Search results for: information security culture

Authors: Masese Chuma Benard, Martin Onsiro Ronald

Abstract:

Businesses have been using cloud computing more frequently recently because they wish to take advantage of its advantages. However, employing cloud computing also introduces new security concerns, particularly with regard to data security, potential risks and weaknesses that could be exploited by attackers, and various tactics and strategies that could be used to lessen these risks. This study examines data security issues on cloud computing amongst sme’s in Nairobi county, Kenya. The study used the sample size of 48, the research approach was mixed methods, The findings show that data owner has no control over the cloud merchant's data management procedures, there is no way to ensure that data is handled legally. This implies that you will lose control over the data stored in the cloud. Data and information stored in the cloud may face a range of availability issues due to internet outages; this can represent a significant risk to data kept in shared clouds. Integrity, availability, and secrecy are all mentioned.

Keywords: data security, cloud computing, information, information security, small and medium-sized firms (SMEs)

Procedia PDF Downloads 58

Authors: Katie Wood

Abstract:

Cyber criminals are constantly on the lookout for new opportunities to exploit organisation and cause destruction. This could lead to significant cause of economic loss for organisations in the form of destruction in finances, reputation and even the overall survival of the organization. Additionally, this leads to serious consequences on national security. The threat of possible cyber attacks places further pressure on organisations to ensure they are secure, at a time where international scale cyber attacks have occurred in a range of sectors. Stakeholders are wanting confidence that their data is protected. This is only achievable if a business fosters a resilient supply chain strategy which is implemented throughout its supply chain by having a strong cyber leadership culture. This paper will discuss the essential role and need for organisations to adopt a cyber leadership culture and direction to learn about own internal processes to ensure mitigating systemic vulnerability of its supply chains. This paper outlines that to protect national security there is an urgent need for cyber awareness culture change. This is required in all organisations, regardless of their sector or size, to implementation throughout the whole supplier chain to support and protect economic prosperity to make the UK more resilient to cyber-attacks. Through businesses understanding the supply chain and risk management cycle of their own operates has to be the starting point to ensure effective cyber migration strategies.

Keywords: cyber leadership, cyber migration strategies, resilient supply chain strategy, cybersecurity

Procedia PDF Downloads 209

Authors: Omid Khodabakhshi, Amir Rozdel

Abstract:

The subject of cloud computing security research has allocated a number of challenges and competitions because the data center is comprised of complex private information and are always faced various risks of information disclosure by hacker attacks or internal enemies. Accordingly, the security of virtual machines in the cloud computing infrastructure layer is very important. So far, there are many software solutions to develop security in virtual machines. But using software alone is not enough to solve security problems. The purpose of this article is to examine the challenges and security requirements for accessing and storing data in an insecure cloud environment. In other words, in this article, a structure is proposed for the implementation of highly isolated security-sensitive codes using secure computing hardware in virtual environments. It also allows remote code validation with inputs and outputs. We provide these security features even in situations where the BIOS, the operating system, and even the super-supervisor are infected. To achieve these goals, we will use the hardware support provided by the new Intel and AMD processors, as well as the TPM security chip. In conclusion, the use of these technologies ultimately creates a root of dynamic trust and reduces TCB to security-sensitive codes.

Keywords: code, cloud computing, security, virtual machines

Procedia PDF Downloads 165

Authors: Tizian Matschak, Ilja Nastjuk, Stephan Kühnel, Simon Trang

Abstract:

We argue that besides well-known primary effects of information security controls (ISCs), namely confidentiality, integrity, and availability, ISCs can also have secondary effects. For example, while IT can add business value through impacts on business processes, ISCs can be a barrier and distort the relationship between IT and organizational value through the impact on business processes. By applying the Delphi method with 28 experts, we derived 27 business process influence dimensions of ISCs. Defining and understanding these mechanisms can change the common understanding of the cost-benefit valuation of IT security investments and support managers' effective and efficient decision-making.

Keywords: business process dimensions, dark side of information security, Delphi study, IT security controls

Procedia PDF Downloads 79

Authors: Elham Rajabian

Abstract:

The ascent of cybersecurity incidents is a rising threat to most organisations in general, while the impact of the incidents is unique to each of the organizations. It is a need for behavioural sciences to concentrate on employees’ behaviour in order to prepare key security mitigation opinions versus cybersecurity incidents. There are noticeable differences among users of a computer system in terms of complying with security behaviours. We can discuss the people's differences under several subjects such as delaying tactics on something that must be done, the tendency to act without thinking, future thinking about unexpected implications of present-day issues, and risk-taking behaviours in security policies compliance. In this article, we introduce high-profile cyber-attacks and their impacts on weakening cyber resiliency in organizations. We also give attention to human errors that influence network security. Human errors are discussed as a part of psychological matters to enhance compliance with the security policies. The organizational challenges are studied in order to shape a sustainable cyber risks management approach in the related work section. Insiders’ behaviours are viewed as a cyber security gap to draw proper cyber resiliency in section 3. We carry out the best cybersecurity practices by discussing four CIS challenges in section 4. In this regard, we provide a guideline and metrics to measure cyber resilience in organizations in section 5. In the end, we give some recommendations in order to build a cybersecurity culture based on individual behaviours.

Keywords: cyber resilience, human factors, cybersecurity behavior, attitude, usability, security culture

Procedia PDF Downloads 71

Authors: Sofia Ahanj Sofia Ahanj, Mahsa Rahmani Mahsa Rahmani, Zahra Sadeghigol, Vida Nobakht Vida Nobakht

Abstract:

Providing security in the electricity industry, as one of the vital infrastructures of the country, is one of the essential operations that must be taken in order to improve the security of the country. Resistant security strategies need to be regularly implemented as a dynamic process to improve security, and security evaluation is one of the most important steps in this process. Methodology in the field of evaluation in both technical and managerial dimensions is discussed in the laboratory. There are various standards in the field of general ICT technical-security evaluation. The most important are ISO / IEC 15408, ISO / IEC 27001 and NIST SP 800-53. In the present paper, these standards are first examined. Then, the standards and reports in the industrial field have been reviewed and compared, and finally, based on the results and special considerations of information and communication technology equipment in the electricity industry, the appropriate methodology has been presented.

Keywords: security standards, ISO/IEC 15408, ISA/IEC 62443 series, NIST SP 800-53, NISTIR 7628

Procedia PDF Downloads 139

Authors: Mohamed Sarrab, Hadj Bourdoucen

Abstract:

Mobile applications are verified to check the correctness or evaluated to check the performance with respect to specific security properties such as availability, integrity, and confidentiality. Where they are made available to the end users of the mobile application is achievable only to a limited degree using software engineering static verification techniques. The more sensitive the information, such as credit card data, personal medical information or personal emails being processed by mobile application, the more important it is to ensure the confidentiality of this information. Monitoring non-trusted mobile application during execution in an environment where sensitive information is present is difficult and unnerving. The paper addresses the issue of monitoring and controlling the flow of confidential information during non-trusted mobile application execution. The approach concentrates on providing a dynamic and usable information security solution by interacting with the mobile users during the run-time of mobile application in response to information flow events.

Keywords: mobile application, run-time verification, usable security, direct information flow

Procedia PDF Downloads 356

Authors: Belbahi Ahlam

Abstract:

With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. In order to come up with measures that make networks more secure, it is important to learn about the vulnerabilities that could exist in a computer network and then have an understanding of the typical attacks that have been carried out in such networks. The first half of this paper will expose the readers to the classical network attacks that have exploited the typical vulnerabilities of computer networks in the past and solutions that have been adopted since then to prevent or reduce the chances of some of these attacks. The second half of the paper will expose the readers to the different network security controls including the network architecture, protocols, standards and software/ hardware tools that have been adopted in modern day computer networks.

Keywords: network security, attacks and controls, computer and information, solutions

Procedia PDF Downloads 423

Authors: Nada Mouchfiq, Ahmed Habbani, Chaimae Benjbara

Abstract:

The security aspect of the IoT occupies a place of great importance especially after the evolution that has known this field lastly because it must take into account the transformations and the new applications .Blockchain is a new technology dedicated to the data sharing. However, this does not work the same way in the different systems with different operating principles. This article will discuss network security using the Blockchain to facilitate the sending of messages and information, enabling the use of new processes and enabling autonomous coordination of devices. To do this, we will discuss proposed solutions to ensure a high level of security in these networks in the work of other researchers. Finally, our article will propose a method of security more adapted to our needs as a team working in the ad hoc networks, this method is based on the principle of the Blockchain and that we named ”MPR Blockchain”.

Keywords: Ad hocs networks, blockchain, MPR, security

Procedia PDF Downloads 151

Authors: Sibel Kurt

Abstract:

In this study, with the use of Goffee and Jones’s corporate culture classification and the scale of this classification, there aimed to analyze a company’s corporate culture which does not have a public relations or communication department. First of all, the type of corporate culture in the company had been determined. Then it questioned if there are subcultures which formed according to demographics or the department of work. In the survey questionnaire, there are 53 questions total. 6 of these questions are about demographics, and 47 of them are about corporate culture. 152 personnel of the company had answered the survey, and the data have been evaluated according to frequency, descriptive, and compare means tests. The type of corporate culture of the company was determined as the 'communal' from the typology of Goffee and Jones in the positive form. There are no subcultures in the company which bases on the demographics, but only one subculture has determined according to the department of work. As a result, the absence of public relations department, personnel’s low level of awareness about corporate culture, and the lack of information between management and employees has been revealed.

Keywords: corporate culture, subculture, public relations, organizational communication

Procedia PDF Downloads 133

Authors: Justyna Żywiołek, Marek Matulewski

Abstract:

Data, is information processed by enterprises for primary and secondary purposes as processes. Thanks to processing, the sales process takes place; in the case of the surveyed companies, sales take place online. However, this indirect form of contact with the customer causes many problems for both customers and furniture manufacturers. The article presents solutions that would solve problems related to the analysis of data and information in the order fulfillment process sent to post-warranty service. The article also presents an analysis of threats to the security of this information, both for customers and the enterprise.

Keywords: ordering furniture online, information security, furniture industry, enterprise security, risk analysis

Procedia PDF Downloads 23

Authors: E. Elgohary, R. Abdelazyz

Abstract:

The research aims to clarify the effect of the marketing culture on improving the e-service quality for foreign and domestic information technology companies in the Arab Republic of Egypt. So the researcher sought to include the dimensions of the marketing culture, which are (customer service, management style, sales mission, internal communications, technology, wages and rewards, innovation) as measures of marketing culture for its effect on improving the e-service quality in this research. The research population consists of employees and customers of the companies under study. The research problem was the following question: What is the effect of the actual application of marketing culture on improving the e-service quality? To answer that, three main hypotheses were adopted, and they were tested by statistical means for the data collected through a questionnaire prepared and distributed for this purpose. Accordingly, the research presented a set of results, the most important of which are: the need to pay attention to the dimensions of the marketing culture to improve the e-service quality, foreign companies were the most popular companies in applying the marketing culture compared to local companies. The research also recommends designing a system to continuously measure the performance of electronic service providers and work on spreading the culture of innovation among employees, linking reward programs to the extent of commitment to applying the elements of marketing culture while doing business.

Keywords: marketing culture, e-service quality, measurement models, quality measurements

Procedia PDF Downloads 186

Authors: Sara Ibn El Ahrache, Tajje-eddine Rachidi, Hassan Badir, Abderrahmane Sbihi

Abstract:

Recently, there has been increasing confidence for a favorable usage of big data drawn out from the huge amount of information deposited in a cloud computing system. Data kept on such systems can be retrieved through the network at the user’s convenience. However, the data that users send include private information, and therefore, information leakage from these data is now a major social problem. The usage of secret sharing schemes for cloud computing have lately been approved to be relevant in which users deal out their data to several servers. Notably, in a (k,n) threshold scheme, data security is assured if and only if all through the whole life of the secret the opponent cannot compromise more than k of the n servers. In fact, a number of secret sharing algorithms have been suggested to deal with these security issues. In this paper, we present a Mapreduce implementation of Shamir’s secret sharing scheme to increase its performance and to achieve optimal security for cloud data. Different tests were run and through it has been demonstrated the contributions of the proposed approach. These contributions are quite considerable in terms of both security and performance.

Keywords: cloud computing, data security, Mapreduce, Shamir's secret sharing

Procedia PDF Downloads 279

Authors: Ossama Matrane

Abstract:

Information System has become a strategic lever for enterprises. It contributes effectively to align business processes on strategies of enterprises. It is regarded as an increase in productivity and effectiveness. So, many organizations are currently involved in implementing sustainable Information System. And, a large number of studies have been conducted the last decade in order to define the success factors of information system. Thus, many studies on maturity model have been carried out. Some of this study is referred to the maturity model of Information System. In this article, we report on development of maturity models specifically designed for information system. This model is built based on three components derived from Maturity Model for Information Security Management, OPM3 for Project Management Maturity Model and processes of COBIT for IT governance. Thus, our proposed model defines three maturity stages for corporate a strong Information System to support objectives of organizations. It provides a very practical structure with which to assess and improve Information System Implementation.

Keywords: information system, maturity models, information security management, OPM3, IT governance

Procedia PDF Downloads 419

Authors: G. T. Aigarinova

Abstract:

This article considers the legal issues of food security as a major component of national security of the republic. The problem of food security is the top priority of the economic policy strategy of any state, the effectiveness of this solution influences social, political, and ethnic stability in society. Food security and nutrition is everyone’s business. Food security exists when all people, at all times, have physical, social and economic access to sufficient safe and nutritious food that meets their dietary needs and food preferences for an active and healthy life. By analyzing the existing legislation in the area of food security, the author identifies weaknesses and gaps, suggesting ways to improve it.

Keywords: food security, national security, agriculture, public resources, economic security

Procedia PDF Downloads 391

Authors: Hram Bik

Abstract:

This is an analytical paper on how to apply theology to the global godless culture. The paper will analyze and materialize theology of culture and come up with theo-cultural principles which will enable Christians to properly engage with today godless culture. If theology and daily life are in any way split apart, Christians will lose the authenticity essential to their calling. Living out godliness in the ungodly culture requires materializing theology into daily life. To do that has become an unbeatable challenge for Christians in 21st century with the overtaking in of global godless culture enforced by Information Technology resulting in rapid and chaotic change of global lifestyles wherein Christianity stands in danger of being swallowed up. Staying away from the culture will rob Christianity of its mission to witness and staying with and like it will rob Christianity of its effectiveness. Thus the question is how should today Christians apply theology to the culture wherein what are said to be sins in the Bible no longer look like sins? Should we forge an all-out war against it or should distance ourselves away from it? The extreme response to it could fruit Christian Jihadism on the right and the apathetic response would let it booming with no one attempting to stop it on the left. This paper calls for global Christians to essentially make theology a part of their daily lives to form a united global force to influence the godless global culture by influencing our own family and community.

Keywords: Christians, global culture, godliness, theology

Procedia PDF Downloads 244

Authors: Maryam Shayan

Abstract:

Programming frameworks have been utilized as a part of chemical industry process safety operation and configuration to enhance its effectiveness. This paper gives a brief survey and investigation of the best in class and effects of programming frameworks in process security. A study was completed by talking staff accountable for procedure wellbeing practices in the Iranian chemical process industry and diving into writing of innovation for procedure security. This article investigates the useful and operational attributes of programming frameworks for security and endeavors to sort the product as indicated by its level of effect in the administration chain of importance. The study adds to better comprehension of the parts of Information Communication Technology in procedure security, the future patterns and conceivable gaps for innovative work.

Keywords: programming frameworks, chemical industry process, process security, administration chain, information communication technology

Procedia PDF Downloads 344

Authors: Jeonghwan Jeon, Mintak Han, Youngjun Kim

Abstract:

Due to the rapid development of information and communication technology (ICT), a substantial transformation is currently happening in the society. As the range of intelligent technologies and services is continuously expanding, ‘things’ are becoming capable of communicating one another and even with people. However, such “Internet of Things” has the technical weakness so that a great amount of such information transferred in real-time may be widely exposed to the threat of security. User’s personal data are a typical example which is faced with a serious security threat. The threats of security will be diversified and arose more frequently because next generation of unfamiliar technology develops. Moreover, as the society is becoming increasingly complex, security vulnerability will be increased as well. In the existing literature, a considerable number of private and public reports that forecast future society have been published as a precedent step of the selection of future technology and the establishment of strategies for competitiveness. Although there are previous studies that forecast security technology, they have focused only on technical issues and overlooked the interrelationships between security technology and social factors are. Therefore, investigations of security threats in the future and security technology that is able to protect people from various threats are required. In response, this study aims to derive potential security threats associated with the development of technology and to explore the security technology that can protect against them. To do this, first of all, private and public reports that forecast future and online documents from technology-related communities are collected. By analyzing the data, future issues are extracted and categorized in terms of STEEP (Society, Technology, Economy, Environment, and Politics), as well as security. Second, the components of potential security threats are developed based on classified future issues. Then, points that the security threats may occur –for example, mobile payment system based on a finger scan technology– are identified. Lastly, alternatives that prevent potential security threats are proposed by matching security threats with points and investigating related security technologies from patent data. Proposed approach can identify the ICT-related latent security menaces and provide the guidelines in the ‘problem – alternative’ form by linking the threat point with security technologies.

Keywords: future society, information and communication technology, security technology, technology forecasting

Procedia PDF Downloads 443

Authors: Fiorenza Misale

Abstract:

The painful phenomenon of so-called white deaths and accidents at work, unfortunately, is always current. The key is to act on the culture of security through effective measures of attitudes and behaviors that go far beyond the knowledge and the know-how. It is necessary that there is an ‘introjection’ of safety culture through the conscious involvement of all workers. The legislation on work safety identifies the main tool to promote the culture of safety at work and prevention within the workplace. In law the term education is used to distinguish itself from the information with which they will simply theoretically transmit, and from the training with which they will provide the practical skills. The new decree fact fills several gaps in previous legislation and stresses the importance of training in the workplace, that is, the main activity through which it is possible to achieve the active participation of all workers in the company’s prevention system. This system is built only through the dissemination of risk information, the circulation of information, comparison and dialogue between all actors involved that are the necessary elements for a correct transmission of the culture of worker safety. Training activity should put the focus on work experience in order to bring out all the knowledge needed to identify and assess the risks in the work place, and especially the action to eliminate or control them, integrating, when necessary, the missing knowledge. In addition to traditional training and information systems can be utilized for the purpose of training that are able to affect both one emotionally and aesthetically, team-theatre is one of them. Among the methods of company theater that can be used in work safety we have: Lesson show, theater workshop, improvised theater, forum theater, theater playback. The theater can represent a complementary approach to traditional training and give information on safety measures, demonstrating that there are more engaging outreach tools. Team-theatre allows identification with the characters, a transmission of emotions and moods and it is through the staging of a story that the individual processes new information. It’ also s a means of experiential training that allows you to work with your mind, body, emotions.The aim of one work is the use of corporate theater on the personnel working in the health sector. Through a questionnaire we are able to analyze the knowledge of occupational safety and current risks; in particular in health care which is to be administered before and after the play.

Keywords: theater, training, occupational health, safety

Procedia PDF Downloads 242

Authors: Lethola Tshikose, Munyaradzi Katurura

Abstract:

Information and Communication Technology (ICT) plays a critical role in improving daily healthcare processes. The South African healthcare organizations have adopted Information Systems to integrate their patient records. This has made it much easier for healthcare organizations because patient information can now be accessible at any time. The primary purpose of this research study was to investigate the best practices that can be applied to enhance patient security and confidentiality when using e-health systems in South Africa. Security and confidentiality are critical in healthcare organizations as they ensure safety in EHRs. The research study used an inductive research approach that included a thorough literature review; therefore, no data was collected. The research paper’s scope included patient data and possible security threats associated with healthcare systems. According to the study, South African healthcare organizations discovered various patient data security and confidentiality issues. The study also revealed that when it comes to handling patient data, health professionals sometimes make mistakes. Some may not be computer literate, which posed issues and caused data to be tempered with. The research paper recommends that healthcare organizations ensure that security measures are adequately supported and promoted by their IT department. This will ensure that adequate resources are distributed to keep patient data secure and confidential. Healthcare organizations must correctly use standards set up by IT specialists to solve patient data security and confidentiality issues. Healthcare organizations must make sure that their organizational structures are adaptable to improve security and confidentiality.

Keywords: E-health, EHR, security, confidentiality, healthcare

Procedia PDF Downloads 27

Authors: Sevim Oztimurlenk

Abstract:

This is an exploratory study on the information behavior of human resource managers. This study is conducted by using a questionnaire survey and an interview. The data is gathered from 140 HR managers who are members of the People Management Association of Turkey (PERYÖN), and the 15 interviewees were chosen among those 140 survey participants randomly. The goal of this exploratory study is to investigate the impact of some factors (i.e., gender, age, work experience, number of employee reporting, company size, industry type) on HR managers’ information behavior. More specifically, it examines if there is a relationship between those factors and HR managers’ information behavior in terms of what kind of information sources they consult and reviews and whom they prefer to communicate with for information sharing. It also aims to find out additional factors influencing the information behavior of HR managers. The results of the study show that age and industry type are the two factors affecting the information behavior of HR managers, among other factors investigated in terms of information source, use and share. Moreover, personality, technology, education, organizational culture, and culture are the top five factors among the 24 additional factors suggested by HR managers who participated in this study.

Keywords: information behavior, information use, information source, information share, human resource managers

Procedia PDF Downloads 113

Authors: Lovorka Galetić, Ivana Načinović Braje, Nevenka Čavlek

Abstract:

The purpose of this paper is to analyze the relationship between corporate culture and firm performance. Extensive theoretical and empirical evidence on this issue is provided. A quantitative methodology was used to explore relationship between corporate culture and performance among large Croatian companies. Corporate culture was explored by using Denison framework. The research revealed a positive, statistically significant relationship between mission and performance. Other dimensions of corporate culture (involvement, consistency and adaptability) show only partial relationship with performance.

Keywords: corporate culture, Croatia, Denison culture model, performance

Procedia PDF Downloads 497

Authors: Eithan Hourie, Miki Malul, Raphael Bar-El

Abstract:

To investigate the relationship between various welfare policies and the value of job security, we conducted a study with 201 people regarding their assessments of the value of job security with respect to three elements: income stability, assurance of continuity of employment, and security in the job. The experiment simulated different welfare policy scenarios, such as the amount and duration of unemployment benefits, workfare, and basic income. The participants evaluated the value of job security in various situations. We found that the value of job security is approximately 22% of the starting salary, which is distributed as follows: 13% reflects income security, 8.7% reflects job security, and about 0.3% is for being able to keep their current employment in the future. To the best of our knowledge, this article is one of the pioneers in trying to quantify the value of job security in different market scenarios and at varying levels of welfare policy. Our conclusions may help decision-makers when deciding on a welfare policy.

Keywords: job security value, employment protection legislation, status quo bias, expanding welfare policy

Procedia PDF Downloads 77

Authors: Lakshmi Shenoy

Abstract:

In today’s era of Globalization, arises the need that students and professionals relocate temporarily or permanently to another country in order to pursue their respective academic and career goals. This involves not only learning the local language of the country but also integrating oneself into the native culture. This paper explains the method of understanding a nation’s culture through the study of its language. The method uses language not as a series of rules that connect words together but as a social practice in which one can actively participate. It emphasizes on how culture provides an environment in which languages can flourish and how culture dictates the interpretation of the language especially in case of German. This paper introduces language and culture as inseparable entities, as two sides of the same coin.

Keywords: language and culture, sociolinguistics, Ronald Wardhaugh, German

Procedia PDF Downloads 279

Authors: Ranbir Singh, Deepinder Kaur

Abstract:

Network security is an important aspect in every field like government offices, Educational Institute and any business organization. Network security consists of the policies adopted to prevent and monitor forbidden access, misuse, modification, or denial of a computer network. Network security is very complicated subject and deal by only well trained and experienced people. However, as more and more people become wired, an increasing number of people need to understand the basics of security in a networked world. The history of the network security included an introduction to the TCP/IP and interworking. Network security starts with authenticating, commonly with a username and a password. In this paper, we study about various types of attacks on network security and how to handle or prevent this attack.

Keywords: network security, attacks, denial, authenticating

Procedia PDF Downloads 373

Authors: El Miloudi Djelloul

Abstract:

Based on analysis on applications by perception control technology in computer network security status and security protection measures, from the angles of network physical environment and network software system environmental security, this paper provides network security system perception control solution using Internet of Things (IOT), telecom and other perception technologies. Security Perception Control System is in the computer network environment, utilizing Radio Frequency Identification (RFID) of IOT and telecom integration technology to carry out integration design for systems. In the network physical security environment, RFID temperature, humidity, gas and perception technologies are used to do surveillance on environmental data, dynamic perception technology is used for network system security environment, user-defined security parameters, security log are used for quick data analysis, extends control on I/O interface, by development of API and AT command, Computer Network Security Perception Control based on Internet and GSM/GPRS is achieved, which enables users to carry out interactive perception and control for network security environment by WEB, E-MAIL as well as PDA, mobile phone short message and Internet. In the system testing, through middle ware server, security information data perception in real time with deviation of 3-5% was achieved; it proves the feasibility of Computer Network Security Perception Control System.

Keywords: computer network, perception control system security strategy, Radio Frequency Identification (RFID)

Procedia PDF Downloads 414

Authors: Ritsuko Kawasaki (Aiba), Takeshi Hiromatsu

Abstract:

Management is required to understand all information security risks within an organization, and to make decisions on which information security risks should be treated in what level by allocating how much amount of cost. However, such decision-making is not usually easy, because various measures for risk treatment must be selected with the suitable application levels. In addition, some measures may have objectives conflicting with each other. It also makes the selection difficult. Moreover, risks generally have trends and it also should be considered in risk treatment. Therefore, this paper provides the extension of the model proposed in the previous study. The original model supports the selection of measures by applying a combination of weighted average method and goal programming method for multi-objective analysis to find an optimal solution. The extended model includes the notion of weights to the risks, and the larger weight means the priority of the risk.

Keywords: information security risk treatment, selection of risk measures, risk acceptance, multi-objective optimization

Procedia PDF Downloads 430

Authors: Andrew John Zeller, Francis Pouatcha

Abstract:

Working according to the DevOps principle has gained in popularity over the past decade. While its extension DevSecOps started to include elements of cybersecurity, most real-life projects do not focus risk and security until the later phases of a project as teams are often more familiar with engineering and infrastructure services. To help bridge the gap between security and engineering, this paper will take six building blocks of cybersecurity and apply them to the DevOps approach. After giving a brief overview of the stages in the DevOps lifecycle, the main part discusses to what extent six cybersecurity blocks can be utilized in various stages of the lifecycle. The paper concludes with an outlook on how to stay up to date in the dynamic world of cybersecurity.

Keywords: information security, data security, cybersecurity, devOps, IT management

Procedia PDF Downloads 75

Authors: Amani A. Saad, Ahmed A. El-Farag, El-Sayed A. Helali

Abstract:

Cloud computing is an important and promising field in the recent decade. Cloud computing allows sharing resources, services and information among the people of the whole world. Although the advantages of using clouds are great, but there are many risks in a cloud. The data security is the most important and critical problem of cloud computing. In this research a new security model for cloud computing is proposed for ensuring secure communication system, hiding information from other users and saving the user's times. In this proposed model Blowfish encryption algorithm is used for exchanging information or data, and SHA-2 cryptographic hash algorithm is used for data integrity. For user authentication process a user-name and password is used, the password uses SHA-2 for one way encryption. The proposed system shows an improvement of the processing time of uploading and downloading files on the cloud in secure form.

Keywords: cloud Ccomputing, data security, SAAS, PAAS, IAAS, Blowfish

Procedia PDF Downloads 452

Authors: Hung Nguyen, Norma Harrison

Abstract:

This paper examines the role supply chain dependence as contingency factors which affect the effectiveness of different critical factors (in terms trust, information exchange and shared culture) in delivering supply chain satisfaction and financial performance. Using the data of 468 manufacturing firms in the Global Manufacturing Research Group, this study shows that supply chain dependence strengthens the positive relationship between shared culture & vision and supply chain satisfaction while dampens the relationship between trust and satisfaction. The study also demonstrates the direct positive effect of satisfaction on financial performance. Supply chain managers were advised to emphasize on the alignments of common understanding, codes, languages, common shared vision and similar cultures.

Keywords: information exchange, shared culture, satisfaction, supply chain dependence

Procedia PDF Downloads 357