黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

A. A. Maidabino,A. N. Zainab

DOI: https://doi.org/10.48550/arXiv.1301.5385

2013-01-23

Digital Libraries

Abstract:This study examines the literature on library security and collection security to identify factors to be considered to develop a collection security management assessment instrument for university libraries. A "house" model was proposed consisting of five factors; collection security governance, operations and processes, people issues, physical and technical issues and the security culture in libraries. An assessment instrument listing items covering the five factors was pilot tested on 61 samples comprising chief librarians, deputy librarians, departmental, sectional heads and professional staff working in four university libraries in Nigeria. The level of security implementation is assessed on a scale of 1=not-implemented, 2=planning stage, 3=partial implementation, 4=close to completion, and 5=full implementation. The instrument was also tested for reliability. Reliability tests indicate that all five factors are reliable with Cronbach's alpha values between 0.7 and 0.9, indicating that the instrument can be used for wider distribution to explore and assess the level of collection security implementation in university libraries from a holistic perspective.

Petrus Dwi Ananto Pamungkas

DOI: https://doi.org/10.48550/arXiv.1808.07234

2018-08-22

Computers and Society

Abstract:The library serves as a vehicle for education, research, conservation, information, and recreation to improve the nation's intelligence and empowerment [1]. The function of the library as a place of education, research, and information provides an opportunity to use the information system of Senayan Library Management System (SLiMS) in the library in order to improve the service to the user, increase the reading interest, and expand the insight and knowledge to educate the nation. The use of ISO 9126 standard is able to know the quality of SLiMS information system which is said to be free of charge of usage and license (because it belongs to Open Source Software category [2]) to assist library management in Indonesia. The implementation of the SLiMS information system audit in several university libraries refers to the ISO 9126 standard by using the Functionality, Reliability, Usability, Efficiency, Maintainability and Portability aspects through distributing questionnaires to university librarians in charge. With the help of the use of Google Forms it turns out that only ten universities librarians in charge who are willing to fill out the questionnaires are IPMI IBS, Bakrie University, Perbanas Institute Jakarta, STMIK & Bina Insani Academy, Prasetya Mulya University, Agung Podomoro University, Indonesian Higher Law School, Matana University, STIKS Tarakanita Jakarta, and STAI-PIQ West Sumatra. From the results of data processing it is known that SLiMS included in the category VERY GOOD for use in the management of libraries in college. This means that the ten universities librarians in charge admitted and have proven that SLiMS is very helpful in library management.

Ankur Shukla,Basel Katt,Livinus Obiora Nweke,Prosper Kandabongee Yeng,Goitom Kahsay Weldehawaryat

DOI: https://doi.org/10.1016/j.cosrev.2022.100496

2022-07-29

Abstract:System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.

Cryptography and Security,Software Engineering

Mohd Faiz Hilmi,Yanti Mustapha

DOI: https://doi.org/10.48550/arXiv.2209.11196

2022-06-03

Cryptography and Security

Abstract:Information technology has made e-learning possible and available on a large scale. Learning management system (LMS) has been widely used and is accessible through the Internet. However, LMS are exposed to various threats. Proper understanding of the threats is required. Furthermore strategy and best practices countermeasures will ensure a safe learning environment. Therefore, this study looks into the information security aspect of LMS. Specifically, there are two main purposes of this study. First, this study provides a review of information security in e-learning environments and explains the importance of information security. Second, this study looks at how student perceived the security of their e-learning portal. A total of 497 students responded to a survey questionnaires. Frequencies analysis was conducted to show the profile of the respondent. Overall, respondent has strong positive perceptions towards security of their LMS. This study serve as an introduction which help LMS administrator to understand the issues and possibilities related to the safety of LMS.

Michelle Cantika Pontoan,Jay Idoan SIhotang,Erienika Lompoliu

DOI: https://doi.org/10.30812/matrik.v22i2.2474

2023-03-31

Abstract:The rapid development of information affects many aspects of human life. So that the field of information security becomes one aspect that must be considered. This study aims to measure the information security awareness and to improve daily operational activities of managing IT services effectively and efficiently. Salemba Adventist Academy has used the Wium Online Education Management System (WIOEM) online system, but in its implementation the security aspects of the system are not yet known. The Information Technology Infrastructure Library (ITIL) v3 framework which is globally recognized for managing information technology is broken down into five parts: Service Strategy, Service Design, Service Transition, Service Operation, Continual Service Improvement. This study focuses on Service Operations with 4 attributes, namely: Security, Privacy, Risk, and Trust. The data collection method used by the researcher was through observation in the form of a questionnaire in taking the number of samples to several students by taking population samples using the Lemeshow method. After the data were collected, the results of the ITIL indicator questionnaire are calculated based on the data security level. The results show that the Security indicator is Level 1, the Privacy indicator is level 3, the Risk indicator is level 3, and the Trust indicator is level 4 on the Data Security Level scale. This shows that the WIOEM system can be used properly according to user expectations and meets several levels of data security according to ITIL v3 framework.

Ghulam Farid,Nosheen Fatima Warraich,Sadaf Iftikhar

DOI: https://doi.org/10.1177/01655515231160026

2023-04-07

Journal of Information Science

Abstract:Journal of Information Science, Ahead of Print. Digital information security management (DISM) is considered an important tool to ensure the privacy and protection of data and resources in an electronic environment. The purpose of this research is to look into the applications of DISM policies in terms of practices and implementation in academic libraries. It also identifies the challenges faced by academic libraries in applying these DISM practices regarding policy. A systematic literature review was conducted to achieve the objectives of the study. The data were collected from well-known different databases, that is, Library Information Science and Technology s (LISTA), Library and Information Science s (LISA), IEEE Xplore, Emerald Insight, ACM Digital Library, Scopus, Sage journals, Taylor & Francis, ProQuest, Science Direct, Wiley Online Library, and Google Scholar. It followed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines to choose relevant articles with keyword searching. Some academic libraries have developed DISM policies on data protection, data backup, information security (IS) systems, the development of hardware and software, the training of library staff, data protection from malware and social engineering, and data security and privacy. A few libraries have developed a mechanism to protect and secure users' sensitive data from hackers, viruses, malware and social engineering. Findings indicated that both organisations and users trust libraries due to their strict privacy and data security policies. However, some academic libraries did not adopt and implement DISM policies in their organisations, even though they had written DISM policies. Libraries have been facing issues with the DISM policy on data security and privacy, data backup, IS systems, hardware and software upgrades and technical support of library staff. They also face budgetary challenges and a lack of readiness among librarians to adopt emerging tools and technology such as DISM. Library professionals faced challenges in developing and implementing the DISM policy. For data security and privacy, stakeholders, administrators and library professionals must promote the DISM policy culture in academics. This study is beneficial for library professionals, policymakers, administrators and management to make DISM policies and implement them in their organisation or libraries to secure sensitive, personal data and resources. This article is the first review of DISM policy in academic libraries of its kind and would be useful for information professionals, stakeholders and administrators.

computer science, information systems,information science & library science

Yasir Riady,Muhammad Sofwan,Mailizar Mailizar,Turki Mesfer Alqahtani,Lalu Nurul Yaqin,Akhmad Habibi

DOI: https://doi.org/10.1016/j.jjimei.2023.100192

2023-11-01

International Journal of Information Management Data Insights

Abstract:This study attempts to model the factors that affect the system's use, user satisfaction, net benefits, and user loyalty to digital library services. We developed the proposed framework using Delone and McLean's information system success model. A survey instrument was adapted, validated, and assessed for reliability. The survey data were gathered from respondents (n. 2105) who are Indonesian open university (IOU) students. We evaluated the validity and reliability of the data by assessing the measurement model. We applied a structural model in the Partial Least Square Structural Equation Modelling (PLS-SEM) to report the path coefficient (β), p-value, and t-value for the main data analysis. Findings inform that all hypotheses were confirmed. Service quality had the most significant role in predicting user satisfaction, and user satisfaction was the most significant predictor of use. In addition, the net benefits variable was mostly affected by use. For user loyalty, the most robust determinant was net benefits. This research elaborates on quality criteria that can be a reference for related stakeholders to improve digital library services, satisfaction, use, net benefits, and user loyalty.

Faiza Bashir,Saira Hanif Soroya,Almas Khanum

DOI: https://doi.org/10.1080/01930826.2018.1436799

2018-03-27

Journal of Library Administration

Abstract:The mission of public libraries is to serve the unique needs of their local communities. Public library User's play a very vital role in the development of these libraries by suggesting or recommending additions to the collection. This study aims to evaluate the satisfaction of users with the quality and quantity of library collection. A self structured questionnaire based on open and close ended question was constructed. A purposive sample of one hundred users was selected. The data were qualitatively analyzed using a thematic approach. Positive opinion observed related to the library response towards the suggested titles. Almost half the population of respondents was satisfied with the availability of their suggested titles in library. Most of them were dissatisfied regarding the maintenance of equal collection of books and they are not encouraged by the library staff during the books suggestion process. It concludes that there is a need to evaluate the existing library collections.

Thamer Alhussain,Ahmad Ali AlZubi,Osama AlFarraj,Salem Alkhalaf,Musab S. Alkhalaf

DOI: https://doi.org/10.1007/978-3-030-44041-1_108

2020-01-01

Abstract:This article proposes an information security management system (ISMS) model for automated data processing systems of critical applications (ADPS-CAs). The model allows users to carry out an assessment of the risk level for information security (IS) purposes and provides support for decision-making related to countering unauthorized access to the information circulating in an ADPS-CA. Further, this article analyzes the effect of a control parameter on the probability of launching an information integrity monitoring service (IMS) during a procedure that launches a typical ADPS-CA and its IS subsystem. The results present system quality indicators for protecting information from unauthorized access. The simulation was performed in relation to automated workstations as part of the ADPS-CA of a large enterprise.

Khairunnisak Nur Isnaini,Siti Alvi Solikhatin

DOI: https://doi.org/10.26555/jifo.v14i2.a14434

2020-05-09

Jurnal Informatika

Abstract:The threat of physical security can be from human factors, natural disasters, and information technology itself. Therefore, to prevent threats, we need the right tools to control current activities, evaluate potential impacts, and make appropriate plans so that business processes at X University will not be affected. This research starts by analyzing the problems that arise, followed by collecting the data needed, discussing the results, and making conclusions and recommendations that can be given. The method uses quantitative descriptive research. The research instrument uses interviews and questionnaire techniques. COBIT 5 is used as a framework for measuring the performance that is being implemented and will be achieved. Maturity models are used to measure current and future activities. The goal to be achieved is that the organization can create a physical security environment by the CIA principle (confidentiality, integrity, & availability). Positioning results are at level 3, meaning that the process is currently running in two main standard operating procedures. However, this evaluation specifically on the DSS5.5.5 subdomain (Providing Service Support-Managing physical security for IT Assets) in COBIT 5, and the results are still below the level 3 standard (Established Process), at 2.9 points. So, the right suggestion is to keep activities safe, one of which is to improve facilities and infrastructure, one of which is the use of biometric control in data center management rooms or other rooms with limited access.

Sayed Amir Reza Mortazavi,Faramarz Safi-Esfahani

DOI: https://doi.org/10.1007/s41870-019-00302-0

2019-04-22

International Journal of Information Technology

Abstract:Today, information is rapidly increasing. For most of this information, data security and protection from unauthorized access are of great importance. Maybe information is created by an individual or a few people, but creating security for the information should be done by all assets of hardware, software and people. This entails organizing all elements of the system, and training and monitoring the performance of the people. One of the standards provided for the creation of security is ISMS. This standard is intended to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a system in terms of security. ISMS receives several parameters from users, assesses the risks and offers some controls (guidelines) to improve them. Collecting primary parameters is also very important in ISMS. Usually these parameters are collected personally, which result in getting inaccurate outcomes. The most important parameters include confidentiality, integrity, availability, threat and vulnerability. This paper tries to provide a method based on checklists so that by assessing the users’ responses to these checklists, one can more accurately insert the vulnerability parameter value as a standard input of ISMS, in order to gain better outcomes, and more accurately perform choice of controls. In the assessment, the standard deviation method is calculated, and comparison between the common mode of ISMS and the proposed method shows that the latter works 30% better than the conventional method. People may refuse to respond sincerely due to different reasons, and the percentage of the results may differ, since the results are obtained as cross-sectional at a certain time.

Akhyari Nasir,Ruzaini Abdullah Arshah,Mohd Rashid Ab Hamid,Syahrul Fahmy,,,,

DOI: https://doi.org/10.30880/ijie.2022.14.03.017

2022-06-20

International Journal of Integrated Engineering

Abstract:This paper examines the factors determining a positive Information Security Culture (ISC) concept and the influence of ISC towards ISP compliance intention (INT) between IT and non-IT professionals in Malaysian public universities. Partial least square structural equation modelling, using PLS MGA, is used to assess the measurement and structural models, and to compare the results between the two groups. Results indicate all factors have significant contribution towards ISC in both groups, with two out of seven ISC factors have significant differences. This study has revealed that although both groups have the same ISC factors, IT and non-IT professionals have significant difference in terms of believe that Top Management Commitment and Information Security Knowledge are required for implementing apositive ISC. In addition, there is a significant difference between these two groups in terms of the influence of ISC towards ISP compliance intention. ISC has less influence towards INT for Non-IT professionals compared to IT professionals within the same ISC. These empirical findings would benefit in formulating better security strategies by providing appropriate efforts for different groups of employees in the organizations. This study also provides a total cyber security solution for improving information security culture and employees’ compliance towards Information Security Policy.

Sadaf Hina,P. Dhanapal Durai Dominic

DOI: https://doi.org/10.1080/08874417.2018.1432996

2018-03-30

Journal of Computer Information Systems

Abstract:This paper provides a systematic literature review in the information security policies’ compliance (ISPC) field, with respect to information security culture, information security awareness, and information security management exploring in various settings the research designs, methodologies, and frameworks that have evolved over the last decade. Studies conducted from 2006 to 2016 reporting results from data collected through diverse means have been explored; however, only a few studies have focused primarily on a sensitive infrastructure under risk, as is the case with higher education institutions (HEIs). This study reports that ISPC in HEIs remains scarce, as is the realization of security threats and dissemination of information security policies to end users (employees). This research makes a novel contribution to the body of knowledge as a unique study that has reviewed the influence of institutional governance in HEIs on protection motivation leading towards ISPC.

computer science, information systems

Fitri Wijayanti,Dana Indra Sensuse,Arief Anthadi Putera,Andy Syahrizal

DOI: https://doi.org/10.1109/ic2ie50715.2020.9274574

2020-09-15

Abstract:The DRC of the Ministry XYZ has suffered from a system breach. The DRC's problem will lead to a lack of system information security, availability, and an increasing threat to the whole system of Ministry XYZ. In 2019, the KAMI Index assessment of the Ministry XYZ stated that the level of maturity and completeness of the application of ISO 27001 standards of the XYZ Ministry were at the level of fulfillment of the basic framework. There is a gap between the assessment result and the operational problem within the DRC of Ministry XYZ due to the lack of an information security management system. Therefore, this study conducts the same KAMI Index assessment within the scope of the DRC only and aims to offer a recommendation based on ISO 27001 as the basis of the KAMI Index assessment. This study used discussion, observation, and KAMI Index assessment tools for collecting data and analyze the result. The assessment result of the DRC showed that the maturity level of the ISO 27001 standard on the DRC is on the application of the basic framework. The suggested recommendations to improve the information security management system of the DRC were mostly in the aspect of the information security framework and assets management.

Endang Kurniawan,Imam Riadi,Amin Irmawan,Arusani

DOI: https://doi.org/10.48550/arXiv.2204.09511

2022-04-17

Abstract:This study aims to information security in academic information systems to provide recommendations for improvements in information security management by the expected maturity level based on ISO/IEC 27002:2013. By using a qualitative descriptive approach, data collection and validation techniques with triangulation techniques are interviews, observation, and documentation. The data were analyzed by using gap analysis and to measure the maturity level determined 15 objective control and 45 security controls scattered in 5 clauses, the result of the research found that the performance of academic information system maturity level at level 2. That is, the current level of maturity is below the expected maturity level, so it needs to be increased to the expected level.

Cryptography and Security

Rohani Rohan,Debajyoti Pal,Jari Hautamäki,Suree Funilkul,Wichian Chutimaskul,Himanshu Thapliyal

DOI: https://doi.org/10.1016/j.heliyon.2023.e14234

IF: 3.776

2023-03-01

Heliyon

Abstract:Information Security Awareness (ISA) is a significant concept that got considerable attention recently and can assist in minimizing the risks associated with information security breaches. Several measurement scales have been developed in this regard, as measuring users' ISA is paramount. Although ISA specific scales are very important, yet what methodological rigor they use in terms of initial conceptualization of ISA, data collection and analysis during the development, and scale validation of such scales are some unknown aspects. Therefore, we provide a comprehensive review of the existing ISA specific scales to address all the above concerns. A popular method, PRISMA, is utilized, and a total of 24 articles that match with criteria of this research are included for the final in-depth analysis. Also, a holistic evaluation framework is developed containing three phases and 19 criteria. Findings revealed that most studies treat ISA as a multi-dimensional construct, and ISA researchers rarely conduct both pilot testing and pre-text evaluation while validating and refining the initial scales. Additionally, several articles did not report some of the essential elements used for checking the rigor of factor analysis, and evidence for validities of the identified scales is inadequate. Consequently, existing ISA specific scales must be improved both in terms of the methodological thoroughness of the scale development procedure and their validities. Moreover, not only justifying why the development of a new scale is necessary, but also improving the quality of the existing scales by doing multiple iterations is significant in the future. Likewise, the inclusion of all the dimensions of ISA, while generating the initial items pool is an important aspect to be considered. A thorough discussion, recommendations for future research, conclusions, and study limitations are provided.

Yiyang Jia,Hanyan Wu,Dongxing Jiang

DOI: https://doi.org/10.1109/CyberC.2015.47

2015-01-01

Abstract:Security situation assessment is an effective way to analyze the situation of an information system, which helps administrator understand the current system risk status and make policy to response in time. However, the existing researches for security situation assessment mostly focus on network. The proposed methods for network are not so suitable for information systems. This paper proposes a hierarchical security situation analysis framework for information system, based on a classical NSSA [1] (network security situation analysis) model. The framework provides a standard flow for analyzing the security situation of information system. It consists a security situation analysis model of information system, an index system used in the model proposed, and a quantitative index fusion method to calculate a security situational value. We divided information system into 3 levels: sub-system level, composition level and index level. The collected information from the index level can be combined with grey model to determine the correlation degree between each major index and secondary index. Finally we calculate the whole system security situational value level by level. We use data from Tsinghua University information system to verify the proposed model and method. The result shows that this model can reflect the current security situation of information system comprehensively.

Edyta Karolina Szczepaniuk,Hubert Szczepaniuk,Tomasz Rokicki,Bogdan Klepacki

DOI: https://doi.org/10.1016/j.cose.2019.101709

2020-03-01

Abstract:The aim of the article is to characterise and assess information security management in units of public administration and to define recommended solutions facilitating an increase in the level of information security. The article is considered a theoretical-empirical research paper. The aim of theoretical research is to explain the basic terms related to information security management and to define conditions for the implementation of Information Security Management System (ISMS). Within the scope of theoretical considerations, source literature, legislation and reports are being referred to. In the years 2016-2019, empirical research has been conducted, which aim was to assess the efficiency of information security management in public administration offices. The evaluation of results of surveys was accompanied by an analysis of statistical relations between the researched variables, which enabled to define effects of European Union regulations on the delivery of information security in public administration. Results of the empirical data show that in the years 2016-2017, in public administration offices, certain problem areas in the aspect of information security management were present, which include, among others: lack of ISMS organisation, incomplete or outdated ISMS documentation, lack of regular risk analysis, lack of reviews, audits or controls, limited use of physical and technological protection measures, lack of training or professional development. In the years 2018-2019, European Union solutions, i.e. the GDPR Regulation and the NIS Directive, have affected the increase in the security level of information in public administration and have a significantly limited occurrence of identified irregularities. Results of the research enable to assume that the delivery of information security in public administration requires a systemic approach arising from the need for permanent improvement.

computer science, information systems

Olayinka Babayemi Makinde,Saheed Abiola Hamzat,Adeyinka Koiki-Owoyele

DOI: https://doi.org/10.1177/02666669231168406

2023-04-19

Information Development

Abstract:Information Development, Ahead of Print. The study assessed the information literacy (IL), attitude towards research and research competence of Library and Information Science (LIS) undergraduates in South-West Nigeria universities. The descriptive survey design was adopted for the study. A two-stage sampling technique was employed for the study to get a final sample of 401. Questionnaire and focus group discussion (FGD) were the instruments for the study. Out of 401 copies of the questionnaire, 392 were found usable, which constituted a 97% return rate. The data gathered were analysed with the aid of the SPSS by the use of frequency, percentage and correlation. Thematic analysis was conducted on the qualitative data (FGD). The study found that the LIS undergraduates had poor IL, a mixed display of attitude towards research, and an acceptable level of research competence. Further, there was a significant relationship between IL and research competence of LIS undergraduates. The study recommends training on the acquisition of IL skills at the earlier levels of the LIS degree to help with research motivation and comprehension.

information science & library science