ISSE 2014 securing electronic business processes : highlights of the Information Security Solutions Europe 2014 Conference

Authors:Information Security Solutions Europe (Conference), Helmut Reimer (Editor), Norbert Pohlmann (Editor), Wolfgang Schneider (Editor)

Summary:This book presents the most interesting talks given at ISSE 2014? the forum for the interdisciplinary discussion of how to adequately secure electronic business processes. The topics include: - Trust Services, eID and Cloud Security - BYOD and Mobile Security - Cybersecurity, Cybercrime, Critical Infrastructures - Security Management, CISO Inside - Privacy, Data Protection, Human Factors - Regulation & Policies Adequate information security is one of the basic requirements of all electronic business processes. It is crucial for effective solutions that the possibilities offered by security technology can be integrated with the commercial requirements of the applications. The reader may expect state-of-the-art: best papers of the Conference ISSE 2014. Content Trust Services, eID, Cloud Security & Management? BYOD, Mobile Security & Applications? Cybersecurity, Cybercrime, Critical Infrastructures? Security Management, CISO?s Experiences? Human Factors, Awareness & Privacy? Regulations and Policies Target Groups Chief Information Security Officers Developers of Electronic Business Processes IT Managers IT Security Experts Researchers Editors Norbert Pohlmann: Professor for Information Security and Director of the Institute for Internet Security at the Westphalian University of Applied Sciences Gelsenkirchen. Additionally he is president of the IT Security Association TeleTrusT. Helmut Reimer: Senior Consultant, TeleTrusT Wolfgang Schneider: Senior Adviser, Fraunhofer Institute SIT

eBook, English, 2014

Edition:View all formats and editions

Publisher: Springer Vieweg, Wiesbaden, 2014

Genre:Congress

Physical Description:1 online resource (xiii, 274 pages) : illustrations

ISBN:

9783658067083, 9783658067076, 365806708X, 3658067071

DOI:10.1007/978-3-658-06708-3

OCLC Number / Unique Identifier:894116101

Subjects:

Actes de congrès

COMPUTERS Internet Security

COMPUTERS Networking Security

COMPUTERS Security General

Computer networks Security measures

Computer networks Security measures Congresses

Computer security

Computer security Congresses

Conference papers and proceedings

Congress

Data protection

Data protection Congresses

Protection de l'information (Informatique) Congrès

Réseaux d'ordinateurs Sécurité Mesures Congrès

Sécurité informatique Congrès

proceedings (reports)

Additional Physical Form Entry:

Printed edition:

Contents:

About this Book; TeleTrusT

IT Security Association Germany; EEMA; SAFECode Whitepaper: Fundamental Practices for Secure Software Development 2nd Edition; 1 Secure Design Principles; 1.1 Threat Modeling; 1.1.1 CWE References1; 1.1.2 Verification; 1.2 Use Least Privilege; 1.2.1 CWE References; 1.2.2 Verification; 1.3 Implement Sandboxing; 1.3.1 CWE References; 1.3.2 Verification; 2 Secure Coding Practices; 2.1 Minimize Use of Unsafe String and Buffer Functions; 2.1.1 Automatic use of safer functions; 2.1.2 CWE References; 2.1.3 Verifikation. 2.2 Validate Input and Output to Mitigate Common Vulnerabilities2.2.1 CWE References; 2.2.2 Verification; 2.3 Use Robust Integer Operations for Dynamic Memory Allocations and Array Offsets; 2.3.1 CWE References; 2.3.2 Verification; 2.4 Use Anti-Cross Site Scripting (XSS) Libraries; 2.4.1 CWE References; 2.4.2 Verification; 2.5 Use Canonical Data Formats; 2.5.1 CWE References; 2.5.2 Verification; 2.6 Avoid String Concatenation for Dynamic SQL Statements; 2.6.1 CWE References; 2.6.2 Verification; 2.7 Eliminate Weak Cryptography; 2.7.1 CWE References; 2.7.2 Verification. 2.8 Use Logging and Tracing2.8.1 CWE References; 2.8.2 Verification; 3 Testing Recommendations; 3.1 Determine Attack Surface; 3.2 Use Appropriate Testing Tools; 3.3 Perform Fuzz / Robustness Testing; 3.4 Perform Penetration Testing; 3.4.1 CWE References; 3.4.2 Verification; 4 Technology Recommendations; 4.1 Use a Current Compiler Toolset; 4.1.1 CWE References; 4.1.2 Verification; 4.2 Use Static Analysis Tools; 4.2.1 CWE References; 4.2.2 Verification; 5 Summary of Practices; 6 Moving Industry Forward; About SAFECode; Security Management, CISO Inside. In-House Standardization of Security Measures: Necessity, Benefits and Real-world Obstructions1 Understanding Standardization; 1.1 In-house motivation; 1.2 Definition: standards and norms; 2 Necessity and benefits; 2.1 Necessity: IT service provisioning; 2.2 Benefits: quality and cost improvements; 2.3 CISO specifics; 3 What can be standardized; 4 Obstacles and solutions; 4.1 Business factors; 4.2 Security factors; 4.3 Human factors; 5 Summary; References; An Effective Approach for Assessing the Risk of Acquired IT Products; 1 Software Vulnerabilities and the Laws of Software Assurance. 1.1 What are Software Vulnerabilities?1.2 What is the Difference between Software Vulnerabilities and Software Errors?; 1.3 How do we Address Software Vulnerabilities?; 2 Risk Management; 2.1 What is the Relationship between Software Vulnerabilities and Risk Management?; 2.2 How do Organizations Assess the Risk of Acquired IT Products Today?; 3 Assessing the Security of Acquired Software; 3.1 How to assess the security of software developed without security assurance in mind?; 3.2 How can we tell if an organization has a formal software assurance process?

Notes:

Includes index

More Information:

ebrary

EBSCOhost

MyiLibrary

ProQuest Ebook Central

Scholars Portal

Scholars Portal Books

SpringerLink

VLeBooks