Introduction to Part IV

The use of communication technologies has become a crucial factor that is able to considerably improve and affect the productivity of an organization. The need to secure information systems and networked infrastructures is now commonplace in most enterprises. This is essentially due to the importance of the information transmitted across communication networks and stored in networked servers. As a consequence, strong links are being built between security and the enterprise business activity and various tools have been made available for enterprises. These tools include, but are not limited to, filters and firewalls, intrusion detection systems, anti-malicious software systems, virtual private networks and risk management systems.

Intrusion detection systems analyze system and user operations in computer and network platforms in search for an activity that can be considered undesirable from a security point of view. Because of the complicated structures of attacks, data sources for intrusion detection include audit information, network traffic, application logs, and data collected from monitors controlling system behavior. Generated alerts are correlated in order to reduce the number of false alarms, detect efficiently multi-action attacks, and propose responses to the detected intrusions. On the other hand, risk management, which is the discipline that deals with the determination of vulnerabilities and threats, is an important aspect in securing enterprises. It integrates a list of architectures, techniques, and models to evaluate properly whether a current state of an enterprise is encountering threats.