Santosh Kumar FIP, CISSP, PMP, CISA, CHFI, AIGP

More often than not, the need for security is realized only after the system has been broken. Adding security afterwards is often difficult and much costlier and sometimes, nearly impossible. Hence, Security needs to be embedded into an IT system in order to develop secure IT systems which is possible only when a Security Engineering Framework is well defined for the entire lifecycle of an IT system. In this Paper, we have designed and developed an implementable Framework for Security… Show more

More often than not, the need for security is realized only after the system has been broken. Adding security afterwards is often difficult and much costlier and sometimes, nearly impossible. Hence, Security needs to be embedded into an IT system in order to develop secure IT systems which is possible only when a Security Engineering Framework is well defined for the entire lifecycle of an IT system. In this Paper, we have designed and developed an implementable Framework for Security Engineering of Cloud-based IT Systems. Cloud-based IT Systems are vulnerable to a plethora of cyber-attacks because of their accessibility and their services exposed in a multi-tenant environment. The Cloud-based IT Systems Security Risk Assessment & Mitigation Framework (CISSRAMF) is agnostic to Cloud Service Providers (CSPs) as well as to the type of Services provided, i.e., Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). CISSRAMF encompasses the entire lifecycle of any Cloud-based IT System right from the conception phase till decommissioning of the system. CISSRAMF utilizes the Standards for Information Security and Cybersecurity like ISO/IEC 27001:2013, ISO/IEC 27002:2013, NIST SP 800-53 Rev. 5 and OWASP Application Security Verification Standard (ASVS) Project Show less

SEP, more specifically Security Engineering Process, forms a part of the modern assessment and evaluation of related threats and risks, whether it is an agile form of development or SSDLC (Secure Software Development Life Cycle). While in today’s era we deal with modern concepts like cloud computing, remote processing, etc. kinds of strategies which involve data at rest and data in motion, and data computation-intensive tasks. Threat and Risk Assessment are closely related to different attack… Show more

SEP, more specifically Security Engineering Process, forms a part of the modern assessment and evaluation of related threats and risks, whether it is an agile form of development or SSDLC (Secure Software Development Life Cycle). While in today’s era we deal with modern concepts like cloud computing, remote processing, etc. kinds of strategies which involve data at rest and data in motion, and data computation-intensive tasks. Threat and Risk Assessment are closely related to different attack values in which an attacker can perform actions in order to gain additional privileges to your system, software, cloud etc. Threat and Risk Assessment of different projects including web applications development, cloud onboarding, requires accessing the project at the design level so that the product is more specifically secure in the terms of compliance and the coding techniques used are in accordance with the secure coding guidelines. This paper focuses on the comparison of various standardized threat and risk assessment techniques with respect to dynamic threats and possible risk mitigations. Show less

The advantages of the cloud environment for data processing and sharing are utilized by millions of people worldwide. A cloud system must inevitably provide data security and privacy. Users' widespread use and sharing of information creates security gaps. This study aims to discuss the cloud environment, its benefits, difficulties, and upcoming research trends pertaining to safe data processing and exchange. The widespread issue is caused by the increased adoption of cloud computing by several… Show more

The advantages of the cloud environment for data processing and sharing are utilized by millions of people worldwide. A cloud system must inevitably provide data security and privacy. Users' widespread use and sharing of information creates security gaps. This study aims to discuss the cloud environment, its benefits, difficulties, and upcoming research trends pertaining to safe data processing and exchange. The widespread issue is caused by the increased adoption of cloud computing by several enterprises. As a result, utilizing any device to load and receive data from the cloud providers' facilities raises various security and privacy risks, such as data modification, data loss, and theft. Unauthorized access by insiders is one of the significant problems that might develop. Although there are various ways to prevent cloud administrators from gaining illegal access, such methods haven't been successful in keeping them from gaining access to client data in the cloud.The degree of protection a system may offer to the CIA triad—a paradigm that includes the information security qualities confidentiality, integrity, and availability—is how information security is assessed. In this paper, we have analyzed such scenarios. This study analysis provided dangers to cloud data security, cloud assaults, and found vulnerabilities for several factors affecting cloud computing. Show less

Though the development in cybersecurity for protecting the websites and applications are growing rapidly, the attacks on these crucial websites are still happening. Irrespective of the development of society, third-party attacks would always increase correspondingly. To protect these websites and web applications, the developers would always use defensive mechanisms to survive third party attacks. But the reliability of the website's strength against third party attacks depends on several… Show more

Though the development in cybersecurity for protecting the websites and applications are growing rapidly, the attacks on these crucial websites are still happening. Irrespective of the development of society, third-party attacks would always increase correspondingly. To protect these websites and web applications, the developers would always use defensive mechanisms to survive third party attacks. But the reliability of the website's strength against third party attacks depends on several factors. Intruders are now using automated structures in form of BOTS, AI, ML, to perform these attacks.Need of security arises from the initial stages of planning and development. As part of SEP (Security Engineering Process) defined by individual vendors and companies for securing the system and performing risk analysis, Vulnerability Analysis are essential as part of standard procedures. Apart from SEP, VAPT (Vulnerability Analysis and Penetration Testing) now forms the standard operating measures for prevention of intrusion activities. We hereby focus on various vulnerability analysis tools forming basis for vulnerability analysis and Penetration testing (VAPT) for short and try to analyze the various impact with respect to stages of penetration testing. Show less

Object identification in pictures, videos, and signal processing is not a big frontier and has been around for a few years. Though object recognition in static pictures has proven highly promising in terms of specific items such as facial recognition systems, illness diagnosis, and so on, it has been tricky when it comes to video processing and real-time image processing. Traditional object identification techniques are coupled with machine learning methodologies to improve algorithms' speed… Show more

Object identification in pictures, videos, and signal processing is not a big frontier and has been around for a few years. Though object recognition in static pictures has proven highly promising in terms of specific items such as facial recognition systems, illness diagnosis, and so on, it has been tricky when it comes to video processing and real-time image processing. Traditional object identification techniques are coupled with machine learning methodologies to improve algorithms' speed and accuracy. The paper focuses on real-time object recognition systems and how recent advances in the realm of object recognition and identification have been made while bearing in mind the real-time scenarios for recognizing varied objects.The paper discusses the current implementations illustrated by varied authors using far more widely used algorithms including YOLO for real-time visualizations. Keywords: Object recognition, YOLO, Machine learning, RCNN, faster RCNN Show less

OITS International Conference on Information Technology 14th - 16th Dec 2022

HR Analytics to improve decision making process and use case using machine learning algorithms to understand reliable ways to figure out, if and why the best and most experienced employees are leaving prematurely.

International conference on information Technology INCITE 2023

International Conference on Advanced Network Technologies and Intelligent Computing