Search results for: system security

Authors: Pubudu K. Hitigala Kaluarachchilage, Champike Attanayake, Sasith Rajasooriya, Chris P. Tsokos

Abstract:

Operating system (OS) security is a key component of computer security. Assessing and improving OSs strength to resist against vulnerabilities and attacks is a mandatory requirement given the rate of new vulnerabilities discovered and attacks occurring. Frequency and the number of different kinds of vulnerabilities found in an OS can be considered an index of its information security level. In the present study five mostly used OSs, Microsoft Windows (windows 7, windows 8 and windows 10), Apple’s Mac and Linux are assessed for their discovered vulnerabilities and the risk associated with each. Each discovered and reported vulnerability has an exploitability score assigned in CVSS score of the national vulnerability database. In this study the risk from vulnerabilities in each of the five Operating Systems is compared. Risk Indexes used are developed based on the Markov model to evaluate the risk of each vulnerability. Statistical methodology and underlying mathematical approach is described. Initially, parametric procedures are conducted and measured. There were, however, violations of some statistical assumptions observed. Therefore the need for non-parametric approaches was recognized. 6838 vulnerabilities recorded were considered in the analysis. According to the risk associated with all the vulnerabilities considered, it was found that there is a statistically significant difference among average risk levels for some operating systems, indicating that according to our method some operating systems have been more risk vulnerable than others given the assumptions and limitations. Relevant test results revealing a statistically significant difference in the Risk levels of different OSs are presented.

Keywords: cybersecurity, Markov chain, non-parametric analysis, vulnerability, operating system

Procedia PDF Downloads 158

Authors: Ritsuko Kawasaki, Takeshi Hiromatsu

Abstract:

Management is required to understand all information security risks within an organization, and to make decisions on which information security risks should be treated in what level by allocating how much amount of cost. However, such decision-making is not usually easy, because various measures for risk treatment must be selected with the suitable application levels. In addition, some measures may have objectives conflicting with each other. It also makes the selection difficult. Therefore, this paper provides a model which supports the selection of measures by applying multi-objective analysis to find an optimal solution. Additionally, a list of measures is also provided to make the selection easier and more effective without any leakage of measures.

Keywords: information security risk treatment, selection of risk measures, risk acceptance, multi-objective optimization

Procedia PDF Downloads 350

Authors: Olumide A. Fafore, Khondlo Mtshali

Abstract:

The beginning of the 21st century saw the emergence of new and global threats to national and transnational security in West Africa and the Asia Pacific regions as a result of the spread of jihadist terrorism across borders, a manifestation of the rise of radical Islam. Extremist and armed Islamic movements influenced by Salafism, the Jihad in Afghanistan and the Muslim Brotherhood are prevalent in Northern Nigeria, Niger, Cameroon, Mali, Chad, Pakistan, Afghanistan, and India. Carrying out attacks across borders, including assassinations, murders, armed robberies, and kidnapping, assisted by open and porous borders and large flow of illegal immigrants across borders. This paper examines the effect of Radical Islam on Transnational security through a review of past literature and the social and security consequences on the people of the regions. Our findings indicate that the activities of armed Islamic movements such as Boko Haram, Ansaru and Al-Qaeda are having a negative impact on the economy, development, and security of the states and people of West Africa and the Asia Pacific. It stresses the importance of regional, transnational and international cooperation, as these threats to national and transnational security can no longer be solved in a national or regional framework.

Keywords: Islamic movements, jihadist terrorism, radical Islam, transnational security

Procedia PDF Downloads 137

Authors: Mayank Mundhra, Chester Rebeiro

Abstract:

Cryptocurrencies are rapidly finding wide application in areas such as Real Time Gross Settlements and Payments Systems. Ripple is a cryptocurrency that has gained prominence with banks and payment providers. It solves the Byzantine General’s Problem with its Ripple Protocol Consensus Algorithm (RPCA), where each server maintains a list of servers, called Unique Node List (UNL) that represents the network for the server, and will not collectively defraud it. The server believes that the network has come to a consensus when members of the UNL come to a consensus on a transaction. In this paper we improve Ripple to achieve better speed, security, last mile connectivity and ease of use. We implement guidelines and automated systems for building and maintaining UNLs for resilience, robustness, improved security, and efficient information propagation. We enhance the system so as to ensure that each server receives information from across the whole network rather than just from the UNL members. We also introduce the paradigm of UNL overlap as a function of information propagation and the trust a server assigns to its own UNL. Our design not only reduces vulnerabilities such as eclipse attacks, but also makes it easier to identify malicious behaviour and entities attempting to fraudulently Double Spend or stall the system. We provide experimental evidence of the benefits of our approach over the current Ripple scheme. We observe ≥ 4.97x and 98.22x in speedup and success rate for information propagation respectively, and ≥ 3.16x and 51.70x in speedup and success rate in consensus.

Keywords: Ripple, Kelips, unique node list, consensus, information propagation

Procedia PDF Downloads 108

Authors: Ahlem Abid, Farah Jemili

Abstract:

Intrusion detection has been the subject of numerous studies in industry and academia, but cyber security analysts always want greater precision and global threat analysis to secure their systems in cyberspace. To improve intrusion detection system, the visualisation of the security events in form of graphs and diagrams is important to improve the accuracy of alerts. In this paper, we propose an approach of an IDS based on cloud computing, big data technique and using a machine learning graph algorithm which can detect in real time different attacks as early as possible. We use the MAWILab intrusion detection dataset . We choose Microsoft Azure as a unified cloud environment to load our dataset on. We implement the k2 algorithm which is a graphical machine learning algorithm to classify attacks. Our system showed a good performance due to the graphical machine learning algorithm and spark structured streaming engine.

Keywords: Apache Spark Streaming, Graph, Intrusion detection, k2 algorithm, Machine Learning, MAWILab, Microsoft Azure Cloud

Procedia PDF Downloads 117

Authors: S. A. Salau, I. F. Ayanda, I. Afe, M. O. Adesina, N. B. Nofiu

Abstract:

Food insecurity is still a critical challenge among rural and urban households in Nigeria. The country’s food insecurity situation became more pronounced due to frequent conflict between pastoralist and crop farmers. Thus, this study assesses pastoralist-crop farmers’ conflict and food security of farming households in Kwara state, Nigeria. The specific objectives are to measure the food security status of the respondents, quantify pastoralist- crop farmers’ conflict, determine the effect of pastoralist- crop farmers conflict on food security and describe the effective coping strategies adopted by the respondents to reduce the effect of food insecurity. A combination of purposive and simple random sampling techniques will be used to select 250 farming households for the study. The analytical tools include descriptive statistics, Likert-scale, logistic regression, and food security index. Using the food security index approach, the percentage of households that were food secure and insecure will be known. Pastoralist- crop farmers’ conflict will be measured empirically by quantifying loses due to the conflict. The logistic regression will indicate if pastoralist- crop farmers’ conflict is a critical determinant of food security among farming households in the study area. The coping strategies employed by the respondents in cushioning the effects of food insecurity will also be revealed. Empirical studies on the effect of pastoralist- crop farmers’ conflict on food security are rare in the literature. This study will quantify conflict and reveal the direction as well as the extent of the relationship between conflict and food security. It could contribute to the identification and formulation of strategies for the minimization of conflict among pastoralist and crop farmers in an attempt to reduce food insecurity. Moreover, this study could serve as valuable reference material for future researches and open up new areas for further researches.

Keywords: agriculture, conflict, coping strategies, food security, logistic regression

Procedia PDF Downloads 148

Authors: Sri Lakshmi Kanniah, Mohd Naz’ri Mahrin

Abstract:

More and more businesses and services are depending on software to run their daily operations and business services. At the same time, cyber-attacks are becoming more covert and sophisticated, posing threats to software. Vulnerabilities exist in the software due to the lack of security practices during the phases of software development. Implementation of secure software development practices can improve the resistance to attacks. Many methods, models and standards for secure software development have been developed. However, despite the efforts, they still come up against difficulties in their deployment and the processes are not institutionalized. There is a set of factors that influence the successful deployment of secure software development processes. In this study, the methodology and results from a systematic literature review of factors influencing the implementation of secure software development practices is described. A total of 44 primary studies were analysed as a result of the systematic review. As a result of the study, a list of twenty factors has been identified. Some of factors that affect implementation of secure software development practices are: Involvement of the security expert, integration between security and development team, developer’s skill and expertise, development time and communication between stakeholders. The factors were further classified into four categories which are institutional context, people and action, project content and system development process. The results obtained show that it is important to take into account organizational, technical and people issues in order to implement secure software development initiatives.

Keywords: secure software development, software development, software security, systematic literature review

Procedia PDF Downloads 342

Authors: Cleopatra Gittens

Abstract:

It has been recognized that some social security and national insurance systems in the Eastern Caribbean are experiencing ageing populations and economic and other crises that will present a financial challenge of being unable to pay pension benefits in fifteen to twenty years. This has implications for the fiscal and economic positions of the countries themselves. Hence, organizations would need to address the issue urgently. The study adds to the body of knowledge on social security systems and social security reforms in small island developing states (SIDS). It also makes recommendations for the types of reforms that social security systems in other SIDS can implement given their special circumstances. Secondary research is used to gather financial and other related information on three social security schemes in the Eastern Caribbean. Actuarial and financial reports and other documents of the social security systems are analysed to obtain financial and static data on each of the schemes. The findings show that the three schemes studied are experiencing steady increases in benefit expenditure versus contributions and increasing pensioner to insured ratios. The schemes will deplete their reserves between 2038 and 2050. Two of the schemes have increased their retirement age while the other has not embarked on any reforms. One scheme has made changes to its contribution percentages. Due to their small size, small populations and other unique circumstances, the social security schemes in the identified territories are not likely to be able to take advantage of all of the reform initiatives that the developed world embarked on when faced with similar problems. These schemes will need to make incremental changes that align with the timeframes recommended by the actuarial studies.

Keywords: benefits, pension, small island developing states, social security reform

Procedia PDF Downloads 65

Authors: Haydar Teymourlouei

Abstract:

It is important to take security measures to protect your computer information, reduce identify theft, and prevent from malicious cyber-attacks. With cyber-attacks on the continuous rise, people need to understand and learn ways to prevent from these attacks. Cyber-attack is an important factor to be considered if one is to be able to protect oneself from malicious attacks. Without proper security measures, most computer technology would hinder home users more than such technologies would help. Knowledge of how cyber-attacks operate and protective steps that can be taken to reduce chances of its occurrence are key to increasing these security measures. The purpose of this paper is to inform home users on the importance of identifying and taking preventive steps to avoid cyberattacks. Throughout this paper, many aspects of cyber-attacks will be discuss: what a cyber-attack is, the affects of cyber-attack for home users, different types of cyber-attacks, methodology to prevent such attacks; home users can take to fortify security of their computer.

Keywords: cyber-attacks, home user, prevention, security, technology

Procedia PDF Downloads 367

Authors: Amal Hussain Alkhaiwani, Ghadah Abdullah Almalki

Abstract:

Recently human errors have increasingly become a very high factor in security breaches that may affect confidential data, and most of the cyber data breaches are caused by human errors. With one individual mistake, the attacker will gain access to the entire network and bypass the implemented access controls without any immediate detection. Unaware employees will be vulnerable to any social engineering cyber-attacks. Providing security awareness to People is part of the company protection process; the cyber risks cannot be reduced by just implementing technology; the human awareness of security will significantly reduce the risks, which encourage changes in staff cyber-awareness. In this paper, we will focus on Human Awareness, human needs to continue the required security education level; we will review human errors and introduce a proposed solution to avoid the breach from occurring again. Recently Saudi Arabia faced many attacks with different methods of social engineering. As Saudi Arabia has become a target to many countries and individuals, we needed to initiate a defense mechanism that begins with awareness to keep our privacy and protect the confidential data against possible intended attacks.

Keywords: cybersecurity, human aspects, human errors, human mistakes, security awareness, Saudi Arabia, security program, security education, social engineering

Procedia PDF Downloads 127

Authors: Jiri F. Urbanek, Jiri Barta, Oldrich Svoboda, Jiri J. Urbanek

Abstract:

The organizations of European and Czech critical infrastructure have specific position, mission, characteristics and behaviour in European Union and Czech state/ business environments, regarding specific requirements for regional and global security environments. They must respect policy of national security and global rules, requirements and standards in all their inherent and outer processes of supply-customer chains and networks. A controlling is generalized capability to have control over situational policy. This paper aims and purposes are to introduce the controlling as quite new necessary process attribute providing for critical infrastructure is environment the capability and profit to achieve its commitment regarding to the effectiveness of the quality management system in meeting customer/ user requirements and also the continual improvement of critical infrastructure organization’s processes overall performance and efficiency, as well as its societal security via continual planning improvement via DYVELOP modelling.

Keywords: added value, DYVELOP, controlling, environments, process approach

Procedia PDF Downloads 387

Authors: Luisa Cabezas, Karol Leal, Harold Mendoza, Fabio Trochez, Angel Lozada

Abstract:

According to the 2030 Agenda for Sustainable Development Goals (SDG) in which equal importance is given to economic, social, and environmental dimensions where the equality and dignity of each human person is placed at the center of discussion, changing the development concept for one with more responsibility with the environment. It can be found that the energy and food systems are deeply entangled, and they are transversal to the 17 proposed SDG. In this order of ideas, a research project is carried out at Unidad Central del Valle del Cauca (UCEVA) with these two systems in mind, on one hand the energy transition and, on the other hand the transformation of agri-food systems. This project it could be achieved by automation and control irrigation system of medicinal, aromatic, and condimentary plants (MACP) area within the UCEVA Agroecological Farm and located in rural area of Tulua municipality (Valle del Cauca Department, Colombia). This system have allowed to stablish a remote monitoring of MACP area, including MACP moisture measurement, and execute the required system actions. In addition, the electrical system of irrigation control system is powered by a scalable photovoltaic solar energy system based on its specifications. Thus, the developed system automates and control de irrigation system, which is energetically self-sustainable and allows to satisfy the MACP area requirements. Is important to highlight that at MACP area, several medicinal, aromatic, and condimentary plants species are preserved to become primary sources for the pharmaceutical industry and, in many occasions, the only medicines for many communities. Therefore, preserve medicinal plants area would generates medicinal security and preserve cultural heritage as these plants are part of ancestral knowledge that penetrate academic and research communities at UCEVA campus to other society sectors.

Keywords: ancestral knowledge, climate change, medicinal plants, solar energy

Procedia PDF Downloads 198

Authors: Mduduzi Nhlozi

Abstract:

Food insecurity continues to persist in rural areas of South Africa today. A number of factors can be attributed to this including declining rural economies, rising unemployment, natural disasters such as drought as well as shifting cultural norms, values, traditions and beliefs. This paper explores mechanisms used by rural households to achieve food security in the midst of various threats and risks to their livelihoods. The study used semi-structured questionnaire to collect information on lived experiences of households in their quest to access and ensure availability of food. The paper finds that households use a number of food strategies namely economy-related, culture-related and rite-of-passage related strategies to achieve food security. The thrust of argument in the paper is that there is a need for food security studies to move beyond the orthodox, economic analytic framework, towards new institutional economics, focusing on local governance and socio-cultural systems supporting households to achieve food security. It advocates for localised food security plans to be developed by local municipalities to improve food security status for rural households.

Keywords: household, food insecurity, food strategies, new institutional economics, umkhanyakude

Procedia PDF Downloads 90

Authors: Francesco Lubrano, Fabrizio Bertone, Federico Stirano

Abstract:

Modern societies strongly depend on Critical Infrastructures (CI). Hospitals, power supplies, water supplies, telecommunications are just few examples of CIs that provide vital functions to societies. CIs like hospitals are very complex environments, characterized by a huge number of cyber and physical systems that are becoming increasingly integrated. Ensuring a high level of security within such critical infrastructure requires a deep knowledge of vulnerabilities, threats, and potential attacks that may occur, as well as defence and prevention or mitigation strategies. The possibility to remotely monitor and control almost everything is pushing the adoption of network-connected devices. This implicitly introduces new threats and potential vulnerabilities, posing a risk, especially to those devices connected to the Internet. Modern medical devices used in hospitals are not an exception and are more and more being connected to enhance their functionalities and easing the management. Moreover, hospitals are environments with high flows of people, that are difficult to monitor and can somehow easily have access to the same places used by the staff, potentially creating damages. It is therefore clear that physical and cyber threats should be considered, analysed, and treated together as cyber-physical threats. This means that an integrated approach is required. SAFECARE, an integrated cyber-physical security solution, tries to respond to the presented issues within healthcare infrastructures. The challenge is to bring together the most advanced technologies from the physical and cyber security spheres, to achieve a global optimum for systemic security and for the management of combined cyber and physical threats and incidents and their interconnections. Moreover, potential impacts and cascading effects are evaluated through impact propagation models that rely on modular ontologies and a rule-based engine. Indeed, SAFECARE architecture foresees i) a macroblock related to cyber security field, where innovative tools are deployed to monitor network traffic, systems and medical devices; ii) a physical security macroblock, where video management systems are coupled with access control management, building management systems and innovative AI algorithms to detect behavior anomalies; iii) an integration system that collects all the incoming incidents, simulating their potential cascading effects, providing alerts and updated information regarding assets availability.

Keywords: cyber security, defence strategies, impact propagation, integrated security, physical security

Procedia PDF Downloads 141

Authors: Jessy Abouarab

Abstract:

For more than half a century, international norms related to refugee security and protection have proliferated, yet their role in alleviating war’s negative impacts on human life remains limited. The impact of refugee-security processes often manifests asymmetrically within populations. Many issues and people get silenced due to narrow security policies that focus either on abstract threat containment and refugee control or refugee protection and humanitarian aid. (In)security practices are gendered and experienced. Examining the case study of Syrian refugees in Lebanon, this study explores the gendered impact of refugee security mechanisms on local realities. A transnational feminist approach will be used to position this research in relation to existing studies in the field of security and the refugee-protection regime, highlighting the social, cultural, legal, and political barriers to gender equality in the areas of violence, rights, and social inclusion. Through Photovoice methodology, the Syrian refugees’ (in)securities in Lebanon were given visibility by enabling local volunteers to record and reflect their realities through pictures, at the same time voice the participants’ anxieties and recommendations to reach normative policy change. This Participatory Action Research approach helped participants observe the structural barriers and lack of culturally inclusive refugee services that hinder security, increase discrimination, stigma, and poverty. The findings have implications for a shift of the refugee protection mechanisms to a community-based approach in ways that extend beyond narrow security policies that hinder women empowerment and raise vulnerabilities such as gendered exploitation, abuse, and neglect.

Keywords: gender, (in)security, Lebanon, refugee, Syrian refugees, women

Procedia PDF Downloads 116

Authors: Sylvia Szabo, Thilini Navaratne, Indrajit Pal, Seree Park

Abstract:

Deltaic and coastal regions are often strategically important both from local and regional perspectives. While deltas are known to be bread baskets of the world, delta inhabitants often face the risk of food and nutritional insecurity. These risks are highly exacerbated by the impacts of climate and environmental change. While numerous regional studies examined the prevalence and the determinants of food security in specific delta and coastal regions, there is still a lack of a systematic analysis of the most widely used scientific food security indicators. In order to fill this gap, a systematic review was carried out using Covidence, a Cochrane-adopted systematic review processing software. Papers included in the review were selected from the SCOPUS, Thomson Reuters Web of Science, Science Direct, ProQuest, and Google Scholar databases. Both scientific papers and grey literature (e.g., reports by international organizations) were considered. The results were analyzed by food security components (access, availability, quality, and strategy) and by world regions. Suggestions for further food security, nutrition, and health research, as well as policy-related implications, are also discussed.

Keywords: delta regions, coastal, food security, indicators, systematic review

Procedia PDF Downloads 213

Authors: Victor Onomza Waziri, John K. Alhassan, Idris Ismaila, Noel Dogonyara

Abstract:

This paper describes the problem of building secure computational services for encrypted information in the Cloud. Computing without decrypting the encrypted data; therefore, it meets the yearning of computational encryption algorithmic aspiration model that could enhance the security of big data for privacy or confidentiality, availability and integrity of the data and user’s security. The cryptographic model applied for the computational process of the encrypted data is the Fully Homomorphic Encryption Scheme. We contribute a theoretical presentations in a high-level computational processes that are based on number theory that is derivable from abstract algebra which can easily be integrated and leveraged in the Cloud computing interface with detail theoretic mathematical concepts to the fully homomorphic encryption models. This contribution enhances the full implementation of big data analytics based on cryptographic security algorithm.

Keywords: big data analytics, security, privacy, bootstrapping, Fully Homomorphic Encryption Scheme

Procedia PDF Downloads 444

Authors: Majed Sanan, Mohammad Rammal, Wassim Rammal

Abstract:

Today, security is a major concern. Intrusion Detection, Prevention Systems and Honeypot can be used to moderate attacks. Many researchers have proposed to use many IDSs ((Intrusion Detection System) time to time. Some of these IDS’s combine their features of two or more IDSs which are called Hybrid Intrusion Detection Systems. Most of the researchers combine the features of Signature based detection methodology and Anomaly based detection methodology. For a signature based IDS, if an attacker attacks slowly and in organized way, the attack may go undetected through the IDS, as signatures include factors based on duration of the events but the actions of attacker do not match. Sometimes, for an unknown attack there is no signature updated or an attacker attack in the mean time when the database is updating. Thus, signature-based IDS fail to detect unknown attacks. Anomaly based IDS suffer from many false-positive readings. So there is a need to hybridize those IDS which can overcome the shortcomings of each other. In this paper we propose a new approach to IDS (Intrusion Detection System) which is more efficient than the traditional IDS (Intrusion Detection System). The IDS is based on Honeypot Technology and Anomaly based Detection Methodology. We have designed Architecture for the IDS in a packet tracer and then implemented it in real time. We have discussed experimental results performed: both the Honeypot and Anomaly based IDS have some shortcomings but if we hybridized these two technologies, the newly proposed Hybrid Intrusion Detection System (HIDS) is capable enough to overcome these shortcomings with much enhanced performance. In this paper, we present a modified Hybrid Intrusion Detection System (HIDS) that combines the positive features of two different detection methodologies - Honeypot methodology and anomaly based intrusion detection methodology. In the experiment, we ran both the Intrusion Detection System individually first and then together and recorded the data from time to time. From the data we can conclude that the resulting IDS are much better in detecting intrusions from the existing IDSs.

Keywords: security, intrusion detection, intrusion prevention, honeypot, anomaly-based detection, signature-based detection, cloud computing, kfsensor

Procedia PDF Downloads 344

Authors: Eman W. Boghdady, A. R. Shehata, M. A. Azem

Abstract:

Database (DB) security demands permitting authorized users and prohibiting non-authorized users and intruders actions on the DB and the objects inside it. Organizations that are running successfully demand the confidentiality of their DBs. They do not allow the unauthorized access to their data/information. They also demand the assurance that their data is protected against any malicious or accidental modification. DB protection and confidentiality are the security concerns. There are four types of controls to obtain the DB protection, those include: access control, information flow control, inference control, and cryptographic. The cryptographic control is considered as the backbone for DB security, it secures the DB by encryption during storage and communications. Current cryptographic techniques are classified into two types: traditional classical cryptography using standard algorithms (DES, AES, IDEA, etc.) and chaos cryptography using continuous (Chau, Rossler, Lorenz, etc.) or discreet (Logistics, Henon, etc.) algorithms. The important characteristics of chaos are its extreme sensitivity to initial conditions of the system. In this paper, DB-security systems based on chaotic algorithms are described. The Pseudo Random Numbers Generators (PRNGs) from the different chaotic algorithms are implemented using Matlab and their statistical properties are evaluated using NIST and other statistical test-suits. Then, these algorithms are used to secure conventional DB (plaintext), where the statistical properties of the ciphertext are also tested. To increase the complexity of the PRNGs and to let pass all the NIST statistical tests, we propose two hybrid PRNGs: one based on two chaotic Logistic maps and another based on two chaotic Henon maps, where each chaotic algorithm is running side-by-side and starting from random independent initial conditions and parameters (encryption keys). The resulted hybrid PRNGs passed the NIST statistical test suit.

Keywords: algorithms and data structure, DB security, encryption, chaotic algorithms, Matlab, NIST

Procedia PDF Downloads 243

Authors: Saleh Alumaran, Giampaolo Bella, Feng Chen

Abstract:

The study of organisations’ information security cultures has attracted scholars as well as healthcare services industry to research the topic and find appropriate tools and approaches to develop a positive culture. The vast majority of studies in Saudi national health services are on the use of technology to protect and secure health services information. On the other hand, there is a lack of research on the role and impact of an organisation’s cultural dimensions on information security. This research investigated and analysed the role and impact of cultural dimensions on information security in Saudi Arabia health service. Hypotheses were tested and two surveys were carried out in order to collect data and information from three major hospitals in Saudi Arabia (SA). The first survey identified the main cultural-dimension problems in SA health services and developed an initial information security culture framework model. The second survey evaluated and tested the developed framework model to test its usefulness, reliability and applicability. The model is based on human behaviour theory, where the individual’s attitude is the key element of the individual’s intention to behave as well as of his or her actual behaviour. The research identified six cultural dimensions: Saudi national culture, Saudi health service leadership, employees’ trust, technology, multicultural interactions and employees’ job roles. The research also identified a set of cultural sub-dimensions. These include working values and norms, tribe values and norms, attitudes towards women, power sharing, vision, social interaction, respect and understanding, hospital intra-net, hospital employees’ language(s) used, multi-national culture, communication system, employees’ job satisfaction and job security. The research identified that (a) the human behaviour towards medical information in SA is one of the main threats to information security and one of the main challenges to SA health authority, (b) The current situation of SA hospitals’ IS cultures is falling short in protecting medical information due to the current value and norms towards information security, (c) Saudi national culture and employees’ job role are the main dimensions playing major roles in the employees’ attitude, and technology is the least important dimension playing a role in the employees’ attitudes.

Keywords: cultural dimension, electronic health record, information security, privacy

Procedia PDF Downloads 331

Authors: Alese Boniface K., Adu Michael K., Owa Victor K.

Abstract:

Security can be defined as the degree of resistance to, or protection from harm. It applies to any vulnerable and valuable assets, such as persons, dwellings, communities, nations or organizations. Cybercrime is any crime committed or facilitated via the Internet. It is any criminal activity involving computers and networks. It can range from fraud to unsolicited emails (spam). It includes the distant theft of government or corporate secrets through criminal trespass into remote systems around the globe. Nigeria like any other nations of the world is currently having their own share of the menace that has been used even as tools by terrorists. This paper is an attempt at presenting cyber security as an issue that requires a coordinated national response. It also acknowledges and advocates the key roles to be played by stakeholders and the importance of forging strong partnerships to prevent and tackle cybercrime in Nigeria.

Keywords: security, cybercrime, internet, government, stakeholders, partnerships

Procedia PDF Downloads 505

Authors: Adam Gorine, Faten Spondon

Abstract:

Python is considered the most popular programming language and offers its own ecosystem for archiving and maintaining open-source software packages. This system is called the python package index (PyPI), the repository of this programming language. Unfortunately, one-third of these software packages have vulnerabilities that allow attackers to execute code automatically when a vulnerable or malicious package is installed. This paper contributes to large-scale empirical studies investigating security issues in the python ecosystem by evaluating package vulnerabilities. These provide a series of implications that can help the security of software ecosystems by improving the process of discovering, fixing, and managing package vulnerabilities. The vulnerable dataset is generated using the NVD, the national vulnerability database, and the Snyk vulnerability dataset. In addition, we evaluated 807 vulnerability reports in the NVD and 3900 publicly known security vulnerabilities in Python Package Manager (pip) from the Snyk database from 2002 to 2022. As a result, many Python vulnerabilities appear in high severity, followed by medium severity. The most problematic areas have been improper input validation and denial of service attacks. A hybrid scanning tool that combines the three scanners bandit, snyk and dlint, which provide a clear report of the code vulnerability, is also described.

Keywords: Python vulnerabilities, bandit, Snyk, Dlint, Python package index, ecosystem, static analysis, malicious attacks

Procedia PDF Downloads 100

Authors: Monirah Alkathiry, Hanan Aljarwan

Abstract:

Cloud computing is one of the most significant technologies that the world deals with, in different sectors with different purposes and capabilities. The cloud faces various challenges in securing data from unauthorized access or modification. Consequently, security risks and levels have greatly increased. Therefore, cloud service providers (CSPs) and users need secure mechanisms that ensure that data are kept secret and safe from any disclosures or exploits. For this reason, CSPs need a number of techniques and technologies to manage and secure access to the cloud services to achieve security goals, such as confidentiality, integrity, identity access management (IAM), etc. Therefore, this paper will review and explore various access controls implemented in a cloud environment that achieve different security purposes. The methodology followed in this survey was conducting an assessment, evaluation, and comparison between those access controls mechanisms and technologies based on different factors, such as the security goals it achieves, usability, and cost-effectiveness. This assessment resulted in the fact that the technology used in an access control affects the security goals it achieves as well as there is no one access control method that achieves all security goals. Consequently, such a comparison would help decision-makers to choose properly the access controls that meet their requirements.

Keywords: access controls, cloud computing, confidentiality, identity and access management

Procedia PDF Downloads 106

Authors: Logan Carmichael

Abstract:

As the world’s governments seek to increasingly digitize their service provisions, there exists a subsequent and fully valid concern about the security underpinning these digital governance provisions. Estonia, a small and innovative Baltic nation, has been refining both its digital governance structure and cybersecurity mechanisms for over three decades and has been praised as global ‘best practice’ in both fields. However, the security of the Estonian digital governance system has been ever-evolving and significantly shaped by cybersecurity crises. This paper examines said crises – 2007 cyberattacks on Estonian government, banks, and news media; the 2017 e-ID crisis; the ongoing COVID-19 pandemic; and the 2022 Russian invasion of Ukraine – and how governance decision-making following these crises has shaped the cybersecurity of the digital governance structure in Estonia. This paper employs a blended constructivist and historical institutionalist theoretical approach as a useful means to view governance and decision-making in the wake of cybersecurity incidents affecting the Estonian digital governance structure. Together, these theoretical groundings frame the topics of cybersecurity and digital governance in an Estonian context through a lens of ideation and experience, as well as institutional path dependencies over time and cybersecurity crises as critical junctures to study. Furthermore, this paper takes a qualitative approach, employing discourse analysis, policy analysis, and elite interviewing of Estonian officials involved in digital governance and cybersecurity in order to glean nuanced perspectives into the processes that followed these four crises. Ultimately, the results of this paper will offer insight into how governments undertake policy-driven change following cybersecurity crises to ensure sufficient security of their digitized service provisions. This paper’s findings are informative not only in continued decision-making in the Estonian system but also in other states currently implementing a digital governance structure, for which security mechanisms are of the utmost importance.

Keywords: cybersecurity, digital governance, Estonia, crisis management, governance in crisis

Procedia PDF Downloads 87

Authors: Hideo Suzuki, Yuya Kiyonobu, Kotaro Matsushita, Masaki Hanada, Rie Suzuki, Noriko Niijima, Noriko Uosaki, Tadao Nakamura

Abstract:

People often worry about their elderly family members who are living by themselves or staying alone somewhere. An intelligent watch-over system for such elderly people, using a Raspberry Pi IoT device, has been newly developed to monitor those who live or stay separately from their families and alert them if a problem occurs. The system consists of motion sensors and temperature-humidity combined sensors that are located at seven points within an elderly person's home. The intelligent algorithms of the system detect signs and the possibility of unhealthy situations arising for the elderly relative; e.g., an unusually long bathing time, or a visit to a restroom, too high a room temperature, etc., by using data cached by the sensors above, at seven points within their house. The system gives more consideration to the elderly person's privacy, by using the sensors above, instead of using cameras and microphones placed around the house. The system invented and described here, can send a Twitter direct message to designated family members when an elderly relative is possibly in an unhealthy condition. Thus the system helps decrease family members' anxieties regarding their elderly relatives and increases their sense of security.

Keywords: elderly person, IoT device, Raspberry Pi, watch-over system

Procedia PDF Downloads 190

Authors: Hang Ju, Changmin Zhu

Abstract:

The development level of the BeiDou Navigation Satellite System (BDS) can strongly reflect national defense strength as an important spatial information infrastructure. BDS can be not only used for military purposes, such as intelligence gathering, nuclear explosion monitoring, emergency communications, but also for location services, transportation, mapping, precision agriculture. In order to ensure the national defense security and the wide application of BDS in civil and military areas, BDS must be autonomous and controllable. As a complex system of knowledge-intensive, knowledge transformation runs through the whole process of research and development, production, operation, and maintenance of BDS. Based on the perspective of knowledge transformation, this paper expounds on the meaning of socialization, externalization, combination, and internalization of knowledge transformation, and the coupling relationship of autonomy and control on the basis of analyzing the status quo and problems of the autonomy and control of BDS. The autonomous and controllable framework of BDS based on knowledge transformation is constructed from six dimensions of management capability, R&D capability, technical capability, manufacturing capability, service support capability, and application capability. It can provide support for the smooth implementation of information security policy, provide a reference for the autonomy and control of the upstream and downstream industrial chains in Beidou, and provide a reference for the autonomous and controllable research of aerospace components, military measurement test equipment, and other related industries.

Keywords: knowledge transformation, BeiDou Navigation Satellite System, autonomy and control, framework

Procedia PDF Downloads 157

Authors: Laxmi R. Kasaraneni

Abstract:

The Internet connects all the networks, including the nation’s critical infrastructure that are used extensively by not only a nation’s government and military to protect sensitive information and execute missions, but also the primary infrastructure that provides services that enable modern conveniences such as education, potable water, electricity, natural gas, and financial transactions. It has become the central nervous system for the government, the citizens, and the industries. When it is attacked, the effects can ripple far and wide impacts not only to citizens’ well-being but nation’s economy, civil infrastructure, and national security. As such, these critical services may be targeted by malicious hackers during cyber warfare, it is imperative to not only protect them and mitigate any immediate or potential threats, but to also understand the current or potential impacts beyond the IT networks or the organization. The Nation’s IT infrastructure which is now vital for communication, commerce, and control of our physical infrastructure, is highly vulnerable to attack. While existing technologies can address some vulnerabilities, fundamentally new architectures and technologies are needed to address the larger structural insecurities of an infrastructure developed in a more trusting time when mass cyber attacks were not foreseen. This research is intended to improve the core functions of the Internet and critical-sector information systems by providing a clear path to create a safe, secure, and resilient cyber environment that help stakeholders at all levels of government, and the private sector work together to develop the cybersecurity capabilities that are key to our economy, national security, and public health and safety. This research paper also emphasizes the present and future cyber security threats, the capabilities and goals of cyber attackers, a strategic concept and steps to implement cybersecurity for maximum effectiveness, enabling technologies, some strategic assumptions and critical challenges, and the future of cyberspace.

Keywords: critical challenges, critical infrastructure, cyber security, enabling technologies, national security

Procedia PDF Downloads 268

Authors: Kalaivani Pachiappan, Sabari Annaji, Nithya Jayakumar

Abstract:

In recent years, Information security has emerged as foremost challenges in many fields. Especially in medical information systems security is a major issue, in handling reports such as patients’ diagnosis and medical images. These sensitive data require confidentiality for transmission purposes. Image sharing is a secure and fault-tolerant method for protecting digital images, which can use the cryptography techniques to reduce the information loss. In this paper, visual sharing method is proposed which embeds the patient’s details into a medical image. Then the medical image can be divided into numerous shared images and protected by various users. The original patient details and medical image can be retrieved by gathering the shared images.

Keywords: information security, medical images, cryptography, visual sharing

Procedia PDF Downloads 378

Authors: Feisal Khudher Mahmood, Abdul Samad Rahman Sultan

Abstract:

Iraq had been a diverse society with races, cultures and religions that peacefully coexistence. The phenomenon of internal displacement occurred after April 2003, because of political instability as will as the deterioration of the political and security situation as a result of United States of America occupation. Biggest internal displacement have occurred (and keep happening) since 10th of June 2014 due to rise of Islamic State of Iraq and Syria (ISIS) and it’s occupation of one third of country territories. This crisis effected directly 3,275,000 people and reflected negatively on the social fabric of Iraq community and led to waves of sectorial violence that swept the country. Internal displaced communities are vulnerable, especially under non functional and weak government, that led to lose of essential human rights and dignity. Using Geographic Information System (GIS) and Geospatial Techniques, two types of internal displacement have been found; voluntary and forced. Both types of displacement are highly influenced by location, race and religion. The main challenge for Iraqi government and NGOs will be after defeating ISIS. Helping the displaced to resettle within their community and to re-establish the coexistence. By spatial-statical analysis hot spots of future conflicts among displaced community have been highlighted. This will help the government to tackle future conflicts before they occur. Also, it will be the base for social conflict early warning system.

Keywords: internal displacement, Iraq, ISIS, human security, human rights, GIS, spatial-statical analysis

Procedia PDF Downloads 496

Authors: Adegboyega Adedolapo Ola

Abstract:

Globally, a country’s maritime security has a significant impact on its national development because it serves as a major source of a commercial contact and food supply. However, the country has been faced with a number of problems, such as piracy, kidnapping, illegal bunkering and oil theft. As such, the study examined the contribution and the relationship between maritime security and Nigeria’s development, as well as the prospects and challenges of maritime security in Nigeria. The study utilized a questionnaire and focused group discussion/interview as instruments for data collection. The method of analysis employed in the study is descriptive. A total of Three Hundred and Ninety (390) respondents were randomly selected. The result of the study showed that maritime security contributes to national development in Nigeria by guaranteeing food security in Nigeria, creating employment opportunities as well as increasing the Gross Domestic Product (GDP) of the economy. It was also found that maritime security is yet to provide sufficient support for national development in Nigeria. It is further established that it has prospects for development through the creation of employment opportunities, increase in foreign earnings, and fostering improved living standards for citizens. The study concluded that the high level of corruption, piracy and kidnapping, lack of political will by the government and the porosity of the Nigerian borders are serious obstacles, among others. In attempting to solve the problem of piracy and kidnapping in Nigerian maritime, to contribute to National development, it is primordial to address the cancer of corruption, poverty, and youth unemployment. In view of this, the study recommends: among other things, that the maritime industry should be well secured by removing its constraints/bottlenecks so as to enhance its contributions to national development.

Keywords: maritime security, national development, terrorism, piracy

Procedia PDF Downloads 53