ABSTRACT
Due to the increase in professionals adopting the home office model due to the COVID-19 pandemic, the threat to company information and assets has become more evident. This work aims to identify, describe and evaluate the impacts of applying the threat modeling method, using risk management standards, on corporate computers with the aid of a monitoring system. The proposed method for application suggests the adoption of processes and a system for updating, controlling and managing the Windows Operating System to reduce the threats faced. The research identified security using the STRIDE and DREAD methods and the ISO and NIST security standards. It verified 14 types of threats found in an operating system that can be properly identified and mitigated with the threat exploitation method.Alternate :Devido ao aumento de profissionais que adoptaram o modelo de escritório em casa devido à pandemia de COVID-19, a ameaça à informação e bens da empresa tornou-se mais evidente. Este trabalho visa identificar, descrever e avaliar os impactos da aplicação do método de modelização da ameaça, utilizando normas de gestão do risco, nos computadores das empresas, com a ajuda de um sistema de monitorização. O método de aplicação proposto sugere a adopção de processos e um sistema de actualização, controlo e gestão do sistema operativo Windows para reduzir as ameaças enfrentadas. A investigação identificou a segurança utilizando os métodos STRIDE e DREAD e as normas de segurança ISO e NIST. Verificou 14 tipos de ameaças encontradas num sistema operativo que podem ser devidamente identificadas e mitigadas com o método de exploração de ameaças.
ABSTRACT
Background: Patients undergoing an interventional radiology procedure report some degree of anxiety. Therefore, procedure-related anxiety needs to be managed. The aim of our study was to investigate patient satisfaction with monitored anesthesia care (MAC) for uterine artery embolization (UAE)-related procedural anxiety in symptomatic uterine fibroids or adenomyosis. Method(s): Between May 2021 and June 2022, 36 patients with symptomatic fibroids or adenomyosis underwent UAE with MAC. Follow-up evaluations consisted of clinical symptoms, degree of satisfaction with MAC in UAE, and complications. Result(s): MAC in UAE was successfully performed in all patients. UAE significantly reduced patients' complaints such as bleeding and pain: the scores for bleeding and pain were significantly reduced after 3 months of UAE compared with those before UAE, indicating the effectiveness of UAE. The mean score of satisfaction with MAC in UAE was 4.3 points, meaning that 94.4% of women were satisfied or very satisfied. No major complications were observed. Conclusion(s): MAC in UAE for symptomatic uterine fibroids or adenomyosis can be emotionally effective and safe for patients who are anxious about the procedure.Copyright © 2023 The Author(s).
ABSTRACT
Particularly amid Covid-19, enterprises' digital transformation has rapidly accelerated, making cybersecurity an even bigger challenge. Financial institutions adopt FinTech technologies to advance their service and achieve an enhanced customer experience that creates a competitive edge in the market. FinTech products utilise open banking API services to allow communication between a financial institution and a FinTech provider. However, such an integration introduces significant security concerns. Therefore, financial firms must ensure that a robust API service to protect the bank's infrastructure and its customers' information. To address this concern, we propose a Framework for Open Banking API security that utilises STRIDE model to identify security threats in FinTech integration via Open Banking API and Bayesian Attack Graphs to automate predictions of the most exploitable attack paths. © 2022 IEEE.
ABSTRACT
The use of unified communication;video conferencing, audio conferencing, and instant messaging has skyrocketed during the COVID-19 pandemic. However, security and privacy considerations have often been neglected. This article provides a comprehensive survey of security and privacy in Unified Communication (UC). We systematically analyze security and privacy threats and mitigations in a generic UC scenario. Based on this, we analyze security and privacy features of the major UC market leaders, and we draw conclusions on the overall UC landscape. While confidentiality in communication channels is generally well protected through encryption, other privacy properties are mostly lacking on UC platforms. [ FROM AUTHOR]
ABSTRACT
The use of unified communication;video conferencing, audio conferencing, and instant messaging has skyrocketed during the COVID-19 pandemic. However, security and privacy considerations have often been neglected. This article provides a comprehensive survey of security and privacy in Unified Communication (UC). We systematically analyze security and privacy threats and mitigations in a generic UC scenario. Based on this, we analyze security and privacy features of the major UC market leaders, and we draw conclusions on the overall UC landscape. While confidentiality in communication channels is generally well protected through encryption, other privacy properties are mostly lacking on UC platforms.
ABSTRACT
Since the COVID 19 pandemic creates enormous casualties in the world, it rapidly changes the working environment. It significantly increased the virtual meeting among the team members at work. These require many pieces of equipment. Among the components, a webcam is becoming the most important piece of equipment in virtual meetings. Since the webcam becomes the important factor in the meeting, the attacks on the webcam are enormously increased. In many cases, when a group of hackers attacks a webcam, it creates critical privacy breaches. Therefore, to prevent these types of critical breaches, this paper closely conducts the Threat Modeling analysis based on DFD and STRIDE techniques on FireStormcx's webcam. Additionally, these types of Threat Modeling analysis result to create a recommended threat remediation plan.
ABSTRACT
Purpose: Current walking interventions for people with knee osteoarthritis (OA) focus on either reducing knee joint loading or on increasing physical activity. There is a need for interventions that could address both quality and quantity of walking for people with knee OA. The goal of this randomized controlled trial (clinicaltrials.gov # NCT03064139) was to determine the feasibility of a mindful walking intervention to improve quality and quantity of walking in people with knee OA. Methods: Individuals with symptomatic knee OA were recruited from the community using advertisements. Study criteria are shown in Table 1. [Formula presented] During enrollment, the more symptomatic knee, or a knee selected at random in case of equal symptoms, was designated as the study knee. After the baseline visit, participants were randomized to either a mindful walking group (MWG) or an attention-matched self-management group (SMG). Participants in both groups received 11 intervention sessions delivered over a 6-month period (4 in 1 st month, 2 each in 2nd and 3rd months, 1 each in 4th, 5th, and 6th months). Interventions were delivered via in-person groups (4-10 in each group) and each session was 1.5-3 hours in duration. For MWG, a certified instructor provided training in mindful walking that includes whole-body movement retraining and mindful body-awareness skill building. Biomechanical elements include: shorter stride length, higher cadence, greater toe-in, and more aligned posture. Participants were coached to progressively increase their mindful walking activity each week. Mindfulness elements include mindful body-awareness skills to increase sensitivity and awareness of deviations from the taught techniques. The approach is based on “ChiWalking®” so called because the movement approaches are drawn in part from T’ai Chi. For SMG, a researcher delivered a curriculum consisting of education and self-management techniques (e.g., importance of physical activity and exercise, nutrition, weight-management, etc.). This information was also provided to MWG in a condensed form. Gait analyses and physical performance tests were completed at baseline and 6-months. Physical activity was assessed using a commercial wrist-worn activity monitor (Charge 3, Fitbit Inc, San Francisco, CA). Participant-reported outcomes (PROs) were completed at baseline and every 3-months. Participants were remotely followed for an additional 6-months after the end of the intervention. Given the feasibility nature of the study, primary outcomes included recruitment, adherence, retention and number of adverse events. Secondary outcomes included peak external knee adduction moment [KAM], daily step count, Knee injury and osteoarthritis outcome score (KOOS) Pain, Five Facet Mindfulness Questionnaire (FFMQ), Arthritis Self-Efficacy Scale (ASES), 30-second chair stand test (30STS), 40-meter fast paced walk test (40FPW), and Stair Climbing Test (SCT). Analyses were conducted on intention-to-treat basis with all randomized participants included and missing values were not imputed. Results: Participants were recruited between March 2019 and January 2020. During this period, ∼450 individuals completed pre-screening questionnaires (∼41 per month), 66 completed in-person screening visits, 47 were enrolled, and 44 were randomized (Table 2). Interventions for 19 participants were interrupted, delayed for 3-months, and then transitioned to virtual format due to the COVID-19 pandemic. While the original recruitment goal was 62, the trial was halted earlier due to COVID-19. [Formula presented] Attendance is shown in Table 3. On average, MWG group attended 63% of the sessions vs. 70% in the SMG group. Among those who attended at least 1 session, MWG group attended 69% vs. 77% for SMG. Among those who attended at least 3 sessions, MWG group attended 75% vs. 84% for SMG. Post-intervention, 65% (n=15) and 87% (n=20) of MWG completed the in-person visits and PROs, respectively. In SMG, 81% (n=17) completed in-person visits and PROs. At 12-months, 91% (n=21) and 71% (n 15) completed the PROs for MWG and SMG, respectively. [Formula presented] Participant feedback at 6- and 12-months showed that the intervention was acceptable (Table 4). There were no serious adverse events related to the intervention in either group. Within group and between group differences for secondary outcomes are shown in Table 5. [Formula presented] [Formula presented] Conclusions: Our benchmarks were recruitment over 1.5 years, attendance of 75% in MWG group, and retention of 80% of participants at 6-months. While all of these benchmarks were negatively impacted by COVID-19, the recruitment rates over the period studied, adherence in those who attended at least 3 sessions, and retention for some secondary outcomes were acceptable. Participants in both groups found the interventions helpful, enjoyable, and rated it highly. At 12-month follow-up, MWG participants continued to practice mindful walking 1-2 days a week. Between group differences for secondary outcomes were small. Given the feasibility nature of the study, conclusions regarding efficacy cannot be made and larger trial would be needed. Our results show that our methods are appropriate for conducting such a larger trial.
ABSTRACT
Remote unlocking for Android devices may benefit both users and manufacturers. Users can continue using the device without factory-resetting when they unexpectedly forget their passphrases. Manufacturers can improve non-face-To-face customer services in the COVID-19 era. Nevertheless, not many manufacturers support remote unlocking services for Android devices. If the remote unlocking service is triggered by requests over-The-Air, it may increase the attack surface of Android security. Android security is hardware-based (e.g., hardware-backed Keystore), so we seek to preserve this security level by designing a new remote unlocking service without modifying trusted execution environments. Our design supports two-factor authentication, distributed authority, trust-boundary minimization, and key management. Since a synthetic password used for remote unlocking is not exposed to the outside of an Android device, the manufacturer still cannot unlock the device without user consent. We identify 208 security threats in the proposed remote unlocking service using the STRIDE model and ensure that our design has countermeasures for all high-level security threats. After passing quality verification and penetration tests, the proposed remote unlocking service has been officially installed on commercial devices. © 2021 IEEE.