Search results for: internal security

Authors: Shoaib Alvi

Abstract:

Mahatma Gandhi was said “Man becomes great exactly in the degree in which he works for the welfare of his fellow-men”. Labor welfare is an important fact of Industrial relations. With the growth of industrialization, mechanization and computerization, labor welfare measures have got the fillip. The author believes that Labor welfare includes provisions of various facilities and amenities in and around the work place for the better life of the workers. Labor welfare is, thus, one of the major determinants of industrial relations. It comprises all human efforts the work place for the better life of the worker. The social and economic aspects of the life of the workers have the direct influence on the social and economic development of the nation. Author thinks that there could be multiple objectives in having, labor welfare programme the concern for improving the lot of the workers, a philosophy of humanitarianism or internal social responsibility, a feeling of concern, and caring by providing some of life's basic amenities, besides the basic pay packet. Such caring is supposed to build a sense of loyalty on the part of the employee towards the organization. The author thinks that Social security is the security that the State furnishes against the risks which an individual of small means cannot today, stand up to by himself even in private combination with his fellows. Social security is one of the pillars on which the structure of a welfare state rests, and it constitutes the hardcore of social policy in most countries. It is through social security measures that the state attempts to maintain every citizen at a certain prescribed level below which no one is allowed to fall. According to author, social assistance is a method according to which benefits are given to the needy persons, fulfilling the prescribed conditions, by the government out of its own resources. Author has analyzed and studied the relationship between the labor welfare social security and also studied various international conventions on provisions of social security by International Authorities like United Nations, International Labor Organization, and European Union etc. Author has also studied and analyzed concept of labor welfare and social security schemes of many countries around the globe ex:- Social security in Australia, Social security in Switzerland, Social Security (United States), Mexican Social Security Institute, Welfare in Germany, Social security schemes of India for labor welfare in both organized sector and unorganized sector. In this Research paper, Author has done the study on the Conceptual framework of the Labour Welfare. According to author, labors are highly perishable, which need constant welfare measures for their upgradation and performance in this field. At last author has studied role of trade unions and labor welfare unions and other institutions working for labor welfare, in this research paper author has also identified problems these Unions and labor welfare bodies’ face and tried to find out solutions for the problems and also analyzed various steps taken by the government of various countries around the globe.

Keywords: labor welfare, internal social responsibility, social security, international conventions

Procedia PDF Downloads 541

Authors: Rakesh Kumar Mishra, Tarun Kumar Dan

Abstract:

Lead-Lag based Internal Model Control method is proposed based on Internal Model Control (IMC) strategy. In this paper, we have designed the Lead-Lag based Internal Model Control for binary distillation column for SISO process (considering only bottom product). The transfer function has been taken from Wood and Berry model. We have find the composition control and disturbance rejection using Lead-Lag based IMC and comparing with the response of simple Internal Model Controller.

Keywords: SISO, lead-lag, internal model control, wood and berry, distillation column

Procedia PDF Downloads 612

Authors: Abdulaziz Alzeban

Abstract:

This study examines whether internal audit function is indeed greater when audit committee members have industry expertise combined with auditing expertise. Data from a survey of 64 chief internal auditors from companies registered on the Saudi Stock Exchange TADAWL, provides results that suggest that when audit committee members possess both industry expertise and auditing expertise, the committee’s role in improving the quality of internal audit is enhanced. This outcome is concluded as one that can be generalized beyond the Saudi Arabian context.

Keywords: internal audit, audit committee, industry expertise, function

Procedia PDF Downloads 327

Authors: Amos Olusola Akinola

Abstract:

The aim of this study is to evaluate the internal control system on fraud prevention in Nigerian business organizations. A survey research was undertaken in five organizations from the banking and manufacturing sectors in Nigeria using the simple random sampling technique and primary data was obtained with the aid structured questionnaire drawn on five likert’s scale. Four Hypotheses were formulated and tested using the T-test Statistics, Correlation and Regression Analysis at 95% confidence interval. It was discovered that internal control has a significant positive relationship with fraud prevention and that a weak internal control system permits fraudulent activities among staff. Based on the findings, it was recommended that organizations should continually and methodically review and evaluate the components of its internal control system whether activities are working as planned or not and that every organization should have pre-determined guidelines for conducting its operations and ensures compliance with these set guidelines while proactive steps should be taken to establish the independence of the internal audit by making the audit reportable to the governing council of an organization and not the chief executive officer.

Keywords: internal control, internal system, internal audit, fraud prevention, fraud detection

Procedia PDF Downloads 353

Authors: Amir Ali Fatoorchi

Abstract:

Regardless of the advantage of LoT devices, they have limitations like storage, compute, and security problems. In recent years, a lot of Blockchain-based research in IoT published and presented. In this paper, we present the Security issues of LoT. IoT has three levels of security issues: Low-level, Intermediate-level, and High-level. We survey and compare blockchain-based solutions for high-level security issues and show how the underlying technology of bitcoin and Ethereum could solve IoT problems.

Keywords: Blockchain, security, data security, IoT

Procedia PDF Downloads 180

Authors: Geuna Kim, Sanghyun Kim

Abstract:

This study investigates various factors that may influence the ISM process, including the organization’s internal needs and external pressure, and examines the role of regulatory pressure in ISM development and performance. The 105 sets of data collected in a survey were tested against the research model using SEM. The results indicate that NP and TP had positive effects on the ISM process, except for perceived benefits. Regulatory pressure had a positive effect on the relationship between ISM awareness and ISM development and performance.

Keywords: information security management, need pull, technology push, regulatory pressure

Procedia PDF Downloads 268

Authors: Helena Chytilova, Robin Maialeh

Abstract:

Experimental economics is subject to criticism with regards to frequently discussed trade-off between internal and external validity requirements, which seems to be critically flawed. Incompatibility of trade-off condition and condition of internal validity as a prerequisite for external validity is presented. In addition, the imprecise concept of artificiality found to be rather improving external validity, seems to strengthen illusory status of external versus internal validity tension. Internal validity will be further analysed with regards to Duhem-Quine problem, where unpredictability argument is significantly weakened trough application of inductivism within the illustrative hypothetical-deductive model. Discussion outlined above partially weakens critical arguments related to robustness of results in experimental economics, if perfectly controlled experimental environment is secured.

Keywords: Duhem-Quine problem, external validity, inductivism, internal validity

Procedia PDF Downloads 252

Authors: Roman Kulikov, Svetlana Kolesnikova

Abstract:

Last decade Cloud Computing technologies have been rapidly becoming ubiquitous. Each year more and more organizations, corporations, internet services and social networks trust their business sensitive information to Public Cloud. The data storage in Public Cloud is protected by security mechanisms such as firewalls, cryptography algorithms, backups, etc.. In this way, however, only outsider attacks can be prevented, whereas virtualization tools can be easily compromised by insider. The protection of Public Cloud’s critical elements from internal intruder remains extremely challenging. A hypervisor, also called a virtual machine manager, is a program that allows multiple operating systems (OS) to share a single hardware processor in Cloud Computing. One of the hypervisor's functions is to enforce access control policies. Furthermore, it prevents guest OS from disrupting each other and from accessing each other's memory or disk space. Hypervisor is the one of the most critical and vulnerable elements in Cloud Computing infrastructure. Nevertheless, it has been poorly protected from being compromised by insider. By exploiting certain vulnerabilities, privilege escalation can be easily achieved in insider attacks on hypervisor. In this way, an internal intruder, who has compromised one process, is able to gain control of the entire virtual machine. Thereafter, the consequences of insider attacks in Public Cloud might be more catastrophic and significant to virtual tools and sensitive data than of outsider attacks. So far, almost no preventive security countermeasures have been developed. There has been little attention paid for developing models to assist risks mitigation strategies. In this paper formal model of insider attacks on hypervisor is designed. Our analysis identifies critical hypervisor`s vulnerabilities that can be easily compromised by internal intruder. Consequently, possible conditions for successful attacks implementation are uncovered. Hence, development of preventive security countermeasures can be improved on the basis of the proposed model.

Keywords: insider attack, public cloud, cloud computing, hypervisor

Procedia PDF Downloads 337

Authors: Samuel Onyekachi Chidi

Abstract:

Nigeria today faces more internal threats stemming from ethnic and religious conflicts than external sources. This article seeks to examine the ethno-religious conflicts in Nigeria from 2015 to 2021 and their impact on national security. The research was guided by six objectives. The theoretical framework adopted for this study is Structural Conflict Theory, which provides an adequate explanation, a predictive rationale for the frequent occurrence of ethno-religious conflicts and a tendency to provide the necessary insight for their resolution. The results of the study revealed that there is a strong relationship between ethnicity, religion, conflict and national security and that the ethno-religious conflicts experienced in Nigeria have gross implications for national security. The study recommends that the secularity of the Nigerian state be restored and preserved and that the state of origin be removed and replaced by the state of residence in all our national documents, as this will reduce ethnic identity, which is in opposition to nationalism. Religious leaders, traditional rulers, the media and other stakeholders should support the government in its fight to reduce ethno-religious conflict by sensitizing its youth, preaching unity and peaceful coexistence, and discouraging the use of violence as a means of settling disputes between groups and individuals.

Keywords: ethnicity, religion, conflict, national security

Procedia PDF Downloads 41

Authors: Mehdi Ghaemi

Abstract:

In principle, foreign investment security is enshrined in International Investment Agreements (IIAs) and Bilateral Investment Treaties (BITs) in the form of protection standards such as the Full Protection and Security Standard (FPS). Accordingly, the host countries undertake to provide the necessary security for the economic activities of foreign investment. With the outbreak of coronavirus, the international community called COVID-19 a threat to international peace security, as well as to the public interest and national security of nations; and to deal with, they proposed several solutions, generally including quarantine, creating social distances, and restricting businesses. This article first studies the security of foreign investment in international investment law. In the following, it analyzes the consequences of the COVID-19 pandemic for foreign investment security so that if there is a threat to that security, solutions could be offered to reduce it.

Keywords: foreign investment, FPS standard, host country, public health, COVID-19

Procedia PDF Downloads 73

Authors: David Glew, Felix Thomas, Matthew Brooke-Peat

Abstract:

Improving the thermal performance of homes is seen as an essential step in achieving climate change, fuel security, fuel poverty targets. One of the most effective thermal retrofits is to insulate solid walls. However, it has been observed that applying insulation to the internal face of solid walls reduces the surface temperature of the inner wall leaf, which may introduce condensation risk and may interrupt seasonal moisture accumulation and dissipation. This research quantifies the extent to which the risk of condensation and moisture accumulation in the wall increases (which can increase the risk of timber rot) following the installation of six different types of internal wall insulation. In so doing, it compares how risk is affected by both the thermal resistance, thickness, and breathability of the insulation. Thermal bridging, surface temperatures, condensation risk, and moisture accumulation are evaluated using hygrothermal simulation software before and after the thermal upgrades. The research finds that installing internal wall insulation will always introduce some risk of condensation and moisture. However, it identifies that risks were present prior to insulation and that breathable materials and insulation with lower resistance have lower risks than alternative insulation options. The implications of this may be that building standards that encourage the enhanced thermal performance of solid walls may be introducing moisture risks into homes.

Keywords: condensation risk, hygrothermal simulation, internal wall insulation, thermal bridging

Procedia PDF Downloads 134

Authors: John Ayoade

Abstract:

Cloud computing is a model that enables the delivery of on-demand computing resources such as networks, servers, storage, applications and services over the internet. Cloud Computing is a relatively growing concept that presents a good number of benefits for its users; however, it also raises some security challenges which may slow down its use. In this paper, we identify some of those security issues that can serve as barriers to realizing the full benefits that cloud computing can bring. One of the key security problems is security trust. A security trust model is proposed that can enhance the confidence that users need to fully trust the use of public and mobile cloud computing and maximize the potential benefits that they offer.

Keywords: cloud computing, trust, security, certificate authority, PKI

Procedia PDF Downloads 455

Authors: Amal Jmaii, Damien Rousseliere, Besma Belhadj

Abstract:

We explore the relationship between internal migration and poverty in Tunisia. We present a methodology combining potential outcomes approach with multiple imputation to highlight the effect of internal migration on poverty states. We find that probability of being poor decreases when leaving the poorest regions (the west areas) to the richer regions (greater Tunis and the east regions).

Keywords: internal migration, potential outcomes approach, poverty dynamics, Tunisia

Procedia PDF Downloads 283

Authors: Bilal Zubair

Abstract:

In a constantly challenging internal security environment, Pakistan is making ways to improvise and respond to the new variations in the pervasive phenomenon of terrorism. The state’s endeavors towards securitizing terrorism as an existential threat are both extensive and intensive which have systematically incorporated both military and non-military means. Since 2007, the military has been conducting intermittent operations and by 2014 has successfully neutralized the terrorist ability to target vital security installations and security personal. The terrorists have responded by targeting communities which are soft targets and extremely vulnerable to organized assaults. Within this context, the study aims to explain the emerging trends of terrorism in Pakistan, which multi-layered and complex developments are having far-reaching implications for state and society. With a view to explore the underlining reasons, present trends and ensuing ramifications of the emerging trends in terrorism, this study would examine the following: First, the historical processes and development of Terrorism in Pakistan; secondly the processes of securitization which include political consensus, legal frameworks and military operations against the terrorist groups; thirdly , the socio-cultural dimensions and geopolitical influences on the transforming nature of sectarian terrorism. The study will also highlight the grey areas and weak links in the ongoing securitization process. Finally, the study will thoroughly explore the societal insecurity which is manifested in internal displacements, identity crisis and weakening the socio-political fabric of the state.

Keywords: counter-terrorism, terrorism, sectarianism, securitizing

Procedia PDF Downloads 265

Authors: Vishnu Pratap Singh Kirar

Abstract:

In the cloud computing hierarchy IaaS is the lowest layer, all other layers are built over it. Thus it is the most important layer of cloud and requisite more importance. Along with advantages IaaS faces some serious security related issue. Mainly Security focuses on Integrity, confidentiality and availability. Cloud computing facilitate to share the resources inside as well as outside of the cloud. On the other hand, cloud still not in the state to provide surety to 100% data security. Cloud provider must ensure that end user/client get a Quality of Service. In this report we describe possible aspects of cloud related security.

Keywords: cloud computing, cloud networking, IaaS, PaaS, SaaS, cloud security

Procedia PDF Downloads 500

Authors: Safiyya A. Abba, Shehu U. R. Aliyu

Abstract:

This paper deals with Islamic social security: a discourse explores the meaning and nature of Islamic social security system. The paper reviews the social security framework and operations during the early period. The paper further identifies the instruments of Islamic social security discusses its principles and objectives. The paper discovers that Islamic social security is a personification of a comprehensive welfare approach in view of its varied instruments that are deeply rooted in the Islamic law, unique principles and realistic and achievable objectives. Furthermore, the Islamic social security system has far reaching socioeconomic implications; social justice, cohesion, equity, a catalyst for poverty eradication, income redistribution, economic growth and development.

Keywords: Islamic social security, basic needs, zakat, socioeconomic justice, equity

Procedia PDF Downloads 407

Authors: Amanuel Hadera Gebreyesus

Abstract:

In the literature, the study of tenure and food security has largely involved separate lines of inquiry. In effect, the nexus among these has received little attention; and the underinvestment in research related to the relationship between tenure and food security deters generation of tenure-related knowledge and policy guidance for improving food and nutrition security. Drawing from this motivation, we study the relationship among tenure security, agricultural diversity and food security and dietary diversity. We employ IV approaches to examine the effect of tenure security and agricultural diversity on food security and dietary diversity. We find tenure security is inversely related with food insecurity as shown by its negative association with hunger scale, hunger index and hunger category. On the other hand, results suggest that tenure security improves minimum dietary diversity of women while we find no association with child dietary diversity. Moreover, agricultural diversity is positively related with minimum dietary diversity of women, which may point to higher accessibility and consumption of dietary food groups by women. Also, findings suggest that farmers use their human (knowledge and skills) and resource (land) endowments to improve food security and dietary diversity. An implication from this is the importance of not only improving access to land but also long-term tenure security to promote agricultural diversity, food security and dietary diversity.

Keywords: tenure security, food security, agricultural diversity, dietary diversity, women

Procedia PDF Downloads 164

Authors: Roshan Jelal, Charles Mbohwa

Abstract:

In today’s world, internal fraud remains one of the most challenging problems within companies worldwide and despite investment in controls and attention given to the problem, the instances of internal fraud has not abated. To the contrary it appears that internal fraud is on the rise especially in the wake of the economic downturn. Leadership within companies believes that the more sophisticated the controls employed the less likely it would be for employees to pilfer. This is a very antiquated view as investment in controls may not be enough to curtail internal fraud; however, ensuring that a company drives the correct culture and behaviour within the organisation is likely to yield desired results. This research aims to understand how creating a strong ethical culture and embedding the principle of good corporate governance impacts on levels of internal fraud with an organization (a South African Bank).

Keywords: internal fraud, corporate governance, ethics, reserve bank, the King Code

Procedia PDF Downloads 376

Authors: Majid Azarniush, Soroush Mokallaei

Abstract:

Although robust security software, including anti-viruses, anti spy wares, anti-spam and firewalls, are amalgamated with new technologies such as Safe Zone, Hybrid Cloud, Sand Box etc., and it can be said that they have managed to prepare highest level of security against viruses, spy wares and other malwares in 2012, but in fact hackers' attacks to websites are increasingly becoming more and more complicated. Because of security matters and developments, it can be said that it was expected to happen so. Here in this work, we try to point out to some functional and vital notes to enhance security on the web enabling the user to browse safely in no limit web world and to use virtual space securely.

Keywords: firewalls, security, web services, software

Procedia PDF Downloads 455

Authors: Nahid Tavakoli, Asghar Ehteshami, Akbar Hassanzadeh, Fatemeh Amini

Abstract:

Introduction: The Information security incident management guidelines was been developed to help hospitals to meet their information security event and incident management requirements. The purpose of this Study was to investigate on Information Security Incident Management in Isfahan’s educational hospitals in accordance to ISO/IEC 27002 standards. Methods: This was a cross-sectional study to investigate on Information Security Incident Management of educational hospitals in 2014. Based on ISO/IEC 27002 standards, two checklists were applied to check the compliance with standards on Reporting Information Security Events and Weakness and Management of Information Security Incidents and Improvements. One inspector was trained to carry out the assessments in the hospitals. The data was analyzed by SPSS. Findings: In general the score of compliance Information Security Incident Management requirements in two steps; Reporting Information Security Events and Weakness and Management of Information Security Incidents and Improvements was %60. There was the significant difference in various compliance levels among the hospitals (p-valueKeywords: information security incident management, information security management, standards, hospitals

Procedia PDF Downloads 548

Authors: Kuan-Chou Chen

Abstract:

This paper will demonstrate a simulation model of an information security system by using the systems dynamic approach. The relationships in the system model are designed to be simple and functional and do not necessarily represent any particular information security environments. The purpose of the paper aims to develop a generic system dynamic information security system model with implications on information security research. The interrelated and interdependent relationships of five primary sectors in the system dynamic model will be presented in this paper. The integrated information security systems model will include (1) information security characteristics, (2) users, (3) technology, (4) business functions, and (5) policy and management. Environments, attacks, government and social culture will be defined as the external sector. The interactions within each of these sectors will be depicted by system loop map as well. The proposed system dynamic model will not only provide a conceptual framework for information security analysts and designers but also allow information security managers to remove the incongruity between the management of risk incidents and the management of knowledge and further support information security managers and decision makers the foundation for managerial actions and policy decisions.

Keywords: system thinking, information security systems, security management, simulation

Procedia PDF Downloads 400

Authors: Amir Mohtarami, Hadi Kandjani

Abstract:

The amount of business-critical information in enterprises is growing at an extraordinary rate, and the ability to catalog that information and properly protect it using traditional security mechanisms is not keeping pace. Alongside the Information Technology (IT), information security needs a holistic view in enterprise. In other words, a comprehensive architectural approach is required, focusing on the information itself, understanding what the data are, who owns it, and which business and regulatory policies should be applied to the information. Enterprise Architecture Frameworks provide useful tools to grasp different dimensions of IT in organizations. Usually this is done by the layered views on IT architecture, but not requisite security attention has been held in this frameworks. In this paper, after a brief look at the Enterprise Architecture (EA), we discuss the issue of security in the overall enterprise IT architecture. Due to the increasing importance of security, a rigorous EA program in an enterprise should be able to consider security architecture as an integral part of its processes and gives a visible roadmap and blueprint for this aim.

Keywords: enterprise architecture, architecture framework, security architecture, information systems

Procedia PDF Downloads 669

Authors: Pratyush Vatsala, Sanjay Ahuja

Abstract:

The national security and human rights are related terms as there is nothing like absolute security or absolute human right. If we are committed to security, human right is a problem and also a solution, and if we deliberate on human rights, security is a problem but also part of the solution. Ultimately, we have to maintain a balance between the two co-related terms. As more and more armed forces are being deployed by the government within the nation for maintaining peace and security, using force against its own citizen, the search for a judicious balance between intent and action needs to be emphasized. Notwithstanding that a nation state needs complete political independence; the search for security is a driving force behind unquestioned sovereignty. If security is a human value, it overlaps the value of freedom, order, and solidarity. Now, the question needs to be explored, to what extent human rights can be compromised in the name of security in Kashmir or Mizoram like places. The present study aims to explore the issue of maintaining a balance between the use of power and good governance as human rights, providing security as a human value. This paper has been prepared with an aim of strengthening the understanding of the complex and multifaceted relationship between human rights and security forces operating for conflict management and identifies some of the critical human rights issues raised in the context of security forces operations highlighting the relevant human rights principles and standards in which Security as human value be respected at all times and in particular in the context of security forces operations in India.

Keywords: Kashmir, Mizoram, security, value, human right

Procedia PDF Downloads 250

Authors: Rong Guo, Mengshi Huang, Yujing Bai

Abstract:

With the rapid development of urbanization, the urban population increases and urban sprawl appeared. And these issues led to a sharp deterioration of the ecological environment. So, the urban ecological security evaluation was imminent. The weights identify of index was a key step of the research of ecological security evaluation. The AHP was widely used in the extensive research of weights identify of ecological security index. The characteristics of authority and quantitative can fully reflect the views of relevant experts. On the basis of building the ecological security evaluation index of Harbin, the paper combed and used the basic principle of the AHP, and calculated the weights of Harbin ecological security evaluation index through the process of the expert opinions “summary-feedback-summary”. And lay a foundation of future study of Harbin ecological security index, and guide the quantitative evaluation of Harbin ecological security.

Keywords: AHP, ecological security, evaluation Index, weights identify, harbin

Procedia PDF Downloads 468

Authors: Rhisan Mae Enriquez-Morales

Abstract:

The primary concern of this study is to answer the question: How does the Philippine government formulate its foreign policy with respect to its territorial claims over areas in the West Philippine Sea after the Scarborough standoff in April 2012? Specifically, the study seeks to provide understanding on the political process in the formulation of foreign policy relating to the Philippine claims in the West Philippine Sea after the 2012 Scarborough Standoff, by looking into the relationship of bureaucracies and how it influences the decision-making process. Secondly, this study aims to determine the long and short term foreign policies of the Philippines with respect to its territorial claims over the West Philippine Sea. Lastly, this study seeks to determine the implication of Philippine foreign policy in settling the West Philippine Sea dispute on the country’s national security. The Bureaucratic Politics Model (BPM) in Foreign Policy Analysis (FPA) is the framework utilized in this study, which focuses primarily on the relationship of bureaucracies in the formulation of foreign policy and how these agencies influence the process of foreign policy formulation. The findings of this study reveal that: first, the Philippines foreign policy in the West Philippine Sea continues to develop to address current developments in the WPS. Second, as the government requires demilitarization there is a shift from traditional to non-traditional security approach. This shift caused inconvenience from the defense sector particularly the Navy thinking that they are being deprived of their traditional roles. Lastly, the Philippine government’s greater emphasis on internal security operation implies the need to reassess its security concerns and look into territorial security.

Keywords: bureaucratic politics model, foreign policy analysis, security, West Philippine sea

Procedia PDF Downloads 362

Authors: H. Gorine, M. Ramadan Elmezughi

Abstract:

In this paper, we investigate security issues and challenges facing researchers in wireless sensor networks and countermeasures to resolve them. The broadcast nature of wireless communication makes Wireless Sensor Networks prone to various attacks. Due to resources limitation constraint in terms of limited energy, computation power and memory, security in wireless sensor networks creates different challenges than wired network security. We will discuss several attempts at addressing the issues of security in wireless sensor networks in an attempt to encourage more research into this area.

Keywords: wireless sensor networks, network security, light weight encryption, threats

Procedia PDF Downloads 489

Authors: Andre Slonopas, Zona Kostic, Warren Thompson

Abstract:

Obfuscation is one of the most useful tools to prevent network compromise. Previous research focused on the obfuscation of the network communications between external-facing edge devices. This work proposes the use of two edge devices, external and internal facing, which communicate via private IPv4 addresses in a software-defined pseudo-random IP hopping. This methodology does not require additional IP addresses and/or resources to implement. Statistical analyses demonstrate that the hopping surface must be at least 1e3 IP addresses in size with a broad standard deviation to minimize the possibility of coincidence of monitored and communication IPs. The probability of breaking the hopping algorithm requires a collection of at least 1e6 samples, which for large hopping surfaces will take years to collect. The probability of dropped packets is controlled via memory buffers and the frequency of hops and can be reduced to levels acceptable for video streaming. This methodology provides an impenetrable layer of security ideal for information and supervisory control and data acquisition systems.

Keywords: moving target defense, cybersecurity, network security, hopping randomization, software defined network, network security theory

Procedia PDF Downloads 160

Authors: Wanqing You, Kai Qian, Xi He, Ying Qian

Abstract:

In this paper, the potential security issues brought by the virtualization of a Software Defined Networks (SDN) would be analyzed. The virtualization of SDN is achieved by FlowVisor (FV). With FV, a physical network is divided into multiple isolated logical networks while the underlying resources are still shared by different slices (isolated logical networks). However, along with the benefits brought by network virtualization, it also presents some issues regarding security. By examining security issues existing in an OpenFlow network, which uses FlowVisor to slice it into multiple virtual networks, we hope we can get some significant results and also can get further discussions among the security of SDN virtualization.

Keywords: SDN, network, virtualization, security

Procedia PDF Downloads 393

Authors: Ebtehal Aljedaani, Maha Aljohani

Abstract:

Privacy and security patterns are both important for developing software that protects users' data and privacy. Privacy patterns are designed to address common privacy problems, such as unauthorized data collection and disclosure. Security patterns are designed to protect software from attack and ensure reliability and trustworthiness. Using privacy and security patterns, software engineers can implement security and privacy by design principles, which means that security and privacy are considered throughout the software development process. These patterns are available to translate "security & privacy-by-design" into practical advice for software engineering. Previous research on privacy and security patterns has typically focused on one category of patterns at a time. This paper aims to bridge this gap by merging the two categories and identifying their similarities and differences. To do this, the authors conducted a systematic literature review of 25 research papers on privacy and security patterns. The papers were analysed based on the category of the pattern, the classification of the pattern, and the security requirements that the pattern addresses. This paper presents the results of a comprehensive review of privacy and security design patterns. The review is intended to help future IT designers understand the relationship between the two types of patterns and how to use them to design secure and privacy-preserving software. The paper provides a clear classification of privacy and security design patterns, along with examples of each type. The authors found that there is only one widely accepted classification of privacy design patterns, while there are several competing classifications of security design patterns. Three types of security design patterns were found to be the most commonly used.

Keywords: design patterns, security, privacy, classification of patterns, security patterns, privacy patterns

Procedia PDF Downloads 94

Authors: Baobao Li

Abstract:

Operational risk covers all operations of commercial banks and has a close relationship with the bank’s internal control. But in the commercial banks' management practice, internal control is always separated from the operational risk measurement. With the increasing of operational risk events in recent years, operational risk is paid more and more attention by regulators and banks’ managements. The paper first discussed the relationship between internal control and operational risk management and used CVaR-POT model to measure operational risk, and then put forward a modified measurement method (to use operational risk assessment results to modify the measurement results of the CVaR-POT model). The paper also analyzed the necessity and rationality of this method. The method takes into consideration the influence of internal control, improves the accuracy and effectiveness of operational risk measurement and save the economic capital for commercial banks, avoiding the drawbacks of using some mainstream models one-sidedly.

Keywords: commercial banks, internal control, operational risk, risk measurement

Procedia PDF Downloads 370