Security threats to critical infrastructure: the human factor

Ibrahim Ghafir; Jibran Saleem; Mohammad Hammoudeh; Hanan Faour; Vaclav Prenosil; Sardar Jaf; Sohail Jabbar; Thar Baker

首页> 外文期刊>Journal of supercomputing >Security threats to critical infrastructure: the human factor

【24h】

Security threats to critical infrastructure: the human factor

机译：对关键基础设施的安全威胁：人为因素

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

In the twenty-first century, globalisation made corporate boundaries invisible and difficult to manage. This new macroeconomic transformation caused by globalisation introduced new challenges for critical infrastructure management. By replacing manual tasks with automated decision making and sophisticated technology, no doubt we feel much more secure than half a century ago. As the technological advancement takes root, so does the maturity of security threats. It is common that today’s critical infrastructures are operated by non-computer experts, e.g. nurses in health care, soldiers in military or firefighters in emergency services. In such challenging applications, protecting against insider attacks is often neither feasible nor economically possible, but these threats can be managed using suitable risk management strategies. Security technologies, e.g. firewalls, help protect data assets and computer systems against unauthorised entry. However, one area which is often largely ignored is the human factor of system security. Through social engineering techniques, malicious attackers are able to breach organisational security via people interactions. This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, among others.

机译：在二十一世纪，全球化使公司边界变得无形且难以管理。全球化带来的这种新的宏观经济转型为关键基础设施管理带来了新的挑战。通过用自动化决策和复杂技术代替手动任务，无疑我们比半个世纪前更加安全。随着技术的进步扎根，安全威胁的成熟也随之生根。如今，关键的基础架构通常是由非计算机专家来操作的，例如卫生保健的护士，军人的士兵或紧急服务的消防员。在这种具有挑战性的应用程序中，防范内部攻击通常既不可行也不经济，但是可以使用适当的风险管理策略来管理这些威胁。安全技术，例如防火墙有助于保护数据资产和计算机系统免遭未经授权的入侵。但是，经常被忽略的一个方面是系统安全的人为因素。通过社会工程技术，恶意攻击者能够通过人际互动破坏组织安全。本文提出了一个安全意识培训框架，该框架可用于培训关键基础设施的运营商，以应对各种社会工程安全威胁，例如鱼叉式网络钓鱼，诱饵，假冒等等。

著录项

来源
《Journal of supercomputing》 |2018年第10期|4986-5002|共17页
作者
Ibrahim Ghafir; Jibran Saleem; Mohammad Hammoudeh; Hanan Faour; Vaclav Prenosil; Sardar Jaf; Sohail Jabbar; Thar Baker;
展开▼
作者单位

The University of Durham,Masaryk University;

Manchester Metropolitan University;

Manchester Metropolitan University;

Hamdan Bin Mohammed Smart University;

Masaryk University;

The University of Durham;

National Textile University;

Liverpool John Moores University;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Critical infrastructure security; Security awareness; Cyber security training; Work-based security training; Security threats against critical infrastructure;

机译：关键基础设施安全;安全意识;网络安全培训;基于工作的安全培训;针对关键基础设施的安全威胁;

相似文献

外文文献
中文文献
专利

1. Cyber Threats, Harsh Environment and the European High North (EHN) in a Human Security and Multi-Level Regulatory Global Dimension: Which Framework Applicable to Critical Infrastructures under “Exceptionally Critical Infrastructure Conditions” (ECIC)? [J] . Sandra Cassotta, Roman Sidortsov, Christer Pursiainen, Beijing Law Review . 2019,第2期

机译：在人的安全和全球多层次监管的全球范围内的网络威胁，严酷环境和欧洲高地（EHN）：在“异常关键基础设施条件”（ECIC）下，哪种框架适用于关键基础设施？
2. Siemens and TUV SUD join forces against cyber threats: Siemens and TUV SUD have come together to address the growing risk of cyberattacks on critical infrastructure by collaborating to provide digital safety and security assessments, as well as industrial vulnerability assessments to help global energy players identify asset risk and cybersecurity solutions [J] . Mark Tisshaw Modern Power Systems: Communicating Power Technology Worldwide . 2019,第5期

机译：西门子和TUV SUD加入Cyber威胁：西门子和TUV SUD通过合作提供数字安全和安全评估，以及帮助全球能源球员识别资产的工业脆弱性评估，以促进跨国基础设施的越来越危险的网络角落的风险。风险和网络安全解决方案
3. A critical review of cyber security and cyber terrorism - threats to critical infrastructure in the energy sector [J] . Venkatachary Sampath Kumar, Jagdish Prasad, Ravi Samikannu International journal of critical infrastructure . 2018,第2期

机译：对网络安全和网络恐怖主义的严格审查-对能源部门关键基础设施的威胁
4. Interfacing Systems--Security Threat Factors for Safety of Critical Infrastructures [C] . Christopher J. Bender International System Safety Conference . 2012

机译：接口系统 - 安全威胁因素，安全的关键基础设施安全
5. Red, gray, and blue: A security environment approach to national security policy countering emerging threats targeting critical infrastructure. [D] . Flynt, William Charles, III. 2001

机译：红色，灰色和蓝色：一种针对国家安全策略的安全环境方法，以应对针对关键基础设施的新出现的威胁。
6. Security Information and Event Management (SIEM): Analysis Trends and Usage in Critical Infrastructures [O] . Gustavo González-Granadillo, Susana González-Zarzosa, Rodrigo Diaz 2021

机译：安全信息和事件管理（SIEM）：关键基础设施中的分析趋势和使用情况
7. Cyber Threats, Harsh Environment and the European High North (EHN) in a Human Security and Multi-Level Regulatory Global Dimension: Which Framework Applicable to Critical Infrastructures under “Exceptionally Critical Infrastructure Conditions” (ECIC)? [O] . Sandra Cassotta, Roman Sidortsov, Christer Pursiainen, 2019

机译：网络威胁，恶劣环境和欧洲高北（EHN）在人类安全和多级监管全球维度中：适用于“特殊关键基础设施条件”（ECIC）下的关键基础设施的框架？

Security threats to critical infrastructure: the human factor

摘要

著录项

相似文献

相关主题

期刊订阅