Ahmed I. Al-Darwish,Pilsung Choe

DOI: https://doi.org/10.1007/978-3-030-22351-9_15

2019-01-01

Abstract: Information systems support organizations to achieve strategic competitiveness over other organizations and assist senior management in the decision-making process. In addition, they help organizations in timely implementation of projects and effective risk management. A reliable and coherent Information System requires a solid security framework that ensures Confidentiality, Integrity, Availability, Authenticity and Auditability of the critical information assets; therefore, managing security is essential for organizations doing business in a globally networked and competitive environment whilst seeking to achieve their objectives and goals and ensuring the continuity of business. This paper provides an integrated framework that classifies and holistic view of challenges in Information Security Systems, and their interrelationships. The framework is expected to provide a basis that can be used to evaluate individual organizational members’ behavior and the adequateness of existing security measures.

Craig A. Horne,Atif Ahmad,Sean B. Maynard

DOI: https://doi.org/10.48550/arXiv.1606.03528

2016-06-11

Abstract:Dependence on information, including for some of the world's largest organisations such as governments and multi-national corporations, has grown rapidly in recent years. However, reports of information security breaches and their associated consequences continue to indicate that attacks are still escalating on organisations when conducting these information-based activities. Clearly, more research is needed to better understand how organisations should formulate strategy to secure their information. Through a thematic review of academic security literature, we (1) analyse the antecedent conditions that motivate the potential adoption of a comprehensive information security strategy, (2) the current perspectives of strategy and (3) the yields and benefits that could be enjoyed post-adoption. Our contributions include a definition of information security strategy. We argue for a paradigm shift to extend from internally-focussed protection of organisation-wide information towards a strategic view that considers the inter-organisational level. Our findings are then used to suggest future research directions.

Computers and Society,Cryptography and Security

Nwakeze Osita Miracle

DOI: https://doi.org/10.51584/ijrias.2024.906024

2024-01-01

International Journal of Research and Innovation in Applied Science

Abstract:Network security has remained a major concern especially in the modern world where technological advancement is rapidly evolving. This study explores the concept of data and information security especially in today’s environment where cyber risks like malware, phishing, DDoS, and insider threats are rampant. It covers the fundamentals of the network’s security measures such as Firewall, IDS, Encryption, Access control, VPNs, and Security Auditing & Monitoring. A qualitative analysis of secondary data and case studies such as the Equifax data breach and the Yahoo data hack is used to assess the effectiveness of these security measures in the real world. Regulatory compliance is also encouraged through the use of standards like GDPR, PCI DSS, and HIPAA to ensure that companies meet the set requirements; failing to do so attracts fines, lawsuits, or loss of reputation among other consequences. Measures like regular software updates and patching, secure user authentication, network segmentation and security consciousness among the workers should be adopted. These are important in avoiding risk occurrences, minimizing threats and providing a hardy protection for new risks. This will be a detailed step by step guide to help organizations improve their network security, manage compliance and data protection in the interconnected world of today, with a focus on the importance of strong network protection in ensuring data integrity and trust.

DOI: https://doi.org/10.33140/aurdp.01.01.02

2024-02-27

Abstract:Background: Cyber Security is to protect online data and software from cyber threats. These cyberattacks are typically intended to gain access to, change, or delete sensitive information; extort money from users; or disrupt regular corporate activities. It is difficult to keep up a regular follow up with new technologies, so it is necessary to keep the important data safe from cyber threats. There are many types of cyber threats, malware, ransomware, social engineering, phishing etc. To prevent cyber-attacks one can, use password manager tools like LastPass and others. People also use two factor authentication for double security on their accounts. Methods: Boards such as the National Institute of Standards and Technology (NIST) are developing frameworks to assist firms in understanding their security risks, improving cybersecurity procedures, and preventing cyber assaults. The fight against cybercrimes and attack, organizations needed a strong base there are 5 types of cyber securities: Critical Infrastructure Security, application security, network security, cloud security and (IoT) Security. In the modern time the US is highly based on computers and on different software, so it is really important for the US to be more conscious about the security as they get many threats almost every day for hacking their data and accounts. Results and Conclusion: Nowadays, even small businesses rarely recover their loss from the cyber-attacks and many back-off from continuing their businesses after being target of hackers. The first cybercrime attack was recorded in 1988 by a graduate student. Now that large companies and even small businesses are aware of cyber-attacks, they try their best to take every precaution to prevent hacking with double security and password manager tools.

Abhishek Pant

DOI: https://doi.org/10.22214/ijraset.2023.56862

2023-11-30

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: In an era characterized by an unprecedented proliferation of digital information, the safeguarding of sensitive data has emerged as a paramount concern for individuals, businesses, and governments alike. This abstract delves into the critical importance of data security and privacy compliance in contemporary society. As technological advancements continue to redefine the landscape of data generation, collection, and utilization, the potential risks and vulnerabilities associated with unauthorized access and misuse of information have escalated. This paper highlights the multifaceted significance of data security and privacy compliance across various domains. Firstly, it explores the imperative of protecting personal information to uphold individual privacy rights and maintain public trust. The escalating frequency and sophistication of cyber threats underscore the necessity for robust data security measures to thwart unauthorized access, data breaches, and identity theft.

Nenad Jevtić,Ibrahim Alhudaidi

DOI: https://doi.org/10.5937/sjem2302048j

2023-01-01

Serbian Journal of Engineering Management

Abstract:Information security is a key aspect of organizations' operations in today's digital age. This paper aims to analyze the importance of information security for organizations, investigating its impact on preserving the integrity, confidentiality and availability of data. Organizations are increasingly faced with complex challenges in explaining cyber threats, which emphasizes the necessity of implementing effective information security strategies. Effective data protection is the key to maintaining the trust of clients and partners, reducing financial losses and preserving the organization's reputation. In addition, information security has a significant impact on maintaining a competitive advantage, allowing organizations to innovate without fear of data loss or privacy breaches. A secure infrastructure also provides a foundation for compliance with regulatory requirements, thereby reducing the risk of legal consequences. Considering the rapid development of technology and increasingly sophisticated cyber threats, organizations face the constant challenge of adapting their security strategies. Employee education is becoming a key component of the overall information security system, and organizations that invest resources in training and security awareness have a better ability to respond to potential threats. Information security is becoming a necessary pillar of modern business, protecting organizations from cyber risk, enhancing their reputation and providing the foundation for long-term success.

O.I. Peliukh,M.V. Yesina,D.Yu. Holubnychyi

DOI: https://doi.org/10.30837/rt.2024.1.216.03

2024-03-20

Radiotekhnika

Abstract:In the modern world, information and communication systems (ICS) have become an integral part of our lives, processing, storing and transmitting information. However, this dependence makes them extremely vulnerable to various threats. The article examines the current threats that call into question the normal functioning of ICS. The authors emphasise the constant evolution of these threats, which makes them more complex and dangerous. This necessitates constant research and development of new methods and means of information protection, as well as raising awareness of ICS users about cyber threats. The purpose of the article is to study modern ICS threats and develop recommendations for improving the level of information security (IS). The article provides a classification of ICS IS threats by various criteria: by the basic principles of the cybersecurity triad (confidentiality, integrity and availability), by sources of threats (internal and external), by the amount of damage caused (from general to private), by the degree of impact (passive and active) and by the nature of occurrence (natural and artificial). The article reveals the sources of threats to ICS security: unintentional (related to user errors, software failures or hardware failures) and intentional (cyber-attacks aimed at causing damage to ICS). Particular attention is paid to cyberattacks that are becoming more widespread. The authors describe different types of cyberattacks, as well as methods and means of their implementation. An important aspect of the article is the development of recommendations for improving the level of security. Along with the technical aspects of protection, the article considers the importance of implementing organisational measures such as security policy, access control and privilege management. The article also draws attention to the importance of complying with international and national standards for the protection of information in ICS. These measures help to avoid leakage or prevent unauthorised access to valuable information.

Mudassar Aslam,Muhammad Abbas Khan Abbasi,Tauqeer Khalid,Rafi Us Shan,Subhan Ullah,Tahir Ahmad,Saqib Saeed,Dina A Alabbad,Rizwan Ahmad

DOI: https://doi.org/10.3390/s22239338

2022-11-30

Abstract:Smart cities assure the masses a higher quality of life through digital interconnectivity, leading to increased efficiency and accessibility in cities. In addition, a huge amount of data is being exchanged through smart devices, networks, cloud infrastructure, big data analysis and Internet of Things (IoT) applications in the various private and public sectors, such as critical infrastructures, financial sectors, healthcare, and Small and Medium Enterprises (SMEs). However, these sectors require maintaining certain security mechanisms to ensure the confidentiality and integrity of personal and critical information. However, unfortunately, organizations fail to maintain their security posture in terms of security mechanisms and controls, which leads to data breach incidents either intentionally or inadvertently due to the vulnerabilities in their information management systems that either malicious insiders or attackers exploit. In this paper, we highlight the importance of data breaches and issues related to information leakage incidents. In particular, the impact of data breaching incidents and the reasons contributing to such incidents affect the citizens' well-being. In addition, this paper also discusses various preventive measures such as security mechanisms, laws, standards, procedures, and best practices, including follow-up mitigation strategies.

Kishu Gupta,Vinaytosh Mishra,Aaisha Makkar

DOI: https://doi.org/10.1109/JBHI.2024.3467179

2024-10-06

Abstract:Healthcare has witnessed an increased digitalization in the post-COVID world. Technologies such as the medical internet of things and wearable devices are generating a plethora of data available on the cloud anytime from anywhere. This data can be analyzed using advanced artificial intelligence techniques for diagnosis, prognosis, or even treatment of disease. This advancement comes with a major risk to protecting and securing protected health information (PHI). The prevailing regulations for preserving PHI are neither comprehensive nor easy to implement. The study first identifies twenty activities crucial for privacy and security, then categorizes them into five homogeneous categories namely: $\complement_1$ (Policy and Compliance Management), $\complement_2$ (Employee Training and Awareness), $\complement_3$ (Data Protection and Privacy Control), $\complement_4$ (Monitoring and Response), and $\complement_5$ (Technology and Infrastructure Security) and prioritizes these categories to provide a framework for the implementation of privacy and security in a wise manner. The framework utilized the Delphi Method to identify activities, criteria for categorization, and prioritization. Categorization is based on the Density-Based Spatial Clustering of Applications with Noise (DBSCAN), and prioritization is performed using a Technique for Order of Preference by Similarity to the Ideal Solution (TOPSIS). The outcomes conclude that $\complement_3$ activities should be given first preference in implementation and followed by $\complement_1$ and $\complement_2$ activities. Finally, $\complement_4$ and $\complement_5$ should be implemented. The prioritized view of identified clustered healthcare activities related to security and privacy, are useful for healthcare policymakers and healthcare informatics professionals.

Cryptography and Security,Machine Learning

Stephanie Ness,Tushar Khinvasara

DOI: https://doi.org/10.9734/jerr/2024/v26i21075

2024-01-29

Journal of Engineering Research and Reports

Abstract:Currently, the majority of economic, commercial, cultural, social, and governmental activity and contacts between countries, encompassing individuals, non-governmental organizations, and government institutions, occur in the virtual realm known as cyberspace. In recent times, numerous private enterprises and governmental institutions worldwide have encountered the issue of cyber- attacks and the peril associated with wireless communication technology. The modern society heavily relies on electronic technology, and safeguarding this data from cyber-attacks poses a formidable challenge. Cyber-attacks are intended to inflict financial harm onto companies. Cyber- attacks may serve military or political objectives in certain instances. Some examples of these damages include PC infections, knowledge breaches, data distribution service (DDS), and other attack routes. For this purpose, different companies employ diverse strategies to mitigate the harm caused by cyber-attacks. Cybersecurity monitors up-to-date information on the most recent IT data. Researchers worldwide have proposed several techniques to prevent cyber-attacks or mitigate their impact. Several approaches are currently in the operational phase, while others are still in the study phase. The objective of this study is to conduct a thorough examination and evaluation of the latest advancements in the field of cyber security, with the purpose of identifying and analyzing the problems, vulnerabilities, and strengths of the proposed methodologies. A comprehensive analysis is conducted on several forms of novel descendant attacks. The discussion revolves around conventional security frameworks, encompassing their historical context and early-generation approaches to cyber-security. Furthermore, this report presents the latest advancements and developing patterns in the field of cyber security, as well as the current problems and risks to security. The comprehensive review study offered for IT and cyber security researchers is anticipated to be beneficial.

Abdullah Al Hayajneh,Hasnain Nizam Thakur,Kutub Thakur

DOI: https://doi.org/10.5539/cis.v16n4p1

2023-11-20

Computer and Information Science

Abstract:In the contemporary era marked by the extensive utilization of data, information systems have been extensively embraced by global organizations and also hold a pivotal position in national defense and various other domains. The growing interconnectedness between individuals and diverse information systems has resulted in an intensified emphasis on the evaluation of potential risks. The mitigation of these dangers extends beyond simple technological solutions and includes established standards, legal structures, and policies, adopting a complete approach based on safety engineering concepts. This study aims to develop a robust framework for the harmonization of Information Technology Security Standards. It will explore prevalent techniques for conducting risk assessments and differentiate between quantitative and qualitative approaches to evaluation. Moreover, this study illustrates the combination of quantitative and qualitative evaluation methodologies, providing a comprehensive framework for the analysis and design of risk assessment. In addition, this study advances our understanding of INFOSEC risk assessment and contributes to the advancement of more efficient information security strategies by sharing global perspectives, addressing challenges in classification, clarifying the incorporation of Information Security Management Systems (ISMS), and highlighting the significance of Artificial Intelligence in the domain of Information Security (INFOSEC).

Kaif Qureshi,Aditya Choudhary,Aakash Sharma,Anant Singh,Kinjal Singh

DOI: https://doi.org/10.56025/ijaresm.2023.1205242072

2024-01-01

Abstract:Cyber Security plays an important role in the field of information technology. As more business activities are being automated and an increasing number of computers are being used to store sensitive information, the need for secure computer systems becomes more apparent. Securing the information have become one of the biggest challenges in the present day. Whenever we think about the cyber security the first thing that comes to our mind is ‘cyber crimes’ which are increasing immensely day by day. Various Governments and companies are taking many measures in order to prevent these cyber-crimes. The Internet itself has become critical for governments, companies, financial institutions, and millions of everyday users. Besides various measures cyber security is still a very big concern to many. This paper mainly focuses on challenges faced by cyber security on the latest technologies. It also focuses on latest about the cyber security techniques, ethics and the trends changing the face of cyber. Threats to the integrity, security and dependability of the World Wide Web (WWW) are ever-evolving. Conventional security solutions sometimes find it difficult to keep up with the ever-evolving strategies used by hackers. By combining adaptive security mechanisms designed especially for protecting the WWW with dynamic threat analysis approaches, our research offers a unique way to handle this difficulty.

Florence Sèdes

2024-06-17

Abstract:Major transformations related to information technologies affect InformationSystems (IS) that support the business processes of organizations and their actors. Deployment in a complex environment involving sensitive, massive and heterogeneous data generates risks with legal, social and financial impacts. This context of transition and openness makes the security of these IS central to the concerns of organizations. The digitization of all processes and the opening to IoT devices (Internet of Things) has fostered the emergence of a new formof crime, i.e. cybercrime.This generic term covers a number of malicious acts, the majority of which are now perpetrated using social engineering strategies, a phenomenon enabling a combined exploitation of ``human'' vulnerabilities and digital tools. The maliciousness of such attacks lies in the fact that they turn users into facilitators of cyber-attacks, to the point of being perceived as the ``weak link'' of <a class="link-external link-http" href="http://cybersecurity.As" rel="external noopener nofollow">this http URL</a> deployment policies prove insufficient, it is necessary to think about upstream steps: knowing how to anticipate, identifying weak signals and outliers, detect early and react quickly to computer crime are therefore priority issues requiring a prevention and cooperation <a class="link-external link-http" href="http://approach.In" rel="external noopener nofollow">this http URL</a> this overview, we propose a synthesis of literature and professional practices on this subject.

Cryptography and Security,Databases

P.K. Paul,P. S. Aithal

DOI: https://doi.org/10.47992/ijmts.2581.6012.0070

2019-10-18

Abstract:Information is the core and most vital asset these days. The subject which deals with Information is called Information Science. Information Science is responsible for different information related affairs from collection, selection, organization, processing, management and dissemination of information and contents. And for this information related purpose Information Technology plays a leading role. Information Technology has different components viz. Database Technology, Web Technology, Networking Technology, Multimedia Technology and traditional Software Technology. All these technologies are responsible for creating and advancing society. Database Technology is concerned with the Database. It is worthy to note that, Database is concerned with the repository of related data in a container or base. The data, in Database normally stored in different forms and Database Technology play a lead role for dealing with the affairs related to database. The Database is very important in the recent past due to wider applications in different organizations and institutions; not only profit making but also non-profit making. Today most organizations and sectors which deal with sensitive and important data keep them into the database and thus its security becomes an important concern. Large scale database and its security truly depend on different defensive methods. This paper talks about the basics of database including its meaning, characteristics, role etc. with special focus on different security challenges in the database. Moreover, this paper highlights the basics of security management, tools in this regard. Hence different areas of database security have mentioned in this paper in a simple sense.

B H Priyanka,Ravi Prakash

DOI: https://doi.org/10.48550/arXiv.1512.07207

2015-12-20

Abstract:Over the last two decades, the scale and complexity of the Internet and its associated technologies built on the World Wide Web has grown exponentially with access to Internet as a facility occupying a prime place with other amenities of modern lives. In years to come, usage of Internet may unravel more pleasant surprises for us as far as novelty in its usage is concerned. As a democratic function of Internet, and relying on the open model on which it has been built, there has been concerted efforts in the direction of privacy protection and use of privacy enhancing tools which have gained tangible traction. Innovation in use of VPN, TLS/SSL and cryptographic tools are a testimony to it. Another popular tool is Tor, which has gained widespread popularity as it is being increasingly used by anonymity seeking users to effectively maintain their discretion while surfing the web. However, there is a darker side to increased proliferation of Internet in our everyday routine. We are certainly not living in a utopian age and there are potentials of misuse of Internet as well. Across every nook and cranny of Internet's sprawling virtual world, there are cyber criminals lurking n dangerous alleys to use the very same Internet as malevolent tool to abuse it and cause financial, physical and social harm to ordinary people. Failing to manage the widespread spawning of World Wide Web has rendered it weak against misuse. In last few decades especially, Internet has been inundated with malware, ransomware, viruses, Trojans, illegal spy tools and what not created with malignant sentiments. In this paper, we will analyze few of the subverting privacy infrastructures.

Computers and Society,Cryptography and Security

Kyle Dees,Shawon Rahman

DOI: https://doi.org/10.48550/arXiv.1512.00064

2015-11-30

Computers and Society

Abstract:As a result of the increased dependency on obtaining information and connecting each computer together for ease of access or communication, organizations risk being attacked and losing private information through breaches or insecure business activities. To help protect organizations and their assets, companies need to develop a strong understanding of the risks imposed on their company and the security solutions designed to prevent or minimize vulnerabilities. To reduce the impact threats have on a network, organizations need to: design a defense layer system that provides multiple instances of protection to prevent unauthorized access to core information, implement a strong network hardware/intrusion prevention system, and create all-inclusive network or security policies that detail user rules and company rights. In order to enhance the overall security of a basic infrastructure, this paper will provide a detailed look into gathering the organizational requirements, designing and implementing a secure physical network layout, and selecting the standards needed to prevent unauthorized access

Viktor Sarancha,Viktoriia Shabunina,Oksana Tur

DOI: https://doi.org/10.32461/2409-9805.3.2023.290991

2023-11-15

Abstract:The purpose of the article is a comprehensive analysis of the American concept of threats to information security and determination of priority areas of the US’s activity in creating a secure national cyberspace. The methodological basis of the study is general scientific and special methods of cognition, in particular, systemic approach, analysis, synthesis, and logical method. Methods of content analysis, comparative and analytical monitoring of Internet resources of US government bodies responsible for information security are also used. The scientific novelty of the study consists in the expansion of ideas about theoretical aspects in the field of information security and the systematic analysis of instrumental, conceptual foundations and practical aspects of information security in the United States. Conclusions. The globalisation of information systems has created a completely new situation in the security field. In cyberspace the main threat to the US national security comes from states and intermediaries acting in their interests. They have the necessary skills and technologies to carry out destructive cyberattacks for military and political purposes, and also effectively use cyberespionage methods, which not only entails economic losses, but also causes great damage to strategically important industries for the US. The American concept covers such three key levels of cyber security as the state, private business and individual users. There are such defence priorities for the United States as ensuring the protection of critical infrastructure, information networks and systems; quality control of used IT equipment; formation of effective mechanisms of interlevel communication and raising awareness at all levels. An important component of the US National Cyber Strategy is international cooperation on information security issues. In this regard, at the international level the United States seeks to implement such opportunities as to encourage countries to increase responsibility for ensuring the security of information systems and networks at the national and global level; to create the legal regime necessary to ensure cross-border access to information; to form a regime of collective cyber defence within the framework of NATO and other bilateral and multilateral agreements with strategic partners; to preserve the maximum possible freedom of action in cyberspace in order to conduct all types of information operations both during military conflicts and in peacetime. Keywords: cyberspace, information threat, information war, information security, information management, informatisation, ICT.

XING Zhi

DOI: https://doi.org/10.3969/j.issn.1008-2077.2009.02.026

2009-01-01

Abstract:Network information security has been a threat of modern society security.Different level of threats to social security consists in campus network,email,e-government,and so on.The paper explains the problem and the countermeasure of network Information security.The government management,formulated lash-up draft is to be reinforced so as to continuously increase the information security awareness and guarantee.

Wilson Li,Alvin Leung,Wei Yue,,,

DOI: https://doi.org/10.25300/misq/2022/15713

IF: 7.3

2023-03-01

MIS Quarterly

Abstract:Data breaches can severely damage a firm’s reputation and its customers’ confidence. Firms must therefore continuously invest in security measures to prevent such breaches. However, the effectiveness of security investment has been questioned by both practitioners and academics. We illustrate the bidirectional dynamic relationship between information technology (IT) investment and data breaches moderated by threat and countermeasure security awareness using an eight-year panel of 311 U.S.-listed firms to provide empirical evidence that threat awareness broadens firms’ scope for addressing data-breach issues by investing more in IT than in security. Countermeasure awareness equips firms with sufficient knowledge and experience to ensure effective implementation of IT, which provides more comprehensive protection than security investment alone. Our results suggest that firms should evolve beyond the reactive mindset of solely upgrading security and begin nurturing both threat awareness and countermeasure awareness to address the underlying IT system issues that are the cause of data breaches.

information science & library science,management,computer science, information systems

W. Alec Cram,Jeffrey G. Proudfoot,John D’Arcy

DOI: https://doi.org/10.1057/s41303-017-0059-9

2017-11-01

European Journal of Information Systems

Abstract:A major stream of research within the field of information systems security examines the use of organizational policies that specify how users of information and technology resources should behave in order to prevent, detect, and respond to security incidents. However, this growing (and at times, conflicting) body of research has made it challenging for researchers and practitioners to comprehend the current state of knowledge on the formation, implementation, and effectiveness of security policies in organizations. Accordingly, the purpose of this paper is to synthesize what we know and what remains to be learned about organizational information security policies, with an eye toward a holistic understanding of this research stream and the identification of promising paths for future study. We review 114 influential security policy-related journal articles and identify five core relationships examined in the literature. Based on these relationships, we outline a research framework that synthesizes the construct linkages within the current literature. Building on our analysis of these results, we identify a series of gaps and draw on additional theoretical perspectives to propose a revised framework that can be used as a basis for future research.

information science & library science,management,computer science, information systems