Your search keyword '"information system security"' showing total 148 results

1. A New Architecture for Data Analysis on Blockchain Without Data Replication

Author

Rodrigues Baptista, Miguel, Mira da Silva, Miguel, Rupino da Cunha, Paulo, Antunes, Cláudia, Spagnoletti, Paolo, Series Editor, De Marco, Marco, Series Editor, Pouloudi, Nancy, Series Editor, Te'eni, Dov, Series Editor, vom Brocke, Jan, Series Editor, Winter, Robert, Series Editor, Baskerville, Richard, Series Editor, Za, Stefano, Series Editor, Braccini, Alessio Maria, Series Editor, Rodrigues da Silva, Alberto, editor, Mira da Silva, Miguel, editor, Estima, Jacinto, editor, Barry, Chris, editor, Lang, Michael, editor, Linger, Henry, editor, and Schneider, Christoph, editor

Published

2024

2. Evaluation of Governance in Information Systems Security to Minimize Information Technology Risks

Author

Yulia Darmi, Sandhy Fernandez, M Yoka Fathoni, and Sena Wijayanto

Subjects

IT Governance, Information System Security, COBIT 2019, Information technology, T58.5-58.64, Electronic computers. Computer science, QA75.5-76.95

Abstract

Information system security within XYZ University constitutes a vital component of its IT framework, exerting significant influence over security levels across all facets of the information systems. Among the numerous implemented information system services at the university, a considerable portion lacks active security measures within operational systems. In pursuit of achieving uniform governance, this study adopts the most recent COBIT 2019 framework. The primary objective of this research is to evaluate the degree to which current information system security management aligns with the process achievement values stipulated in the COBIT 2019 standard. This evaluation entails the calculation of maturity level values that gauge performance levels in managing information system security. Findings from the COBIT 2019 Design assessment conducted at XYZ University's LTIK reveal that individuals scoring above 80 or those requiring Capability Level 4 include APO12 and BAI10. Moreover, the calculation outcomes for each subdomain reveal the presence of 2 subdomains at Level 4, 4 subdomains at Level 3, 15 subdomains at Level 2, and 19 subdomains at Level 1. The identification outcomes underscore the existence of gaps within each domain. Particularly, the APO12 and BAI10 domains exhibit a gap spanning 2 levels.

Published

2024

3. Audit Keamanan Sistem Informasi Manajemen Rumah Sakit Dengan Framework COBIT 2019 Pada RSUD Palembang BARI

Author

Arief Algiffary, M. Izman Herdiansyah, and Yesi Novaria Kunang

Subjects

security audit, information system, hospital management information system, information system security, cobit 2019, rsud palembang bari, Electronic computers. Computer science, QA75.5-76.95

Abstract

This study examines the implementation of information system at RSUD Palembang BARI with the aim of enhancing information system security. In this context, a security audit is conducted using the COBIT 2019 framework. The COBIT 2019 domains and processes utilizing include EDM03, APO12, APO13, APO14, and DSS05. The research involves the identification and evaluation of information security risks, determination of necessary security controls, and ensuring compliance with the information security standards established by COBIT 2019. The findings indicate that the level of information system security at RSUD Palembang BARI is at level 3 (Defined), with a gap analysis difference of 1 level below the expected target. Based on the above results, efforts to improve and enhance the information system security at RSUD Palembang BARI are still needed. The use of information system security techniques such as vulnerability scanning, penetration testing, WAF, IDS and IPS, and data encryption, as well as improving security in terms of server physical aspects such as installing CCTV and restricting user access with access cards or fingerprints, can be implemented to ensure compliance with relevant information security standards. Consideration for obtaining security certifications, like ISO 27001, should also be taken. Additionally, the quality of human resources in terms of policy-making and the ability of employees to address threats and attacks on information system security should be improved through training and strengthening coordination among employees.

Published

2023

4. Emotional Computing Technology Applications in Information Systems Security and Their Risk Prevention

Author

Huang Gaofeng and Xu Xiangjun

Subjects

emotion vector, vector space model, emotion recognition method, information system security, risk index, 03d32, Mathematics, QA1-939

Abstract

This paper applies the emotion extraction method based on emotion lexicon to the group emotion analysis of the information system, combines the vector space model to process the text emotion in the information system, expresses the emotion in the form of vectors, and divides the different types of emotion according to the distance between the emotion vectors for identification. The five-level index system in fuzzy mathematics is chosen to measure the value of emotional intensity, and by analyzing the emotional state of the group in the information leakage incident, a decision in line with the user’s emotion is made based on the emotion of the information system security. Accordingly, the security defense index of the information system is improved according to the information security risk index. The results show that in identifying the emotions of the information system security events, the group’s emotions are mainly biased towards the negative. The proportion of negative emotions is the largest of 98%, which indicates that attention should be paid to the confidentiality of the user group’s information in the security of the information system. The maximum security event risk value in the evaluation in the information system is in the T8 period, with a value of 0.819, indicating that the security defense of the information system should be strengthened in the T8 period.

Published

2024

5. The impact of an employee's psychological contract breach on compliance with information security policies: intrinsic and extrinsic motivation.

Author

Lee, Daeun, Lallie, Harjinder Singh, and Michaelides, Nadine

Subjects

*PSYCHOLOGICAL contracts (Employment), *DATA security failures, *EXTRINSIC motivation, *INTRINSIC motivation, *BREACH of contract

Abstract

Despite the rapid rise in social engineering attacks, not all employees are as compliant with information security policies (ISPs) to the extent that organisations expect them to be. ISP non-compliance is caused by a variety of psychological motivation. This study investigates the effect of psychological contract breach (PCB) of employees on ISP compliance intention by dividing them into intrinsic and extrinsic motivation using the theory of planned behaviour and the general deterrence theory. Data analysis from UK employees (n = 206) showed that the higher the PCB, the lower the ISP compliance intentions. The study also found that PCBs significantly reduced intrinsic motivation (attitude and perceived fairness) for ISP compliance intentions, whereas PCBs did not moderate the relationship between extrinsic motivation (sanction severity and sanctions certainty) and ISP compliance intentions. As a result, this study successfully addresses the risks of PCBs in the field of Information System (IS) security and proposes effective solutions for employees with high PCBs. [ABSTRACT FROM AUTHOR]

Published

2023

6. The Implementation of Failure Mode and Effects Analysis (FMEA) of the Information System Security on the Government Electronic Procurement Service (LPSE) System

Author

Aldenny, Muhammad, Kristian, Hans, Gaol, Ford Lumban, Matsuo, Tokuro, Nugroho, Andi, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Ranganathan, G., editor, Bestak, Robert, editor, Palanisamy, Ram, editor, and Rocha, Álvaro, editor

Published

2022

7. Cyber supply chain risk management and performance in industry 4.0 era: information system security practices in Malaysia.

Author

Fernando, Yudi, Tseng, Ming-Lang, Wahyuni-Td, Ika Sari, de Sousa Jabbour, Ana Beatriz Lopes, Chiappetta Jabbour, Charbel Jose, and Foropon, Cyril

Subjects

*SUPPLY chain management, *INDUSTRY 4.0, *INFORMATION technology security, *INFORMATION storage & retrieval systems, *PERFORMANCE management, *SYSTEM integration

Abstract

This study aims to investigate the direct and indirect effects of information system security practices that observed the relationship effect between cyber supply chain risk management and supply chain performance. In Industry 4.0 era, a cyber-attack becomes unavoidable and needs to adopt cyber supply chain risk management to improve the firm. The data were collected from 105 firms in Malaysia through online surveys. The partial least squares structural equation modeling technique examined the model's goodness and research hypothesis. The results revealed that operations, directly and indirectly, influence (via mediators) supply chain performance. In contrast, governance directly affects supply chain flexibility and indirect (via mediators) influence on supply chain performance; in addition, systems integration did not, directly, and indirectly, influence supply chain performance. This framework indicates the manufacturing industry and related parties with a better understanding of cyber supply chain risk management. [ABSTRACT FROM AUTHOR]

Published

2023

8. The Influence of Ethical Beliefs and Attitudes, Norms, and Prior Outcomes on Cybersecurity Investment Decisions.

Author

Fleischman, Gary M., Valentine, Sean R., Curtis, Mary B., and Mohapatra, Partha S.

Subjects

MORAL attitudes, CHIEF financial officers, INTERNET security, DATA security failures

Abstract

Recent data breaches underscore the importance of organizational cybersecurity. However, the high costs of such security can force chief financial officers (CFOs) to make difficult financial and ethical trade-offs that have both business and societal implications. We employ a 2 × 2 randomized experiment that varies both an observed scenario CFO's investment decision (invest/not invest in security) and organizational outcomes (positive/negative) to investigate these trade-offs. Participant managers assess the observed CFO's investment behavior and indicate their own intentions to invest. Results indicate that when the observed scenario CFO invests in security, managers primarily follow their peers when making investment decisions. However, when the observed CFO does not invest in security, managers make their own decisions by engaging in more in-depth reasoning that includes assessment of the seriousness of consequences, as well as the ethical and societal considerations. Moderated mediation findings further deconstruct and corroborate these relationships. [ABSTRACT FROM AUTHOR]

Published

2023

9. TOWARD A UNIFIED MODEL OF INFORMATION SECURITY POLICY COMPLIANCE.

Author

Moody, Gregory D., Siponen, Mikko, and Pahnila, Seppo

Abstract

Information systems security (ISS) behavioral research has produced different models to explain security policy compliance. This paper (1) reviews 11 theories that have served the majority of previous information security behavior models, (2) empirically compares these theories (Study 1), (3) proposes a unified model, called the unified model of information security policy compliance (UMISPC), which integrates elements across these extant theories, and (4) empirically tests the UMISPC in a new study (Study 2), which provided preliminary empirical support for the model. The 11 theories reviewed are (1) the theory of reasoned action, (2) neutralization techniques, (3) the health belief model, (4) the theory of planned behavior, (5) the theory of interpersonal behavior, (6) the protection motivation theory, (7) the extended protection motivation theory, (8) deterrence theory and rational choice theory, (9) the theory of self-regulation, (10) the extended parallel processing model,and (11) the control balance theory. The UMISPC is an initial step toward empirically examining the extent to which the existing models have similar and different constructs. Future research is needed to examine to what extent the UMISPC can explain different types of ISS behaviors (or intentions thereof). Such studies will determine the extent to which the UMISPC needs to be revised to account for different types of ISS policy violations and the extent to which the UMISPC is generalizable beyond the three types of ISS violations we examined. Finally, the UMISPC is intended to inspire future ISS research to further theorize and empirically demonstrate the important differences between rival theories in the ISS context that are not captured by current measures. [ABSTRACT FROM AUTHOR]

Published

2018

10. Improving students' problem-solving ability through the 'information system security' project guided by the theory of inventive problem solving (TIPS).

Author

Gao, Guandong, Xiao, Ke, Jia, Yuchen, and Wang, Huaying

Subjects

*PROBLEM solving, *INFORMATION storage & retrieval systems, *SECURITY management, *STUDENTS, *HIGHER education, *ADULTS, PROBLEM solving ability testing

Abstract

To improve the practical effect of an information system security course for students majoring in information security, a teaching method based on the theory of inventive problem solving (TIPS) that combines case-based teaching and project practice was introduced in the class. Adopting innovative thinking methods, we instructed students on the projects and goals of curriculum design. Using TIPS tools, the students completed complex projects. To test the teaching results, we examined 121 students who received case-based teaching using the TIPS method to design innovative projects. Quantitative data were collected using a statistically analysed anonymised questionnaire, while qualitative data collected from student reflective reports were thematically analysed. Through the in-depth development involved in the teaching of this course, their thinking and problem-solving ability significantly improved. The teaching effect evaluations indicated that this teaching method effectively improved students' practical abilities. This method was found to be conducive to planning students' future careers. [ABSTRACT FROM AUTHOR]

Published

2022

11. Security and Privacy Issues in Autonomous Vehicles: A Layer-Based Survey

Author

Muhammad Hataba, Ahmed Sherif, Mohamed Mahmoud, Mohamed Abdallah, and Waleed Alasmary

Subjects

Autonomous vehicles, communication system security, information system security, data privacy, Telecommunication, TK5101-6720, Transportation and communications, HE1-9990

Abstract

Artificial Intelligence (AI) is changing every technology we are used to deal with. Autonomy has long been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Big auto manufacturers as well are investing billions of dollars to produce Autonomous Vehicles (AVs). This new technology has the potential to provide more safety for passengers, less crowded roads, congestion alleviation, optimized traffic, fuel-saving, less pollution as well as enhanced travel experience among other benefits. But this new paradigm shift comes with newly introduced privacy issues and security concerns. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected. They collect huge troves of information, which needs to be protected from breaches. In this work, we investigate security challenges and privacy concerns in AVs. We examine different attacks launched in a layer-based approach. We conceptualize the architecture of AVs in a four-layered model. Then, we survey security and privacy attacks and some of the most promising countermeasures to tackle them. Our goal is to shed light on the open research challenges in the area of AVs as well as offer directions for future research.

Published

2022

12. System Administration

Author

Alsmadi, Izzat, Alsmadi, Izzat, Easttom, Chuck, and Tawalbeh, Lo’ai

Published

2020

13. Effectiveness of Information SystemsSecurity, due to theImpact of Institutional Theory's Dimension on Employee Organizational Behavior

Author

Seyyed Amin Hoseini sanu and Negar Kadkhoda

Subjects

information system security, municipalities, legitimacy, organizational criticism, innovative culture, organizational citizenship behavior, counterproductive work behavior, effectiveness of information systems security, Business, HF5001-6182

Abstract

This study addresses the security of information systems (ISS) as one of the most important issues in organizations and especially municipalities. Instead of exceptions, information security breaches have become a norm, and security of information systems can only be realized when employees completely accept this concept by changing their behavior in line with advanced information security systems. The model of this research is based on institutional theory. This two-way model has introduced organizational citizenship behavior (OCB) and counterproductive work behavior (CWB) in the process of verifying the security of the information system. This research also measures the impact of innovative culture on the information security system. The statistical population of the study consisted of Mashhad Municipal Information Technology experts and data collection tool was a questionnaire. The data support mainly the proposed research model and the results indicate the application of institutional theory in explaining the process of institutionalizing the changes in the security of the information system on the innovative culture of the organization, legitimizing and accepting those changes, and increasing organizational citizenship behavior (reduction of counterproductive work behavior) in employees Which, in the end, will increase the effectiveness of the security of the information system.

Published

2020

14. Toward a New Integrated Approach of Information Security Based on Governance, Risk and Compliance

Author

Zaydi, Mounia, Nassereddine, Bouchaib, Howlett, Robert James, Series Editor, Jain, Lakhmi C., Series Editor, Rocha, Álvaro, editor, and Serrhini, Mohammed, editor

Published

2019

15. IT Security Training and Awareness in the Multigenerational Workplace.

Author

REDEKOP, Bruce D.

Subjects

INFORMATION technology security, INTERNET security, COVID-19 pandemic

Abstract

For many organizations, increased cybersecurity training and employee awareness building have already played an increasingly significant role in their cyber-security strategies as a means of ensuring their policies are being followed, yet such organizations tend to offer generic, "one size fits all" training and awareness packages that do not sufficiently recognize important differences among employees. Among these are differences in attitude and outlook associated with generational cohorts. Through an examination of how these cohorts view various fac-tors that influence cybersecurity awareness, as well as the cohorts' receptivity to different training methodologies, organizations can exploit generational characteristics to maximize the effectiveness of cybersecurity training for Baby Boomers, Generation X, Millennials, and imminently, Generation Z. A clear understanding of the intrinsic relationship between end-users and cybersecurity technology can help cybersecurity professionals act effectively to protect organizations' critical IT infrastructure. Such effectiveness is more important than ever now, as sudden, massive increase in teleworking brought on by the COVID-19 pandemic, as well as the security challenges associated with this shift, will undoubtedly outlast it. [ABSTRACT FROM AUTHOR]

Published

2021

16. Information Systems Security in Organisations: A Critical Literature Review.

Author

Friedle, Cosima

Subjects

INFORMATION technology security, SECURITY systems, INFORMATION storage & retrieval systems, LITERATURE reviews, ORGANIZATION

Abstract

Information is one of the most valuable resources of a company and considering the increasing number of security breaches and attacks, the need for managing systems security in organisations arises. Across articles and perspectives, there is a broad consensus in the literature that the user remains the weakest link within information systems security. However, there are opposing views on how IS security shall be managed within organisations and which countermeasures prove to be effective. This review aims to analyse and juxtapose the key debates and main perspectives within the IS security literature to provide a general overview of the research landscape in this field. In the first part, concepts underpinned by bounded technical assumptions are analysed and contrasted, structured according to the engineering, managerial and economic perspectives. After that, the primary debates and concepts within the socially embedded view are being explored. In conclusion, this review suggests the use of newer technologies as an area for further research. [ABSTRACT FROM AUTHOR]

Published

2021

17. Assessing the Variety of Expected Losses upon the Materialisation of Threats to Banking Information Systems.

Author

Izmailova, Olha, Krasovska, Hanna, Krasovska, Kateryna, and Zaslavskyi, Volodymyr

Subjects

INFORMATION storage & retrieval systems, ANALYTIC hierarchy process, COMPUTER systems, INFORMATION technology security, SECURITY systems, FUZZY sets

Abstract

The article addresses the problem of estimating the expected losses of a bank when information security threats to functioning computer systems materialize. A scenario approach to solving the problem is developed based on multicriteria decision-making methods, taking into account quantitative and qualitative indicators and expert assessment, and applying the analytic hierarchy process for comprehensive assessment of expected losses in probabilistic terms. That allows to take into account different levels of the hierarchy of criteria and the weight of their impact on the calculated results. The process of estimating the probability of materialization of various threats under accepted standards and situational conditions, the actions of the attacker and the consequences on the bank's functioning is formalized. Expert assessments are grouped with control over the sufficiency of the degree of logic and dispersion of opinions of each expert, compliance with the established requirements for the degree of consistency of opinions of the group of experts, assessment and formalized consideration of the degree of their competence. The process of assessing expected losses is presented as a daily business process of the functioning of the bank's security system. [ABSTRACT FROM AUTHOR]

Published

2020

18. Holistic Strategy-Based Threat Model for Organizations.

Author

Meinig, Michael, Sukmana, Muhammad I.H., Torkura, Kennedy A., and Meinel, Christoph

Subjects

SOFTWARE architecture, COMPUTER security vulnerabilities, DATA security failures, LITERARY sources, CLASSICAL literature

Abstract

Data breaches, privacy violations and cyber-attacks are growing problems for companies and governmental organizations. Threat modelling serves as a heuristic procedure of methodological validation of organizations, system designs, software architectures to identify threats. The earlier this happens in the design process, the more cost-effective it is to identify and fix security vulnerabilities and therefore it reduces the possibility of risk happening. Classical literature sources and Internet sources offer different representations of attacker strategies and threat classifications. It is often difficult to apply these schemes to one's own organization and often the size of them is comprehensible only for experts. In order to improve the understanding of security threats, particularly in the management levels, we provide a structured overview of the most common threat classification schemes and propose a classification model focusing on threats that first considers the specific organization and in a further step presents the courses of action of an attacker in this organization. [ABSTRACT FROM AUTHOR]

Published

2020

19. Analysing Security Checkpoints for an Integrated Utility-Based Information System

Author

Muttoo, Sunil K., Gupta, Rajan, Pal, Saibal K., Shetty, N. R., editor, Prasad, N Hamsavath, editor, and Nalini, N., editor

Published

2016

20. Password Security: An Empirical Study.

Author

Zviran, Moshe and Haga, William J.

Subjects

COMPUTER passwords, COMPUTER security, INFORMATION resources management, RELIABILITY (Personality trait), INFORMATION technology, EMPIRICAL research

Abstract

Organizations are more dependent than ever on the reliable operation of their information systems, which have become a key to their success and effectiveness. While the growing dependence on information systems creates an urgent need to collect information and make it accessible, the proliferation of computer technology has also spawned opportunities for ill-intentioned individuals to violate the information systems' integrity and validity. One of the most common control mechanisms for authenticating users of computerized information systems is the use of passwords. However, despite the widespread use of passwords, little attention has been given to the characteristics of their actual use. This paper addresses the gap in evaluating the characteristics of real-life passwords and presents the results of an empirical study on password usage. It investigates the core characteristics of user-generated passwords and associations among those characteristics. [ABSTRACT FROM AUTHOR]

Published

1999

21. Study of the impact of human capital on information security at Mobilis Corporation of Béchar.

Abstract

The goal of this article is highlighting the importance of human capital in enhancing the protection and the information security for the economic institution, as it contains the majority of its information and it can build a protective system and effective for its information, especially, the sensitive ones. Use the descriptive approach in the theoretical part of the study in order to define the both variables : The human capital and information security. However, in the practical side, distribute 50 questionnaire form in Mobile complex which combines the Regional Directorate Mobilis Bechar and Bechar Agency. Then, take back 35 valid from them. These later were discharged in the statistical program Spss24. Then, the statistical data were extracted that serve the study like the Mathematical averages and standard Deviations to study the existence of dimensions; and One - Way anova exam to study the influence, and Spearman to study the correlation. In addition to this, the analytical approach is used to analyse the data obtained. Finally, the results were that in Mobile institution, there is human capital and information security. Also, the human capital affects the information security. [ABSTRACT FROM AUTHOR]

Published

2019

22. Holistic Strategy-Based Threat Model for Organizations.

Author

Meinig, Michael, Sukmana, Muhammad I.H., Torkura, Kennedy A., and Meinel, Christoph

Subjects

COMPUTER security vulnerabilities, SOFTWARE architecture, LITERARY sources, CLASSICAL literature, DATA security failures

Abstract

Data breaches, privacy violations and cyber-attacks are growing problems for companies and governmental organizations. Threat modelling serves as a heuristic procedure of methodological validation of organizations, system designs, software architectures to identify threats. The earlier this happens in the design process, the more cost-effective it is to identify and fix security vulnerabilities and therefore it reduces the possibility of risk happening. Classical literature sources and Internet sources offer different representations of attacker strategies and threat classifications. It is often difficult to apply these schemes to one's own organization and often the size of them is comprehensible only for experts. In order to improve the understanding of security threats, particularly in the management levels, we provide a structured overview of the most common threat classification schemes and propose a classification model focusing on threats that first considers the specific organization and in a further step presents the courses of action of an attacker in this organization. [ABSTRACT FROM AUTHOR]

Published

2019

23. Laboratory Information System Operations and Regulations

Author

Cucoranu, Ioan C., Parwani, Anil V., Pantanowitz, Liron, Rosenthal, Dorothy L., Series editor, Pantanowitz, Liron, editor, and Parwani, Anil V., editor

Published

2014

24. Towards Security Risk-Oriented Misuse Cases

Author

Soomro, Inam, Ahmed, Naved, van der Aalst, Wil, editor, Mylopoulos, John, editor, Rosemann, Michael, editor, Shaw, Michael J., editor, Szyperski, Clemens, editor, La Rosa, Marcello, editor, and Soffer, Pnina, editor

Published

2013

25. Access Control Management Using Extended RBAC Model

Author

Poniszewska-Maranda, Aneta, Lipiński, Piotr, editor, and Świrski, Konrad, editor

Published

2012

26. Risk Assessment of Information System Security Based on Fuzzy Multiple Criteria Group AHP

Author

Sun, Shengchun, Pu, Huaiyu, Tian, Shuxin, Jin, David, editor, and Lin, Sally, editor

Published

2012

27. A Security Audit Framework to Manage Information System Security

Author

Pereira, Teresa, Santos, Henrique, Tenreiro de Magalhães, Sérgio, editor, Jahankhani, Hamid, editor, and Hessami, Ali G., editor

Published

2010

28. Environment Characterization and System Modeling Approach for the Quantitative Evaluation of Security

Author

Vache, Geraldine, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Buth, Bettina, editor, Rabe, Gerd, editor, and Seyfarth, Till, editor

Published

2009

29. Co-operative Agents in Network Defence

Author

Ghanea-Hercock, Robert, Minai, Ali A., editor, and Bar-Yam, Yaneer, editor

Published

2008

30. Information Assurance Evaluation for Network Information Systems

Author

Lü, Xin, Ma, Zhi, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Goebel, Randy, editor, Siekmann, Jörg, editor, Wahlster, Wolfgang, editor, Wang, Yuping, editor, Cheung, Yiu-ming, editor, and Liu, Hailin, editor

Published

2007

31. Cyber Security Training and Awareness Through Game Play

Author

Cone, Benjamin D., Thompson, Michael F., Irvine, Cynthia E., Nguyen, Thuy D., Fischer-Hübner, Simone, editor, Rannenberg, Kai, editor, Yngström, Louise, editor, and Lindskog, Stefan, editor

Published

2006

32. IA in the Interest of National Security

Author

Sammes, A. J., editor, Blyth, Andrew, and Kovacich, Gerald L.

Published

2006

33. Sistem za oddaljeno prilagajanje odjema električne energije z uporabo bločno verižne tehnologije

Author

Nose, Jernej and Diaci, Janez

Subjects

Mikrokrmilniki, Internet of things, Blockchain, Varnost informacijskih sistemov, udc:519.6:004.725.4:681.5(043.2), Decentralizirani sistemi, Aktivna distribucijska omrežja, Tehnologije veriženja blokov, Internet stvari, Smart grids, Decentralised systems, Microcontrollers, Information system security

Abstract

Magistrsko delo predstavlja koncept in implementacijo sistema, ki omogoča delovanje aktivnega distribucijskega omrežja na osnovi tehnologij veriženja blokov. Osrednji element je decentralizirana digitalna tržnica s prožnostjo, ki povezuje odjemalce in ponudnike prožnosti. Tržnico smo implementirali s pametno pogodbo v okolju Ethereum. Izdelali smo krmilnik porabnika in nadzorni sistem, ki avtomatsko objavlja prožnostne ponudbe. Delovanje celotnega sistema smo testirali na grelniku sanitarne vode v kotlovnici stanovanjske hiše. Z meritvami smo dokazali, da ob pravilno določenih parametrih sistem ne vpliva na udobje uporabnika. The master’s thesis presents the concept and implementation of a blockchain based smart grid. Digital decentralized marketplace is a key component, enabling trading with flexibility in electricity demand. Marketplace was implemented by using smart contract in Ethereum environment. Controller and control system that automatically publishes and realizes flexibility offers were developed. The operation of the system has been tested using a domestic water heater in a residential house. The obtained results provide clear evidence that the level of users' comfort is not affected if the flexibility parameters are properly selected.

Published

2022

34. Intrusion Detection Using Ensemble of Soft Computing Paradigms

Author

Mukkamala, Srinivas, Sung, Andrew H., Abraham, Ajith, Kacprzyk, Janusz, editor, Abraham, Ajith, editor, Franke, Katrin, editor, and Köppen, Mario, editor

Published

2003

35. I

Author

Phoha, Vir V., editor

Published

2002

36. Monitoring System Security Using Neural Networks and Support Vector Machines

Author

Mukkamala, S., Janoski, G., Sung, A., Kacprzyk, Janusz, editor, Abraham, Ajith, editor, and Köppen, Mario, editor

Published

2002

37. Future Issues in Information Systems Security

Author

Ghosh, Sumit and Ghosh, Sumit

Published

2002

38. ENIGMA and PURPLE: How the Allies Broke German and Japanese Codes During the War

Author

Hatch, David A. and Joyner, David, editor

Published

2000

39. Enhancing SSADM with disaster recovery plan activities

Author

Aggelinos, George and Katsikas, Sokratis K.

Published

2011

40. IFIP TC-11

Author

Jajodia, Sushil, List, William, McGregor, Graeme W., Strous, Leon A. M., Jajodia, Sushil, editor, List, William, editor, McGregor, Graeme W., editor, and Strous, Leon A. M., editor

Published

1998

41. IFIP TC-11

Author

Jajodia, Sushil, List, William, Mcgregor, Graeme, Strous, Leon, Jajodia, Sushil, editor, List, William, editor, McGregor, Graeme, editor, and Strous, Leon, editor

Published

1997

42. Exceptionalism Redux: How Different Is Health Care Informatics?

Author

Cushman, Reid and Anderson, Ross, editor

Published

1997

43. A Framework for Dealing with and Specifying Security Requirements in Information Systems

Author

Dubois, Eric, Wu, Suchun, Katsikas, Sokratis K., editor, and Gritzalis, Dimitris, editor

Published

1996

44. Development of secure medical database systems

Author

Pangalos, G., Pomportsis, A., Bozios, L., Khair, M., Goos, Gerhard, editor, Hartmanis, Juris, editor, van Leeuwen, Jan, editor, and Karagiannis, Dimitris, editor

Published

1994

45. Ciphertext-Policy Attribute Based Encryption with Selectively-Hidden Access Policy

Author

Gulmire Arkin and Nurmamat Helil

Subjects

sensitive attribute selection, cloud storage security, CP-ABE, partial attribute hidden, General Engineering, access control, Data_CODINGANDINFORMATIONTHEORY, information system security

Abstract

In conventional Ciphertext-Policy Attribute-Based Encryption (CP-ABE), the access policy appears in plaintext form that might reveal confidential user information and violate user privacy. CP-ABE with hidden access policies hides all attributes, but the computational burden increases due to the attribute hiding. In this paper, we present a Linear Secret Sharing Scheme (LSSS) access structure CP-ABE scheme that hides only sensitive attributes, rather than all attributes, in the access policy. We also provide an attribute selection method to choose these sensitive attributes and use an Attribute Bloom Filter (ABF) to hide them. Compared with the existing major CP-ABE schemes with hidden access policies, our proposed scheme is flexible in selecting attributes to hide. This scheme enhances the efficiency of policy hiding while still protecting policy privacy. Test results show that our approach is reasonable and feasible.

Published

2021

46. 安全等级对信息系统安全技术策略的影响研究----以防火墙和IDS技术组合为例

Author

方玲, 仲伟俊, and 梅姝娥

Abstract

The influence of security rank on the technology portfolio and configurations of firewall and IDS was researched through game theory by this paper. It shows that the higher the security rank the bigger deterrence to hackers whose intrusion probability would be decreased. The security rank is not always improved when only one of the technology configurations is improved, and it is improved when both of the two technology configurations are coordinated with each other, which illustrates that the higher the security rank the higher requirement of security technology portfolio and configuration. The equilibrium strategy is also compared to the one without considering security rank, and the latter is an extremity of the former, which could not be reached or with no need to get. [ABSTRACT FROM AUTHOR]

Published

2016

47. A highly recoverable and efficient filesystem.

Author

Alhussein, Mohammed and Wijesekera, Duminda

Subjects

DATA recovery, ELECTRONIC file management, ELECTRONIC data processing, INFORMATION storage & retrieval systems, COMPUTER science

Abstract

Data recovery is a significant problem that presents a real challenge to forensics investigators today. File carvers have traditionally helped mitigate these difficulties. However, two issues still present significant challenges - 1) Prior knowledge of file types is required for building file carvers, and 2) fragmentation prevents file carvers from successful recovery. In previous research, we proposed a framework for recovering deleted files without prior knowledge of file types and with the existence of fragmentation. In this paper, we introduce the design and a functioning implementation of our system by modifying an exFat file system running on top of FUSE. Evaluation of the overhead of our file system shows only a 5% decrease in performance in write operations when compared to an unmodified exFat file system, and almost identical read measurements. Our system also shows significantly better recovery rates in the presence of fragmentation when compared to two selected file carvers. [ABSTRACT FROM AUTHOR]

Published

2014

48. Simulations of text encryption and decryption by applying vertical bit rotation algorithm

Author

Pertiwi, Dwika Ananda Agustina, Djuniadi, Djuniadi, Pertiwi, Dwika Ananda Agustina, and Djuniadi, Djuniadi

Abstract

Cryptography is the study of hiding text and numbers in the form of codes. Vertical Bit Rotation (VBR) is one of the most widely implemented cryptographic algorithms as a one-way hash function that simplifies the encryption process with a high degree of difficulty in decryption. The purpose of this study is to apply VBR hash algorithm modeling to binary value characters with bit rotation keys 10, 11, 7, 3, 2, 7, 5, and 4. Thus, generating a passcode. The results of the encryption simulation show the code in the form of letters and characters, then the result of the decryption with the opposite rotation to the encryption process returns the value from ciphertext to plaintext based on ASCII characters. Cryptographic algorithms are applied to avoid cryptanalytic experiments in opening encryption codes.

Published

2021

49. A PERSPECTIVE ON THE EVOLUTION OF INFORMATION SYSTEM SECURITY AUDITS: CHALLENGES AND IMPLICATIONS.

Author

Goel, Sunita, Garnsey, Margaret, Qi Liu, and Fisher, Ingrid

Subjects

INFORMATION technology security, INTERNET security

Abstract

Advances in technology have made it possible to capture vast amounts of financial and non-financial information, whilst at the same time shifting more control from the producers and assurers of information to the recipients of information. As a result, threats to Information System (IS) have grown exponentially, which has made IS security audits even more cumbersome. Assessing the effectiveness of internal controls is an important objective of an IS audit, which is distinct from a financial audit that deals with the accuracy of financial statements. Security auditing has been a part of the auditing profession since the late 1970's, when information technology was first leveraged at a mass scale in organizations for improving efficiency and productivity. Over time, however, as technology has advanced, audits have become increasingly cumbersome. Rapid innovation in technology has forced the auditing profession to lag behind trying desperately to catch up with technology. In this paper, we examine the evolution of IS security auditing and discuss how technology is impacting the audit profession. [ABSTRACT FROM AUTHOR]

Published

2016

50. Survey on cyberspace security.

Author

Zhang, HuanGuo, Han, WenBao, Lai, XueJia, Lin, DongDai, Ma, JianFeng, and Li, JianHua

Abstract

Along with the rapid development and wide application of information technology, human society has entered the information era. In this era, people live and work in cyberspace. Cyberspace is the collection of all information systems; it is the information environment for human survival. Therefore, it is necessary to ensure the security of cyberspace. This paper gives a comprehensive introduction to research and development in this field, with a description of existing problems and some currently active research topics in the areas of cyberspace itself, cyberspace security, cryptography, network security, information system security and information content security. [ABSTRACT FROM AUTHOR]

Published

2015