- Table View
- List View
Security Issues in Communication Devices, Networks and Computing Models: Volume 2
by Gheorghita Ghinea Budati Anil Kumar Akella Ramakrishna Goutham MakkenaThe importance of addressing security issues in communication devices, networks, and computing models in Industry 5.0 cannot be overstated. Industry 5.0 represents the next phase in the evolution of manufacturing and industrial processes, characterized by increased connectivity, automation, and the integration of smart technologies. Here are several reasons why security is crucial in this context: Industry 5.0 involves the convergence of information technology (IT) and operational technology (OT), making industrial control systems susceptible to cyber threats. A breach in security could compromise critical infrastructure such as power grids, transportation systems, and water treatment plants. Securing computing models and networks is vital for protecting critical infrastructure and ensuring the safety and stability of essential services.Industry 5.0 encourages the use of advanced technologies such as the Industrial Internet of Things (IIoT) and edge computing, leading to increased data exchange and collaboration. Security issues could result in the theft or manipulation of intellectual property, proprietary designs, and sensitive business information. Robust security measures are necessary to safeguard intellectual property, maintain a competitive edge, and foster innovation within Industry 5.0 ecosystems. Communication devices and networks in Industry 5.0 transmit vast amounts of sensitive data, including production data, supply chain information, and operational metrics. Ensuring the integrity and confidentiality of this data is crucial for informed decision-making and maintaining a competitive advantage. Security breaches could lead to data manipulation, unauthorized access, and exposure of sensitive information, jeopardizing the trust of stakeholders and partners. Industry 5.0 involves interconnected supply chains, where multiple entities collaborate and share data. Weaknesses in communication devices and networks can be exploited to compromise the integrity of the entire supply chain, impacting product quality and safety. Securing communication channels and computing models is vital for maintaining the trustworthiness of the supply chain, ensuring product quality, and minimizing the risk of counterfeit components.In summary, addressing security issues in communication devices, networks, and computing models is fundamental to the successful implementation of Industry 5.0. It not only protects the assets and operations of organizations but also contributes to the overall safety, reliability, and sustainability of advanced industrial systems.
Security Issues in Fog Computing from 5G to 6G: Architectures, Applications and Solutions (Internet of Things)
by Chintan Bhatt Yulei Wu Massimo Villari Saad HarousThe book provides an examination of how fog security is changing the information technology industry and will continue to in the next decade. The authors first discuss how fog enables key applications in wireless 5G, the Internet of Things, and big data. The book then presents an overview of fog/edge computing, focusing on its relationship with cloud technology, Internet of Things and the future with the use of secure 5G/6G communication. The book also presents a comprehensive overview of liabilities in fog/edge computing within multi-level architectures and the intelligent management. The last part of the book reviews applications of fog/edge computing in smart cities, including in Industrial IoT, edge-based augmented reality, data streaming, and blockchain-based.
Security Issues in Mobile NFC Devices
by Michael RolandThis work provides an assessment of the current state of near field communication (NFC) security, it reports on new attack scenarios, and offers concepts and solutions to overcome any unresolved issues. The work describes application-specific security aspects of NFC based on exemplary use-case scenarios and uses these to focus on the interaction with NFC tags and on card emulation. The current security architectures of NFC-enabled cellular phones are evaluated with regard to the identified security aspects.
Security Log Management
by Jacob BabbinAs a system administrator or security professionals, you probably find yourself inundated each day with a deluge of log files from seemingly countless devices, servers, and applications on your network ranging from Windows Server to Snort to your PIX firewall and everything in between. At times, the task of "seeing the forest through the trees" to extract useful, repeatable information from these logs may seem almost impossible. This unique book will show you how to use a combination of open source software such as Tcpdstats, and Snort perfmonitor to create succinct, meaningful reports that give you the big picture of your network's overall health and well being. So, if you need to analyze and prioritize everything from how much of your bandwidth is devoted to browsing ESPN.com, to the most targeted machines in your IDS logs, this is the book for you. This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the "Top 10" security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts. The book then goes on to discuss the relevancy of all of this information. Next, the book describes how to script open source reporting tools like Tcpdstats to automatically correlate log files from the various network devices to the "Top 10" list. By doing so, the IT professional is instantly made aware of any critical vulnerabilities or serious degradation of network performance. All of the scripts presented within the book will be available for download from the Syngress Solutions Web site.
Security Management for Industrial Safety Critical Applications: A Practical Approach (Asset Analytics)
by Lalit Kumar Singh Pooja Singh Raj Kamal Kaur Ajit K. VermaThe book introduces dependability (security metric) ideas, gives a general overview of the security analysis of Safety-Critical Systems (SCSs), explains why the study is necessary and defines key terms relevant to this research. It makes an effort to emphasize the significance of security in comparison to other dependability indicators and illustrates the key drivers of this research's purpose. The mathematical foundation of the security analysis process is briefly illustrated, and key mathematical terminology and concepts are presented that are crucial for the security evaluation of critical systems. This book's objective is to provide a thorough understanding of the security analysis process. It will be a research-focused book designed for undergraduate, graduate, and doctoral courses in software and cyber security. The fundamentals of reliability, security, metrics, and mathematical foundation have been covered in this book. Each technique's actual applications, along with benefits and drawbacks, are also shown. Applying each technique to the various case studies serves as a demonstration of how it works. By using the many case studies of safety-critical systems, the students can also learn different analysis approaches and how to model them. Students will be able to use these tools, in particular, on a case study of their choice to analyze system security. The book includes a comparison of various strategies and appropriate recommendations for further reading on these subjects. Moreover, this book's target audience includes software professionals who are interested in security analysis.
Security Management of Next Generation Telecommunications Networks and Services
by Stuart JacobsThis book will cover network management security issues and currently available security mechanisms by discussing how network architectures have evolved into the contemporary NGNs which support converged services (voice, video, TV, interactive information exchange, and classic data communications).<P><P> It will also analyze existing security standards and their applicability to securing network management. This book will review 21st century security concepts of authentication, authorization, confidentiality, integrity, nonrepudiation, vulnerabilities, threats, risks, and effective approaches to encryption and associated credentials management/control. The book will highlight deficiencies in existing protocols used for management and the transport of management information.
Security Management: A Critical Thinking Approach
by Michael Land Truett Ricks Bobby RicksSecurity is a paradox. It is often viewed as intrusive, unwanted, a hassle, or something that limits personal, if not professional, freedoms. However, if we need security, we often feel as if we can never have enough. Security Management: A Critical Thinking Approach provides security professionals with the ability to critically examine their organ
Security Monitoring: Proven Methods for Incident Detection on Enterprise Networks
by Chris Fry Martin NystromHow well does your enterprise stand up against today's sophisticated security threats? In this book, security experts from Cisco Systems demonstrate how to detect damaging security incidents on your global network--first by teaching you which assets you need to monitor closely, and then by helping you develop targeted strategies and pragmatic techniques to protect them.Security Monitoring is based on the authors' years of experience conducting incident response to keep Cisco's global network secure. It offers six steps to improve network monitoring. These steps will help you:Develop Policies: define rules, regulations, and monitoring criteriaKnow Your Network: build knowledge of your infrastructure with network telemetrySelect Your Targets: define the subset of infrastructure to be monitoredChoose Event Sources: identify event types needed to discover policy violationsFeed and Tune: collect data, generate alerts, and tune systems using contextual informationMaintain Dependable Event Sources: prevent critical gaps in collecting and monitoring eventsSecurity Monitoring illustrates these steps with detailed examples that will help you learn to select and deploy the best techniques for monitoring your own enterprise network.
Security Operations for Microsoft® Exchange 2000 Server
by Microsoft CorporationThis guide delivers procedures and best practices for system administrators to create and maintain a secure environment on servers running Microsoft Exchange 2000 with a focus on two specific server roles: Microsoft Outlook® Web Access (OWA) front end servers and back-end servers. This guide was created as a supplement to Security Operations Guide for Microsoft Windows 2000 Server.
Security Opportunities in Nano Devices and Emerging Technologies
by Mark Tehranipoor, Domenic Forte, Garrett S. Rose and Swarup BhuniaThe research community lacks both the capability to explain the effectiveness of existing techniques and the metrics to predict the security properties and vulnerabilities of the next generation of nano-devices and systems. This book provides in-depth viewpoints on security issues and explains how nano devices and their unique properties can address the opportunities and challenges of the security community, manufacturers, system integrators, and end users. This book elevates security as a fundamental design parameter, transforming the way new nano-devices are developed. Part 1 focuses on nano devices and building security primitives. Part 2 focuses on emerging technologies and integrations.
Security Orchestration, Automation, and Response for Security Analysts: Learn the secrets of SOAR to improve MTTA and MTTR and strengthen your organization's security posture
by Benjamin KovacevicBecome a security automation expert and build solutions that save time while making your organization more secureKey FeaturesWhat’s insideAn exploration of the SOAR platform’s full features to streamline your security operationsLots of automation techniques to improve your investigative abilityActionable advice on how to leverage the capabilities of SOAR technologies such as incident management and automation to improve security postureBook DescriptionWhat your journey will look like With the help of this expert-led book, you’ll become well versed with SOAR, acquire new skills, and make your organization's security posture more robust. You’ll start with a refresher on the importance of understanding cyber security, diving into why traditional tools are no longer helpful and how SOAR can help. Next, you’ll learn how SOAR works and what its benefits are, including optimized threat intelligence, incident response, and utilizing threat hunting in investigations. You’ll also get to grips with advanced automated scenarios and explore useful tools such as Microsoft Sentinel, Splunk SOAR, and Google Chronicle SOAR. The final portion of this book will guide you through best practices and case studies that you can implement in real-world scenarios. By the end of this book, you will be able to successfully automate security tasks, overcome challenges, and stay ahead of threats.What you will learnReap the general benefits of using the SOAR platformTransform manual investigations into automated scenariosLearn how to manage known false positives and low-severity incidents for faster resolutionExplore tips and tricks using various Microsoft Sentinel playbook actionsGet an overview of tools such as Palo Alto XSOAR, Microsoft Sentinel, and Splunk SOARWho this book is forYou'll get the most out of this book if You're a junior SOC engineer, junior SOC analyst, a DevSecOps professional, or anyone working in the security ecosystem who wants to upskill toward automating security tasks You often feel overwhelmed with security events and incidents You have general knowledge of SIEM and SOAR, which is a prerequisite You’re a beginner, in which case this book will give you a head start You’ve been working in the field for a while, in which case you’ll add new tools to your arsenal
Security Patch Management
by Felicia NicastroAlthough the patch management process is neither exceedingly technical nor extremely complicated, it is still perceived as a complex issue that's often left to the last minute or resolved with products that automate the task. Effective patch management is not about technology; it's about having a formal process in place that can deploy patches to v
Security Patterns
by Frank Buschmann Peter Sommerlad Eduardo Fernandez-Buglioni Markus Schumacher Duane HybertsonMost security books are targeted at security engineers and specialists. Few show how build security into software. None breakdown the different concerns facing security at different levels of the system: the enterprise, architectural and operational layers. Security Patterns addresses the full spectrum of security in systems design, using best practice solutions to show how to integrate security in the broader engineering process. Essential for designers building large-scale systems who want best practice solutions to typical security problemsReal world case studies illustrate how to use the patterns in specific domainsFor more information visit www.securitypatterns.org
Security Patterns in Practice
by Eduardo Fernandez-BuglioniLearn to combine security theory and code to produce secure systemsSecurity is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML. Provides an extensive, up-to-date catalog of security patternsShares real-world case studies so you can see when and how to use security patterns in practiceDetails how to incorporate security from the conceptual stage Highlights tips on authentication, authorization, role-based access control, firewalls, wireless networks, middleware, VoIP, web services security, and moreAuthor is well known and highly respected in the field of security and an expert on security patternsSecurity Patterns in Practice shows you how to confidently develop a secure system step by step.
Security Planning
by Susan LinckeThis book guides readers through building an IT security plan. Offering a template, it helps readers to prioritize risks, conform to regulation, plan their defense and secure proprietary/confidential information. The process is documented in the supplemental online security workbook. Security Planning is designed for the busy IT practitioner, who does not have time to become a security expert, but needs a security plan now. It also serves to educate the reader of a broader set of concepts related to the security environment through the Introductory Concepts and Advanced sections. The book serves entry level cyber-security courses through those in advanced security planning. Exercises range from easier questions to the challenging case study. This is the first text with an optional semester-long case study: Students plan security for a doctor's office, which must adhere to HIPAA regulation. For software engineering-oriented students, a chapter on secure software development introduces security extensions to UML and use cases (with case study). The text also adopts the NSA's Center of Academic Excellence (CAE) revamped 2014 plan, addressing five mandatory and 15 Optional Knowledge Units, as well as many ACM Information Assurance and Security core and elective requirements for Computer Science.
Security Policies and Implementation Issues
by Robert Johnson Chuck EasttomPART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES Security Policies and Implementation Issues, Third Edition offers a comprehensive, end-to-end view of information security policies and frameworks from the raw organizational mechanics of building to the psychology of implementation. Written by industry experts, the new Third Edition presents an effective balance between technical knowledge and soft skills, while introducing many different concepts of information security in clear simple terms such as governance, regulator mandates, business drivers, legal considerations, and much more. With step-by-step examples and real-world exercises, this book is a must-have resource for students, security officers, auditors, and risk leaders looking to fully understand the process of implementing successful sets of security policies and frameworks. Instructor Materials for Security Policies and Implementation Issues include: PowerPoint Lecture Slides Instructor's Guide Sample Course Syllabus Quiz & Exam Questions Case Scenarios/Handouts About the Series This book is part of the Information Systems Security and Assurance Series from Jones and Bartlett Learning. Designed for courses and curriculums in IT Security, Cybersecurity, Information Assurance, and Information Systems Security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information-security principles packed with real-world applications and examples. Authored by Certified Information Systems Security Professionals (CISSPs), they deliver comprehensive information on all aspects of information security. Reviewed word for word by leading technical experts in the field, these books are not just current, but forward-thinking—putting you in the position to solve the cybersecurity challenges not just of today, but of tomorrow, as well.
Security Policy in System-on-Chip Designs: Specification, Implementation and Verification
by Sandip Ray Swarup Bhunia Abhishek BasakThis book offers readers comprehensive coverage of security policy specification using new policy languages, implementation of security policies in Systems-on-Chip (SoC) designs – current industrial practice, as well as emerging approaches to architecting SoC security policies and security policy verification. The authors focus on a promising security architecture for implementing security policies, which satisfies the goals of flexibility, verification, and upgradability from the ground up, including a plug-and-play hardware block in which all policy implementations are enclosed. Using this architecture, they discuss the ramifications of designing SoC security policies, including effects on non-functional properties (power/performance), debug, validation, and upgrade. The authors also describe a systematic approach for “hardware patching”, i.e., upgrading hardware implementations of security requirements safely, reliably, and securely in the field, meeting a critical need for diverse Internet of Things (IoT) devices.Provides comprehensive coverage of SoC security requirements, security policies, languages, and security architecture for current and emerging computing devices;Explodes myths and ambiguities in SoC security policy implementations, and provide a rigorous treatment of the subject;Demonstrates a rigorous, step-by-step approach to developing a diversity of SoC security policies;Introduces a rigorous, disciplined approach to “hardware patching”, i.e., secure technique for updating hardware functionality of computing devices in-field;Includes discussion of current and emerging approaches for security policy verification.
Security Power Tools
by Bryan Burns Eric Markham Chris Iezzoni Philippe Biondi Jennifer Stisa Granick Steve Manzuik Paul Guersch Dave Killion Nicolas Beauchesne Eric Moret Julien Sobrier Michael LynnWhat if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms. Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits. Security Power Tools details best practices for: Reconnaissance -- including tools for network scanning such as nmap; vulnerability scanning tools for Windows and Linux; LAN reconnaissance; tools to help with wireless reconnaissance; and custom packet generation Penetration -- such as the Metasploit framework for automated penetration of remote computers; tools to find wireless networks; exploitation framework applications; and tricks and tools to manipulate shellcodes Control -- including the configuration of several tools for use as backdoors; and a review of known rootkits for Windows and Linux Defense -- including host-based firewalls; host hardening for Windows and Linux networks; communication security with ssh; email security and anti-malware; and device security testing Monitoring -- such as tools to capture, and analyze packets; network monitoring with Honeyd and snort; and host monitoring of production servers for file changes Discovery -- including The Forensic Toolkit, SysInternals and other popular forensic tools; application fuzzer and fuzzing techniques; and the art of binary reverse engineering using tools like Interactive Disassembler and Ollydbg A practical and timely network security ethics chapter written by a Stanford University professor of law completes the suite of topics and makes this book a goldmine of security information. Save yourself a ton of headaches and be prepared for any network security dilemma with Security Power Tools.
Security Power Tools
by Bryan Burns Eric Markham Chris Iezzoni Philippe Biondi Jennifer Stisa Granick Steve Manzuik Paul Guersch Dave Killion Nicolas Beauchesne Eric Moret Julien Sobrier Michael LynnWhat if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms. Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits. Security Power Tools details best practices for: Reconnaissance -- including tools for network scanning such as nmap; vulnerability scanning tools for Windows and Linux; LAN reconnaissance; tools to help with wireless reconnaissance; and custom packet generation Penetration -- such as the Metasploit framework for automated penetration of remote computers; tools to find wireless networks; exploitation framework applications; and tricks and tools to manipulate shellcodes Control -- including the configuration of several tools for use as backdoors; and a review of known rootkits for Windows and Linux Defense -- including host-based firewalls; host hardening for Windows and Linux networks; communication security with ssh; email security and anti-malware; and device security testing Monitoring -- such as tools to capture, and analyze packets; network monitoring with Honeyd and snort; and host monitoring of production servers for file changes Discovery -- including The Forensic Toolkit, SysInternals and other popular forensic tools; application fuzzer and fuzzing techniques; and the art of binary reverse engineering using tools like Interactive Disassembler and Ollydbg A practical and timely network security ethics chapter written by a Stanford University professor of law completes the suite of topics and makes this book a goldmine of security information. Save yourself a ton of headaches and be prepared for any network security dilemma with Security Power Tools.
Security Protocols XXIII
by Jonathan Anderson Bruce Christianson Petr Švenda Vashek Matyáš James Malcolm Frank StajanoThis book constitutes the thoroughly refereed post-workshop proceedings of the 23rd International Workshop on Security Protocols, held in Cambridge, UK, in March/April 2015. After an introduction the volume presents 18 revised papers each followed by a revised transcript of the presentation and ensuing discussion at the event. The theme of this year's workshop is "Information Security in Fiction and in Fact".
Security Protocols XXVI: 26th International Workshop, Cambridge, UK, March 19–21, 2018, Revised Selected Papers (Lecture Notes in Computer Science #11286)
by Jonathan Anderson Bruce Christianson Petr Švenda Vashek Matyáš Frank StajanoThis book constitutes the thoroughly refereed post-workshop proceedings of the 26th International Workshop on Security Protocols, held in Cambridge, UK, in March 2018. The volume consists of 17 thoroughly revised invited papers presented together with the respective transcripts of discussions. The theme of this year's workshop was fail-safe and fail-deadly concepts in protocol design. The topics covered included failures and attacks; novel protocols; threat models and incentives; cryptomoney; and the interplay of cryptography and dissent.
Security Protocols XXVII: 27th International Workshop, Cambridge, UK, April 10–12, 2019, Revised Selected Papers (Lecture Notes in Computer Science #12287)
by Jonathan Anderson Bruce Christianson Vashek Matyáš Frank StajanoThe volume LNCS 12287 constitutes the proceedings of the 27th International Workshop on Security Protocols, held in Cambridge, UK, in April 2019. The volume consists of 16 thoroughly revised invited papers presented together with the respective transcripts of discussions. The theme of this year's workshop was “Security Protocols for Humans" The topics covered included Designing for Humans and Understanding Humans, Human Limitations in Security, Secure sharing and collaboration and much more.
Security Protocols XXVIII: 28th International Workshop, Cambridge, UK, March 27–28, 2023, Revised Selected Papers (Lecture Notes in Computer Science #14186)
by Jonathan Anderson Bruce Christianson Vashek Matyáš Frank StajanoThis book constitutes the refereed post-conference proceedings of the 28th International Workshop on Security Protocols, held in Cambridge, UK, during March 27–28, 2023. Thirteen papers out of 23 submissions were selected for publication in this book, presented together with the respective transcripts of discussions. The theme of this year's workshop was “Humans in security protocols — are we learning from mistakes?” The topics covered are securing the human endpoint and proving humans correct.
Security Relationship Management: Leveraging Marketing Concepts to Advance a Cybersecurity Program (Security, Audit and Leadership Series)
by Lee ParrishAligning information security to the goals and strategies of the business is paramount for ensuring risks are addressed, without an abundance of negative impacts to the company. But how does a Chief Information Security Officer (CISO) accomplish effective alignment? A security executive must understand the detailed needs of business leaders and stakeholders from across all corners of the company. We cannot rely on a standard cadence of general security discussions across all of the lines of business, as well as functional areas, and expect our alignment to be maximally effective. Instead, we should promote our security programs in such a way that makes it personal to whomever we are speaking with at any given time.By leveraging already established and tested marketing concepts, slightly altered for information security, the CISO can tailor their message to fit the needs of each stakeholder. This allows for in-depth business alignment, as well as a holistic view of the company’s underpinnings for the CISO. Within these pages, the reader will learn how segmentation, the Four Ps, and customer relationship management techniques, can help to transform their security program. Additionally, the book introduces a concept called Security Relationship Management (SRM) that optimizes the creation and nurturing of the hundreds of professional relationships (within and outside the company) that a CISO must balance each week. Through structured tracking of interactions and analyzing SRM data, the CISO ensures that relationships are managed effectively, which increases alignment between the business and cybersecurity initiatives. Pick up your copy of Security Relationship Management: Leveraging Marketing Concepts to Advance a Cybersecurity Program, today to begin your SRM journey.Please visit www.novelsecurity.com for more information.
Security Rights in Intellectual Property (Ius Comparatum - Global Studies in Comparative Law #45)
by Eva-Maria KieningerThis book discusses the main legal and economic challenges to the creation and enforcement of security rights in intellectual property and explores possible avenues of reform, such as more specific rules for security in IP rights and better coordination between intellectual property law and secured transactions law. In the context of business financing, intellectual property rights are still only reluctantly used as collateral, and on a small scale. If they are used at all, it is mostly done in the form of a floating charge or some other “all-asset” security right. The only sector in which security rights in intellectual property play a major role, at least in some jurisdictions, is the financing of movies. On the other hand, it is virtually undisputed that security rights in intellectual property could be economically valuable, or even crucial, for small and medium-sized enterprises – especially for start-ups, which are often very innovative and creative, but have limited access to corporate financing and must rely on capital markets (securitization, capital market). Therefore, they need to secure bank loans, yet lack their own traditional collateral, such as land.