Search results for: information security awareness

Authors: S. Rawashdi, D. Bshouty

Abstract:

This paper aimed at discussing how to urge middle and high school Arab students in Israel to be aware of the importance of and investing in learning mathematics. In the first phase of the study, three questionnaires were passed to two nine-grade classes, one on Awareness, one on Awakeness and one on Learning. One of the two classes was an outstanding class from a public school (PUBS) of 31 students, and the other a heterogeneous class from a private school (PRIS) with 31 students. The Learning questionnaire which was administrated to the Awareness and Awareness topics was passed to PRIS and the Awareness and Awareness Questionnaires were passed to the PUBS class After two months we passed the post-questionnaire to both classes to validate the long-term impact of the study. The findings of the study show that awakeness and awareness processes have an effect on the math learning process, on its context in students' daily lives and their growing interest in learning math.

Keywords: awakeness, awareness, learning mathematics, pupils

Procedia PDF Downloads 120

Authors: Adriano Bessa Albuquerque, Francisco Jose Barreto Nunes

Abstract:

Software vulnerabilities are increasing and not only impact services and processes availability as well as information confidentiality, integrity and privacy, but also cause changes that interfere in the development process. Security test could be a solution to reduce vulnerabilities. However, the variety of test techniques with the lack of real case studies of applying tests focusing on software development life cycle compromise its effective use. This paper offers an overview of how a Systematic Mapping Study (MS) about security verification, validation and test (VVT) was performed, besides presenting general results about this study.

Keywords: software test, software security verification validation and test, security test institutionalization, systematic mapping study

Procedia PDF Downloads 377

Authors: Saleh Alumaran, Giampaolo Bella, Feng Chen

Abstract:

The study of organisations’ information security cultures has attracted scholars as well as healthcare services industry to research the topic and find appropriate tools and approaches to develop a positive culture. The vast majority of studies in Saudi national health services are on the use of technology to protect and secure health services information. On the other hand, there is a lack of research on the role and impact of an organisation’s cultural dimensions on information security. This research investigated and analysed the role and impact of cultural dimensions on information security in Saudi Arabia health service. Hypotheses were tested and two surveys were carried out in order to collect data and information from three major hospitals in Saudi Arabia (SA). The first survey identified the main cultural-dimension problems in SA health services and developed an initial information security culture framework model. The second survey evaluated and tested the developed framework model to test its usefulness, reliability and applicability. The model is based on human behaviour theory, where the individual’s attitude is the key element of the individual’s intention to behave as well as of his or her actual behaviour. The research identified six cultural dimensions: Saudi national culture, Saudi health service leadership, employees’ trust, technology, multicultural interactions and employees’ job roles. The research also identified a set of cultural sub-dimensions. These include working values and norms, tribe values and norms, attitudes towards women, power sharing, vision, social interaction, respect and understanding, hospital intra-net, hospital employees’ language(s) used, multi-national culture, communication system, employees’ job satisfaction and job security. The research identified that (a) the human behaviour towards medical information in SA is one of the main threats to information security and one of the main challenges to SA health authority, (b) The current situation of SA hospitals’ IS cultures is falling short in protecting medical information due to the current value and norms towards information security, (c) Saudi national culture and employees’ job role are the main dimensions playing major roles in the employees’ attitude, and technology is the least important dimension playing a role in the employees’ attitudes.

Keywords: cultural dimension, electronic health record, information security, privacy

Procedia PDF Downloads 333

Authors: Ari S. Prabowo, Nia Febriyanti, Haryono B. Santosa

Abstract:

Security function that is called as Physical Protection Systems (PPS) has functions to detect, delay and response. Physical Protection Systems (PPS) in Detection and Radiation Measurement Laboratory needs to be improved continually by using internal resources. The nuclear security culture provides some potentials to support this research. The study starts by identifying the security function’s weaknesses and its strengths of security culture as a purpose. Secondly, the strengths of security culture are implemented in the laboratory management. Finally, a simulation was done to measure its effectiveness. Some changes were happened in laboratory personnel behaviors and procedures. All became more prudent. The results showed a good influence of nuclear security culture in laboratory security functions.

Keywords: laboratory, physical protection system, security culture, security function

Procedia PDF Downloads 161

Authors: Essam Mansour

Abstract:

The key purpose of this study is to provide first-hand information about beggars in Egypt, especially from the perspective of their information seeking behaviour including their information needs. The researcher tries to investigate the information-seeking behaviour of Egyptian beggars with regard to their thoughts, perceptions, motivations, attitudes, habits, preferences as well as challenges that may impede their use of information. The research methods used were an adapted form of snowball sampling of a heterogeneous demographic group of participants in the beggary activity in Egypt. This sampling was used to select focus groups to explore a range of relevant issues. Data on the demographic characteristics of the Egyptian beggars showed that they tend to be men, mostly with no formal education, with an average age around 30s, labeled as low-income persons, mostly single and mostly Muslims. A large number of Egyptian beggars were seeking for information to meet their basic needs as well as their daily needs, although some of them were not able to identify their information needs clearly. The information-seeking behaviour profile of a very large number of Egyptian beggars indicated a preference for informal sources of information over formal ones to solve different problems and meet the challenges they face during their beggary activity depending on assistive devices, such as mobile phones. The high degree of illiteracy and the lack of awareness about the basic rights of information as well as information needs were the most important problems Egyptian beggars face during accessing information. The study recommended further research to be conducted about the role of the library in the education of beggars. It also recommended that beggars’ awareness about their information rights should be promoted through educational programs that help them value the role of information in their life.

Keywords: user studies, information-seeking behaviour, information needs, information sources, beggars, Egypt

Procedia PDF Downloads 299

Authors: Kim Lytle, Tim Talty, Alan Michaels, Jeff Reed

Abstract:

Implantable medical devices (IMDs) are medically necessary devices embedded in the human body that monitor chronic disorders or automatically deliver therapies. Most IMDs have wireless capabilities that allow them to share data with an offboard programming device to help medical providers monitor the patient’s health while giving the patient more insight into their condition. However, serious security concerns have arisen as researchers demonstrated these devices could be hacked to obtain sensitive information or harm the patient. Cooperative jamming can be used to prevent privileged information leaks by maintaining an adequate signal-to-noise ratio at the intended receiver while minimizing signal power elsewhere. This paper uses ray tracing to demonstrate how a low number of friendly nodes abiding by Bluetooth Low Energy (BLE) transmission regulations can enhance IMD communication security in an office environment, which in turn may inform how companies and individuals can protect their proprietary and personal information.

Keywords: implantable biomedical devices, communication system security, array signal processing, ray tracing

Procedia PDF Downloads 79

Authors: Amir Ali Fatoorchi

Abstract:

Regardless of the advantage of LoT devices, they have limitations like storage, compute, and security problems. In recent years, a lot of Blockchain-based research in IoT published and presented. In this paper, we present the Security issues of LoT. IoT has three levels of security issues: Low-level, Intermediate-level, and High-level. We survey and compare blockchain-based solutions for high-level security issues and show how the underlying technology of bitcoin and Ethereum could solve IoT problems.

Keywords: Blockchain, security, data security, IoT

Procedia PDF Downloads 193

Authors: Mohammad Hadi Khorashadi Zadeh

Abstract:

Many new applications and internet services have been emerged since the innovation of mobile networks and devices. However, these applications have problems of security, management, and performance in business environments. Cloud systems provide information transfer, management facilities, and security for virtual environments. Therefore, an innovative internet service and a business model are proposed in the present study for creating a secure and consolidated environment for managing the mobile information of organizations based on cloud virtual phones (CVP) infrastructures. Using this method, users can run Android and web applications in the cloud which enhance performance by connecting to other CVP users and increases privacy. It is possible to combine the CVP with distributed protocols and central control which mimics the behavior of human societies. This mix helps in dealing with sensitive data in mobile devices and facilitates data management with less application overhead.

Keywords: BYOD, mobile cloud computing, mobile security, information management

Procedia PDF Downloads 291

Authors: Harjinder Kaur

Abstract:

GST was implemented by government with the expectation to reform the taxation system of India. So this study basically seeks to understand the consumers’ awareness, knowledge and perception about the implementation of GST. To conduct this study, 100 respondents of all demographic profile were randomly selected from the Punjab region of India. To investigate the relationship between demographic profile and level of awareness and knowledge about GST, one way ANOVA test was used and it is found that there is a significant relationship between gender, age and qualification and level of awareness and knowledge. Furthermore, due to the lack of information on GST, the respondents had a high negative perception. The study also reveals that the implementation of GST has resulted in higher prices for goods and services and thus this tax may cause burden to people. Also after implementation of GST financial issues such as inflation, rising cost of living, economic instability have impacted many Indian consumers in terms of their spending. But at the same time it is also perceived that GST is designed to remove the burden of many indirect taxes and aims to develop the more efficient tax system which increases the revenue of country.

Keywords: goods and service tax, consumers awareness, knowledge, perception

Procedia PDF Downloads 175

Authors: M. Sandhya, R. M. Madhumitha, Sharmila Sankar

Abstract:

Interoperable medical devices (IMDs) face threats due to the increased attack surface accessible by interoperability and the corresponding infrastructure. Initiating networking and coordination functionalities primarily modify medical systems' security properties. Understanding the threats is a vital first step in ultimately crafting security solutions for such systems. The key to this problem is coming up with some common types of threats or attacks with those of security and privacy, and providing this information as a roadmap. This paper analyses the security issues in interoperability of devices and presents the main types of threats that have to be considered to build a secured system.

Keywords: interoperability, threats, attacks, medical devices

Procedia PDF Downloads 309

Authors: Ahmadu Girgiri, Lawan Gana Ali, Mamman M. Baba

Abstract:

Environmental security clearly articulates the perfections and developments of various communities around the world irrespective of the region, culture, religion or social inclination. Although, the present state of insecurity has become serious issue devastating the peace, unity, stability and progress of man and his physical environment particularly in developing countries. Recently, measure of security and it management in Nigeria has been a bottle-neck to the effectiveness and advancement of various sectors that include; business, education, social relations, politics and above all an economy. Several measures have been considered on mitigating environment insecurity such as surveillance, demarcation, security personnel empowerment and the likes, but still the issue remains disturbing. In this paper, we present the application of new technology that contributes to the improvement of security surveillance known as “Wireless Sensor Network (WSN)”. The system is new, smart and emerging technology that provides monitoring, detection and aggregation of information using sensor nodes and wireless network. WSN detects, monitors and stores information or activities in the deployed area such as schools, environment, business centers, public squares, industries, and outskirts and transmit to end users. This will reduce the cost of security funding and eases security surveillance depending on the nature and the requirement of the deployment.

Keywords: application, environment, insecurity, sensor, wireless sensor network

Procedia PDF Downloads 234

Authors: Okike Benjamin, Garba Ejd

Abstract:

Today, it has been observed security of information along the superhighway is often compromised by those who are not authorized to have access to such information. In order to ensure the security of information along the superhighway, such information should be encrypted by some means to conceal the real meaning of the information. There are many encryption techniques out there in the market. However, some of these encryption techniques are often easily decrypted by adversaries. The researcher has decided to develop an encryption technique that may be more difficult to decrypt. This may be achieved by splitting the message to be encrypted into parts and encrypting each part separately and swapping the positions before transmitting the message along the superhighway. The method is termed Merged Irregular Transposition Cipher. Also, the research would determine the complexity level in respect to the number of splits of the message.

Keywords: transposition cipher, merged irregular cipher, encryption, complexity level

Procedia PDF Downloads 321

Authors: M. S. Razana, Z. W. Shafiuddin

Abstract:

Internal auditing is one of the most important activities for organizations that implement information security management systems (ISMS). The purpose of internal audits is to ensure the ISMS implementation is in accordance to the ISO/IEC 27001 standard and the organization’s own requirements for its ISMS. Competent internal auditors are the main element that contributes to the effectiveness of internal auditing activities. To realize this need, CyberSecurity Malaysia is now in the process of becoming a certification body that certifies ISMS internal auditors. The certification scheme will assess the competence of internal auditors in generic knowledge and skills in management systems, and also in ISMS-specific knowledge and skills. The certification assessment is based on the ISO/IEC 19011 Guidelines for auditing management systems, ISO/IEC 27007 Guidelines for information security management systems auditing and ISO/IEC 27001 Information security management systems requirements. The certification scheme complies with the ISO/IEC 17024 General requirements for bodies operating certification systems of persons. Candidates who pass the exam will be certified as an ISMS Internal Auditor, whose competency will be evaluated every three years.

Keywords: ISMS internal audit, ISMS internal auditor, ISO/IEC 17024, competence, certification

Procedia PDF Downloads 219

Authors: Yuri Kitahara

Abstract:

Background: Cognitive reappraisal refers to an emotion regulation strategy in which one changes the interpretation of emotion-eliciting events. Numerous studies show that cognitive reappraisal is associated with mental health and better social functioning. However the examination of the predictive factors of adaptive emotion regulation remains as an issue. The present study examined the factors contributing to the habitual use of cognitive reappraisal, with a focus on emotional awareness and working memory. Methods: Data was collected from 30 junior high school students, using a Japanese version of the Emotion Regulation Questionnaire (ERQ), the Levels of Emotional Awareness Scale for Children (LEAS-C), and N-back task. Results: A positive correlation between emotional awareness and cognitive reappraisal was observed in the high-working-memory group (r = .54, p < .05), whereas no significant relationship was found in the low-working-memory group. In addition, the results of the analysis of variance (ANOVA) showed a significant interaction between emotional awareness and working memory capacity (F(1, 26) = 7.74, p < .05). Subsequent analysis of simple main effects confirmed that high working memory capacity significantly increases the use of cognitive reappraisal for high-emotional-awareness subjects, and significantly decreases the use of cognitive reappraisal for low-emotional-awareness subjects. Discussion: These results indicate that under the condition when one has an adequate ability for simultaneous processing of information, explicit understanding of emotion would contribute to adaptive cognitive emotion regulation. The findings are discussed along with neuroscientific claims.

Keywords: cognitive reappraisal, emotional awareness, emotion regulation, working memory

Procedia PDF Downloads 202

Authors: Deborah Amas

Abstract:

Global accreditation standards require Higher Education Institutions to ensure social work students develop self-awareness by reflecting on their personal values and critically evaluating how these influence their thinking for professional practice. The knowledge base indicates there are benefits and vulnerabilities for students when they self-reflect and more needs to be understood about the learning environments that nurture self-awareness. The connection between teaching methods and self-awareness is of interest in this paper which reports findings from an on-line survey with students on BA and MA qualifying social work programs in an English university (n=120). Students were asked about the importance of self-awareness and their experiences of teaching methods for self-reflection. Generally, students thought that self-awareness is of high importance in their education. Students also shared stories that illuminated deeper feelings about the potential risks associated with self-disclosure. The findings indicate that students appreciate safe opportunities for self-reflection, but can be wary of associated assessments or feeling judged. The research supports arguments to qualitatively improve facilitation of self-awareness through the curriculum.

Keywords: reflection, self-awareness, self-reflection, social work education

Procedia PDF Downloads 276

Authors: Mehdi Ghaemi

Abstract:

In principle, foreign investment security is enshrined in International Investment Agreements (IIAs) and Bilateral Investment Treaties (BITs) in the form of protection standards such as the Full Protection and Security Standard (FPS). Accordingly, the host countries undertake to provide the necessary security for the economic activities of foreign investment. With the outbreak of coronavirus, the international community called COVID-19 a threat to international peace security, as well as to the public interest and national security of nations; and to deal with, they proposed several solutions, generally including quarantine, creating social distances, and restricting businesses. This article first studies the security of foreign investment in international investment law. In the following, it analyzes the consequences of the COVID-19 pandemic for foreign investment security so that if there is a threat to that security, solutions could be offered to reduce it.

Keywords: foreign investment, FPS standard, host country, public health, COVID-19

Procedia PDF Downloads 78

Authors: Okike Benjami, Garba Ejd

Abstract:

Today, it has been observed security of information along the superhighway is often compromised by those who are not authorized to have access to such information. In other to ensure the security of information along the superhighway, such information should be encrypted by some means to conceal the real meaning of the information. There are many encryption techniques out there in the market. However, some of these encryption techniques are often decrypted by adversaries with ease. The researcher has decided to develop an encryption technique that may be more difficult to decrypt. This may be achieved by splitting the message to be encrypted into parts and encrypting each part separately and swapping the positions before transmitting the message along the superhighway. The method is termed Okike’s Merged Irregular Transposition Cipher. Also, the research would determine the complexity level in respect to the number of splits of the message.

Keywords: transposition cipher, merged irregular cipher, encryption, complexity level

Procedia PDF Downloads 269

Authors: John Ayoade

Abstract:

Cloud computing is a model that enables the delivery of on-demand computing resources such as networks, servers, storage, applications and services over the internet. Cloud Computing is a relatively growing concept that presents a good number of benefits for its users; however, it also raises some security challenges which may slow down its use. In this paper, we identify some of those security issues that can serve as barriers to realizing the full benefits that cloud computing can bring. One of the key security problems is security trust. A security trust model is proposed that can enhance the confidence that users need to fully trust the use of public and mobile cloud computing and maximize the potential benefits that they offer.

Keywords: cloud computing, trust, security, certificate authority, PKI

Procedia PDF Downloads 460

Authors: Andrei Bogdan Stanescu, Laura Diaconescu

Abstract:

With the increasing concerns about data breaches and privacy violations, organizations seek robust security measures to protect sensitive information. This research paper highlights the importance of implementing the Zero-Trust Security methodology using Passwordless Authentication Gateways that leverage Keycloak, an open-source Identity and Access Management (IAM) software, as a solution to address the security challenges these organizations face. The paper presents the successful implementation and deployment of such a solution in a mid-size, privacy-oriented organization. The implementation resulted in significant security improvements, reducing the risk of unauthorized access and potential data breaches. Moreover, user feedback indicated enhanced convenience and streamlined authentication experiences. The results of this study bring solid contributions in the field of cybersecurity and provide practical insights for organizations aiming to strengthen their security practices.

Keywords: identity and access management, passwordless authentication, privacy, zero-trust security

Procedia PDF Downloads 73

Authors: Jefferson Camacho Mejía, Jenny Paola Forero Pachón, Luis Carlos Gómez Flórez

Abstract:

Action research is a qualitative research methodology, which leads the researcher to delve into the problems of a community in order to understand its needs in depth and finally, to propose actions that lead to a change of social paradigm. Although this methodology had its beginnings in the human sciences, it has attracted increasing interest and acceptance in the field of information systems research since the 1990s. The countless possibilities offered nowadays by the use of Information Technologies (IT) in the development of different socio-economic activities have meant a change of social paradigm and the emergence of the so-called information and knowledge society. According to this, governments, large corporations, small entrepreneurs and in general, organizations of all kinds are using IT to virtualize their processes, taking them from the physical environment to the digital environment. However, there is a potential risk for organizations related with exposing valuable information without an appropriate framework for protecting it. This paper shows progress in the development of a methodological design to manage the information security risks associated with the IT-based processes virtualization, by applying the principles of the action research methodology and it is the result of a systematic review of the scientific literature. This design consists of seven fundamental stages. These are distributed in the three stages described in the action research methodology: 1) Observe, 2) Analyze and 3) Take actions. Finally, this paper aims to offer an alternative tool to traditional information security management methodologies with a view to being applied specifically in the planning stage of IT-based process virtualization in order to foresee risks and to establish security controls before formulating IT solutions in any type of organization.

Keywords: action research, information security, information technology, methodological design, process virtualization, risk management

Procedia PDF Downloads 143

Authors: Chantarat Manvichien, Kevin Wongleedee

Abstract:

The purpose of this research was to study Thai passengers’ level of understanding and awareness of the cabin crew safety briefing in the airplane during the preparation to take off and landing. It is important to know if Thai passengers pay attention to cabin crew safety briefing and to suggest a better way to draw their attention. The independent variables included gender, age, income, levels of education, travelling purpose, and travelling frequency while the dependent variables was level of awareness. A simple random sampling method was utilized to get 400 respondents. The findings revealed the ranking the first three levels of importance by highest mean to lowest mean as follows: (1) It is important to listen to cabin crew safety briefing; (2) Cabin crew briefing is interesting; (3) Information from cabin crew safety briefing is easy to understand. In addition, the overall means was 3.27 with 0.800 SD.

Keywords: cabin crew, safety briefing, Thai passengers, awareness

Procedia PDF Downloads 386

Authors: Ralph Adaimy, Wassim El-Hajj, Ghassen Ben Brahim, Hazem Hajj, Haidar Safa

Abstract:

Huge amounts of data and personal information are being sent to and retrieved from web applications on daily basis. Every application has its own confidentiality and integrity policies. Violating these policies can have broad negative impact on the involved company’s financial status, while enforcing them is very hard even for the developers with good security background. In this paper, we propose a framework that enforces security-by-construction in web applications. Minimal developer effort is required, in a sense that the developer only needs to annotate database attributes by a security class. The web application code is then converted into an intermediary representation, called Extended Program Dependence Graph (EPDG). Using the EPDG, the provided annotations are propagated to the application code and run against generic security enforcement rules that were carefully designed to detect insecure information flows as early as they occur. As a result, any violation in the data’s confidentiality or integrity policies is reported. As a proof of concept, two PHP web applications, Hotel Reservation and Auction, were used for testing and validation. The proposed system was able to catch all the existing insecure information flows at their source. Moreover and to highlight the simplicity of the suggested approaches vs. existing approaches, two professional web developers assessed the annotation tasks needed in the presented case studies and provided a very positive feedback on the simplicity of the annotation task.

Keywords: web applications security, secure information flow, program dependence graph, database annotation

Procedia PDF Downloads 447

Authors: Jefferson Camacho Mejia, Jenny Paola Forero Pachon, Luis Carlos Gomez Florez

Abstract:

The innumerable possibilities offered by the use of Information Technology (IT) in the development of different socio-economic activities has made a change in the social paradigm and the emergence of the so-called information and knowledge society. The Colombian government, aware of this reality, has been promoting the use of IT as part of the E-government strategy adopted in the country. However, it is well known that the use of IT implies the existence of certain threats that put the security of information in the digital environment at risk. One of the priorities of the Colombian government is to improve access to alternative justice through IT, in particular, access to Alternative Dispute Resolution (ADR): conciliation, arbitration and friendly composition; by means of which it is sought that the citizens directly resolve their differences. To this end, a trend has been identified in the use of Online Dispute Resolution (ODR) systems, which extend the benefits of ADR to the digital environment through the use of IT. This article presents a process for the analysis of information security risks associated with the incorporation of ODR systems in the context of conciliation in Colombia, based on four fundamental stages identified in the literature: (I) Identification of assets, (II) Identification of threats and vulnerabilities (III) Estimation of the impact and 4) Estimation of risk levels. The methodological design adopted for this research was the grounded theory, since it involves interactions that are applied to a specific context and from the perspective of diverse participants. As a result of this investigation, the activities to be followed are defined to carry out an analysis of information security risks, in the context of the conciliation in Colombia supported by ODR systems, thus contributing to the estimation of the risks to make possible its subsequent treatment.

Keywords: alternative dispute resolution, conciliation, information security, online dispute resolution systems, process, risk analysis

Procedia PDF Downloads 215

Authors: Muhamad Afiq Faisal, Yahaya, Mohd Faizal, Hamzah

Abstract:

Genetic modification technology allows scientists to alter the genetic information of a particular organism. The technology allows the production of genetically modified organism (GMO) that has the enhanced property compared to the unmodified organism. The application of such technology is not only in agriculture industry, it is now has been applied extensively in biopharmaceutical industry such as transgenic vaccines. In Malaysia, Biosafety Act 2007 has been enacted in which all GMO-based products must be labeled with adequate information before being marketed. This paper aims to determine the awareness level amongst Malaysian consumers on the GM products available in the market and the efficiency of information supplied in the GM product labeling. The result of the survey will serve as a guideline for Malaysia government agency bodies to provide comprehensive yet efficient information to consumers for the purpose of GM product labeling in the near future. In conclusion, the efficiency of information delivery plays a vital role in ensuring that the information is being conveyed clearly to Malaysian consumers during the selection process of GM products available in the market.

Keywords: genetic modification technology, genetically modified organisms, genetically modified organism products labeling, Biosafety Act 2007

Procedia PDF Downloads 337

Authors: Se-Han Lee, Kwang-Woo Go, Gwang-Hyun Ahn, Hee-Sung Park, Cheol-Kyu Han, Jun-Bo Shim, Geun-Chul Kang, Hyun-Jung Lee

Abstract:

In recent years, with the advent of smart cars and the expansion of the market, the announcement of 'Adventures in Automotive Networks and Control Units' at the DEFCON21 conference in 2013 revealed that cars are not safe from hacking. As a result, the HEAVENS model considering not only the functional safety of the vehicle but also the security has been suggested. However, the HEAVENS model only presents a simple process, and there are no detailed procedures and activities for each process, making it difficult to apply it to the actual vehicle security vulnerability check. In this paper, we propose an automated attack database that systematically summarizes attack vectors, attack types, and vulnerable vehicle models to prepare for various car hacking attacks, and data flow diagrams that can detect various vulnerabilities and suggest a way to materialize the HEAVENS model.

Keywords: automotive security, HEAVENS, car hacking, security model, information security

Procedia PDF Downloads 330

Authors: Mohamad Ibrahim Al Ladan

Abstract:

Social networks, such as Facebook, Myspace, LinkedIn, Google+, and Twitter have experienced exponential growth and a remarkable adoption rate in recent years. They provide attractive means of online social interactions and communications with family, friends, and colleagues from around the corner or across the globe, and they have become an important part of daily digital interactions for more than one and a half billion users around the world. The various personal information sharing practices that social network providers encourage have led to their success as innovative social interaction platforms. However, these practices have resulted in ample concerns with respect to privacy and security from different stakeholders. Addressing these privacy and security concerns in social networks is a must for these networks to be sustainable. Existing security and privacy tools may not be enough to address existing concerns. Some guidelines should be followed to protect users from the existing risks. In this paper, we have investigated and discussed the various privacy and security issues and concerns pertaining to social networks. Moreover, we have classified these privacy and security issues and presented a thorough discussion of the implications of these issues and concerns on the future of the social networks. In addition, we have presented a set of guidelines as precaution measures that users can consider to address these issues and concerns.

Keywords: social networks privacy issues, social networks security issues, social networks privacy precautions measures, social networks security precautions measures

Procedia PDF Downloads 275

Authors: Arellano Karina, Diego Avila-Pesántez, Leticia Vaca-Cárdenas, Alberto Arellano, Carmen Mantilla

Abstract:

Nowadays, security threats in Voice over IP (VoIP) systems are an essential and latent concern for people in charge of security in a corporate network, because, every day, new Denial-of-Service (DoS) attacks are developed. These affect the business continuity of an organization, regarding confidentiality, availability, and integrity of services, causing frequent losses of both information and money. The purpose of this study is to establish the necessary measures to mitigate DoS threats, which affect the availability of VoIP systems, based on the Session Initiation Protocol (SIP). A Security Model called MS-DoS-SIP is proposed, which is based on two approaches. The first one analyzes the recommendations of international security standards. The second approach takes into account weaknesses and threats. The implementation of this model in a VoIP simulated system allowed to minimize the present vulnerabilities in 92% and increase the availability time of the VoIP service into an organization.

Keywords: Denial-of-Service SIP attacks, MS-DoS-SIP, security model, VoIP-SIP vulnerabilities

Procedia PDF Downloads 175

Authors: Nataliya Venelinova

Abstract:

The paper proposes a new interdisciplinary model of reconsidering the role of mass communication effects by coverage of terrorism. The idea of 4P model is based on the synergy, created by the information strategy of threat, predominantly used by terrorist groups, the effects of mediating the symbolic action of the terrorist attacks or the taking of responsibility of any attacks, and the reshaped public perception for security after the attacks being mass communicated. The paper defines the mass communication cycle of terrorism, which leads not only to re-agenda setting of the societies, but also spirally amplifying the effect of propagating fears by over-informing on terrorism attacks. This finally results in the outlining of the so called 4P-model of information terrorism: mass propaganda, panic, paranoia and pandemic.

Keywords: information terrorism, mass communication cycle, public perception, security

Procedia PDF Downloads 149

Authors: Mohammad A. Alia

Abstract:

With the rapid evolution of the internet applications, cloud computing becomes one of today’s hottest research areas due to its ability to reduce costs associated with computing. Cloud is, therefore, increasing flexibility and scalability for computing services in the internet. Cloud computing is Internet based computing due to shared resources and information which are dynamically delivered to consumers. As cloud computing share resources via the open network, hence cloud outsourcing is vulnerable to attack. Therefore, this paper will explore data security of cloud computing by implementing chaotic cryptography. The proposal scenario develops a problem transformation technique that enables customers to secretly transform their information. This work proposes the chaotic cryptographic algorithms have been applied to enhance the security of the cloud computing accessibility. However, the proposed scenario is secure, easy and straightforward process. The chaotic encryption and digital signature systems ensure the security of the proposed scenario. Though, the choice of the key size becomes crucial to prevent a brute force attack.

Keywords: chaos, cloud computing, security, cryptography

Procedia PDF Downloads 326

Authors: Vishnu Pratap Singh Kirar

Abstract:

In the cloud computing hierarchy IaaS is the lowest layer, all other layers are built over it. Thus it is the most important layer of cloud and requisite more importance. Along with advantages IaaS faces some serious security related issue. Mainly Security focuses on Integrity, confidentiality and availability. Cloud computing facilitate to share the resources inside as well as outside of the cloud. On the other hand, cloud still not in the state to provide surety to 100% data security. Cloud provider must ensure that end user/client get a Quality of Service. In this report we describe possible aspects of cloud related security.

Keywords: cloud computing, cloud networking, IaaS, PaaS, SaaS, cloud security

Procedia PDF Downloads 505