Next-Generation Enterprise Security and Governance
暫譯: 下一代企業安全與治理
Ahmed, Mohiuddin, Moustafa, Nour, Barkat, Abu
商品描述
The Internet is making our daily life as digital as possible, and this new era is called the Internet of Everything (IoE). The key force behind the rapid growth of the Internet is the technological advance of enterprises. The digital world we live in is facilitated by these enterprises' advances and business intelligence. These enterprises need to deal with gazillions of bytes of data, and in today's age of General Data Protection Regulation, enterprises are required to ensure privacy and security of large-scale data collections. However, the increased connectivity and devices used to facilitate IoE are continually creating more room for cybercriminals to find vulnerabilities in enterprise systems and flaws in their corporate governance.
Ensuring cybersecurity and corporate governance for enterprises should not be an afterthought or present a huge challenge. In recent times, the complex diversity of cyber-attacks has been skyrocketing, and zero-day attacks, such as ransomware, botnet, and telecommunication attacks, are happening more frequently than before. New hacking strategies would easily bypass existing enterprise security and governance platforms using advanced, persistent threats. For example, in 2020, the Toll group firm was exploited by a new crypto-attack family for violating its data privacy, where an advanced ransomware technique was launched to exploit the big corporation and request a huge figure of monetary ransom. Even after applying rational governance hygiene, cybersecurity configuration and software updates are often overlooked when they are most needed to fight cyber-crime and ensure data privacy. Therefore, the threat landscape in the context of enterprises has become wider and far more challenging. There is a clear need for collaborative work throughout the entire value chain of this network.
In this context, this book addresses the cybersecurity and cooperate governance challenges associated with enterprises, which will provide a bigger picture of the concepts, intelligent techniques, practices, and open research directions in this area. This book serves as a single source of reference for acquiring the knowledge on the technology, process, and people involved in the next-generation privacy and security.
商品描述(中文翻譯)
網際網路正使我們的日常生活變得盡可能數位化,這個新時代被稱為萬物互聯(Internet of Everything, IoE)。推動網際網路快速增長的關鍵力量是企業的技術進步。我們所生活的數位世界是由這些企業的進步和商業智慧所促成的。這些企業需要處理大量的數據,而在當今的通用數據保護條例(General Data Protection Regulation, GDPR)時代,企業被要求確保大規模數據收集的隱私和安全。然而,隨著連接性和用於促進IoE的設備不斷增加,網路犯罪分子發現企業系統中的漏洞和公司治理中的缺陷的空間也在不斷擴大。
確保企業的網路安全和公司治理不應該是事後考慮的問題,也不應該成為一個巨大的挑戰。近年來,網路攻擊的複雜多樣性急劇上升,零日攻擊(zero-day attacks)如勒索病毒(ransomware)、僵屍網路(botnet)和電信攻擊的發生頻率比以往更高。新的駭客策略很容易利用先進的持續性威脅(advanced persistent threats)來繞過現有的企業安全和治理平台。例如,在2020年,Toll集團公司因違反數據隱私而遭到一個新的加密攻擊家族的利用,該攻擊使用了一種先進的勒索病毒技術來攻擊這家大型企業並要求巨額贖金。即使在應用合理的治理衛生措施後,網路安全配置和軟體更新在最需要時常常被忽視,以對抗網路犯罪並確保數據隱私。因此,在企業的背景下,威脅環境變得更加廣泛且挑戰重重。顯然需要在整個價值鏈中進行協作。
在這個背景下,本書針對與企業相關的網路安全和公司治理挑戰,提供了該領域概念、智能技術、實踐和開放研究方向的全貌。本書作為獲取下一代隱私和安全技術、流程和人員知識的單一參考來源。
作者簡介
Mohiuddin Ahmed, PhD, MACS CP, SMIEEE Mohiuddin Ahmed attained his PhD in Computer Science from the University of New South Wales UNSW Australia). He has made practical and theoretical contributions in big data analytics (summarization) for number of application domains and his research has a high impact on data analytics, critical infrastructure protection (IoT, smart grids), information security against DoS attacks, false data injection attacks, etc., and digital health. He is currently working as a Lecturer in Computing and Security Sciences in the School of Science at Edith Cowan University (ECU), Australia. Prior to joining ECU, he served as a Lecturer in the Centre for Cyber Security and Games at Canberra Institute of Technology (CIT) and was also involved with CIT's Data Strategy Working Group. He is currently exploring blockchain for ensuring security of healthcare devices, securing the prestigious ECU Early Career Researcher Grant. Mohiuddin has led edited books on Data Analytics (CRC Press), Cyber Security (CRC Press) and Blockchain (Cambridge Scholars Publishing). Previously, he has worked in the areas of text mining and predictive analytics in the artificial intelligence division at MIMOS, Malaysia. Currently, Mohiuddin is an editorial advisory board member of Cambridge Scholars Publishing Group in the UK and Associate Editor of the International Journal of Computers and Applications (Taylor & Francis Group). He is a Senior Memebr of IEEE and Australian Computer Society Certified Professional.
Nour Moustafa, PhD, SMIEEE Dr. Nour Moustafa is Postgraduate Discipline Coordinator (Cyber) and Lecturer in Cyber Security at the School of Engineering and Information Technology (SEIT), University of New South Wales (UNSW)'s UNSW Canberra Australia. He was a Postdoctoral Fellow in Cybersecurity at UNSW Canberra from June 2017 till February 2019. He received his PhD degree in the field of Cyber Security from UNSW in 2017. He obtained his Bachelor's and master's degrees in Information Systems in 2009 and 2014, respectively, from the Faculty of Computer and Information, Helwan University, Egypt. His areas of interest include Cyber Security, in particular, Network Security, host- and network- intrusion detection systems, statistics, deep learning, and machine learning techniques. He is interested in designing and developing threat detection and forensic mechanisms to the Industry 4.0 technology for identifying malicious activities from cloud computing, fog computing, IoT and industrial control systems over virtual machines and physical systems. Dr Moustafa established a new theme, the so-called Intelligent Security, at UNSW Canberra Cyber which focuses on developing novel artificial intelligence models for protecting smart systems against cyber threat attacks in 2019. He has several research grants with totalling over AUD 1 Million. He has been awarded the 2020 prestigious Australian Spitfire Memorial Defence Fellowship award. He is also a Senior IEEE Member, ACM member, and CSCRC Fellowship. He has published more than 40 research outputs between 2014 and 2020 in top-tier computing and security journals and conferences, such as IEEE Transactions on forensics and Security, IEEE IoT, and IEEE Transactions on Industrial Informatics. He has served his academic community, as the guest associate editor of IEEE transactions journals, including IEEE Transactions on Industrial Informatics, IEEE IoT Journal, as well as the journals of IEEE Access, Future Internet, Information Security Journal: A Global Perspective, and Electronics. He has also served over seven conferences in leadership roles, involving vice-chair, session chair, Technical Program Committee (TPC) member and proceedings chair, including the 2020 IEEE TrustCom and 2020 32nd Australasian Joint Conference on Artificial Intelligence.
Associate Professor Abu Barkat Dr Abu Barkat ullah is currently working as an Associated professor at the University of Canberra. He attained his PhD in Computer Science from UNSW Australia in 2009. His research expertise encompasses cyber security and safety, data analytics, decision analytics, evolutionary optimization and covers a wide range of applications. He has been working as editor for books, reviewers for conferences and journals. He actively participated and led local and international conferences. He has experience and expertise delivering Higher Education, research in IT and Cyber Security for domestic and international institutes and universities. Before joining to university of Canberra Dr Abu Barkat ullah was the head of the Department of Cyber Security and Games at Canberra Institute of Technology, Canberra, Australia.. He has set up a Security operations centre for cyber training (TSOC) at CIT, jointly with Aust Cyber, Fifth domain. This project for National Cyber Security Education and Training, CIT (in partnership with Fifth Domain and AustCyber) was awarded winners of the '2019 ACT Industry Collaboration Award'. He was a member of CIT's Academic Council and Corporate Resources Committee. Over the last decade he has been working in collaboration with 15 plus Australian government agencies and private organisations including DTA, Defence, ASD, PwC, Accenture, EY, CSIRO, Netier, ACT government Shared Services to deliver on their workforce IT and Cyber security skills development needs. As an Agile Practitioner, Certified Scrum Master and Certified Scrum Product Owner, he has been leading complex and innovative projects for several years. Recently he has been involved developing and presenting a model of the 'future skilled workforce' in the ACT. Dr Barkat ullah is a member of a number of professional bodies, ACS, AISA, IEEE. He has received several awards and recognition for his career achievement including CIT Board Award' for Leadership, Industry engagement and Business growth.
Associate Professor Paul Haskell-Dowland Associate Professor Paul Haskell-Dowland is the Associate Dean for Computing and Security in the School of Science at Edith Cowan University and is an associate member of the Centre for Security, Communications & Network Research at Plymouth University (UK). Paul has delivered keynotes, invited presentations, workshops, professional development/training and seminars across the world for audiences including RSA Security, Sri Lanka CERT, ITU and IEEE. He has more than 20 years of experience in cyber security research and education in both the UK and Australia. Paul is the Working Group Coordinator and the ACS/Australian Country Member Representative to the International Federation for Information Processing (IFIP) Technical Committee 11 (TC11 - Security and Privacy Protection in Information Processing Systems), the secretary to IFIP Working Group 11.1 (Information Security Management), the ACS representative to Standards Australia for Risk Management (OB 007) and a member of the ACS Cyber Security Committee, a Fellow of the Higher Education Authority, a Senior Member of the IEEE, an Honorary Fellow of the Sir Alister Hardy Foundation for Ocean Science, a Fellow of the BCS and a Senior Member of the ACS/Certified Professional. He is the author of over 80 papers in refereed international journals and conference proceedings and edited 29 proceedings. Together with colleagues at Plymouth University (Dr Bogdan Ghita and Prof. Steven Furnell), Paul co-invented the ICAlert platform. ICAlert is a managed device that monitors Internet access (initially aimed at primary and secondary schools), targeting users attempting to access illegal content (child abuse images) as well as terrorist content. In February 2017, following several years of trials, a commercial product was launched in collaboration with the SouthWest Grid for Learning and the Internet Watch Foundation.
作者簡介(中文翻譯)
Mohiuddin Ahmed, PhD, MACS CP, SMIEEE
Mohiuddin Ahmed 於澳洲新南威爾士大學 (University of New South Wales, UNSW) 獲得計算機科學博士學位。他在大數據分析(摘要)方面對多個應用領域做出了實踐和理論貢獻,他的研究對數據分析、關鍵基礎設施保護(物聯網、智慧電網)、針對拒絕服務攻擊(DoS)、虛假數據注入攻擊等的信息安全,以及數位健康有著深遠的影響。目前,他在澳洲艾迪斯科文大學 (Edith Cowan University, ECU) 科學學院擔任計算與安全科學的講師。在加入 ECU 之前,他曾在堪培拉技術學院 (Canberra Institute of Technology, CIT) 的網絡安全與遊戲中心擔任講師,並參與了 CIT 的數據策略工作小組。他目前正在探索區塊鏈技術,以確保醫療設備的安全,並獲得了 ECU 的早期職業研究者獎助金。Mohiuddin 主編的書籍包括《數據分析》(CRC Press)、《網絡安全》(CRC Press)和《區塊鏈》(劍橋學者出版)。他曾在馬來西亞 MIMOS 的人工智慧部門從事文本挖掘和預測分析的工作。目前,Mohiuddin 是英國劍橋學者出版集團的編輯顧問委員會成員,以及《計算機與應用國際期刊》(Taylor & Francis Group)的副編輯。他是 IEEE 的高級會員和澳洲計算機協會認證專業人士。
Nour Moustafa, PhD, SMIEEE
Nour Moustafa 博士是澳洲新南威爾士大學 (University of New South Wales, UNSW) 工程與信息技術學院 (School of Engineering and Information Technology, SEIT) 的研究生學科協調員(網絡)及網絡安全講師。他於 2017 年至 2019 年 2 月在 UNSW 堪培拉擔任網絡安全的博士後研究員。他於 2017 年在 UNSW 獲得網絡安全領域的博士學位,並於 2009 年和 2014 年分別在埃及 Helwan 大學的計算機與信息學院獲得學士和碩士學位。他的研究興趣包括網絡安全,特別是網絡安全、主機和網絡入侵檢測系統、統計學、深度學習和機器學習技術。他對設計和開發針對工業 4.0 技術的威脅檢測和取證機制感興趣,以識別來自雲計算、邊緣計算、物聯網和工業控制系統的惡意活動。Moustafa 博士於 2019 年在 UNSW 堪培拉網絡安全部門建立了一個名為智能安全的新主題,專注於開發新型人工智慧模型,以保護智慧系統免受網絡威脅攻擊。他獲得了多個研究獎助金,總額超過 100 萬澳元。他還獲得了 2020 年的澳洲斯皮特火 Memorial 防禦獎學金。他是 IEEE 的高級會員、ACM 會員和 CSCRC 獎學金獲得者。在 2014 年至 2020 年期間,他在頂級計算和安全期刊及會議上發表了超過 40 篇研究成果,如《IEEE 取證與安全期刊》、《IEEE 物聯網》和《IEEE 工業信息學期刊》。他曾擔任 IEEE 交易期刊的客座副編輯,包括《IEEE 工業信息學期刊》、《IEEE 物聯網期刊》,以及《IEEE Access》、《未來互聯網》、《信息安全期刊:全球視角》和《電子學》等期刊。他還在七個以上的會議中擔任領導角色,包括副主席、會議主席、技術程序委員會成員和會議論文主席,包括 2020 年的 IEEE TrustCom 和 2020 年第 32 屆澳大利亞聯合人工智慧會議。
副教授 Abu Barkat
Abu Barkat 博士目前在堪培拉大學擔任副教授。他於 2009 年在澳洲新南威爾士大學 (UNSW) 獲得計算機科學博士學位。他的研究專長涵蓋網絡安全與安全性、數據分析、決策分析、進化優化,並涉及廣泛的應用。他曾擔任書籍編輯、會議和期刊的審稿人,並積極參與和主導本地及國際會議。他在高等教育、IT 和網絡安全研究方面擁有為國內外機構和大學提供服務的經驗和專業知識。在加入堪培拉大學之前,Abu Barkat 博士曾擔任堪培拉技術學院網絡安全與遊戲系的主任。他與 Aust Cyber 和 Fifth Domain 共同在 CIT 設立了一個網絡安全培訓的安全運營中心 (TSOC)。該項目是國家網絡安全教育與培訓計劃,CIT(與 Fifth Domain 和 AustCyber 合作)獲得了 2019 年 ACT 行業合作獎。他曾是 CIT 學術委員會和企業資源委員會的成員。在過去十年中,他與 15 家以上的澳洲政府機構和私營組織(包括 DTA、國防部、ASD、PwC、Accenture、EY、CSIRO、Netier、ACT 政府共享服務)合作,滿足他們在 IT 和網絡安全技能發展方面的需求。作為一名敏捷實踐者、認證 Scrum Master 和認證 Scrum 產品負責人,他多年來一直在領導複雜和創新的項目。最近,他參與了在 ACT 開發和展示“未來技能勞動力”模型的工作。Barkat 博士是多個專業機構的成員,包括 ACS、AISA 和 IEEE。他因其職業成就獲得了多個獎項和認可,包括 CIT 董事會的領導、行業參與和業務增長獎。
副教授 Paul Haskell-Dowland
Paul Haskell-Dowland 副教授是澳洲艾迪斯科文大學 (Edith Cowan University) 科學學院計算與安全的副院長,也是英國普利茅斯大學 (Plymouth University) 安全、通信與網絡研究中心的副成員。Paul 在全球範圍內為 RSA Security、斯里蘭卡 CERT、ITU 和 IEEE 等觀眾提供了主題演講、邀請演講、工作坊、專業發展/培訓和研討會。他在英國和澳洲的網絡安全研究和教育方面擁有超過 20 年的經驗。Paul 是工作組協調員,也是國際信息處理聯合會 (IFIP) 技術委員會 11(TC11 - 信息處理系統中的安全與隱私保護)的 ACS/澳洲國家成員代表,IFIP 工作組 11.1(信息安全管理)的秘書,ACS 在風險管理(OB 007)方面的標準澳洲代表,以及 ACS 網絡安全委員會的成員。他是高等教育機構的研究員、IEEE 的高級會員、Sir Alister Hardy 海洋科學基金會的榮譽研究員、BCS 的研究員和 ACS 的高級會員/認證專業人士。他在國際期刊和會議論文集中發表了超過 80 篇論文,並編輯了 29 篇會議論文集。與普利茅斯大學的同事(Bogdan Ghita 博士和 Steven Furnell 教授)共同發明了 ICAlert 平台。ICAlert 是一種管理設備,監控互聯網訪問(最初針對小學和中學),針對試圖訪問非法內容(兒童虐待圖像)以及恐怖主義內容的用戶。2017 年 2 月,在經過幾年的試驗後,與南西區學習網絡和互聯網監察基金會合作推出了一款商業產品。
![國營事業 2025 試題大補帖經濟部新進職員【機械類】專業科目(108~113年試題)[適用台電、中油、台水、台糖考試]-cover](https://cf-assets2.tenlong.com.tw/products/images/000/231/858/medium/9786264042130.jpg?1733302705)
