This study examines the implementation of information system at RSUD Palembang BARI with the aim of enhancing information system security. In this context, a security audit is conducted using the ...COBIT 2019 framework. The COBIT 2019 domains and processes utilizing include EDM03, APO12, APO13, APO14, and DSS05. The research involves the identification and evaluation of information security risks, determination of necessary security controls, and ensuring compliance with the information security standards established by COBIT 2019. The findings indicate that the level of information system security at RSUD Palembang BARI is at level 3 (Defined), with a gap analysis difference of 1 level below the expected target. Based on the above results, efforts to improve and enhance the information system security at RSUD Palembang BARI are still needed. The use of information system security techniques such as vulnerability scanning, penetration testing, WAF, IDS and IPS, and data encryption, as well as improving security in terms of server physical aspects such as installing CCTV and restricting user access with access cards or fingerprints, can be implemented to ensure compliance with relevant information security standards. Consideration for obtaining security certifications, like ISO 27001, should also be taken. Additionally, the quality of human resources in terms of policy-making and the ability of employees to address threats and attacks on information system security should be improved through training and strengthening coordination among employees.
As the importance of information assets increases, employees are increasingly required to comply with organisational policies for information security (InfoSec). Since security-related demands lead ...to stressful situations, employees are likely to bypass security policies to perform their tasks. Extant literature does not sufficiently address the detrimental factors of information system security policies (ISSP). This study investigates employees' emotional reactions to ISSP compliance from the perspectives of technostress and coping. The aim of this study is to identify behaviour antecedents of frustration in the context of InfoSec and provide factors for mitigating the negative effects of frustration on ISSP compliance intentions. This study followed a survey approach and conducted structural equation modelling using the WarpPLS program to examine its research model and hypotheses. The survey respondents comprised employees who used an enterprise digital rights management system. The results demonstrated that frustration negatively affected employees' intentions to comply with ISSP, but these negative effects of frustration decreased when autonomy was granted. Further, this study provides critical new insights on ISSP compliance from an emotional perspective.
Full text
Available for:
BFBNIB, GIS, IJS, KISLJ, NUK, PNG, UL, UM, UPUK
This article aims to contribute in securing information technology (IT) systems and processes for information security by utilizing malware risk detection for decision-making processes to mitigate ...cyber-attacks. It has potential to be a real threat to the businesses and industrial applications. The risk management is an essential component where it can present a new information security model for supporting decision making. The current ideologies such as the anti-virus, malware and firewalls detection and protection are proving to be ineffective as they were not specifically designed for multi-tenant cloud environments. Therefore, this article presents a survey of malware risk detection techniques in cloud. The survey was conducted on publications from Scopus from the last 5 years. The findings indicate the current malware detection techniques are not enough to effectively detect and protect the cloud environments.
This study aims to investigate the direct and indirect effects of information system security practices that observed the relationship effect between cyber supply chain risk management and supply ...chain performance. In Industry 4.0 era, a cyber-attack becomes unavoidable and needs to adopt cyber supply chain risk management to improve the firm. The data were collected from 105 firms in Malaysia through online surveys. The partial least squares structural equation modeling technique examined the model's goodness and research hypothesis. The results revealed that operations, directly and indirectly, influence (via mediators) supply chain performance. In contrast, governance directly affects supply chain flexibility and indirect (via mediators) influence on supply chain performance; in addition, systems integration did not, directly, and indirectly, influence supply chain performance. This framework indicates the manufacturing industry and related parties with a better understanding of cyber supply chain risk management.
Full text
Available for:
BFBNIB, GIS, IJS, IZUM, KILJ, KISLJ, NUK, PILJ, PNG, SAZU, UL, UM, UPUK
Information sharing has become a significant part of information system security endeavor, as many firms have come to realize that it is difficult to defend against the increasingly sophisticated ...information security attacks with the limited resources of one single firm. The sharing of information security related knowledge and experience helps firms better prepare for the upcoming information security challenges. However, the practice of information sharing is far less prevalent when compared with other information security methods. In this paper, we develop a framework for information sharing decisions of a firm in the context of information system security. We find through analytical and numerical analyses that the optimal level information sharing is a function of the cost, budget and expected cost of perfect protection for a given firm. We also examine the value of information sharing in information security, and identify how such value varies over different investment environments.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
Decision-theoretic rough set (DTRS) and multi-granulation rough set (MGRS) are two important extended types of Pawlak’s classical rough set model. The two generalized rough sets have been ...investigated separately by numerous researchers. However, few studies have focused on the combination of the two rough sets in intuitionistic fuzzy (IF) settings. In this study, two novel MG-IF-DTRS models, which are generalizations of MG-DTRSs, are developed by exploring DTRS and MGRS based on IF inclusion measures to explore multi-granulation IF DTRS (MG-IF-DTRS) under IF information environment. We introduce a type of inclusion measure between two IF sets and present the concept of inclusion measure-based IF-DTRS. We verify whether the model is an extension of the classical DTRS. Second, we present the inclusion measure-based optimistic and pessimistic MG-IF-DTRSs, analyze their properties, and conclude that the presented MG-IF-DTRSs are generalizations of MG-DTRSs from the viewpoint of multi-granulation. We then study the discernibility-function-based reduction methods for the presented MG-IF-DTRSs. We also provide an illustrative example of information system security audit to verify the established approach and demonstrate its validity and applicability. Finally, we discuss several possible generalizations related to MG-IF-DTRSs. This study provides a MG-IF-DTRS method for acquiring knowledge from multi-granulation IF decision systems.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UL, UM, UPCLJ, UPUK, ZRSKP
INTRODUCTION. This article provides a comprehensive analysis of the regulatory frameworks governing the information technology (IT) sector in both Russia and Sweden and encompasses a comparative ...assessment of key legal instruments, concepts, and regulatory approaches, including the responsibility for cybercrimes, licensing procedures, standardization practices, and the safety of critical informational infrastructure. Additionally, this article examines the roles and functions of major governing authorities in both countries. MATERIALS AND METHODS. The article is based on relevant legal acts of Russia and Sweden. While there are certain specific laws focused entirely on the informational technologies, some provisions can be found in other types of legal documents (for example criminal codes or governmental regulations). Employing a comparative approach, the study delineates the scope and authority of state institutions involved in the IT sphere. RESEARCH RESULTS. Both Russian and Sweden exhibit similarities when it comes to definition of essential concepts such as critical infrastructure, reflect shared concerns regarding for example security issues. Main laws in the area of information technology contain a spectrum of key terms, including but not limited to information and communication network / electronic communication network, information system operator, and information protection / network and information system security. Although the list of key definitions may appear quite similar, the Swedish legislation tends to offer broader definitions with the intention of encompassing larger domains within IT technologies, while the Russian legislators focus on more specific terms. However, while Sweden aligns closely with European Union (EU) regulatory framework, Russia adopts a more expansive approach, addressing emerging technological challenges such as AI. In conclusion, achieving effective IT regulation necessitates finding a balance between international consistency and national adaptability to ensure strong cybersecurity, foster innovation, and maintain regulatory flexibility in a dynamic digital environment. DISCUSSION AND CONCLUSIONS. Sweden’s reliance on implementing EU regulations has its benefits such as harmonisation, interoperability, adopting the internationally recognised practices, easier market access, etc. However, this approach may limit the country's ability to meet its specific needs and may mean additional administrative burdens associated with compliance with EU directives. Moreover, changes in EU regulations could lead to a necessity to update domestic laws, potentially causing regulatory vacuum or legal collisions, especially in such sphere as the IT sector. Nowadays, when for example the AI and its risks are on the daily agenda one can not look away and wait for the international community to agree on the applicable regulation.
In this paper, a competitive software market that includes horizontal and quality differentiation, as well as a negative network effect driven by the presence of malicious agents, is modeled. ...Software products with larger installed bases, and therefore more potential computers to attack, present more appealing targets for malicious agents. One finding is that software firms may profit from increased malicious activity. Software products in a more competitive market are less likely to invest in security, while monopolistic or niche products are likely to be more secure from malicious attack. The results provide insights for IS managers considering enterprise software adoption.
Full text
Available for:
BFBNIB, CEKLJ, IZUM, KILJ, NMLJ, NUK, PILJ, PNG, SAZU, UL, UM, UPUK
Artificial Intelligence (AI) is changing every technology we are used to deal with. Autonomy has long been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Big ...auto manufacturers as well are investing billions of dollars to produce Autonomous Vehicles (AVs). This new technology has the potential to provide more safety for passengers, less crowded roads, congestion alleviation, optimized traffic, fuel-saving, less pollution as well as enhanced travel experience among other benefits. But this new paradigm shift comes with newly introduced privacy issues and security concerns. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected. They collect huge troves of information, which needs to be protected from breaches. In this work, we investigate security challenges and privacy concerns in AVs. We examine different attacks launched in a layer-based approach. We conceptualize the architecture of AVs in a four-layered model. Then, we survey security and privacy attacks and some of the most promising countermeasures to tackle them. Our goal is to shed light on the open research challenges in the area of AVs as well as offer directions for future research.
Increasingly products and services result from interactions among people who work across organizational, geographical, cultural and temporal boundaries. This has major implications for human factors ...and ergonomics (HFE), in particular, challenging the limits of the systems to be designed, and widening the range of system elements and dimensions that we need to consider. The design of sociotechnical systems that involve work across multiple boundaries requires better integration of the various sub-disciplines or components of HFE, as well as increased collaboration with other disciplines that provide either expertise regarding the domain of application or expertise in concepts that can enrich the system design.
In addition, ‘customers’ contribute significantly to the ‘co-production’ of products/services, as well as to their quality/safety. The design of sociotechnical systems in collaboration with both the workers in the systems and the customers requires increasing attention not only to the design and implementation of systems, but also to the continuous adaptation and improvement of systems in collaboration with customers.
This paper draws from research on human factors in the domains of health care and patient safety and of computer security.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UL, UM, UPCLJ, UPUK