Viktor on Digital Evolution

To content | To menu | To search

Tuesday 7 February 2017

Presentation on Vulnerability Assessment: Latest Generation of Hybrid Vulnerability Scanners - CISO Summit Middle East, Dubai 2014

Outline - Reducing the effect of the weakest link in the security chain by using automated Vulnerability scanning tools on all Internet exposed systems - Increasing the accuracy of assessment by including ethical hacking (pen-testing) assessments - Reducing operational costs by using hybrid vulnerability scanners that combine automated scanning with manual ethical hacking

Presentation slides: Vulnerability Assessment: Latest Generation of Hybrid Vulnerability Scanners CISO summit Dubai 2014

Presentation on Data Owner’s Cloud Survival and Exit Strategies - Cloud Security Alliance EMEA Congress, Edinburgh 2013

A Data Owner’s Cloud Survival and Exit Strategies Outline:

  • Data owners issues
  • Lessons learned from outsourcing
  • Data ownership – the basic
  • Data management activities
  • Data Governance framework
  • Due Diligence in the Cloud
  • Data owners contract needs
  • Data owners risk assessments
  • Metrics for data owners
  • Data owners controls
  • Some encryption issues
  • Preparing for exit

Presentation slides: Presentation on Data Owner’s Cloud Survival and Exit Strategies

Lecture on Information value - University of Geneva, Geneva School of Economics and Management

Lecture outline:

  • Information assets
  • Abstraction levels from the aspect of sharing and quantifying
  • Shannon’s information content
  • Weaver’s tripartite analysis of information
  • Semantic classification
  • Information and value chain
  • Knowledge management
  • Business intelligence (BI)
  • Data warehouse, Data mining, Multidimensional cubes
  • Future trends: Machine learning, Contextual intelligence, Artificial intelligence

Presentation slides: UNIGE lecture on Information value

Monday 6 February 2017

Synthesis Conference 2015, Belgrade - Presenting article Optimizing corporate Information Security Management in the post-"Heartbleed" world

Presentation slides: Synthesis 2015 presentation on ISMS post-"Heartbleed"

Optimizing corporate Information Security Management in the post-“Heartbleed” world

Abstract: Optimal business process is defined as a dynamic process able to adapt rapidly to the changing environment and able to maintain satisfactory level of performance directed toward achieving predefined set of objectives. Corporate information security management is a business process focused on managing risk that can negatively impact vital corporate information and related technology and processes. Rapid evolution of information and communication technology (ICT) and ways it is used to collect, analyze and disseminate information carries many opportunities to improve corporate value chain, but also carries uncertainty and new risks. Unexpected flaws were recently discovered in fundamental building blocks of ICT such as OpenSSL challenging methods used to manage corporate information security. In this paper we will review information security management process focusing on its risk management component and suggest improvements in order to remain proactive. Suggested improvements will cover methods for assessing and measuring risk in those areas of ICT that were hit by unexpected vulnerabilities such as business application development and integration, establishing corporate information security incident response teams, and developing a framework for exchanging information security threat intelligence.

Optimizing corporate Information Security Management in the post-“Heartbleed” world

CONSTRUCTION OF SIGMA-PROTOCOL FOR GUARDING PRIVACY

Abstract: Witness-Hiding and deniability are important properties of OR-proofs that make them very useful building block for more complex cryptographic schemes. OR-proofs could be constructed from sigma-protocols that are honest-verifier and honest-prover protocols. A practical construction of efficient OR-proof form of sigma-protocol based on discrete logarithm problem is demonstrated in this paper.

Sigma protocols for privacy

NON-INTERACTIVE SIGMA-PROTOCOL CONSTRUCTION

Abstract: Due to their simplicity sigma protocols are frequently used for proving knowledge in more complex cryptographic schemes. Challenge is to find the optimum yet secure construction applicable to the concurrent settings such as communications on the Internet. Possible answer to this problem is usage of non-interactive sigma protocols. Practical construction of efficient non- interactive sigma protocol using discrete logarithm problem is presented in this paper and its security aspects analyzed.

Non-interactive sigma protocol construction

IMPLEMENTING AUDITABILITY WITH NON-INTERACTIVE ZERO KNOWLEDGE PROOFS

Abstract: Auditability or verifiability is an important requirement of every transaction processing information system. Implementing auditability while preserving privacy is of particular interest for information systems such as identity management, electronic voting, or cloud computing. This could be achieved by using zero knowledge proofs. Zero knowledge proofs are cryptographic methods used to verify correct participation in a distributed protocol without revealing any additional information. This paper gives an overview of zero knowledge proofs focusing on the most recent development and the implementation of the non-interactive type.

Implementing auditability with NIZKP

PhD thesis - Crypthographic Protocol for Information Systems Audit With Users Identity Protection

Abstract: A practical construction of efficient cryptographic protocol that enables externalization of authentication from transaction processing in business information systems is proposed in this research. The construction takes advantage of efficiency and simplicity of sigma-protocols based on discrete logarithm problem. Carefully analyzed security taking into account the state of the art advances in cryptanalysis permits applicability of proposed cryptographic primitives and related security parameters in certain applications such as Internet-based voting. The focus is made on the review of data protection legislation and its practical effectiveness in identity protection to highlight the importance of technological identity protection solutions. Information systems audit is an important step in estimating the level of data protection and maturity of information systems and consequently in increasing users’ confidence. However, audit of systems such as voting systems expose auditors to personally identifiable information about voters that could jeopardize some fundamental rules and regulations on voting and consequently diminish the applicability of information systems in this important aspect of e-Government. Proposed protocol offers technical solution to this problem and could be applied in other similar domains.

Thesis - Crypthographic Protocol for Information Systems Audit With Users Identity Protection

page 2 of 2 -