Along with the rapid development and wide application of information technology, human society has entered the information era. In this era, people live and work in cyberspace. Cyberspace is the ...collection of all information systems; it is the information environment for human survival. Therefore, it is necessary to ensure the security of cyberspace. This paper gives a comprehensive introduction to research and development in this field, with a description of existing problems and some currently active research topics in the areas of cyberspace itself, cyberspace security, cryptography, network security, information system security and information content security.
Full text
Available for:
EMUNI, FIS, FZAB, GEOZS, GIS, IJS, IMTLJ, KILJ, KISLJ, MFDPS, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, SBMB, SBNM, UKNU, UL, UM, UPUK, VKSCE, ZAGLJ
Access control is one of the most basic techniques to ensure the security of the information system. The traditional access controls of information systems are usually performed based on the ...traversals or queries of rules. However, with the increasing complexity of information systems, massive data, and open environments bring great workload and risk for the traditional methods. This study proposes a model of embedding-based computable access control (ECAC), by employing the idea of representation learning in artificial intelligence. According to ECAC, access control rules can be embedded into a Euclidean vector space, and the security of arbitrary behavior can be computed by numerical vector operations, without any traditional querying or traversing of rules, and thus the workload of access control is reduced. Furthermore, by the embedding-based computation, the security of unknown behaviors can be predicted. Potentially, due to the use of numerical vectors instead of traditional semantic symbols, the risk of privacy leakage via semantics can be reduced. Finally, as the first embedding-based access control model, the effectiveness of ECAC is evaluated and concluded by the experiment-based analyses and discussions.
To improve the practical effect of an information system security course for students majoring in information security, a teaching method based on the theory of inventive problem solving (TIPS) that ...combines case-based teaching and project practice was introduced in the class. Adopting innovative thinking methods, we instructed students on the projects and goals of curriculum design. Using TIPS tools, the students completed complex projects. To test the teaching results, we examined 121 students who received case-based teaching using the TIPS method to design innovative projects. Quantitative data were collected using a statistically analysed anonymised questionnaire, while qualitative data collected from student reflective reports were thematically analysed. Through the in-depth development involved in the teaching of this course, their thinking and problem-solving ability significantly improved. The teaching effect evaluations indicated that this teaching method effectively improved students' practical abilities. This method was found to be conducive to planning students' future careers.
Full text
Available for:
BFBNIB, DOBA, IZUM, KILJ, NUK, PILJ, PNG, SAZU, SIK, UILJ, UKNU, UL, UM, UPUK
Despite the rapid rise in social engineering attacks, not all employees are as compliant with information security policies (ISPs) to the extent that organisations expect them to be. ISP ...non-compliance is caused by a variety of psychological motivation. This study investigates the effect of psychological contract breach (PCB) of employees on ISP compliance intention by dividing them into intrinsic and extrinsic motivation using the theory of planned behaviour and the general deterrence theory. Data analysis from UK employees (
n
= 206) showed that the higher the PCB, the lower the ISP compliance intentions. The study also found that PCBs significantly reduced intrinsic motivation (attitude and perceived fairness) for ISP compliance intentions, whereas PCBs did not moderate the relationship between extrinsic motivation (sanction severity and sanctions certainty) and ISP compliance intentions. As a result, this study successfully addresses the risks of PCBs in the field of Information System (IS) security and proposes effective solutions for employees with high PCBs.
Full text
Available for:
EMUNI, FIS, FZAB, GEOZS, GIS, IJS, IMTLJ, KILJ, KISLJ, MFDPS, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, SBMB, SBNM, UKNU, UL, UM, UPUK, VKSCE, ZAGLJ
•We create a secure business PM and investigate its impact on business performance.•A mobile phone order process uses for validation and a questionnaire for evaluation.•Security IS goals should be ...considered in all system development process.•It positively influences system implementation and better meets business expectation.•A secure business PM positively impacts business process performance.
The existing information system (IS) development methods do not meet the requirements to resolve security-related IS problems and they fail to provide for the successful integration of security and systems engineering during all development process stages. Security should be considered during the whole software development process and the requirements specifications should be identified. This paper aims to propose an integrated security and IS engineering approach in all software development process stages by using the i* language. The proposed framework is divided into three separate parts: modeling the business environment, modeling the information technology system and modeling IS security. A mobile phone order management process in a telecommunication company is used as a case study to validate the proposed framework. An empirical analysis based on data from 130 business and IT managers is used to evaluate and investigate if it has an impact on business process performance. The results were subjected to reliability and validity analyses. Bivariate correlation analysis was used to test four hypotheses. The results show that considering security IS goals in the whole system development process can have a positive influence on system implementation, better meet business expectations and positively impact on business process performance.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UL, UM, UPCLJ, UPUK
This paper analyzed functions of the network information system based on trusted computing and trusted computing platform based on cloud computing. Raised the propose to expand the application of ...trusted computing technology to network information system, to meet the needs of cloud computing of trusted computing, trusted cloud computing, implement the trusted cloud computing. In our design, will take the Trusted Computing Platform (TCP) as the basis of cloud computing system, provide some important security functions to ensure the communication and data security.Finally put forward the implement methods.
Data breaches, privacy violations and cyber-attacks are growing problems for companies and governmental organizations. Threat modelling serves as a heuristic procedure of methodological validation of ...organizations, system designs, software architectures to identify threats. The earlier this happens in the design process, the more cost-effective it is to identify and fix security vulnerabilities and therefore it reduces the possibility of risk happening. Classical literature sources and Internet sources offer different representations of attacker strategies and threat classifications. It is often difficult to apply these schemes to one’s own organization and often the size of them is comprehensible only for experts. In order to improve the understanding of security threats, particularly in the management levels, we provide a structured overview of the most common threat classification schemes and propose a classification model focusing on threats that first considers the specific organization and in a further step presents the courses of action of an attacker in this organization.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
Cloud computing is considered as one of the rapid growing technologies for it has high flexibility in both usage and application; therefore, it has been used widely by many organizations. Cloud ...computing features ease, fast accessibility of the data and cost reduction for data storage. Consequently, a number of organizations are using this technology. Since the cloud computing has been used widely in various parts of the world by many originations, several security problems in cloud computing exist. This study was carried out by distributing questionnaires to different organizations in selected twelve (12) countries. This paper aims to examine the security problems and to identify the characteristics of such security problems, in addition this study will examine the important issues in security cloud computing and will determine the frames to improve security systems for cloud computing. The findings of this study, firstly the organizations or institutions are very concerned in improving the security of cloud computing through the application of the authority model and dynamic classification of data model based on the multi-level security. Secondly , they prefer to develop the multi-key cipher algorithm in order to manage the encryption based on the level of security .
The subject of the research in this article is the methods for detecting intrusions into the information systems of organizations to justify the requirements for the functioning of the monitoring ...agent of the selected logical object. The aim is to develop a method for building a dynamic model of the logical object of the information system and determine the law of its operation. Tasks: to substantiate the need to create security monitoring agents for logical objects of information systems; identify the main functions of security monitoring agents for logical objects; to propose a method for building a dynamic model of the functioning of a logical object and determining the law of its functioning. The methods used are abstraction, system approach, and methods of mathematical modeling using the provisions of the theory of finite automata. The following results were obtained. A method for constructing a dynamic model of a logical object of an information system is proposed. The dynamic model of the operation of the selected logical object reflects the allowable processes in the space of states that occur during the implementation of functions following the specifications defined by the protocol. This dynamic model is represented by a system of algebraic equations in the space of states, which are formed because of the formalization of the processes of realization of certain functions. The solution of a system of algebraic equations in the space of states as a dynamic model of a logical object is a regular expression for a set of admissible processes. This regular expression defines the set of possible trajectories in the space of states, which is the law of operation of this logical object. Conclusions. The proposed method for building a dynamic model of the logical object in contrast to the existing one is based on the formalization of the processes of implementing of partial functions of the protocol, which allows determining the law of the selected logical object, to ensure the adequacy and accuracy of the model. The law of functioning is the basis for the substantiation of initial data for a statement of problems of identification and diagnosing of a condition of the safety of logical objects of an information system. The solution to these problems is needed to substantiate the requirements for the functioning of the agent to monitor the state of the selected logical object and respond to its changes.vulnerabilities of information systems; the logical object of the information system; information system security status; dynamic model of a logical object; the law of functioning of a logical object
nowadays, organizations are looking for ways to grow their revenues, gain a competitive advantage and improve their business. To remain competitive and consolidate their position in the market, ...companies should use and process all the information they have to better support their missions. In order to achieve this, managers must take into account the risks that weigh on the business, especially risks related to information system security (ISS), and they should be able to minimize their impact on the organization. Information system security risk management (ISSRM) helps managers to control business practices and improve business processes. However, it remains a difficult concept to put in place and maintain. In this sense, we propose a new concise, clear and methodical model of ISSRM that is broken down to four phases and conform to continuous improvement approach.