Sherif Elhennawy - Academia.edu (original) (raw)
Uploads
Papers by Sherif Elhennawy
Internet of Things—Applications and Future
2019 First International Conference of Intelligent Computing and Engineering (ICOICE)
Every organization needs to constitute a strong information system (IS) and security management i... more Every organization needs to constitute a strong information system (IS) and security management in order to improve its business processes with the best practices. Information system processes must be reviewed and audited by IS auditors. IS auditors use a set of tools and techniques to perform the auditing process on the organizations. In this paper, we evaluate a set of tools and techniques which perform the security management of the organizations. Also, we classify the security management into five domains such as processes of auditing, governance and management, IS acquisitions and development, IS operations and support, and protection of information assets. Each domain has a set of auditing tasks. These tasks need inputs from various knowledge sources such as planning, risk assessment, evidence collection, laws and regulations, etc. Moreover, these tasks are performed through a number of tools and techniques in order to automate the security management process for IS auditors. The evaluation of tools and techniques target the security areas such as management, risk management and internal auditing controls with auditing tasks. Our main contribution is to determine the processes, tasks, and the suitable tools/techniques for each information system area from cybersecurity perspective. Moreover, each organization can analyze the security gaps in order to find a suitable solution for bridging these gaps.
Egyptian Informatics Journal
2018 Sixth International Conference on Enterprise Systems (ES), 2018
In a time of growing threats and advancing circumstances, receiving and keeping up a strong cyber... more In a time of growing threats and advancing circumstances, receiving and keeping up a strong cybersecurity profile in the enterprises are crucial. Important data and resources must be protected. Nowadays, cybersecurity became a predominant issue facing most organizations. It is recognized by organizations as an enterprise-wide issue requiring protection and detection from possible and malicious attacks to protect enterprise information assets. Hence, enterprises are obligated to use multiple tools for covering most of the cybersecurity aspects through different operations and for supporting different levels of users. Information systems auditing is becoming more difficult due to the rapidly developing technological threats. Hence, having these audits and reviews performed by independent functions increase the likelihood of detecting control weaknesses and provides further checks. These control issues are typically not due to the failure of the technology. However, they are mostly the result of individuals not executing the process, or using a process that is poorly defended. The main purpose of this research is to make a comparative study of the capabilities of most of the available automated cybersecurity auditing tools for frontend cloud computing. The results of this comparative study lead to knowing how to secure the enterprise's assets by using automated tools and techniques. Also, it uses clear steps to gather the information to provide the evidence required in the final report of IS auditing.
2019 First International Conference of Intelligent Computing and Engineering (ICOICE), 2019
Every organization needs to constitute a strong information system (IS) and security management i... more Every organization needs to constitute a strong information system (IS) and security management in order to improve its business processes with the best practices. Information system processes must be reviewed and audited by IS auditors. IS auditors use a set of tools and techniques to perform the auditing process on the organizations. In this paper, we evaluate a set of tools and techniques which perform the security management of the organizations. Also, we classify the security management into five domains such as processes of auditing, governance and management, IS acquisitions and development, IS operations and support, and protection of information assets. Each domain has a set of auditing tasks. These tasks need inputs from various knowledge sources such as planning, risk assessment, evidence collection, laws and regulations, etc. Moreover, these tasks are performed through a number of tools and techniques in order to automate the security management process for IS auditors. The evaluation of tools and techniques target the security areas such as management, risk management and internal auditing controls with auditing tasks. Our main contribution is to determine the processes, tasks, and the suitable tools/techniques for each information system area from cybersecurity perspective. Moreover, each organization can analyze the security gaps in order to find a suitable solution for bridging these gaps.
Internet of Things—Applications and Future, 2020
Egyptian Informatics Journal, 2020
Abstract Each organization faces threats and risks in daily operations. One of the main risks is ... more Abstract Each organization faces threats and risks in daily operations. One of the main risks is how to assess the security level to protect from the increasing risks associated with technology evolution. So, organizations can specify the required approaches and skills. In this paper, we propose a security maturity model that classifies the organizations into five levels. Each level determines the technologies and process capability used by the organizations. There is a set of factors that can help in determining the security maturity level, such as technology, people, and infrastructure. This paper adopts an Information Security Management model to assess organization’s security level. The authors make a correspondence between maturity levels and security levels in an organization. Also, the proposed process capability controls influence both levels. The proposed model helps the organizations bridging the cybersecurity gaps. These gaps relate to talent, technology, organizational units, financial, management and operations gaps. Thus, the model helps the cybersecurity auditors to create a comprehensive plan for measuring the security level of the organization. This plan can manage and develop the organization’s automated countermeasures. Also, it can help in applying the suitable standard and framework based on the organization’s daily operation. Cybersecurity auditors use cybersecurity techniques and tools to assess the organization’s postures. Finally, the authors applied the security maturity controls in two case studies: retirement organization and public telecommunication corporation in the Republic of Yemen.
Information Security Journal: A Global Perspective, 2020
Internet of Things—Applications and Future
2019 First International Conference of Intelligent Computing and Engineering (ICOICE)
Every organization needs to constitute a strong information system (IS) and security management i... more Every organization needs to constitute a strong information system (IS) and security management in order to improve its business processes with the best practices. Information system processes must be reviewed and audited by IS auditors. IS auditors use a set of tools and techniques to perform the auditing process on the organizations. In this paper, we evaluate a set of tools and techniques which perform the security management of the organizations. Also, we classify the security management into five domains such as processes of auditing, governance and management, IS acquisitions and development, IS operations and support, and protection of information assets. Each domain has a set of auditing tasks. These tasks need inputs from various knowledge sources such as planning, risk assessment, evidence collection, laws and regulations, etc. Moreover, these tasks are performed through a number of tools and techniques in order to automate the security management process for IS auditors. The evaluation of tools and techniques target the security areas such as management, risk management and internal auditing controls with auditing tasks. Our main contribution is to determine the processes, tasks, and the suitable tools/techniques for each information system area from cybersecurity perspective. Moreover, each organization can analyze the security gaps in order to find a suitable solution for bridging these gaps.
Egyptian Informatics Journal
2018 Sixth International Conference on Enterprise Systems (ES), 2018
In a time of growing threats and advancing circumstances, receiving and keeping up a strong cyber... more In a time of growing threats and advancing circumstances, receiving and keeping up a strong cybersecurity profile in the enterprises are crucial. Important data and resources must be protected. Nowadays, cybersecurity became a predominant issue facing most organizations. It is recognized by organizations as an enterprise-wide issue requiring protection and detection from possible and malicious attacks to protect enterprise information assets. Hence, enterprises are obligated to use multiple tools for covering most of the cybersecurity aspects through different operations and for supporting different levels of users. Information systems auditing is becoming more difficult due to the rapidly developing technological threats. Hence, having these audits and reviews performed by independent functions increase the likelihood of detecting control weaknesses and provides further checks. These control issues are typically not due to the failure of the technology. However, they are mostly the result of individuals not executing the process, or using a process that is poorly defended. The main purpose of this research is to make a comparative study of the capabilities of most of the available automated cybersecurity auditing tools for frontend cloud computing. The results of this comparative study lead to knowing how to secure the enterprise's assets by using automated tools and techniques. Also, it uses clear steps to gather the information to provide the evidence required in the final report of IS auditing.
2019 First International Conference of Intelligent Computing and Engineering (ICOICE), 2019
Every organization needs to constitute a strong information system (IS) and security management i... more Every organization needs to constitute a strong information system (IS) and security management in order to improve its business processes with the best practices. Information system processes must be reviewed and audited by IS auditors. IS auditors use a set of tools and techniques to perform the auditing process on the organizations. In this paper, we evaluate a set of tools and techniques which perform the security management of the organizations. Also, we classify the security management into five domains such as processes of auditing, governance and management, IS acquisitions and development, IS operations and support, and protection of information assets. Each domain has a set of auditing tasks. These tasks need inputs from various knowledge sources such as planning, risk assessment, evidence collection, laws and regulations, etc. Moreover, these tasks are performed through a number of tools and techniques in order to automate the security management process for IS auditors. The evaluation of tools and techniques target the security areas such as management, risk management and internal auditing controls with auditing tasks. Our main contribution is to determine the processes, tasks, and the suitable tools/techniques for each information system area from cybersecurity perspective. Moreover, each organization can analyze the security gaps in order to find a suitable solution for bridging these gaps.
Internet of Things—Applications and Future, 2020
Egyptian Informatics Journal, 2020
Abstract Each organization faces threats and risks in daily operations. One of the main risks is ... more Abstract Each organization faces threats and risks in daily operations. One of the main risks is how to assess the security level to protect from the increasing risks associated with technology evolution. So, organizations can specify the required approaches and skills. In this paper, we propose a security maturity model that classifies the organizations into five levels. Each level determines the technologies and process capability used by the organizations. There is a set of factors that can help in determining the security maturity level, such as technology, people, and infrastructure. This paper adopts an Information Security Management model to assess organization’s security level. The authors make a correspondence between maturity levels and security levels in an organization. Also, the proposed process capability controls influence both levels. The proposed model helps the organizations bridging the cybersecurity gaps. These gaps relate to talent, technology, organizational units, financial, management and operations gaps. Thus, the model helps the cybersecurity auditors to create a comprehensive plan for measuring the security level of the organization. This plan can manage and develop the organization’s automated countermeasures. Also, it can help in applying the suitable standard and framework based on the organization’s daily operation. Cybersecurity auditors use cybersecurity techniques and tools to assess the organization’s postures. Finally, the authors applied the security maturity controls in two case studies: retirement organization and public telecommunication corporation in the Republic of Yemen.
Information Security Journal: A Global Perspective, 2020