Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

Muhammed Sabo,,Zake Muwanga,Manjula V.S.,Saleh Auwal,,,

DOI: https://doi.org/10.59568/jasic-2023-4-1-06

2023-07-10

Abstract:The security of information technology, specifically web applications, has become an area of concern today. Computer cybercrime is now a significant problem that affects more than just businesses and organizations. Higher education institutions also began to experience computer threats that revealed their information assets. Universities, polytechnics, colleges of education, research centers, and other postsecondary institutions are probably the most vulnerable because they house sensitive data on their faculty, staff, and students, as well as academic records of scientific and technological advancements and research. The first step in an information system security strategy is risk analysis management It helps in assessing the risk of information assets to know their security level or status, and assist in define a security control measures and implementation of technical plan to avoid threats that exploit some vulnerability that could cause severe damage to an asset or infrastructure of institutions higher education (IHEs). This article presents some recommendations to perform a risk analysis management in IHEs to accessed threats and vulnerability that helps to lower the risk of their information assets. This article presents existing educational threat and vulnerability on their web applications. Ensuring security is a goal of every organization regardless of its size or purpose and also proposed a risk management model. With the information technology, an organization may be considered secure when it ensures the confidentiality, integrity, and availability of information and IT assets. Confidentiality may be broken due to theft of sensitive information such as trade secrets, clients’ personal information.

Elissa Mollakuqe,Vesna Dimitrova

DOI: https://doi.org/10.12688/openreseurope.16634.2

2024-07-29

Abstract:Background: This research delves into the critical aspects of identity management, access control, and authorization practices within the domains of public and private universities. Identity management involves the meticulous management and control of user identities, encompassing the establishment and maintenance of user profiles, role assignments, and access privileges. Access control is the practice of defining and enforcing policies that govern who can access an IT system or application and which resources they can interact with. Authorization, meanwhile, determines the specific actions and privileges granted to users based on their roles and permissions. Methods: To understand the variances in identity management and access control approaches, we conducted a comparative analysis between public and private universities. Our investigation scrutinized the user populations with access to university systems, the enforcement of access limitations, authentication methods, and password policies. Additionally, we examined the nuances of authorization processes, levels of authorization, access approval authorities, user status and role changes, unique user account management, account deletion procedures, user authentication methods, password complexity and expiration policies, password storage methods, and session termination policies. Results: This study revealed that both public and private universities prioritize these security measures, with a common categorization of these processes. Nevertheless, there exist disparities, such as the inclusion of contractors and vendors in the user population at private universities, the manual deletion of user accounts in private institutions, and variations in password policies and storage methods. Private universities tend to enforce stricter password policies, employ more secure password storage methods, and implement automatic session termination features. Conclusions: This research provides valuable insights into the practices and approaches adopted by public and private universities to safeguard their digital environments. The findings serve as a valuable resource for enhancing identity management, access control, and authorization protocols, enabling institutions to fortify their cybersecurity defenses in an ever-evolving threat landscape.

Monther Aldwairi

DOI: https://doi.org/10.48550/arXiv.2208.12612

2022-08-17

Computers and Society

Abstract:Distance education had existed for a long time, then it has undergone a renaissance with the advent of computers and the Internet. Distance education relied on physically delivered material and assessments to students, who work offline at home. More recently, online learning or e-learning introduced virtual classrooms, assessments, online tests and transformed the classroom an into interactive online classroom. Despite the large number of online degrees offered, face-to-face remained the dominant mode and e-learning was just used to complement the classroom. The Covid-19 pandemic continues to impact higher education, and online learning is a forgone conclusion. However, the digital divide hindered the disadvantaged schools and students efforts to transition to online learning. As the pandemic continues to change the education landscape, many challenges arise and prevent student from realising the full potential of e-learning. One of those is the access to physical labs in science, engineering, and computer science programs. This study evaluates practical solutions for virtual labs to be used in teaching information security and ethical hacking. The course ran over five semesters, and 164 students were surveyed. The survey measured perceptions, enjoyment, experiences and attitudes towards virtual labs, and the results were supporting adoption and acceptance of virtual labs.

Wu Haiyan,Miao Chunyu,Jiang Dongxing

DOI: https://doi.org/10.3969/j.issn.1002-4956.2009.05.055

2009-01-01

Abstract:Information security is an important guarantee for sustainable development.The information security has experienced in three phases,such as the technology wave,the management wave,and the institutional wave.Gaining information security by means of architectural ways has been recognized by industry.The name,organization,management,content and technical measures of some well-known U. S. university's information security management department are introduced,and several special features,which China's colleges and universities information security managers can use for reference,are summarized.

Hwee-Joo Kam,Dan J. Kim,Wu He

DOI: https://doi.org/10.1080/0144929X.2021.1917659

2021-04-26

Behaviour and Information Technology

Abstract:The United States higher education is facing a unique challenge in information security management due to its distinctive characteristics, such as decentralised structure, academic freedom, and shared governance. These characteristics sharply distinguish higher education from traditional corporations. Gradually, this is beginning to pose a challenge for higher education institutions to adopt the appropriate information technology governance framework, which, for traditional corporations, mostly addresses security governance and leadership in a top-down manner. To address this issue, we examine the effect of perceived information security management approaches on perceived security practices. Our results show that the perceived flexible-oriented approach of information security management is more effective to use in implementing security controls in high education institutions. This seems to contradict most of the findings in the literature that suggest that a control-oriented approach is more effective in enforcing information security policies. Research contributions and implications are discussed, accordingly.

ergonomics,computer science, cybernetics

Sabine Goldes,Ralf Schneider,Christian M. Schweda,Jawed Zamani

DOI: https://doi.org/10.1109/cybconf.2017.7985763

2017-06-01

Abstract:Information Security is a topic of increasing importance for organizations today. The triad of professionalization and industrialization of cyber-crime, globalization and digitalization of business models, and increasing regulatory focus on data protection exerts pressure on organizations and enterprises to implement sophisticated Information Security Management Systems (ISMS). Best-practices for implementing such systems are given by multiple de-facto standards, whereas blueprints for ISMS are relatively scarce. In this paper we discuss design requirements for a modern Information Security Management System, derive a blueprint for such a system based on the viable system approach, and exemplify constituents of the blueprint from the environment of an insurance enterprise.

Huifang Li

DOI: https://doi.org/10.61360/bonicetr232014840904

2023-09-25

Contemporary Education and Teaching Research

Abstract:In the context of information technology and the digital era, people's life has been inseparable from the support of information technology, contemporary college students are using cell phones and the Internet every moment. However, information technology is a double-edged sword, in bringing convenience to our study, life, and work, there are also information security risks, especially college students have a low sense of precaution, and they may face all kinds of information security threats in the process of surfing the Internet. In the face of information technology security risks and threats, the Teaching Department of universities must take active measures to strengthen information technology security education and training to protect the privacy and rights of teachers and students, enhance the competitiveness of students' future careers, and safeguard the reputation of colleges and universities and the quality of teaching. The article first introduces the significance of information technology security education and training in the teaching department of colleges and universities and then gives effective strategies for information technology security education and training in the teaching department of colleges and universities.

Rajasekar Ramalingam,Shimaz Khan,Shameer Mohammed

DOI: https://doi.org/10.48550/arXiv.1602.06510

2016-02-21

Cryptography and Security

Abstract:The revolution of internet technology and its usage have led a significant increase in the number of online transactions and electronic data transfer, parallely increased the number of cybercrime incidents around the world. Steady economic growth in the Sultanate of Oman accelerated the volume of online utilization for e-commerce, banking, communication, education and so forth. Normally attackers target the users who ignore security practices due to the lack of information security awareness. Unawareness of information security practices, user negligence, lack of awareness programs and trainings are the root cause for information security threats. Earlier studies reveal there is a considerable and continuous cybercrime incident in Oman which compromises the security policy of the organizations, affecting the business continuity and the economic growth. In this study, a survey was performed among the educational institutions in Oman to investigate the level of information security awareness and based on the study, a security awareness model is proposed to enable information security practices in the educational institutions.

Ahmed I. Al-Darwish,Pilsung Choe

DOI: https://doi.org/10.1007/978-3-030-22351-9_15

2019-01-01

Abstract: Information systems support organizations to achieve strategic competitiveness over other organizations and assist senior management in the decision-making process. In addition, they help organizations in timely implementation of projects and effective risk management. A reliable and coherent Information System requires a solid security framework that ensures Confidentiality, Integrity, Availability, Authenticity and Auditability of the critical information assets; therefore, managing security is essential for organizations doing business in a globally networked and competitive environment whilst seeking to achieve their objectives and goals and ensuring the continuity of business. This paper provides an integrated framework that classifies and holistic view of challenges in Information Security Systems, and their interrelationships. The framework is expected to provide a basis that can be used to evaluate individual organizational members’ behavior and the adequateness of existing security measures.

Loredana Mocean,Miranda-Petronella Vlad

DOI: https://doi.org/10.2478/raft-2024-0017

2024-06-01

Land Forces Academy Review

Abstract:Abstract In this paper we propose a cybersecurity ontology model designed for universities, aiming to facilitate the management and protection of sensitive data and information within the context of the growing cybersecurity threats. The proposed ontology includes four distinct hierarchical levels: the basic level, the conceptual level, the instance level and the relationships level. At the basic level, it defines essential terms and principles of cybersecurity, including concepts like vulnerability, threat, cyber-attack, security policies and security rules. At the conceptual level, the ontology categorizes information and cybersecurity systems, embracing domains such as data protection, authentication, authorization, and auditing. At the instance level, the ontology describes specific examples of information and cybersecurity systems used in universities, such as the library management system or the accounting management system. At the relationships level, the ontology establishes links between different categories of information and cybersecurity systems, as well as between these systems and the entities that use them, such as students, professors and administrative staff. By implementing this cybersecurity ontology, universities can improve the management and protection of their sensitive data and information, as well as respond more efficiently to cybersecurity threats.

Mohd Faiz Hilmi,Yanti Mustapha

DOI: https://doi.org/10.48550/arXiv.2209.11196

2022-06-03

Cryptography and Security

Abstract:Information technology has made e-learning possible and available on a large scale. Learning management system (LMS) has been widely used and is accessible through the Internet. However, LMS are exposed to various threats. Proper understanding of the threats is required. Furthermore strategy and best practices countermeasures will ensure a safe learning environment. Therefore, this study looks into the information security aspect of LMS. Specifically, there are two main purposes of this study. First, this study provides a review of information security in e-learning environments and explains the importance of information security. Second, this study looks at how student perceived the security of their e-learning portal. A total of 497 students responded to a survey questionnaires. Frequencies analysis was conducted to show the profile of the respondent. Overall, respondent has strong positive perceptions towards security of their LMS. This study serve as an introduction which help LMS administrator to understand the issues and possibilities related to the safety of LMS.

Ahmad R. Pratama,Firman M. Firmansyah,Fayruz Rahma

DOI: https://doi.org/10.7717/peerj-cs.918

2022-03-11

PeerJ Computer Science

Abstract:Single sign-on (SSO) enables users to authenticate across multiple related but independent systems using a single username and password. While the number of higher education institutions adopting SSO continues to grow, little is known about the academic community’s security awareness regarding SSO. This paper aims to examine the security awareness of SSO across various demographic groups within a single higher education institution based on their age, gender, and academic roles. Additionally, we investigate some psychological factors (i.e., privacy concerns and personality traits) that may influence users’ level of SSO security awareness. Using survey data collected from 283 participants (faculty, staff, and students) and analyzed using a hierarchical linear regression model, we discovered a generational gap, but no gender gap, in security awareness of SSO. Additionally, our findings confirm that students have a significantly lower level of security awareness than faculty and staff. Finally, we discovered that privacy concerns have no effect on SSO security awareness on their own. Rather, they interact with the user’s personality traits, most notably agreeableness and conscientiousness. The findings of this study lay the groundwork for future research and interventions aimed at increasing cybersecurity awareness among users of various demographic groups as well as closing any existing gaps between them.

computer science, information systems, artificial intelligence, theory & methods

Yakubu Abdul-Wahab Nawusu,Abukari Abdul Aziz Danaa,Diyawu Mumin,Shiraz Ismail

DOI: https://doi.org/10.9734/ajrcos/2024/v17i5448

2024-03-15

Asian Journal of Research in Computer Science

Abstract:Student academic records are an invaluable resource for universities and colleges worldwide, yet, their safekeeping is still a major concern for many of these institutions. The security measures currently applied to protect academic record systems are deemed unsatisfactory. This paper surveys the security issues relating to students’ academic records delving into existing students’ academic records systems, cybersecurity challenges and measures to deal with the security concerns. The paper proposes a practical security model, the PIEM model, to address these security issues aimed at empowering academic institutions to build and maintain strongly protected academic record systems for capturing, storing and retrieving student academic data. The work underscores the urgent need of educational institutions to exert extra efforts to securely maintain students’ academic records and facilitate easy access and use by the various educational actors.

Masmali,Miah

DOI: https://doi.org/10.48550/arXiv.2110.04540

2021-10-09

Computers and Society

Abstract:While cyber security has become a prominent concept of emerging information governance, the Kingdom of Saudi Arabia has been dealing with severe threats to individual and organizational IT systems for a long time. These risks have recently permeated into educational institutions, thereby undermining the confidentiality of information as well as the delivery of education. Recent research has identified various causes and possible solutions to the problem. However, most scholars have considered a reductionist approach, in which the ability of computer configurations to prevent unwanted intrusions is evaluated by breaking them down to their constituent parts. This method is inadequate at studying complex adaptive systems. Therefore, the proposed project is designed to utilize a holistic stance to assess the cybersecurity management and policies in Saudi Arabian universities. Qualitative research, entailing a thorough critical review of ten public universities, will be utilized to investigate the subject matter. The subsequent recommendations can be adopted to enhance the security of IT systems, not only in institutional settings but also in any other environment in which such structures are used.

Khairunnisak Nur Isnaini,Siti Alvi Solikhatin

DOI: https://doi.org/10.26555/jifo.v14i2.a14434

2020-05-09

Jurnal Informatika

Abstract:The threat of physical security can be from human factors, natural disasters, and information technology itself. Therefore, to prevent threats, we need the right tools to control current activities, evaluate potential impacts, and make appropriate plans so that business processes at X University will not be affected. This research starts by analyzing the problems that arise, followed by collecting the data needed, discussing the results, and making conclusions and recommendations that can be given. The method uses quantitative descriptive research. The research instrument uses interviews and questionnaire techniques. COBIT 5 is used as a framework for measuring the performance that is being implemented and will be achieved. Maturity models are used to measure current and future activities. The goal to be achieved is that the organization can create a physical security environment by the CIA principle (confidentiality, integrity, & availability). Positioning results are at level 3, meaning that the process is currently running in two main standard operating procedures. However, this evaluation specifically on the DSS5.5.5 subdomain (Providing Service Support-Managing physical security for IT Assets) in COBIT 5, and the results are still below the level 3 standard (Established Process), at 2.9 points. So, the right suggestion is to keep activities safe, one of which is to improve facilities and infrastructure, one of which is the use of biometric control in data center management rooms or other rooms with limited access.

Jason Slaughter,Syed Shawon M. Rahman

DOI: https://doi.org/10.48550/arXiv.1111.1772

2011-11-07

Cryptography and Security

Abstract:The Department of Defense has a need for an identity management system that uses two factor authentications to ensure that only the correct individuals get access to their top secret flight simulator program. Currently the Department of Defense does not have a web interface sign in system. We will be creating a system that will allow them to access their programs, back office and administrator functions remotely. A security plan outlining our security architecture will be delivered prior to the final code roll out. The plan will include responses to encryption used and the security architecture applied in the final documentation. The code will be delivered in phases to work out any issues that may occur during the implementation

Shaanan Cohney,Ross Teixeira,Anne Kohlbrenner,Arvind Narayanan,Mihir Kshirsagar,Yan Shvartzshnaider,Madelyn Sanfilippo

DOI: https://doi.org/10.48550/arXiv.2012.05867

2021-06-16

Abstract:Universities have been forced to rely on remote educational technology to facilitate the rapid shift to online learning. In doing so, they acquire new risks of security vulnerabilities and privacy violations. To help universities navigate this landscape, we develop a model that describes the actors, incentives, and risks, informed by surveying 49 educators and 14 administrators at U.S. universities. Next, we develop a methodology for administrators to assess security and privacy risks of these products. We then conduct a privacy and security analysis of 23 popular platforms using a combination of sociological analyses of privacy policies and 129 state laws, alongside a technical assessment of platform software. Based on our findings, we develop recommendations for universities to mitigate the risks to their stakeholders.

Cryptography and Security

Wang Di

DOI: https://doi.org/10.1109/iicspi51290.2020.9332466

2020-11-28

Abstract:Universities shoulder the important mission of cultivating and providing talents for the society, carrying out scientific research and experiments and transforming achievements. The security and stability of universities are important factors concerning the stable development of society. Working on the information security in universities is the strategic deployment that implements the overall national security concept persisted by the CPC Central Committee and paves out a path of national security with Chinese characteristics. This paper summarizes the connotation and main work of information security in universities, analyzes the current situation of information security protection in universities from four aspects: resistance capacity of information security, overall environment of security protection system, working mode of information construction and security awareness of all personnel in universities, and concludes the countermeasures of constructing security protection system in universities.

Sadaf Hina,P. Dhanapal Durai Dominic

DOI: https://doi.org/10.1080/08874417.2018.1432996

2018-03-30

Journal of Computer Information Systems

Abstract:This paper provides a systematic literature review in the information security policies’ compliance (ISPC) field, with respect to information security culture, information security awareness, and information security management exploring in various settings the research designs, methodologies, and frameworks that have evolved over the last decade. Studies conducted from 2006 to 2016 reporting results from data collected through diverse means have been explored; however, only a few studies have focused primarily on a sensitive infrastructure under risk, as is the case with higher education institutions (HEIs). This study reports that ISPC in HEIs remains scarce, as is the realization of security threats and dissemination of information security policies to end users (employees). This research makes a novel contribution to the body of knowledge as a unique study that has reviewed the influence of institutional governance in HEIs on protection motivation leading towards ISPC.

computer science, information systems