the power of large language models | |
| Misra et al. | A strategic modeling technique for information security risk assessment | |
| Abo-Alian et al. | A data-driven approach to prioritize MITRE ATT&CK techniques for active directory adversary emulation | |
| Alevizos et al. | Cyber threat modeling for protecting the crown jewels in the Financial Services Sector (FSS) | |
| Chauhan | Insider threats mitigation: Role of penetration testing | |
| Copeland | Introduction to the MITRE Matrix | |
| Maleh | Traditional Vs Generative AI Pentesting: A Hands-on Approach to Hacking | |
| Girhotra et al. | Securing cloud-native applications (CNAs): A case study of practices in a large IT company | |
| Mengistu | Minimizing organizational supply-chain cyber risks | |
| Kirov | Cyber security risks and opportunities of artificial intelligence: A qualitative study: How AI would form the future of cyber security | |
| Hicks et al. | Exploring Red Teaming to Identify New and Emerging Risks from AI Foundation Models | |
| Sundararaj et al. | Challenges in IT Security Processes and Solution Approaches with Process Mining | |
| De Ysasi | Stepping Towards Responsible AI: The Role of Global Governance in Preventing AI Risks | |
| Ee et al. | Asymmetry by design: Boosting cyber defenders with differential access to AI | |
| Yokowo | Building a Cybersecurity Maturity Guide For Small and Medium-sized Enterprises (SME) With Open Source Solutions | |
| Khaoulaj et al. | Survey on Smart Contract Security: Challenges, Techniques, and Future Directions | |
| Zorraquino | Social media and business: balancing risks and opportunities: A literature review | |
| Vijaya Raghavan | Task, Knowledge, Skill, and Ability: Equipping the Small-Medium Businesses Cybersecurity Workforce | |
| Giang | Safeguarding Sensitive Data: Prompt Engineering for Gen AI | |
| Vishnu | Analysis of current machine learning and AI techniques to perform automated hacking | |
| Rountree | Solutions to Mitigate Information Security Breaches and Protect Personally Identifiable Information in a Public-Sector Cloud Computing Environment |