Search results for: information security audit

Authors: E. Cenderelli, E. Bruno, G. Iacoviello, A. Lazzini

Abstract:

The financial sector is exposed to the risk of cyber-attacks like any other industrial sector. Furthermore, the topic of CybeRisk (cyber risk) has become particularly relevant given that Information Technology (IT) attacks have increased drastically in recent years, and cannot be stopped by single organizations requiring a response at international and national level. IT risk is never a matter purely for the IT manager, although he clearly plays a key role. A bank's risk management function requires a thorough understanding of the evolving risks as well as the tools and practical techniques available to address them. Upon the request of European and national legislation regarding CybeRisk in the financial system, banks are therefore called upon to strengthen the operational model for CybeRisk management. This will require an important change with a more intense collaboration with the structures that deal with information security for the development of an ad hoc system for the evaluation and control of this type of risk. The aim of the work is to propose a framework for the management and control of CybeRisk that will bridge the gap in the literature regarding the understanding and consideration of CybeRisk as an integral part of business management. The IT function has a strong relevance in the management of CybeRisk, which is perceived mainly as operational risk, but with a positive tendency on the part of risk management to the identification of CybeRisk assessment methods that are increasingly complete, quantitative and able to better describe the possible impacts on the business. The paper provides answers to the research questions: Is it possible to define a CybeRisk governance structure able to support the comparison between risk and security? How can the relationships between IT assets be integrated into a cyberisk assessment framework to guarantee a system of protection and risks control? From a methodological point of view, this research uses a case study approach. The choice of “Monte dei Paschi di Siena” was determined by the specific features of one of Italy’s biggest lenders. It is chosen to use an intensive research strategy: an in-depth study of reality. The case study methodology is an empirical approach to explore a complex and current phenomenon that develops over time. The use of cases has also the advantage of allowing the deepening of aspects concerning the "how" and "why" of contemporary events, on which the scholar has little control. The research bases on quantitative data and qualitative information obtained through semi-structured interviews of an open-ended nature and questionnaires to directors, members of the audit committee, risk, IT and compliance managers, and those responsible for internal audit function and anti-money laundering. The added value of the paper can be seen in the development of a framework based on a mapping of IT assets from which it is possible to identify their relationships for purposes of a more effective management and control of cyber risk.

Keywords: bank, CybeRisk, information technology, risk management

Procedia PDF Downloads 210

Authors: Maya Agarwala

Abstract:

Objectives: Audit the quality of clinical photographs taken for Orthodontic patients at Queen’s hospital, Romford. Design and setting: All Orthodontic photographs are taken in the Medical Photography Department at Queen’s Hospital. Retrospective audit with data collected between January - March 2023. Gold standard: Institute of Medical Illustrators (IMI) standard 12 photographs: 6 extraoral and 6 intraoral. 100% of patients to have the standard 12 photographs meeting a satisfactory diagnostic quality. Materials and methods: 30 patients randomly selected. All photographs analysed against the IMI gold standard. Results: A total of 360 photographs were analysed. 100% of the photographs had the 12 photographic views. Of which, 93.1% met the gold standard. Of the extraoral photos: 99.4% met the gold standard, 0.6% had incorrect head positioning. Of the intraoral photographs: 87.2% met the gold standard. The most common intraoral errors were: the presence of saliva pooling (7.2%), insufficient soft tissue retraction (3.3%), incomplete occlusal surface visibility (2.2%) and mirror fogging (1.1%). Conclusion: The gold standard was not met, however the overall standard of Orthodontic photographs is high. Further training of the Medical Photography team is needed to improve the quality of photographs. Following the training, the audit will be repeated. High-quality clinical photographs are an important part of clinical record keeping.

Keywords: orthodontics, paediatric, photography, audit

Procedia PDF Downloads 54

Authors: Krisna Damayanti

Abstract:

Negative issue about the relationship between auditors and clients often heard. It arises in view of the rise of a variety of phenomena resulting from the audit practice of greed and do not appreciate the independence of the audit profession and professional code of ethics. It is a logical consequence of the practice of capitalism in accounting. The purpose of this paper would like to uncover the existing auditing practices in Indonesia, especially Java, which is associated with a strong influence of Javanese culture with reluctant/"shy", politely, "legowo", "ngemong" friendly, "not mentholo", "tepo seliro", "ngajeni", "acquiescent". The method used by interpretive approach that emphasizes the role of language, interpret and understand and see social reality as something other than a label, name or concept. Auditing practices in each country has a culture that will affect the standard set by those regulatory standards although there has been an adaptation of IAS. In Indonesia the majority of parties dominated by Javanesse racial regulators, so Java culture is embedded in every audit practices thus conditions in Java requires auditors to behave like that, sometimes interfere with standard Java code of conduct that must be executed by an auditor. Auditors who live in Java have the characters of Javanese culture that is hard to avoid in the audit practice. However, in practice, the auditor still are relevant in their profession.

Keywords: auditors, java, character, profession, code of ethics, client

Procedia PDF Downloads 410

Authors: Charles Amoo, Joshua New, Bill Eckman

Abstract:

Buildings in the United States account for a significant proportion of energy consumption and greenhouse gas (GHG) emissions, and this trend is expected to continue as well as rise in the near future. Low-income households, in particular, bear a disproportionate burden of high building energy consumption and spending due to high energy costs. Energy efficiency improvements need to reach an average of 4% per year in this decade in order to meet global net zero emissions target by 2050, but less than 1 % of U.S. buildings are improved each year. The government has recognized the importance of technology in addressing this issue, and energy efficiency programs have been developed to tackle the problem. The Weatherization Assistance Program (WAP), the largest residential whole-house energy efficiency program in the U.S., is specifically designed to reduce energy costs for low-income households. Under the WAP, energy auditors must follow specific audit procedures and use Department of Energy (DOE) approved energy audit tools or software. This article proposes an expanded framework of factors that should be considered in energy audit software that is approved for use in energy efficiency programs, particularly for low-income households. The framework includes more than 50 factors organized under 14 assessment criteria and can be used to qualitatively and quantitatively score different energy audit software to determine their suitability for specific energy efficiency programs. While the tool can be useful for developers to build new tools and improve existing software, as well as for energy efficiency program administrators to approve or certify tools for use, there are limitations to the model, such as the lack of flexibility that allows continuous scoring to accommodate variability and subjectivity. These limitations can be addressed by using aggregate scores of each criterion as weights that could be combined with value function and direct rating scores in a multicriteria decision analysis for a more flexible scoring.

Keywords: buildings, energy efficiency, energy audit, software

Procedia PDF Downloads 48

Authors: Amani A. Saad, Ahmed A. El-Farag, El-Sayed A. Helali

Abstract:

Cloud computing is an important and promising field in the recent decade. Cloud computing allows sharing resources, services and information among the people of the whole world. Although the advantages of using clouds are great, but there are many risks in a cloud. The data security is the most important and critical problem of cloud computing. In this research a new security model for cloud computing is proposed for ensuring secure communication system, hiding information from other users and saving the user's times. In this proposed model Blowfish encryption algorithm is used for exchanging information or data, and SHA-2 cryptographic hash algorithm is used for data integrity. For user authentication process a user-name and password is used, the password uses SHA-2 for one way encryption. The proposed system shows an improvement of the processing time of uploading and downloading files on the cloud in secure form.

Keywords: cloud Ccomputing, data security, SAAS, PAAS, IAAS, Blowfish

Procedia PDF Downloads 451

Authors: Andrew John Zeller, Francis Pouatcha

Abstract:

Working according to the DevOps principle has gained in popularity over the past decade. While its extension DevSecOps started to include elements of cybersecurity, most real-life projects do not focus risk and security until the later phases of a project as teams are often more familiar with engineering and infrastructure services. To help bridge the gap between security and engineering, this paper will take six building blocks of cybersecurity and apply them to the DevOps approach. After giving a brief overview of the stages in the DevOps lifecycle, the main part discusses to what extent six cybersecurity blocks can be utilized in various stages of the lifecycle. The paper concludes with an outlook on how to stay up to date in the dynamic world of cybersecurity.

Keywords: information security, data security, cybersecurity, devOps, IT management

Procedia PDF Downloads 72

Authors: Da Eun Sung

Abstract:

In today’s world, cyber security has become an important international agenda. As the information age has arrived, the need for cyber defense against cyber attacks is mounting, and the significance of cyber cooperation in the international community is drawing attention. Through the course, international society has agreed that the institutionalization of international norms dealing with cyber space and cyber security is crucial ever. Nevertheless, the West, led by the United States of America, and 'the East', composed of Russia and China, have shown conflicting views on forming international norms and principles which would regulate and ward off the possible threats in cyber space. Thus, the international community hasn’t yet to reach an agreement on cyber security. In other words, the difference between both sides on the approach and understanding of principles, objects, and the definition has rendered such. Firstly, this dissertation will cover the Russia’s perception, strategy, and definition on cyber security through analyzing primary source. Then, it will delve into the two contrasting cyber security strategy between Russia and the US by comparing them. And in the conclusion, it will seek the possible solution for the cooperation in the field of cyber security. It is quite worthwhile to look into Russia’s views, which is the main counterpart to the US in this field, especially when the efforts to institutionalize cyber security by the US-led international community have met with their boundaries, and when the legitimacy of them have been challenged.

Keywords: cyber security, cyber security strategic, international relation in cyberspace, Russia

Procedia PDF Downloads 276

Authors: Amirhossein Safi

Abstract:

Internet of things (IOT) is a kind of advanced information technology which has drawn societies’ attention. Sensors and stimulators are usually recognized as smart devices of our environment. Simultaneously, IOT security brings up new issues. Internet connection and possibility of interaction with smart devices cause those devices to involve more in human life. Therefore, safety is a fundamental requirement in designing IOT. IOT has three remarkable features: overall perception, reliable transmission, and intelligent processing. Because of IOT span, security of conveying data is an essential factor for system security. Hybrid encryption technique is a new model that can be used in IOT. This type of encryption generates strong security and low computation. In this paper, we have proposed a hybrid encryption algorithm which has been conducted in order to reduce safety risks and enhancing encryption's speed and less computational complexity. The purpose of this hybrid algorithm is information integrity, confidentiality, non-repudiation in data exchange for IOT. Eventually, the suggested encryption algorithm has been simulated by MATLAB software, and its speed and safety efficiency were evaluated in comparison with conventional encryption algorithm.

Keywords: internet of things, security, hybrid algorithm, privacy

Procedia PDF Downloads 431

Authors: Shuofen Hsu, Ya-Yi Chao, Chao-Wei Li

Abstract:

This paper investigates the factors of whether firms’ quarterly consolidated financial statements to be voluntary reviewed by auditor. To promote the information transparency, the Financial Supervisory Commission of Executive Yuan in Taiwan ruled the Taiwanese listed companies should announce the first and third quarterly consolidated financial statements since 2008 to 2012, while the Commission didn’t require the consolidated financial statements should be reviewed by auditors. This is a very special practice in emerging market, especially in Taiwan. The valuable data of this period is suitable for us to research the determinants of firms’ voluntary review decision in emerging markets. We collected the auditors' report of each company and each year of Taiwanese listed companies since 2008 to 2012 for our research samples. We use probit model to test and analyze the determinants of voluntary review decision of the first and third quarterly consolidated financial statements. Our empirical result shows that the firms whose first and third quarterly consolidated financial statements are voluntary to be reviewed by auditors have better ranking of information transparency, higher audit quality, and better corporate governance, suggesting that voluntary review is a good signal to firms’ better information and corporate governance quality.

Keywords: voluntary review, information transparency, audit quality, quarterly consolidated financial statements

Procedia PDF Downloads 219

Authors: Kenny Onayemi

Abstract:

In an era where academic institutions increasingly rely on information technology, the security of academic networks has emerged as a paramount concern. This comprehensive study delves into the effectiveness of security practices, including network mapping, vulnerability scanning, and penetration testing, within academic networks. Leveraging data from surveys administered to faculty, staff, IT professionals and IT students in the university, the study assesses their familiarity with these practices, perceived effectiveness, and frequency of implementation. The findings reveal that a significant portion of respondents exhibit a strong understanding of network mapping, vulnerability scanning, and penetration testing, highlighting the presence of knowledgeable professionals within academic institutions. Additionally, active scanning using network scanning tools and automated vulnerability scanning tools emerge as highly effective methods. However, concerns arise as the respondents show that the academic institutions conduct these practices rarely or never. Notably, many respondents have reported significant vulnerabilities or security incidents through these security measures within their institution. This study concludes with recommendations to enhance network security awareness and practices among faculty, staff, IT personnel, and students, ultimately fortifying the security posture of academic networks in the digital age.

Keywords: network security, academic networks, vulnerability scanning, penetration testing, information security

Procedia PDF Downloads 22

Authors: Mardiyansyah Mardiyansyah, Hendrik Maulana, Eka Kurnia Sari, Imam Baehaki, Mohammad Agus Prihandono

Abstract:

Mobile device has become a key feature in Indonesian society and the economy, including government and private sector. Enterprises and government agencies already have a concern about mobile device security. However, small and medium enterprises (SME) do not have that sense yet, especially the new startups company. Indonesia has several laws, regulations, and standards for managing security in mobile devices. Currently, Indonesian information security policies have not been harmonized, each government organization and large enterprise has its own rules and policies. It leads to a conflict of interest among government agencies. This will certainly cause ineffectiveness in the implementation of policies. Therefore, an analysis of various government policies, regulations, and standards related to information security, especially on mobile devices, is carried out. This analysis is conducted to map the existing regulatory policies and standards into practical guidelines regarding NIST's information security to show the effectiveness of NIST SP 1800-4 towards existing policies. This work focused on the mapping of the NIST SP 1800-4 framework towards existing regulations, standards, and guidelines in Indonesia. The research approach is literature study to identify existing regulations, standards, and guidelines then the regulation mapped into the NIST SP 1800-4 framework and analyzed whether the framework could be applied to the organization in Indonesia. Finally, the finding and recommendations by documenting the security characteristics can be concluded. Based on the research finding, some of the regulations, standards, and guidelines in Indonesia are relevant to the elements in the NIST SP 1800-4 framework. From mapping analysis, the strength and weakness of mobile device security in Indonesia can be reported. It also can be concluded that the application of NIST SP 1800-4 can improve the effectiveness of mobile device security policies in Indonesia.

Keywords: mobile security, mobile security framework, NIST SP 1800-4, regulations

Procedia PDF Downloads 122

Authors: Kang Huang, Wanting Zhou, Shiwei Yuan, Lei Li

Abstract:

Since information technology develops rapidly, the security issue has become an increasingly critical for computer system. In particular, as cloud computing and the Internet of Things (IoT) continue to gain widespread adoption, computer systems need to new security threats and attacks. The Root of Trust (RoT) is the foundation for providing basic trusted computing, which is used to verify the security and trustworthiness of other components. Design a reliable Root of Trust and guarantee its own security are essential for improving the overall security and credibility of computer systems. In this paper, we discuss the implementation of self-security technology based on the RISC-V Root of Trust at the hardware level. To effectively safeguard the security of the Root of Trust, researches on security safeguard technology on the Root of Trust have been studied. At first, a lightweight and secure boot framework is proposed as a secure mechanism. Secondly, two kinds of memory protection mechanism are built to against memory attacks. Moreover, hardware implementation of proposed method has been also investigated. A series of experiments and tests have been carried on to verify to effectiveness of the proposed method. The experimental results demonstrated that the proposed approach is effective in verifying the integrity of the Root of Trust’s own boot rom, user instructions, and data, ensuring authenticity and enabling the secure boot of the Root of Trust’s own system. Additionally, our approach provides memory protection against certain types of memory attacks, such as cache leaks and tampering, and ensures the security of root-of-trust sensitive information, including keys.

Keywords: root of trust, secure boot, memory protection, hardware security

Procedia PDF Downloads 148

Authors: Alexander G. Yushchenko

Abstract:

From a multi-science point of view, we analyze threats to security resulting from globalization of international information space and information and communication aggression of Russia. A definition of Ruschism is formulated as an ideology supporting aggressive actions of modern Russia against the Euro-Atlantic community. Stages of the hybrid war Russia is leading against Ukraine are described, including the elements of subversive activity of the special services, the activation of the military phase and the gradual shift of the focus of confrontation to the realm of information and communication technologies. We reveal an emergence of a threat for democratic states resulting from the destabilizing impact of a target state’s mass media and social networks being exploited by Russian secret services under freedom-of-speech disguise. Thus, we underline the vulnerability of cyber- and information security of the network society in regard of hybrid war. We propose to define the latter a synergetic war. Our analysis is supported with a long-term qualitative monitoring of representation of top state officials on popular TV channels and Facebook. From the memetics point of view, we have detected a destructive psycho-information technology used by the Kremlin, a kind of information catastrophe, the essence of which is explained in detail. In the conclusion, a comprehensive plan for information protection of the public consciousness and mentality of Euro-Atlantic citizens from the aggression of the enemy is proposed.

Keywords: cyber and information security, hybrid war, psycho-information technology, synergetic war, Ruschism

Procedia PDF Downloads 104

Authors: Amani A. Saad, Ahmed A. El-Farag, El-Sayed A. Helali

Abstract:

Cloud computing is an important and promising field in the recent decade. Cloud computing allows sharing resources, services and information among the people of the whole world. Although the advantages of using clouds are great, but there are many risks in a cloud. The data security is the most important and critical problem of cloud computing. In this research a new security model for cloud computing is proposed for ensuring secure communication system, hiding information from other users and saving the user's times. In this proposed model Blowfish encryption algorithm is used for exchanging information or data, and SHA-2 cryptographic hash algorithm is used for data integrity. For user authentication process a simple user-name and password is used, the password uses SHA-2 for one way encryption. The proposed system shows an improvement of the processing time of uploading and downloading files on the cloud in secure form.

Keywords: cloud computing, data security, SAAS, PAAS, IAAS, Blowfish

Procedia PDF Downloads 324

Authors: Rossouw De Bruin, Sebastiaan H. Von Solms

Abstract:

The state of national security is an evolving concern. Companies, organizations, governments, states and individuals are aware of the security of their information and their assets however, they may not always be aware of the risks present. These risks are not only limited to non-existence of security procedures. Existing security can be severely flawed, especially if there is non-conformance towards policies, practices and procedures. When looking at humanitarian actions, we can easily identify these flaws. Unfortunately, humanitarian aid has to compete with factors from within the states, countries and continents they are working in. Furthermore, as technology improves, so does our connectivity to the internet and the way in which we use the internet. However, there are times when security is overlooked and humanitarian agencies are some of the agencies that do not always take security into consideration. The purpose of this paper will be to introduce the importance of cybersecurity and cybersecurity governance with respect to humanitarian work. We will also introduce and briefly discuss a model that can be used by humanitarian agencies to assess, manage and maintain their cybersecurity efforts.

Keywords: humanities, cybersecurity, cybersecurity governance, maturity, cybersecurity maturity, maturity model

Procedia PDF Downloads 237

Authors: Arash Heydarian Pashakhanlou

Abstract:

The security dilemma is one of the key concepts in International Relations (IR), and the numerous engagements with it have created a great deal of confusion regarding its essence. That is why this article seeks to dissect the security dilemma and rebuild it from its foundational core. In doing so, the present study highlights that the security dilemma requires interaction among actors that seek to protect themselves from other's capacity for harm under the condition of uncertainty to operate. In this constellation, actors are confronted with the dilemma of motives, power, and action, which they seek to resolve by acquiring information regarding their opponents. The relationship between the parties is shaped by the harm-uncertainty index (HUI) consisting of geographical distance, MAD, and joint democracy that determines the intensity of the security dilemma. These elements define the unified theory of the security dilemma (UTSD) developed here. UTSD challenges the prevailing view that the security dilemma is a unidimensional paradoxical concept, regulated by the offense-defense balance and differentiation that only occurs in anarchic settings with tragic outcomes and is equivalent to the spiral model.

Keywords: security dilemma, revisionism, status quo, anarchy, uncertainty, tragedy, spiral, deterrence

Procedia PDF Downloads 204

Authors: Loh Fu Quan, Fong Zi Heng, Burra Venkata Durga Kumar

Abstract:

Cloud computing has completely transformed the way many businesses operate. Traditionally, confidential data of a business is stored in computers located within the premise of the business. Therefore, a lot of business capital is put towards maintaining computing resources and hiring IT teams to manage them. The advent of cloud computing changes everything. Instead of purchasing and managing their infrastructure, many businesses have started to shift towards working with the cloud with the help of a cloud service provider (CSP), leading to cost savings. However, it also introduces security risks. This research paper focuses on the security risks that arise during data migration and user authentication in cloud computing. To overcome this problem, this paper provides a comprehensive framework that includes Transport Layer Security (TLS), user authentication, security tokens and multi-level data encryption. This framework aims to prevent authorized access to cloud resources and data leakage, ensuring the confidentiality of sensitive information. This framework can be used by cloud service providers to strengthen the security of their cloud and instil confidence in their users.

Keywords: Cloud computing, Cloud security, Cloud security issues, Cloud security framework

Procedia PDF Downloads 75

Authors: Adriano Bessa Albuquerque, Francisco Jose Barreto Nunes

Abstract:

Software vulnerabilities are increasing and not only impact services and processes availability as well as information confidentiality, integrity and privacy, but also cause changes that interfere in the development process. Security test could be a solution to reduce vulnerabilities. However, the variety of test techniques with the lack of real case studies of applying tests focusing on software development life cycle compromise its effective use. This paper offers an overview of how a Systematic Mapping Study (MS) about security verification, validation and test (VVT) was performed, besides presenting general results about this study.

Keywords: software test, software security verification validation and test, security test institutionalization, systematic mapping study

Procedia PDF Downloads 360

Authors: Saleh Alumaran, Giampaolo Bella, Feng Chen

Abstract:

The study of organisations’ information security cultures has attracted scholars as well as healthcare services industry to research the topic and find appropriate tools and approaches to develop a positive culture. The vast majority of studies in Saudi national health services are on the use of technology to protect and secure health services information. On the other hand, there is a lack of research on the role and impact of an organisation’s cultural dimensions on information security. This research investigated and analysed the role and impact of cultural dimensions on information security in Saudi Arabia health service. Hypotheses were tested and two surveys were carried out in order to collect data and information from three major hospitals in Saudi Arabia (SA). The first survey identified the main cultural-dimension problems in SA health services and developed an initial information security culture framework model. The second survey evaluated and tested the developed framework model to test its usefulness, reliability and applicability. The model is based on human behaviour theory, where the individual’s attitude is the key element of the individual’s intention to behave as well as of his or her actual behaviour. The research identified six cultural dimensions: Saudi national culture, Saudi health service leadership, employees’ trust, technology, multicultural interactions and employees’ job roles. The research also identified a set of cultural sub-dimensions. These include working values and norms, tribe values and norms, attitudes towards women, power sharing, vision, social interaction, respect and understanding, hospital intra-net, hospital employees’ language(s) used, multi-national culture, communication system, employees’ job satisfaction and job security. The research identified that (a) the human behaviour towards medical information in SA is one of the main threats to information security and one of the main challenges to SA health authority, (b) The current situation of SA hospitals’ IS cultures is falling short in protecting medical information due to the current value and norms towards information security, (c) Saudi national culture and employees’ job role are the main dimensions playing major roles in the employees’ attitude, and technology is the least important dimension playing a role in the employees’ attitudes.

Keywords: cultural dimension, electronic health record, information security, privacy

Procedia PDF Downloads 329

Authors: Dimitris Balios, Stefanos Tantos

Abstract:

Economic growth and social evolution are connected to trust relationships in a society. The quality of the accounting information, the tax information system and the tax audit mechanism evolve multiple benefits in an economy. Tax evasion, the illegal practice where people and companies do not pay taxes, is a crime because of the negative effect in economy and society. In this paper, we describe a theoretical framework on the characteristics of a fair and efficient tax auditing information system which could be a tool against tax evasion, a tool for an economy to grow, especially in countries that face fluctuations in economic activity. We conclude that a fair and efficient tax auditing information system increases the reliability of tax administration, improves taxpayers’ tax compliance and causes a developmental trajectory for the economy.

Keywords: auditing information system, auditing mechanism, tax evasion, taxation

Procedia PDF Downloads 126

Authors: Ari S. Prabowo, Nia Febriyanti, Haryono B. Santosa

Abstract:

Security function that is called as Physical Protection Systems (PPS) has functions to detect, delay and response. Physical Protection Systems (PPS) in Detection and Radiation Measurement Laboratory needs to be improved continually by using internal resources. The nuclear security culture provides some potentials to support this research. The study starts by identifying the security function’s weaknesses and its strengths of security culture as a purpose. Secondly, the strengths of security culture are implemented in the laboratory management. Finally, a simulation was done to measure its effectiveness. Some changes were happened in laboratory personnel behaviors and procedures. All became more prudent. The results showed a good influence of nuclear security culture in laboratory security functions.

Keywords: laboratory, physical protection system, security culture, security function

Procedia PDF Downloads 148

Authors: Kim Lytle, Tim Talty, Alan Michaels, Jeff Reed

Abstract:

Implantable medical devices (IMDs) are medically necessary devices embedded in the human body that monitor chronic disorders or automatically deliver therapies. Most IMDs have wireless capabilities that allow them to share data with an offboard programming device to help medical providers monitor the patient’s health while giving the patient more insight into their condition. However, serious security concerns have arisen as researchers demonstrated these devices could be hacked to obtain sensitive information or harm the patient. Cooperative jamming can be used to prevent privileged information leaks by maintaining an adequate signal-to-noise ratio at the intended receiver while minimizing signal power elsewhere. This paper uses ray tracing to demonstrate how a low number of friendly nodes abiding by Bluetooth Low Energy (BLE) transmission regulations can enhance IMD communication security in an office environment, which in turn may inform how companies and individuals can protect their proprietary and personal information.

Keywords: implantable biomedical devices, communication system security, array signal processing, ray tracing

Procedia PDF Downloads 72

Authors: Richa Sinha, Mohammad Irfan Javed, Sanjay Singh

Abstract:

Introduction: Good antimicrobial prescribing reduces length of stay in hospital, risk of adverse events, antimicrobial resistance, and unnecessary hospital expenditure. The aim of this prospective audit was to identify any problems with antimicrobial prescribing including documentation of the relevant aspects as well as appropriateness of antibiotics use. The audit was conducted on the surgical wards in a teaching hospital in the UK. Methods: Standards included the indication, duration, choice, and prescription of antibiotic should be in line with current Regional Guidelines and should be clearly documented on the prescription chart. There should be an entry in each patients’ medical record of the diagnosis and indication for each acute antibiotic prescription issued. All prescriptions should clearly document the route, frequency and dose of antibiotic. Data collection was done for 2 weeks in the month of March 2014. A proforma including all the questions above was completed for all the patients. The results were analysed using Excel. Results: 35 patients in total were selected for the audit. 85.7% of patients had indication of antibiotic documented on the prescription chart and 68.5% of patients had indication documented in the notes. The antibiotic used was in line with hospital guidelines in 45.7% of patients, however, in a further 28.5% of patients the reason for the antibiotic prescription was microbiology approved. Therefore, in total 74.2% of patients had been prescribed appropriate antibiotics. The duration of antibiotic was documented in 68.6% of patients and the antibiotic was reviewed in 37.1% of patients. The dose, frequency and route was documented clearly in 100% of patients. Conclusion: Overall, prescribing can be improved on the surgical wards in this hospital. Only 37.1% of patients had clear documentation of a review of antibiotics. It may be that antibiotics have been reviewed but this should be clearly highlighted on the prescription chart or the notes. Failure to review antibiotics can lead to poor patient care and antimicrobial resistance and therefore it is important to address this. It is also important to address the appropriateness of antibiotics as inappropriate antibiotic prescription can lead to failure of treatment as well as antimicrobial resistance. The good points from the audit was that all patients had clear documentation of dose, route and frequency which is extremely important in the administration of antibiotics. Recommendations from this audit included to emphasize good antimicrobial prescribing at induction (twice yearly), an antimicrobial handbook for junior doctors, and re-audit in 6 months time.

Keywords: prescribing, antimicrobial, indication, duration

Procedia PDF Downloads 275

Authors: Amir Ali Fatoorchi

Abstract:

Regardless of the advantage of LoT devices, they have limitations like storage, compute, and security problems. In recent years, a lot of Blockchain-based research in IoT published and presented. In this paper, we present the Security issues of LoT. IoT has three levels of security issues: Low-level, Intermediate-level, and High-level. We survey and compare blockchain-based solutions for high-level security issues and show how the underlying technology of bitcoin and Ethereum could solve IoT problems.

Keywords: Blockchain, security, data security, IoT

Procedia PDF Downloads 180

Authors: Mohammad Hadi Khorashadi Zadeh

Abstract:

Many new applications and internet services have been emerged since the innovation of mobile networks and devices. However, these applications have problems of security, management, and performance in business environments. Cloud systems provide information transfer, management facilities, and security for virtual environments. Therefore, an innovative internet service and a business model are proposed in the present study for creating a secure and consolidated environment for managing the mobile information of organizations based on cloud virtual phones (CVP) infrastructures. Using this method, users can run Android and web applications in the cloud which enhance performance by connecting to other CVP users and increases privacy. It is possible to combine the CVP with distributed protocols and central control which mimics the behavior of human societies. This mix helps in dealing with sensitive data in mobile devices and facilitates data management with less application overhead.

Keywords: BYOD, mobile cloud computing, mobile security, information management

Procedia PDF Downloads 279

Authors: Mansur Lubabah Kwanbo

Abstract:

Existing literatures have demonstrated the importance of executive duality (ED) and audit committee (AC) in the financial growth of companies. To some extent this points to corporate governance mechanism aiming at addressing makers and implementers of company policies to be centered on promoting only company objectives. However, furthering organizational objectives needs an adequate structure of control to realize that. Recent development in the various industries in Nigeria have indicated the internal control system (ICS)has not been able to adequately address most of the activities that results in ills of sustaining growth for these industries. It is from this premise the study has as one of its objective to determine the extent to which ICS significantly relates to ED and AC in listed Nigerian corporation. Data were sourced from 308 financial statements and accounts of the corporations that made the sample of the study. Logistic regression aided the test of the hypothesis formulated for the study. Findings revealed a significant relationship between the study variables. The study concludes that the internal control system (ICS) is effective despite the bifurcation of executive duality (ED) and the presence of the Audit Committee (AC) to the extent of preventing ills that encourage lack of sustainability of company’s growth. Sustaining legitimate policies that translate into huge earnings, and create value to stake holders should be pursued.

Keywords: audit committee (AC), executive duality (ED), internal control system (ICS), Nigeria

Procedia PDF Downloads 262

Authors: M. Sandhya, R. M. Madhumitha, Sharmila Sankar

Abstract:

Interoperable medical devices (IMDs) face threats due to the increased attack surface accessible by interoperability and the corresponding infrastructure. Initiating networking and coordination functionalities primarily modify medical systems' security properties. Understanding the threats is a vital first step in ultimately crafting security solutions for such systems. The key to this problem is coming up with some common types of threats or attacks with those of security and privacy, and providing this information as a roadmap. This paper analyses the security issues in interoperability of devices and presents the main types of threats that have to be considered to build a secured system.

Keywords: interoperability, threats, attacks, medical devices

Procedia PDF Downloads 304

Authors: Ahmadu Girgiri, Lawan Gana Ali, Mamman M. Baba

Abstract:

Environmental security clearly articulates the perfections and developments of various communities around the world irrespective of the region, culture, religion or social inclination. Although, the present state of insecurity has become serious issue devastating the peace, unity, stability and progress of man and his physical environment particularly in developing countries. Recently, measure of security and it management in Nigeria has been a bottle-neck to the effectiveness and advancement of various sectors that include; business, education, social relations, politics and above all an economy. Several measures have been considered on mitigating environment insecurity such as surveillance, demarcation, security personnel empowerment and the likes, but still the issue remains disturbing. In this paper, we present the application of new technology that contributes to the improvement of security surveillance known as “Wireless Sensor Network (WSN)”. The system is new, smart and emerging technology that provides monitoring, detection and aggregation of information using sensor nodes and wireless network. WSN detects, monitors and stores information or activities in the deployed area such as schools, environment, business centers, public squares, industries, and outskirts and transmit to end users. This will reduce the cost of security funding and eases security surveillance depending on the nature and the requirement of the deployment.

Keywords: application, environment, insecurity, sensor, wireless sensor network

Procedia PDF Downloads 219

Authors: Okike Benjamin, Garba Ejd

Abstract:

Today, it has been observed security of information along the superhighway is often compromised by those who are not authorized to have access to such information. In order to ensure the security of information along the superhighway, such information should be encrypted by some means to conceal the real meaning of the information. There are many encryption techniques out there in the market. However, some of these encryption techniques are often easily decrypted by adversaries. The researcher has decided to develop an encryption technique that may be more difficult to decrypt. This may be achieved by splitting the message to be encrypted into parts and encrypting each part separately and swapping the positions before transmitting the message along the superhighway. The method is termed Merged Irregular Transposition Cipher. Also, the research would determine the complexity level in respect to the number of splits of the message.

Keywords: transposition cipher, merged irregular cipher, encryption, complexity level

Procedia PDF Downloads 318

Authors: Isa Raquel Alves Soeiro, Cristina Isabel Branco de Sá

Abstract:

In Portugal, since 2008, there has been a requirement to export the Standard Audit File for Tax Purposes (SAF-T) standard file (in XML format). This file thus gathers tax-relevant information from a company relating to a specific period of taxation. There are two types of SAF-T files that serve different purposes: the SAF-T of revenues and the SAF-T of accounting, which requires taxpayers and accounting firms to invest in order to adapt the accounting programs to the legal requirements. The implementation of the SAF-T accounting file aims to facilitate the collection of relevant tax data by tax inspectors as support of taxpayers' tax returns for the analysis of accounting records or other information with tax relevance (Portaria No. 321-A/2007 of March 26 and Portaria No. 302/2016 of December 2). The main objective of this research project is to verify, through quantitative analysis, what is the cost of compliance of Small and Medium Enterprises (SME) in the district of Leiria in the introduction and implementation of the tax obligation of SAF-T - Standard Audit File for Tax Purposes of accounting. The information was collected through a questionnaire sent to a population of companies selected through the SABI Bureau Van Dijk database in 2020. Based on the responses obtained to the questionnaire, the companies were divided into two groups: Group 1 -companies who are self-employed and whose main activity is accounting services; and Group 2 -companies that do not belong to the accounting sector. In general terms, the conclusion is that there are no statistically significant differences in the costs of complying with the accounting SAF-T between the companies in Group 1 and Group 2 and that, on average, the internal costs of both groups represent the largest component of the total cost of compliance with the accounting SAF-T. The results obtained show that, in both groups, the total costs of complying with the SAF-T of accounting are regressive, which appears to be similar to international studies, although these are related to different tax obligations. Additionally, we verified that the variables volume of business, software used, number of employees, and legal form explain the differences in the costs of complying with accounting SAF-T in the Leiria district SME.

Keywords: compliance costs, SAF-T accounting, SME, Portugal

Procedia PDF Downloads 53