Правовые методы обеспечения информационной безопасности в «облачных» сервисах
The peculiarities of information security in the implementation of cloud services in the Russian Federation in view of the legal characteristics of cloud services providers, status information as an object of legal regulation, the characteristics of restricted information and specifi conclusion of civil law contracts.
The proceedings of the 11th International Conference on Service-Oriented Computing (ICSOC 2013), held in Berlin, Germany, December 2–5, 2013, contain high-quality research papers that represent the latest results, ideas, and positions in the field of service-oriented computing. Since the first meeting more than ten years ago, ICSOC has grown to become the premier international forum for academics, industry researchers, and practitioners to share, report, and discuss their ground-breaking work. ICSOC 2013 continued along this tradition, in particular focusing on emerging trends at the intersection between service-oriented, cloud computing, and big data.
Proceedings of the 2013 IEEE 14th International Conference on Information Reuse and Integration (IEEE IRI 2013) , 14-16 August 2013, San Francisco, Ca, USA.
We are witnessing now a coming closer together of two pedagogical movements – that of media education (media literacy) and that of information literacy, both of them having previously existed parallel to each other, and without actually crossing each other’s path.
Almost all of the technologies that are now part of the cloud paradigm existed before, but so far the market has not been proposals that bring together emerging technologies in a single commercially attractive solution. However, in the last decade, there were public cloud services, through which these technologies, on the one hand, available to the developer, and on the other - it is clear to the business community. But many of the features that make cloud computing attractive, may be in conflict with traditional models of information security.
Due to the fact that cloud computing bring with them new challenges in the field of information security, it is imperative for organizations to control the process of information risk management in the cloud. In this article on the basis of Common Vulnerability Scoring System, allowing to determine the qualitative indicator of exposure to vulnerabilities of information systems, taking into account environmental factors, we propose a method of risk assessment for different types of cloud deployment environments.
Information Risk Management, determine the applicability of cloud services for the organization is impossible without understanding the context in which the organization operates and the consequences of the possible types of threats that it may face as a result of their activities. This paper proposes a risk assessment approach used in the selection of the most appropriate configuration options cloud computing environment from the point of view of safety requirements. Application of risk assessment for different types of deployment of cloud environments will reveal the ratio counter possible attacks and to correlate the amount of damage to the total cost of ownership of the entire IT infrastructure of the organization.
Some provisions of SWOT analysis and assessment of its productivity in business are criticized.
This paperwork overviews core technologies implemented by comparably new products at information security market - web application firewalls. Web applications are a very wide-used and convenient way of presenting remote users with access to corporate information resources. It can however become single point of failure rendering all the information infrastructure unreachable for legitimate clients. To prevent malicious access attempts to endpoint information resources and, intermediately, to web server, a new class of information security solutions has been created. Web application firewalls function at the highest, seventh layer of ISO/OSI model and serves as a controlling tunnel for all the traffic heading to and from company’s web application server(s). To ensure decent levels of traffic monitoring and intrusion prevention web application firewalls are equipped with various mechanisms of data exchange session “normalness” control. These mechanisms include protocol check routines, machine learning techniques, traffic signature analysis and more dedicated means like denial of service, XSS injection and CRRF attack prevention. Ability to research and add user rules to be processed along with vendor-provided ones is important since every company has its own security policy and, therefore the web application firewall should provide security engineers with ways to tweak its rules to reflect the security policy more precisely. This research is based on wide practice experience integrating web application firewalls into security landscape of various organizations, their administration and customization. We illustrate our research of available filtering mechanisms and their implementations with example product features by market leaders, schemes and screenshots from real web application firewall systems.
The use of hardware virtualization for ensuring information security is discussed. A review of various approaches to improving the security of software systems based on virtualization is given. A review of possible scenarios of using virtualization by intruders is also presented. The application domains and limitations of the available solutions and perspectives of future development in the field are discussed.
In this paper we consider choice problems under the assumption that the preferences of the decision maker are expressed in the form of a parametric partial weak order without assuming the existence of any value function. We investigate both the sensitivity (stability) of each non-dominated solution with respect to the changes of parameters of this order, and the sensitivity of the set of non-dominated solutions as a whole to similar changes. We show that this type of sensitivity analysis can be performed by employing techniques of linear programming.
The manual is intended for students of Department of computer engineering MIEM HSE. In the textbook based on the courses "Economics of firm" and "the development strategy of the organization." Discusses the key conceptual and methodological issues of the theory and practice of Economics and development planning of the organization. The use of textbooks will enable students: to analyze key performance indicators, and use the tools of strategic analysis with reference to concrete situations in contemporary Russian and international business. Special attention is paid to the methods and systems of information support of the life support functions of business organizations and management methodology of innovation and investment. An Appendix contains source data for analysis of competition in a particular industry.
The paper provides a number of proposed draft operational guidelines for technology measurement and includes a number of tentative technology definitions to be used for statistical purposes, principles for identification and classification of potentially growing technology areas, suggestions on the survey strategies and indicators. These are the key components of an internationally harmonized framework for collecting and interpreting technology data that would need to be further developed through a broader consultation process. A summary of definitions of technology already available in OECD manuals and the stocktaking results are provided in the Annex section.
Over the last two decades national policy makers drew special attention to the implementation of policy tools which foster international cooperation in the fields of science, technology, and innovation. In this paper, we look at cases of Russian-German collaboration to examine the initiatives of the Russian government aimed at stimulating the innovation activity of domestic corporations and small and medium enterprises. The data derived from the interviews with companies’ leaders show positive effects of bilateral innovative projects on the overall business performance alongside with major barriers hindering international cooperation. To overcome these barriers we provide specific suggestions relevant to the recently developed Russian Innovation Strategy 2020.