Search results for: data security assurance

Authors: Tizian Matschak, Ilja Nastjuk, Stephan Kühnel, Simon Trang

Abstract:

We argue that besides well-known primary effects of information security controls (ISCs), namely confidentiality, integrity, and availability, ISCs can also have secondary effects. For example, while IT can add business value through impacts on business processes, ISCs can be a barrier and distort the relationship between IT and organizational value through the impact on business processes. By applying the Delphi method with 28 experts, we derived 27 business process influence dimensions of ISCs. Defining and understanding these mechanisms can change the common understanding of the cost-benefit valuation of IT security investments and support managers' effective and efficient decision-making.

Keywords: business process dimensions, dark side of information security, Delphi study, IT security controls

Procedia PDF Downloads 112

Authors: A. R. Manu, V. K. Agrawal, K. N. Balasubramanya Murthy

Abstract:

Authentication is required in stored database systems so that only authorized users can access the data and related cloud infrastructures. This paper proposes an authentication technique using multi-factor and multi-dimensional authentication system with multi-level security. The proposed technique is likely to be more robust as the probability of breaking the password is extremely low. This framework uses a multi-modal biometric approach and SMS to enforce additional security measures with the conventional Login/password system. The robustness of the technique is demonstrated mathematically using a statistical analysis. This work presents the authentication system along with the user authentication architecture diagram, activity diagrams, data flow diagrams, sequence diagrams, and algorithms.

Keywords: design, implementation algorithms, performance, biometric approach

Procedia PDF Downloads 476

Authors: Anum Ali, Kashaf ad Dooja, Asif Saleem

Abstract:

The future smart cities trend will be towards Internet of Things (IoT); IoT creates dynamic connections in a ubiquitous manner. Smart cities offer ease and flexibility for daily life matters. By using small devices that are connected to cloud servers based on IoT, network traffic between these devices is growing exponentially, whose security is a concerned issue, since ratio of cyber attack may make the network traffic vulnerable. This paper discusses the latest machine learning approaches in related work further to tackle the increasing rate of cyber attacks, machine learning algorithm is applied to IoT-based network traffic data. The proposed algorithm train itself on data and identify different sections of devices interaction by using supervised learning which is considered as a classifier related to a specific IoT device class. The simulation results clearly identify the attacks and produce fewer false detections.

Keywords: IoT, traffic security, deep learning, classification

Procedia PDF Downloads 153

Authors: Sharon Q. Yang, Robert J. Congleton

Abstract:

Information security is a broad concept that covers any issues and concerns about the proper access and use of information on the Internet, including measures and procedures to protect intellectual property and private data from illegal access and online theft; the act of hacking; and any defensive technologies that contest such cybercrimes. As more research and commercial activities are conducted online, cybercrimes have increased significantly, putting sensitive information at risk. Information security has become critically important for organizations and private citizens alike. Hackers scan for network vulnerabilities on the Internet and steal data whenever they can. Cybercrimes disrupt our daily life, cause financial losses, and instigate fear in the public. Since the start of the pandemic, most data related cybercrimes targets have been either financial or health information from companies and organizations. Libraries also should have a high interest in understanding and adopting information security methods to protect their patron data and copyrighted materials. But according to information security professionals, higher education and cultural organizations, including their libraries, are the least prepared entities for cyberattacks. One recent example is that of Steven’s Institute of Technology in New Jersey in the US, which had its network hacked in 2020, with the hackers demanding a ransom. As a result, the network of the college was down for two months, causing serious financial loss. There are other cases where libraries, colleges, and universities have been targeted for data breaches. In order to build an effective defense, we need to understand the most common types of cybercrimes, including phishing, whaling, social engineering, distributed denial of service (DDoS) attacks, malware and ransomware, and hacker profiles. Our research will focus on each hacking technique and related defense measures; and the social background and reasons/purpose of hacker and hacking. Our research shows that hacking techniques will continue to evolve as new applications, housing information, and data on the Internet continue to be developed. Some cybercrimes can be stopped with effective measures, while others present challenges. It is vital that people understand what they face and the consequences when not prepared.

Keywords: cybercrimes, hacking technologies, higher education, information security, libraries

Procedia PDF Downloads 134

Authors: Mohamad Ibrahim Al Ladan

Abstract:

Social networks, such as Facebook, Myspace, LinkedIn, Google+, and Twitter have experienced exponential growth and a remarkable adoption rate in recent years. They provide attractive means of online social interactions and communications with family, friends, and colleagues from around the corner or across the globe, and they have become an important part of daily digital interactions for more than one and a half billion users around the world. The various personal information sharing practices that social network providers encourage have led to their success as innovative social interaction platforms. However, these practices have resulted in ample concerns with respect to privacy and security from different stakeholders. Addressing these privacy and security concerns in social networks is a must for these networks to be sustainable. Existing security and privacy tools may not be enough to address existing concerns. Some guidelines should be followed to protect users from the existing risks. In this paper, we have investigated and discussed the various privacy and security issues and concerns pertaining to social networks. Moreover, we have classified these privacy and security issues and presented a thorough discussion of the implications of these issues and concerns on the future of the social networks. In addition, we have presented a set of guidelines as precaution measures that users can consider to address these issues and concerns.

Keywords: social networks privacy issues, social networks security issues, social networks privacy precautions measures, social networks security precautions measures

Procedia PDF Downloads 307

Authors: Ragi Poyyara, V. Vivek, Ashish Khaparde

Abstract:

The Product Development Process (PDP) in the technology group plays a very important role in the launch of any product. While a manufacturing process encourages the use of certain measures to reduce Health, Safety and Environmental (HSE) risks on the shop floor, the PDP concentrates on the use of Geometric Dimensioning and Tolerancing (GD&T) to develop a flawless design. Furthermore, PDP distributes and coordinates activities between different departments such as marketing, purchasing, and manufacturing. However, it is seldom realized that PDP makes a significant contribution to developing a product that reduces HSE risks by encouraging the Technology group to use effective GD&T. The GD&T is a precise communication tool that uses a set of symbols, rules, and definitions to mathematically define parts to be manufactured. It is a quality assurance method widely used in the oil and gas sector. Traditionally it is used to ensure the interchangeability of a part without affecting its form, fit, and function. Parts that do not meet these requirements are rejected during quality audits. This paper discusses how the Technology group integrates this quality assurance tool into the PDP and how the tool plays a major role in helping the HSE department in its goal towards eliminating HSE incidents. The PDP involves a thorough risk assessment and establishes a method to address those risks during the design stage. An illustration shows how GD&T helped reduce safety risks by ergonomically improving assembling operations. A brief discussion explains how tolerances provided on a part help prevent finger injury. This tool has equipped Technology to produce fixtures, which are used daily in operations as well as manufacturing. By applying GD&T to create good fits, HSE risks are mitigated for operating personnel. Both customers and service providers benefit from reduced safety risks.

Keywords: HSE risks, product development process, geometric dimensioning and tolerances, mechanical engineering

Procedia PDF Downloads 226

Authors: Preeti Kumari, Ridhi Kapoor

Abstract:

 In any communication, security is the most important issue in today’s world. In this paper, steganography is the process of hiding the important data into other data, such as text, audio, video, and image. The interest in this topic is to provide availability, confidentiality, integrity, and authenticity of data. The steganographic technique that embeds hides content with unremarkable cover media so as not to provoke eavesdropper’s suspicion or third party and hackers. In which many applications of compression, encryption, decryption, and embedding methods are used for digital image steganography. Due to compression, the nose produces in the image. To sustain noise in the image, the LSB insertion technique is used. The performance of the proposed embedding system with respect to providing security to secret message and robustness is discussed. We also demonstrate the maximum steganography capacity and visual distortion.

Keywords: steganography, LSB, encoding, information hiding, color image

Procedia PDF Downloads 474

Authors: Saidu I. R., Shittu S. S.

Abstract:

As the trend of personal devices accessing corporate data continues to rise through Bring Your Own Device (BYOD) practices, organizations recognize the potential cost reduction and productivity gains. However, the associated security risks pose a significant threat to these benefits. Often, organizations adopt BYOD environments without fully considering the vulnerabilities introduced by human factors in this context. This study presents an enhanced assessment model that evaluates the security posture of employees in BYOD environments using cyber hygiene principles. The framework assesses users' adherence to best practices and guidelines for maintaining a secure computing environment, employing scales and the Euclidean distance formula. By utilizing this algorithm, the study measures the distance between users' security practices and the organization's optimal security policies. To facilitate user evaluation, a simple and intuitive interface for automated assessment is developed. To validate the effectiveness of the proposed framework, design science research methods are employed, and empirical assessments are conducted using five artifacts to analyze user suitability in BYOD environments. By addressing the human factor vulnerabilities through the assessment of cyber hygiene practices, this study aims to enhance the overall security of BYOD environments and enable organizations to leverage the advantages of this evolving trend while mitigating potential risks.

Keywords: security, BYOD, vulnerability, risk, cyber hygiene

Procedia PDF Downloads 76

Authors: Mohammad A. Alia

Abstract:

With the rapid evolution of the internet applications, cloud computing becomes one of today’s hottest research areas due to its ability to reduce costs associated with computing. Cloud is, therefore, increasing flexibility and scalability for computing services in the internet. Cloud computing is Internet based computing due to shared resources and information which are dynamically delivered to consumers. As cloud computing share resources via the open network, hence cloud outsourcing is vulnerable to attack. Therefore, this paper will explore data security of cloud computing by implementing chaotic cryptography. The proposal scenario develops a problem transformation technique that enables customers to secretly transform their information. This work proposes the chaotic cryptographic algorithms have been applied to enhance the security of the cloud computing accessibility. However, the proposed scenario is secure, easy and straightforward process. The chaotic encryption and digital signature systems ensure the security of the proposed scenario. Though, the choice of the key size becomes crucial to prevent a brute force attack.

Keywords: chaos, cloud computing, security, cryptography

Procedia PDF Downloads 345

Authors: Ibtissem Talbi

Abstract:

During the last decade, a variety of chaos-based cryptosystems have been investigated. Most of them are based on the structure of Fridrich, which is based on the traditional confusion-diffusion architecture proposed by Shannon. Compared with traditional cryptosystems (DES, 3DES, AES, etc.), the chaos-based cryptosystems are more flexible, more modular and easier to be implemented, which make them suitable for large scale-data encyption, such as images and videos. The heart of any chaos-based cryptosystem is the chaotic generator and so, a part of the efficiency (robustness, speed) of the system depends greatly on it. In this talk, we give an overview of the state of the art of chaos-based block ciphers and we describe some of our schemes already proposed. Also we will focus on the essential characteristics of the digital chaotic generator, The needed performance of a chaos-based block cipher in terms of security level and speed of calculus depends on the considered application. There is a compromise between the security and the speed of the calculation. The security of these block block ciphers will be analyzed.

Keywords: chaos-based cryptosystems, chaotic generator, security analysis, structure of Fridrich

Procedia PDF Downloads 684

Authors: Senthuran Manoharan, Rathesan Sivagananalingam

Abstract:

One of the main issues in system security is Authentication. Authentication can be defined as the process of recognizing the user's identity and it is the most important step in the access control process to safeguard data/resources from being accessed by unauthorized users. The static method of authentication cannot ensure the genuineness of the user. Due to this reason, more innovative authentication mechanisms came into play. At first two factor authentication was introduced and later, multi-factor authentication was introduced to enhance the security of the system. It also had some issues and later, adaptive authentication was introduced. In this research paper, the design of an adaptive authentication engine was put forward. The user risk profile was calculated based on the user parameters and then the user was challenged with a suitable authentication method.

Keywords: authentication, adaptive authentication, machine learning, security

Procedia PDF Downloads 248

Authors: Tran Duong Nguyen, Marwan Shagar, Qinghao Zeng, Aras Maqsoodi, Pardis Pishdad, Eunhwa Yang

Abstract:

Construction supply chain management (CSCM) involves the collaboration of many disciplines and actors, which generates vast amounts of data. However, inefficient, fragmented, and non-standardized data storage often hinders this data exchange. The industry has adopted building information modeling (BIM) -a digital representation of a facility's physical and functional characteristics to improve collaboration, enhance transmission security, and provide a common data exchange platform. Still, the volume and complexity of data require tailored information categorization, aligning with stakeholders' preferences and demands. To address this, artificial intelligence (AI) can be integrated to handle this data’s magnitude and complexities. This research aims to develop an integrated and efficient approach for data exchange in CSCM by utilizing AI. The paper covers five main objectives: (1) Investigate existing framework and BIM adoption; (2) Identify challenges in data exchange; (3) Propose an integrated framework; (4) Enhance data transmission security; and (5) Develop data exchange in CSCM. The proposed framework demonstrates how integrating BIM and other technologies, such as cloud computing, blockchain, and AI applications, can significantly improve the efficiency and accuracy of data exchange in CSCM.

Keywords: construction supply chain management, BIM, data exchange, artificial intelligence

Procedia PDF Downloads 26

Authors: Musaab Hasan, Farkhund Iqbal, Patrick C. K. Hung, Benjamin C. M. Fung, Laura Rafferty

Abstract:

In modern societies, the smart cities concept raised simultaneously with the projection towards adopting smart devices. A smart grid is an essential part of any smart city as both consumers and power utility companies benefit from the features provided by the power grid. In addition to advanced features presented by smart grids, there may also be a risk when the grids are exposed to malicious acts such as security attacks performed by terrorists. Considering advanced security measures in the design of smart meters could reduce these risks. This paper presents a security study for smart metering systems with a prototype implementation of the user interfaces for future works.

Keywords: security design, smart city, smart meter, smart grid, smart metering system

Procedia PDF Downloads 336

Authors: Sindhu Govardhan, Kenneth G. Crowther

Abstract:

Modernisation of the water sector is leading to increased connectivity and integration of emerging technologies with traditional ones, leading to new security risks. The convergence of Information Technology (IT) with Operation Technology (OT) results in solutions that are spread across larger geographic areas, increasingly consist of interconnected Industrial Internet of Things (IIOT) devices and software, rely on the integration of legacy with modern technologies, use of complex supply chain components leading to complex architectures and communication paths. The result is that multiple parties collectively own and operate these emergent technologies, threat actors find new paths to exploit, and traditional cybersecurity controls are inadequate. Our approach is to explicitly identify and draw data flows that cross trust boundaries between owners and operators of various aspects of these emerging and interconnected technologies. On these data flows, we layer potential attack vectors to create a frame of reference for evaluating possible risks against connected technologies. Finally, we identify where existing controls, mitigations, and other remediations exist across industry partners (e.g., suppliers, product vendors, integrators, water utilities, and regulators). From these, we are able to understand potential gaps in security, the roles in the supply chain that are most likely to effectively remediate those security gaps, and test cases to evaluate and strengthen security across these partners. This informs a “shared responsibility” solution that recognises that security is multi-layered and requires collaboration to be successful. This shared responsibility security framework improves visibility, understanding, and control across the entire supply chain, and particularly for those water utilities that are accountable for safe and continuous operations.

Keywords: cyber security, shared responsibility, IIOT, threat modelling

Procedia PDF Downloads 77

Authors: Kai Qian, Lixin Tao

Abstract:

Mobile devices such as smartphones are getting more and more popular in our daily lives. The security vulnerability and threat attacks become a very emerging and important research and education topic in computing security discipline. There is a need to have an innovative mobile security hands-on laboratory to provide students with real world relevant mobile threat analysis and protection experience. This paper presents an authentic teaching and learning mobile security approach with smartphone devices which covers most important mobile threats in most aspects of mobile security. Each lab focuses on one type of mobile threats, such as mobile messaging threat, and conveys the threat analysis and protection in multiple ways, including lectures and tutorials, multimedia or app-based demonstration for threats analysis, and mobile app development for threat protections. This authentic learning approach is affordable and easily-adoptable which immerse students in a real world relevant learning environment with real devices. This approach can also be applied to many other mobile related courses such as mobile Java programming, database, network, and any security relevant courses so that can learn concepts and principles better with the hands-on authentic learning experience.

Keywords: mobile computing, Android, network, security, labware

Procedia PDF Downloads 406

Authors: Mzamani Aaron Mabasa

Abstract:

The research study examines the reality that the Language Services Directorate can be considered a language repository hub. The study postulates that multilingual education guided by language policy implementation can improve student performance and pass rate. Various documents in the form of style guides, glossaries and tutorial letters may be used to enable students to understand complex words, sentences, phrases and paragraphs when technical vocabularies are used. This paper addresses the way in which quality assurance can transform South African official languages, including Sign Language, as mandated by the Language Policy for Higher Education. The paper further emphasizes that Language Services is unique in the sense that it involves all South African officials as tools for student support and facilitation of learning. This is in line with the Constitution of the Republic of South Africa (1996) and the Unisa Language Policy of 2023, which declares the status, parity and esteem of these official languages regarding usage in formal function domains, namely education, economy, social and politics. The aim of this paper is to ensure that quality assurance is ultimately accomplished in terms of teaching and learning standards. Eventually, all South African languages can be used for official domains to achieve functional multilingualism. This paper furthermore points out that content analysis as a research instrument as far as a qualitative approach is concerned may be used as a data collection technique.

Keywords: repository, multilingualism, policy, education

Procedia PDF Downloads 31

Authors: Kavitha Thamadharan, Nurazean Maarop

Abstract:

The implementation of e-assessment as tool to support the process of teaching and learning in university has become a popular technological means in universities. E-Assessment provides many advantages to the users especially the flexibility in teaching and learning. The e-assessment system has the capability to improve its quality of delivering education. However, there still exists a drawback in terms of security which limits the user acceptance of the online learning system. Even though there are studies providing solutions for identified security threats in e-learning usage, there is no particular model which addresses the factors that influences the acceptance of e-assessment system by lecturers from security perspective. The aim of this study is to explore security aspects of e-assessment in regard to the acceptance of the technology. As a result a conceptual model of secure acceptance of e-assessment is proposed. Both human and security factors are considered in formulation of this conceptual model. In order to increase understanding of critical issues related to the subject of this study, interpretive approach involving convergent mixed method research method is proposed to be used to execute the research. This study will be useful in providing more insightful understanding regarding the factors that influence the user acceptance of e-assessment system from security perspective.

Keywords: secure technology acceptance, e-assessment security, e-assessment, education technology

Procedia PDF Downloads 459

Authors: Zunjarrao Kadam, Vikas Minchekar

Abstract:

The facial recognition is an important task in criminal investigation procedure. The security guards-constantly watching the persons-can help to identify the suspected accused. The forensic psychologists are tackled such cases in the criminal justice system. The security personnel may loss their ability to correctly identify the persons due to constant stress while performing the duty. The present study aimed at to identify the effect of experimentally induced stress on facial recognition ability of security personnel’s. For this study 50, security guards from Sangli, Miraj & Jaysingpur city of the Maharashtra States of India were recruited in the experimental study. The randomized two group design was employed to carry out the research. In the initial condition twenty identity card size photographs were shown to both groups. Afterward, artificial stress was induced in the experimental group through the difficultpuzzle-solvingtask in a limited period. In the second condition, both groups were presented earlier photographs with another additional thirty new photographs. The subjects were asked to recognize the photographs which are shown earliest. The analyzed data revealed that control group has ahighest mean score of facial recognition than experimental group. The results were discussed in the present research.

Keywords: experimentally induced stress, facial recognition, cognition, security personnel

Procedia PDF Downloads 261

Authors: Pooja Bakshi

Abstract:

In the following paper, an attempt would be made to engage with the relationship between the state and the imperatives of security from a gendered lens. This will be juxtaposed with the feminist engagement with International Law. Theorizations from the literature on South Asian politics and Global politics would be applied to the manner in which the Indian state has defined and proposed to deal with concerns of internal security pertaining to the ‘Left Wing Extremism’ in 2010-2011. It would be argued that the state needs to be disaggregated into the legislature, executive and the judiciary; since there are times when some institutional parts of the state provide space for progressive democratic engagement whilst other institutions don’t. The specific contours of violence faced by women and children at the hands of the state, in the above-mentioned discourse would also be examined. In the end, implications of the security state discourse on debates in International Law would be elaborated.

Keywords: feminist engagement, human rights, state response to left extremism, security studies in South Asia

Procedia PDF Downloads 494

Authors: Kerem Ok, Cem Cevikbas, Vedat Coskun, Mohammed Alsadi, Busra Ozdenizci

Abstract:

Un-keyed SIM cards do not contain the required security infrastructure to provide end-to-end encryption with Service Providers. Hence, new, emerging, or smart services those require end-to-end encryption between SIM card and a Service Provider is impossible. SIMSec key exchange protocol creates symmetric keys between SIM card and Service Provider. After a successful protocol execution, SIM card and Service Provider creates the symmetric keys and can perform end-to-end data encryption when required. In this paper, our aim is to analyze the SIMSec protocol’s security. According to the results, SIM card and Service Provider can generate keys securely using SIMSec protocol.

Keywords: End-to-end encryption, key exchange, SIM card, smart card

Procedia PDF Downloads 284

Authors: Sani Mohammed Adam

Abstract:

This work seeks to review the security challenges facing Nigeria and explore the relevance of laws and policies in tackling the menace. The work looks at the adequacy of available legislations and the functionality of relevant institutions such as the Armed Forces, the Nigeria Police Force, the State Security Service, the Defence Intelligence Agency and the Nigerian Intelligence Agency etc. Comparisons would be made with other jurisdictions, such as inter alia, the Homeland Security in the USA and Counter Terrorism Laws of the United Kingdom. Recommendations would be made on how to strengthen both institutions and laws to curtail the growth of Terrorism in Nigeria.

Keywords: legislations, Nigeria, security, terrorism

Procedia PDF Downloads 679

Authors: Kiara Lawrence, Nadine Ponnusamy, Clive Greenstone

Abstract:

One of the major challenges facing society today is food security. The risks to food security have increased significantly due to the evolving urban landscape, globalization, and a rising population. The cultivation of food is essential, particularly during times of crisis, such as a recession, and has long been a necessity for urban populations. In contemporary society, many urban residents are confronted with new challenges, including high levels of unemployment, which compel individuals to adopt alternative survival strategies, such as growing their own food. Recently, rooftop agriculture has made significant contributions to urban and national food security and has been utilized as a tool to mitigate the frequent and damaging disasters that many cities encounter. They have the potential to transform unused spaces into green, productive vegetable plots, while also providing urban residents with the opportunity to enjoy the benefits of gardening. Therefore, this study looks to investigate the evolving themes around rooftop agriculture and food security globally. A bibliometric review analysis was carried out on Scopus and Web of Science using the keywords “rooftop agriculture” OR “rooftop farming” OR “rooftop garden” AND “food security” between 2004 and 2024 to ensure a broader scope was covered around the chosen study. Vosviewer software was then utilized to analyze the extracted data to create network visualization maps based on keyword occurrences, co-author analysis, country analysis. There were only 37 relevant documents within the study parameters. Preliminary results indicate that much research focused on urban agriculture, food supply, green roof, sustainability and climate change. By analysing these aspects of rooftop agriculture and food security, the trends can identify gaps in literature and dictate future applications to assist in food security.

Keywords: food security, rooftop agriculture, rooftop farming, rooftop garden

Procedia PDF Downloads 16

Authors: Amir Rashid

Abstract:

Today is the world of innovations where everyone is looking for a change. Organizations are now looking toward virtualization in order to minimize their computing cost. Cloud Computing has also introduced itself by the means of reducing computing cost. It offers different approach to make computing better by improving utilization and reducing infrastructure and administrative costs. Cloud Computing is basically the amalgamation of Utility Computing and SaaS (Software as a Service). Cloud Computing is quite new to organizations as it is still at its deploying stage. Due to this reason, organizations are not confident whether to adopt it or not. This thesis investigates the problem for organization concerning the security and cost issues. Benefits and drawbacks are being highlighted which organizations can have or suffer in order to adopt Cloud Computing. In Conclusion, Cloud Computing is a better option available for small and medium organizations with a comparison to large companies both in terms of data security and cost.

Keywords: cloud computing, security, cost, elasticity, PaaS, IaaS, SaaS

Procedia PDF Downloads 340

Authors: Adnan Baig, Ishteeaq Naeem, Saad Mansoor

Abstract:

The Internet of Things (IoT) gadgets have advanced quickly in recent years, and their use is steadily rising daily. However, cyber-attackers can target these gadgets due to their distributed nature. Additionally, many IoT devices have significant security flaws in their implementation and design, making them vulnerable to security threats. Hence, these threats can cause important data security and privacy loss from a single attack on network devices or systems. Botnets are a significant security risk that can harm the IoT network; hence, sophisticated techniques are required to mitigate the risk. This work uses a machine learning-based method to identify IoT orchestrated by botnets. The proposed technique identifies the net attack by distinguishing between legitimate and malicious traffic. This article proposes a hyperparameter tuning model to improvise the method to improve the accuracy of existing processes. The results demonstrated an improved and more accurate indication of botnet-based cyber-attacks.

Keywords: Internet of Things, Botnet, BoT-IoT dataset, ML techniques

Procedia PDF Downloads 11

Authors: Abeer Toheed Quadri, Maria Abubakar, Mehreen Sirshar

Abstract:

Component Based Software Development (CBSD) is a new trend in software development. Selection of quality components is not enough to ensure software quality in Component Based Software System (CBSS). A software product is considered to be a quality product if it satisfies its customer’s needs and has minimum defects. Authors’ survey different research papers and analyzes various techniques which ensure software quality in component based software development. This paper includes an investigation about how to improve the quality of a component based software system without effecting quality attributes. The reported information is identified from literature survey. The developments of component based systems are rising as they reduce the development time, effort and cost by means of reuse. After analysis, it has been explored that in order to achieve the quality in a CBSS we need to have the components that are certified through software measure because the predictability of software quality attributes of system depend on the quality attributes of the constituent components, integration process and the framework used.

Keywords: CBSD (component based software development), CBSS (component based software system), quality components, SQA (software quality assurance)

Procedia PDF Downloads 413

Authors: Belbahi Ahlam

Abstract:

With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. In order to come up with measures that make networks more secure, it is important to learn about the vulnerabilities that could exist in a computer network and then have an understanding of the typical attacks that have been carried out in such networks. The first half of this paper will expose the readers to the classical network attacks that have exploited the typical vulnerabilities of computer networks in the past and solutions that have been adopted since then to prevent or reduce the chances of some of these attacks. The second half of the paper will expose the readers to the different network security controls including the network architecture, protocols, standards and software/ hardware tools that have been adopted in modern day computer networks.

Keywords: network security, attacks and controls, computer and information, solutions

Procedia PDF Downloads 455

Authors: Samuel Owoade, Zainab Idowu, Idris Ajibade, Abel Uzoka

Abstract:

Cloud computing adoption continues to soar, with 83% of enterprise workloads estimated to be in the cloud by 2022. However, this rapid migration raises security concerns, needing strong security management solutions to safeguard sensitive data and essential applications. This paper investigates the critical role of technical project managers in orchestrating security management initiatives for cloud environments, evaluating their responsibilities, challenges, and best practices for assuring the resilience and integrity of cloud infrastructures. Drawing from a comprehensive review of industry reports and interviews with cloud security experts, this research highlights the multifaceted landscape of security management in cloud environments. Despite the rapid adoption of cloud services, only 25% of organizations have matured their cloud security practices, indicating a pressing need for effective management strategies. This paper proposes a strategy framework adapted to the demands of technical project managers, outlining the important components of effective cloud security management. Notably, 76% of firms identify misconfiguration as a major source of cloud security incidents, underlining the significance of proactive risk assessment and constant monitoring. Furthermore, the study emphasizes the importance of technical project managers in facilitating cross-functional collaboration, bridging the gap between cybersecurity professionals, cloud architects, compliance officers, and IT operations teams. With 68% of firms seeing difficulties integrating security policies into their cloud systems, effective communication and collaboration are critical to success. Case studies from industry leaders illustrate the practical use of security management projects in cloud settings. These examples demonstrate the importance of technical project managers in using their expertise to address obstacles and generate meaningful outcomes, with 92% of firms reporting improved security practices after implementing proactive security management tactics. In conclusion, this research underscores the critical role of technical project managers in safeguarding cloud environments against evolving threats. By embracing their role as guardians of the cloud realm, project managers can mitigate risks, optimize resource utilization, and uphold the trust and integrity of cloud infrastructures in an era of digital transformation.

Keywords: cloud security, security management, technical project management, cybersecurity, cloud infrastructure, risk management, compliance

Procedia PDF Downloads 51

Authors: Jessemyn Modiini, Timothy Lynar, Elena Sitnikova

Abstract:

We present a novel enhanced compartmental model for malware spread analysis in cyber security. This paper applies cyber security data features to epidemiological compartmental models to model the infectious potential of malware. Compartmental models are most efficient for calculating the infectious potential of a disease. In this paper, we discuss and profile epidemiologically relevant data features from a Domain Name System (DNS) dataset. We then apply these features to epidemiological compartmental models to network traffic features. This paper demonstrates how epidemiological principles can be applied to the novel analysis of key cybersecurity behaviours and trends and provides insight into threat modelling above that of kill-chain analysis. In applying deterministic compartmental models to a cyber security use case, the authors analyse the deficiencies and provide an enhanced stochastic model for cyber epidemiology. This enhanced compartmental model (SUEICRN model) is contrasted with the traditional SEIR model to demonstrate its efficacy.

Keywords: cybersecurity, epidemiology, cyber epidemiology, malware

Procedia PDF Downloads 107

Authors: M. Sandhya, R. M. Madhumitha, Sharmila Sankar

Abstract:

Interoperable medical devices (IMDs) face threats due to the increased attack surface accessible by interoperability and the corresponding infrastructure. Initiating networking and coordination functionalities primarily modify medical systems' security properties. Understanding the threats is a vital first step in ultimately crafting security solutions for such systems. The key to this problem is coming up with some common types of threats or attacks with those of security and privacy, and providing this information as a roadmap. This paper analyses the security issues in interoperability of devices and presents the main types of threats that have to be considered to build a secured system.

Keywords: interoperability, threats, attacks, medical devices

Procedia PDF Downloads 333

Authors: Bita Mashayekhi, Marjan Fayyazi, Parisa Sefati

Abstract:

Audit quality is a popular topic in accounting and auditing research because recent decades’ financial crises reduce the reliability of financial reports to public investors and cause significant doubt about the audit profession. Therefore, doing research to identify effective factors in improving audit quality is necessary for bringing back public investors’ trust to financial statements as well as audit reports. In this study, we explore the relationship between audit rotation and audit quality. For this purpose, we employ the Duff (2009) model of audit quality to measure audit quality and use a questionnaire survey of 27 audit service quality attributes. Our results show that there is a negative relationship between auditor’s rotation and audit quality as we consider the auditor’s reputation, capability, assurance, experience, and responsiveness as surrogates for audit quality. There is no evidence for verifying a same relationship when we use the auditor’s independence and expertise for measuring audit quality.

Keywords: audit quality, auditor’s rotation, reputation, capability, assurance, experience, responsiveness, independence, expertise

Procedia PDF Downloads 231