01657nas a2200277 4500000000100000000000100001008004100002260000900043653001500052653001700067653001800084653002000102653001000122653001400132653000800146653000900154653001100163653001800174100002400192700002600216700002100242245010100263300001100364490000700375520099700382 2016 d c201610aassessment10aavailability10acommunication10aconfidentiality10aIMECA10aintegrity10aPBX10aRisk10athreat10avulnerability1 aIosif Androulidakis1 aVyacheslav Kharchenko1 aAndriy Kovalenko00aImeca-Based Technique for Security Assessment of Private Communications: Technology and Training a99-1200 v353 a
Nowadays, almost everywhere, there are a huge number of privately owned telephone exchanges that serve the communication needs of a private or public entity making connections among internal telephones and linking them to other users in the public telephone network. Such communications cover most vital infrastructures, including hospitals, ministries, police, army, banks, public bodies/authorities, companies, industries and so on. The purpose of this paper is to raise awareness in regards to security and privacy threats present in private communications, helping both users and vendors safeguard their systems. This article provides an introduction to private branch exchanges (PBXs) and private communications, and a review of relevant threats and vulnerabilities. Finally, one possible approach to assessment of private communications security is presented, along with appropriate taxonomies. Such approach relies on performing gap analysis and is based on the IMECA technique.