Search

Your search keyword '"Information technology security"' showing total 94 results
Start Over Descriptor "Information technology security" Database OpenAIRE
94 results on '"Information technology security"'

3. ПОДГОТОВКА БУДУЩИХ ОФИЦЕРОВ ВОЙСК НАЦИОНАЛЬНОЙ ГВАРДИИ РОССИЙСКОЙ ФЕДЕРАЦИИ В ОБЛАСТИ ИНФОРМАЦИОННО-ТЕХНОЛОГИЧЕСКОЙ БЕЗОПАСНОСТИ

Subjects
курсант, cadet, information security, information technology security, информационная безопасность, Education (General), офицерские кадры, информационные технологии, information technology, информационно-технологическая безопасность, officer personnel, digital transformation, цифровая трансформация, L7-991
Abstract

Рассматривается вопрос применения информационно-технологической безопасности в процессе подготовки офицерских кадров для нужд Федеральной службы войск национальной гвардии Российской Федерации. Акцентируется внимание на том, что образовательная сфера претерпевает существенные изменения, что в свою очередь вносит огромное корректирующее значение в процесс обучения будущих офицерских кадров Росгвардии. Описывается, что военная наука существенно отличается от традиционной системы образования в гражданских образовательных учреждениях и развитие военного образования осуществляется как самостоятельная отрасль специального образования. Приводится проблематика проводимых исследований по эффективности процесса обучения в военных образовательных организациях высшего образования Росгвардии, данные исследования набирают колоссальную популярность и значимость. Описаны основные значимые тенденции развития информационно-технологической безопасности как составной части информационной безопасности, дается понятийное определение информационно-технологической безопасности, что ставит обеспечение безопасности на одну из передовых позиций, реализующих определенные интересы государства и общества в информационном обмене. Рассматриваются существующие уровни информационно-технологической безопасности по критериям ее использования. Описывается информационная направленность в военном образовании, которая позволит достичь определенных образовательных целей в ходе подготовки будущих офицерских кадров для нужд Росгвардии. Делается акцент на то, что применение информационных технологий в процессе обучения не заменит полностью опыт профессорско-преподавательского состава по направлению соответствующей отрасли, а только облегчит понимание и усвоение курсантами учебного материала. В заключительной части делается обобщающий вывод о том, что информационно-технологическая безопасность выдвигает на первоочередную позицию проблематику, имеющуюся по вопросам обеспечения информационной безопасности в ходе подготовки будущих офицерских кадров Росгвардии.

Published
2021

5. Kill Chain Attack Modelling for Hidden Channel Attack Scenarios in Industrial Control Systems

Author

Claus Vielhauer and Tom Neubert

Subjects
0209 industrial biotechnology, Steganography, Computer science, 020208 electrical & electronic engineering, ComputerApplications_COMPUTERSINOTHERSYSTEMS, 02 engineering and technology, Industrial control system, Computer security, computer.software_genre, Information technology security, 020901 industrial engineering & automation, Control and Systems Engineering, Kill chain, Order (exchange), Information hiding, 0202 electrical engineering, electronic engineering, information engineering, computer, Communication channel
Abstract

The protection against Advanced Persistent Threats (APTs) is an important topic in nuclear and industrial information technology security since the last decade. Nowadays steganography, i.e. information hiding techniques are increasingly used by attackers in order to operate without being detected. The usage of hidden channel communication in APTs creates a novel form of attack scenarios for which the current defense mechanisms are usually ineffective. In order to defend industrial control systems against those attacks, it is necessary to understand and comprehend the attacks. Thus, this paper presents how attack modelling based on the Lockheed Martin Cyber Kill Chain can be used to analyze hidden channel APT attack scenarios and how it can be used to elaborate defense mechanisms and to reveal attack indicators along all phases of those attack scenarios.

Published
2020
Full Text
View/download PDF

7. Analysis of Csirt Services in Facing Cyber Security Challenges in Indonesia

Author

Arfive Gandhi, Teddy Sukardi, Muhammad Haidar, and Yudho Giri Sucahyo

Subjects
Service (systems architecture), business.industry, government.form_of_government, Information technology, Data theft, Data loss, Computer security, computer.software_genre, Information technology security, Incident response, government, Information flow (information theory), business, computer, Incident report
Abstract

Along with the rapid development of information technology and supporting several aspects of life, the increase in the use of information technology is directly proportional to the risk of cyber security so that it can cause losses in the form of data theft, data loss/damage, and obstruction of information flow. In handling information technology security. CSIRT (Computer Security Incident Response Team) is an organization or team responsible for receiving, reviewing, and responding to cyber security incident reports and activities. However, since CSIRT was established, the current CSIRT service in Indonesia has not changed much from when it was first launched, only technology and some cyber security attack and defense techniques have changed but the management principles are considered to remain the same. This study aims to analyze the role and services of CSIRT in Indonesia to deal with the threat of cyber-attacks using the Carnegie Mellon University (CMU) framework. The results of this study are recommendations by mapping the results of research against the FIRST framework so that 10 recommendations can be obtained for the implementation of CSIRT services in Indonesia.

Published
2021
Full Text
View/download PDF

8. Protection Profile Bricks for Secure IoT Devices

Author

Antonio de la Piedra and Raphael Collado

Subjects
Authentication, business.industry, Computer science, Firmware, 020206 networking & telecommunications, 02 engineering and technology, Certification, Computer security, computer.software_genre, Automation, Information technology security, Protection Profile, Common Criteria, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Trusted Platform Module, business, computer, Countermeasure (computer)
Abstract

The Internet of Things (IoT) paradigm has been proposed in the last few years with the goal of addressing technical problems in fields such as home and industrial automation, smart lighting systems and traffic monitoring. However, due to the very nature of the IoT devices (generally low-powered and often lacking strong security functionalities), typical deployments pose a great risk in terms of security and privacy. In this respect, the utilization of both a Trusted Execution Environment (TEE) and a Trusted Platform Module (TPM) can serve as a countermeasure against typical attacks. Furthermore, these functional blocks can serve as safe key storage services and provide a robust secure boot implementation and a firmware update mechanism, thus ensuring run-time authentication and integrity. The Common Criteria for Information Technology Security Evaluation allows to determine the degree of attainment of precise security properties in a product. The main objective of this work is to identify, propose and compose bricks of protection profile (PP), as defined by Common Criteria, that are applicable to secure IoT architectures. Moreover, it aims at giving some guiding rules and facilitate future certifications of components and/or their composition. Finally, it also provides a structure for a future methodology of assessment for IoT devices.

Published
2021
Full Text
View/download PDF

9. Cyber Fraud: Detection and Analysis of the Crypto-Ransomware

Author

Murat Aydos and Ilker Kara

Subjects
021110 strategic, defence & security studies, Computer science, business.industry, 0211 other engineering and technologies, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Virtual currency, Ransom, Information technology security, Order (business), 0202 electrical engineering, electronic engineering, information engineering, Ransomware, Dimension (data warehouse), business, computer
Abstract

Currently as the widespread use of virtual monetary units (like Bitcoin, Ethereum, Ripple, Litecoin) has begun, people with bad intentions have been attracted to this area and have produced and marketed ransomware in order to obtain virtual currency easily. This ransomware infiltrates the victim’s system with smartly-designed methods and encrypts the files found in the system. After the encryption process, the attacker leaves a message demanding a ransom in virtual currency to open access to the encrypted files and warns that otherwise the files will not be accessible. This type of ransomware is becoming more popular over time, so currently it is the largest information technology security threat. In the literature, there are many studies about detection and analysis of this cyber-bullying. In this study, we focused on crypto-ransomware and investigated a forensic analysis of a current attack example in detail. In this example, the attack method and behavior of the crypto-ransomware were analyzed and it was identified that information belonging to the attacker was accessible. With this dimension, we think our study will significantly contribute to the struggle against this threat.

Published
2020
Full Text
View/download PDF

10. EVALUASI TATA KELOLA KEAMANAN TEKNOLOGI INFORMASI MENGGUNAKAN INDEKS KAMI UNTUK PERSIAPAN STANDAR SNI ISO/IEC 27001 (STUDI KASUS: STMIK MARDIRA INDONESIA)

Author

riswaya, Asep Ririh, Sasongko, Ashwin, and Maulana, Asep

Subjects
Information Technology Security, Governance TI, SNI ISO / IEC 27001
Abstract

Today's technology is an important asset to support the business activities of institutions or institutions, STMIK Mardira Indonesia is a higher education institution that requires technology for educational service facilities. Information technology security governance is useful for protecting assets while maintaining the sustainability of information technology services, several standards for governance have also been used to ensure the security of information technology assets, SNI ISO / IEC 27001 and SNI ISO / IEC 27002 are national standards that adopt from international standards in its activities require evaluation to determine governance readiness and the US index is used as an evaluation tool towards the standardization. The evaluation results in the electronics sector have a value of 21 which means the electronics sector in this institution is high according to the US Index 10 to 15 low, 16 to 34 high and 35 to 50 strategic. However, on the status of preparedness with a value of 117 which means that it is still not feasible for SNI ISO / IEC 27001 certification to be eligible for certification is a range of values 273 to 445. On the basis of some evaluation results obtained, governance is carried out in Annex A.5.1.1 Information security policy document, A.5.1.2 Review of the policies for information security, A.6.1.1 Information security roles and responsibilities, A.15.1.1 Information security policy for supplier relationships, A.16.1 Reporting information security events and weaknesses and Annex 16.1 .3 Reporting information security weaknesses.

Published
2020
Full Text
View/download PDF

11. Information Security Policy Compliance: Systematic Literature Review

Author

Angraini, Rose Alinda Alias, and Okfalisa

Subjects
Computer science, 020206 networking & telecommunications, 02 engineering and technology, Information security, Compliance (psychology), Information technology security, Systematic review, Risk analysis (engineering), 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, Information security policy, 020201 artificial intelligence & image processing, Organizational theory, Metric (unit), General Environmental Science
Abstract

The growth of research in information technology security has enlarged in recent years. Investigations in Information security besides discussing technical problems but also consider policies, behavior and user compliance issues. Therefore, a systematic review is needed to inform the development of research in compliance with information security policies. This literature review aims to find the challenges and explore the current state-of-the art of information security policy compliance. We identified 305 research papers published on topics of information security policy compliance between 2014 and 2019 and extract 53 documents from discussing with inclusion and exclusion criteria. This literature review found there is a lack of study about an evaluation of information security policy compliance using specific metric and need to enhance the model of information security policy compliance with organizational theories.

Published
2019
Full Text
View/download PDF

12. Audit Manajemen Keamanan Teknologi Informasi Menggunakan Standar ISO 27001 : 2005 Di PerguruanTinggi XYZ

Author

Sri Yulianto, Ade Iriani, and Muhammad Sidik

Subjects
Engineering management, Information technology security, Continuous evaluation, business.industry, Process (engineering), Computer science, Information technology management, Information technology, Audit, business, Security controls, Information security management system
Abstract

Management audit is very important for any colleges towards the examination and assesment of their information technology management to gain efficient and effective business running process. Information technology security as an effort of internal controlling for risk and threat security minimization, is mainly considered due to all learning and lecturing administration activities use information technology. To find out how secure technology information is, it is then recquiring an audit to make sure everything run based on procedure. Standard used is framework international standardization organization (ISO) 27001:2005. It ischosen because framework can be adjusted with instrument of the research used in the organization. It is then developed and focused on information security management system (SMKI). As a results, all have outcome JPA = PA1:PA10, NA=JPA/10 produces value average 65%. Last but not at least, it showspositive level, but still under expectation by college requirement that requires continuous evaluation and enhancement of recommended security control

Published
2018
Full Text
View/download PDF

13. Software Vulnerabilities and Bug Bounty Programs

Author

Carsten Bienz and Steffen Juranek

Subjects
Information technology security, Information asymmetry, Software, Computer science, Software security assurance, business.industry, media_common.quotation_subject, Computer security, computer.software_genre, business, computer, Reputation, media_common
Abstract

Many software developers employ bug bounty programs that award a prize for the detection of bugs in their software. We analyze, in a model with asymmetric information, under which conditions a bug bounty program is beneficial for a software developer. In our model, a bug bounty program allows developers to perfectly discriminate between different types of bugs, and help to avoid reputation costs of exploited bugs. We find that the benefits of bounty program do not only depend on the characteristics of the underlying software but also that a bounty program crucially interacts with other elements of the security strategy.

Published
2020
Full Text
View/download PDF

14. To the Question of Ensuring the Information and Technological Security of Students in the Primary School

Author

Zaitseva, S. A. and Breil, N. A.

Subjects
RULES FOR PROTECTING THEIR OWN INFORMATION, ИНФОРМАЦИОННО-ТЕХНОЛОГИЧЕСКАЯ БЕЗОПАСНОСТЬ, ПРАВИЛАМИ ЗАЩИТЫ СОБСТВЕННОЙ ИНФОРМАЦИИ, INFORMATION TECHNOLOGY SECURITY
Abstract

The article examines the information and technological security of a child's activities when working with modern information and communication tools and resources. В статье рассматривается информационно-технологическая безопасность деятельности ребенка при работе с современными информационно-коммуникационными средствами и ресурсами.

Published
2020

15. Исследование каналов утечки информации и несанкционированного доступа

Subjects
information security, безопасность информационных технологий, information technology security, information leakage channels, информационная безопасность, несанкционированный доступ, information systems, информационные системы, каналы утечки информации, unauthorized access
Abstract

Исследуются и анализируются основные виды угроз безопасности информации, а также наиболее распространенные виды утечек информации., The main types of threats to information security, as well as the most common types of information leaks, are investigated and analyzed., Вестник Российского нового университета серия «Сложные системы: модели, анализ, управление», Выпуск 2 2020

Published
2020
Full Text
View/download PDF

16. Software vulnerabilities and bug bounty programs

Author

Bienz, Carsten and Juranek, Steffen

Subjects
software security, software vulnerability, Bug bounty program, information technology security
Abstract

Many software developers employ bug bounty programs that award a prize for the detection of bugs in their software. We analyze, in a model with asymmetric information, under which conditions a bug bounty program is beneficial for a software developer. In our model, a bug bounty program allows developers to perfectly discriminate between different types of bugs, and help to avoid reputation costs of exploited bugs. We find that the benefits of bounty program do not only depend on the characteristics of the underlying software but also that a bounty program crucially interacts with other elements of the security strategy.

Published
2020

17. Анализ существующих и перспективных методов защиты информации

Subjects
перспективные методы защиты информации, information security, безопасность информационных технологий, information technology security, информационная безопасность, information systems, информационные системы, prospective methods of information security
Abstract

Рассматривается и анализируется возможная совокупность различных систем, обеспечивающих информационную безопасность предприятия, представляющего собой аппаратнопрограммный комплекс., The article discusses and analyzes the possible combination of various systems that ensure the information security of the enterprise, which is a hardwaresoftware complex., №2 (2019)

Published
2019
Full Text
View/download PDF

18. Introduction to the book

Author

Andrew T. H. Tan

Subjects
Information technology security, Order (exchange), Computer science, Taxonomy (general), Natural (music), Confidentiality, Set (psychology), Computer security, computer.software_genre, computer, Asian studies, Domain (software engineering)
Abstract

In this introductory chapter, we illustrate the book’s motivation and objective. In particular, the book takes its raison d’etre from the need for protecting Cyber-Physical Systems (CPSs) against threats originating either in the cyber or in the physical domain. Exploring the concepts of safety, security, and privacy for CPSs thus emerged as the natural goal to reach. In order to better support this objective and to help the reader to navigate the book contents, a taxonomy of the above-mentioned concepts is introduced, based on a set of three triads, including the well-known Confidentiality, Integrity, and Availability triad which was introduced in the Information Technology security literature.

Published
2016
Full Text
View/download PDF

19. Supporting students’ knowledge and skills in information technology security through a security portal

Author

Omer Delialioglu, Nilay Pancar Çiftçi, and OpenMETU

Subjects
Information technology security, High school students, Online security, Knowledge management, Turkey, Computer science, business.industry, 05 social sciences, 050301 education, Information technology, Safety awareness, Library and Information Sciences, Security portal, 0509 other social sciences, 050904 information & library sciences, business, 0503 education
Abstract

This study aims to investigate the initial perceived knowledge and skills of high school students in information technology (IT) security and the effect of an online security support tool, the Security Portal (SP), on students’ perceived knowledge and skills in IT security. The SP is a website designed and developed as an extracurricular learning tool to improve high school students’ knowledge and skills in IT security. An exploratory research design with descriptive and inferential statistical analysis was conducted to answer the research questions. The data were collected from the participants through the Perceived Knowledge and Skills in IT Security questionnaire, administered as pre-test and post-test before and after using the SP. The results of the study indicated that the majority of students were not aware about their schools’ IT security policies and rules. Similarly, students had limited knowledge of the rules for using IT devices at their homes. Students’ perceived knowledge and skills in (i) virus infection, (ii) awareness about IT crimes and unlicensed products, (iii) security settings of operating systems, (iv) Windows firewall and defender, (v) security settings of Android OS except adding owner information (vi) security issues related to e-mails, except risk associated with opening e-mails from unknown senders, (vii) security issues of web browsers and SNSs except security and privacy settings of SNSs, could be improved by using such tools.

Published
2016
Full Text
View/download PDF

20. Application of AI Technology in Defense of Big Data Network Security

Author

Xuechen Wu, Yinda Chen, and Xuanrui Gao

Subjects
History, Information Age, business.industry, Network security, Computer science, Big data, Information technology, Computer security, computer.software_genre, Computer Science Applications, Education, Request for information, Information technology security, The Internet, Big data security, business, computer
Abstract

Artificial intelligence technology is a new technology based on computer science and technology, combined with Internet technology. It has been widely used in all walks of life. With the development of information technology, the coverage of the Internet is wider, more and more users are involved, and the transmission and sharing of information is more and more convenient. This makes people’s request for information security rise to a higher level. The arrival of the big data era has put forward higher requirements for the security protection of the information technology security personnel for the complex data. Artificial intelligence technology can solve this problem well in the application of big data security defense. Artificial intelligence technology can not only enhance the security of network information, but also will change the way people live in the future with the wider application in the network, which will profoundly affect people’s life in the information age.

Published
2021
Full Text
View/download PDF

21. An analysis of strategic and economic values of business ethics

Author

David Annino, Sung Hyun Kim, Kyung Hoon Yang, and Young-Chan Lee

Subjects
Organizational Behavior and Human Resource Management, Information technology security, Knowledge management, Protection motivation theory, business.industry, Strategy and Management, Information technology, Business, User participation, Business and International Management, Business ethics, Knowledge sharing
Abstract

Information technology ethics, information technology security, online user participation, and knowledge sharing in organisations have been recognised as substantial issues in the management inform...

Published
2021
Full Text
View/download PDF

22. Practical Data Security

Author

John Gordon

Subjects
History, ComputingMilieux_THECOMPUTINGPROFESSION, business.industry, media_common.quotation_subject, Closing (real estate), Data security, Encryption, computer.software_genre, GeneralLiterature_MISCELLANEOUS, Management, Computer virus, Information technology security, Performance art, Telecommunications, business, GeneralLiterature_REFERENCE(e.g.,dictionaries,encyclopedias,glossaries), computer, media_common
Abstract

Data security - an introduction, John Gordon an oragnization for security in a major company, Charles Brookson information technology security evaluation - management summary, Eric Roche closing the evaluation gap - the CLEF experience, Andrew Clark and Andrea Cumming mechanisms of stealth, Alan Solomon computer viruses, Jan Hruska security modelling, John Gordon secure delivery of software, Fiona Williams and Samantha Green digital signatures for non-repudiation, Fred Piper network encryption management, Vince Gallo computer crime - law and regulation - protection and prosecution, Wendy R. London a structured control methodology to aid data security, John Mitchell securing your PC, Alex Mcintosh.

Published
2019
Full Text
View/download PDF

24. The Business Transformation Framework and Enterprise Architecture Framework for Managers in Business Innovation

Author

Damir Kalpić and Antoine Trad

Subjects
Enterprise architecture framework, Information technology security, Process management, Business, Business transformation
Abstract

The business transformation project (BTP) of a modern business environment needs a well-designed information and cyber technology security automation concept (ITSAC) that, in turn, depends on measurable success factors. These factors are used for the evolution of the transformation process. During the last decade, due to the global insecurity and financial crisis, the security strategies are not efficient. That is mainly due to the fact that businesses depend on security standards, cyber and information technology evolution, enterprise architecture, business engineering, and multilevel interoperability. They are restricted to blindfolded infrastructure security operations. Major BTPs are brutally wrecked by various security violations that may cause a no-go decision.

Published
2019
Full Text
View/download PDF

25. The impact of data security on firm value : how do stock markets react to data breach announcements?

Author

Landmann, Juliane and Stahl, Jörg

Subjects
Information technology security, Estudo de eventos, Event study, Segurança de tecnologia da informação, Data breach, Segurança de dados, Data security, Ciências Sociais::Economia e Gestão [Domínio/Área Científica], Violação de dados
Abstract

Submitted by Isabel Gomes (itg@lisboa.ucp.pt) on 2019-02-18T12:16:04Z No. of bitstreams: 1 152417068 Juliane Landmann W PDFA.pdf: 767673 bytes, checksum: 452f84b4d131e44aa6acce45b3036b6e (MD5) Approved for entry into archive by Isabel Gomes (itg@lisboa.ucp.pt) on 2019-02-18T12:16:18Z (GMT) No. of bitstreams: 1 152417068 Juliane Landmann W PDFA.pdf: 767673 bytes, checksum: 452f84b4d131e44aa6acce45b3036b6e (MD5) Made available in DSpace on 2019-02-18T12:16:18Z (GMT). No. of bitstreams: 1 152417068 Juliane Landmann W PDFA.pdf: 767673 bytes, checksum: 452f84b4d131e44aa6acce45b3036b6e (MD5) Previous issue date: 2019-01-30

Published
2019

26. Cluster Analysis of IT Security Risks in Chosen Sectors

Author

Mario Spremić and Ante Buljan

Subjects
business transformation, k-means, information technology security, Digital transformation, O57, Disease cluster, Computer security, computer.software_genre, Business transformation, Europe, Information technology security, ddc:330, digital markets, Business, Digital divide, Cluster analysis, computer, clustering
Abstract

The problems of digitalisation and transition of companies into the digital markets has become one of the crucial issues in contemporary business. Digital transformation is changing markets and interactions. These trends impose a question on how secure is this environment and how companies are combating this issue. This new environment shows us how knowledge is dispersed across a global market and in individual, national, markets. The goal of the research is to investigate the differences between countries in Europe according to how their companies tackled the challenges of IT security. Clustering is conducted by the use of simple k-means method using the data on European countries available in Eurostat. The digital divide has been found among European countries according to their usage of investigated IT security practices. This work is licensed under aCreative Commons Attribution-NonCommercial 4.0 International License.

Published
2019
Full Text
View/download PDF

27. Strengthening information technology security through the failure modes and effects analysis approach

Author

Nasim Lari, Arben Asllani, and Alireza Lari

Subjects
lcsh:Management. Industrial management, Quality management, Airport security, Computer science, Process (engineering), media_common.quotation_subject, 02 engineering and technology, Information technology security, ddc:650, 0202 electrical engineering, electronic engineering, information engineering, Information system, Quality (business), FMEA, Risk management, media_common, business.industry, 020207 software engineering, Risk analysis (engineering), lcsh:HD28-70, 020201 artificial intelligence & image processing, business, Failure mode and effects analysis
Abstract

Proper protection of information systems is a major quality issue of organizational risk management. Risk management is a process whereby risk factors are identified and then virtually eliminated. Failure modes and effects analysis (FMEA) is a risk management methodology for identifying system’s failure modes with their effects and causes. FMEA identifies potential weaknesses in the system. This approach allows companies to correct areas identified through the process before the system fails. In this paper, we identify several critical failure factors that may jeopardize the security of information systems. In doing this, we systematically identify, analyze, and document the possible failure modes and the possible effects of each failure on the system. The proposed cybersecurity FMEA (C-FMEA) process results in a detailed description of how failures influence the system’s performance and how they can be avoided. The applicability of the proposed C-FMEA is illustrated with an example from a regional airport.

Published
2018
Full Text
View/download PDF

28. Authorized and Rogue Device Discrimination Using Dimensionally Reduced RF-DNA Fingerprints

Author

Michael A. Temple, Julie Ann Jackson, and Donald R. Reising

Subjects
Authentication, Spoofing attack, Access network, Computer Networks and Communications, business.industry, Computer science, Orthogonal frequency-division multiplexing, WiMAX, Information technology security, Identification (information), Feature (computer vision), Wireless lan, Wireless, Safety, Risk, Reliability and Quality, business, Computer network
Abstract

Unauthorized network access and spoofing attacks at wireless access points (WAPs) have been traditionally addressed using bit-centric security measures and remain a major information technology security concern. This has been recently addressed using RF fingerprinting methods within the physical layer to augment WAP security. This paper extends the RF fingerprinting knowledge base by: 1) identifying and removing less-relevant features through dimensional reduction analysis (DRA) and 2) providing a first look assessment of device identification (ID) verification that enables the detection of rogue devices attempting to gain network access by presenting false bit-level credentials of authorized devices. DRA benefits and rogue device rejection performance are demonstrated using discrete Gabor transform features extracted from experimentally collected orthogonal frequency division multiplexing-based wireless fidelity (WiFi) and worldwide interoperability for microwave access (WiMAX) signals. Relative to empirically selected full-dimensional feature sets, performance using DRA-reduced feature sets containing only 10% of the highest ranked features (90% reduction), includes: 1) maintaining desired device classification accuracy and 2) improving authorized device ID verification for both WiFi and WiMAX signals. Reliable burst-by-burst rogue device rejection of better than 93% is achieved for 72 unique spoofing attacks and improvement to 100% is demonstrated when an accurate sample of the overall device population is employed. DRA-reduced feature set efficiency is reflected in DRA models requiring only one-tenth the number of features and processing time.

Published
2015
Full Text
View/download PDF

29. Análisis de los Componentes de la Seguridad desde una Perspectiva Sistémica de la Dinámica de Sistemas

Author

Parada, Diego J., Flórez, Angélica, and Gómez, Urbano E.

Subjects
information security, cyber security, dinámica de sistemas, information technology security, system dynamics, ciberseguridad, seguridad de la información, seguridad informática
Abstract

Resumen Este artículo presenta el análisis sistémico de los componentes de la seguridad utilizando los lenguajes de la dinámica de sistemas tales como la prosa, el diagrama de influencias, de flujo-nivel, las ecuaciones y los comportamientos. La dinámica de sistemas permite el análisis de la complejidad de los elementos de la seguridad mediante la caracterización de los ciclos de realimentación presentes para el entendimiento, explicación y pronóstico de la misma. Se muestra la utilidad del modelo propuesto a través de la simulación de escenarios hipotéticos, permitiendo con ello medir la seguridad de la información. Abstract This article presents the systemic analysis of the components of security with the use of the languages of systems dynamics such as the prose, influence diagram, flow-level, equations and behaviors. Systems dynamics allows the analysis of the complexity of security’s elements through the characterization of the existing feedback cycles, for the perception, explanation and prediction of security. The usefulness of the proposed model is shown through the simulation of hypothetical scenarios, allowing in this way measuring information security.

Published
2018

30. The impact of security awareness on information technology professionals' behavior

Author

Stephen Boyle, Carmen Reaiche, Ron Torten, Torten, Ron, Reaiche, Carmen, and Boyle, Stephen

Subjects
protective motivation theory, General Computer Science, cybersecurity, media_common.quotation_subject, Compromise, Perceived vulnerability, Internet privacy, Population, 02 engineering and technology, Intellectual property, IT professionals, 020204 information systems, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Motivation theory, education, security awareness programs, media_common, education.field_of_study, security behavior, business.industry, Social engineering (security), 05 social sciences, social engineering, information technology security, Information technology, human behavior, 050211 marketing, Business, Law, Reputation
Abstract

Protecting digital assets is a growing concern for corporations, as cyberattacks affect business performance, reputation, and compromise intellectual property. Information technology (IT) security in general and cyber security, in particular, is a fast-evolving area that requires continuous evaluation and innovation. The objective of cyber-attacks has not changed over time however there is a shift in the attack methods through the increased use of social engineering, concentrating on the human elements as the weakest link in the security posture of any system network. This research looks at the relationship between threat awareness and countermeasure awareness on IT professionals' compliance with desktop security behaviors. The model originally put forward by Hanus and Wu (2016), was tested on a population of 400 IT professionals across a broad range of IT roles and company sizes in the United States. The overall findings show that 61.2% of the variability in desktop security behavior can be explained by threat awareness and countermeasure awareness. In addition, the research found a determinant relationship between threat awareness and countermeasure awareness with the five elements of protective motivation theory (PMT), which include perceived severity, perceived vulnerability, self-efficacy, response efficacy, and response cost. Finally, the research shows that all elements of PMT, with the exception of perceived vulnerability, significantly determine desktop security behavior. Refereed/Peer-reviewed

Published
2018

31. The Categorization and Information Technology Security of Automated Vehicles

Author

Attila Albini, Daniel Tokody, and Zoltan Rajnai

Subjects
System building, Computer science, IT security, 010501 environmental sciences, 01 natural sciences, Information technology security, increase, 0502 economics and business, lcsh:Social sciences (General), 0105 earth and related environmental sciences, Flexibility (engineering), 050210 logistics & transportation, business.industry, 05 social sciences, Information technology, Automation, IT infrastructure, technology, vehicle, Categorization, Risk analysis (engineering), Information technology management, lcsh:H1-99, Cyberspace, business
Abstract

In addition to mechanical changes automation plays an increasingly important role in the evolution of vehicles. The development of autonomous automobiles is the driving force behind the evolution of the information technology (IT) infrastructure in vehicles. Self-reliance requires more and more automation. Enhanced level of automation requires increased operational reliability. This will also resulting an increased level of safety in the cyberspace of vehicles. Endangering cyberspace can also come from a threat of natural and human origin. IT security is the protection against threats of natural origin. It includes protection against natural and technological impacts. For these reasons, it is important to increase IT security in the IT infrastructure of vehicles. This article examines IT security increasing system building technologies from the aspect of the overall IT infrastructure of vehicles. These technologies enable faster processing, increased availability and greater flexibility. The study requires the creation of a new vehicle automation categorization. Technologies are examined according to these new categories and the functional layers of the general IT infrastructure.

Published
2018

33. Information Technology Security as Scored by Management Budget

Author

Tiina K. O. Rodrigue

Subjects
Information technology security, Political science, Computer security, computer.software_genre, computer
Abstract

In information technology security as scored by management budget, the author examines information technology (IT) security in the context of organizational management, business, complexity leadership theories, and current IT security scholarship. Based on well-known organizational power and politics theory as well as accounting, budget, and management literature, the chapter examines what is known about the impact of power and politics on IT security and the importance of budgetary gamesmanship as illustrated by understanding that the budget as a game, the politics of allocation within an organization, the influence of budgetary bias and how it shapes what CISOs must understand and master, the unfunded mandate impediment through which each the organization picks winners and losers under the auspices of “doing more with less.” The author suggests a future framework for IT security-management-budget review that includes measures that track expenditure versus the power alignment and how to gauge the net effect on an organization's information-technology security posture.

Published
2018
Full Text
View/download PDF

34. Tales from the Trenches

Author

Morey J. Haber and Brad Hibbert

Subjects
Information technology security, History, business.industry, First person, Internet privacy, Use case, business
Abstract

Over the last few decades, I (Morey – and not John Titor as some readers may believe) have experienced a plethora of use cases and clients that inherently did not understand the risks to their assets and processes within their own organizations. In that time, I have documented my favorite ones and included them in this book as lessons learned: tales from the trenches. They may sound personal (written in the first person) and even a little loose, but they make good stories we all can learn from and how not to make the same mistakes. These short stories are from real clients and sales teams that failed miserably managing information technology security, vulnerabilities, processes, and sales cycles. Hopefully, the results become a reference point for all of us – what not to do when trying to protect our precious resources.

Published
2018
Full Text
View/download PDF

35. Filtering Intrusion Detection Alarms using Ant Clustering Approach

Author

Ghodhbani Salah and Jemili Farah

Subjects
business.industry, Computer science, Volume (computing), Intrusion detection system, Machine learning, computer.software_genre, Constant false alarm rate, Information technology security, False positive paradox, Artificial intelligence, Data mining, business, Cluster analysis, computer
Abstract

the growth of cyber attacks, information safety has become an important issue all over the world. Many firms rely on security technologies such as intrusion detection systems (IDSs) to manage information technology security risks. IDSs are considered to be the last line of defense to secure a network and play a very important role in detecting large number of attacks. However the main problem with today's most popular commercial IDSs is generating high volume of alerts and huge number of false positives. This drawback has become the main motivation for many research papers in IDS area. Hence, in this paper we present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by an IDS and increase detection accuracy. Our data mining technique is unsupervised clustering method based on hybrid ANT algorithm. This algorithm discovers clusters of intruders' behavior without prior knowledge of a possible number of classes, then we apply K-means algorithm to improve the convergence of the ANT clustering. Experimental results on real dataset show that our proposed approach is efficient with high detection rate and low false alarm rate.

Published
2015
Full Text
View/download PDF

36. INTEGRATING INTERNAL CONTROL FRAMEWORKS FOR EFFECTIVE CORPORATE INFORMATION TECHNOLOGY GOVERNANCE

Author

Samir M. El-Gazzar, Abdou Ahmed Ettish, and Rudolph A. Jacob

Subjects
Process management, business.industry, Computer science, IT Governance, Corporate governance, Control (management), Integrated ITG Framework, Information technology, Internal Control, Business objectives, Information technology security, Extant taxon, Key (cryptography), IT Risks, business, Business management
Abstract

This paper analyzes and proposes how several internal control frameworks can be integrated to achieve effective corporate information technology governance. The fundamental tenet of the current literature in this area is that neither a single framework nor non-integrated multiple frameworks would suffice in achieving effective information technology security and governance. Using the extant literature, a deductive approach, and focusing on three popularized internal control frameworks ERM, COSO, and COBIT5, we propose a framework that can help organizations effectively and efficiently achieve information technology governance through their interaction. An integrated framework is one that links the key control objectives to strategic business objectives and, in doing so, addresses IT governance principles at both a strategic and operational level, whilst aligning IT and business management understanding of the key risk areas that characterize the organization’s goals (Goosen and Rudman, 2013). In addition, this fundamental alignment is expected to eliminate unnecessary controls and processes which in turn help improving IT governance. We expect firms seeking to adopt the proper IT governance to utilize the proposed integrated framework.

Published
2017

38. Experience in the Formation of Competencies in the Field of Information Technology Security in the Educational Programs of MIEM NRU HSE

Author

Aleksandr V. Belov, Alexey Los, and Artem Sergeevich Kabanov

Subjects
Information technology security, Engineering management, Engineering education, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020207 software engineering, Information technology, 02 engineering and technology, Digital economy, Information security, Educational standards, T58.5-58.64, Field (computer science)
Abstract

The paper discusses the development and testing of a model of competencies in information security which ensures the effective interaction of society, business, the labor market and education in the digital economy. The proposed model is based on the requirements of employers for the training of a modern engineer. In accordance with the developed competency model in the field of information security the original educational standards for engineering education implemented at MIEM NRU HSE were modernized.

Published
2020
Full Text
View/download PDF

39. Information Technology Security Threats to Modern e-Enabled Aircraft: A Cautionary Note

Author

Marko Wolf, Moritz Minzlaff, and Martin Moser

Subjects
Engineering, Automatic dependent surveillance-broadcast, business.industry, Aerospace Engineering, Information technology, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Attack surface, Safety standards, Computer security, computer.software_genre, Integrated modular avionics, Computer Science Applications, Information technology security, Global Positioning System, Electrical and Electronic Engineering, business, Commercial off-the-shelf, computer
Abstract

Most passengers, airlines, and the aircraft industry in general are used to very high safety standards and precautions surrounding aircraft systems. As the computerization of aircraft steadily progresses, the question of security (that is, the protection against intentional manipulations) becomes increasingly relevant. This paper focuses on these security challenges. In particular, it adds the following contributions: It assesses the current state of public research on aircraft information technology security and contrasts it with an evaluation of the threat level through a discussion of recent attacks and vulnerabilities. This shows that many attack vectors are not protected against by the state-of-the-art technology implemented in today’s aircraft. In addition, increasing digitalization, connectivity, and similar developments have led to so-called 'e-enabled' aircraft with an ever larger attack surface. This results in challenges to the aircraft industry and lead to a requirement for additional technica...

Published
2014
Full Text
View/download PDF

40. A Comparative Assessment of Computer Security Incidence Handling

Author

Uchenna Ani and Nneka C. Agbanusi

Subjects
Exploit, Computer science, Computer security, computer.software_genre, Information technology security, Risk analysis (engineering), Incident management, Damages, Key (cryptography), Incident response, General Earth and Planetary Sciences, computer, General Environmental Science, Incidence (geometry)
Abstract

Incidence response and handling has become quite a crucial, indispensible constituent of information technology security management, as it provides an organised way of handling the aftermaths of a security breach. It presents an organisation’s reaction to illegitimate and unacceptable exploits on its assets or infrastructure. The goal must be to successfully neutralise the incident, such that damages are significantly reduced with attendant reduction in recovery time and costs. To achieve this, several approaches and methodologies proposed have been reviewed with a view to identifying essential processes. What is needed is referred to as incident capability mingled with collaborations. This defines a shift from response to management of computer security incidents in anointer relationship manner that foster collaboration through the exchange and sharing of incidence management details among several distinct organizations. Key step-up aspects centre on issues of enforcing and assuring trust and privacy. A viable collaborative incident response approach must be able to proffer both proactive and reactive mechanisms that are management-oriented and incorporating all required techniques and procedures.

Published
2014
Full Text
View/download PDF

41. Hotel Information Technology Security: Do Hoteliers Understand the Risks?

Author

Thomas Schrier, Jungsun Sunny Kim, and John Farrish

Subjects
Information technology security, business.industry, Tourism, Leisure and Hospitality Management, Service level, Information technology, Self service technology, Marketing, business, Hospitality industry, Hotel industry
Abstract

During the past decade, information technology (IT) has significantly changed the way the hotel industry controls and manages operations. While many technologies have been utilized, some newer technologies have emerged in the literature and in practice, and many of them impact the hotel's security. The purpose of this study is to understand how hotels with different service levels are currently using these technologies, and if having an internal IT department and sufficient IT budget impacts the use of these technologies. Among the results, this study identified a gap between hoteliers’ understanding of IT budget adequacy and the adequacy of installed IT security systems. The results also showed that luxury properties were significantly more likely to employ adequate IT security systems than other service levels.

Published
2013
Full Text
View/download PDF

43. Common Criteria: Origins and Overview

Author

Tony Boswell and John Tierney

Subjects
Information technology security, Risk analysis (engineering), Scope (project management), Order (exchange), Computer science, Common Criteria, business.industry, Reading (process), media_common.quotation_subject, Smart card, business, media_common
Abstract

This chapter will consider how the Common Criteria for Information Technology Security Evaluation evolved, how they are defined and how they are used in practice. As an example we will look at how Common Criteria is applied to smart card evaluations. This chapter will not attempt to describe the full detail of Common Criteria, but will explore the scope of the criteria, the infrastructure that supports their use, and how protection Profiles and Security Targets are created to act as baselines for evaluations. As such it acts as an introduction to the use of Common Criteria, on which a reader can base further reading and practice in order to apply Common Criteria to real-world situations.

Published
2017
Full Text
View/download PDF

44. Industry Specific Q&A

Author

Felice Flake

Subjects
Information technology security, Business, Information security, Computer security, computer.software_genre, computer
Published
2017
Full Text
View/download PDF

45. Development of Unidirectional Security Gateway Satisfying Security Functional Requirements

Author

Seon-Gyoung Sohn, Kyung-Soo Lim, and Jung-Chan Na

Subjects
Forcing (recursion theory), Computer science, business.industry, Functional requirement, Computer security, computer.software_genre, Information technology security, Security service, Common Criteria, Control system, Control network, Confidentiality, business, computer, Computer network
Abstract

A connection between an industrial control network and IT network can expose measurement equipment, control systems and important infrastructure components to various cyber-attacks. Many technologies have been proposed to protect industrial control networks against cyber-attacks and to provide confidentiality, integrity, and availability. Among the technologies, a physical unidirectional security gateway provides protection of critical systems by forcing unidirectional communication between the two networks. The unidirectional security gateway needs to provide safety and reliability, and to guarantee, the common criteria for information technology security evaluation is operated. In this paper, we propose a unidirectional security gateway satisfying security functional requirements derived from CC v3.1.

Published
2017
Full Text
View/download PDF

46. User Link Prediction based on Logistic Regression Model with Local Similarity Indices in Microblog Network

Author

Haiqiang Chen, Yun Liu, Yuan Wen, Jie Lian, and Fei Xiong

Subjects
Computer Networks and Communications, Microblogging, Library science, Commission, computer.software_genre, Logistic regression, Information technology security, Beijing, Hardware and Architecture, Similarity (psychology), Information system, Social media, Sociology, Data mining, China, computer
Abstract

Jie Lian, Haiqiang Chen, Yun Liu, Fei Xiong, Yuan Wen 1, First Author Key Laboratory of Communication & Information Systems, Beijing Municipal Commission of Education, Beijing JiaoTong University 100044, P.R. China, hugo_lian@163.com *3,Corresponding Author Key Laboratory of Communication & Information Systems, Beijing Municipal Commission of Education, Beijing JiaoTong University 100044, P.R. liuyun@bjtu.edu.cn China Information Technology Security Evaluation Center (CNITSEC), chhq@itsec.gov.cn Key Laboratory of Communication & Information Systems, Beijing Municipal Commission of Education, Beijing JiaoTong University 100044, P.R. China, 08111029@bjtu.edu.cn and 09111026@bjtu.edu.cn

Published
2013
Full Text
View/download PDF

47. The Common Criteria Meets Realpolitik: Trust, Alliances, and Potential Betrayal

Author

Jan Kallberg

Subjects
National security, Computer Networks and Communications, business.industry, Computer science, Realpolitik, Information technology, Certification, Information security, Computer security, computer.software_genre, Information technology security, Common Criteria, Electrical and Electronic Engineering, Cyberspace, business, Law, computer, Militarization
Abstract

The Common Criteria for Information Technology Security Evaluation aims to become a global standard for IT security certification. However, it faces challenges owing to its rigid framework, rapid technology changes, and the increased militarization of cyberspace.

Published
2012
Full Text
View/download PDF

48. Investing in IT Security

Author

Amanda Eisenga, Walter Rodriguez, and Travis L. Jones

Subjects
Rate of return, Cloud computing security, business.industry, Computer science, Information technology, Investment (macroeconomics), Computer security, computer.software_genre, Information technology security, Information security management, Information technology management, business, Research question, computer, Information Systems
Abstract

Investing in information technology (IT) security is a critical decision in the digital age. And, in most organizations, it is wise to allocate a significant amount of resources to IT infrastructure. However, it is difficult to determine how much to invest in IT as well as quantifying the maximum threshold where the rate of return of this investment is diminishing. The main research question in this paper is: how much and what financial resources should be allocated to IT security? This paper analyzes different practices and techniques used to determine the calculation for investments in IT security and analyzes and recommend some suitable methods for deciding how much should be invested in IT security.

Published
2012
Full Text
View/download PDF

49. JRMAD METHOD USES OF INFORMATION TECHNOLOGY SECURITY / JRMAD METODO PANAUDOJIMAS TAIKANT INFORMACINIŲ TECHNOLOGIJŲ SAUGOS POLITIKĄ

Author

Eglė Švedaitė

Subjects
Technology, Engineering, business.industry, Science, Mechanical Engineering, Energy Engineering and Power Technology, Information technology, būtinasis saugumas, Management Science and Operations Research, Phase (combat), Engineering management, Information technology security, IT projektas, Systems engineering, Emergency planning, projektas, Project management, saugos problemos, business, JRMAD metodas, Project design
Abstract

Analyzing the flexible uses security problems in existing information technology systems. Looking for way to ensure the safety of the reaction time to smooth access to more projects in development. Review of projects undertaken. Codified in the project design and development components. Made of the findings of the methods used to discover, which exclude parts of the draft rule and resort to emergency planning in the early part of the project development phase. Analytical result: JRMAD mixed method, allowing simultaneous two of the project and the time to change the current system. Santrauka Nagrinėjama saugos lankstumo problematika veikiančiose informacinių technologijų sistemose. Ieškoma būdų užtikrinti saugos reakcijos laiko sklandų prieinamumą, kai projektai dar tik kuriami. Atlikta projektų apžvalga, susistemintos projekto kūrimo bei vystymo dalys. Išvados panaudotos surasti metodui, kuris paneigtų projekto dalių taisyklę ir būtų išeitis saugos planavimui projektų kūrimo pradžioje. Analizės rezultatas: JRMAD mišrusis metodas, leidžiantis vienu metu vykdyti abi projekto dalis ir tuo pačiu metu keisti sistemą. Raktiniai žodžiai: projektas; saugos problemos; IT projektas; JRMAD metodas; būtinasis saugumas

Published
2011
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results