Search results for: information security audit

Authors: Fury Khristianty Fitriyah

Abstract:

This study aims to identify the extent of the role of the Satuan Pengawas Intern (Internal Audit Unit) in detecting and preventing fraud in public universities in West Java under the Ministry of Research, Technology and Higher Education. The research method applied was a qualitative case study approach, while the unit of analysis for this study is the Internal Audit Unit at each public university. Results of this study indicate that the Internal Audit Unit is able to detect and prevent fraud within a public university environment by means of red flags to mark accounting anomalies. These stem from inaccurate budget planning that prompts inappropriate use of funds, exacerbated by late disbursements of funds, which potentially lead to fictitious transactions, and discrepancies in recording state-owned assets into a state property management system (SIMAK BMN), which, if not conducted properly, potentially causes loss to the state.

Keywords: governance, internal control, fraud, public university

Procedia PDF Downloads 243

Authors: Zahra A. Al Nasser, Domenico Campa

Abstract:

This paper investigates board of directors and firms’ ownership structure on non-financial companies listed in Gulf Cooperation council (GCC) countries using data from 2009 to 2013. The overall result of the study is that board size and board meeting have increased over years. Additionally, all combined committee variables have improved as well as audit committee size, audit committee meeting and audit committee experience have improved over the years. Furthermore, Oman is the only country that has not shown any statistically significant change in value of its associated variables.

Keywords: corporate governance, GCC countries, board of directors, ownership structure

Procedia PDF Downloads 533

Authors: Tizian Matschak, Ilja Nastjuk, Stephan Kühnel, Simon Trang

Abstract:

We argue that besides well-known primary effects of information security controls (ISCs), namely confidentiality, integrity, and availability, ISCs can also have secondary effects. For example, while IT can add business value through impacts on business processes, ISCs can be a barrier and distort the relationship between IT and organizational value through the impact on business processes. By applying the Delphi method with 28 experts, we derived 27 business process influence dimensions of ISCs. Defining and understanding these mechanisms can change the common understanding of the cost-benefit valuation of IT security investments and support managers' effective and efficient decision-making.

Keywords: business process dimensions, dark side of information security, Delphi study, IT security controls

Procedia PDF Downloads 68

Authors: Omar Juhmani

Abstract:

This paper examines the relation between internal corporate governance and the level of corporate compliance with mandatory IFRS disclosure requirements. The internal corporate governance is measured by board and audit committee characteristics. Using data from Bahrain Stock Exchange, the results show that board independence is positively and significantly associated with level of compliance with IFRS disclosure requirements. This suggests that internal corporate governance mechanisms are effective in the financial reporting practices by increasing the level of compliance with IFRS disclosures. Also, the results of the regression analyses indicate that two of the control variables; company size and audit firm size are significantly positively associated with the level of corporate compliance with mandatory IFRS disclosure requirements in Bahrain.

Keywords: Bahrain, board and audit committee characteristics, compliance, disclosure, IFRS

Procedia PDF Downloads 392

Authors: Alon Cohen, Jeffrey Kantor, Shalom Levy

Abstract:

Technology adoption models are extensively used in the literature to explore drivers and inhibitors affecting the adoption of Computer Assisted Audit Techniques and Tools (CAATTs). Further studies from recent years suggested additional factors that may affect technology adoption by CPA firms. However, the adoption of CAATTs by financial auditors differs from the adoption of technologies in other industries. This is a result of the unique characteristics of the auditing process, which are expressed in the audit risk elements and the risk-based auditing approach, as encoded in the auditing standards. Since these audit risk factors are not part of the existing models that are used to explain technology adoption, these models do not fully correspond to the specific needs and requirements of the auditing domain. The overarching objective of this qualitative research is to fill the gap in the literature, which exists as a result of using generic technology adoption models. Followed by a pretest and based on semi-structured in-depth interviews with 16 Israeli CPA firms of different sizes, this study aims to reveal determinants related to audit risk factors that influence the adoption of CAATTs in audits and proposes a new modeling approach for the successful adoption of CAATTs. The findings emphasize several important aspects: (1) while large CPA firms developed their own inner guidelines to assess the audit risk components, other CPA firms do not follow a formal and validated methodology to evaluate these risks; (2) large firms incorporate a variety of CAATTs, including self-developed advanced tools. On the other hand, small and mid-sized CPA firms incorporate standard CAATTs and still need to catch up to better understand what CAATTs can offer and how they can contribute to the quality of the audit; (3) the top management of mid-sized and small CPA firms should be more proactive and updated about CAATTs capabilities and contributions to audits; and (4) All CPA firms consider professionalism as a major challenge that must be constantly managed to ensure an optimal CAATTs operation. The study extends the existing knowledge of CAATTs adoption by looking at it from a risk-based auditing approach. It suggests a new model for CAATTs adoption by incorporating influencing audit risk factors that auditors should examine when considering CAATTs adoption. Since the model can be used in various audited scenarios and supports strategic, risk-based decisions, it maximizes the great potential of CAATTs on the quality of the audits. The results and insights can be useful to CPA firms, internal auditors, CAATTs developers and regulators. Moreover, it may motivate audit standard-setters to issue updated guidelines regarding CAATTs adoption in audits.

Keywords: audit risk, CAATTs, financial auditing, information technology, technology adoption models

Procedia PDF Downloads 39

Authors: Sofia Ahanj Sofia Ahanj, Mahsa Rahmani Mahsa Rahmani, Zahra Sadeghigol, Vida Nobakht Vida Nobakht

Abstract:

Providing security in the electricity industry, as one of the vital infrastructures of the country, is one of the essential operations that must be taken in order to improve the security of the country. Resistant security strategies need to be regularly implemented as a dynamic process to improve security, and security evaluation is one of the most important steps in this process. Methodology in the field of evaluation in both technical and managerial dimensions is discussed in the laboratory. There are various standards in the field of general ICT technical-security evaluation. The most important are ISO / IEC 15408, ISO / IEC 27001 and NIST SP 800-53. In the present paper, these standards are first examined. Then, the standards and reports in the industrial field have been reviewed and compared, and finally, based on the results and special considerations of information and communication technology equipment in the electricity industry, the appropriate methodology has been presented.

Keywords: security standards, ISO/IEC 15408, ISA/IEC 62443 series, NIST SP 800-53, NISTIR 7628

Procedia PDF Downloads 126

Authors: Mohamed Sarrab, Hadj Bourdoucen

Abstract:

Mobile applications are verified to check the correctness or evaluated to check the performance with respect to specific security properties such as availability, integrity, and confidentiality. Where they are made available to the end users of the mobile application is achievable only to a limited degree using software engineering static verification techniques. The more sensitive the information, such as credit card data, personal medical information or personal emails being processed by mobile application, the more important it is to ensure the confidentiality of this information. Monitoring non-trusted mobile application during execution in an environment where sensitive information is present is difficult and unnerving. The paper addresses the issue of monitoring and controlling the flow of confidential information during non-trusted mobile application execution. The approach concentrates on providing a dynamic and usable information security solution by interacting with the mobile users during the run-time of mobile application in response to information flow events.

Keywords: mobile application, run-time verification, usable security, direct information flow

Procedia PDF Downloads 343

Authors: Belbahi Ahlam

Abstract:

With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. In order to come up with measures that make networks more secure, it is important to learn about the vulnerabilities that could exist in a computer network and then have an understanding of the typical attacks that have been carried out in such networks. The first half of this paper will expose the readers to the classical network attacks that have exploited the typical vulnerabilities of computer networks in the past and solutions that have been adopted since then to prevent or reduce the chances of some of these attacks. The second half of the paper will expose the readers to the different network security controls including the network architecture, protocols, standards and software/ hardware tools that have been adopted in modern day computer networks.

Keywords: network security, attacks and controls, computer and information, solutions

Procedia PDF Downloads 415

Authors: Nada Mouchfiq, Ahmed Habbani, Chaimae Benjbara

Abstract:

The security aspect of the IoT occupies a place of great importance especially after the evolution that has known this field lastly because it must take into account the transformations and the new applications .Blockchain is a new technology dedicated to the data sharing. However, this does not work the same way in the different systems with different operating principles. This article will discuss network security using the Blockchain to facilitate the sending of messages and information, enabling the use of new processes and enabling autonomous coordination of devices. To do this, we will discuss proposed solutions to ensure a high level of security in these networks in the work of other researchers. Finally, our article will propose a method of security more adapted to our needs as a team working in the ad hoc networks, this method is based on the principle of the Blockchain and that we named ”MPR Blockchain”.

Keywords: Ad hocs networks, blockchain, MPR, security

Procedia PDF Downloads 143

Authors: Liam Martin, Martha Watson

Abstract:

Patients with learning disabilities (LD) are at increased risk of physical and mental illness due to health inequality. To address this, NICE recommends that people from the age of 14 with a learning disability should have an annual LD health check. This consultation should include a holistic review of the patient’s physical, mental and social health needs with a view of creating an action plan to support the patient’s care. The expected standard set by the Quality and Outcomes Framework (QOF) is that each general practice should review at least 75% of their LD patients annually. During COVID-19, there have been barriers to primary care, including health anxiety, the shift to online general practice and the increase in GP workloads. A surgery in North London wanted to assess whether they were falling short of the expected standard for LD patient annual reviews in order to optimize care post Covid-19. A baseline audit was completed to assess how many LD patients were receiving their annual reviews over the period of 29th September 2020 to 29th September 2021. This information was accessed using EMIS Web Health Care System (EMIS). Patients included were aged 14 and over as per QOF standards. Doctors were not notified of this audit taking place. Following the results of this audit, the creation of learning disability clinics was recommended. These clinics were recommended to be on the ground floor and should be a dedicated time for LD reviews. A re-audit was performed via the same process 6 months later in March 2022. At the time of the baseline audit, there were 71 patients aged 14 and over that were on the LD register. 54% of these LD patients were found to have documentation of an annual LD review within the last 12 months. None of the LD patients between the ages of 14-18 years old had received their annual review. The results were discussed with the practice, and dedicated clinics were set up to review their LD patients. A second pass of the audit was completed 6 months later. This showed an improvement, with 84% of the LD patients registered at the surgery now having a documented annual review within the last 12 months. 78% of the patients between the ages of 14-18 years old had now been reviewed. The baseline audit revealed that the practice was not meeting the expected standard for LD patient’s annual health checks as outlined by QOF, with the most neglected patients being between the ages of 14-18. Identification and awareness of this vulnerable cohort is important to ensure measures can be put into place to support their physical, mental and social wellbeing. Other practices could consider an audit of their annual LD health checks to make sure they are practicing within QOF standards, and if there is a shortfall, they could consider implementing similar actions as used here; dedicated clinics for LD patient reviews.

Keywords: COVID-19, learning disability, learning disability health review, quality and outcomes framework

Procedia PDF Downloads 50

Authors: Justyna Żywiołek, Marek Matulewski

Abstract:

Data, is information processed by enterprises for primary and secondary purposes as processes. Thanks to processing, the sales process takes place; in the case of the surveyed companies, sales take place online. However, this indirect form of contact with the customer causes many problems for both customers and furniture manufacturers. The article presents solutions that would solve problems related to the analysis of data and information in the order fulfillment process sent to post-warranty service. The article also presents an analysis of threats to the security of this information, both for customers and the enterprise.

Keywords: ordering furniture online, information security, furniture industry, enterprise security, risk analysis

Procedia PDF Downloads 13

Authors: Redha Elhuni

Abstract:

The purpose of this paper is to find out the impact of Quality Management System (QMS) ISO/IEC 17025:2005 certification audit on company’s Performance. Libyan petroleum Institute has been certified ISO/IEC 17025:2005 for 8 years. Therefore, it is necessary to study and analyze the impact of that certification on its performance. Survey study has been done by distributing a questionnaire by handing it personally to qualified staff in the 15 accredited laboratories in the institute. The response rate was 66.6%. The statistical operations with the results of analytical study have been done to achieve the goal and objectives of the research. Finally, ISO/IEC 17025:2005 certification audit is found to have a positive effect on the institute’s performance.

Keywords: auditing process, ISO/IEC 17025:2005, quality management system, Libyan petroleum institute

Procedia PDF Downloads 326

Authors: Sara Ibn El Ahrache, Tajje-eddine Rachidi, Hassan Badir, Abderrahmane Sbihi

Abstract:

Recently, there has been increasing confidence for a favorable usage of big data drawn out from the huge amount of information deposited in a cloud computing system. Data kept on such systems can be retrieved through the network at the user’s convenience. However, the data that users send include private information, and therefore, information leakage from these data is now a major social problem. The usage of secret sharing schemes for cloud computing have lately been approved to be relevant in which users deal out their data to several servers. Notably, in a (k,n) threshold scheme, data security is assured if and only if all through the whole life of the secret the opponent cannot compromise more than k of the n servers. In fact, a number of secret sharing algorithms have been suggested to deal with these security issues. In this paper, we present a Mapreduce implementation of Shamir’s secret sharing scheme to increase its performance and to achieve optimal security for cloud data. Different tests were run and through it has been demonstrated the contributions of the proposed approach. These contributions are quite considerable in terms of both security and performance.

Keywords: cloud computing, data security, Mapreduce, Shamir's secret sharing

Procedia PDF Downloads 271

Authors: Ossama Matrane

Abstract:

Information System has become a strategic lever for enterprises. It contributes effectively to align business processes on strategies of enterprises. It is regarded as an increase in productivity and effectiveness. So, many organizations are currently involved in implementing sustainable Information System. And, a large number of studies have been conducted the last decade in order to define the success factors of information system. Thus, many studies on maturity model have been carried out. Some of this study is referred to the maturity model of Information System. In this article, we report on development of maturity models specifically designed for information system. This model is built based on three components derived from Maturity Model for Information Security Management, OPM3 for Project Management Maturity Model and processes of COBIT for IT governance. Thus, our proposed model defines three maturity stages for corporate a strong Information System to support objectives of organizations. It provides a very practical structure with which to assess and improve Information System Implementation.

Keywords: information system, maturity models, information security management, OPM3, IT governance

Procedia PDF Downloads 411

Authors: Nabil El Kadhi, Minerva M. Bunagan

Abstract:

The dynamism in education, particularly in the area of teaching, learning and assessment has caused Higher Education Institutions (HEIs) worldwide to seek for ways to continuously improve their educational processes. HEIs use outcomes of institutional audits, assessments and accreditations, for improvement. In this study, the published institutional audit reports of HEIs in the Sultanate of Oman were analyzed to produce features of good practice; identify challenges along Teaching, Learning Assessment (TLA); and propose a framework that puts major emphasis in having a quality-assured TLA, including a set of principles that can be used as basis in succeeding an institutional visit. The TLA framework, which shows the TLA components, characteristics of the components, related expectation, including implementation tool/ strategy and pitfalls can be used by HEIs to have an adequate understanding of the scope of audit and be able to satisfy institutional audit requirements. The scope of this study can be widened by exploring the other requirements of the Institutional Audits in the Sultanate of Oman, particularly the area on Governance and Management and Student Support Services.

Keywords: accreditation, audit, teaching, learning and assessment, quality assurance

Procedia PDF Downloads 267

Authors: G. T. Aigarinova

Abstract:

This article considers the legal issues of food security as a major component of national security of the republic. The problem of food security is the top priority of the economic policy strategy of any state, the effectiveness of this solution influences social, political, and ethnic stability in society. Food security and nutrition is everyone’s business. Food security exists when all people, at all times, have physical, social and economic access to sufficient safe and nutritious food that meets their dietary needs and food preferences for an active and healthy life. By analyzing the existing legislation in the area of food security, the author identifies weaknesses and gaps, suggesting ways to improve it.

Keywords: food security, national security, agriculture, public resources, economic security

Procedia PDF Downloads 387

Authors: Jan Stodt, Christoph Reich

Abstract:

The usage of machine learning models for prediction is growing rapidly and proof that the intended requirements are met is essential. Audits are a proven method to determine whether requirements or guidelines are met. However, machine learning models have intrinsic characteristics, such as the quality of training data, that make it difficult to demonstrate the required behavior and make audits more challenging. This paper describes an ML audit framework that evaluates and reviews the risks of machine learning applications, the quality of the training data, and the machine learning model. We evaluate and demonstrate the functionality of the proposed framework by auditing an steel plate fault prediction model.

Keywords: audit, machine learning, assessment, metrics

Procedia PDF Downloads 231

Authors: Maryam Shayan

Abstract:

Programming frameworks have been utilized as a part of chemical industry process safety operation and configuration to enhance its effectiveness. This paper gives a brief survey and investigation of the best in class and effects of programming frameworks in process security. A study was completed by talking staff accountable for procedure wellbeing practices in the Iranian chemical process industry and diving into writing of innovation for procedure security. This article investigates the useful and operational attributes of programming frameworks for security and endeavors to sort the product as indicated by its level of effect in the administration chain of importance. The study adds to better comprehension of the parts of Information Communication Technology in procedure security, the future patterns and conceivable gaps for innovative work.

Keywords: programming frameworks, chemical industry process, process security, administration chain, information communication technology

Procedia PDF Downloads 331

Authors: Mujeeb Saif Mohsen Al-Absy, Ku Nor Izah Ku Ismail, Sitraselvi Chandren

Abstract:

This study examines whether corporate governance (CG) mechanisms in firms that have a whistle-blowing policy (WHBLP) are more effective in constraining earnings management (EM), than those without. A sample of 288 Malaysian firms for the years 2013 to 2015, amounting to 864 firm-years were grouped into firms with and without WHBLP. Results show that for firms without WHBLP, the board chairman tenure would minimize EM activities. Meanwhile, for firms with WHBLP, board chairman independence, board chairman tenure, audit committee size, audit committee meeting and women in the audit committees are found to be associated with less EM activities. Further, it is found that ownership concentration and Big 4 auditing firms help to reduce EM activities in firms with WHBLP, while not in firms without WHBLP. Hence, functional and effective governance can be achieved by having a WHBLP, which is in line with agency and resource dependent theories. Therefore, this study suggests that firms should have a WHBLP in place, and policymakers should come up with enhanced criteria to strengthen the mechanisms of WHBLP.

Keywords: corporate governance, earnings management, whistle-blowing policy, audit committee, board of directors

Procedia PDF Downloads 101

Authors: A. S. CohenMiller, Jenifer Lewis, Gwen McEvoy, Kristy Kelly

Abstract:

This international, interdisciplinary study presents the first stage of a gender mainstreaming project within one university as a microcosm of society in Kazakhstan to make concrete policy recommendations and set up the potential for new research to monitor change over time. Local, regional, and UN representatives have noted the critical need and interest in gender related issues in Kazakhstan. Gender mainstreaming has been noted as a strategy to understand and address gender equality and equity such as within the academy in exploring and examining organizational/management issues, university decision-making and leadership, assessing the overall academic climate, discrimination issues, hiring and promotion, and student recruitment and retention. This presentation provides preliminary findings from the university gender audit, highlighting key elements for moving forward in gender mainstreaming. The full study analyzes findings from the full gender audit including interview with key stakeholders, time-use surveys, participant-observations and interviews with female students, staff and faculty, and reviews of formal organizational policies and practices.

Keywords: academia, equity, Eurasia, gender audit, gender mainstreaming, Kazakhstan, policy, time-use survey

Procedia PDF Downloads 368

Authors: Jeonghwan Jeon, Mintak Han, Youngjun Kim

Abstract:

Due to the rapid development of information and communication technology (ICT), a substantial transformation is currently happening in the society. As the range of intelligent technologies and services is continuously expanding, ‘things’ are becoming capable of communicating one another and even with people. However, such “Internet of Things” has the technical weakness so that a great amount of such information transferred in real-time may be widely exposed to the threat of security. User’s personal data are a typical example which is faced with a serious security threat. The threats of security will be diversified and arose more frequently because next generation of unfamiliar technology develops. Moreover, as the society is becoming increasingly complex, security vulnerability will be increased as well. In the existing literature, a considerable number of private and public reports that forecast future society have been published as a precedent step of the selection of future technology and the establishment of strategies for competitiveness. Although there are previous studies that forecast security technology, they have focused only on technical issues and overlooked the interrelationships between security technology and social factors are. Therefore, investigations of security threats in the future and security technology that is able to protect people from various threats are required. In response, this study aims to derive potential security threats associated with the development of technology and to explore the security technology that can protect against them. To do this, first of all, private and public reports that forecast future and online documents from technology-related communities are collected. By analyzing the data, future issues are extracted and categorized in terms of STEEP (Society, Technology, Economy, Environment, and Politics), as well as security. Second, the components of potential security threats are developed based on classified future issues. Then, points that the security threats may occur –for example, mobile payment system based on a finger scan technology– are identified. Lastly, alternatives that prevent potential security threats are proposed by matching security threats with points and investigating related security technologies from patent data. Proposed approach can identify the ICT-related latent security menaces and provide the guidelines in the ‘problem – alternative’ form by linking the threat point with security technologies.

Keywords: future society, information and communication technology, security technology, technology forecasting

Procedia PDF Downloads 435

Authors: Leandi Steenkamp

Abstract:

The sectional title industry has been a part of the property landscape in South Africa for almost half a century, and plays a significant role in addressing the housing problem in the country. Stakeholders such as owners and investors in sectional title property are in most cases not directly involved in the management thereof, and place reliance on the audited annual financial statements of bodies corporate for decision-making purposes. Although the industry seems to be highly regulated, the legislation regarding accounting and auditing of sectional title is vague and ambiguous. Furthermore, there are no industry-specific auditing and accounting standards to guide accounting and auditing practitioners in performing their work and industry financial benchmarks are not readily available. In addition, financial pressure on sectional title schemes is often very high due to the fact that some owners exercise unrealistic pressure to keep monthly levies as low as possible. All these factors have an impact on the business risk as well as audit risk of bodies corporate. Very little academic research has been undertaken on the sectional title industry in South Africa from an accounting and auditing perspective. The aim of this paper is threefold: Firstly, to discuss the findings of a literature review on uncertainties, ambiguity and confusing aspects in current legislation regarding the audit of a sectional title property that may cause or increase audit and business risk. Secondly, empirical findings of risk-related aspects from the results of interviews with three groups of body corporate role-players will be discussed. The role-players were body corporate trustee chairpersons, body corporate managing agents and accounting and auditing practitioners of bodies corporate. Specific reference will be made to business risk and audit risk. Thirdly, practical recommendations will be made on possibilities of closing the audit expectation gap, and further research opportunities in this regard will be discussed.

Keywords: assurance, audit, audit risk, body corporate, corporate governance, sectional title

Procedia PDF Downloads 233

Authors: Lethola Tshikose, Munyaradzi Katurura

Abstract:

Information and Communication Technology (ICT) plays a critical role in improving daily healthcare processes. The South African healthcare organizations have adopted Information Systems to integrate their patient records. This has made it much easier for healthcare organizations because patient information can now be accessible at any time. The primary purpose of this research study was to investigate the best practices that can be applied to enhance patient security and confidentiality when using e-health systems in South Africa. Security and confidentiality are critical in healthcare organizations as they ensure safety in EHRs. The research study used an inductive research approach that included a thorough literature review; therefore, no data was collected. The research paper’s scope included patient data and possible security threats associated with healthcare systems. According to the study, South African healthcare organizations discovered various patient data security and confidentiality issues. The study also revealed that when it comes to handling patient data, health professionals sometimes make mistakes. Some may not be computer literate, which posed issues and caused data to be tempered with. The research paper recommends that healthcare organizations ensure that security measures are adequately supported and promoted by their IT department. This will ensure that adequate resources are distributed to keep patient data secure and confidential. Healthcare organizations must correctly use standards set up by IT specialists to solve patient data security and confidentiality issues. Healthcare organizations must make sure that their organizational structures are adaptable to improve security and confidentiality.

Keywords: E-health, EHR, security, confidentiality, healthcare

Procedia PDF Downloads 19

Authors: Tio Novita Efriani

Abstract:

Public sector organizations work in a complex and risky environment. Since the beginning of 2000s, the public sector has paid attention to the need for an effective risk management. The Indonesian public sector has also concerned about this issue and in 2008 it enacted the Government Regulation that gives mandate for the implementation of risk management in government organizations. This paper investigates risk management implementation in the Indonesian public sector organizations and the role of transformational leadership and internal audit activities. Data was collected via survey. A total of 202 effective responses (30% response rate) from employees in 34 government ministries were statistically analyzed by using Partial least square structural equation modelling (PLS-SEM) and the software was SmartPLS 3.0. All the constructs were lower order, except for the risk management implementation construct, which was treated as a second-order construct. A two-stage approach was employed in the analysis of the higher order component. The findings revealed that transformational leadership positively influence risk management implementation. The findings also found that the core and legitimate roles of internal audit in risk management positively affect the implementation of risk management. The final finding showed that internal auditing mediates a relationship between transformational leadership and risk management implementation. These results suggest that the implementation of risk management in the Indonesian public sector was significantly supported by internal auditors and leadership. The findings confirm the importance of transformational leadership and internal audit in the public sector risk management strategies.

Keywords: Indonesian public sector, internal audit, risk management, transformational leadership

Procedia PDF Downloads 164

Authors: Eithan Hourie, Miki Malul, Raphael Bar-El

Abstract:

To investigate the relationship between various welfare policies and the value of job security, we conducted a study with 201 people regarding their assessments of the value of job security with respect to three elements: income stability, assurance of continuity of employment, and security in the job. The experiment simulated different welfare policy scenarios, such as the amount and duration of unemployment benefits, workfare, and basic income. The participants evaluated the value of job security in various situations. We found that the value of job security is approximately 22% of the starting salary, which is distributed as follows: 13% reflects income security, 8.7% reflects job security, and about 0.3% is for being able to keep their current employment in the future. To the best of our knowledge, this article is one of the pioneers in trying to quantify the value of job security in different market scenarios and at varying levels of welfare policy. Our conclusions may help decision-makers when deciding on a welfare policy.

Keywords: job security value, employment protection legislation, status quo bias, expanding welfare policy

Procedia PDF Downloads 68

Authors: Ranbir Singh, Deepinder Kaur

Abstract:

Network security is an important aspect in every field like government offices, Educational Institute and any business organization. Network security consists of the policies adopted to prevent and monitor forbidden access, misuse, modification, or denial of a computer network. Network security is very complicated subject and deal by only well trained and experienced people. However, as more and more people become wired, an increasing number of people need to understand the basics of security in a networked world. The history of the network security included an introduction to the TCP/IP and interworking. Network security starts with authenticating, commonly with a username and a password. In this paper, we study about various types of attacks on network security and how to handle or prevent this attack.

Keywords: network security, attacks, denial, authenticating

Procedia PDF Downloads 365

Authors: Bassem Saleh, Hussam Nusair, Nariman Al Zubadi, Shams Al Shloul, Usama Saleh

Abstract:

The nursing round system (NRS) means checking patients on an hourly basis during the A (0700–2200 h) shift and once every 2 h during the B (2200–0700 h) by the assigned nursing staff. The overall goal of this prospective study is to implement an NRS in a major rehabilitation centre—Sultan Bin Abdulaziz Humanitarian City—in the Riyadh area of the Kingdom of Saudi Arabia. The purposes of this study are to measure the effect of the NRS on: (i) the use of patient call light; (ii) the number of incidences of patients’ fall; (iii) the number of incidences of hospital-acquired bed sores; and (iv) the level of patients’ satisfaction. All patients hospitalized in the male stroke unit will be involved in this study. For the period of 8 weeks (17 December 2009–17 February 2010) All Nursing staff on the unit will record each call light and the patient’s need. Implementation of the NRS would start on 18 February 2010 and last for 8 weeks, until 18 April 2010. Data collected throughout this period will be compared with data collected during the 8 weeks period immediately preceding the implementation of the NRS (17 December 2009–17 February 2010) in order to measure the impact of the call light use. The following information were collected on all subjects involved in the study: (i) the Demographic Information Form; (ii) authors’ developed NRS Audit Form; (iii) Patient Call Light Audit Form; (iv) Patient Fall Audit Record; (v) Hospital-Acquired Bed Sores Audit Form; and (vi) hospital developed Patient Satisfaction Records. The findings suggested that a significant reduction on the use of call bell (P < 0.001), a significant reduction of fall incidence (P < 0.01) while pressure ulcer reduced by 50% before and after the implementation of NRS. In addition, the implementation of NRS increased patient satisfaction by 7/5 (P < 0.05).

Keywords: call light, patient-care management, patient safety, patient satisfaction, rounds

Procedia PDF Downloads 328

Authors: El Miloudi Djelloul

Abstract:

Based on analysis on applications by perception control technology in computer network security status and security protection measures, from the angles of network physical environment and network software system environmental security, this paper provides network security system perception control solution using Internet of Things (IOT), telecom and other perception technologies. Security Perception Control System is in the computer network environment, utilizing Radio Frequency Identification (RFID) of IOT and telecom integration technology to carry out integration design for systems. In the network physical security environment, RFID temperature, humidity, gas and perception technologies are used to do surveillance on environmental data, dynamic perception technology is used for network system security environment, user-defined security parameters, security log are used for quick data analysis, extends control on I/O interface, by development of API and AT command, Computer Network Security Perception Control based on Internet and GSM/GPRS is achieved, which enables users to carry out interactive perception and control for network security environment by WEB, E-MAIL as well as PDA, mobile phone short message and Internet. In the system testing, through middle ware server, security information data perception in real time with deviation of 3-5% was achieved; it proves the feasibility of Computer Network Security Perception Control System.

Keywords: computer network, perception control system security strategy, Radio Frequency Identification (RFID)

Procedia PDF Downloads 408

Authors: E. Cenderelli, E. Bruno, G. Iacoviello, A. Lazzini

Abstract:

The financial sector is exposed to the risk of cyber-attacks like any other industrial sector. Furthermore, the topic of CybeRisk (cyber risk) has become particularly relevant given that Information Technology (IT) attacks have increased drastically in recent years, and cannot be stopped by single organizations requiring a response at international and national level. IT risk is never a matter purely for the IT manager, although he clearly plays a key role. A bank's risk management function requires a thorough understanding of the evolving risks as well as the tools and practical techniques available to address them. Upon the request of European and national legislation regarding CybeRisk in the financial system, banks are therefore called upon to strengthen the operational model for CybeRisk management. This will require an important change with a more intense collaboration with the structures that deal with information security for the development of an ad hoc system for the evaluation and control of this type of risk. The aim of the work is to propose a framework for the management and control of CybeRisk that will bridge the gap in the literature regarding the understanding and consideration of CybeRisk as an integral part of business management. The IT function has a strong relevance in the management of CybeRisk, which is perceived mainly as operational risk, but with a positive tendency on the part of risk management to the identification of CybeRisk assessment methods that are increasingly complete, quantitative and able to better describe the possible impacts on the business. The paper provides answers to the research questions: Is it possible to define a CybeRisk governance structure able to support the comparison between risk and security? How can the relationships between IT assets be integrated into a cyberisk assessment framework to guarantee a system of protection and risks control? From a methodological point of view, this research uses a case study approach. The choice of “Monte dei Paschi di Siena” was determined by the specific features of one of Italy’s biggest lenders. It is chosen to use an intensive research strategy: an in-depth study of reality. The case study methodology is an empirical approach to explore a complex and current phenomenon that develops over time. The use of cases has also the advantage of allowing the deepening of aspects concerning the "how" and "why" of contemporary events, on which the scholar has little control. The research bases on quantitative data and qualitative information obtained through semi-structured interviews of an open-ended nature and questionnaires to directors, members of the audit committee, risk, IT and compliance managers, and those responsible for internal audit function and anti-money laundering. The added value of the paper can be seen in the development of a framework based on a mapping of IT assets from which it is possible to identify their relationships for purposes of a more effective management and control of cyber risk.

Keywords: bank, CybeRisk, information technology, risk management

Procedia PDF Downloads 205

Authors: Ritsuko Kawasaki (Aiba), Takeshi Hiromatsu

Abstract:

Management is required to understand all information security risks within an organization, and to make decisions on which information security risks should be treated in what level by allocating how much amount of cost. However, such decision-making is not usually easy, because various measures for risk treatment must be selected with the suitable application levels. In addition, some measures may have objectives conflicting with each other. It also makes the selection difficult. Moreover, risks generally have trends and it also should be considered in risk treatment. Therefore, this paper provides the extension of the model proposed in the previous study. The original model supports the selection of measures by applying a combination of weighted average method and goal programming method for multi-objective analysis to find an optimal solution. The extended model includes the notion of weights to the risks, and the larger weight means the priority of the risk.

Keywords: information security risk treatment, selection of risk measures, risk acceptance, multi-objective optimization

Procedia PDF Downloads 420