scholarly journals Logics and Illogic’s in Information Security Flow on Process Development Environment

2019 ◽  
Vol 8 (11S) ◽  
pp. 1293-1297
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Information Science ◽  
Process Development ◽  
Development Environment ◽  
The Past ◽  
Business Information ◽  
Present Information ◽  
Security Incidents ◽  
Future Information

The objective of the work is to propose a formal technique encompassing the logic and the illogic involved in the security of information science. The received or collected information about the existing or past security incidents in business processes is to be identified for their correctness and preciseness. The emphasis on various segments of the information is analyzed as per the intention of the informer and the involvement of the recipient. The expectation and the acceptance of business information is quantitatively modeled so as to take a correct decision with the proposed logics when multiple business processes handling variety of information with different truth factors are collaborated. The logical deduction, abduction and induction techniques are applied to minimize the vagueness and ambiguity factors. The preciseness of the present information and the emphasis of the past information related to security are formally used to predict the reality of future information security incidents in a business scenario.

RESEARCH COLLABORATION AMONG LIBRARY AND INFORMATION SCIENCE SCHOOLS IN SOUTH AFRICA (1991–2012): AN INFORMETRICS STUDY

Mousaion ◽  
2017 ◽  
Vol 34 (3) ◽  
pp. 36-59 ◽  
Author(s):  
Jan R. Maluleka ◽  
Omwoyo B. Onyancha
Keyword(s):  
South Africa ◽  
Information Science ◽  
Research Collaboration ◽  
Science And Technology ◽  
Library And Information Science ◽  
Limited Extent ◽  
Microsoft Excel ◽  
The Past ◽  
Software Packages ◽  
Collaborative Activities

This study sought to assess the extent of research collaboration in Library and Information Science (LIS) schools in South Africa between 1991 and 2012. Informetric research techniques were used to obtain relevant data for the study. The data was extracted from two EBSCO-hosted databases, namely, Library and Information Science Source (LISS) and Library, Information Science and Technology Abstracts (LISTA). The search was limited to scholarly peer reviewed articles published between 1991 and 2012. The data was analysed using Microsoft Excel ©2010 and UCINET for Windows ©2002 software packages. The findings revealed that research collaboration in LIS schools in South Africa has increased over the past two decades and mainly occurred between colleagues from the same department and institution; there were also collaborative activities at other levels, such as inter-institutional and inter-country, although to a limited extent; differences were noticeable when ranking authors according to different computations of their collaborative contributions; and educator-practitioner collaboration was rare. Several conclusions and recommendations based on the findings are offered in the article.

scholarly journals Contextualized Filtering for Shared Cyber Threat Information

Sensors ◽  
2021 ◽  
Vol 21 (14) ◽  
pp. 4890
Author(s):  
Athanasios Dimitriadis ◽  
Christos Prassas ◽  
Jose Luis Flores ◽  
Boonserm Kulvatunyou ◽  
Nenad Ivezic ◽  
...  
Keyword(s):  
Information Sharing ◽  
Business Processes ◽  
State Of The Art ◽  
Contextual Information ◽  
Coarse Grained ◽  
Business Information ◽  
Cyber Threat ◽  
Domain Expertise ◽  
Multi Level ◽  
Filtering Approach

Cyber threat information sharing is an imperative process towards achieving collaborative security, but it poses several challenges. One crucial challenge is the plethora of shared threat information. Therefore, there is a need to advance filtering of such information. While the state-of-the-art in filtering relies primarily on keyword- and domain-based searching, these approaches require sizable human involvement and rarely available domain expertise. Recent research revealed the need for harvesting of business information to fill the gap in filtering, albeit it resulted in providing coarse-grained filtering based on the utilization of such information. This paper presents a novel contextualized filtering approach that exploits standardized and multi-level contextual information of business processes. The contextual information describes the conditions under which a given threat information is actionable from an organization perspective. Therefore, it can automate filtering by measuring the equivalence between the context of the shared threat information and the context of the consuming organization. The paper directly contributes to filtering challenge and indirectly to automated customized threat information sharing. Moreover, the paper proposes the architecture of a cyber threat information sharing ecosystem that operates according to the proposed filtering approach and defines the characteristics that are advantageous to filtering approaches. Implementation of the proposed approach can support compliance with the Special Publication 800-150 of the National Institute of Standards and Technology.

scholarly journals Improving Forensic Triage Efficiency through Cyber Threat Intelligence

2019 ◽  
Vol 11 (7) ◽  
pp. 162 ◽  
Author(s):  
Nikolaos Serketzis ◽  
Vasilios Katos ◽  
Christos Ilioudis ◽  
Dimitrios Baltatzis ◽  
Georgios Pangalos
Keyword(s):  
Information Security ◽  
Digital Forensics ◽  
Incident Response ◽  
Security Controls ◽  
Digital Forensic ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Series Of Experiments ◽  
Cyber Threat Intelligence ◽  
Security Incidents

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR.

Protecting a whale in a sea of phish

2020 ◽  
Vol 35 (3) ◽  
pp. 214-231
Author(s):  
Daniel Pienta ◽  
Jason Bennett Thatcher ◽  
Allen Johnston
Keyword(s):  
Information Security ◽  
Real World ◽  
Spillover Effects ◽  
Directed Attention ◽  
Future Directions ◽  
Security Research ◽  
Email Message ◽  
Multiple Domains ◽  
Future Information

Whaling is one of the most financially damaging, well-known, effective cyberattacks employed by sophisticated cybercriminals. Although whaling largely consists of sending a simplistic email message to a whale (i.e. a high-value target in an organization), it can result in large payoffs for cybercriminals, in terms of money or data stolen from organizations. While a legitimate cybersecurity threat, little information security research has directed attention toward whaling. In this study, we begin to provide an initial understanding of what makes whaling such a pernicious problem for organizations, executives, or celebrities (e.g. whales), and those charged with protecting them. We do this by defining whaling, delineating it from general phishing and spear phishing, presenting real-world cases of whaling, and provide guidance on future information security research on whaling. We find that whaling is far more complex than general phishing and spear phishing, spans multiple domains (e.g. work and personal), and potentially results in spillover effects that ripple across the organization. We conclude with a discussion of promising future directions for whaling and information security research.

The Evolving Concept of the Japanese Security Strategy

2021 ◽  
pp. 648-658
Author(s):  
Yoko Nitta
Keyword(s):  
Information Security ◽  
National Security ◽  
Critical Infrastructure ◽  
Action Plan ◽  
Global Risk ◽  
Security Strategy ◽  
Corporate Executives ◽  
Foreign State ◽  
Prime Concern ◽  
Present Information

This chapter studies how the significant cyberattacks perpetrated against the Japan Pension Services (JPS) served to heighten awareness of the significance of cyber threats among political and corporate executives. According to the Japanese cybersecurity strategy, cyberattacks constitute a global risk and remain a prime concern for the development of appropriate countermeasures. As a result, Japan has regarded the strengthening of cybersecurity as a priority and outlined this to the National Security Council in 2014. At present, information security institutions in Japan are chaperoned by the cybersecurity strategy headquarters, which aims to promote constructive and efficient cybersecurity policies. In addition, Japan has implemented its third action plan on information security for critical infrastructure and revised its cybersecurity strategy in 2015. By working in partnership with countries around the world, Japan pursues its own national security as well as the peace and stability of the international community. International cooperation and partnerships also contribute to the international campaign against cyberattacks, especially those in which foreign state actors may be implicated.

scholarly journals Measuring Job Performance of The Economic Creative Business upon Women Enterpreneurs Base (Case Study at Online Bunda Community Bogor Branch Using Balance Scorecard Approach)

2018 ◽  
Vol 3 (1) ◽  
pp. 67
Author(s):  
Indar Khaerunnisa
Keyword(s):  
Job Performance ◽  
Online Community ◽  
Business Processes ◽  
Secondary Data ◽  
Base Case ◽  
Balance Scorecard ◽  
The Past ◽  
Financial Perspective ◽  
Coverage Measurement

Balance scorecard has a privilege in terms of coverage measurement whichis a fairly comprehensive because while taking into consideration the financialperformance. Balance scorecard also consider the performance of non-financialperformance, namely customer, internal business processes, and learning and growth.Referring to the problems encountered by Member of Bunda Online Community, thisresearch examines: "Analysis of Company's Performance by Using BalancedScorecard Approach (A Case Study Economic Creative Entrepreneur at Bunda OnlineCommunity)." Because until now Bunda Online Community has not been using thebalanced scorecard to measure its job performance. The population of this study arepermanent employees and 100 samples are taken as respondents. As for thecustomer respondents specified by 52 respondents total reseller and costumer inBogor is only 52 reseller and costumer, however, it has obtained only 30 respondentswho participated. Data used in this study are primary and secondary data. Based onthe research and analysis, it can be concluded several things as the following: 1) Theperformance of the financial perspective on Economic Creative Entrepreneur in BundaOnline Community as a whole can be inferred or quite enough, in general financialratios increased except ROA and TATO. 2) The performance of the customerperspective on Economic Creative Entrepreneur in Bunda Online Community as awhole can be inferred bad, because of poor customer satisfaction in the company'sability to maintain customer retention is also bad while in the company's ability to docustomer acquisition is medium. 3) The performance of internal business processperspective on Economic Creative Entrepreneur in Bunda Online Community isenough, because innovation occurs only once during the past two years and there isnot declining operating activities due to consistent time on the production clothingprocess. 4) The performance of learning and growth perspective in the EconomicCreative Entrepreneur in Bunda Online Community may be concluded either onaspects of employee turnover or both criteria which decreasing employee productivity.Level of employee satisfaction is concluded less satisfied.

scholarly journals IPTEKS PENERAPAN DAN MANFAAT TEKNOLOGI INFORMASI TERHADAP PROSES BISNIS PERBANKAN PADA PT. BANK RAKYAT INDONESIA (PERSERO) TBK. KANTOR CABANG MANADO

2018 ◽  
Vol 2 (02) ◽  
Author(s):  
Valencia Matthew Anis ◽  
Steven J. Tangkuman
Keyword(s):  
Information Technology ◽  
Information System ◽  
Business Process ◽  
Success Factors ◽  
Business Processes ◽  
Company Performance ◽  
Business World ◽  
Business Information ◽  
Banking Business ◽  
Branch Office

The use of information technology plays an important role in the company's business processes. One of the success factors of company performance is the optimal use or application of information technology. Especially in banking business process activities, the use of information technology is one of the weapons in competition in the banking business world. In this article Bank BRI, which is one of the largest banking companies in Indonesia, also relies on information technology in the continuity of its business processes. In this article, we will discuss about the application of the Bank BRI Manado branch office’s Information Technology and its benefits in the continuity of banking business processes. In this case the BRI bank Manado branch office uses a variety of information systems in the banking business processes that will be explained in this article.Keywords : Business Processes, Information Technology, Banking business, Information System, Bank

scholarly journals Prevention of Information Security Incidents in Automated Information System

2020 ◽  
pp. 45-51
Author(s):  
Igor Butusov ◽  
◽  
Aleksandr Romanov ◽  
Keyword(s):  
Information System ◽  
Information Security ◽  
Theoretical Computer Science ◽  
Structured Data ◽  
Fuzzy Information ◽  
Security Incident ◽  
Automated Information System ◽  
Computer Attacks ◽  
Stored Information ◽  
Security Incidents

The purpose of the article is to support the processes of preventing information security incidents in conditions of high uncertainty. Method: methods of mathematical (theoretical) computer science and fuzzy set theory. Result: an information security Incident, including a computer incident, is considered as a violation or termination of the functioning of an automated information system and (or) a violation of information stored and processed in this system, including those caused by a computer attack. Information descriptions are presented in the form of structured data about signs of computer attacks. Structured data is the final sequence of strings of symbols in a formal language. The Damerau-Levenstein editorial rule is proposed as a metric for measuring the distance between strings of characters from a particular alphabet. The possibility of presenting the semantics of information descriptions of attack features in the form of fuzzy sets is proved. Thresholds (degrees) of separation of fuzzy information descriptions are defined. The influence of semantic certainty of information descriptions of features (degrees of blurring of fuzzy information descriptions) on the decision-making about their identity (similarity) is evaluated. It is shown that the semantic component of information descriptions of signs of computer attacks presupposes the presence of some semantic metric (for its measurement and interpretation), which, as a rule, is formally poorly defined, ambiguously interpreted and characterized by uncertainty of the type of fuzziness, the presence of semantic information and the inability to directly apply a probabilistic measure to determine the degree of similarity of input and stored information descriptions of signs. An approach is proposed to identify fuzzy information descriptions of computer attacks and to apply methods for separating elements of reference sets on which these information descriptions are defined. It is shown that the results of the procedure for identifying fuzzy information descriptions of computer attacks depend on the degree of separation of the reference sets and on the indicators of semantic uncertainty of these descriptions

Sign in / Sign up

Export Citation Format

Share Document