Anatomy of a Data Breach

ABSTRACT

In the wake of undiscovered data breaches and subsequent public exposure, regulatory compliance and security audit standards are becoming more important to protecting critical assets. Despite the increase in the number of data breaches via illicit means, internal controls seem to fail when it comes to the assurance that critical assets remain uncompromised. According to the Identity Theft Resource Center, 336 breaches have been reported in 2008 alone, 69%?greater than this time last year ¹ 1. Identity Theft Resource Center. (2008, July 15). IRTC 2008 Breach List. . This is a concern for security teams, especially since a lack of dedicated resources exists to combat and revert this trend.

This is significantly important to take into consideration when going through the formal audit process to certify adherence to Sarbanes-Oxley (SOX), Graham Leach Bliley (GLBA), Payment Card Industry (PCI), or the Health Insurance and Portability and Accountability Act (HIPAA). With the significant increase in data exposure corporations cannot afford to take shortcuts when it comes to information assurance. Otherwise it is almost certain that one will become a victim of a serious exposure of sensitive information. This paper will explore the several disconnects between established and accepted security audit framework and the variable of hidden infections.     

农民灌溉水费承受能力测算初步研究

应用2006年5个省份110份农户调查问卷,结合农业水价综合改革试点工作,分析了农 民灌溉水费承受能力研究的现状及存在问题,提出传统方法不能全面真实反映农民的承受能力。 通过调查数据分析,农民灌溉水费承受能力的影响因素主要包括经济因素和心理因素,据此提出 了在不同类型地区应测定不同的心理承受能力系数和经济承受能力系数的新承受能力测算模型的 初步设想。     

国际水电总承包项目关键风险识别案例分析

文章针对国际水电工程总承包项目识别出的关键风险因素,通过几个国际项目,进行案例分析,佐证其风险因素的存在,从而得出国际水电工程总承包项目的关键风险源,为国际水电工程总承包项目风险管理提供了可操作性及指导性的经验。     

国内电力设计院EPC总承包工程的采购管理

国内电力设计院为适应经济形式的变化,开展了设计采购施工（EPC）总承包业务,为向工程公司的转型积累经验、奠定基础。采购是EPC总承包工程执行过程中极其重要的环节,对如何完善采购工作进行了探讨并提出了一些建议,希望能对电力设计院在进行设备材料采购时提供帮助。     

美国德里湖大坝溃决事故调查

调查表明,超标准洪水、闸门缺陷和与生俱来的设计问题导致了2010年7月爱荷华州德里湖大坝的溃决。漫顶引起了土坝侵蚀,并最终泄空了德里湖水库,造成了数百万美元的财产损失。     

一种基于移动代理的网络安全联合风险评估系统模型

本文建立了一种基于移动代理的网络安全联合风险评估系统模型(MAURA),分析了系统体系结构、各部分功能,并将合同网的协同方法应用到风险评估中,提出了联合风险评估的机制,研究了评估的具体过程,从构造上克服了Agent间分析经验难于共享借鉴的问题。通过自适应的算法调节策略,提高了系统的分析性能,增强了对于外界负载变换的适应能力。仿真实验结果验证了MAURA是一种具有较高分析性能、可自主适应环境变化的网络安全风险评估系统。     

基于合约的程序不变量动态检测模型研究

讨论了程序不变量的内涵,研究并建立了程序不变量动态生成系统的理论模型.主要描述基于合约的似然程序不变量发现的基本理论模型,以及程序不变量发现的主体过程,并结合Java程序设计语言进一步阐明函数依赖程序不变量动态发现的一种方法.通过程序不变量动态生成技术,可以分析程序内部的关联属性,从而有助于设计高质量的程序代码以及规范化的程序架构.     

EDALoCo: Enhancing the accessibility of blockchains through a low-code approach to the development of event-driven applications for smart contract management

Blockchain is a cutting-edge technology based on a distributed, secure and immutable ledger that facilitates the registration of transactions and the traceability of tangible and intangible assets without requiring central governance. The agreements between the nodes participating in a blockchain network are defined through smart contracts. However, the compilation, deployment, interaction and monitoring of these smart contracts is a barrier compromising the accessibility of blockchains by non-expert developers. To address this challenge, in this paper, we propose a low-code approach, called EDALoCo, that facilitates the development of event-driven applications for smart contract management. These applications make blockchain more accessible for software developers who are non-experts in this technology as these can be modeled through graphical flows, which specify the communications between data producers, data processors and data consumers. Specifically, we have enhanced the open-source Node-RED low-code platform with blockchain technology, giving support for the creation of user-friendly and lightweight event-driven applications that can compile and deploy smart contracts in a particular blockchain. Additionally, this platform extension allows users to interact with and monitor the smart contracts already deployed in a blockchain network, hiding the implementation details from non-experts in blockchain. This approach was successfully applied to a case study of COVID-19 vaccines to monitor and obtain the temperatures to which these vaccines are continuously exposed, to process them and then to store them in a blockchain network with the aim of making them immutable and traceable to any user. As a conclusion, our approach enables the integration of blockchain with the low-code paradigm, simplifying the development of lightweight event-driven applications for smart contract management. The approach comprises a novel open-source solution that makes data security, immutability and traceability more accessible to software developers who are non-blockchain experts.     

Electronic Auction Scheme Based on Smart Contract and IPFS

Sealed-bid auctions are a vital transaction tool in the e-commerce field. Traditional centralized auction schemes typically result in severe threats to data integrity,information transparency,and traceability owing to their excessive reliance on third parties,and blockchain-based auction schemes generally suffer from high storage costs and are deficient in functional and architectural design. To solve these problems,this study presents a sealed-bid auction scheme that removes the third-party bas...     

结合简短可链接环签名的智能合约选举方案

目前一些电子选举协议利用可链接环签名或一次性环签名来保护投票者的隐私,并防止重复投票的情况发生,但签名大小随投票人数的增大而增大,而简短可链接环签名大小始终固定不变,但已有简短可链接环签名算法效率较低。针对这些问题,利用累加器和基于知识证明的签名,构造新的高效的简短可链接环签名,结合匿名地址及星际文件系统,提出一种新的智能合约选举方案,分别设计了选举的创建、投票、计票等阶段的操作。对方案的不可伪造性、可链接性、匿名性、隐私性、公开验证性以及运行效率进行了证明和分析。最后进行了实验仿真评估,结果显示,随着投票者人数的增大,该方案选票的签名大小及Gas消耗保持不变且较少,生成时间及验证时间增长缓慢且较少。