TY - JOUR KW - assessment KW - availability KW - communication KW - confidentiality KW - IMECA KW - integrity KW - PBX KW - Risk KW - threat KW - vulnerability AU - Iosif Androulidakis AU - Vyacheslav Kharchenko AU - Andriy Kovalenko AB -

Nowadays, almost everywhere, there are a huge number of privately owned telephone exchanges that serve the communication needs of a private or public entity making connections among internal telephones and linking them to other users in the public telephone network. Such communications cover most vital infrastructures, including hospitals, ministries, police, army, banks, public bodies/authorities, companies, industries and so on. The purpose of this paper is to raise awareness in regards to security and privacy threats present in private communications, helping both users and vendors safeguard their systems. This article provides an introduction to private branch exchanges (PBXs) and private communications, and a review of relevant threats and vulnerabilities. Finally, one possible approach to assessment of private communications security is presented, along with appropriate taxonomies. Such approach relies on performing gap analysis and is based on the IMECA technique.

BT - Information & Security: An International Journal DA - 2016 DO - 10.11610/isij.3505 IS - 1 LA - eng N2 -

Nowadays, almost everywhere, there are a huge number of privately owned telephone exchanges that serve the communication needs of a private or public entity making connections among internal telephones and linking them to other users in the public telephone network. Such communications cover most vital infrastructures, including hospitals, ministries, police, army, banks, public bodies/authorities, companies, industries and so on. The purpose of this paper is to raise awareness in regards to security and privacy threats present in private communications, helping both users and vendors safeguard their systems. This article provides an introduction to private branch exchanges (PBXs) and private communications, and a review of relevant threats and vulnerabilities. Finally, one possible approach to assessment of private communications security is presented, along with appropriate taxonomies. Such approach relies on performing gap analysis and is based on the IMECA technique.

PY - 2016 SE - 99 SP - 99 EP - 120 T2 - Information & Security: An International Journal TI - Imeca-Based Technique for Security Assessment of Private Communications: Technology and Training VL - 35 ER -