Search results for: Information security risk treatment

Authors: Milan Rippel, Pert Teplý

Abstract:

Operational risk has become one of the most discussed topics in the financial industry in the recent years. The reasons for this attention can be attributed to higher investments in information systems and technology, the increasing wave of mergers and acquisitions and emergence of new financial instruments. In addition, the New Basel Capital Accord (known as Basel II) demands a capital requirement for operational risk and further motivates financial institutions to more precisely measure and manage this type of risk. The aim of this paper is to shed light on main characteristics of operational risk management and common applied methods: scenario analysis, key risk indicators, risk control self assessment and loss distribution approach.

Keywords: Operational risk, economic capital, key risk indicators, loss distribution approach.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 3956

Authors: Juan P. Zamora, Wilson Adarme, Laura Palacios

Abstract:

This paper shows a traceability framework for supply risk monitoring, beginning with the identification, analysis, and evaluation of the supply chain risk and focusing on the supply operations of the Health Care Institutions with oncology services in Bogota, Colombia. It includes a brief presentation of the state of the art of the Supply Chain Risk Management and traceability systems in logistics operations, and it concludes with the methodology to integrate the SCRM model with the traceability system.

Keywords: Supply risk, risk monitoring, supply chain risk management, cancer drugs, traceability systems.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2186

Authors: Nada Mouchfiq, Ahmed Habbani, Chaimae Benjbara

Abstract:

The security aspect of the IoT occupies a place of great importance especially after the evolution that has known this field lastly because it must take into account the transformations and the new applications .Blockchain is a new technology dedicated to the data sharing. However, this does not work the same way in the different systems with different operating principles. This article will discuss network security using the Blockchain to facilitate the sending of messages and information, enabling the use of new processes and enabling autonomous coordination of devices. To do this, we will discuss proposed solutions to ensure a high level of security in these networks in the work of other researchers. Finally, our article will propose a method of security more adapted to our needs as a team working in the ad hoc networks, this method is based on the principle of the Blockchain and that we named ”MPR Blockchain”.

Keywords: Ad hoc networks, blockchain, MPR, security.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 905

Authors: Hromada Martin

Abstract:

Risk analysis is considered as a fundamental aspect relevant for ensuring the level of critical infrastructure protection, where the critical infrastructure is seen as system, asset or its part which is important for maintaining the vital societal functions. Article actually discusses and analyzes the potential application of selected tools of information support for the implementation and within the framework of risk analysis and critical infrastructure protection. Use of the information in relation to their risk analysis can be viewed as a form of simplifying the analytical process. It is clear that these instruments (information support) for these purposes are countless, so they were selected representatives who have already been applied in the selected area of critical infrastructure, or they can be used. All presented fact were the basis for critical infrastructure resilience evaluation methodology development.

Keywords: Critical infrastructure, Protection, Resilience, Risk Analysis.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1613

Authors: Dong-Young Yoo, Jong-Whoi Shin, Gang Shin Lee, Jae-Il Lee

Abstract:

As the disfunctions of the information society and social development progress, intrusion problems such as malicious replies, spam mail, private information leakage, phishing, and pharming, and side effects such as the spread of unwholesome information and privacy invasion are becoming serious social problems. Illegal access to information is also becoming a problem as the exchange and sharing of information increases on the basis of the extension of the communication network. On the other hand, as the communication network has been constructed as an international, global system, the legal response against invasion and cyber-attack from abroad is facing its limit. In addition, in an environment where the important infrastructures are managed and controlled on the basis of the information communication network, such problems pose a threat to national security. Countermeasures to such threats are developed and implemented on a yearly basis to protect the major infrastructures of information communication. As a part of such measures, we have developed a methodology for assessing the information protection level which can be used to establish the quantitative object setting method required for the improvement of the information protection level.

Keywords: Information Security Evaluation Methodology, Critical Information Infrastructure Protection.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1654

Authors: Naveed Ghani, Samreen Javed

Abstract:

In today’s heterogeneous network environment, there is a growing demand for distrust clients to jointly execute secure network to prevent from malicious attacks as the defining task of propagating malicious code is to locate new targets to attack. Residual risk is always there no matter what solutions are implemented or whet so ever security methodology or standards being adapted. Security is the first and crucial phase in the field of Computer Science. The main aim of the Computer Security is gathering of information with secure network. No one need wonder what all that malware is trying to do: It's trying to steal money through data theft, bank transfers, stolen passwords, or swiped identities. From there, with the help of our survey we learn about the importance of white listing, antimalware programs, security patches, log files, honey pots, and more used in banks for financial data protection but there’s also a need of implementing the IPV6 tunneling with Crypto data transformation according to the requirements of new technology to prevent the organization from new Malware attacks and crafting of its own messages and sending them to the target. In this paper the writer has given the idea of implementing IPV6 Tunneling Secessions on private data transmission from financial organizations whose secrecy needed to be safeguarded.

Keywords: Network worms, malware infection propagating malicious code, virus, security, VPN.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2802

Authors: Lenka Jesonkova, Frantisek Bozek

Abstract:

Trihalogenmethanes (THMs) are disinfection byproducts with non-carcinogenic and genotoxic effects. The contamination of 6 sites close to the water treatment plant has been monitored in second largest city of the Czech Republic. Health risk assessment including both non-carcinogenic and genotoxic risk for long term exposition was realized using the critical concentrations. Concentrations of trihalogenmethanes met national standards in all samples. Risk assessment proved that health risks from trihalogenmethanes are acceptable on each site.

Keywords: Drinking water, health risk assessment, trihalogenmethanes, water pollution.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1983

Authors: E. Cenderelli, E. Bruno, G. Iacoviello, A. Lazzini

Abstract:

The financial sector is exposed to the risk of cyber-attacks like any other industrial sector. Furthermore, the topic of CybeRisk (cyber risk) has become particularly relevant given that Information Technology (IT) attacks have increased drastically in recent years, and cannot be stopped by single organizations requiring a response at international and national level. IT risk is never a matter purely for the IT manager, although he clearly plays a key role. A bank's risk management function requires a thorough understanding of the evolving risks as well as the tools and practical techniques available to address them. Upon the request of European and national legislation regarding CybeRisk in the financial system, banks are therefore called upon to strengthen the operational model for CybeRisk management. This will require an important change with a more intense collaboration with the structures that deal with information security for the development of an ad hoc system for the evaluation and control of this type of risk. The aim of the work is to propose a framework for the management and control of CybeRisk that will bridge the gap in the literature regarding the understanding and consideration of CybeRisk as an integral part of business management. The IT function has a strong relevance in the management of CybeRisk, which is perceived mainly as operational risk, but with a positive tendency on the part of risk management to the identification of CybeRisk assessment methods that are increasingly complete, quantitative and able to better describe the possible impacts on the business. The paper provides answers to the research questions: Is it possible to define a CybeRisk governance structure able to support the comparison between risk and security? How can the relationships between IT assets be integrated into a cyberisk assessment framework to guarantee a system of protection and risks control? From a methodological point of view, this research uses a case study approach. The choice of “Monte dei Paschi di Siena” was determined by the specific features of one of Italy’s biggest lenders. It is chosen to use an intensive research strategy: an in-depth study of reality. The case study methodology is an empirical approach to explore a complex and current phenomenon that develops over time. The use of cases has also the advantage of allowing the deepening of aspects concerning the "how" and "why" of contemporary events, on which the scholar has little control. The research bases on quantitative data and qualitative information obtained through semi-structured interviews of an open-ended nature and questionnaires to directors, members of the audit committee, risk, IT and compliance managers, and those responsible for internal audit function and anti-money laundering. The added value of the paper can be seen in the development of a framework based on a mapping of IT assets from which it is possible to identify their relationships for purposes of a more effective management and control of cyber risk.

Keywords: Bank, CybeRisk, information technology, risk management.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1415

Authors: H. Iranmanesh, S. Nazari Shirkouhi, M. R. Skandari

Abstract:

Information Technology (IT) projects are always accompanied by various risks and because of high rate of failure in such projects, managing risks in order to neutralize or at least decrease their effects on the success of the project is strongly essential. In this paper, fuzzy analytical hierarchy process (FAHP) is exploited as a means of risk evaluation methodology to prioritize and organize risk factors faced in IT projects. A real case of IT projects, a project of design and implementation of an integrated information system in a vehicle producing company in Iran is studied. Related risk factors are identified and then expert qualitative judgments about these factors are acquired. Translating these judgments to fuzzy numbers and using them as an input to FAHP, risk factors are then ranked and prioritized by FAHP in order to make project managers aware of more important risks and enable them to adopt suitable measures to deal with these highly devastative risks.

Keywords: Information technology projects, Risk evaluation, Analytic hierarchal process, fuzzy logic.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1931

Authors: Tuti Ida Halida

Abstract:

This paper will define the system that minimize the risk of the ship accidents because of high or dangerous waves namely early warning system. Since Indonesia is located in a strategic position, many internasional vessels pass by the Indonesian Sea Lanes. Therefore many issues often occur in Indonesian waters, one of the issues is the shipwreck because of dangerous waves. In order to do the preventive action for the vessels that indicated exposed the dangerous waves, Indonesian Maritime Security Coordinating Board or Bakorkamla, has built up and implemented an early warning system through integrated system, called Bakorkamla Integrated Information System (BIIS). By implementing BIIS means that Bakorkamla has already done one of the Five Principles of Sea and Coast Guard Agency, which is safety and security, and Bakorkamla also has already saved the lives of many people on the ship that will have an accident due to high waves. 

Keywords: Early Warning System, Integrated Information System, Sea and Coast Guard, Principles.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2722

Authors: Nariman O. Kandil, Ehab K. Abou-Elkheir, Amr M. Kotb

Abstract:

Effective IT governance guarantees the strategic alignment of IT and business goals, risk mitigation control, and better IT and business performance. This study seeks to examine empirically the extent of IT governance implementation within the firms listed on the Egyptian Stock Exchange (EGX30) and its determinants. Accordingly, 18 semi-structured interviews, face to face, phone, and video-conferencing, using various tools (e.g., WebEx, Zoom, and Microsoft Teams) were undertaken at the interviewees’ offices in Egypt between the end of November 2019 and the end of August 2020. Results suggest that there are variances in the extent of IT Governance (ITG) implementation within the firms listed on the EGX30, mainly caused by the industry type and internal and external triggers. The results also suggest that the organization size, the type of auditor, the criticality of the industry, the effective processes & key performance indicators (KPIs), and the information intensity expertise of the chief information officers (CIOs) have a significant impact on ITG implementation within the firms.

Keywords: Effective IT governance, Egyptian Market, information security, risk controls.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 177

Authors: Ronald F. Gonzales, Gordon W. Romney, Pradip Peter Dey, Mohammad Amin, Bhaskar Raj Sinha

Abstract:

A virtualized and virtual approach is presented on academically preparing students to successfully engage at a strategic perspective to understand those concerns and measures that are both structured and not structured in the area of cyber security and information assurance. The Master of Science in Cyber Security and Information Assurance (MSCSIA) is a professional degree for those who endeavor through technical and managerial measures to ensure the security, confidentiality, integrity, authenticity, control, availability and utility of the world-s computing and information systems infrastructure. The National University Cyber Security and Information Assurance program is offered as a Master-s degree. The emphasis of the MSCSIA program uniquely includes hands-on academic instruction using virtual computers. This past year, 2011, the NU facility has become fully operational using system architecture to provide a Virtual Education Laboratory (VEL) accessible to both onsite and online students. The first student cohort completed their MSCSIA training this past March 2, 2012 after fulfilling 12 courses, for a total of 54 units of college credits. The rapid pace scheduling of one course per month is immensely challenging, perpetually changing, and virtually multifaceted. This paper analyses these descriptive terms in consideration of those globalization penetration breaches as present in today-s world of cyber security. In addition, we present current NU practices to mitigate risks.

Keywords: Cyber security, information assurance, mitigate risks, virtual machines, strategic perspective.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1870

Authors: Jaimin Patel

Abstract:

Cloud computing is one of the most sharp and important movement in various computing technologies. It provides flexibility to users, cost effectiveness, location independence, easy maintenance, enables multitenancy, drastic performance improvements, and increased productivity. On the other hand, there are also major issues like security. Being a common server, security for a cloud is a major issue; it is important to provide security to protect user’s private data, and it is especially important in e-commerce and social networks. In this paper, encryption algorithms such as Advanced Encryption Standard algorithms, their vulnerabilities, risk of attacks, optimal time and complexity management and comparison with other algorithms based on software implementation is proposed. Encryption techniques to improve the performance of AES algorithms and to reduce risk management are given. Secure Hash Algorithms, their vulnerabilities, software implementations, risk of attacks and comparison with other hashing algorithms as well as the advantages and disadvantages between hashing techniques and encryption are given.

Keywords: Cloud computing, encryption algorithm, secure hashing algorithm, brute force attack, birthday attack, plaintext attack, man-in-the-middle attack.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1737

Authors: Marzieh Mokhtaripour

Abstract:

Security issue and the importance of the function of police to provide practical and psychological contexts in the community has been the main topics among researchers , police and security circles and this subject require to review and analysis mechanisms within the police and its interaction with other parts of the system for providing community safety. This paper examine national and social security in the Internet.

Keywords: Internet National security Social security

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1259

Authors: Gabriela-Andreea Despescu, Mădălina-Elena Mavrodin, Gheorghe Lăzăroiu, Florin Adrian Grădinaru

Abstract:

The purpose of this paper is to contribute to the enhancement of a hydroelectric plant protection by coordinating protection measures / existing security and introducing new measures under a risk management process. In addition, plan identifies key critical elements of a hydroelectric plant, from its level vulnerabilities and threats it is subjected to in order to achieve the necessary protection measures to reduce the level of risk.

Keywords: Critical infrastructure, risk analysis, critical infrastructure protection, vulnerability, risk management, turbine, Impact analysis.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1557

Authors: Kang Huang, Wanting Zhou, Shiwei Yuan, Lei Li

Abstract:

Since information technology develops rapidly, the security issue has become an increasingly critical for computer system. In particular, as cloud computing and the Internet of Things (IoT) continue to gain widespread adoption, computer systems need to new security threats and attacks. The Root of Trust (RoT) is the foundation for providing basic trusted computing, which is used to verify the security and trustworthiness of other components. Designing a reliable RoT and guaranteeing its own security are essential for improving the overall security and credibility of computer systems. In this paper, we discuss the implementation of self-security technology based on the RISC-V RoT at the hardware level. To effectively safeguard the security of the RoT, researches on security safeguard technology on the RoT have been studied. At first, a lightweight and secure boot framework is proposed as a secure mechanism. Secondly, two kinds of memory protection mechanism are built to against memory attacks. Moreover, hardware implementation of proposed method has been also investigated. A series of experiments and tests have been carried on to verify to effectiveness of the proposed method. The experimental results demonstrated that the proposed approach is effective in verifying the integrity of the RoT’s own boot rom, user instructions, and data, ensuring authenticity and enabling the secure boot of the RoT’s own system. Additionally, our approach provides memory protection against certain types of memory attacks, such as cache leaks and tampering, and ensures the security of root-of-trust sensitive information, including keys.

Keywords: Root of Trust, secure boot, memory protection, hardware security.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 54

Authors: J. P. Dubois, P. G. Jreije

Abstract:

In this paper, a framework is presented trying to make the most secure web system out of the available generic and web security technology which can be used as a guideline for organizations building their web sites. The framework is designed to provide necessary security services, to address the known security threats, and to provide some cover to other security problems especially unknown threats. The requirements for the design are discussed which guided us to the design of secure web system. The designed security framework is then simulated and various quality of service (QoS) metrics are calculated to measure the performance of this system.

Keywords: Web Security, Internet Voting, Firewall, QoS, Latency, Utilization, Throughput.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1334

Authors: Ashly Joseph, Jithu Paulose

Abstract:

The increased usage of cloud computing has revolutionized the IT landscape, but it has also raised new security concerns. DevSecOps emerged as a way for tackling these difficulties by integrating security into the software development process. However, the rising complexity and sophistication of cyber threats need more advanced solutions. This paper looks into the usage of artificial intelligence (AI) techniques in the DevSecOps framework to increase cloud security. This study uses quantitative and qualitative techniques to assess the usefulness of AI approaches such as machine learning, natural language processing, and deep learning in reducing security issues. This paper thoroughly examines the symbiotic relationship between AI and DevSecOps, concentrating on how AI may be seamlessly integrated into the continuous integration and continuous delivery (CI/CD) pipeline, automated security testing, and real-time monitoring methods. The findings emphasize AI's huge potential to improve threat detection, risk assessment, and incident response skills. Furthermore, the paper examines the implications and challenges of using AI in DevSecOps workflows, considering factors like as scalability, interpretability, and adaptability. This paper adds to a better understanding of AI's revolutionary role in cloud security and provides valuable insights for practitioners and scholars in the field.

Keywords: Cloud Security, DevSecOps, Artificial Intelligence, AI, Machine Learning, Natural Language Processing, NLP, cybersecurity, AI-driven Security.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 101

Authors: Pema Choejey, David Murray, Chun Che Fung

Abstract:

Bhutan is becoming increasingly dependent on Information and Communications Technologies (ICTs), especially the Internet for performing the daily activities of governments, businesses, and individuals. Consequently, information systems and networks are becoming more exposed and vulnerable to cybersecurity threats. This paper highlights the findings of the survey study carried out to understand the perceptions of cybersecurity implementation among government organizations in Bhutan. About 280 ICT personnel were surveyed about the effectiveness of cybersecurity implementation in their organizations. A questionnaire based on a 5 point Likert scale was used to assess the perceptions of respondents. The questions were asked on cybersecurity practices such as cybersecurity policies, awareness and training, and risk management. The survey results show that less than 50% of respondents believe that the cybersecurity implementation is effective: cybersecurity policy (40%), risk management (23%), training and awareness (28%), system development life cycle (34%); incident management (26%), and communications and operational management (40%). The findings suggest that many of the cybersecurity practices are inadequately implemented and therefore, there exist a gap in achieving a required cybersecurity posture. This study recommends government organizations to establish a comprehensive cybersecurity program with emphasis on cybersecurity policy, risk management, and awareness and training. In addition, the research study has practical implications to both government and private organizations for implementing and managing cybersecurity.

Keywords: Awareness and training, cybersecurity, cybersecurity policy, risk management, security risks.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1552

Authors: Amirhossein Safi

Abstract:

Internet of things (IOT) is a kind of advanced information technology which has drawn societies’ attention. Sensors and stimulators are usually recognized as smart devices of our environment. Simultaneously, IOT security brings up new issues. Internet connection and possibility of interaction with smart devices cause those devices to involve more in human life. Therefore, safety is a fundamental requirement in designing IOT. IOT has three remarkable features: overall perception, reliable transmission, and intelligent processing. Because of IOT span, security of conveying data is an essential factor for system security. Hybrid encryption technique is a new model that can be used in IOT. This type of encryption generates strong security and low computation. In this paper, we have proposed a hybrid encryption algorithm which has been conducted in order to reduce safety risks and enhancing encryption's speed and less computational complexity. The purpose of this hybrid algorithm is information integrity, confidentiality, non-repudiation in data exchange for IOT. Eventually, the suggested encryption algorithm has been simulated by MATLAB software, and its speed and safety efficiency were evaluated in comparison with conventional encryption algorithm.

Keywords: Internet of things, security, hybrid algorithm, privacy.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 4184

Authors: R. Haghighat far, H. Yarahmadi

Abstract:

A mobile agent is a software which performs an action autonomously and independently as a person or an organizations assistance. Mobile agents are used for searching information, retrieval information, filtering, intruder recognition in networks, and so on. One of the important issues of mobile agent is their security. It must consider different security issues in effective and secured usage of mobile agent. One of those issues is the integrity-s protection of mobile agents. In this paper, the advantages and disadvantages of each method, after reviewing the existing methods, is examined. Regarding to this matter that each method has its own advantage or disadvantage, it seems that by combining these methods, one can reach to a better method for protecting the integrity of mobile agents. Therefore, this method is provided in this paper and then is evaluated in terms of existing method. Finally, this method is simulated and its results are the sign of improving the possibility of integrity-s protection of mobile agents.

Keywords: Integrity, Mobile Agent, Security.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1750

Authors: Nathan C. Lea, Tony Austin, Stephen Hailes, Dipak Kalra

Abstract:

This paper introduces a tool that is being developed for the expression of information security policy controls that govern electronic healthcare records. By reference to published findings, the paper introduces the theory behind the use of knowledge management for automatic and consistent security policy assertion using the formalism called the Secutype; the development of the tool and functionality is discussed; some examples of Secutypes generated by the tool are provided; proposed integration with existing medical record systems is described. The paper is concluded with a section on further work and critique of the work achieved to date.

Keywords: Information Security Policy, Electronic Healthcare Records, Knowledge Management, Archetypes, Secutypes.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1344

Authors: HangRok Lee, DoWon Hong

Abstract:

Since communications between tag and reader in RFID system are by radio, anyone can access the tag and obtain its any information. And a tag always replies with the same ID so that it is hard to distinguish between a real and a fake tag. Thus, there are many security problems in today-s RFID System. Firstly, unauthorized reader can easily read the ID information of any Tag. Secondly, Adversary can easily cheat the legitimate reader using the collected Tag ID information, such as the any legitimate Tag. These security problems can be typically solved by encryption of messages transmitted between Tag and Reader and by authentication for Tag. In this paper, to solve these security problems on RFID system, we propose the Tag Authentication Scheme based on self shrinking generator (SSG). SSG Algorithm using in our scheme is proposed by W.Meier and O.Staffelbach in EUROCRYPT-94. This Algorithm is organized that only one LFSR and selection logic in order to generate random stream. Thus it is optimized to implement the hardware logic on devices with extremely limited resource, and the output generating from SSG at each time do role as random stream so that it is allow our to design the light-weight authentication scheme with security against some network attacks. Therefore, we propose the novel tag authentication scheme which use SSG to encrypt the Tag-ID transmitted from tag to reader and achieve authentication of tag.

Keywords: RFID system, RFID security, self shrinkinggeneratior, authentication, protocol.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1622

Authors: Anders Thorsèn, Behrooz Sangchoolie, Peter Folkesson, Ted Strandberg

Abstract:

As more parts of the power grid become connected to the internet, the risk of cyberattacks increases. To identify the cybersecurity threats and subsequently reduce vulnerabilities, the common practice is to carry out a cybersecurity risk assessment. For safety classified systems and products, there is also a need for safety risk assessments in addition to the cybersecurity risk assessment to identify and reduce safety risks. These two risk assessments are usually done separately, but since cybersecurity and functional safety are often related, a more comprehensive method covering both aspects is needed. Some work addressing this has been done for specific domains like the automotive domain, but more general methods suitable for, e.g., Intelligent Distributed Grids, are still missing. One such method from the automotive domain is the Security-Aware Hazard Analysis and Risk Assessment (SAHARA) method that combines safety and cybersecurity risk assessments. This paper presents an approach where the SAHARA method has been modified to be more suitable for larger distributed systems. The adapted SAHARA method has a more general risk assessment approach than the original SAHARA. The proposed method has been successfully applied on two use cases of an intelligent distributed grid.

Keywords: Intelligent distribution grids, threat analysis, risk assessment, safety, cybersecurity.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 743

Authors: Yun Bai

Abstract:

This paper is to investigate the impplementation of security mechanism in object oriented database system. Formal methods plays an essential role in computer security due to its powerful expressiveness and concise syntax and semantics. In this paper, both issues of specification and implementation in database security environment will be considered; and the database security is achieved through the development of an efficient implementation of the specification without compromising its originality and expressiveness.

Keywords: database security, authorization policy, logic basedspecification

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1712

Authors: Ashly Joseph

Abstract:

Modern businesses struggle significantly to secure and manage their data properly as the volume and complexity of their data both expand exponentially. Through the use of a multi-layered defense strategy, a centralized management platform, and cutting-edge technologies like AI, this research paper presents a comprehensive framework to integrate data security and management. The constraints of current data protection and management strategies, technological advancements, and the evolving threat landscape are all examined in this article. It suggests best practices for putting into practice integrated data security and governance models, placing an emphasis on ongoing adaptation. The advantages mentioned include a strengthened security posture, simpler procedures, lower costs, and reduced complexity. Additionally, issues including skill shortages, antiquated systems, and cultural obstacles are examined. Security executives and Chief Information Security Officers are given practical advice on how to evaluate, plan, and put into place strong data-centric security and management capabilities. The goal of the paper is to provide a thorough study of the data security and management landscape and to arm contemporary businesses with the knowledge they need to be proactive in protecting their data assets.

Keywords: Data security, security management, cloud computing, cybersecurity, data governance, security architecture, data management.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 249

Authors: Marinela Mircea

Abstract:

The development of information and communication technology, the increased use of the internet, as well as the effects of the recession within the last years, have lead to the increased use of cloud computing based solutions, also called on-demand solutions. These solutions offer a large number of benefits to organizations as well as challenges and risks, mainly determined by data visualization in different geographic locations on the internet. As far as the specific risks of cloud environment are concerned, data security is still considered a peak barrier in adopting cloud computing. The present study offers an approach upon ensuring the security of cloud data, oriented towards the whole data life cycle. The final part of the study focuses on the assessment of data security in the cloud, this representing the bases in determining the potential losses and the premise for subsequent improvements and continuous learning.

Keywords: cloud computing, data life cycle, data security, security assessment.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2152

Authors: Alexander G. Yushchenko

Abstract:

From a multi-science point of view, we analyze threats to security resulting from globalization of international information space and information and communication aggression of Russia. A definition of Ruschism is formulated as an ideology supporting aggressive actions of modern Russia against the Euro-Atlantic community. Stages of the hybrid war Russia is leading against Ukraine are described, including the elements of subversive activity of the special services, the activation of the military phase and the gradual shift of the focus of confrontation to the realm of information and communication technologies. We reveal an emergence of a threat for democratic states resulting from the destabilizing impact of a target state’s mass media and social networks being exploited by Russian secret services under freedom-of-speech disguise. Thus, we underline the vulnerability of cyber- and information security of the network society in regard of hybrid war. We propose to define the latter a synergetic war. Our analysis is supported with a long-term qualitative monitoring of representation of top state officials on popular TV channels and Facebook. From the memetics point of view, we have detected a destructive psycho-information technology used by the Kremlin, a kind of information catastrophe, the essence of which is explained in detail. In the conclusion, a comprehensive plan for information protection of the public consciousness and mentality of Euro-Atlantic citizens from the aggression of the enemy is proposed.

Keywords: Cyber and information security, psycho-information technology, hybrid war, synergetic war, WWIII, Ruschism.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1004

Authors: K. Sekulová, M. Šimon

Abstract:

This article focuses on upper-extremity musculoskeletal disorders risk assessment model at workplace. In this model are used risk factors that are responsible for musculoskeletal system damage. Based on statistic calculations the model is able to define what risk of MSD threatens workers who are under risk factors. The model is also able to say how MSD risk would decrease if these risk factors are eliminated.

 

Keywords: Ergonomics, musculoskeletal disorders, occupational diseases, risk factors.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2050

Authors: Amirhossein Karamoozian, Desheng Wu, Behzad Abbasnejad

Abstract:

Building information modelling (BIM) is a new technology to enhance the efficiency of project management in the construction industry. In addition to the potential benefits of this useful technology, there are various risks and obstacles to applying it in construction projects. In this study, a decision making approach is presented for risk assessment in BIM adoption in construction projects. Various risk factors of exerting BIM during different phases of the project lifecycle are identified with the help of Delphi method, experts’ opinions and related literature. Afterward, Shannon’s entropy and Fuzzy TOPSIS (Technique for Order Preference by Similarity to Ideal Situation) are applied to derive priorities of the identified risk factors. Results indicated that lack of knowledge between professional engineers about workflows in BIM and conflict of opinions between different stakeholders are the risk factors with the highest priority.

Keywords: Risk, BIM, Shannon’s entropy, Fuzzy TOPSIS, construction projects.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1459