Biblio

DDoS attacks, one of the oldest forms of cyberthreats, continue to be a favorite tool of mass interruption, presenting cybersecurity hazards to practically every type of company, large and small. As a matter of fact, according to IDC, DDoS attacks are predicted to expand at an 18 percent compound annual growth rate (CAGR) through 2023, indicating that it is past time to enhance investment in strong mitigation systems. And while some firms may assume they are limited targets for a DDoS assault, the amount of structured internet access to power corporation services and apps exposes everyone to downtime and poor performance if the infrastructure is not protected against such attacks. We propose using correlations between missing packets to increase detection accuracy. Furthermore, to ensure that these correlations are calculated correctly.

Testing which is an indispensable part of software engineering is itself an art and science which emerged as a discipline over a period. On testing, if defects are found, testers diminish the risk by providing the awareness of defects and solutions to deal with them before release. If testing does not find any defects, testing assure that under certain conditions the system functions correctly. To guarantee that enough testing has been done, major risk areas need to be tested. We have to identify the risks, analyse and control them. We need to categorize the risk items to decide the extent of testing to be covered. Also, Implementation of structured metrics is lagging in software testing. Efficient metrics are necessary to evaluate, manage the testing process and make testing a part of engineering discipline. This paper proposes the usage of risk based testing using FMEA technique and provides an ideal set of metrics which provides a way to ensure effective testing process.

Strategic management and security risk management are part of the general government of the country, and therefore it is not possible to examine it separately and even if it was, one separate examination would not have give us a complete idea of how to implement this process. A modern understanding of the strategic security management requires not only continuous efforts to improve security policy formation and implementation but also new approaches and particular solutions to modernize the security system by making it adequate to the requirements of the dynamic security environment.

According to a 2011 survey in healthcare, the most commonly reported breaches of protected health information involved employees snooping into medical records of friends and relatives. Logging mechanisms can provide a means for forensic analysis of user activity in software systems by proving that a user performed certain actions in the system. However, logging mechanisms often inconsistently capture user interactions with sensitive data, creating gaps in traces of user activity. Explicit design principles and systematic testing of logging mechanisms within the software development lifecycle may help strengthen the overall security of software. The objective of this research is to observe the current state of logging mechanisms by performing an exploratory case study in which we systematically evaluate logging mechanisms by supplementing the expected results of existing functional black-box test cases to include log output. We perform an exploratory case study of four open-source electronic health record (EHR) logging mechanisms: OpenEMR, OSCAR, Tolven eCHR, and WorldVistA. We supplement the expected results of 30 United States government-sanctioned test cases to include log output to track access of sensitive data. We then execute the test cases on each EHR system. Six of the 30 (20%) test cases failed on all four EHR systems because user interactions with sensitive data are not logged. We find that viewing protected data is often not logged by default, allowing unauthorized views of data to go undetected. Based on our results, we propose a set of principles that developers should consider when developing logging mechanisms to ensure the ability to capture adequate traces of user activity.