Search results for: information security incident management

Authors: Ranbir Singh, Deepinder Kaur

Abstract:

Network security is an important aspect in every field like government offices, Educational Institute and any business organization. Network security consists of the policies adopted to prevent and monitor forbidden access, misuse, modification, or denial of a computer network. Network security is very complicated subject and deal by only well trained and experienced people. However, as more and more people become wired, an increasing number of people need to understand the basics of security in a networked world. The history of the network security included an introduction to the TCP/IP and interworking. Network security starts with authenticating, commonly with a username and a password. In this paper, we study about various types of attacks on network security and how to handle or prevent this attack.

Keywords: network security, attacks, denial, authenticating

Procedia PDF Downloads 365

Authors: El Miloudi Djelloul

Abstract:

Based on analysis on applications by perception control technology in computer network security status and security protection measures, from the angles of network physical environment and network software system environmental security, this paper provides network security system perception control solution using Internet of Things (IOT), telecom and other perception technologies. Security Perception Control System is in the computer network environment, utilizing Radio Frequency Identification (RFID) of IOT and telecom integration technology to carry out integration design for systems. In the network physical security environment, RFID temperature, humidity, gas and perception technologies are used to do surveillance on environmental data, dynamic perception technology is used for network system security environment, user-defined security parameters, security log are used for quick data analysis, extends control on I/O interface, by development of API and AT command, Computer Network Security Perception Control based on Internet and GSM/GPRS is achieved, which enables users to carry out interactive perception and control for network security environment by WEB, E-MAIL as well as PDA, mobile phone short message and Internet. In the system testing, through middle ware server, security information data perception in real time with deviation of 3-5% was achieved; it proves the feasibility of Computer Network Security Perception Control System.

Keywords: computer network, perception control system security strategy, Radio Frequency Identification (RFID)

Procedia PDF Downloads 408

Authors: Sanjeev Kumar Appicharla

Abstract:

This paper presents the results of the modelling and analysis of the European Railway Traffic Management (ERTMS) safety-critical incident to raise awareness of biases in the systems engineering process on the Cambrian Railway in the UK using the RAIB 17/2019 as a primary input. The RAIB, the UK independent accident investigator, published the Report- RAIB 17/2019 giving the details of their investigation of the focal event in the form of immediate cause, causal factors, and underlying factors and recommendations to prevent a repeat of the safety-critical incident on the Cambrian Line. The Systems for Investigation of Railway Interfaces (SIRI) is the methodology used to model and analyze the safety-critical incident. The SIRI methodology uses the Swiss Cheese Model to model the incident and identify latent failure conditions (potentially less than adequate conditions) by means of the management oversight and risk tree technique. The benefits of the systems for investigation of railway interfaces methodology (SIRI) are threefold: first is that it incorporates the “Heuristics and Biases” approach advanced by 2002 Nobel laureate in Economic Sciences, Prof Daniel Kahneman, in the management oversight and risk tree technique to identify systematic errors. Civil engineering and programme management railway professionals are aware of the role “optimism bias” plays in programme cost overruns and are aware of bow tie (fault and event tree) model-based safety risk modelling techniques. However, the role of systematic errors due to “Heuristics and Biases” is not appreciated as yet. This overcomes the problems of omission of human and organizational factors from accident analysis. Second, the scope of the investigation includes all levels of the socio-technical system, including government, regulatory, railway safety bodies, duty holders, signaling firms and transport planners, and front-line staff such that lessons are learned at the decision making and implementation level as well. Third, the author’s past accident case studies are supplemented with research pieces of evidence drawn from the practitioner's and academic researchers’ publications as well. This is to discuss the role of system thinking to improve the decision-making and risk management processes and practices in the IEC 15288 systems engineering standard and in the industrial context such as the GB railways and artificial intelligence (AI) contexts as well.

Keywords: accident analysis, AI algorithm internal audit, bounded rationality, Byzantine failures, heuristics and biases approach

Procedia PDF Downloads 158

Authors: Souhir Chelly, Asma Ben Cheikh, Hela Ghali, Salwa Khefacha, Lamine Dhidah, Mohamed Ben Rejeb, Houyem Said Latiri

Abstract:

The hospital risk management department is firstly involved in the methodological analysis of grade zero sterilization incidents. The system is based on a subsequent analysis process in compliance with the ongoing requirements of the Haute Autorité de santé (HAS) for a reactive approach to risk, allowing to identify failures and start the appropriate preventive and corrective measures. The use of the association of litigation and risk management (ALARM) method makes easier the grade zero analysis and brings to light the team or institutional, organizational, temporal, individual factors representative of undesirable effects. Two main factors come out again from this analysis, pre-disinfection step of the emergency block unsupervised instrumentalist intern was poorly done since she did not remove the battery from micro air motor. At the sterilization unit, the worker who was not supervised by the nurse did the conditioning of the motor without having checked it if it still contained the battery. The main cause is that the management of human resources was inadequate at both levels, the instrumental trainee in the block who was not supervised by his supervisor and the worker of the sterilization unit who was not supervised by the responsible nurse. There is a lack of research help, advice, and collaboration. The difficulties encountered during this type of analysis are multiple. The first is based on its necessary acceptance by the various actors of care involved, which should not perceive it as a tool leading to individual punishment, but rather as a means to improve their practices.

Keywords: ALARM (Association of Litigation and Risk Management Method), incident, risk management, sterilization

Procedia PDF Downloads 188

Authors: Amani A. Saad, Ahmed A. El-Farag, El-Sayed A. Helali

Abstract:

Cloud computing is an important and promising field in the recent decade. Cloud computing allows sharing resources, services and information among the people of the whole world. Although the advantages of using clouds are great, but there are many risks in a cloud. The data security is the most important and critical problem of cloud computing. In this research a new security model for cloud computing is proposed for ensuring secure communication system, hiding information from other users and saving the user's times. In this proposed model Blowfish encryption algorithm is used for exchanging information or data, and SHA-2 cryptographic hash algorithm is used for data integrity. For user authentication process a user-name and password is used, the password uses SHA-2 for one way encryption. The proposed system shows an improvement of the processing time of uploading and downloading files on the cloud in secure form.

Keywords: cloud Ccomputing, data security, SAAS, PAAS, IAAS, Blowfish

Procedia PDF Downloads 445

Authors: Badri Gechbaia

Abstract:

Adaptive management as a fundamental element of the concept of the assurance of economy`s sustainability to the economic security of the system-synergetic type has been considered. It has been proved that the adaptive sustainable development is a transitional phase from the extensive one and later on from the rapid growth to the sustainable development. It has been determined that the adaptive system of the strategic assurance of the sustainability of the economy to the economic security threats is formed on the principles of the domination in its complex of the subsystems with weightier adaptive characteristics that negate the destructive influence of external and internal environmental factors on the sustainability of the national economy.

Keywords: adaptive management, adaptive properties, economic security, strategic assurance

Procedia PDF Downloads 461

Authors: Da Eun Sung

Abstract:

In today’s world, cyber security has become an important international agenda. As the information age has arrived, the need for cyber defense against cyber attacks is mounting, and the significance of cyber cooperation in the international community is drawing attention. Through the course, international society has agreed that the institutionalization of international norms dealing with cyber space and cyber security is crucial ever. Nevertheless, the West, led by the United States of America, and 'the East', composed of Russia and China, have shown conflicting views on forming international norms and principles which would regulate and ward off the possible threats in cyber space. Thus, the international community hasn’t yet to reach an agreement on cyber security. In other words, the difference between both sides on the approach and understanding of principles, objects, and the definition has rendered such. Firstly, this dissertation will cover the Russia’s perception, strategy, and definition on cyber security through analyzing primary source. Then, it will delve into the two contrasting cyber security strategy between Russia and the US by comparing them. And in the conclusion, it will seek the possible solution for the cooperation in the field of cyber security. It is quite worthwhile to look into Russia’s views, which is the main counterpart to the US in this field, especially when the efforts to institutionalize cyber security by the US-led international community have met with their boundaries, and when the legitimacy of them have been challenged.

Keywords: cyber security, cyber security strategic, international relation in cyberspace, Russia

Procedia PDF Downloads 270

Authors: Amirhossein Safi

Abstract:

Internet of things (IOT) is a kind of advanced information technology which has drawn societies’ attention. Sensors and stimulators are usually recognized as smart devices of our environment. Simultaneously, IOT security brings up new issues. Internet connection and possibility of interaction with smart devices cause those devices to involve more in human life. Therefore, safety is a fundamental requirement in designing IOT. IOT has three remarkable features: overall perception, reliable transmission, and intelligent processing. Because of IOT span, security of conveying data is an essential factor for system security. Hybrid encryption technique is a new model that can be used in IOT. This type of encryption generates strong security and low computation. In this paper, we have proposed a hybrid encryption algorithm which has been conducted in order to reduce safety risks and enhancing encryption's speed and less computational complexity. The purpose of this hybrid algorithm is information integrity, confidentiality, non-repudiation in data exchange for IOT. Eventually, the suggested encryption algorithm has been simulated by MATLAB software, and its speed and safety efficiency were evaluated in comparison with conventional encryption algorithm.

Keywords: internet of things, security, hybrid algorithm, privacy

Procedia PDF Downloads 423

Authors: Umesh Kumar Singh, Chanchala Joshi

Abstract:

With increasing dependency on IT infrastructure, the main objective of a system administrator is to maintain a stable and secure network, with ensuring that the network is robust enough against malicious network users like attackers and intruders. Security risk management provides a way to manage the growing threats to infrastructures or system. This paper proposes a framework for risk level estimation which uses vulnerability database National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS). The proposed framework measures the frequency of vulnerability exploitation; converges this measured frequency with standard CVSS score and estimates the security risk level which helps in automated and reasonable security management. In this paper equation for the Temporal score calculation with respect to availability of remediation plan is derived and further, frequency of exploitation is calculated with determined temporal score. The frequency of exploitation along with CVSS score is used to calculate the security risk level of the system. The proposed framework uses the CVSS vectors for risk level estimation and measures the security level of specific network environment, which assists system administrator for assessment of security risks and making decision related to mitigation of security risks.

Keywords: CVSS score, risk level, security measurement, vulnerability category

Procedia PDF Downloads 293

Authors: Kenny Onayemi

Abstract:

In an era where academic institutions increasingly rely on information technology, the security of academic networks has emerged as a paramount concern. This comprehensive study delves into the effectiveness of security practices, including network mapping, vulnerability scanning, and penetration testing, within academic networks. Leveraging data from surveys administered to faculty, staff, IT professionals and IT students in the university, the study assesses their familiarity with these practices, perceived effectiveness, and frequency of implementation. The findings reveal that a significant portion of respondents exhibit a strong understanding of network mapping, vulnerability scanning, and penetration testing, highlighting the presence of knowledgeable professionals within academic institutions. Additionally, active scanning using network scanning tools and automated vulnerability scanning tools emerge as highly effective methods. However, concerns arise as the respondents show that the academic institutions conduct these practices rarely or never. Notably, many respondents have reported significant vulnerabilities or security incidents through these security measures within their institution. This study concludes with recommendations to enhance network security awareness and practices among faculty, staff, IT personnel, and students, ultimately fortifying the security posture of academic networks in the digital age.

Keywords: network security, academic networks, vulnerability scanning, penetration testing, information security

Procedia PDF Downloads 14

Authors: Jenan Abu Qadourah

Abstract:

The suitable surface areas for the ST and PV installation are determined based on incident solar irradiation on different surfaces, shading analysis and suitable architectural area for integration considering limitations due to the constructions, available surfaces area and use of the available surfaces for other purposes. The incident solar radiation on the building surfaces and the building solar exposure analysis of the location of Amman, Jordan, is performed with Autodesk Ecotect analysis 2011 simulation software. The building model geometry within the typical urban context is created in “SketchUp,” which is then imported into Ecotect. The hourly climatic data of Amman, Jordan selected are the same ones used for the building simulation in IDA ICE and Polysun simulation software.

Keywords: photovoltaic, solar thermal, solar incident, simulation, building façade, solar potential

Procedia PDF Downloads 100

Authors: Mardiyansyah Mardiyansyah, Hendrik Maulana, Eka Kurnia Sari, Imam Baehaki, Mohammad Agus Prihandono

Abstract:

Mobile device has become a key feature in Indonesian society and the economy, including government and private sector. Enterprises and government agencies already have a concern about mobile device security. However, small and medium enterprises (SME) do not have that sense yet, especially the new startups company. Indonesia has several laws, regulations, and standards for managing security in mobile devices. Currently, Indonesian information security policies have not been harmonized, each government organization and large enterprise has its own rules and policies. It leads to a conflict of interest among government agencies. This will certainly cause ineffectiveness in the implementation of policies. Therefore, an analysis of various government policies, regulations, and standards related to information security, especially on mobile devices, is carried out. This analysis is conducted to map the existing regulatory policies and standards into practical guidelines regarding NIST's information security to show the effectiveness of NIST SP 1800-4 towards existing policies. This work focused on the mapping of the NIST SP 1800-4 framework towards existing regulations, standards, and guidelines in Indonesia. The research approach is literature study to identify existing regulations, standards, and guidelines then the regulation mapped into the NIST SP 1800-4 framework and analyzed whether the framework could be applied to the organization in Indonesia. Finally, the finding and recommendations by documenting the security characteristics can be concluded. Based on the research finding, some of the regulations, standards, and guidelines in Indonesia are relevant to the elements in the NIST SP 1800-4 framework. From mapping analysis, the strength and weakness of mobile device security in Indonesia can be reported. It also can be concluded that the application of NIST SP 1800-4 can improve the effectiveness of mobile device security policies in Indonesia.

Keywords: mobile security, mobile security framework, NIST SP 1800-4, regulations

Procedia PDF Downloads 117

Authors: Kang Huang, Wanting Zhou, Shiwei Yuan, Lei Li

Abstract:

Since information technology develops rapidly, the security issue has become an increasingly critical for computer system. In particular, as cloud computing and the Internet of Things (IoT) continue to gain widespread adoption, computer systems need to new security threats and attacks. The Root of Trust (RoT) is the foundation for providing basic trusted computing, which is used to verify the security and trustworthiness of other components. Design a reliable Root of Trust and guarantee its own security are essential for improving the overall security and credibility of computer systems. In this paper, we discuss the implementation of self-security technology based on the RISC-V Root of Trust at the hardware level. To effectively safeguard the security of the Root of Trust, researches on security safeguard technology on the Root of Trust have been studied. At first, a lightweight and secure boot framework is proposed as a secure mechanism. Secondly, two kinds of memory protection mechanism are built to against memory attacks. Moreover, hardware implementation of proposed method has been also investigated. A series of experiments and tests have been carried on to verify to effectiveness of the proposed method. The experimental results demonstrated that the proposed approach is effective in verifying the integrity of the Root of Trust’s own boot rom, user instructions, and data, ensuring authenticity and enabling the secure boot of the Root of Trust’s own system. Additionally, our approach provides memory protection against certain types of memory attacks, such as cache leaks and tampering, and ensures the security of root-of-trust sensitive information, including keys.

Keywords: root of trust, secure boot, memory protection, hardware security

Procedia PDF Downloads 138

Authors: Alexander G. Yushchenko

Abstract:

From a multi-science point of view, we analyze threats to security resulting from globalization of international information space and information and communication aggression of Russia. A definition of Ruschism is formulated as an ideology supporting aggressive actions of modern Russia against the Euro-Atlantic community. Stages of the hybrid war Russia is leading against Ukraine are described, including the elements of subversive activity of the special services, the activation of the military phase and the gradual shift of the focus of confrontation to the realm of information and communication technologies. We reveal an emergence of a threat for democratic states resulting from the destabilizing impact of a target state’s mass media and social networks being exploited by Russian secret services under freedom-of-speech disguise. Thus, we underline the vulnerability of cyber- and information security of the network society in regard of hybrid war. We propose to define the latter a synergetic war. Our analysis is supported with a long-term qualitative monitoring of representation of top state officials on popular TV channels and Facebook. From the memetics point of view, we have detected a destructive psycho-information technology used by the Kremlin, a kind of information catastrophe, the essence of which is explained in detail. In the conclusion, a comprehensive plan for information protection of the public consciousness and mentality of Euro-Atlantic citizens from the aggression of the enemy is proposed.

Keywords: cyber and information security, hybrid war, psycho-information technology, synergetic war, Ruschism

Procedia PDF Downloads 99

Authors: Amani A. Saad, Ahmed A. El-Farag, El-Sayed A. Helali

Abstract:

Cloud computing is an important and promising field in the recent decade. Cloud computing allows sharing resources, services and information among the people of the whole world. Although the advantages of using clouds are great, but there are many risks in a cloud. The data security is the most important and critical problem of cloud computing. In this research a new security model for cloud computing is proposed for ensuring secure communication system, hiding information from other users and saving the user's times. In this proposed model Blowfish encryption algorithm is used for exchanging information or data, and SHA-2 cryptographic hash algorithm is used for data integrity. For user authentication process a simple user-name and password is used, the password uses SHA-2 for one way encryption. The proposed system shows an improvement of the processing time of uploading and downloading files on the cloud in secure form.

Keywords: cloud computing, data security, SAAS, PAAS, IAAS, Blowfish

Procedia PDF Downloads 317

Authors: Szilvia Vincze, Zoltán Bács

Abstract:

It has become increasingly important for institutions of higher education as well to use available resources as effectively as possible for the implementation of the institution’s strategic plans and, at the same time, to ensure a stable future. This is the responsibility of the management and administration of the institution. Having access to complete and comprehensive information is indispensable for making dynamic and well-founded decisions that consider the realization of objectives to be primary and that manage possibly emerging risks, etc. The present paper introduces the role of Management Information Systems (MIS) at the University of Debrecen, one of the largest institutions of higher education in Hungary, and also discusses the utilization of this and associated information systems in management functions.

Keywords: management information system (MIS), higher education, Hungary, strategy formulation

Procedia PDF Downloads 465

Authors: Rossouw De Bruin, Sebastiaan H. Von Solms

Abstract:

The state of national security is an evolving concern. Companies, organizations, governments, states and individuals are aware of the security of their information and their assets however, they may not always be aware of the risks present. These risks are not only limited to non-existence of security procedures. Existing security can be severely flawed, especially if there is non-conformance towards policies, practices and procedures. When looking at humanitarian actions, we can easily identify these flaws. Unfortunately, humanitarian aid has to compete with factors from within the states, countries and continents they are working in. Furthermore, as technology improves, so does our connectivity to the internet and the way in which we use the internet. However, there are times when security is overlooked and humanitarian agencies are some of the agencies that do not always take security into consideration. The purpose of this paper will be to introduce the importance of cybersecurity and cybersecurity governance with respect to humanitarian work. We will also introduce and briefly discuss a model that can be used by humanitarian agencies to assess, manage and maintain their cybersecurity efforts.

Keywords: humanities, cybersecurity, cybersecurity governance, maturity, cybersecurity maturity, maturity model

Procedia PDF Downloads 230

Authors: Arash Heydarian Pashakhanlou

Abstract:

The security dilemma is one of the key concepts in International Relations (IR), and the numerous engagements with it have created a great deal of confusion regarding its essence. That is why this article seeks to dissect the security dilemma and rebuild it from its foundational core. In doing so, the present study highlights that the security dilemma requires interaction among actors that seek to protect themselves from other's capacity for harm under the condition of uncertainty to operate. In this constellation, actors are confronted with the dilemma of motives, power, and action, which they seek to resolve by acquiring information regarding their opponents. The relationship between the parties is shaped by the harm-uncertainty index (HUI) consisting of geographical distance, MAD, and joint democracy that determines the intensity of the security dilemma. These elements define the unified theory of the security dilemma (UTSD) developed here. UTSD challenges the prevailing view that the security dilemma is a unidimensional paradoxical concept, regulated by the offense-defense balance and differentiation that only occurs in anarchic settings with tragic outcomes and is equivalent to the spiral model.

Keywords: security dilemma, revisionism, status quo, anarchy, uncertainty, tragedy, spiral, deterrence

Procedia PDF Downloads 197

Authors: Loh Fu Quan, Fong Zi Heng, Burra Venkata Durga Kumar

Abstract:

Cloud computing has completely transformed the way many businesses operate. Traditionally, confidential data of a business is stored in computers located within the premise of the business. Therefore, a lot of business capital is put towards maintaining computing resources and hiring IT teams to manage them. The advent of cloud computing changes everything. Instead of purchasing and managing their infrastructure, many businesses have started to shift towards working with the cloud with the help of a cloud service provider (CSP), leading to cost savings. However, it also introduces security risks. This research paper focuses on the security risks that arise during data migration and user authentication in cloud computing. To overcome this problem, this paper provides a comprehensive framework that includes Transport Layer Security (TLS), user authentication, security tokens and multi-level data encryption. This framework aims to prevent authorized access to cloud resources and data leakage, ensuring the confidentiality of sensitive information. This framework can be used by cloud service providers to strengthen the security of their cloud and instil confidence in their users.

Keywords: Cloud computing, Cloud security, Cloud security issues, Cloud security framework

Procedia PDF Downloads 65

Authors: Jiří F. Urbánek, Jiří Barta

Abstract:

Societal security, continuity scenarios, and methodological cycling approach understands in this article. Namely, societal security organizational challenges ask implementation of international standards BS 25999-2 and global ISO 22300 which is a family of standards for business continuity management system. Efficient global organization system is distinguished of high entity´s complexity, connectivity, and interoperability, having not only cooperative relations in a fact. Competing business have numerous participating ´enemies´, which are in apparent or hidden opponent and antagonistic roles with prosperous organization systems, resulting to a crisis scene or even to a battle theater. Organization business continuity scenarios are necessary for such ´a play´ preparedness, planning, management, and overmastering in real environments.

Keywords: business continuity, societal security, crisis scenarios cycles, interoperability

Procedia PDF Downloads 350

Authors: Sophie Kroeling, Agnetha Schuchardt

Abstract:

Striving for sustainability brings a lot of challenges for different fields of interest, e. g. security or health concerns. In Germany, civil protection is predominantly carried out by emergency responders who perform essential tasks of civil protection. Based on theoretical concepts of different psychological stress theories this contribution focuses on the question, how the resilience of emergency responders can be improved. The goal is to identify resources and successful coping strategies that help to prevent and reduce negative outcomes during or after stressful events. The paper will present results from a qualitative analysis of semi-structured qualitative interviews with 20 emergency responders. These results provide insights into the complexity of coping processes (e. g. controlling the situation, downplaying perceived personal threats through humor) and show the diversity of stressors (like complexity of the disastrous situation, intrusive press and media, or lack of social support within the organization). Self-efficacy expectation was a very important resource for coping with stressful situations. The results served as a starting point for a quantitative survey (that was conducted in March 2017), the development of education and training tools for emergency responders and the improvement of critical incident stress management processes. First results from the quantitative study with more than 700 participants show that, e. g., the emergency responders use social coping within their private social network and also within their aid organization and that both are correlated to resilience. Moreover, missing information, bureaucratic problems and social conflicts within the organization are events that the majority of the participants considered very onerous. Further results from regression analysis will be presented. The proposed paper will combine findings from the qualitative study with the quantitative results, illustrating figures and correlations with respective statements from the interviews. At the end, suggestions for the improvement of the emergency responder’s resilience are given and it is discussed how this can make a contribution to strive for civil security and furthermore a sustainable development.

Keywords: civil security, emergency responders, stress, resilience, resources

Procedia PDF Downloads 114

Authors: Wang Hsiao-Wen

Abstract:

This paper is based on the burning of the Old Summer Palace by the Anglo-French forces. The Old Summer Palace, Yuanmingyuan, is an imperial garden located outside Beijing, but it was looted and burned down by the Anglo-French troops. Hundreds of guards died, and Emperor Xianfeng also fled from the back door to the Chengde Mountain Resort in a hurry. It is a very shameful piece of Chinese imperial history. At that time, it was well known that the capital was almost occupied. However, the detailed process of the whole incident and the subsequent accountability was regarded as a national shame, which was omitted in the historical records and rarely mentioned by scholars, especially under the rulings of Xianfeng and Tongzhi. Due to this, the researcher explored how the incident was documented in historical poetry and how the war was recalled and evaluated from different perspectives so that rich and diverse historical interpretations can be constructed. The issues explored and discussed in this paper are divided into two parts: (i) the historical writing of the Incident in Gengshen Year, which mainly focuses on the Historical Poetry on the Burning of the Old Summer Palace by the Anglo-French forces, and (ii) the different identities of poets and their perspectives of mourning, which leads to the homogeneity or heterogeneity of their interpretations.

Keywords: Anglo-French expedition to China, the Incident in Gengshen Year, burning of the Old Summer Palace, historical poetry

Procedia PDF Downloads 38

Authors: Francesco Lubrano, Fabrizio Bertone, Federico Stirano

Abstract:

Modern societies strongly depend on Critical Infrastructures (CI). Hospitals, power supplies, water supplies, telecommunications are just few examples of CIs that provide vital functions to societies. CIs like hospitals are very complex environments, characterized by a huge number of cyber and physical systems that are becoming increasingly integrated. Ensuring a high level of security within such critical infrastructure requires a deep knowledge of vulnerabilities, threats, and potential attacks that may occur, as well as defence and prevention or mitigation strategies. The possibility to remotely monitor and control almost everything is pushing the adoption of network-connected devices. This implicitly introduces new threats and potential vulnerabilities, posing a risk, especially to those devices connected to the Internet. Modern medical devices used in hospitals are not an exception and are more and more being connected to enhance their functionalities and easing the management. Moreover, hospitals are environments with high flows of people, that are difficult to monitor and can somehow easily have access to the same places used by the staff, potentially creating damages. It is therefore clear that physical and cyber threats should be considered, analysed, and treated together as cyber-physical threats. This means that an integrated approach is required. SAFECARE, an integrated cyber-physical security solution, tries to respond to the presented issues within healthcare infrastructures. The challenge is to bring together the most advanced technologies from the physical and cyber security spheres, to achieve a global optimum for systemic security and for the management of combined cyber and physical threats and incidents and their interconnections. Moreover, potential impacts and cascading effects are evaluated through impact propagation models that rely on modular ontologies and a rule-based engine. Indeed, SAFECARE architecture foresees i) a macroblock related to cyber security field, where innovative tools are deployed to monitor network traffic, systems and medical devices; ii) a physical security macroblock, where video management systems are coupled with access control management, building management systems and innovative AI algorithms to detect behavior anomalies; iii) an integration system that collects all the incoming incidents, simulating their potential cascading effects, providing alerts and updated information regarding assets availability.

Keywords: cyber security, defence strategies, impact propagation, integrated security, physical security

Procedia PDF Downloads 133

Authors: Shoohira Aftab, Hammad Afzal

Abstract:

Information integration is a well known procedure to provide consolidated view on sets of heterogeneous information sources. It not only provides better statistical analysis of information but also facilitates users to query without any knowledge on the underlying heterogeneous information sources The problem of providing a consolidated view of information can be handled using Semantic data (information stored in such a way that is understandable by machines and integrate-able without manual human intervention). However, integrating information using semantic web technology without any access management enforced, will results in increase of privacy and confidentiality concerns. In this research we have designed and developed a framework that would allow information from heterogeneous formats to be consolidated, thus resolving the issue of interoperability. We have also devised an access control system for defining explicit privacy constraints. We designed and applied our framework on both semantic and non-semantic data from heterogeneous resources. Our approach is validated using scenario based testing.

Keywords: information integration, semantic data, interoperability, security, access control system

Procedia PDF Downloads 308

Authors: Yung-Feng Yen, I-an Jen, Yi-Ming Arthur Chen

Abstract:

The molecular mimicry between human immunodeficiency virus (HIV) protein and red blood cell (RBC) antigens could induce the production of anti-RBC autoantibodies. However, the association between HIV infection and subsequent development of autoimmune hemolytic anemia (AIHA) remains unclear. This nationwide population-based cohort study aimed to determine the association between incident AIHA and HIV in Taiwan. From 2000–2012, we identified adult people living with HIV/AIDS (PLWHA) from the Taiwan centers for disease control HIV Surveillance System. HIV-infected individuals were defined by positive HIV-1 western blot. Age- and sex-matched controls without HIV infection were selected from the Taiwan National Health Insurance Research Database for comparison. All patients were followed until Dec. 31, 2012, and observed for occurrence of AIHA. Of 171,468 subjects (19,052 PLWHA, 152,416 controls), 30 (0.02%) had incident AIHA during a mean follow-up of 5.45 years, including 23 (0.12%) PLWHA and 7 (0.01%) controls. After adjusting for potential confounders, HIV infection was found to be an independent risk factor of incident AIHA (adjusted hazard ratio [AHR], 20.9; 95% confidence interval [CI], 8.34-52.3). Moreover, PLWHA receiving HAART were more likely to develop AIHA than those not receiving HAART (AHR, 10.8; 95% CI, 2.90-40.1). Additionally, the risk of AIHA was significantly increased in those taking efavirenz (AHR, 3.15; 95% CI, 1.18-8.43) or atazanavir (AHR, 6.58; 95% CI, 1.88-22.9) component of the HAART. In conclusion, HIV infection is an independent risk factor for incident AIHA. Clinicians need to be aware of the higher risk of AIHA in PLWHA.

Keywords: autoimmune disease , hemolytic anemia, HIV, highly active antiretroviral treatment

Procedia PDF Downloads 199

Authors: Tuğçe Yücel

Abstract:

A Wireless Sensor Network(WSN) is a collection of sensor nodes which are deployed randomly in an area for surveillance. Efficient utilization of limited battery energy of sensors for increased network lifetime as well as data security are major design objectives for WSN. Moreover secure transmission of data sensed to a base station for further processing. Producing multiple copies of data packets and sending them on different paths is one of the strategies for this purpose, which leads to redundant energy consumption and hence reduced network lifetime. In this work we develop a restricted multi-copy multipath strategy where data move through ‘frequently’ or ‘heavily’ used sensors is copied by the sensor incident to such central nodes and sent on node-disjoint paths. We develop a mixed integer programing(MIP) model and heuristic approach present some preleminary test results.

Keywords: MIP, sensor, telecommunications, WSN

Procedia PDF Downloads 474

Authors: Stephen Wheat

Abstract:

Institutional mobile application governance and distribution processes are essential to mobile app innovation. The absence of effective processes poses a significant barrier to the development and adoption of mobile apps for use within a research enterprise and also impedes the translational science of applying research apps in clinical and engineering settings. To accelerate mobile app innovation and adoption, Emory University and Emory Healthcare implemented a three-pronged strategy including. I) Mobile app review and distribution policies and processes. II) Mobile app management infrastructure and mobile app foundation components. III) A strategic sourcing strategy based on preferred mobile app development firms. The results have been an increase from five to 56 mobile apps in the pipeline over three years; increased engagement from technology transfer, legal counsel, compliance, and information security; articulation of a coordinated mobile app strategy; and allocation of more institutional resources toward specific mobile technology and mobile application goals.

Keywords: mobile app management, governance, distribution, information security

Procedia PDF Downloads 262

Authors: Adriano Bessa Albuquerque, Francisco Jose Barreto Nunes

Abstract:

Software vulnerabilities are increasing and not only impact services and processes availability as well as information confidentiality, integrity and privacy, but also cause changes that interfere in the development process. Security test could be a solution to reduce vulnerabilities. However, the variety of test techniques with the lack of real case studies of applying tests focusing on software development life cycle compromise its effective use. This paper offers an overview of how a Systematic Mapping Study (MS) about security verification, validation and test (VVT) was performed, besides presenting general results about this study.

Keywords: software test, software security verification validation and test, security test institutionalization, systematic mapping study

Procedia PDF Downloads 349

Authors: Saleh Alumaran, Giampaolo Bella, Feng Chen

Abstract:

The study of organisations’ information security cultures has attracted scholars as well as healthcare services industry to research the topic and find appropriate tools and approaches to develop a positive culture. The vast majority of studies in Saudi national health services are on the use of technology to protect and secure health services information. On the other hand, there is a lack of research on the role and impact of an organisation’s cultural dimensions on information security. This research investigated and analysed the role and impact of cultural dimensions on information security in Saudi Arabia health service. Hypotheses were tested and two surveys were carried out in order to collect data and information from three major hospitals in Saudi Arabia (SA). The first survey identified the main cultural-dimension problems in SA health services and developed an initial information security culture framework model. The second survey evaluated and tested the developed framework model to test its usefulness, reliability and applicability. The model is based on human behaviour theory, where the individual’s attitude is the key element of the individual’s intention to behave as well as of his or her actual behaviour. The research identified six cultural dimensions: Saudi national culture, Saudi health service leadership, employees’ trust, technology, multicultural interactions and employees’ job roles. The research also identified a set of cultural sub-dimensions. These include working values and norms, tribe values and norms, attitudes towards women, power sharing, vision, social interaction, respect and understanding, hospital intra-net, hospital employees’ language(s) used, multi-national culture, communication system, employees’ job satisfaction and job security. The research identified that (a) the human behaviour towards medical information in SA is one of the main threats to information security and one of the main challenges to SA health authority, (b) The current situation of SA hospitals’ IS cultures is falling short in protecting medical information due to the current value and norms towards information security, (c) Saudi national culture and employees’ job role are the main dimensions playing major roles in the employees’ attitude, and technology is the least important dimension playing a role in the employees’ attitudes.

Keywords: cultural dimension, electronic health record, information security, privacy

Procedia PDF Downloads 320

Authors: Kriddikorn Kaewwongsri, Nikom Suvonvorn

Abstract:

In the deep south of Thailand, checkpoints for people verification are necessary for the security management of risk zones, such as official buildings in the conflict area. In this paper, we propose an automatic checkpoint system that verifies persons using information from ID cards and facial features. The methods for a person’s information abstraction and verification are introduced based on useful information such as ID number and name, extracted from official cards, and facial images from videos. The proposed system shows promising results and has a real impact on the local society.

Keywords: face comparison, card recognition, OCR, checkpoint system, authentication

Procedia PDF Downloads 291