Ahmed I. Al-Darwish,Pilsung Choe

DOI: https://doi.org/10.1007/978-3-030-22351-9_15

2019-01-01

Abstract: Information systems support organizations to achieve strategic competitiveness over other organizations and assist senior management in the decision-making process. In addition, they help organizations in timely implementation of projects and effective risk management. A reliable and coherent Information System requires a solid security framework that ensures Confidentiality, Integrity, Availability, Authenticity and Auditability of the critical information assets; therefore, managing security is essential for organizations doing business in a globally networked and competitive environment whilst seeking to achieve their objectives and goals and ensuring the continuity of business. This paper provides an integrated framework that classifies and holistic view of challenges in Information Security Systems, and their interrelationships. The framework is expected to provide a basis that can be used to evaluate individual organizational members’ behavior and the adequateness of existing security measures.

Abdalwali Lutfi,

DOI: https://doi.org/10.4192/1577-8517-v22_2

2022-03-04

The International Journal of Digital Accounting Research

Abstract:The Information Technology (IT) revolution that led to the development of cloud computing services and systems has brought numerous benefits to end users handling business through the Internet, particularly in the field of accounting information systems (AIS). Cloud-based accounting information systems (CB-AIS) enable firms to substantially reduce their investment in IT and have flexible access to an enormous group of current and scalable resources. CB-AIS enables small- and medium-sized enterprises (SMEs) to undertake basic bookkeeping responsibilities themselves instead of paying external auditors for the same services. In Jordan, however, current businesses are still in the infancy stage when it comes to CB-AIS adoption. Therefore, this study applied the Technology, Organization, and Environment model to examine CB-AIS adoption among SMEs in Jordan. Data collection was achieved using a structured survey questionnaire collected from 156 owners/managers of SMEs in Jordan through online means. The proposed research framework comprises six factors that influence intention to adopt CB-AIS (IACB-AIS). Based on the findings, the proposed hypotheses were supported in that the factors positively and significantly affect the IACB-AIS of SMEs in Jordan. Through examining an actual IACB-AIS case and highlighting the importance of its application, the study and its findings are expected to contribute to decision-makers and practitioners in the IT field.

Ayah Elshebli,Ghaleb Sweis,Ahmad Sharaf,Ghaith Al Jaghbeer

DOI: https://doi.org/10.1186/s12911-024-02673-2

IF: 3.298

2024-10-12

BMC Medical Informatics and Decision Making

Abstract:In Jordan, the confluence of traffic congestion and overcrowding in public hospitals poses a significant challenge for patients to collect their medications timely. This challenge was further intensified during the COVID-19 pandemic. Recognizing this issue, the Ministry of Health (MOH) and Electronic Health Solutions (EHS) intend to establish a Medication Delivery System (MDS), designed to provide patients with home delivery of medications and ensure proper treatment. This paper outlines a comprehensive framework to guide requirements engineers in devising an effective MDS framework, with a focus on expediting the development and testing processes and mitigating the risks associated with constructing such a system.

medical informatics

Hezam Akram Abdulghani,Anastasija Collen,Niels Alexander Nijdam

DOI: https://doi.org/10.3390/s23084174

2023-04-21

Abstract:Internet of Things (IoT) faces security concerns different from existing challenges in conventional information systems connected through the Internet because of their limited resources and heterogeneous network setups. This work proposes a novel framework for securing IoT objects, the key objective of which is to assign different Security Level Certificates (SLC) for IoT objects according to their hardware capabilities and protection measures implemented. Objects with SLCs, therefore, will be able to communicate with each other or with the Internet in a secure manner. The proposed framework is composed of five phases, namely: classification, mitigation guidelines, SLC assignment, communication plan, and legacy integration. The groundwork relies on the identification of a set of security attributes, termed security goals. By performing an analysis on common IoT attacks, we identify which of these security goals are violated for specific types of IoT. The feasibility and application of the proposed framework is illustrated at each phase using the smart home as a case study. We also provide qualitative arguments to demonstrate how the deployment of our framework solves IoT specific security challenges.

Ahmed I. Al-Darwish,Pilsung Choe

DOI: https://doi.org/10.1007/978-3-030-25629-6_114

2019-01-01

Abstract:Information systems support organizations to achieve strategic competitiveness and to improve the decision-making process. In addition, they help timely implementation of projects and effective risk management. A reliable and coherent information system requires a solid security framework that ensures Confidentiality, Integrity, Availability, Authenticity and Auditability of the critical information assets; therefore, managing security is essential for organizations doing a business in a globally networked and competitive environment whilst seeking to achieve their objectives and goals and ensuring the continuity of business. To date, studies have shown that non-technical risks are as important as technical risks in safeguarding. However, little attention has been paid to the role of human factors or organizational factors. This study validates the importance of non-technical factors based on a case study of an incident analysis using the information security framework with a focus of non-technical factors.

Mohammed Al-Tajer,Richard Adeyemi Ikuesan

DOI: https://doi.org/10.48550/arXiv.2207.00820

2022-07-02

Abstract:Cyber security is considered a necessity for anyone in todays modern world. Awareness of cyber security standards and best practices have become mandatory to safeguard ones child in this day and age. High schoolers today do not understand cyber security threats due to the lack of parental involvement or the lack of educational material and courses in high school. This study developed a framework that addresses the lack of cybersecurity awareness for high school students. The proposed framework gives a flow of steps to provide effective awareness approaches for k12. This was achieved using an approach of creating a functional operational framework that consists of four phases which are Threats and Attacks Identification, Existing Awareness Discovery, Creating Awareness Approach, and Awareness Approach Evaluation. The output resulted in a cybersecurity awareness approach specifically for the k-12 age range, which leverages cybersecurity emojis. Thus, by exploring this approach, the security community can enroll and lure teenagers into cybersecurity and raise the degree of security awareness.

Cryptography and Security

Afnan Alfaadhel,Iman Almomani,Mohanned Ahmed

DOI: https://doi.org/10.3390/app13106145

2023-05-17

Applied Sciences

Abstract:Cybersecurity attacks are still causing significant threats to individuals and organizations, affecting almost all aspects of life. Therefore, many countries worldwide try to overcome this by introducing and applying cybersecurity regularity frameworks to maintain organizations’ information and digital resources. Saudi Arabia has taken practical steps in this direction by developing the essential cybersecurity control (ECC) as a national cybersecurity regulation reference. Generally, the compliance assessment processes of different international cybersecurity standards and controls (ISO2700x, PCI, and NIST) are generic for all organizations with different scopes, business functionality, and criticality level, where the overall compliance score is absent with no consideration of the security control risk. Therefore, to address all of these shortcomings, this research takes the ECC as a baseline to build a comprehensive and customized risk-based cybersecurity compliance assessment system (RC2AS). ECC has been chosen because it is well-defined and inspired by many international standards. Another motive for this choice is the limited related works that have deeply studied ECC. RC2AS is developed to be compatible with the current ECC tool. It offers an offline self-assessment tool that helps the organization expedite the assessment process, identify current weaknesses, and provide better planning to enhance its level based on its priorities. Additionally, RC2AS proposes four methods to calculate the overall compliance score with ECC. Several scenarios are conducted to assess these methods and compare their performance. The goal is to reflect the accurate compliance score of an organization while considering its domain, needs, resources, and risk level of its security controls. Finally, the outputs of the assessment process are displayed through rich dashboards that comprehensively present the organization’s cybersecurity maturity and suggest an improvement plan for its level of compliance.

materials science, multidisciplinary,engineering,chemistry,physics, applied

Mohammad Adaileh,Ali Alshawawreh

DOI: https://doi.org/10.51300/jidm-2020-32

2021-06-28

Journal of Innovations in Digital Marketing

Abstract:The digital transformation vision (REACH 2025) is essential for transformation and enabling individuals, sectors, and companies in Jordan to adopt digital solutions and build a robust ground in conducting business. The government in Jordan launched the REACH2025 Vision in 2016, and it has taken many serious measures to bring sectors, companies, and individuals to virtual digital by 2025. This government's vision consisted of seven dimensions (Smart Specialization and demand-driven innovation, Public Sector Innovation, Tech Start-ups and Entrepreneurs, ICT Skills, Capacity and Talent, Enabling Business Environment, Smart digital economy infrastructure, and Governance), and 18 actions to implement over ten years. The researchers used these dimensions to build a framework to measure the impact of government progress on enabling individuals, sectors, and companies, on productivity, and encouraging investment. The researchers used a sample of 196 respondents from various disciplines to figure out attitudes and evaluate government actions. The researchers also used responses to validate the proposed theoretical framework in the components of the digital economy. The results revealed positive attitudes towards the development and implementation, and excellent in some areas, while some measures need strengthening and re-evaluation. The study recommended employing the proposed framework to measure the actual impact of the digital transformation. The study also advises leading future research towards further empirical examination to validate the framework proposed.

Yakubu Ajiji Makeri

DOI: https://doi.org/10.30630/joiv.4.1.280

2020-02-17

Abstract:Information Security is a crucial asset within an organization, and it needs to be protected, Information System (IS) Security is still threats a significant concern for many organizations. Is profoundly crucial for any organization to preserve Information System (IS) Security and computer resources, hardware, software, and networks, etc.The Information System (IS)assets against malicious attacks such as unauthorized access and improper use. This research, we developed a theoretical model for the adoption process of IS Security innovations in organizations, are numerous measures available that provides protection for organization IS assets, including (hardware, software, networks, etc.) and antivirus, firewall, filters, Intrusion Detection System (IDS), encryption tools, authorization mechanisms, authentication systems, and proxy devices. The model is to derive by the four combining theoretical models of innovation adoption, namely, the Theory of Planned Behaviour (TPB, Diffusion of Innovation theory (DOI), the Technology Acceptance Model (TAM),) and the Technology-Organisation-Environment (TOE) framework. The Computer security education needs to consider as a means of to combat against threats Arachchilage and Arachchilage et al., 2016). (Arachchilage and Love, 2013; While the process of innovation assimilation is as a result of the user acceptance of innovation within the organization. This model depicts security innovation adoption in organizations, as a two decision proceeding for any organization. The stage until its acquisition of innovation and adoption process from the initiation is considered as a decision made any organization. The The model also introduces several factors that influence the different stages of information Security and the innovation adoption process Adoption of IS security measures by the individuals and organizations

Knut Haufe,Ricardo Colomo-Palacios,Srdan Dzombeta,Knud Brandis,Vladimir Stantchev

DOI: https://doi.org/10.12821/ijispm040402

2022-02-02

International Journal of Information Systems and Project Management

Abstract:Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS) is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. It is based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened.

Aliya Tabassum,Wadha Lebda

DOI: https://doi.org/10.48550/arXiv.1912.01712

2019-11-26

Cryptography and Security

Abstract:Internet of Things (IoT) is the interconnection of heterogeneous smart devices through the Internet with diverse application areas. The huge number of smart devices and the complexity of networks has made it impossible to secure the data and communication between devices. Various conventional security controls are insufficient to prevent numerous attacks against these information-rich devices. Along with enhancing existing approaches, a peripheral defence, Intrusion Detection System (IDS), proved efficient in most scenarios. However, conventional IDS approaches are unsuitable to mitigate continuously emerging zero-day attacks. Intelligent mechanisms that can detect unfamiliar intrusions seems a prospective solution. This article explores popular attacks against IoT architecture and its relevant defence mechanisms to identify an appropriate protective measure for different networking practices and attack categories. Besides, a security framework for IoT architecture is provided with a list of security enhancement techniques.

Adnan Ahmed Abi Sen

DOI: https://doi.org/10.1007/s41870-022-00965-2

2022-05-16

International Journal of Information Technology

Abstract:The Internet of Things, computing models, artificial intelligence algorithms, and communication protocols have all contributed to a smarter world. These technologies are achieving tremendous results in advancement in areas such as health, education, transportation, economy, services, and environment, to name a few. However, there are still serious challenges that need to be addressed in regard to security and the privacy of users' data. Unfortunately, so far, the current methods for protection have only met the requirements of specific applications. Most of these methods suffer from problems related to the level of protection, level of resistance to attacks, performance, and accuracy of results of the main services. Moreover, the methods lack the mechanism to trust other parties, which are often the source of threat. This paper presents a comprehensive privacy protection framework that seeks to create an effective, dynamic, and adaptive approach, which we call the Comprehensive Privacy and Security Framework (CPSF). The proposed approach is not based on any particular technology, but on the integration of most of the main protection techniques. In this research, we will provide a framework of the first stage of the CPSF and discuss its components that would be able to choose the appropriate method from a list of the available protection methods. For future research, we will provide an extended framework and its implementation, which would be tested on real cases on different components of the Internet of Things.

Ahmed S. Shatnawi,Basheer Al-Duwairi,Mahmoud M. Almazari,Mohammad S. Alshakhatreh,Ahmad N. Khader,Abdullah A. Abdullah

DOI: https://doi.org/10.48550/arXiv.2204.04576

2022-04-10

Abstract:The number of cyber-attacks have substantially increased over the past decade resulting in huge organizational financial losses. Indeed, it is no longer a matter of "if" but "when" a security incident will take place. A Security Operations Center(SOC) adoption will help in the detection, identification, prevention, and resolution of issues before they end up causing extensive cyber-related damage. In this paper, our proposed framework is brought about to address the problem that current open-source SOC implementations are plagued with. These include lack of ability to be strengthened on the fly, slow development processes, and their ineptness for continuous timely updates. We, herein, propose a framework that would offer a fully automated open-source SOC deployment; otherwise dubbed, a "plug-and-play framework"; full horizontal scalability incorporating a modular architecture. These underpinning features are meant to mitigate underlying SOC challenges, which often emerge as a result of many pre-determined and repeated processes, bolstering their ability for expansion with new tools. This is on top of enhancing their ability to handle more servers in the clusters as a single logical unit. We also introduce a new system of its kind called a Programmable Plugin-based Intrusion Detection and Prevention System (PPIDPS). This system will extend a SOC's ability to add any tool to the monitored devices while collecting logs that can trigger alerts whenever a suspicious behavior is detected.

Cryptography and Security

Marco Alfano,Viviana Bastidas,Paul Heynen,Markus Helfert

DOI: https://doi.org/10.48550/arXiv.2302.05166

2023-02-10

Cryptography and Security

Abstract:Governments around the world are required to strengthen their national cybersecurity capabilities to respond effectively to the growing, changing, and sophisticated cyber threats and attacks, thus protecting society and the way of life as a whole. Responsible government institutions need to revise, evaluate, and bolster their national cybersecurity capabilities to fulfill the new requirements, for example regarding new trends affecting cybersecurity, key supporting laws and regulations, and implementations risk and challenges. This report presents a comprehensive assessment instrument for cybersecurity at the national level in order to help countries to ensure optimum response capability and more effective use of critical resources of each state. More precisely, the report - builds a common understanding of the critical cybersecurity capabilities and competence to be assessed at the national level, - adds value to national strategic planning and implementation which impact the development and adaptation of national cybersecurity strategies, - provides an overview of the assessment approaches at the national level, including capabilities, frameworks, and controls, - introduces a comprehensive cybersecurity instrument for countries to determine areas of improvement and develop enduring national capabilities, - describes how to apply the proposed national cybersecurity assessment framework in a real-world case, and - presents the results and lessons learned of the application of the assessment framework at the national level to assist governments in further building cybersecurity capabilities.

Zayed alhaddad, Mostafa Hanoune, Abdelaziz Mamouni

DOI: https://doi.org/10.17762/ijcnis.v8i3.1950

2022-04-17

International Journal of Communication Networks and Information Security (IJCNIS)

Abstract:In recent years, Cloud computing has emerged as a new paradigm for delivering highly scalable and on-demand shared pool IT resources such as networks, servers, storage, applications and services through internet. It enables IT managers to provision services to users faster and in a cost-effective way. As a result, this technology is used by an increasing number of end users. On the other hand, existing security deficiencies and vulnerabilities of underlying technologies can leave an open door for intruders. Indeed, one of the major security issues in Cloud is to protect against distributed attacks and other malicious activities on the network that can affect confidentiality, availability and integrity of Cloud resources. In order to solve these problems, we propose a Collaborative Network Intrusion Detection System (C-NIDS) to detect network attacks in Cloud by monitoring network traffic, while offering high accuracy by addressing newer challenges, namely, intrusion detection in virtual network, monitoring high traffic, scalability and resistance capability. In our NIDS framework, we use Snort as a signature based detection to detect known attacks, while for detecting network anomaly, we use Support Vector Machine (SVM). Moreover, in this framework, the NIDS sensors deployed in Cloud operate in collaborative way to oppose the coordinated attacks against cloud infrastructure and knowledge base remains up-to-date.

Mohemed Almorsy,John Grundy,Amani S. Ibrahim

DOI: https://doi.org/10.1109/cloud.2011.9

2011-07-01

Abstract:Although the cloud computing model is considered to be a very promising internet-based computing platform, it results in a loss of security control over the cloud-hosted assets. This is due to the outsourcing of enterprise IT assets hosted on third-party cloud computing platforms. Moreover, the lack of security constraints in the Service Level Agreements between the cloud providers and consumers results in a loss of trust as well. Obtaining a security certificate such as ISO 27000 or NIST-FISMA would help cloud providers improve consumers trust in their cloud platforms' security. However, such standards are still far from covering the full complexity of the cloud computing model. We introduce a new cloud security management framework based on aligning the FISMA standard to fit with the cloud computing model, enabling cloud providers and consumers to be security certified. Our framework is based on improving collaboration between cloud providers, service providers and service consumers in managing the security of the cloud platform and the hosted services. It is built on top of a number of security standards that assist in automating the security management process. We have developed a proof of concept of our framework using. NET and deployed it on a testbed cloud platform. We evaluated the framework by managing the security of a multi-tenant SaaS application exemplar.

Mir Mehedi Rahman,Naresh Kshetri,Sayed Abu Sayeed,Md Masud Rana

2024-10-03

Abstract:In today's digitally driven landscape, robust Information Technology (IT) risk assessment practices are essential for safeguarding systems, digital communication, and data. This paper introduces 'AssessITS', an actionable method designed to provide organizations with comprehensive guidelines for conducting IT and cybersecurity risk assessments. Drawing extensively from NIST 800-30 Rev 1, COBIT 5, and ISO 31000, 'AssessITS' bridges the gap between high-level theoretical standards and practical implementation challenges. The paper outlines a step-by-step methodology that organizations can simply adopt to systematically identify, analyze, and mitigate IT risks. By simplifying complex principles into actionable procedures, this framework equips practitioners with the tools needed to perform risk assessments independently, without too much reliance on external vendors. The guidelines are developed to be straightforward, integrating practical evaluation metrics that allow for the precise quantification of asset values, threat levels, vulnerabilities, and impacts on confidentiality, integrity, and availability. This approach ensures that the risk assessment process is not only comprehensive but also accessible, enabling decision-makers to implement effective risk mitigation strategies customized to their unique operational contexts. 'AssessITS' aims to enable organizations to enhance their IT security strength through practical, actionable guidance based on internationally recognized standards.

Cryptography and Security

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan,Mehmet Sabih Aksoy

DOI: https://doi.org/10.48550/arXiv.1204.0056

2012-03-31

Multimedia

Abstract:Multimedia Information security becomes a important part for the organization's intangible assets. Level of confidence and stakeholder trusted are performance indicator as successes organization, it is imperative for organizations to use Information Security Management System (ISMS) to effectively manage their multimedia information assets. The main objective of this paper is to Provide a novel practical framework approach to the development of ISMS, Called by the I-SolFramework, implemented in multimedia information security architecture (MISA), it divides a problem into six object domains or six layers, namely organization,stakeholders, tool & technology, policy, knowledge, and culture. In addition, this framework also introduced novelty algorithm and mathematic models as measurement and assessment tools of MISA parameters.

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan,Mehmet Sabih Aksoy,Wahyudin P. Syam

DOI: https://doi.org/10.48550/arXiv.1203.6214

2012-03-28

Abstract:Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter and more structured. The case study illustrated provided to the reader with a set of guidelines, that aims easy understood and applicable as measuring tools for ISMS standards (ISO27001) compliance.

Cryptography and Security

Lampis Alevizos,Lalit Bhakuni,Stefan Jaschke

DOI: https://doi.org/10.48550/arxiv.2405.07358

2024-05-12

Cryptography and Security

Abstract:This paper introduces a value-driven cybersecurity innovation framework for the transportation and infrastructure sectors, as opposed to the traditional market-centric approaches that have dominated the field. Recontextualizing innovation categories into sustaining, incremental, disruptive, and transformative, we aim to foster a culture of self-innovation within organizations, enabling a strategic focus on cybersecurity measures that directly contribute to business value and strategic goals. This approach enhances operational effectiveness and efficiency of cyber defences primarily, while also aligns cybersecurity initiatives with mission-critical objectives. We detail a practical method for evaluating the business value of cybersecurity innovations and present a pragmatic approach for organizations to funnel innovative ideas in a structured and repeatable manner. The framework is designed to reinforce cybersecurity capabilities against an evolving cyber threat landscape while maintaining infrastructural integrity. Shifting the focus from general market appeal to sector-specific needs, our framework provides cybersecurity leaders with the strategic cyber-foresight necessary for prioritizing impactful initiatives, thereby making cybersecurity a core business enabler rather than a burden.