Moving beyond cyber security awareness and training to engendering security knowledge sharing

Information Systems and e-Business Management - Employees play a critical role in improving workplace cyber security, which builds on widespread security knowledge and expertise. To maximise...     

Approach to APCS protection from cyber threats

Protection technologies of initially vulnerable industrial control systems are based on network segregation, the logical separation of the control network from the corporate network, and the use of firewalls. Manufacturers of industrial equipment attempt to embed security functions (of authentication and PLC password protection), but without using additional protection means, the components of these automatic process control systems remain unprotected because of the architecture designed without taking into account information security requirements. In this paper, a comparative analysis of the existing approaches to the APCS protection has been carried out, security criteria for each approach have been formalized, and a new subject-centered approach has been proposed that develops the cyber security paradigm.     

网络空间安全人才培养探讨

网络空间的竞争,归根结底是人才的竞争。当前,世界各国高度重视网络空间安全人才的培养。基于此,首先介绍了网络空间安全人才培养的现状;然后分析了网络空间安全人才的需求特点,并提出了网络空间安全人才培养的若干建议措施;最后给出了暨南大学在网络空间安全人才培养方面的一些探索。     

Understanding and overcoming cyber security anti-patterns

This article presents an empirical and practice-based analysis of the question, why despite substantial investments, there are still major security weaknesses in today’s information systems. Acknowledging that cyber security is not a purely technical discipline, the article takes a holistic approach and identifies four anti-patterns that are frequent in practice and detrimental to the goal of achieving strong cyber security. The first anti-pattern is that decisions about security are frequently based on intuition rather than data and rigor; this introduces cognitive biases and undermines decision quality. Second, many organizations fail to implement foundational security controls and consequently, are easy targets for opportunistic and novice attackers. Third, there is an overreliance on the relatively static threat knowledge in products such as virus scanners, while an inability to learn and adapt dynamically opens the door for advanced threats. Fourth, weaknesses in security governance create systemic control gaps and vulnerabilities. The article describes each anti-pattern and presents specific steps that organizations can take to overcome them.     

网络空间安全学科人才培养之思考

网络空间安全己被正式批准列为一级学科,该学科的人才培养与己有学科的联系与区别值得深入探讨。分析了该学科和信息与通信工程、计算机科学与技术等相关一级学科的关系,给出了网络空间安全学科的知识体系,将其分为网络空间安全基础理论、物理安全、网络安全、系统安全、数据和信息安全等5个大的学科领域。借鉴基于产出的教育模式,提出了该学科硕士和博士研究生的培养标准,并提出了涵盖5个方向的模块化参考课程体系。最后,给出了对网络空间安全学科人才培养的一些建议。