Research Proposal

 

“Cyber resilience is the ability to prepare for, respond to and recover from cyber-attacks.“ (Cyber Resilience, 2020). By definition, all three basic functions of Cyber Resilience are required for a system to be able to withstand computer attacks properly. In the first part of this study, we examine what tools we currently have at our disposal to improve resilience and how further improvements could be made to them. In the second part, we examine Apache Hadoop, a widely used framework, to see what shortcomings it has and what strategies can be used to address them.

 

1. Research and critically evaluate

 

In the first chapter, we review the literature on the most common control methods in order to critically evaluate them to identify their possible shortcomings and, if possible, to propose solutions to eliminate the problems.

 

a. Authentication and Authorisation 

 

Identification is an ongoing challenge for IT system operators due to drastic technological advances. Increasingly complex and multi-level identification is needed. The methods currently used are grouped in a targeted way, such a possible grouping:

• Knowledge factor - such as passwords

• Inheritance factor - such as biometric identification

• Possession factor - for example, involvement of mobile devices, authentication SMS 

The weakest point of authentication is human consciousness, so we strive to use zero-knowledge solutions. Such a solution was developed by Liu, Wang, and Peng (2020) in their study, which is illustrated in Figure 1. 

 

Fig. 1 Zero-knowledge authentication 

 

The study verified the operation with accurate measurements and calculations. He also examined the most common methods of attack.

 

·         REPLAY ATTACK

·         PASSWORD GUESSING ATTACK

·         STOLEN VERIFIER ATTACK

·         STOLEN SMART CARD OR MOBILE DEVICE ATTACK

·         PRIVILEGED INSIDER ATTACK

·         KNOWN SESSION KEY SECRECY

·         USER IMPERSONATION ATTACK

·         SERVER IMPERSONATION ATTACK

·         SERVER-INSIDER ATTACK

·         MAN-IN-THE MIDDLE ATTACK

·         STRONG SECURE SECRET KEY 

 

However, it examined it in only one server environment and defined multi-server operation as an additional task. 

One of the most commonly used methods of user authentication is when we use a central identification system or other user service accounts, such as e.g. Google, Microsoft or Facebook account. These services are available through APIs, but there are also Open Authorization (OAuth) API options. A publication of Ke and Ke (2012) examines a known OAuth method and illustrates its operation with the diagram presented. The Telco API they examine redirects user requests to the APIs Exposure Layer (AEL), which performs the authentication and then continuously transmits the data between the server and the user, but for each packet with an Access Token ensures that only they be available to two parties.

 

Fig. 2. OAuth Service Architecture

 

 

 

The possibility of secure authentication and data traffic provided by other APIs when data is protected by various encryption methods, such as Message Digest 5 (MD5) and Secure Hashing Algorithm 1 (SHA1) algorithms. They were compared by Ignatius Moses Setiadi, Faishal Najib, Rachmawanto, Atika Sari, Sarker and Rijati (2019) in their research. As a result of the research, it was found that SHA1 may be more suitable than the MD5 algorithm because it was more resistant to Brutal Force Attacks, while there was no significant difference in encryption time. 

The third type of authentication is Adaptive Authentication, when we try to filter out an unauthorized user based on user behaviour or environmental characteristics. Typical data can be time, place, specific activity, device used, and even compliance with rules (Arias-Cabarcos, Krupitzer, and Becker, 2019). Mouse handling characteristics of users may also be suitable for identification (Garabatov, Garcia, Novoa, Dafonte, 2019). These methods, on the other hand, are not suitable for primary identification, only for secondary filtering and require large resources (Shigetomi Yamaguchi, Nakata, and Kobayashi, 2019). 

The activities of already identified users should also be regulated, who is entitled to what, this task is performed by the Authorization procedures. A common solution is to create different security levels and control permissions based on them. These levels can also be managed with software and physical devices. 

Commonly used models are Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), while the former creates levels based on organizational rules, while the latter provides access based on attributes assigned to users. With these models, a five-level access control diagram can be created, see in Figure 3, which helps identify vulnerabilities (Ma, Yan and Xie, 2019).

 

 

Fig. 3. Can-Do-Object relation in access control model

 

A good example of a software RBAC solution is the eXtensible Access Control Markup Language (XACML), which can be used to control access in WEB-based systems (Siddiqui and Scott Uk-Jin, 2016). 

Accurate and thorough regulations are a basic premise of a well-functioning access system. Uniform standards that precisely define the range of users and their authorization levels help to create this, so their use is absolutely mandatory. Examples of such standards are 'ISO / IEC / IEEE International Standard - Information technology - Ubiquitous green community control network - Security' (2016) and 'IEEE Standard for Discovery, Authentication, and Authorization in Host Attachments of Storage Devices' (2018 ), but each area has its own standard, which must be supplemented by individual requirements in cultivation. 

Mention should also be made of physical devices such as security access or camera systems, but these also include physically separated networks (Satnaliwala, 2018).

 

b. Configuration management 

 

Although companies prioritize Configuration Management (CM) in terms of cost and resource savings, their real benefits include performance optimization, error reduction, environmental homogenization, and last but not least, improving or maintaining security levels (Serrano and Pereira, 2020). 

CM has a history of nearly 70 years and, like other branches of technology, has been regulated by numerous standards in the meantime. A good example of general standardization is, for example, IEEE STD-828-2012, which is a good starting point, but a system with a high security risk, requires additional individual regulation. General industrial regulation usually defines a life cycle by the continuous repetition of five main tasks, and these are as follows (Schor, 2019). 

1)      Planning and management

2)      Configuration identification

3)      Configuration control

4)      Configuration status

5)      Configuration verification and audit

 

In their study, Kang, Jeong and Jung (2019) researched the disaster of the Fukushima-I nuclear power plant from the perspective of CM. From the accident of such a critically dangerous plant, lessons must be learned and every opportunity such as CM must be used to create a safer system. The research produces the following Figure 4, which well illustrates the complexity of the task.

 

Fig. 4. Framework of Configuration Management 

 

The previous example was not taken from the IT field, but it can be adopted for any other industry, because the management is already done everywhere with IT tools and the CM statutes have to be applied to them as well. A closer example is studied in the publication, which examined the administration and communication of software engineers and described the life cycle of CM in almost exactly the same way. This publication also considered economy, usability, sustainability, and repeatability to be the most important tasks of CM (Espinosa, Acuña, Vegas, and Juristo, 2019).

 

 

Each of our examples so far has used or researched some kind of CM tools or framework. Because of the myriad of tools, it is impossible to compare them because each has been optimized for a particular IT sector. There are tools that support the development of networks, or just servers, or new software, as evidenced by the article ‘11 BEST Software Configuration Management Tools, 2020’ on Softwaretestinghelp.com (2020). This is also an area in IT that is constantly changing, so it is difficult to choose the most appropriate tool and in special cases the development of individual tools may become warranted. But we can also use proven calculations such as fuzzy-set theory in the selection. (Yongchang, Qiang, Tao and Xiaoji, 2010).

 

c. Sensitive data and Cryptography 

 

Sensitive Data (SD) is understood by most to mean only personal data as defined by the best-known laws, such as the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR), although its definition also depends on the particular environment. Organizationally sensitive data can be considered as any data, the loss or unauthorized receipt of which could cause a problem for the given organization (Definition of sensitive data, 2020).

 

Nazar, Flávio, and Fernando (2019) conducted a survey that surveyed 286 participants to assess the benefits and challenges of GDPR in the IT technology sector. The study summarized the sensitive data below.

 

• personal data revealing racial or ethnic origin, political opinions, and religious or

philosophical beliefs;

• trade union membership;

• genetic data, biometric data processed simply to identify a human being;

• health-related data;

• data concerning a person's sexual life or sexual orientation.

 

As a result, the study assessed the clarified legal environment and the disadvantage of the burden expected of the organization, which may be too high for a smaller organization.

 

In some environments, such as user databases, it is clear which data qualifies as SD because it is stored categorically. In other cases, it already requires a special task to determine from the data whether they contain SD, for example in Cloud-based file systems that store large amounts of data (Adhikari, Zuo, Maharjan, Han, Amatya and Ali, 2019). In these cases, identification and authentication methods must be used that guarantee that only those authorized to have access to the data (Peterson, Carvalho, da Silva, Fernandez, Martin, Fetzer and Brito, 2019).

 

Data encryption has been in use for 2,000 years to prevent unauthorized access. The first Cryptography methods could only rely on human memory, so they had simple keys and were easy to crack. The main methods were as follows (Kiss and Torres 2018; Xin and Dexian, 2018).

 

• The Caesar’s code (shift characters by one key number)

• The Monoalphabetic Substitution (replacing characters with paired characters)

• The Vigenère table (26-row table, the rows and position of which are determined by the password)

• The Cardano grid (rotatable graphics template is the key)

• Steganography (LSB (least significant bit) technique)

With the advent of IT tools and the drastic increase in computing power, we are no longer confined to the limits of the capacity of the human brain, so we can use much more complex procedures. The most commonly used methods are as follows (Advani and Gonsai, 2019).

 

Symmetric Algorithms:

·         AES

·         DES

·         3DES (DESded),

·         Blowfish

·         Twofish

·         Threefish

·         RC variations

·         A5 variations

 

Assymetric Algorithms:

·         DH

·         DSS

·         ECDH

·         RSA

·         DSA

 

As you can see, there are many types of algorithms in use, but we can easily generate our own procedure if we have enough professional experience. Image files are often used to compare different algorithms, a good example of which is the table below.

 

• 1 = small.jpg

• 2 = medium.jpg

• 3 = medium.jpg

• 4 = xlarge.jpg 

Tab. 1. Image file Comparisons

 

d. Exception management and Parameter manipulation

 

 

All advanced programming languages ​​have a built-in exception management system designed to prevent the system from shutting down or informing operators of the cause of the error in the event of faulty code execution. In most cases, these built-in systems can be overwritten and customized to help you filter out not only faulty source code, but also unauthorized use. Specific instructions and syntaxes may vary from language to language, but the principles of operation are very similar. The .NET and JAVA languages ​​use the “TRY” and “CATCH” instruction pairs (9 Best Practices to Handle Java Exceptions - Stackify, 2020; Best Practices for Exceptions - .NET, 2020). The Python language, on the other hand, uses the "TRY" and "EXCEPT" statement pairs. A good example is that the exception can be used not only for internal programming errors, as we can restrict access to exclusive Linux systems under Python, while blocking other systems, see in Figure 5. (Python, 2020).

 

 

 Fig. 5. Example of Python Exception handing

 

 

The use of online forms is now essential in the life of any organization. These forms transmit user-entered data as a parameter to the server-side script, which is in direct contact with databases containing valuable information. Therefore, unauthorized attackers use parameters to try to extract data from servers using, for example, SQL injection. One of the best defence methods for this is input validation (Alsmadi and Alazzam, 2016).

 

The most commonly used defence method to secure WEB pages is the open source and free Open Web Application Security Project (OWASP), which is also suitable for handling parameter manipulation. In the last 10 years, the third most commonly used type of attack against nationally significant databases was parameter manipulation, CWE 20 - Improper Input Validation, (Sane, 2020).

 

The most common target for parameter manipulation is the vulnerability of systems using Cross Site Scripting (XSS). This topic was examined by Wijayarathna and Arachchilage (2018), who observed 10 programmers handling XSS vulnerabilities using the capabilities of OWASP ESAPI (The OWASP Enterprise Security API). The publication concluded that although the participants were trained software developers, they were unable to address all of the vulnerabilities. Reasons included not reading the enclosed XSS Cheat Sheet or finding the ESAPI documentation too long and incomprehensible. 

 

e. Auditing and logging

 

All systems, in addition to security gateways and functions, must be constantly monitored and reported so that system status and user activity can be monitored at all times. Monitoring systems is called Auditing, while recording user activity is called Logging.

 

There are basically two types of auditing systems, the internal and the external auditor. Both have their pros and cons. The internal auditor may have unrestricted access to any part of the system. He has insight into the entire process and also has direct control (Sezer and Kiymet, 2018). The external auditor has the advantage of looking at the system from a different perspective and may point to vulnerabilities that were invisible to insiders. The downside, however, is that it does not have access to the entire system and needs to be charged a higher fee (Li, No and Boritz, 2020).

 

It should also be mentioned that each operating system has its own auditing services. These are generally recording of on-off, network events, error phenomena, version changes, or access to potentially critical files.

 

The most commonly used tool in the fight against digital crime is logging reports, which are also important in subsequent evidentiary proceedings. However, they can also be used by criminals to collect data or, with modification, to remove evidence, according to Noura, Salman, Chehab and Couturier (2020). According to the research, the protection method can be Encryption-based, Secure hardware (such as Software Guard Extension) or Cloud and blockchain based, in which the data is stored in the cloud as a service, where they are presumably more secure by professional protection. The publication concludes that it is difficult to find a balance between security levels and material expenditures, as well as the amount of resources and data stored and storage time.

 

There are numerous log analysis tools that have been ranked on the Comapritech website by Keary (2019) as follows.

 

1.      SolarWinds Security Event Manager 

2.      Paessler PRTG Network Monitor

3.      Papertrail

4.      Loggly

5.      ManageEngine EventLog Analyzer 

6.      Splunk 

7.      XpoLog

8.      LOGalyze 

9.      Datadog 

10.  EventTracker 

11.  LogDNA 

 

 

Limitations

 

Due to the size of the topic and the number of words assigned to the chapters, only a limited number of procedures could be mentioned. An additional difficulty was that academy-level publications do not appear on general knowledge, but all deal with a specific target area. In cases where we could not find any literature, we had to use web resources, but even in these cases, we considered university and known professional sites to be authentic sources. Due to the limited number of words, it was not possible to critically evaluate the shortcomings and advantages of each procedure, so a summary evaluation was prepared, which can be read in the next chapter. 

 

Conclusion

 

This report previously described typical methods for Cyber Resilience. Research on the topic has revealed how complex and intricate it is. Overall, the profession has the appropriate regulations and tools at its disposal to tackle cybercrime. However, all systems are only as secure as local regulations supplementing the general rules are thorough and as far as they are complied with. Therefore, the first and foremost task is to develop an all-encompassing regulation, followed by ensuring the conditions and training of those involved. And finally, defence can never be considered complete because it requires constant monitoring, change, and improvement.  

 

Apache Hadoop

 

“Hadoop is an ecosystem of open source components that fundamentally changes the way enterprises store, process, and analyse data” (Apache Hadoop open source ecosystem | Cloudera, 2020).

 

a. Hadoop Vulnerabilities

 

The Apache Hadoop system was originally designed for well-controlled and manageable private systems. In parallel with the spread of Big Data, it has been used in more and more public systems. As a result of this inconsistency, certain parts of the system, such as the Hadoop Distributed File System (HDFS), have become vulnerable. According to Hussein’s (2019) research on the topic, these may be as follows.

 

• Vulnerable Execution Environment: the system executes parallel requests from different users through Virtual Machines (VMs), these VMs have a high level of access, so the programs running on them can access the data of any user.

• Over-Reliance on Perimeter Defences: because HDFS was not originally designed for different attacks, it is made secure by the use of numerous add-ons. The combination of these, in turn, can trigger an overreaction to certain events that can even make the data inaccessible

• Unreliable and Attackable Architecture: the master-slave architecture of the system must ensure that data is available at all times. An attack on a NameNode that performs a master function therefore affects all DataNodes and can lead to their malfunction. Such is the case with DDos attacks, where, through Zombie clients, a coordinated attack is conducted against NameNodes.

• Unprotected Metadata Files: HDFS defaults to system logging in unencrypted plain text files. These log files also store important attack data. Examples of such files are:

o EditLog: all events related to the metadata are stored in this and the clusters are recovered from it after an error phenomenon

o FsImage: this stores the properties of the files, such as access rights, ie by modifying it we can give permission to unauthorized persons

 

 

Almost the same attack possibilities were described by another study by Sinha, Gupta, and Kumar (2019), but supplemented with additional methods. One such hitherto unmentioned method is ‘Attacks of impersonation’, where attackers obtain information from authorized persons such as credentials or a Kerberos issued token and use it to engage in illegal activity by entering as an authorized person. Another form of attack is when Cross-Site Scripting (XSS) vulnerability is used. We know of two types of these attacks, namely ‘Reflected’ and ‘Stored’ or Persistent XSS. Of these, stored is the more dangerous because it is run directly on the users ’browser as a script stored on the server. However, they agree that they are usually activated by the user’s click, so it’s important not to click on unknown links. The research mentions a third type of attack when attackers use programs that were originally developed for defence. An example is the Shodan2 search engine, which would be tasked with mapping network connections and devices and alerting to threats. On the other hand, on systems where this search is not performed and more than 5,300 Hadoop Clusters have been found, the attackers use this tool to obtain valuable information about the network.

 

Hadoop’s security vulnerabilities were also examined in research by Samet, Aydin and Toy (2019). His publication did not find any security issues that had not been mentioned before, only confirmed them. In this, too, the lack of encryption of identification services and stored data, as well as network communication, was the most overcoming task. Kerberos and Apache Knox supplements were found by the authors to be the most suitable to fill the gaps. However, this publication describes a possible step-by-step attack that illustrates the vulnerability of the system well. The first goal is to obtain passwords, for which HDFS Exploitation by Using Dictionary Password Attacks is perfect. which consists of the following strokes. Mapping network connections and establishing a connection with Nmap, Kali Linux. Create a word list using the Xhydra Tool. Obtain the Ambari password from the word list. Use Ambari password and IP address to establish a connection using a PuTTY SSH client. You can now access the contents of the HDFS and even modify it. The next step is to change the access rights, once this is done, you can now establish a password-less SSH Connection Exploitation (Attack on NameNode Availability) and then connect to the rest of the network via your Ambari server and by installing Ambari Agent, we can provide password-free permanent communication with any part of the network.

 

Previously, we learned about attacks that could come from outside. Another type of attacks was analysed by internal vulnerabilities in Fu, Gao, Luo, Du, and Guizani, (2017). The authors classified the data leakage potential of AH into two groups.

 

• Application layer data leakage: for example, if a group has access to a record, logging does not determine who in the group accessed or manipulated it.

• Operating system layer data leakage: for example, if a large compressed file that has been stored in pieces in the file system is administered by an administrator in parts and not downloaded at once, it will not be logged.

 

b. Resilience Strategies

 

The vulnerabilities listed in the previous section are not due to a malfunction of the Hadoop base system, but to its limited functionality. But as defined by it, Hadoop is an environment for which there are hundreds of add-ons and using them to build a system suitable for the task.

It is impossible to list only the security devices that are associated with Hadoop. The following is listed by Sinha et al. al, (2019) as the best known.

 

• Apache Knox: This is a gateway that provides Hadoop services with one access and performs authentication, monitoring, and other tasks that are missing from the base system.

• Kerberos: a complete package developed by MIT to make Hadoop secure. One of the most commonly used and best-known tools.

• Apache Ranger: basically performs identification functions and controls access to content. It combines the functions of Knox and Kerberos.

• Apache Sentry: a multi-user administrator system in which users can also request access

• Project Rhino: offers general one-time authentication complete with encryption services.

• Apache Hive: an add-on launched by Facebook that controls access to databases and metadata

• Cloudera Impala: facilitates the management, optimization and analysis of large databases

• Apache Accumulo: developed for high-volume storage tasks, interpreted on Google's BigTable model, Hadoop 

 

From the possible tools, it is advisable to choose one that offers the most services and has enough references and experience to trust it. One of these is Kerberos, so this will be described in more detail. Kerberos is an authentication server that provides enhanced security access to data stored in HDFS. The user password is not transmitted over the network. Kerberos uses its own encrypted passwords to communicate with other members of the network. After primary authentication, the Kerberos KDC (Key Distribution Center) is already using tokens for faster communication. KDS ensures fast and secure data transfer by sending the encrypted Ticket Granting Ticket (TGT) it generates. The data will only be decrypted if the user password is correct. The same processes ensure that if the user wants to access services rather than data, the Ticket Granting Service (TGS) is only responsible for authenticating the service. Kerberos uses SSH and SSL (Secure Socket Layer) for its communications, which use encryption to transmit data over the network (Saxena, Shrivastava, Saxena and Manoria, 2018). 

Findings similar to those described in the previous paragraph are made by Wankhede and Paul (2016), which analyses the security of multi-tenant Hadoop clusters. The following Yet Another Resource Negotiator (YARN) services are important to serve Multi-tenant: 

• Hive

• HBase

• MapReduce

• Impala

• Spark

• Pig

• Solr

 

YARN is responsible for serving the various add-on tools and scheduling their requests, so it is important to use a tool that is also supported by YARN and Kerberos is one of them. This publication uses Lightweight Directory Access Protocol (LDAP) for Kerberos integration and is based on a newly created domain and Active Directory as a starting point. The study describes in detail the steps required to build a secure system and these are: 

• Install and enable Kerberos client package on all Hadoop and Management Nodes

• Enable LDAP setup, which then takes control of the HDFS folders and grants access only to authorized users.

• Enable Authorization with Sentry and Hadoop Admin

• Setting up Capacity Scheduler, which configures YARN.

• Create a dedicated user repository in Active Directory

• Setting up Data Warehouse (Hive) and Database (Hbase) for users

• Implementing Search in Multi-tenant platform (Solr)

 

With these steps, we can build a secure, multi-user system that is, in many ways, more economical than single-user systems. Resources and costs are also shared here and provide easy upkeep and support. 

External monitoring programs that try to address known vulnerabilities, such as HProgger, address a logging vulnerability in internal vulnerabilities. The activities they monitored are Abnormal Directory (AD), Abnormal User (AU), Abnormal Operation (AO), and Block Proportion (BP). It is advisable to run these monitoring applications on a separate forensic server. A well-configured application is able to filter out and send alerts for unusual activities and record evidence through its built-in algorithms (Fu et. al., 2017). 

 

References

 

Adhikari, B. K., Zuo, W., Maharjan, R., Han, X., Amatya, P.B. & Ali, W.,  (2019),  ‘Statistical Analysis for Detection of Sensitive Data Using Hadoop Clusters’, 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), 2019 IEEE 21st International Conference on, pp. 2373–2378. doi: 10.1109/HPCC/SmartCity/DSS.2019.00330. 

Advani, N. A. and Gonsai, A. M., (2019) ‘Performance Analysis of Symmetric Encryption Algorithms for their Encryption and Decryption Time’, 2019 6th International Conference on Computing for Sustainable Global Development (INDIACom), Computing for Sustainable Global Development (INDIACom), 2019 6th International Conference on, pp. 359–362. Available at: http://search.ebscohost.com/login.aspx?direct=true&db=edseee&AN=edseee.8991239&site=eds-live&scope=site (Accessed: 3 April 2020). 

Alsmadi, I. & Alazzam, I., (2016), ‘Websites’ Input Validation and Input-Misuse-Based Attacks’, 2016 Cybersecurity and Cyberforensics Conference (CCC), Cybersecurity and Cyberforensics Conference (CCC), 2016, Computational Complexity (CCC), 2013 IEEE Conference on, pp. 113–116, viewed 4 April 2020, <http://search.ebscohost.com/login.aspx?direct=true&db=edseee&AN=edseee.7600220&site=eds-live&scope=site>. 

Arias-Cabarcos, P., Krupitzer, C. and Becker, C., (2019) ‘A Survey on Adaptive Authentication’, ACM Computing Surveys, 52(4), pp. 1–30. doi: 10.1145/3336117. 

Cloudera, (2020). Apache Hadoop Open Source Ecosystem | Cloudera. [online] Available at: <https://www.cloudera.com/products/open-source/apache-hadoop.html> [Accessed 6 April 2020]. 

Docs.microsoft.com. (2020) Best Practices For Exceptions - .NET. [online] Available at: <https://docs.microsoft.com/en-us/dotnet/standard/exceptions/best-practices-for-exceptions> [Accessed 3 April 2020].

Espinosa, E., Acuña, S. T., Vegas, S. & Juristo, N., (2019) ‘Adopting configuration management principles for managing experiment materials in families of experiments’, Information & Software Technology, 113, pp. 39–67. doi: 10.1016/j.infsof.2019.05.003.

Fu, X., Gao, Y., Luo, B., Du, X. & Guizani, M., (2017) ‘Security Threats to Hadoop: Data Leakage Attacks and Investigation’, IEEE Network, 31(2), p. 67. Available at: http://search.ebscohost.com/login.aspx?direct=true&db=edb&AN=122013924&site=eds-live&scope=site (Accessed: 6 April 2020). 

Garabato, D., García, J.R., Novoa, F.J., Dafonte, C., (2019) ‘Mouse Behavior Analysis Based on Artificial Intelligence as a Second-Phase Authentication System’, Proceedings, (1), p. 29. doi: 10.3390/proceedings2019021029.

Hussein, O., (2019) ‘Identification of Threats and Vulnerabilities in Public Cloud-Based Apache Hadoop Distributed File System’, 2019 15th International Computer Engineering Conference (ICENCO), Computer Engineering Conference (ICENCO), 2019 15th International, pp. 44–49. doi: 10.1109/ICENCO48310.2019.9027300. 

Ignatius Moses Setiadi, D.R., Faishal Najib, A., Rachmawanto, E.H., Atika Sari, C., Sarker, K. & Rijati, N. (2019) ‘A Comparative Study MD5 and SHA1 Algorithms to Encrypt REST API Authentication on Mobile-based Application’, 2019 International Conference on Information and Communications Technology (ICOIACT), Information and Communications Technology (ICOIACT), 2019 International Conference on, pp. 206–211. doi: 10.1109/ICOIACT46704.2019.8938570. 

ISO/IEC/IEEE International Standard -- Information technology -- Ubiquitous green community control network -- Security (2016) ISO/IEC/IEEE 18883 First Edition 2016-04-15, pp. 1–35. doi: 10.1109/IEEESTD.2016.7442254.

Itgovernance.co.uk. (2020). ‘Cyber Resilience’. [online] Available at: <https://www.itgovernance.co.uk/cyber-resilience> [Accessed 25 March 2020].

Kang, M.-Y., Jeong, Y. and Jung, Y., (2019) ‘Assessment Methodology of Practical Configuration Management (CM) for Sustainable Nuclear Power Plants (NPPs)’, SUSTAINABILITY, 11(8). doi: 10.3390/su11082391.

Ke L. and Ke X., (2012) ‘OAuth Based Authentication and Authorization in Open Telco API’, 2012 International Conference on Computer Science and Electronics Engineering, Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on, 1, pp. 176–179. doi: 10.1109/ICCSEE.2012.275 

Keary, T., (2020) ‘11 Best Log Analysis Tools: Top Log Analyzers Reviewed’. [online] Comparitech. Available at: <https://www.comparitech.com/net-admin/best-log-analysis-tools/> (Accessed 4 April 2020). 

Kiss, G. and Torres Gastelú, C. A., (2018) ‘How to Teach the History of Cryptography and Steganography’, Journal Plus Education / Educatia Plus, 20(2), pp. 13–23. Available at: http://search.ebscohost.com/login.aspx?direct=true&db=ehh&AN=133599630&site=eds-live&scope=site (Accessed: 1 April 2020).

Li, H., No, W. G. and Boritz, J. E., (2020) ‘Are External Auditors Concerned about Cyber Incidents? Evidence from Audit Fees’, Auditing: A Journal of Practice & Theory, 39(1), pp. 151–171. doi: 10.2308/ajpt-52593.

Liu, W., Wang, X. and Peng, W., (2020) ‘Secure Remote Multi-Factor Authentication Scheme Based on Chaotic Map Zero-Knowledge Proof for Crowdsourcing Internet of Things’, IEEE Access, Access, IEEE, 8, pp. 8754–8767. doi: 10.1109/ACCESS.2019.2962912.

Ma, L., Yan, Y. and Xie, H., (2019) ‘A New Approach for Detecting Access Control Vulnerabilities’, 2019 7th International Conference on Information, Communication and Networks (ICICN), Information, Communication and Networks (ICICN), 2019 7th International Conference on, pp. 109–113. doi: 10.1109/ICICN.2019.8834935.

Nazar, P., Flávio, O. and Fernando A., (2019) The benefits and challenges of general data protection regulation for the information technology sector, Digital Policy, Regulation and Governance, 21(5), pp. 510–524. doi: 10.1108/DPRG-05-2019-0039.

Noura, H. N., Salman, O., Chehab, A. & Couturier, R., (2020) ‘DistLog: A distributed logging scheme for IoT forensics’, Ad Hoc Networks, 98. doi: 10.1016/j.adhoc.2019.102061. 

Peterson, R., Carvalho, A., da Silva, A., Fernandez, G., Martin, A., Fetzer, C. & Brito, A., (2019) Vallum: Privacy, Confidentiality and Access Controlfor Sensitive Data in Cloud Environments, 2019 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Cloud Computing Technology and Science (CloudCom), 2019 IEEE International Conference on, pp. 103–110. doi: 10.1109/CloudCom.2019.00026. 

Python, R., (2020) ‘Python Exceptions: An Introduction – Real Python’. [online] Realpython.com. Available at: <https://realpython.com/python-exceptions/> [Accessed 3 April 2020]. 

Samet, R., Aydin, A. and Toy, F., (2019) ‘Big Data Security Problem Based on Hadoop Framework’, 2019 4th International Conference on Computer Science and Engineering (UBMK), Computer Science and Engineering (UBMK), 2019 4th International Conference on, pp. 1–6. doi: 10.1109/UBMK.2019.8907074. 

Sane, P., (2020) ‘Is the OWASP Top 10 list comprehensive enough for writing secure code?’ Available at: http://search.ebscohost.com/login.aspx?direct=true&db=edsarx&AN=edsarx.2002.11269&site=eds-live&scope=site (Accessed: 4 April 2020). 

Satnaliwala, M., (2018) ‘Don’t Overlook Physical Access’, Internal Auditor, 75(5), pp. 22–23. Available at: http://search.ebscohost.com/login.aspx?direct=true&db=bsh&AN=132111409&site=eds-live&scope=site (Accessed: 27 March 2020).

Saxena, S., Shrivastava, A., Saxena, A. & Manoria, M., (2018) ‘Protecting Data Storage on Cloud to Enhance Security Level and Processing of the Data by using Hadoop’, 2018 International Conference on Advanced Computation and Telecommunication (ICACAT), Advanced Computation and Telecommunication (ICACAT), 2018 International Conference on, pp. 1–6. doi: 10.1109/ICACAT.2018.8933675.

Schor, D., (2019) ‘Applying Industry Lessons in Configuration Management to Your Research’, IEEE Potentials, Potentials, IEEE, 38(6), pp. 13–15. doi: 10.1109/MPOT.2019.2933170.

Serrano, J. P. and Pereira, R. F., (2020) ‘Improvement of IT Infrastructure Management by Using Configuration Management and Maturity Models: A Systematic Literature Review and a Critical Analysis’, Organizacija, 53(1), pp. 3–19. doi: 10.2478/orga-2020-0001

Sezer, B. K. and Kiymet C., (2018) ‘Cyber security assurance process from the internal audit perspective’, Managerial Auditing Journal, 33(4), pp. 360–376. doi: 10.1108/MAJ-02-2018-1804.

Shigetomi Yamaguchi, R., Nakata, T. and Kobayashi, R., (2019) ‘Redefine and Organize, 4th Authentication Factor, Behavior’, 2019 Seventh International Symposium on Computing and Networking Workshops (CANDARW), Computing and Networking Workshops (CANDARW), 2019 Seventh International Symposium on, CANDARW, pp. 412–415. doi: 10.1109/CANDARW.2019.00077.

Siddiqui, I. F. and Scott Uk-Jin, L., (2016) ‘Access Control as a Service for Information Protection in Semantic Web based Smart Environment’, Journal of Korean Society for Internet Information, 17(5), pp. 9–16. doi: 10.7472/jksii.2016.17.5.09.

Sinha, S., Gupta, S. and Kumar, A., (2019) ‘Emerging Data Security Solutions in HADOOP based Systems: Vulnerabilities and Their Countermeasures’, 2019 International Conference on Computing, Communication, and Intelligent Systems (ICCCIS), Computing, Communication, and Intelligent Systems (ICCCIS), 2019 International Conference on, pp. 235–240. doi: 10.1109/ICCCIS48478.2019.8974535.

Softwaretestinghelp.com. (2020). 11 BEST Software Configuration Management Tools (SCM Tools In 2020). [online] Available at: <https://www.softwaretestinghelp.com/top-5-software-configuration-management-tools/> [Accessed 31 March 2020]. 

Stackify. (2020). 9 Best Practices To Handle Java Exceptions - Stackify. [online] Available at: <https://stackify.com/best-practices-exceptions-java/> [Accessed 3 April 2020]. 

The University of Edinburgh. (2020). Definition Of Sensitive Data. [online] Available at: <https://www.ed.ac.uk/infosec/how-to-protect/encrypting/use-cases/short-definition-of-sensitive-data> [Accessed 1 April 2020].

Xin, Z. and Dexian, Z., (2018) ‘Research on Encryption Algorithm Based on Python’, 2018 International Computers, Signals and Systems Conference (ICOMSSC), Computers, Signals and Systems Conference (ICOMSSC), 2018 International, pp. 371–373. doi: 10.1109/ICOMSSC45026.2018.8941739. 

Yongchang, R., Qiang, Q., Tao, X. & Xiaoji, C., (2010) ‘Fuzzy Decision Analysis of the Software Configuration Management Tools Selection’, 2010 Third International Symposium on Information Science and Engineering, Information Science and Engineering (ISISE), 2010 International Symposium on, pp. 295–297. doi: 10.1109/ISISE.2010.112.

Wankhede, P. and Paul, N., (2016) ‘Secure and multi-tenant Hadoop cluster - an experience’, 2016 2nd International Conference on Green High Performance Computing (ICGHPC), p. 1. Available at: http://search.ebscohost.com/login.aspx?direct=true&db=edb&AN=118390312&site=eds-live&scope=site (Accessed: 1 April 2020).

Wijayarathna, C. and Arachchilage, N. A. G., (2018) ‘Fighting Against XSS Attacks: A Usability Evaluation of OWASP ESAPI Output Encoding’. Available at: http://search.ebscohost.com/login.aspx?direct=true&db=edsarx&AN=edsarx.1810.01017&site=eds-live&scope=site (Accessed: 2 April 2020).