مدل سازی تهدیدات بورس اوراق بهادار، EGX به عنوان یک مورد برای مطالعه Stock Exchange Threat Modeling, EGX as a Case Study
- نوع فایل : کتاب
- زبان : انگلیسی
- ناشر : Springer
- چاپ و سال / کشور: 2018
توضیحات
رشته های مرتبط اقتصاد، مدیریت
گرایش های مرتبط اقتصاد مالی، مدیریت مالی، تجارت الکترونیک
مجله کنفرانس بین المللی سیستم های هوشمند پیشرفته و اطلاعاتی – International Conference on Advanced Intelligent Systems and Informatics
دانشگاه Nile University – Giza – Egypt
منتشر شده در نشریه اسپرینگر
کلمات کلیدی انگلیسی SSL/TLS, Security, Electronic trading, Stock exchange
گرایش های مرتبط اقتصاد مالی، مدیریت مالی، تجارت الکترونیک
مجله کنفرانس بین المللی سیستم های هوشمند پیشرفته و اطلاعاتی – International Conference on Advanced Intelligent Systems and Informatics
دانشگاه Nile University – Giza – Egypt
منتشر شده در نشریه اسپرینگر
کلمات کلیدی انگلیسی SSL/TLS, Security, Electronic trading, Stock exchange
Description
1 Introduction Stock Exchange Markets provide a service to trade stocks and bonds. They have multiple roles in the economy [?] such as raising capital for companies, government capital raising for development projects and mobilizing savings for investment. Additionally, it is an indication of the general trend in the economy for a particular country. For many years, stock exchanges were physical locations where buyers and sellers met and negotiated. With the improvement in communication technology in the late 20th century, traders started to transact from remote locations in what became known as electronic trading (etrading). There are clear indications attest that the electronic crime threat in stock markets is an increasing threat, with the possibility of significant costs [3,4]. Therefore, implementing an effective information security measures and controls has become a critical success factor for all parties (regulators, brokerage companies and individual investors) to ensure a safe environment for electronic trading. Hereby, a threat modeling has to be developed and be followed for optimizing environment security. Threat modeling is a method for improving security by identifying assets that needs protection and weaknesses. Then defining actions reduce the effects of threats to the system. In stock exchange environment, the web servers are companies assents that need a protection. Digital Certificate is one of the technologies required to maintain the protection. It is based on Secure Socket Layer (SSL) [6] and Transport Layer Security (TLS) [8] protocols. SSL/TLS protocols are considered the de facto standard for providing secure communication over the Internet. The protocols have evolved over years to fix the weaknesses and drawbacks detected, add protection against discovered attacks and support new cryptographic algorithms that were defined. Several security assessments should be conducted to make sure that stock exchange markets are aligned with recent cyber threats. Moreover, companies should evaluate their systems and implemented technologies to identify any weakness. Then take actions toward enhancing the protection of their clients’ information. The rest of this paper is organized as following. Section 2 demonstrate the previous studies related to cyber threats in stock exchange. Followed by Sect. 3 which define the threat modeling for this environment. Section 4 introduce SSL/TLS protocols background, the known attacks and deployment best practices. The case study is presented in Sect. 5. The security assessment, its results and discussion are presented in Sect. 6. The conclusion is presented in Sect. 7 along with future work.