Search results for: Cyber and information security
4642 Quick Reference: Cyber Attacks Awareness and Prevention Method for Home Users
Authors: Haydar Teymourlouei
Abstract:
It is important to take security measures to protect your computer information, reduce identify theft, and prevent from malicious cyber-attacks. With cyber-attacks on the continuous rise, people need to understand and learn ways to prevent from these attacks. Cyber-attack is an important factor to be considered if one is to be able to protect oneself from malicious attacks. Without proper security measures, most computer technology would hinder home users more than such technologies would help. Knowledge of how cyber-attacks operate and protective steps that can be taken to reduce chances of its occurrence are key to increasing these security measures. The purpose of this paper is to inform home users on the importance of identifying and taking preventive steps to avoid cyberattacks. Throughout this paper, many aspects of cyber-attacks will be discuss: what a cyber-attack is, the affects of cyber-attack for home users, different types of cyber-attacks, methodology to prevent such attacks; home users can take to fortify security of their computer.
Keywords: Cyber-attacks, home user, prevention, security, technology.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 77974641 Preventing and Coping Strategies for Cyber Bullying and Cyber Victimization
Authors: Erdinc Ozturk, Gizem Akcan
Abstract:
Although there are several advantages of information and communication technologies, they cause some problems like cyber bullying and cyber victimization. Cyber bullying and cyber victimization have lots of negative effects on people. There are lots of different strategies to prevent cyber bullying and victimization. This study was conducted to provide information about the strategies that are used to prevent cyber bullying and cyber victimization. 120 (60 women, 60 men) university students whose ages are between 18 and 35 participated this study. According to findings of this study, men are more prone to cyber bullying than women. Moreover, men are also more prone to cyber victimization than women.Keywords: Cyber bullying, cyber victimization, coping strategies.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 15824640 Cyber Warriors for Cyber Security and Information Assurance- An Academic Perspective
Authors: Ronald F. Gonzales, Gordon W. Romney, Pradip Peter Dey, Mohammad Amin, Bhaskar Raj Sinha
Abstract:
A virtualized and virtual approach is presented on academically preparing students to successfully engage at a strategic perspective to understand those concerns and measures that are both structured and not structured in the area of cyber security and information assurance. The Master of Science in Cyber Security and Information Assurance (MSCSIA) is a professional degree for those who endeavor through technical and managerial measures to ensure the security, confidentiality, integrity, authenticity, control, availability and utility of the world-s computing and information systems infrastructure. The National University Cyber Security and Information Assurance program is offered as a Master-s degree. The emphasis of the MSCSIA program uniquely includes hands-on academic instruction using virtual computers. This past year, 2011, the NU facility has become fully operational using system architecture to provide a Virtual Education Laboratory (VEL) accessible to both onsite and online students. The first student cohort completed their MSCSIA training this past March 2, 2012 after fulfilling 12 courses, for a total of 54 units of college credits. The rapid pace scheduling of one course per month is immensely challenging, perpetually changing, and virtually multifaceted. This paper analyses these descriptive terms in consideration of those globalization penetration breaches as present in today-s world of cyber security. In addition, we present current NU practices to mitigate risks.Keywords: Cyber security, information assurance, mitigate risks, virtual machines, strategic perspective.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 18764639 A Socio-Technical Approach to Cyber-Risk Assessment
Authors: Kitty Kioskli, Nineta Polemi
Abstract:
Evaluating the levels of cyber-security risks within an enterprise is most important in protecting its information system, services and all its digital assets against security incidents (e.g. accidents, malicious acts, massive cyber-attacks). The existing risk assessment methodologies (e.g. eBIOS, OCTAVE, CRAMM, NIST-800) adopt a technical approach considering as attack factors only the capability, intention and target of the attacker, and not paying attention to the attacker’s psychological profile and personality traits. In this paper, a socio-technical approach is proposed in cyber risk assessment, in order to achieve more realistic risk estimates by considering the personality traits of the attackers. In particular, based upon principles from investigative psychology and behavioural science, a multi-dimensional, extended, quantifiable model for an attacker’s profile is developed, which becomes an additional factor in the cyber risk level calculation.
Keywords: Attacker, behavioural models, cyber risk assessment, cyber-security, human factors, investigative psychology, ISO27001, ISO27005.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 9704638 A Reasoning Method of Cyber-Attack Attribution Based on Threat Intelligence
Authors: Li Qiang, Yang Ze-Ming, Liu Bao-Xu, Jiang Zheng-Wei
Abstract:
With the increasing complexity of cyberspace security, the cyber-attack attribution has become an important challenge of the security protection systems. The difficult points of cyber-attack attribution were forced on the problems of huge data handling and key data missing. According to this situation, this paper presented a reasoning method of cyber-attack attribution based on threat intelligence. The method utilizes the intrusion kill chain model and Bayesian network to build attack chain and evidence chain of cyber-attack on threat intelligence platform through data calculation, analysis and reasoning. Then, we used a number of cyber-attack events which we have observed and analyzed to test the reasoning method and demo system, the result of testing indicates that the reasoning method can provide certain help in cyber-attack attribution.
Keywords: Reasoning, Bayesian networks, cyber-attack attribution, kill chain, threat intelligence.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 26724637 An Investigation on Organisation Cyber Resilience
Authors: Arniyati Ahmad, Christopher Johnson, Timothy Storer
Abstract:
Cyber exercises used to assess the preparedness of a community against cyber crises, technology failures and Critical Information Infrastructure (CII) incidents. The cyber exercises also called cyber crisis exercise or cyber drill, involved partnerships or collaboration of public and private agencies from several sectors. This study investigates Organisation Cyber Resilience (OCR) of participation sectors in cyber exercise called X Maya in Malaysia. This study used a principal based cyber resilience survey called CSuite Executive checklist developed by World Economic Forum in 2012. To ensure suitability of the survey to investigate the OCR, the reliability test was conducted on C-Suite Executive checklist items. The research further investigates the differences of OCR in ten Critical National Infrastructure Information (CNII) sectors participated in the cyber exercise. The One Way ANOVA test result showed a statistically significant difference of OCR among ten CNII sectors participated in the cyber exercise.Keywords: Critical Information Infrastructure, Cyber Resilience, Organisation Cyber Resilience, Reliability Test.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 22344636 Cyber Security Situational Awareness among Students: A Case Study in Malaysia
Authors: Yunos Zahri, Ab Hamid R. Susanty, Ahmad Mustaffa
Abstract:
This paper explores the need for a national baseline study on understanding the level of cyber security situational awareness among primary and secondary school students in Malaysia. The online survey method was deployed to administer the data collection exercise. The target groups were divided into three categories: Group 1 (primary school aged 7-9 years old), Group 2 (primary school aged 10-12 years old), and Group 3 (secondary school aged 13-17 years old). A different questionnaire set was designed for each group. The survey topics/areas included Internet and digital citizenship knowledge. Respondents were randomly selected from rural and urban areas throughout all 14 states in Malaysia. A total of 9,158 respondents participated in the survey, with most states meeting the minimum sample size requirement to represent the country’s demographics. The findings and recommendations from this baseline study are fundamental to develop teaching modules required for children to understand the security risks and threats associated with the Internet throughout their years in school. Early exposure and education will help ensure healthy cyber habits among millennials in Malaysia.
Keywords: Cyber security awareness, cyber security education, cyber security, students.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 29844635 Status and Requirements of Counter-Cyberterrorism
Authors: Jeong-Tae Kim, Tchanghee Hyun
Abstract:
The number of intrusions and attacks against critical infrastructures and other information networks is increasing rapidly. While there is no identified evidence that terrorist organizations are currently planning a coordinated attack against the vulnerabilities of computer systems and network connected to critical infrastructure, and origins of the indiscriminate cyber attacks that infect computers on network remain largely unknown. The growing trend toward the use of more automated and menacing attack tools has also overwhelmed some of the current methodologies used for tracking cyber attacks. There is an ample possibility that this kind of cyber attacks can be transform to cyberterrorism caused by illegal purposes. Cyberterrorism is a matter of vital importance to national welfare. Therefore, each countries and organizations have to take a proper measure to meet the situation and consider effective legislation about cyberterrorism.Keywords: Cyberterrorism, cyber attack, information security, legislation
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 27934634 Impact of Network Workload between Virtualization Solutions on a Testbed Environment for Cybersecurity Learning
Authors: K´evin Fernagut, Olivier Flauzac, Erick M. Gallegos R, Florent Nolot
Abstract:
The adoption of modern lightweight virtualization often comes with new threats and network vulnerabilities. This paper seeks to assess this with a different approach studying the behavior of a testbed built with tools such as Kernel-based Virtual Machine (KVM), LinuX Containers (LXC) and Docker, by performing stress tests within a platform where students experiment simultaneously with cyber-attacks, and thus observe the impact on the campus network and also find the best solution for cyber-security learning. Interesting outcomes can be found in the literature comparing these technologies. It is, however, difficult to find results of the effects on the global network where experiments are carried out. Our work shows that other physical hosts and the faculty network were impacted while performing these trials. The problems found are discussed, as well as security solutions and the adoption of new network policies.
Keywords: Containerization, containers, cyber-security, cyber-attacks, isolation, performance, security, virtualization, virtual machines.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 5654633 Improving Cyber Resilience in Mobile Field Hospitals: Towards an Assessment Model
Authors: Nasir Baba Ahmed, Nicolas Daclin, Marc Olivaux, Gilles Dusserre
Abstract:
The Mobile field hospital is critical in terms of managing emergencies in crisis. It is a sub-section of the main hospitals and the health sector, tasked with delivering responsive, immediate, and efficient medical services during a crisis. With the aim to prevent further crisis, the assessment of the cyber assets follows different methods, to distinguish its strengths and weaknesses, and in turn achieve cyber resiliency. The work focuses on assessments of cyber resilience in field hospitals with trends growing in both the field hospital and the health sector in general. This creates opportunities for the adverse attackers and the response improvement objectives for attaining cyber resilience, as the assessments allow users and stakeholders to know the level of risks with regards to its cyber assets. Thus, the purpose is to show the possible threat vectors which open up opportunities, with contrast to current trends in the assessment of the mobile field hospitals’ cyber assets.
Keywords: Assessment framework, cyber resilience, cyber security, Mobile Field Hospital.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 6924632 Agent-Based Modeling of Power Systems Infrastructure Cyber Security
Authors: Raman Paranjape
Abstract:
We present a new approach to evaluation of Cyber Security in Power Systems using the method of modeling the power systems Infrastructure using software agents. Interfaces between module and the home smart meter are recognized as the primary points of intrusion.
Keywords: Power Systems, Modeling and Simulation, Agent systems.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 24494631 A Systematic Approach for Analyzing Multiple Cyber-Physical Attacks on the Smart Grid
Authors: Yatin Wadhawan, Clifford Neuman, Anas Al Majali
Abstract:
In this paper, we evaluate the resilience of the smart grid system in the presence of multiple cyber-physical attacks on its distinct functional components. We discuss attack-defense scenarios and their effect on smart grid resilience. Through contingency simulations in the Network and PowerWorld Simulator, we analyze multiple cyber-physical attacks that propagate from the cyber domain to power systems and discuss how such attacks destabilize the underlying power grid. The analysis of such simulations helps system administrators develop more resilient systems and improves the response of the system in the presence of cyber-physical attacks.
Keywords: Smart grid, resilience, gas pipeline, cyber-physical attack, security.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 10274630 A Multi-Science Study of Modern Synergetic War and Its Information Security Component
Authors: Alexander G. Yushchenko
Abstract:
From a multi-science point of view, we analyze threats to security resulting from globalization of international information space and information and communication aggression of Russia. A definition of Ruschism is formulated as an ideology supporting aggressive actions of modern Russia against the Euro-Atlantic community. Stages of the hybrid war Russia is leading against Ukraine are described, including the elements of subversive activity of the special services, the activation of the military phase and the gradual shift of the focus of confrontation to the realm of information and communication technologies. We reveal an emergence of a threat for democratic states resulting from the destabilizing impact of a target state’s mass media and social networks being exploited by Russian secret services under freedom-of-speech disguise. Thus, we underline the vulnerability of cyber- and information security of the network society in regard of hybrid war. We propose to define the latter a synergetic war. Our analysis is supported with a long-term qualitative monitoring of representation of top state officials on popular TV channels and Facebook. From the memetics point of view, we have detected a destructive psycho-information technology used by the Kremlin, a kind of information catastrophe, the essence of which is explained in detail. In the conclusion, a comprehensive plan for information protection of the public consciousness and mentality of Euro-Atlantic citizens from the aggression of the enemy is proposed.
Keywords: Cyber and information security, psycho-information technology, hybrid war, synergetic war, WWIII, Ruschism.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 10114629 Evaluation of State of the Art IDS Message Exchange Protocols
Authors: Robert Koch, Mario Golling, Gabi Dreo
Abstract:
During the last couple of years, the degree of dependence on IT systems has reached a dimension nobody imagined to be possible 10 years ago. The increased usage of mobile devices (e.g., smart phones), wireless sensor networks and embedded devices (Internet of Things) are only some examples of the dependency of modern societies on cyber space. At the same time, the complexity of IT applications, e.g., because of the increasing use of cloud computing, is rising continuously. Along with this, the threats to IT security have increased both quantitatively and qualitatively, as recent examples like STUXNET or the supposed cyber attack on Illinois water system are proofing impressively. Once isolated control systems are nowadays often publicly available - a fact that has never been intended by the developers. Threats to IT systems don’t care about areas of responsibility. Especially with regard to Cyber Warfare, IT threats are no longer limited to company or industry boundaries, administrative jurisdictions or state boundaries. One of the important countermeasures is increased cooperation among the participants especially in the field of Cyber Defence. Besides political and legal challenges, there are technical ones as well. A better, at least partially automated exchange of information is essential to (i) enable sophisticated situational awareness and to (ii) counter the attacker in a coordinated way. Therefore, this publication performs an evaluation of state of the art Intrusion Detection Message Exchange protocols in order to guarantee a secure information exchange between different entities.
Keywords: Cyber Defence, Cyber Warfare, Intrusion Detection Information Exchange, Early Warning Systems, Joint Intrusion Detection, Cyber Conflict
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 22934628 Combination of Information Security Standards to Cover National Requirements
Authors: Sh. Ladan, A. Yari, H. Khodabandeh
Abstract:
The need for Information Security in organizations, regardless of their type and size, is being addressed by emerging standards and recommended best practices. The various standards and practices which evolved in recent years and are still being developed and constantly revised, address the issue of Information Security from different angles. This paper attempts to provide an overview of Information Security Standards and Practices by briefly discussing some of the most popular ones. Through a comparative study of their similarities and differences, some insight can be obtained on how their combination may lead to an increased level of Information Security.
Keywords: Information security management, information security standard, BS7799, ISO 17799, COBIT.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 15534627 Prototype for Enhancing Information Security Awareness in Industry
Authors: E. Kritzinger, E. Smith
Abstract:
Human-related information security breaches within organizations are primarily caused by employees who have not been made aware of the importance of protecting the information they work with. Information security awareness is accordingly attracting more attention from industry, because stakeholders are held accountable for the information with which they work. The authors developed an Information Security Retrieval and Awareness model – entitled “ISRA" – that is tailored specifically towards enhancing information security awareness in industry amongst all users of information, to address shortcomings in existing information security awareness models. This paper is principally aimed at expounding a prototype for the ISRA model to highlight the advantages of utilizing the model. The prototype will focus on the non-technical, humanrelated information security issues in industry. The prototype will ensure that all stakeholders in an organization are part of an information security awareness process, and that these stakeholders are able to retrieve specific information related to information security issues relevant to their job category, preventing them from being overburdened with redundant information.
Keywords: Information security, information security awareness, information security awareness programs
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 16784626 Institutional Aspects of Information Security in Russian Economy
Authors: Mingaleva Zhanna, Kapuskina Tatiana
Abstract:
The article touches upon questions of information security in Russian Economy. It covers theoretical bases of information security and causes of its development. The theory is proved by the analysis of business activities and the main tendencies of information security development. Perm region has been chosen as the bases for the analysis, being the fastestdeveloping region that uses methods of information security in managing it economy. As a result of the study the authors of the given article have formulated their own vision of the problem of information security in various branches of economy and stated prospects of information security development and its growing role in Russian economy
Keywords: security of business, management of information security, institutional analyses.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 13184625 Cyber Crime in Uganda: Myth or Reality?
Authors: Florence Tushabe, Venansius Baryamureeba
Abstract:
There is a general feeling that Internet crime is an advanced type of crime that has not yet infiltrated developing countries like Uganda. The carefree nature of the Internet in which anybody publishes anything at anytime poses a serious security threat for any nation. Unfortunately, there are no formal records about this type of crime for Uganda. Could this mean that it does not exist there? The author conducted an independent research to ascertain whether cyber crimes have affected people in Uganda and if so, to discover where they are reported. This paper highlights the findings.Keywords: Cyber crime, Internet crime, Uganda crime statistics.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 38404624 Using Social Network Analysis for Cyber Threat Intelligence
Authors: Vasileios Anastopoulos
Abstract:
Cyber threat intelligence assists organisations in understanding the threats they face and helps them make educated decisions on preparing their defences. Sharing of threat intelligence and threat information is increasingly leveraged by organisations and enterprises, and various software solutions are already available, with the open-source malware information sharing platform (MISP) being a popular one. In this work, a methodology for the production of cyber threat intelligence using the threat information stored in MISP is proposed. The methodology leverages the discipline of social network analysis and the diamond model, a model used for intrusion analysis, to produce cyber threat intelligence. The workings of the proposed methodology are demonstrated with a case study on a production MISP instance of a real organisation. The paper concludes with a discussion on the proposed methodology and possible directions for further research.
Keywords: Cyber threat intelligence, diamond model, malware information sharing platform, social network analysis.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 5134623 AI-Driven Cloud Security: Proactive Defense Against Evolving Cyber Threats
Authors: Ashly Joseph
Abstract:
Cloud computing has become an essential component of enterprises and organizations globally in the current era of digital technology. The cloud has a multitude of advantages, including scalability, flexibility, and cost-effectiveness, rendering it an appealing choice for data storage and processing. The increasing storage of sensitive information in cloud environments has raised significant concerns over the security of such systems. The frequency of cyber threats and attacks specifically aimed at cloud infrastructure has been increasing, presenting substantial dangers to the data, reputation, and financial stability of enterprises. Conventional security methods can become inadequate when confronted with ever intricate and dynamic threats. Artificial Intelligence (AI) technologies possess the capacity to significantly transform cloud security through their ability to promptly identify and thwart assaults, adjust to emerging risks, and offer intelligent perspectives for proactive security actions. The objective of this research study is to investigate the utilization of AI technologies in augmenting the security measures within cloud computing systems. This paper aims to offer significant insights and recommendations for businesses seeking to protect their cloud-based assets by analyzing the present state of cloud security, the capabilities of AI, and the possible advantages and obstacles associated with using AI into cloud security policies.
Keywords: Machine Learning, Natural Learning Processing, Denial-of-Service attacks, Sentiment Analysis, Cloud computing.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1854622 Cybersecurity Protection Structures: The Case of Lesotho
Authors: N. N. Mosola, K. F. Moeketsi, R. Sehobai, N. Pule
Abstract:
The Internet brings increasing use of Information and Communications Technology (ICT) services and facilities. Consequently, new computing paradigms emerge to provide services over the Internet. Although there are several benefits stemming from these services, they pose several risks inherited from the Internet. For example, cybercrime, identity theft, malware etc. To thwart these risks, this paper proposes a holistic approach. This approach involves multidisciplinary interactions. The paper proposes a top-down and bottom-up approach to deal with cyber security concerns in developing countries. These concerns range from regulatory and legislative areas, cyber awareness, research and development, technical dimensions etc. The main focus areas are highlighted and a cybersecurity model solution is proposed. The paper concludes by combining all relevant solutions into a proposed cybersecurity model to assist developing countries in enhancing a cyber-safe environment to instill and promote a culture of cybersecurity.Keywords: Cybercrime, cybersecurity, computer emergency response team, computer security incident response team.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 20894621 Designing a Framework for Network Security Protection
Authors: Eric P. Jiang
Abstract:
As the Internet continues to grow at a rapid pace as the primary medium for communications and commerce and as telecommunication networks and systems continue to expand their global reach, digital information has become the most popular and important information resource and our dependence upon the underlying cyber infrastructure has been increasing significantly. Unfortunately, as our dependency has grown, so has the threat to the cyber infrastructure from spammers, attackers and criminal enterprises. In this paper, we propose a new machine learning based network intrusion detection framework for cyber security. The detection process of the framework consists of two stages: model construction and intrusion detection. In the model construction stage, a semi-supervised machine learning algorithm is applied to a collected set of network audit data to generate a profile of normal network behavior and in the intrusion detection stage, input network events are analyzed and compared with the patterns gathered in the profile, and some of them are then flagged as anomalies should these events are sufficiently far from the expected normal behavior. The proposed framework is particularly applicable to the situations where there is only a small amount of labeled network training data available, which is very typical in real world network environments.Keywords: classification, data analysis and mining, network intrusion detection, semi-supervised learning.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 17954620 Cyber Security in Nigeria: A Collaboration between Communities and Professionals
Authors: K. Alese Boniface, K. Adu Michael, K. Owa Victor
Abstract:
Security can be defined as the degree of resistance to, or protection from harm. It applies to any vulnerable and valuable assets, such as persons, dwellings, communities, nations or organizations. Cybercrime is any crime committed or facilitated via the Internet. It is any criminal activity involving computers and networks. It can range from fraud to unsolicited emails (spam). It includes the distant theft of government or corporate secrets through criminal trespass into remote systems around the globe. Nigeria like any other nations of the world is currently having her own share of the menace that has been used even as tools by terrorists. This paper is an attempt at presenting cyber security as an issue that requires a coordinated national response. It also acknowledges and advocates the key roles to be played by stakeholders and the importance of forging strong partnerships to prevent and tackle cybercrime in Nigeria.
Keywords: Security, Cybercrime, Internet, Government, Stakeholders, Partnerships.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 28174619 Stackelberg Security Game for Optimizing Security of Federated Internet of Things Platform Instances
Authors: Violeta Damjanovic-Behrendt
Abstract:
This paper presents an approach for optimal cyber security decisions to protect instances of a federated Internet of Things (IoT) platform in the cloud. The presented solution implements the repeated Stackelberg Security Game (SSG) and a model called Stochastic Human behaviour model with AttRactiveness and Probability weighting (SHARP). SHARP employs the Subjective Utility Quantal Response (SUQR) for formulating a subjective utility function, which is based on the evaluations of alternative solutions during decision-making. We augment the repeated SSG (including SHARP and SUQR) with a reinforced learning algorithm called Naïve Q-Learning. Naïve Q-Learning belongs to the category of active and model-free Machine Learning (ML) techniques in which the agent (either the defender or the attacker) attempts to find an optimal security solution. In this way, we combine GT and ML algorithms for discovering optimal cyber security policies. The proposed security optimization components will be validated in a collaborative cloud platform that is based on the Industrial Internet Reference Architecture (IIRA) and its recently published security model.
Keywords: Security, internet of things, cloud computing, Stackelberg security game, machine learning, Naïve Q-learning.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 16424618 A Quantitative Study on Japanese Internet User's Awareness to Information Security: Necessity and Importance of Education and Policy
Authors: Toshihiko Takemura, Atsushi Umino
Abstract:
In this paper, the authors examine whether or not there Institute for Information and Communications Policy shows are differences of Japanese Internet users awareness to information security based on individual attributes by using analysis of variance based on non-parametric method. As a result, generally speaking, it is found that Japanese Internet users' awareness to information security is different by individual attributes. Especially, the authors verify that the users who received the information security education would have rather higher recognition concerning countermeasures than other users including self-educated users. It is suggested that the information security education should be enhanced so that the users may appropriately take the information security countermeasures. In addition, the information security policy such as carrying out "e- net caravan" and "information security seminars" are effective in improving the users' awareness on the information security in Japan.
Keywords: Information security education, variance of analysis, Internet users, information security policy, Web-based survey.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 14074617 Improve of Evaluation Method for Information Security Levels of CIIP (Critical Information Infrastructure Protection)
Authors: Dong-Young Yoo, Jong-Whoi Shin, Gang Shin Lee, Jae-Il Lee
Abstract:
As the disfunctions of the information society and social development progress, intrusion problems such as malicious replies, spam mail, private information leakage, phishing, and pharming, and side effects such as the spread of unwholesome information and privacy invasion are becoming serious social problems. Illegal access to information is also becoming a problem as the exchange and sharing of information increases on the basis of the extension of the communication network. On the other hand, as the communication network has been constructed as an international, global system, the legal response against invasion and cyber-attack from abroad is facing its limit. In addition, in an environment where the important infrastructures are managed and controlled on the basis of the information communication network, such problems pose a threat to national security. Countermeasures to such threats are developed and implemented on a yearly basis to protect the major infrastructures of information communication. As a part of such measures, we have developed a methodology for assessing the information protection level which can be used to establish the quantitative object setting method required for the improvement of the information protection level.Keywords: Information Security Evaluation Methodology, Critical Information Infrastructure Protection.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 16594616 ISCS (Information Security Check Service) for the Safety and Reliability of Communications
Authors: Jong-Whoi Shin, Jin-Tae Lee, Sang-Soo Jang, Jae-II Lee
Abstract:
Recent widespread use of information and communication technology has greatly changed information security risks that businesses and institutions encounter. Along with this situation, in order to ensure security and have confidence in electronic trading, it has become important for organizations to take competent information security measures to provide international confidence that sensitive information is secure. Against this backdrop, the approach to information security checking has come to an important issue, which is believed to be common to all countries. The purpose of this paper is to introduce the new system of information security checking program in Korea and to propose synthetic information security countermeasures under domestic circumstances in order to protect physical equipment, security management and technology, and the operation of security check for securing services on ISP(Internet Service Provider), IDC(Internet Data Center), and e-commerce(shopping malls, etc.)Keywords: Information Security Check Service, safety criteria, object enterpriser.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 16094615 Positive Analysis on Vulnerability, Information Security Incidents, and the Countermeasures of Japanese Internet Service Providers
Authors: Toshihiko Takemura, Makoto Osajima, Masatoshi Kawano
Abstract:
This paper includes a positive analysis to quantitatively grasp the relationship among vulnerability, information security incidents, and the countermeasures by using data based on a 2007 questionnaire survey for Japanese ISPs (Internet Service Providers). To grasp the relationships, logistic regression analysis is used. The results clarify that there are relationships between information security incidents and the countermeasures. Concretely, there is a positive relationship between information security incidents and the number of information security systems introduced as well as a negative relationship between information security incidents and information security education. It is also pointed out that (especially, local) ISPs do not execute efficient information security countermeasures/ investment concerned with systems, and it is suggested that they should positively execute information security education. In addition, to further heighten the information security level of Japanese telecommunication infrastructure, the necessity and importance of the government to implement policy to support the countermeasures of ISPs is insisted.
Keywords: Information security countermeasures, information security incidents, internet service providers, positive analysis
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 16644614 Determinants of Information Security Affecting Adoption of Web-based Integrated Information Systems
Authors: Jaehun Joo, Mie-jung Kim, Ismatilla Normatov, Lyunhwa Kim
Abstract:
The purpose of this paper is to analyze determinants of information security affecting adoption of the Web-based integrated information systems (IIS). We introduced Web-based information systems which are designed to formulate strategic plans for Peruvian government. Theoretical model is proposed to test impact of organizational factors (deterrent efforts and severity; preventive efforts) and individual factors (information security threat; security awareness) on intentions to proactively use the Web-based IIS .Our empirical study results highlight that deterrent efforts and deterrent severity have no significant influence on the proactive use intentions of IIS, whereas, preventive efforts play an important role in proactive use intentions of IIS. Thus, we suggest that organizations need to do preventive efforts by introducing various information security solutions, and try to improve information security awareness while reducing the perceived information security threats.Keywords: Information security, Deterrent efforts, deterrentseverity, preventive efforts, information security awareness, information security threats, integrated information systems
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 23134613 Active Cyber Defense within the Concept of NATO’s Protection of Critical Infrastructures
Authors: Serkan Yağlı, Selçuk Dal
Abstract:
Cyber attacks pose a serious threat to all states. Therefore, states constantly seek for various methods to encounter those threats. In addition, recent changes in the nature of cyber attacks and their more complicated methods have created a new concept: active cyber defense (ACD). This article tries to answer firstly why ACD is important to NATO and find out the viewpoint of NATO towards ACD. Secondly, infrastructure protection is essential to cyber defense. Critical infrastructure protection with ACD means is even more important. It is assumed that by implementing active cyber defense, NATO may not only be able to repel the attacks but also be deterrent. Hence, the use of ACD has a direct positive effect in all international organizations’ future including NATO.
Keywords: Active cyber defense, advanced persistent treat, critical infrastructure, NATO.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 3784