Search results for: software security

Authors: Ranbir Singh, Deepinder Kaur

Abstract:

Network security is an important aspect in every field like government offices, Educational Institute and any business organization. Network security consists of the policies adopted to prevent and monitor forbidden access, misuse, modification, or denial of a computer network. Network security is very complicated subject and deal by only well trained and experienced people. However, as more and more people become wired, an increasing number of people need to understand the basics of security in a networked world. The history of the network security included an introduction to the TCP/IP and interworking. Network security starts with authenticating, commonly with a username and a password. In this paper, we study about various types of attacks on network security and how to handle or prevent this attack.

Keywords: network security, attacks, denial, authenticating

Procedia PDF Downloads 368

Authors: Jay Xiong, Li Lin

Abstract:

This paper introduces a new software engineering paradigm based on complexity science, called NSE (Nonlinear Software Engineering paradigm). The purpose of establishing NSE is to help software development organizations double their productivity, half their cost, and increase the quality of their products in several orders of magnitude simultaneously. NSE complies with the essential principles of complexity science. NSE brings revolutionary changes to almost all aspects in software engineering. NSE has been fully implemented with its support platform Panorama++.

Keywords: complexity science, software development, software engineering, software maintenance

Procedia PDF Downloads 235

Authors: Muhammad Irfan Marwat, Sadaqat Jan, Syed Zafar Ali Shah

Abstract:

Software architecture plays a key role in software development but absence of formal description of software architecture causes different impede in software development. To cope with these difficulties, ontology has been used as artifact. This paper proposes ontology for software architectural design based on IEEE model for architecture description and Kruchten 4+1 model for viewpoints classification. For categorization of style and views, ISO/IEC 42010 has been used. Corpus method has been used to evaluate ontology. The main aim of the proposed ontology is to classify and locate software architectural design information.

Keywords: semantic-based software architecture, software architecture, ontology, software engineering

Procedia PDF Downloads 512

Authors: Rebecca Zahra, Joseph G. Vella, Ernest Cachia

Abstract:

The notion of cloud computing is rapidly gaining ground in the IT industry and is appealing mostly due to making computing more adaptable and expedient whilst diminishing the total cost of ownership. This paper focuses on the software as a service (SaaS) architecture of cloud computing which is used for the outsourcing of databases with their associated business processes. One approach for offering SaaS is basing the system’s architecture on multi-tenancy. Multi-tenancy allows multiple tenants (users) to make use of the same single application instance. Their requests and configurations might then differ according to specific requirements met through tenant customisation through the software. Despite the known advantages, companies still feel uneasy to opt for the multi-tenancy with data security being a principle concern. The fact that multiple tenants, possibly competitors, would have their data located on the same server process and share the same database tables heighten the fear of unauthorised access. Security is a vital aspect which needs to be considered by application developers, database administrators, data owners and end users. This is further complicated in cloud-based multi-tenant system where boundaries must be established between tenants and additional access control models must be in place to prevent unauthorised cross-tenant access to data. Moreover, when altering the database state, the transactions need to strictly adhere to the tenant’s known business processes. This paper focuses on the fact that security in cloud databases should not be considered as an isolated issue. Rather it should be included in the initial phases of the database design and monitored continuously throughout the whole development process. This paper aims to identify a number of the most common security risks and threats specifically in the area of multi-tenant cloud systems. Issues and bottlenecks relating to security risks in cloud databases are surveyed. Some techniques which might be utilised to overcome them are then listed and evaluated. After a description and evaluation of the main security threats, this paper produces a list of software requirements to ensure that proper security policies are implemented by a software development team when designing and implementing a multi-tenant based SaaS. This would then assist the cloud service providers to define, implement, and manage security policies as per tenant customisation requirements whilst assuring security for the customers’ data.

Keywords: cloud computing, data management, multi-tenancy, requirements, security

Procedia PDF Downloads 124

Authors: Amirhossein Safi

Abstract:

Internet of things (IOT) is a kind of advanced information technology which has drawn societies’ attention. Sensors and stimulators are usually recognized as smart devices of our environment. Simultaneously, IOT security brings up new issues. Internet connection and possibility of interaction with smart devices cause those devices to involve more in human life. Therefore, safety is a fundamental requirement in designing IOT. IOT has three remarkable features: overall perception, reliable transmission, and intelligent processing. Because of IOT span, security of conveying data is an essential factor for system security. Hybrid encryption technique is a new model that can be used in IOT. This type of encryption generates strong security and low computation. In this paper, we have proposed a hybrid encryption algorithm which has been conducted in order to reduce safety risks and enhancing encryption's speed and less computational complexity. The purpose of this hybrid algorithm is information integrity, confidentiality, non-repudiation in data exchange for IOT. Eventually, the suggested encryption algorithm has been simulated by MATLAB software, and its speed and safety efficiency were evaluated in comparison with conventional encryption algorithm.

Keywords: internet of things, security, hybrid algorithm, privacy

Procedia PDF Downloads 426

Authors: Sundus Ayyaz, Saad Rehman, Usman Qamar

Abstract:

Software Architecture is the basic structure of software that states the development and advancement of a software system. Software architecture is also considered as a significant tool for the construction of high quality software systems. A clean design leads to the control, value and beauty of software resulting in its longer life while a bad design is the cause of architectural erosion where a software evolution completely fails. This paper discusses the occurrence of software architecture erosion and presents a set of methods for the detection, declaration and prevention of architecture erosion. The causes and symptoms of architecture erosion are observed with the examples of prescriptive and descriptive architectures and the practices used to stop this erosion are also discussed by considering different types of software erosion and their affects. Consequently finding and devising the most suitable approach for fighting software architecture erosion and in some way reducing its affect is evaluated and tested on different scenarios.

Keywords: software architecture, architecture erosion, prescriptive architecture, descriptive architecture

Procedia PDF Downloads 464

Authors: Ari S. Prabowo, Nia Febriyanti, Haryono B. Santosa

Abstract:

Security function that is called as Physical Protection Systems (PPS) has functions to detect, delay and response. Physical Protection Systems (PPS) in Detection and Radiation Measurement Laboratory needs to be improved continually by using internal resources. The nuclear security culture provides some potentials to support this research. The study starts by identifying the security function’s weaknesses and its strengths of security culture as a purpose. Secondly, the strengths of security culture are implemented in the laboratory management. Finally, a simulation was done to measure its effectiveness. Some changes were happened in laboratory personnel behaviors and procedures. All became more prudent. The results showed a good influence of nuclear security culture in laboratory security functions.

Keywords: laboratory, physical protection system, security culture, security function

Procedia PDF Downloads 144

Authors: Amir Ali Fatoorchi

Abstract:

Regardless of the advantage of LoT devices, they have limitations like storage, compute, and security problems. In recent years, a lot of Blockchain-based research in IoT published and presented. In this paper, we present the Security issues of LoT. IoT has three levels of security issues: Low-level, Intermediate-level, and High-level. We survey and compare blockchain-based solutions for high-level security issues and show how the underlying technology of bitcoin and Ethereum could solve IoT problems.

Keywords: Blockchain, security, data security, IoT

Procedia PDF Downloads 172

Authors: Prikhil Agrawal, N. Priyanka

Abstract:

With the increase of millions of users on Internet day by day, it is very essential to maintain highly reliable and secured data communication between various corporations. Although there are various traditional security imparting techniques such as antivirus software, password protection, data encryption, biometrics and firewall etc. But still network security has become the main issue in various leading companies. So IDSs have become an essential component in terms of security, as it can detect various network attacks and respond quickly to such occurrences. IDSs are used to detect unauthorized access to a computer system. This paper describes various intrusion detection techniques using GA approach. The intrusion detection problem has become a challenging task due to the conception of miscellaneous computer networks under various vulnerabilities. Thus the damage caused to various organizations by malicious intrusions can be mitigated and even be deterred by using this powerful tool.

Keywords: genetic algorithm (GA), intrusion detection system (IDS), dataset, network security

Procedia PDF Downloads 260

Authors: Arvinder Kaur, Deepti Chopra

Abstract:

Software Entropy Metrics for bug prediction have been validated on various software systems by different researchers. In our previous research, we have validated that Software Entropy Metrics calculated for Mozilla subsystem’s predict the future bugs reasonably well. In this study, the Software Entropy metrics are calculated for a subsystem of Android and it is noticed that these metrics are not suitable for bug prediction. The results are compared with a subsystem of Mozilla and a comparison is made between the two software systems to determine the reasons why Software Entropy metrics are not applicable for Android.

Keywords: android, bug prediction, mining software repositories, software entropy

Procedia PDF Downloads 546

Authors: Jaimin Patel

Abstract:

Cloud computing is one of the most sharp and important movement in various computing technologies. It provides flexibility to users, cost effectiveness, location independence, easy maintenance, enables multitenancy, drastic performance improvements, and increased productivity. On the other hand, there are also major issues like security. Being a common server, security for a cloud is a major issue; it is important to provide security to protect user’s private data, and it is especially important in e-commerce and social networks. In this paper, encryption algorithms such as Advanced Encryption Standard algorithms, their vulnerabilities, risk of attacks, optimal time and complexity management and comparison with other algorithms based on software implementation is proposed. Encryption techniques to improve the performance of AES algorithms and to reduce risk management are given. Secure Hash Algorithms, their vulnerabilities, software implementations, risk of attacks and comparison with other hashing algorithms as well as the advantages and disadvantages between hashing techniques and encryption are given.

Keywords: Cloud computing, encryption algorithm, secure hashing algorithm, brute force attack, birthday attack, plaintext attack, man in middle attack

Procedia PDF Downloads 247

Authors: Jay Xiong, Li Lin

Abstract:

Existing software modeling and visualization approaches using UML are outdated, which are outcomes of reductionism and the superposition principle that the whole of a system is the sum of its parts, so that with them all tasks of software modeling and visualization are performed linearly, partially, and locally. This paper introduces revolutionary solutions for modeling and visualization of complex software systems, which make complex software systems much easy to understand, test, and maintain. The solutions are based on complexity science, offering holistic, automatic, dynamic, virtual, and executable approaches about thousand times more efficient than the traditional ones.

Keywords: complex systems, software maintenance, software modeling, software visualization

Procedia PDF Downloads 368

Authors: Fazal-e-Amin, Abdullah S. Alghamdi, Iftikhar Ahmad

Abstract:

Software ecosystems’ concept is an inspiration from the natural ecosystem. Software ecosystems refer to large systems developed on top of a platform composed of different components developed by different entities of that ecosystem. Ecosystems improve information access, dissemination and coordination considerably. The ability to evolve and accommodate new subsystems gives a boost to the software ecosystems. In this paper, Saudi education software ecosystem is discussed and its need and potential benefits are highlighted. This work will provide a basis for further research in this area and foundation in development of Saudi education ecosystem.

Keywords: software ecosystem, education software, framework, software engineering

Procedia PDF Downloads 491

Authors: R. M. P. C. Bandara, M. L. L. Weerasinghe, K. T. C. R. Kumari, A. G. D. R. Hansika, D. I. De Silva, D. M. T. H. Dias

Abstract:

Software testing is an essential process in software development that aims to identify defects and ensure that software is functioning as intended. Various testing techniques are employed to achieve this goal, but the effectiveness of these techniques varies. This research paper analyzes the effectiveness of different testing techniques in ensuring software quality. The paper explores different testing techniques, including manual and automated testing, and evaluates their effectiveness in terms of identifying defects, reducing the number of defects in software, and ensuring that software meets its functional and non-functional requirements. Moreover, the paper will also investigate the impact of factors such as testing time, test coverage, and testing environment on the effectiveness of these techniques. This research aims to provide valuable insights into the effectiveness of different testing techniques, enabling software development teams to make informed decisions about the testing approach that is best suited to their needs. By improving testing techniques, the number of defects in software can be reduced, enhancing the quality of software and ultimately providing better software for users.

Keywords: software testing life cycle, software testing techniques, software testing strategies, effectiveness, software quality

Procedia PDF Downloads 48

Authors: Mehdi Ghaemi

Abstract:

In principle, foreign investment security is enshrined in International Investment Agreements (IIAs) and Bilateral Investment Treaties (BITs) in the form of protection standards such as the Full Protection and Security Standard (FPS). Accordingly, the host countries undertake to provide the necessary security for the economic activities of foreign investment. With the outbreak of coronavirus, the international community called COVID-19 a threat to international peace security, as well as to the public interest and national security of nations; and to deal with, they proposed several solutions, generally including quarantine, creating social distances, and restricting businesses. This article first studies the security of foreign investment in international investment law. In the following, it analyzes the consequences of the COVID-19 pandemic for foreign investment security so that if there is a threat to that security, solutions could be offered to reduce it.

Keywords: foreign investment, FPS standard, host country, public health, COVID-19

Procedia PDF Downloads 65

Authors: Mustapha Hedabou, Ali Azougaghe, Ahmed Bentajer, Hicham Boukhris, Mourad Eddiwani, Zakaria Igarramen

Abstract:

Software-as-a-service (SaaS) is emerging as a dominant approach to delivering software. It encompasses a range of business, technical opportunities, issue, and challenges. Trustiness in the cloud services regarding the security and the privacy of the delivered data is the most critical issue with the SaaS model. In this paper, we survey the security concerns related to the SaaS model, and we propose the design of a trusted SaaS model that gives users more confidence into SaaS services by leveraging a trust in a neutral source code certifying authority. The proposed design is based on the use of the multisignature mechanism for signing the source code of the application service. In our model, the cloud provider acts as a root of trust by ensuring the integrity of the application service when it was running on its platform. The proposed design prevents insider attacks from tampering with application service before and after it was launched in a cloud provider platform.

Keywords: cloud computing, SaaS Platform, TPM, trustiness, code source certification, multi-signature schemes

Procedia PDF Downloads 242

Authors: John Ayoade

Abstract:

Cloud computing is a model that enables the delivery of on-demand computing resources such as networks, servers, storage, applications and services over the internet. Cloud Computing is a relatively growing concept that presents a good number of benefits for its users; however, it also raises some security challenges which may slow down its use. In this paper, we identify some of those security issues that can serve as barriers to realizing the full benefits that cloud computing can bring. One of the key security problems is security trust. A security trust model is proposed that can enhance the confidence that users need to fully trust the use of public and mobile cloud computing and maximize the potential benefits that they offer.

Keywords: cloud computing, trust, security, certificate authority, PKI

Procedia PDF Downloads 450

Authors: Sylvia Szabo, Thilini Navaratne, Indrajit Pal, Seree Park

Abstract:

Deltaic and coastal regions are often strategically important both from local and regional perspectives. While deltas are known to be bread baskets of the world, delta inhabitants often face the risk of food and nutritional insecurity. These risks are highly exacerbated by the impacts of climate and environmental change. While numerous regional studies examined the prevalence and the determinants of food security in specific delta and coastal regions, there is still a lack of a systematic analysis of the most widely used scientific food security indicators. In order to fill this gap, a systematic review was carried out using Covidence, a Cochrane-adopted systematic review processing software. Papers included in the review were selected from the SCOPUS, Thomson Reuters Web of Science, Science Direct, ProQuest, and Google Scholar databases. Both scientific papers and grey literature (e.g., reports by international organizations) were considered. The results were analyzed by food security components (access, availability, quality, and strategy) and by world regions. Suggestions for further food security, nutrition, and health research, as well as policy-related implications, are also discussed.

Keywords: delta regions, coastal, food security, indicators, systematic review

Procedia PDF Downloads 206

Authors: Abeer Toheed Quadri, Maria Abubakar, Mehreen Sirshar

Abstract:

Component Based Software Development (CBSD) is a new trend in software development. Selection of quality components is not enough to ensure software quality in Component Based Software System (CBSS). A software product is considered to be a quality product if it satisfies its customer’s needs and has minimum defects. Authors’ survey different research papers and analyzes various techniques which ensure software quality in component based software development. This paper includes an investigation about how to improve the quality of a component based software system without effecting quality attributes. The reported information is identified from literature survey. The developments of component based systems are rising as they reduce the development time, effort and cost by means of reuse. After analysis, it has been explored that in order to achieve the quality in a CBSS we need to have the components that are certified through software measure because the predictability of software quality attributes of system depend on the quality attributes of the constituent components, integration process and the framework used.

Keywords: CBSD (component based software development), CBSS (component based software system), quality components, SQA (software quality assurance)

Procedia PDF Downloads 375

Authors: Anil Kumar Tripathi, Ratneshwer Gupta

Abstract:

All the software engineering researches and best industry practices aim at providing software products with high degree of quality and functionality at low cost and less time. These requirements are addressed by the Component Based Software Engineering (CBSE) as well. CBSE, which deals with the software construction by components’ assembly, is a revolutionary extension of Software Engineering. CBSE must define and describe processes to assure timely completion of high quality software systems that are composed of a variety of pre built software components. Though these features provide distinct and visible benefits in software design and programming, they also raise some challenging problems. The aim of this work is to summarize the pertinent issues and considerations in CBSE to make an understanding in forms of concepts and observations that may lead to development of newer ways of dealing with the problems and challenges in CBSE.

Keywords: software component, component based software engineering, software process, testing, maintenance

Procedia PDF Downloads 371

Authors: Malinda Gayan Sirisena

Abstract:

The aim of this research is to evaluate the effectiveness of software quality assurance approaches of Sri Lankan offshore software development organizations, and to propose a framework which could be used across all offshore software development organizations. An empirical study was conducted using derived framework from popular software quality evaluation models. The research instrument employed was a questionnaire survey among thirty seven Sri Lankan registered offshore software development organizations. The findings demonstrate a positive view of Effectiveness of Software Quality Assurance – the stronger predictors of Stability, Installability, Correctness, Testability and Changeability. The present study’s recommendations indicate a need for much emphasis on software quality assurance for the Sri Lankan offshore software development organizations.

Keywords: software quality assurance (SQA), offshore software development, quality assurance evaluation models, effectiveness of quality assurance

Procedia PDF Downloads 385

Authors: Wenqing Fan, Yixuan Cheng, Wei Huang

Abstract:

The diversity and complexity of modern IT systems make it almost impossible for internal teams to find vulnerabilities in all software before the software is officially released. The emergence of threat intelligence and vulnerability reporting policy has greatly reduced the burden on software vendors and organizations to find vulnerabilities. However, to prove the existence of the reported vulnerability, it is necessary but difficult for security incident response team to build a deliberated vulnerable environment from the vulnerability report with limited and incomplete information. This paper presents a structured, standardized, machine-oriented vulnerability intelligence format, that can be used to automate the orchestration of Deliberated Vulnerable Environment (DVE). This paper highlights the important role of software configuration and proof of vulnerable specifications in vulnerability intelligence, and proposes a triad model, which is called DIR (Dependency Configuration, Installation Configuration, Runtime Configuration), to define software configuration. Finally, this paper has also implemented a prototype system to demonstrate that the orchestration of DVE can be automated with the intelligence.

Keywords: DIR triad model, DVE, vulnerability intelligence, vulnerability recurrence

Procedia PDF Downloads 91

Authors: Vishnu Pratap Singh Kirar

Abstract:

In the cloud computing hierarchy IaaS is the lowest layer, all other layers are built over it. Thus it is the most important layer of cloud and requisite more importance. Along with advantages IaaS faces some serious security related issue. Mainly Security focuses on Integrity, confidentiality and availability. Cloud computing facilitate to share the resources inside as well as outside of the cloud. On the other hand, cloud still not in the state to provide surety to 100% data security. Cloud provider must ensure that end user/client get a Quality of Service. In this report we describe possible aspects of cloud related security.

Keywords: cloud computing, cloud networking, IaaS, PaaS, SaaS, cloud security

Procedia PDF Downloads 498

Authors: Safiyya A. Abba, Shehu U. R. Aliyu

Abstract:

This paper deals with Islamic social security: a discourse explores the meaning and nature of Islamic social security system. The paper reviews the social security framework and operations during the early period. The paper further identifies the instruments of Islamic social security discusses its principles and objectives. The paper discovers that Islamic social security is a personification of a comprehensive welfare approach in view of its varied instruments that are deeply rooted in the Islamic law, unique principles and realistic and achievable objectives. Furthermore, the Islamic social security system has far reaching socioeconomic implications; social justice, cohesion, equity, a catalyst for poverty eradication, income redistribution, economic growth and development.

Keywords: Islamic social security, basic needs, zakat, socioeconomic justice, equity

Procedia PDF Downloads 400

Authors: C. U. Om Kumar, S. Kishore, A. Geetha

Abstract:

An Operating system (OS) is software that manages computer hardware and software resources by providing services to computer programs. One of the important user expectations of the operating system is to provide the practice of defending information from unauthorized access, disclosure, modification, inspection, recording or destruction. Operating system is always vulnerable to the attacks of malwares such as computer virus, worm, Trojan horse, backdoors, ransomware, spyware, adware, scareware and more. And so the anti-virus software were created for ensuring security against the prominent computer viruses by applying a dictionary based approach. The anti-virus programs are not always guaranteed to provide security against the new viruses proliferating every day. To clarify this issue and to secure the computer system, our proposed expert system concentrates on authorizing the processes as wanted and unwanted by the administrator for execution. The Expert system maintains a database which consists of hash code of the processes which are to be allowed. These hash codes are generated using MD5 message-digest algorithm which is a widely used cryptographic hash function. The administrator approves the wanted processes that are to be executed in the client in a Local Area Network by implementing Client-Server architecture and only the processes that match with the processes in the database table will be executed by which many malicious processes are restricted from infecting the operating system. The add-on advantage of this proposed Expert system is that it limits CPU usage and minimizes resource utilization. Thus data and information security is ensured by our system along with increased performance of the operating system.

Keywords: virus, worm, Trojan horse, back doors, Ransomware, Spyware, Adware, Scareware, sticky software, process table, MD5, CPU usage and resource utilization

Procedia PDF Downloads 383

Authors: Zeinab Ranjbar

Abstract:

Service-oriented architecture in the world today, it is proposed to exchange information and services of interest to those such as IT managers, business managers, designers and system builders scene. The basic architecture of the software used to provide service to all users.the worries of all people (managers, business managers, designers, and system builders scene) effectiveness of this model, how reliable it is in security transactions.To increase the reliability of multi-layer fuzzy logic Architectures used.

Keywords: SOA, service oriented architecture, fuzzy logic, multi layer, SOA security

Procedia PDF Downloads 343

Authors: Amanuel Hadera Gebreyesus

Abstract:

In the literature, the study of tenure and food security has largely involved separate lines of inquiry. In effect, the nexus among these has received little attention; and the underinvestment in research related to the relationship between tenure and food security deters generation of tenure-related knowledge and policy guidance for improving food and nutrition security. Drawing from this motivation, we study the relationship among tenure security, agricultural diversity and food security and dietary diversity. We employ IV approaches to examine the effect of tenure security and agricultural diversity on food security and dietary diversity. We find tenure security is inversely related with food insecurity as shown by its negative association with hunger scale, hunger index and hunger category. On the other hand, results suggest that tenure security improves minimum dietary diversity of women while we find no association with child dietary diversity. Moreover, agricultural diversity is positively related with minimum dietary diversity of women, which may point to higher accessibility and consumption of dietary food groups by women. Also, findings suggest that farmers use their human (knowledge and skills) and resource (land) endowments to improve food security and dietary diversity. An implication from this is the importance of not only improving access to land but also long-term tenure security to promote agricultural diversity, food security and dietary diversity.

Keywords: tenure security, food security, agricultural diversity, dietary diversity, women

Procedia PDF Downloads 161

Authors: Amir Rashid

Abstract:

Today is the world of innovations where everyone is looking for a change. Organizations are now looking toward virtualization in order to minimize their computing cost. Cloud Computing has also introduced itself by the means of reducing computing cost. It offers different approach to make computing better by improving utilization and reducing infrastructure and administrative costs. Cloud Computing is basically the amalgamation of Utility Computing and SaaS (Software as a Service). Cloud Computing is quite new to organizations as it is still at its deploying stage. Due to this reason, organizations are not confident whether to adopt it or not. This thesis investigates the problem for organization concerning the security and cost issues. Benefits and drawbacks are being highlighted which organizations can have or suffer in order to adopt Cloud Computing. In Conclusion, Cloud Computing is a better option available for small and medium organizations with a comparison to large companies both in terms of data security and cost.

Keywords: cloud computing, security, cost, elasticity, PaaS, IaaS, SaaS

Procedia PDF Downloads 303

Authors: Nahid Tavakoli, Asghar Ehteshami, Akbar Hassanzadeh, Fatemeh Amini

Abstract:

Introduction: The Information security incident management guidelines was been developed to help hospitals to meet their information security event and incident management requirements. The purpose of this Study was to investigate on Information Security Incident Management in Isfahan’s educational hospitals in accordance to ISO/IEC 27002 standards. Methods: This was a cross-sectional study to investigate on Information Security Incident Management of educational hospitals in 2014. Based on ISO/IEC 27002 standards, two checklists were applied to check the compliance with standards on Reporting Information Security Events and Weakness and Management of Information Security Incidents and Improvements. One inspector was trained to carry out the assessments in the hospitals. The data was analyzed by SPSS. Findings: In general the score of compliance Information Security Incident Management requirements in two steps; Reporting Information Security Events and Weakness and Management of Information Security Incidents and Improvements was %60. There was the significant difference in various compliance levels among the hospitals (p-valueKeywords: information security incident management, information security management, standards, hospitals

Procedia PDF Downloads 544

Authors: Kuan-Chou Chen

Abstract:

This paper will demonstrate a simulation model of an information security system by using the systems dynamic approach. The relationships in the system model are designed to be simple and functional and do not necessarily represent any particular information security environments. The purpose of the paper aims to develop a generic system dynamic information security system model with implications on information security research. The interrelated and interdependent relationships of five primary sectors in the system dynamic model will be presented in this paper. The integrated information security systems model will include (1) information security characteristics, (2) users, (3) technology, (4) business functions, and (5) policy and management. Environments, attacks, government and social culture will be defined as the external sector. The interactions within each of these sectors will be depicted by system loop map as well. The proposed system dynamic model will not only provide a conceptual framework for information security analysts and designers but also allow information security managers to remove the incongruity between the management of risk incidents and the management of knowledge and further support information security managers and decision makers the foundation for managerial actions and policy decisions.

Keywords: system thinking, information security systems, security management, simulation

Procedia PDF Downloads 390