Search results for: information security incident management

Authors: Sameut Bouhaik Mostafa

Abstract:

Information Act is the Canadian law gives the right of access to information for the institution of government. It declares the availability of government information to the public, but that exceptions should be limited and the necessary right of access to be specific, and also states the need to constantly re-examine the decisions on the disclosure of any government information independently from the government. By 1982, it enacted a dozen countries, including France, Denmark, Finland, Sweden, the Netherlands and the United States (1966) newly legally to access the information. It entered access to Canadian information into force of the Act of 1983, under the government of Pierre Trudeau, allowing Canadians to recover information from government files, and the development of what can be accessed from the information, and the imposition of timetables to respond. It has been applied by the Information Commissioner in Canada.

Keywords: law, information, management, legal

Procedia PDF Downloads 380

Authors: Hayder Raad Hafuze, Munqith Saleem Dawood, Jamal Abdul Jabbar

Abstract:

The effect of using both ultrasounds with laser in medical imaging of the biological tissue has been studied in this paper. Different wave lengths of incident laser light (405 nm, 532 nm, 650 nm, 808 nm and 1064 nm) were used with different ultrasound frequencies (1MHz and 3.3MHz). The results showed that, the change of acoustic intensity enhance the laser penetration of the tissue for different thickness. The existence of the ideal Raman-Nath diffraction pattern were investigated in terms of phase delay and incident angle.

Keywords: tissue, laser, ultrasound, effect, imaging

Procedia PDF Downloads 398

Authors: Kim Lytle, Tim Talty, Alan Michaels, Jeff Reed

Abstract:

Implantable medical devices (IMDs) are medically necessary devices embedded in the human body that monitor chronic disorders or automatically deliver therapies. Most IMDs have wireless capabilities that allow them to share data with an offboard programming device to help medical providers monitor the patient’s health while giving the patient more insight into their condition. However, serious security concerns have arisen as researchers demonstrated these devices could be hacked to obtain sensitive information or harm the patient. Cooperative jamming can be used to prevent privileged information leaks by maintaining an adequate signal-to-noise ratio at the intended receiver while minimizing signal power elsewhere. This paper uses ray tracing to demonstrate how a low number of friendly nodes abiding by Bluetooth Low Energy (BLE) transmission regulations can enhance IMD communication security in an office environment, which in turn may inform how companies and individuals can protect their proprietary and personal information.

Keywords: implantable biomedical devices, communication system security, array signal processing, ray tracing

Procedia PDF Downloads 72

Authors: Amir Ali Fatoorchi

Abstract:

Regardless of the advantage of LoT devices, they have limitations like storage, compute, and security problems. In recent years, a lot of Blockchain-based research in IoT published and presented. In this paper, we present the Security issues of LoT. IoT has three levels of security issues: Low-level, Intermediate-level, and High-level. We survey and compare blockchain-based solutions for high-level security issues and show how the underlying technology of bitcoin and Ethereum could solve IoT problems.

Keywords: Blockchain, security, data security, IoT

Procedia PDF Downloads 180

Authors: Cleopatra Gittens

Abstract:

It has been recognized that some social security and national insurance systems in the Eastern Caribbean are experiencing ageing populations and economic and other crises that will present a financial challenge of being unable to pay pension benefits in fifteen to twenty years. This has implications for the fiscal and economic positions of the countries themselves. Hence, organizations would need to address the issue urgently. The study adds to the body of knowledge on social security systems and social security reforms in small island developing states (SIDS). It also makes recommendations for the types of reforms that social security systems in other SIDS can implement given their special circumstances. Secondary research is used to gather financial and other related information on three social security schemes in the Eastern Caribbean. Actuarial and financial reports and other documents of the social security systems are analysed to obtain financial and static data on each of the schemes. The findings show that the three schemes studied are experiencing steady increases in benefit expenditure versus contributions and increasing pensioner to insured ratios. The schemes will deplete their reserves between 2038 and 2050. Two of the schemes have increased their retirement age while the other has not embarked on any reforms. One scheme has made changes to its contribution percentages. Due to their small size, small populations and other unique circumstances, the social security schemes in the identified territories are not likely to be able to take advantage of all of the reform initiatives that the developed world embarked on when faced with similar problems. These schemes will need to make incremental changes that align with the timeframes recommended by the actuarial studies.

Keywords: benefits, pension, small island developing states, social security reform

Procedia PDF Downloads 63

Authors: Cletus Agbowo

Abstract:

Standard principles, rules, regulations, norms and guides are necessities in practice especially in the Economics and management information system Institute of management of and technology (IMT) Enugu a case sturdy as presented by the presenter. Without mincing words, the fundamental bottle neck of management is economics, how to select to engage merger productivity resources to achieve uncountable objectives without tears. Management information system inevitably become bound up in organizational politics because the influence access to a key resource – namely information. Economics and management information can effect who does what to whom, when, where and how in an organization. In great institutions like the Institute of Management and Technology (IMT) Enugu a case study many new information systems require changes in personnel, individual routines that can be painful for those involved and require retraining and additional effort may or may not be compensated. In a nut shell, because management information system potentially change an organization’s structure, culture, business processes, and strategy, there is often considerable resistance to them when they are introduced. The case study have many schools, departments, divisions and units which needs research on economics and management information systems. A system can be defined as a set of interrelated components and / or elements, which reacts with input to produce output. A department in an organization is a system. The researcher is faced to itemize the practical challenges encountered and solution adopted by the Institute Management and Enugu state government.

Keywords: economics, information, management, productivity, regulations

Procedia PDF Downloads 352

Authors: M. Sandhya, R. M. Madhumitha, Sharmila Sankar

Abstract:

Interoperable medical devices (IMDs) face threats due to the increased attack surface accessible by interoperability and the corresponding infrastructure. Initiating networking and coordination functionalities primarily modify medical systems' security properties. Understanding the threats is a vital first step in ultimately crafting security solutions for such systems. The key to this problem is coming up with some common types of threats or attacks with those of security and privacy, and providing this information as a roadmap. This paper analyses the security issues in interoperability of devices and presents the main types of threats that have to be considered to build a secured system.

Keywords: interoperability, threats, attacks, medical devices

Procedia PDF Downloads 304

Authors: Okike Benjamin, Garba Ejd

Abstract:

Today, it has been observed security of information along the superhighway is often compromised by those who are not authorized to have access to such information. In order to ensure the security of information along the superhighway, such information should be encrypted by some means to conceal the real meaning of the information. There are many encryption techniques out there in the market. However, some of these encryption techniques are often easily decrypted by adversaries. The researcher has decided to develop an encryption technique that may be more difficult to decrypt. This may be achieved by splitting the message to be encrypted into parts and encrypting each part separately and swapping the positions before transmitting the message along the superhighway. The method is termed Merged Irregular Transposition Cipher. Also, the research would determine the complexity level in respect to the number of splits of the message.

Keywords: transposition cipher, merged irregular cipher, encryption, complexity level

Procedia PDF Downloads 318

Authors: Michael Scott Evans, Andrew Smith

Abstract:

The feeling of fatigue at work could potentially have devastating consequences. The aim of this study was to investigate whether the well-established objective indicator of fatigue – the Fatigue Risk Index (FRI) calculator used by the rail industry is an effective indicator to the number of safety incidents, in which fatigue could have been a contributing factor. The study received ethics approval from Cardiff University’s Ethics Committee (EC.16.06.14.4547). A total of 901 safety incidents were recorded from a single British rail franchise between 1st June 2010 – 31st December 2016, into the Safety Management Information System (SMIS). The safety incident types identified that fatigue could have been a contributing factor were: Signal Passed at Danger (SPAD), Train Protection & Warning System (TPWS) activation, Automatic Warning System (AWS) slow to cancel, failed to call, and station overrun. From the 901 recorded safety incidents, the scheduling system CrewPlan was used to extract the Fatigue Index (FI) score and Risk Index (RI) score of all train drivers on the day of the safety incident. Only the working rosters of 64.2% (N = 578) (550 men and 28 female) ranging in age from 24 – 65 years old (M = 47.13, SD = 7.30) were accessible for analyses. Analysis from all 578 train drivers who were involved in safety incidents revealed that 99.8% (N = 577) of Fatigue Index (FI) scores fell within or below the identified guideline threshold of 45 as well as 97.9% (N = 566) of Risk Index (RI) scores falling below the 1.6 threshold range. Their scores represent good practice within the rail industry. These findings seem to indicate that the current objective indicator, i.e. the FRI calculator used in this study by the British rail franchise was not an effective predictor of train driver’s FI scores and RI scores, as safety incidents in which fatigue could have been a contributing factor represented only 0.2% of FI scores and 2.1% of RI scores. Further research is needed to determine whether there are other contributing factors that could provide a better indication as to why there is such a significantly large proportion of train drivers who are involved in safety incidents, in which fatigue could have been a contributing factor have such low FI and RI scores.

Keywords: fatigue risk index calculator, objective indicator of fatigue, rail industry, safety incident

Procedia PDF Downloads 156

Authors: Monirah Alkathiry, Hanan Aljarwan

Abstract:

Cloud computing is one of the most significant technologies that the world deals with, in different sectors with different purposes and capabilities. The cloud faces various challenges in securing data from unauthorized access or modification. Consequently, security risks and levels have greatly increased. Therefore, cloud service providers (CSPs) and users need secure mechanisms that ensure that data are kept secret and safe from any disclosures or exploits. For this reason, CSPs need a number of techniques and technologies to manage and secure access to the cloud services to achieve security goals, such as confidentiality, integrity, identity access management (IAM), etc. Therefore, this paper will review and explore various access controls implemented in a cloud environment that achieve different security purposes. The methodology followed in this survey was conducting an assessment, evaluation, and comparison between those access controls mechanisms and technologies based on different factors, such as the security goals it achieves, usability, and cost-effectiveness. This assessment resulted in the fact that the technology used in an access control affects the security goals it achieves as well as there is no one access control method that achieves all security goals. Consequently, such a comparison would help decision-makers to choose properly the access controls that meet their requirements.

Keywords: access controls, cloud computing, confidentiality, identity and access management

Procedia PDF Downloads 104

Authors: Mira Ezora Zainal Abidin, Siti Fauzuna Othman, Zalina Harun, M. Hafiz M. Pikri

Abstract:

In a fire incident involving a Nitrogen storage tank that over-pressured and exploded, resulting in a fire in one of the units in a refinery, lack of data and evidence hampered the investigation to determine the root cause. Instrumentation and fittings were destroyed in the fire. To make it worst, this incident occurred during the COVID-19 pandemic, making collecting and testing evidence delayed. In addition to that, the storage tank belonged to a third-party company which requires legal agreement prior to the refinery getting approval to test the remains. Despite all that, the investigation had to be carried out with stakeholders demanding answers. The investigation team had to devise alternative means to support whatever little evidence came out as the most probable root cause. International standards, practices, and previous incidents on similar tanks were referred. To narrow down to just one root cause from 8 possible causes, transient simulations were conducted to simulate the overpressure scenarios to prove and eliminate the other causes, leaving one root cause. This paper shares the methodology used and details how transient simulations were applied to help solve this. The experience and lessons learned gained from the event investigation and from numerous case studies via transient analysis in finding the root cause of the accident leads to the formulation of future mitigations and design modifications aiming at preventing such incidents or at least minimize the consequences from the fire incident.

Keywords: fire, transient, simulation, relief

Procedia PDF Downloads 69

Authors: Emin Gundogar, Aysegul Yilmaz

Abstract:

Strategic performance scoring is a significant procedure in management. There are various methods to improve this procedure. This study introduces an information system that is developed to score performance for municipal management. The application of the system is clarified by exemplifying municipal processes.

Keywords: management information system, municipal management, performance scoring

Procedia PDF Downloads 739

Authors: Magdaléna Náplavová, Tomáš Ludík, Petr Hrůza, František Božek

Abstract:

The use of IT equipment has become a part of every day. However, each device that is part of cyberspace should be secured against unauthorized use. It is very important to know the basics of these security devices, but also the basics of safe conduct their owners. This information should be part of every curriculum computer science education in primary and secondary schools. Therefore, the work focuses on the education of pupils in primary and secondary schools on the Internet. Analysis of the current state describes approaches to the education of pupils in security issues on the Internet. The paper presents a questionnaire-based survey which was carried out in the Czech Republic, whose task was to ascertain the level of opinion pupils in primary and secondary schools on the issue of communication in social networks. The research showed that awareness of socio-pathological phenomena on the Internet environment is very low. Based on the results it was proposed appropriate ways of teaching to this issue and its inclusion a proposal of curriculum for primary and secondary schools.

Keywords: information security, cyber space, general awareness, questionnaire, socio-pathological phenomena, educational system

Procedia PDF Downloads 360

Authors: Shehu S. Janguza

Abstract:

The need for national security cannot be over Emphasis, which should be pursued by any means. Thus the need for effective management of education through effective school community Relationship/participation. In preparing and implementing only effort to promote community involvement in manning Education, it is importance to understand the whole picture of community participation, how it works, what forms are used, what benefit it can yield and what we should expect in the process of carrying out the efforts finally emphasis will be made on how effective school community relationship/participation and lead to national security.

Keywords: community participation, managing, school community, national security

Procedia PDF Downloads 571

Authors: Anna Fowler

Abstract:

When considering assets that may need protection, the mind begins to contemplate homes, cars, and investment funds. In most cases, the protection of those assets can be covered through security systems and insurance. Data is not the first thought that comes to mind that would need protection, even though data is at the core of most supply chain operations. It includes trade secrets, management of personal identifiable information (PII), and consumer data that can be used to enhance the overall experience. Data is considered a critical element of success for supply chains and should be one of the most critical areas to protect. In the supply chain industry, there are two major misconceptions about protecting data: (i) We do not manage or store confidential/personally identifiable information (PII). (ii) Reliance on Third-Party vendor security. These misconceptions can significantly derail organizational efforts to adequately protect data across environments. These statistics can be exciting yet overwhelming at the same time. The first misconception, “We do not manage or store confidential/personally identifiable information (PII)” is dangerous as it implies the organization does not have proper data literacy. Enterprise employees will zero in on the aspect of PII while neglecting trade secret theft and the complete breakdown of information sharing. To circumvent the first bullet point, the second bullet point forges an ideology that “Reliance on Third-Party vendor security” will absolve the company from security risk. Instead, third-party risk has grown over the last two years and is one of the major causes of data security breaches. It is important to understand that a holistic approach should be considered when protecting data which should not involve purchasing a Data Loss Prevention (DLP) tool. A tool is not a solution. To protect supply chain data, start by providing data literacy training to all employees and negotiating the security component of contracts with vendors to highlight data literacy training for individuals/teams that may access company data. It is also important to understand the origin of the data and its movement to include risk identification. Ensure processes effectively incorporate data security principles. Evaluate and select DLP solutions to address specific concerns/use cases in conjunction with data visibility. These approaches are part of a broader solutions framework called Data Security Assurance (DSA). The DSA Framework looks at all of the processes across the supply chain, including their corresponding architecture and workflows, employee data literacy, governance and controls, integration between third and fourth-party vendors, DLP as a solution concept, and policies related to data residency. Within cloud environments, this framework is crucial for the supply chain industry to avoid regulatory implications and third/fourth party risk.

Keywords: security by design, data security architecture, cybersecurity framework, data security assurance

Procedia PDF Downloads 61

Authors: Mehdi Ghaemi

Abstract:

In principle, foreign investment security is enshrined in International Investment Agreements (IIAs) and Bilateral Investment Treaties (BITs) in the form of protection standards such as the Full Protection and Security Standard (FPS). Accordingly, the host countries undertake to provide the necessary security for the economic activities of foreign investment. With the outbreak of coronavirus, the international community called COVID-19 a threat to international peace security, as well as to the public interest and national security of nations; and to deal with, they proposed several solutions, generally including quarantine, creating social distances, and restricting businesses. This article first studies the security of foreign investment in international investment law. In the following, it analyzes the consequences of the COVID-19 pandemic for foreign investment security so that if there is a threat to that security, solutions could be offered to reduce it.

Keywords: foreign investment, FPS standard, host country, public health, COVID-19

Procedia PDF Downloads 73

Authors: Ngo the Bach

Abstract:

Information technology and communications are growing strongly and penetrated almost the entire Vietnamese economy and society. The article presents an overview of information technology and application communications in the management the Central Sector of the Imperial Citadel of Thang Long (Hanoi, Vietnam) - A World Heritage Site. The author also points out the opportunities and challenges of the information technology and communications in the sectors of culture and heritage; the use of information technology as an effective tool to develop mass and interactive communications. The article emphasizes on the advantage of information technology and communications in supporting effectively the management reform with respect to the Imperial Citadel of Thang Long in particular and the management of world heritage sites in Vietnam in general.

Keywords: information technology, communications, management, culture, heritage

Procedia PDF Downloads 295

Authors: Tomáš Ludík, Jiří Barta, Josef Navrátil

Abstract:

Natural or human made disasters have a significant negative impact on the environment. At the same time there is an extensive effort to support management and decision making in emergency situations by information technologies. Therefore the purpose of the paper is to propose a design patterns applicable in emergency management, enabling better analysis and design of emergency management processes and therefore easier development and deployment of information systems in the field of emergency management. It will be achieved by detailed analysis of existing emergency management legislation, contingency plans, and information systems. The result is a set of design patterns focused at emergency management processes that enable easier design of emergency plans or development of new information system. These results will have a major impact on the development of new information systems as well as to more effective and faster solving of emergencies.

Keywords: analysis and design, Business Process Modelling Notation, contingency plans, design patterns, emergency management

Procedia PDF Downloads 458

Authors: Beenish Urooj, Ubaid Ullah, Sidra Riasat

Abstract:

National Testing Service-Pakistan (NTS) is an agency in Pakistan that conducts student success appraisal examinations. In this research paper, we must present a security model for the NTS organization. The security model will depict certain security countermeasures for a better defense against certain types of breaches and system malware. We will provide a security roadmap, which will help the company to execute its further goals to maintain security standards and policies. We also covered multiple aspects in securing the environment of the organization. We introduced the processes, architecture, data classification, auditing approaches, survey responses, data handling, and also training and awareness of risk for the company. The primary contribution is the Risk Survey, based on the maturity model meant to assess and examine employee training and knowledge of risks in the company's activities.

Keywords: NTS, risk assessment, threat factors, security, services

Procedia PDF Downloads 46

Authors: Okike Benjami, Garba Ejd

Abstract:

Today, it has been observed security of information along the superhighway is often compromised by those who are not authorized to have access to such information. In other to ensure the security of information along the superhighway, such information should be encrypted by some means to conceal the real meaning of the information. There are many encryption techniques out there in the market. However, some of these encryption techniques are often decrypted by adversaries with ease. The researcher has decided to develop an encryption technique that may be more difficult to decrypt. This may be achieved by splitting the message to be encrypted into parts and encrypting each part separately and swapping the positions before transmitting the message along the superhighway. The method is termed Okike’s Merged Irregular Transposition Cipher. Also, the research would determine the complexity level in respect to the number of splits of the message.

Keywords: transposition cipher, merged irregular cipher, encryption, complexity level

Procedia PDF Downloads 264

Authors: Ma Yuzhe, Burra Venkata Durga Kumar

Abstract:

The computer is a great invention. As people use computers more and more frequently, the demand for PCs is growing, and the performance of computer hardware is also rising to face more complex processing and operation. However, the operating system, which provides the soul for computers, has stopped developing at a stage. In the face of the high price of UNIX (Uniplexed Information and Computering System), batch after batch of personal computer owners can only give up. Disk Operating System is too simple and difficult to bring innovation into play, which is not a good choice. And MacOS is a special operating system for Apple computers, and it can not be widely used on personal computers. In this environment, Linux, based on the UNIX system, was born. Linux combines the advantages of the operating system and is composed of many microkernels, which is relatively powerful in the core architecture. Linux system supports all Internet protocols, so it has very good network functions. Linux supports multiple users. Each user has no influence on their own files. Linux can also multitask and run different programs independently at the same time. Linux is a completely open source operating system. Users can obtain and modify the source code for free. Because of these advantages of Linux, it has also attracted a large number of users and programmers. The Linux system is also constantly upgraded and improved. It has also issued many different versions, which are suitable for community use and commercial use. Linux system has good security because it relies on a file partition system. However, due to the constant updating of vulnerabilities and hazards, the using security of the operating system also needs to be paid more attention to. This article will focus on the analysis and discussion of Linux security issues.

Keywords: Linux, operating system, system management, security

Procedia PDF Downloads 82

Authors: John Ayoade

Abstract:

Cloud computing is a model that enables the delivery of on-demand computing resources such as networks, servers, storage, applications and services over the internet. Cloud Computing is a relatively growing concept that presents a good number of benefits for its users; however, it also raises some security challenges which may slow down its use. In this paper, we identify some of those security issues that can serve as barriers to realizing the full benefits that cloud computing can bring. One of the key security problems is security trust. A security trust model is proposed that can enhance the confidence that users need to fully trust the use of public and mobile cloud computing and maximize the potential benefits that they offer.

Keywords: cloud computing, trust, security, certificate authority, PKI

Procedia PDF Downloads 454

Authors: Kebron Asnake

Abstract:

Water security and transboundary issues are critical concerns for countries, particularly in regions where shared water resources are significant. This Research focuses on exploring the challenges and opportunities related to water security and transboundary issues in Ethiopia, using the case of the Nile River. Ethiopia, as a riparian country of the Nile River, faces complex water security issues due to its dependence on this transboundary water resource. This abstract aims to analyze the various factors that affect water security in Ethiopia, including population growth, climate change, and competing water demands. The Study examines the challenges linked to transboundary water management of the Nile River. It delves into the complexities of negotiating water allocations and addressing potential conflicts among the downstream riparian countries. The paper also discusses the role of international agreements and cooperation in promoting sustainable water resource management. Additionally, the paper highlights the opportunities for collaboration and sustainable development that arise from transboundary water management. It explores the potential for joint investments in water infrastructure, hydropower generation, and irrigation systems that can contribute to regional economic growth and water security. Furthermore, the study emphasizes the need for integrated water management approaches in Ethiopia to ensure the equitable and sustainable use of the Nile River's waters. It highlights the importance of involving stakeholders from diverse sectors, including agriculture, energy, and environmental conservation, in decision-making processes. By presenting the case of the Nile River in Ethiopia, this Abstract contributes to the understanding of water security and transboundary issues. It underscores the significance of regional cooperation and informed policy-making to address the challenges and opportunities presented by transboundary water resources. The paper serves as a foundation for further research and policy in water management in Ethiopia and other regions facing similar challenges.

Keywords: water, health, agriculture, medicine

Procedia PDF Downloads 50

Authors: Alireza Ghaffari, Hassan Saghi

Abstract:

Project management is more complex than managing the day-to-day affairs of an organization. When the project dimensions are broad and multiple projects have to be monitored in different locations, the integrated management becomes even more complicated. One of the main concerns of project managers is the integrated project management, which is mainly rooted in the lack of accurate and accessible information from different projects in various locations. The collection of dispersed information from various parts of the network, their integration and finally the selective reporting of this information is among the goals of integrated information systems. It can help resolve the main problem, which is bridging the information gap between executives and senior managers in the organization. Therefore, the main objective of this study is to design and implement an important subset of a project management information system in order to successfully control the cost of construction projects so that its results can be used to design raw software forms and proposed relationships between different project units for the collection of necessary information.

Keywords: financial performance, cost subsystem, PMIS, project management

Procedia PDF Downloads 78

Authors: Ercan Eker, Muhammer Karaman, Akif Aslan, Hakan Tanrikuluoglu

Abstract:

Deficiency of institutional memory and knowledge management can result in information security breaches, loss of prestige and trustworthiness and the worst the loss of know-how and institutional knowledge. Traditional learning management within organizations is generally handled by personal efforts. That kind of struggle mostly depends on personal desire, motivation and institutional belonging. Even if an organization has highly motivated employees at a certain time, the institutional knowledge and memory life cycle will generally remain limited to these employees’ spending time in this organization. Having a learning management system in an organization can sustain the institutional memory, knowledge and know-how in the organization. Learning management systems are much more needed especially in public organizations where the job rotation is frequently seen and managers are appointed periodically. However, a learning management system should not be seen as an organizations’ website. It is a more comprehensive, interactive and user-friendly knowledge management tool for organizations. In this study, the importance of using learning management systems in the process of emerging tacit knowledge is underlined.

Keywords: knowledge management, learning management systems, tacit knowledge, institutional memory

Procedia PDF Downloads 346

Authors: Leandros A. Maglaras, Jianmin Jiang

Abstract:

The protection of the national infrastructures from cyberattacks is one of the main issues for national and international security. The funded European Framework-7 (FP7) research project CockpitCI introduces intelligent intrusion detection, analysis and protection techniques for Critical Infrastructures (CI). The paradox is that CIs massively rely on the newest interconnected and vulnerable Information and Communication Technology (ICT), whilst the control equipment, legacy software/hardware, is typically old. Such a combination of factors may lead to very dangerous situations, exposing systems to a wide variety of attacks. To overcome such threats, the CockpitCI project combines machine learning techniques with ICT technologies to produce advanced intrusion detection, analysis and reaction tools to provide intelligence to field equipment. This will allow the field equipment to perform local decisions in order to self-identify and self-react to abnormal situations introduced by cyberattacks. In this paper, an intrusion detection module capable of detecting malicious network traffic in a Supervisory Control and Data Acquisition (SCADA) system is presented. Malicious data in a SCADA system disrupt its correct functioning and tamper with its normal operation. OCSVM is an intrusion detection mechanism that does not need any labeled data for training or any information about the kind of anomaly is expecting for the detection process. This feature makes it ideal for processing SCADA environment data and automates SCADA performance monitoring. The OCSVM module developed is trained by network traces off line and detects anomalies in the system real time. The module is part of an IDS (intrusion detection system) developed under CockpitCI project and communicates with the other parts of the system by the exchange of IDMEF messages that carry information about the source of the incident, the time and a classification of the alarm.

Keywords: cyber-security, SCADA systems, OCSVM, intrusion detection

Procedia PDF Downloads 513

Authors: Ang Chia Hong, Julian Khoo Xubin, Burra Venkata Durga Kumar

Abstract:

Distributed systems offer many benefits to the healthcare industry. From big data analysis to business intelligence, the increased computational power and efficiency from distributed systems serve as an invaluable resource in the healthcare sector to utilize. However, as the usage of these distributed systems increases, many issues arise. The main focus of this paper will be on security issues. Many security issues stem from distributed systems in the healthcare industry, particularly information security. The data of people is especially sensitive in the healthcare industry. If important information gets leaked (Eg. IC, credit card number, address, etc.), a person’s identity, financial status, and safety might get compromised. This results in the responsible organization losing a lot of money in compensating these people and even more resources expended trying to fix the fault. Therefore, a framework for a blockchain-based healthcare data management system for healthcare was proposed. In this framework, the usage of a blockchain network is explored to store the encryption key of the patient’s data. As for the actual data, it is encrypted and its encrypted data, called ciphertext, is stored in a cloud storage platform. Furthermore, there are some issues that have to be emphasized and tackled for future improvements, such as a multi-user scheme that could be proposed, authentication issues that have to be tackled or migrating the backend processes into the blockchain network. Due to the nature of blockchain technology, the data will be tamper-proof, and its read-only function can only be accessed by authorized users such as doctors and nurses. This guarantees the confidentiality and immutability of the patient’s data.

Keywords: distributed, healthcare, efficiency, security, blockchain, confidentiality and immutability

Procedia PDF Downloads 157

Authors: Venkata Venugopal Rao Gudlur

Abstract:

The Proposed Policies referred to as “SOP”, on the Internet of Things (IoT) based Forensic Investigation into Process Management is the latest revolution to save time and quick solution for investigators. The forensic investigation process has been developed over many years from time to time it has been given the required information with no policies in investigation processes. This research reveals that the current IoT based forensic investigation into Process Management based is more connected to devices which is the latest revolution and policies. All future development in real-time information on gathering monitoring is evolved with smart sensor-based technologies connected directly to IoT. This paper present conceptual framework on process management. The smart devices are leading the way in terms of automated forensic models and frameworks established by different scholars. These models and frameworks were mostly focused on offering a roadmap for performing forensic operations with no policies in place. These initiatives would bring a tremendous benefit to process management and IoT forensic investigators proposing policies. The forensic investigation process may enhance more security and reduced data losses and vulnerabilities.

Keywords: Internet of Things, Process Management, Forensic Investigation, M2M Framework

Procedia PDF Downloads 77

Authors: Ralph Adaimy, Wassim El-Hajj, Ghassen Ben Brahim, Hazem Hajj, Haidar Safa

Abstract:

Huge amounts of data and personal information are being sent to and retrieved from web applications on daily basis. Every application has its own confidentiality and integrity policies. Violating these policies can have broad negative impact on the involved company’s financial status, while enforcing them is very hard even for the developers with good security background. In this paper, we propose a framework that enforces security-by-construction in web applications. Minimal developer effort is required, in a sense that the developer only needs to annotate database attributes by a security class. The web application code is then converted into an intermediary representation, called Extended Program Dependence Graph (EPDG). Using the EPDG, the provided annotations are propagated to the application code and run against generic security enforcement rules that were carefully designed to detect insecure information flows as early as they occur. As a result, any violation in the data’s confidentiality or integrity policies is reported. As a proof of concept, two PHP web applications, Hotel Reservation and Auction, were used for testing and validation. The proposed system was able to catch all the existing insecure information flows at their source. Moreover and to highlight the simplicity of the suggested approaches vs. existing approaches, two professional web developers assessed the annotation tasks needed in the presented case studies and provided a very positive feedback on the simplicity of the annotation task.

Keywords: web applications security, secure information flow, program dependence graph, database annotation

Procedia PDF Downloads 442

Authors: Amritanshu Shriwastav, Purnendu Bose

Abstract:

Algal photo bioreactors were operated at incident light intensities of 0.24, 2.52 and 5.96 W L-1 to determine the impact of light on algal growth. Low specific Chlorophyll-a content of algae was a strong indicator of light induced stress on algal cells. It was concluded that long term operation of photo bioreactors in the continuous illumination mode was infeasible under the range of incident light intensities examined and provision of a dark period after each light period was necessary for algal cells to recover from light-induced stress. Long term operation of photo bioreactors in the intermittent illumination mode was however possible at light intensities of 0.24 and 2.52 W L-1. Further, the incident light intensity in the photo bioreactors was found to decline exponentially with increase in algal concentration in the reactor due to algal ‘self-shading’. This may be an important determinant for photo bioreactor performance at higher algal concentrations.

Keywords: Algae, algal growth, photo bioreactor, photo-inhibition, ‘self-shading’

Procedia PDF Downloads 282