Abstract
Security Management is a necessary process in order to obtain an accurate security policy for Information and Communication Systems (ICS). Organizations spend a lot of money and time to implement their security policy. Existing risk assessment, business continuity and security management tools are unable to meet the growing needs of the current, distributed, complex IS and their critical data and services. Identifying these weaknesses and exploiting advanced open-source technologies and interactive software tools, we propose a secure, collaborative environment (STORM) for the security management of ICS’s.
Chapter PDF
Similar content being viewed by others
References
3proxy, http://tools.securitytube.net/index.php?title=3proxy
Abele Wigert, I., Dunn, M.: An inventory of 20 national and 6 international critical infrastructure protection policies. In: Wenger, A., Mauer, V. (eds.) International CIIP Handbook 2006, vol. 1. ETH, Zurich (2006)
ADONIS, http://www.adonis-community.com
Agarwwal, A., Bellucci, D., Coronel, A., DiPaola, S., Fedon, G., Goodman, A., Heinrich, C., Horvath, K., Ingrosso, G., Liverani, R.S., Kuza, A., Luptak, P., Mavituna, F., Mella, M., Meucci, M., Morana, M., Parata, A., Su, C., Sureddy, H.S., Roxberry, M., Stock, A.: Owasp testing guide v3.0 (2008), http://www.mare-system.de/whitepaper
Autopsy: Autopsy forensic browser, http://www.sleuthkit.org/autopsy/index.php
Basel Committee on Banking Supervision: Sound practices for the management and supervision of operational risk. BSI, Basel, Switzerland (2001)
BCIGPG: A management guide to implementing global good practice in business continuity management. In: Good Practice Guidelines 2007. (BCI GPG) Business Continuity Institute (2007)
Brunner, M., Dilaj, M., Herrera, O., Brunati, P., Subramaniam, R.K., Raman, S., Chavan, U., Rathore, B.: Information systems security assessment framework (issaf) draft 0.2.1 (April 2006), http://www.oissg.org/downloads/issaf-0.2/information-systems-security-assessment-framework-issaf-draft-0.2.1/view.html
BS25999-1: Business continuity management. British Standards Institute
Clinch, J.: Itil v3 and information security, ogc white paper (May 2009), http://www.best-managementpractice.com
COBIT4.1: It governance control framework. IT Governance Institute (2007), http://www.isaca.org
COBRA Methodology: Security risk analysis and assessment, http://www.riskworld.net/method.htm
CRAMM: Ccta risk analysis and management method, cramm version 5.2 information security toolkit (2003), http://www.cramm.com
ddrescue, http://freshmeat.net/projects/ddrescue/
DNSPredict, http://johnny.ihackstuff.com/downloads/task
Ebios: Expression des besoins et identification des objectifs de securite (2004), http://www.ssi.gouv.fr
ENISA: Risk Management: Implementation principles and Inventories for Risk Management/Risk Assessment methods and tools (2006)
ENISA: Cert exercises handbook. European Network and information Security Agency (2008), http://www.enisa.europa.eu/act/cert/support/exercise/files/handbook
EtterCap, http://ettercap.sourceforge.net/
ExploitDB, http://www.exploit-db.com
Fierce, http://ha.ckers.org/fierce/
Gooscan, http://johnny.ihackstuff.com/
HB292-2006: Handbook: A practitioners guide to business continuity management. Standards Australia, GPO Box 476, Sydney, NSW 2001, Australia (2006)
Herzog, P.: Osstmm:introduction and sample to the open source security testing methodology manual (osstmm 3 lite). Institute for Security and Open Methodologies (ISECOM) (August 2008), http://www.isecom.org/osstmm/
Honeynet: Honeynet project, http://www.honeynet.org/
Httprint, http://net-square.com/httprint/
Hydra, http://www.thc.org
ImmigrationPolicy2.0, http://www.immigrationpolicy2.eu/
ISO/IEC:15408-1: Information technology - security techniques - evaluation criteria for it security – part 1: Introduction and general model (2005), http://www.iso.org
ISO/IEC:17799: Information technology - security techniques - code of practice for information security management (2005), http://www.iso.org
ISO/IEC:27001: Information technology - security techniques - information security management systems - requirements (2005), http://www.iso.org
ISO/IEC:27002: Information technology - security techniques - code of practice for information security management (2005), http://www.iso.org
John the Ripper, http://www.openwall.com/john/
Karantjias, A., Stamati, T., Martakos, D.: Advanced e-government enterprise strategies & solutions. International Journal of Electronic Governance (IJEG), Special Issue on Methodologies, Technologies and Tools Enabling e-Government 3, 170–188 (2010)
MEF: Metasploit exploitation framework, http://www.metasploit.com/
Metagoofil, http://www.edge-security.com/metagoofil.php
Nessus, http://www.nessus.org/nessus/
Ntouskas, T., Polemi, N.: A secure, collaborative environment for the security management of port information systems. In: Proceedings of the Fifth International Conference on the Internet and Web Applications and Services, ICIW 2010, pp. 374–379. IEEE Computer Society Digital Library, Barcelona (2010)
OCTAVE: Octave method implementation guide version 2.0. Carnegie Mellon University (June 2001), http://www.cert.org/octave
OpenSSO8.0, https://opensso.dev.java.net/public/use/index.html
OpenVas: Open vulnerability assessment system, http://www.openvas.org/
Orrey, k., Lawson, L.J.: Penetration testing framework(ptf) v0.21, http://www.vulnerabilityassessment.co.uk
ProxyTunnel, http://proxytunnel.sourceforge.net/
S-PORT: S-port project, http://s-port.unipi.gr/
Scarfone, K., Souppaya, M., Cody, A., Orebaugh, A.: Technical guide to information security testing and assessment. Special Publication 800-115, http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
Sleuth Kit (TSK), http://www.sleuthkit.org/sleuthkit/
Stock, A.V.D., Lowery, D., Rook, D., Cruz, D., Keary, E., Williams, J., Chapman, J., Morana, M.M., Prego, P.: Owasp code review guide v1.1 (2008), https://www.owasp.org
Symfony: Symfony framework, http://www.symfony-project.org/
TCPtraceroute, http://michael.toren.net/code/tcptraceroute/
TinyProxy, http://tinyproxy.sourceforge.net/
ValIT: Enterprise value: Governance of it investments-the val it framework 2.0. IT Governance Institute (2008), http://www.itgi.org
Vallecillo, A.: Rm-odp: The iso reference model for open distributed processing, dintel edition on software engineering, pp. 69–99 (March 2001)
Volatility: Volatility framework, https://www.volatilesystems.com/
W3AF: Web application attack and audit framework, http://w3af.sourceforge.net/
Wack, J., Tracy, M., Souppaya, M.: NIST SP800-42:Guideline on Network Security Testing - Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-42, http://www.iwar.org.uk/comsec/resources/netsec-testing/sp800-42.pdf
Wireshark, http://wireshark.org/
Zenmap 4.60, http://nmap.org/zenmap/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Ntouskas, T., Pentafronimos, G., Papastergiou, S. (2011). STORM - Collaborative Security Management Environment. In: Ardagna, C.A., Zhou, J. (eds) Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication. WISTP 2011. Lecture Notes in Computer Science, vol 6633. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21040-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-21040-2_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21039-6
Online ISBN: 978-3-642-21040-2
eBook Packages: Computer ScienceComputer Science (R0)