|
[1]Wm. Arthur Conklin, "IT vs OT Security: A Time to Consider a Change in CIA to Include Resilience," 2016 49th Hawaii International Conference on System Sciences [2]Anestis Bechtsoudis , Nicolas Sklavos “Aiming at Higher Network Security Through Extensive Penetration Tests,” IEEE LATIN AMERICA TRANSACTIONS, VOL. 10, NO. 3, APRIL 2012 [3]Norah Ahmed Almubairik, Gary Wills, "Automated penetration testing based on a threat model," The 11th International Conference for Internet Technology and Secured Transactions(ICITST-2016) [4]Teddy Surya Gunawan, Muhammad Kasim Lim, Mira Kartiwi, Noreha Abdul Malik, Nanang Ismail "Penetration Testing using Kali Linux:SQL Injection, XSS, Wordpress, and WPA2 Attacks," Indonesian Journal of Electrical Engineering and Computer Science, 2018 [5]Blake E. Strom, Joseph A. Battaglia, Michael S.Kemmerer, William Kupersanin, Douglas P. Miller, Craig Wampler, Sean M. Whitley, Ross D. Wolf "Finding Cyber Threats with ATT&CK™-Based Analytics," https://www.mitre.org/sites/default/files/publications/16-3713-finding-cyber-threats%20with%20att%26ck-based-analytics.pdf [6]Chung-Kuan Chen, Zhi-Kai Zhang, Shan-Hsin Lee, Shiuhpyng Shieh "Penetration Testing in the IoT Age," 2018 IEEE Computer Society [7]Farkhod Alisherov A & Feruza Sattarova Y "Methodology for Penetration Test," International Journal of Grid and Distributed Computing Vol.2, No.2, June 2009 [8]Muhammad Zunnurain Hussain, Muhammad Zulkifl Hasan, Muhammad Taimoor Aamer Chughtai, "Penetration Testing in System Administration," INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 6 [9]PCI DSS Quick Reference Guide Understanding the Payment Card Industry Data Security Standard version 3.2.1, https://www.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf [10]Fireeye, “Apt1 report,” https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf,(Accessed on 12/12/2017). [11]Hamed Orojloo, Mohammad Abdollahi Azgomi, "A game-theoretic approach to model and quantify the security of cyber-physical systems," Computers in Indusstry 88(2017)44-57 [12]Michael Mylrea, Sri Nikhil Gupta Gourisetti, Member, IEEE, Andrew Nicholls, "An Introduction to Buildings Cybersecurity Framework," 2017 IEEE Symposium Series on Computational Intelligence (SSCI) [13]Bruce Schneier, "Liars and Outliers: Enabling the Trust that Society Needs to Thrive," Published by John Wiley & Sons, Inc 2012 [14]NIST SP 800-115, "Technical Guide to Information Security Testing and Assessment" [15]NIST Special Publication 800-53A "Assessing Security and Privacy Controls in Federal Information Systems and Organizations" [16]FedRAMP PENETRATION TEST GUIDANCE Version 2.0 November 24 2017 [17]CUONG T. DO, NGUYEN H. TRAN, and CHOONGSEON HONG, CHARLES A. KAMHOUA, KEVIN A. KWIAT, and ERIK BLASCH "Game Theory for Cyber Security and Privacy" [18]Micah Zenko, “紅隊測試:戰略級團隊與低容錯組織如何靠假想敵修正風險、改善假設?” 大寫出版 [19]Jai Narayan Goel, BM Mehtre, "Vulnerability Assessment & Penetration Testing as a Cyber Defense Technology," Procedia Computer Science 57 (2015)710-715 [20]https://en.wikipedia.org/wiki/There_are_known_knowns [21]Red Teaming : the art of ethical hacking, https://www.sans.org/reading-room/whitepapers/auditing/red-teaming-art-ethical-hacking-1272 [22]紅皇后理論,https://www.britannica.com/biography/Leigh-Van-Valen [23]Finn, P., & Jakobsson, M. (2007), “Designing ethical phishing experiments,” IEEE Technology and Society Magazine, [24]Luciana Obregon, ” Secure Architecture for Industrial Control Systems,” SANS Institute [25]RedTeam, https://www.redteamsecure.com/, https://www.youtube.com/watch?time_continue=1&v=pL9q2lOZ1Fw&feature=emb_logo [26]The Economist Intelligence Unit, Organisational Resilience:Building an enduring enterprise, https://www.bsigroup.com/LocalFiles/zh-TW/organizational-resilience/Org-res-EIU-report.pdf [27]Joseph V. DeMarco, “An approach to minimizing legal and reputational risk in Red Tam hacking exercises,” ScienceDirect journal published by Elservier [28]Steve Mansfield-Devine, “The best form of defense – the benefits of red teaming,” Computer Fraud & Security [29]Hak5 Lan Turtle, https://shop.hak5.org/products/lan-turtle [30]Skeleton Key, Dell Secure Work Counter Threat Unit, https://www.secureworks.com/research/skeleton-key-malware-analysis [31]Privileged Access Workstations, https://docs.microsoft.com/zh-tw/windows-server/identity/securing-privileged-access/privileged-access-workstations [32]NIST-SP-800-53 CA-8 滲透測試, https://nvd.nist.gov/800-53/Rev4/control/CA-8
|