The Impact of cyber threats in digital environment and the implementation of corporate cyber security strategy to safeguard the business in the middle east
Towards a Structured Information Security Awareness Programmetulipbiru64
Paper presented by Mohd Nabil Zulhemay, Rohama Mohamad Rashid and Omar Zakaria at the 4th PERPUN International Conference 2015: Information Revolution, 11-12th August 2015 at Avillion Legacy Hotel, Melaka.
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...IJNSA Journal
Computers are crucial instruments providing a competitive edge to organizations that have adopted them. Their pervasive presence has presented a novel challenge to information security, specifically threats emanating from privileged employees. Various solutions have been tried to address the vice, but no exhaustive solution has been found. Due to their elusive nature, proactive strategies have been proposed of which detection using Machine Learning models has been favoured. The choice of algorithm, datasets and metrics are cornerstones of model performance and hence, need to be addressed. Although multiple studies on ML for insider threat detection have been done, none has provided a comprehensive analysis of algorithms, datasets and metrics for development of Insider Threat Detection models. This study conducts a comprehensive systematic literature review using reputable databases to answer the research questions posed. Search strings, inclusion and exclusion criteria were set for eligibility of articles published in the last decade.
A Bring Your Own Device Risk Assessment ModelCSCJournals
Bring Your Own Device (BYOD), a technology where individuals or employees use their own devices on the organization’s network to perform tasks assigned to them by the organization has been widely embraced. The reasons for adoption are diverse in every organization. In spite of the security control strategies implemented by these organizations to safeguard their information resources, there has been an upsurge in information security breaches as a result of existing vulnerabilities in these systems and the legacy systems in use. Various approaches have been employed to deal with security challenges in BYOD, but according to literature, risk assessment has proved to be the first key step towards improving security of the BYOD environment in an enterprise. Risk assessment models have been proposed by various researchers, although, most are largely influenced by the degree of technological advancement and utilization as well as the working cultures within institutions. The existing models were largely developed in technologically advanced countries and thus do not fit well in developing countries. This study sought to develop flexible BYOD risk assessment model that can be adopted by varied institutions to secure their information resources. The study was carried out in Five (5) purposively selected state universities in Kenya. The research adopted a mixed research design approach with mixed sampling technique utilized to select the participants. Reliability and validity of data collection tools were evaluated and recommended by IT security and network experts. The qualitative and quantitative data was collected by interviewing experts and administering a questionnaire to sampled participants. The developed model was validated both statistically and by experts. The findings revealed that threats and vulnerabilities contributed to 39.9% and 69.2% respectively to the risk of the BYOD environment while Data Encryption (DE) and Software Updates (SU) came out strongly as intervening variables which have a major impact on the relationship between the dependent and independent variables.
Appling tracking game system to measure user behavior toward cybersecurity p...IJECEIAES
Institutions wrestle to protect their information from threats and cybercrime. Therefore, it is dedicating a great deal of their concern to improving the information security infrastructure. Users’ behaviors were explored by applying traditional questionnaire as a research instrument in data collocate process. But researchers usually suffer from a lack of respondents' credibility when asking someone to fill out a questionnaire, and the credibility may decline further if the research topic relates to aspects of the use and implementation of information security policies. Therefore, there is insufficient reliability of the respondent's answers to the questionnaire’s questions, and the responses might not reflect the actual behavior based on the human bias when facing the problems theoretically. The current study creates a new idea to track and study the behavior of the respondents by building a tracking game system aligned with the questionnaire whose results are required to be known. The system will allow the respondent to answer the survey questions related to the compliance with the information security policies by tracking their behavior while using the system.
Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.
Towards a Structured Information Security Awareness Programmetulipbiru64
Paper presented by Mohd Nabil Zulhemay, Rohama Mohamad Rashid and Omar Zakaria at the 4th PERPUN International Conference 2015: Information Revolution, 11-12th August 2015 at Avillion Legacy Hotel, Melaka.
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...IJNSA Journal
Computers are crucial instruments providing a competitive edge to organizations that have adopted them. Their pervasive presence has presented a novel challenge to information security, specifically threats emanating from privileged employees. Various solutions have been tried to address the vice, but no exhaustive solution has been found. Due to their elusive nature, proactive strategies have been proposed of which detection using Machine Learning models has been favoured. The choice of algorithm, datasets and metrics are cornerstones of model performance and hence, need to be addressed. Although multiple studies on ML for insider threat detection have been done, none has provided a comprehensive analysis of algorithms, datasets and metrics for development of Insider Threat Detection models. This study conducts a comprehensive systematic literature review using reputable databases to answer the research questions posed. Search strings, inclusion and exclusion criteria were set for eligibility of articles published in the last decade.
A Bring Your Own Device Risk Assessment ModelCSCJournals
Bring Your Own Device (BYOD), a technology where individuals or employees use their own devices on the organization’s network to perform tasks assigned to them by the organization has been widely embraced. The reasons for adoption are diverse in every organization. In spite of the security control strategies implemented by these organizations to safeguard their information resources, there has been an upsurge in information security breaches as a result of existing vulnerabilities in these systems and the legacy systems in use. Various approaches have been employed to deal with security challenges in BYOD, but according to literature, risk assessment has proved to be the first key step towards improving security of the BYOD environment in an enterprise. Risk assessment models have been proposed by various researchers, although, most are largely influenced by the degree of technological advancement and utilization as well as the working cultures within institutions. The existing models were largely developed in technologically advanced countries and thus do not fit well in developing countries. This study sought to develop flexible BYOD risk assessment model that can be adopted by varied institutions to secure their information resources. The study was carried out in Five (5) purposively selected state universities in Kenya. The research adopted a mixed research design approach with mixed sampling technique utilized to select the participants. Reliability and validity of data collection tools were evaluated and recommended by IT security and network experts. The qualitative and quantitative data was collected by interviewing experts and administering a questionnaire to sampled participants. The developed model was validated both statistically and by experts. The findings revealed that threats and vulnerabilities contributed to 39.9% and 69.2% respectively to the risk of the BYOD environment while Data Encryption (DE) and Software Updates (SU) came out strongly as intervening variables which have a major impact on the relationship between the dependent and independent variables.
Appling tracking game system to measure user behavior toward cybersecurity p...IJECEIAES
Institutions wrestle to protect their information from threats and cybercrime. Therefore, it is dedicating a great deal of their concern to improving the information security infrastructure. Users’ behaviors were explored by applying traditional questionnaire as a research instrument in data collocate process. But researchers usually suffer from a lack of respondents' credibility when asking someone to fill out a questionnaire, and the credibility may decline further if the research topic relates to aspects of the use and implementation of information security policies. Therefore, there is insufficient reliability of the respondent's answers to the questionnaire’s questions, and the responses might not reflect the actual behavior based on the human bias when facing the problems theoretically. The current study creates a new idea to track and study the behavior of the respondents by building a tracking game system aligned with the questionnaire whose results are required to be known. The system will allow the respondent to answer the survey questions related to the compliance with the information security policies by tracking their behavior while using the system.
Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxjeanettehully
Running head: POLICIES FOR MANAGING PRIVACY
1
POLICIES FOR MANAGING PRIVACY
5
Online Policies for Enabling Financial Companies to Manage Privacy Issues
Name: Sunil Kumar Parisa
Date:03/29/2020
University of Cumberland’s
ABSTRACT
Financial companies are under constant threats in the face of cyber-attacks, which are growing by the day. The companies usually implement measures that primarily focus on the deployment of technologies for suppressing the attacks. They do not consider user policies as essential elements that help curb the vulnerabilities. The policies put in place have a low level of enforceability, which lowers the impact of the plans. The research project will determine the relationship between policy enforceability and the vulnerabilities posed to a system by the internal and external users.
INTRODUCTION
Business companies in the financial sector have the responsibility of ensuring the data that belong to the customers are fully protected. Cyber-crimes are on the rise, and the approaches employed today are not entirely practical. Technological tools and measures are not efficient. They should be complemented by the behavioral standards that suppress the vulnerabilities in all the IT domains (Vincent, Higgs & Pinsker, 2015). Enforceable policies will ensure there is an integration of behavioral and technological measures for promoting data security and privacy.
LITERATURE REVIEW
Financial companies usually emphasize policies that guide the collection of customer and storage as well as access to the data by the internal and external users. These policies are relevant as they promote best practices at both levels. The companies have a belief that these are the areas that need closer monitoring and evaluation. However, the policies put in place are not always enforceable. A lack of enforceability creates a situation where the desired outcomes are not realized (Yeganeh, 2019). It explains why data breaches are still experienced even after such policies are formulated and implemented.
RESEARCH METHOD
To investigate the relationship between enforceability of the policies and the vulnerabilities that business organizations are exposed to, a case study method will be used. It is an essential tool that helps determine a causal relationship (White & McBurney, 2012). Also, it will provide insights that will inform the recommendations that need to be considered by the multiple business organizations in the financial sector. Credible data that are free of confounding variables must be collected, analyzed, and inferences drawn. Two data collection procedures will be utilized as follows.
i. Semi-structured interviews will be conducted to collect diverse data on the design and implementation of user and online policies. The interviewees will offer data that expound on the security and privacy positions of the systems.
ii. Independent observations will be made to inform the behaviors of the users, both internally and externally. The observation ...
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxglendar3
Running head: POLICIES FOR MANAGING PRIVACY
1
POLICIES FOR MANAGING PRIVACY
5
Online Policies for Enabling Financial Companies to Manage Privacy Issues
Name: Sunil Kumar Parisa
Date:03/29/2020
University of Cumberland’s
ABSTRACT
Financial companies are under constant threats in the face of cyber-attacks, which are growing by the day. The companies usually implement measures that primarily focus on the deployment of technologies for suppressing the attacks. They do not consider user policies as essential elements that help curb the vulnerabilities. The policies put in place have a low level of enforceability, which lowers the impact of the plans. The research project will determine the relationship between policy enforceability and the vulnerabilities posed to a system by the internal and external users.
INTRODUCTION
Business companies in the financial sector have the responsibility of ensuring the data that belong to the customers are fully protected. Cyber-crimes are on the rise, and the approaches employed today are not entirely practical. Technological tools and measures are not efficient. They should be complemented by the behavioral standards that suppress the vulnerabilities in all the IT domains (Vincent, Higgs & Pinsker, 2015). Enforceable policies will ensure there is an integration of behavioral and technological measures for promoting data security and privacy.
LITERATURE REVIEW
Financial companies usually emphasize policies that guide the collection of customer and storage as well as access to the data by the internal and external users. These policies are relevant as they promote best practices at both levels. The companies have a belief that these are the areas that need closer monitoring and evaluation. However, the policies put in place are not always enforceable. A lack of enforceability creates a situation where the desired outcomes are not realized (Yeganeh, 2019). It explains why data breaches are still experienced even after such policies are formulated and implemented.
RESEARCH METHOD
To investigate the relationship between enforceability of the policies and the vulnerabilities that business organizations are exposed to, a case study method will be used. It is an essential tool that helps determine a causal relationship (White & McBurney, 2012). Also, it will provide insights that will inform the recommendations that need to be considered by the multiple business organizations in the financial sector. Credible data that are free of confounding variables must be collected, analyzed, and inferences drawn. Two data collection procedures will be utilized as follows.
i. Semi-structured interviews will be conducted to collect diverse data on the design and implementation of user and online policies. The interviewees will offer data that expound on the security and privacy positions of the systems.
ii. Independent observations will be made to inform the behaviors of the users, both internally and externally. The observation.
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxtodd581
Running head: POLICIES FOR MANAGING PRIVACY
1
POLICIES FOR MANAGING PRIVACY
5
Online Policies for Enabling Financial Companies to Manage Privacy Issues
Name: Sunil Kumar Parisa
Date:03/29/2020
University of Cumberland’s
ABSTRACT
Financial companies are under constant threats in the face of cyber-attacks, which are growing by the day. The companies usually implement measures that primarily focus on the deployment of technologies for suppressing the attacks. They do not consider user policies as essential elements that help curb the vulnerabilities. The policies put in place have a low level of enforceability, which lowers the impact of the plans. The research project will determine the relationship between policy enforceability and the vulnerabilities posed to a system by the internal and external users.
INTRODUCTION
Business companies in the financial sector have the responsibility of ensuring the data that belong to the customers are fully protected. Cyber-crimes are on the rise, and the approaches employed today are not entirely practical. Technological tools and measures are not efficient. They should be complemented by the behavioral standards that suppress the vulnerabilities in all the IT domains (Vincent, Higgs & Pinsker, 2015). Enforceable policies will ensure there is an integration of behavioral and technological measures for promoting data security and privacy.
LITERATURE REVIEW
Financial companies usually emphasize policies that guide the collection of customer and storage as well as access to the data by the internal and external users. These policies are relevant as they promote best practices at both levels. The companies have a belief that these are the areas that need closer monitoring and evaluation. However, the policies put in place are not always enforceable. A lack of enforceability creates a situation where the desired outcomes are not realized (Yeganeh, 2019). It explains why data breaches are still experienced even after such policies are formulated and implemented.
RESEARCH METHOD
To investigate the relationship between enforceability of the policies and the vulnerabilities that business organizations are exposed to, a case study method will be used. It is an essential tool that helps determine a causal relationship (White & McBurney, 2012). Also, it will provide insights that will inform the recommendations that need to be considered by the multiple business organizations in the financial sector. Credible data that are free of confounding variables must be collected, analyzed, and inferences drawn. Two data collection procedures will be utilized as follows.
i. Semi-structured interviews will be conducted to collect diverse data on the design and implementation of user and online policies. The interviewees will offer data that expound on the security and privacy positions of the systems.
ii. Independent observations will be made to inform the behaviors of the users, both internally and externally. The observation.
Presentation on the analysis of cybersecurity capacity building, finding a clear impact of capacity building on a reduction in end user problems and enhanced use by individuals, governments, and business.
Economic Security of the Enterprise Within the Conditions of Digital Transfor...Igor Britchenko
n the context of the digital economy development, the priority component of the economic security of an enterprise is changing from material to digital, constituting an independent element of enterprise security. The relevance of the present research is driven by the need to solve the issue of modernizing the economic security of the enterprise taking into account the new risks and opportunities of digitalization. The purpose of the academic paper lies in identifying the features of preventing internal and external negative influences (threats) in order to guarantee the effective and stable functioning and dynamic social development of the enterprise in the context of digitalization. The research methods are as follows: general scientific research methods, in particular, logical analysis, theoretical substantiation, methods of induction and deduction, formalization and generalization, statistical observation. Results. It has been proposed to introduce the concept of “digital security of the enterprise” for replacing the concept of “information component of economic security” in order to bring the terminology in line with new economic realities. The implementation of the “black box” model has made it possible to identify the latest risks and threats to the economic security of an enterprise within the conditions of the digitalization that differs from the existing ones. The assessment of enterprises’ digital security of the European Union member states has revealed that the digital security level does not depend on the size of the country, however, it is influenced by the institutional environment (in particular, digital development tools in the EU) and the size of enterprises. Also, within the research framework, an assessment of the digital security level of enterprises in the context of digitalization has been proposed. In order to characterize enterprises by the level of digital security, a calculation procedure using the coefficient method has been proposed.
Over the past several years, companies are pairing diversity efforts with inclusion initiatives and roles
surrounding innovations that promote diversity of thought [13]. However, much return on investment (ROI) focus
has been on business and corporate functioning in general, but not on specifics related to information governance
(IG). We address this research gap byconsidering various return on investment (ROI) metrics and what might
ground the benefits of diversity and inclusion initiatives related to IG policy. Then, wesuggest what the results
mean in terms of changing and influencing current industry practices.:
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
This is the most essential programme of the year around the dangers of cybercrime and how to manage safety within the most indispensable digital sphere & technology system. The reason is that, “Looking beyond Internet of Things (IoT) to Internet of Everything there is a potential market that is approximately $14.4 trillion and over 99% of physical devices are still unconnected.” ~Mo Dawson. Your participation give you golden access to a transcending Cyberspace picture, enhanced solution oriented capabilities as an ICT expert or practitioner, Telecommunications Corporates & Companies
Personnel, Aviation ICT Officials, Other Transportation controls network hubs, Business dealer in Cyberspace services provider or supplier, Academicians and researchers, Government Departments & Public service ICT systems Officials & staff, Students, general ICT security involvement and on top of that your enhanced multidimensional scope & prosperity out of this untapped gold mine is guaranteed.
Recapitulating the development initiatives of a robust information security s...IOSR Journals
Abstract: Most current information security systems performance vary with the nature of the filed its being
operating. With an increased emphasizes on the adoption of security tools and technologies, the anomalies and
intrusion are mostly said defined to be detected on system's algorithm, when most systems have well defined
mechanism for rapid reaction and identification of intrusions. However, despite this support for anomaly
detection, this is usually limited and often require a full recompilation of the system to deploy a comprehensive
framework of security governance, strategies and practices employing the policies in implementation.
As a result, the absence of a robust security framework securing both the education and corporate
resources has heightened the tension for a strategic information security solutions which might ends with cost,
complexities and cumbersome to develop. This paper thereby presents an alternative comprehensive system
namely RITS-B which accommodates both the nature of education and organizations without a need to for a
further modification. Implication of the proposed approach at real time depicts its suitability in the arena of
concern.
Keywords: Information Security, Governance, Strategies, Practices, Regional Cultures and Believes.
In the era of data-driven warfare, the integration of big data and machine learning (ML) techniques has
become paramount for enhancing defence capabilities. This research report delves into the applications of
big data and ML in the defence sector, exploring their potential to revolutionize intelligence gathering,
strategic decision-making, and operational efficiency. By leveraging vast amounts of data and advanced
algorithms, these technologies offer unprecedented opportunities for threat detection, predictive analysis,
and optimized resource allocation. However, their adoption also raises critical concerns regarding data
privacy, ethical implications, and the potential for misuse. This report aims to provide a comprehensive
understanding of the current state of big data and ML in defence, while examining the challenges and
ethical considerations that must be addressed to ensure responsible and effective implementation.
Trends in Network and Wireless Network Security in 2020IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Most trending articles 2020 - International Journal of Network Security & Its...IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Michael Goldsmith and I presented an overview of cybersecurity capacity building and current research findings for delegates from across the Commonwealth nations. The first section of slides introduces the Global Cyber Security Capacity Centre (GCSCC), and the second part presents a comparative analysis of the status and impact of capacity building.
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxMargenePurnell14
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
Walid Al-Ahmad, Bassil Mohammed, Vol. 2, No. 2
28
Addressing Information Security Risks by Adopting
Standards
Walid Al-Ahmad*‡, Bassil Mohammad**
*Computer Science Department, Faculty of Arts and Science, Gulf University for Science & Technology, Kuwait
**Ernst & Young, Amman, Jordan
‡
P.O.Box 7207 Hawally, 32093 Kuwait, Tel: +96525307321, Fax: +965 25307030, e-mail: [email protected]
Abstract- Modern society depends on information technology in nearly every facet of human activity including, finance,
transportation, education, government, and defense. Organizations are exposed to various and increasing kinds of risks,
including information technology risks. Several standards, best practices, and frameworks have been created to help
organizations manage these risks. The purpose of this research work is to highlight the challenges facing enterprises in their
efforts to properly manage information security risks when adopting international standards and frameworks. To assist in
selecting the best framework to use in risk management, the article presents an overview of the most popular and widely used
standards and identifies selection criteria. It suggests an approach to proper implementation as well. A set of recommendations
is put forward with further research opportunities on the subject.
Keywords- Information security; risk management; security frameworks; security standards; security management.
1. Introduction
The use of technology is increasingly covering
most aspects of our daily life. Businesses which
are heavily dependent on this technology use
information systems which were designed and
implemented with concentration on functionality,
costs reduction and ease of use. Information
security was not incorporated early enough into
systems and only recently has it started to get the
warranted attention. Accordingly, there is a need to
identify and manage these hidden weaknesses,
referred to as systems vulnerabilities, and to limit
their damaging impact on the information systems
integrity, confidentiality, and availability.
Vulnerabilities are exploited by attacks which are
becoming more targeted and sophisticated.
Attacking techniques and methods are virtually
countless and are evolving tremendously [1, 2].
In any enterprise, information security risks
must be identified, evaluated, analyzed, treated and
properly reported. Businesses that fail in
identifying the risks associated with the
technology they use, the people they employ, or
the environment where they operate usually
subject their business to unforeseen consequences
that might result in severe damage to the business
[3]. Therefore, it is critical to establish reliable
information security risk assessment and treatment
frameworks to guide organizations during the risk
management process.
Because risks cannot be complete.
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxbagotjesusa
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
Walid Al-Ahmad, Bassil Mohammed, Vol. 2, No. 2
28
Addressing Information Security Risks by Adopting
Standards
Walid Al-Ahmad*‡, Bassil Mohammad**
*Computer Science Department, Faculty of Arts and Science, Gulf University for Science & Technology, Kuwait
**Ernst & Young, Amman, Jordan
‡
P.O.Box 7207 Hawally, 32093 Kuwait, Tel: +96525307321, Fax: +965 25307030, e-mail: [email protected]
Abstract- Modern society depends on information technology in nearly every facet of human activity including, finance,
transportation, education, government, and defense. Organizations are exposed to various and increasing kinds of risks,
including information technology risks. Several standards, best practices, and frameworks have been created to help
organizations manage these risks. The purpose of this research work is to highlight the challenges facing enterprises in their
efforts to properly manage information security risks when adopting international standards and frameworks. To assist in
selecting the best framework to use in risk management, the article presents an overview of the most popular and widely used
standards and identifies selection criteria. It suggests an approach to proper implementation as well. A set of recommendations
is put forward with further research opportunities on the subject.
Keywords- Information security; risk management; security frameworks; security standards; security management.
1. Introduction
The use of technology is increasingly covering
most aspects of our daily life. Businesses which
are heavily dependent on this technology use
information systems which were designed and
implemented with concentration on functionality,
costs reduction and ease of use. Information
security was not incorporated early enough into
systems and only recently has it started to get the
warranted attention. Accordingly, there is a need to
identify and manage these hidden weaknesses,
referred to as systems vulnerabilities, and to limit
their damaging impact on the information systems
integrity, confidentiality, and availability.
Vulnerabilities are exploited by attacks which are
becoming more targeted and sophisticated.
Attacking techniques and methods are virtually
countless and are evolving tremendously [1, 2].
In any enterprise, information security risks
must be identified, evaluated, analyzed, treated and
properly reported. Businesses that fail in
identifying the risks associated with the
technology they use, the people they employ, or
the environment where they operate usually
subject their business to unforeseen consequences
that might result in severe damage to the business
[3]. Therefore, it is critical to establish reliable
information security risk assessment and treatment
frameworks to guide organizations during the risk
management process.
Because risks cannot be complete.
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxjeanettehully
Running head: POLICIES FOR MANAGING PRIVACY
1
POLICIES FOR MANAGING PRIVACY
5
Online Policies for Enabling Financial Companies to Manage Privacy Issues
Name: Sunil Kumar Parisa
Date:03/29/2020
University of Cumberland’s
ABSTRACT
Financial companies are under constant threats in the face of cyber-attacks, which are growing by the day. The companies usually implement measures that primarily focus on the deployment of technologies for suppressing the attacks. They do not consider user policies as essential elements that help curb the vulnerabilities. The policies put in place have a low level of enforceability, which lowers the impact of the plans. The research project will determine the relationship between policy enforceability and the vulnerabilities posed to a system by the internal and external users.
INTRODUCTION
Business companies in the financial sector have the responsibility of ensuring the data that belong to the customers are fully protected. Cyber-crimes are on the rise, and the approaches employed today are not entirely practical. Technological tools and measures are not efficient. They should be complemented by the behavioral standards that suppress the vulnerabilities in all the IT domains (Vincent, Higgs & Pinsker, 2015). Enforceable policies will ensure there is an integration of behavioral and technological measures for promoting data security and privacy.
LITERATURE REVIEW
Financial companies usually emphasize policies that guide the collection of customer and storage as well as access to the data by the internal and external users. These policies are relevant as they promote best practices at both levels. The companies have a belief that these are the areas that need closer monitoring and evaluation. However, the policies put in place are not always enforceable. A lack of enforceability creates a situation where the desired outcomes are not realized (Yeganeh, 2019). It explains why data breaches are still experienced even after such policies are formulated and implemented.
RESEARCH METHOD
To investigate the relationship between enforceability of the policies and the vulnerabilities that business organizations are exposed to, a case study method will be used. It is an essential tool that helps determine a causal relationship (White & McBurney, 2012). Also, it will provide insights that will inform the recommendations that need to be considered by the multiple business organizations in the financial sector. Credible data that are free of confounding variables must be collected, analyzed, and inferences drawn. Two data collection procedures will be utilized as follows.
i. Semi-structured interviews will be conducted to collect diverse data on the design and implementation of user and online policies. The interviewees will offer data that expound on the security and privacy positions of the systems.
ii. Independent observations will be made to inform the behaviors of the users, both internally and externally. The observation ...
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxglendar3
Running head: POLICIES FOR MANAGING PRIVACY
1
POLICIES FOR MANAGING PRIVACY
5
Online Policies for Enabling Financial Companies to Manage Privacy Issues
Name: Sunil Kumar Parisa
Date:03/29/2020
University of Cumberland’s
ABSTRACT
Financial companies are under constant threats in the face of cyber-attacks, which are growing by the day. The companies usually implement measures that primarily focus on the deployment of technologies for suppressing the attacks. They do not consider user policies as essential elements that help curb the vulnerabilities. The policies put in place have a low level of enforceability, which lowers the impact of the plans. The research project will determine the relationship between policy enforceability and the vulnerabilities posed to a system by the internal and external users.
INTRODUCTION
Business companies in the financial sector have the responsibility of ensuring the data that belong to the customers are fully protected. Cyber-crimes are on the rise, and the approaches employed today are not entirely practical. Technological tools and measures are not efficient. They should be complemented by the behavioral standards that suppress the vulnerabilities in all the IT domains (Vincent, Higgs & Pinsker, 2015). Enforceable policies will ensure there is an integration of behavioral and technological measures for promoting data security and privacy.
LITERATURE REVIEW
Financial companies usually emphasize policies that guide the collection of customer and storage as well as access to the data by the internal and external users. These policies are relevant as they promote best practices at both levels. The companies have a belief that these are the areas that need closer monitoring and evaluation. However, the policies put in place are not always enforceable. A lack of enforceability creates a situation where the desired outcomes are not realized (Yeganeh, 2019). It explains why data breaches are still experienced even after such policies are formulated and implemented.
RESEARCH METHOD
To investigate the relationship between enforceability of the policies and the vulnerabilities that business organizations are exposed to, a case study method will be used. It is an essential tool that helps determine a causal relationship (White & McBurney, 2012). Also, it will provide insights that will inform the recommendations that need to be considered by the multiple business organizations in the financial sector. Credible data that are free of confounding variables must be collected, analyzed, and inferences drawn. Two data collection procedures will be utilized as follows.
i. Semi-structured interviews will be conducted to collect diverse data on the design and implementation of user and online policies. The interviewees will offer data that expound on the security and privacy positions of the systems.
ii. Independent observations will be made to inform the behaviors of the users, both internally and externally. The observation.
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxtodd581
Running head: POLICIES FOR MANAGING PRIVACY
1
POLICIES FOR MANAGING PRIVACY
5
Online Policies for Enabling Financial Companies to Manage Privacy Issues
Name: Sunil Kumar Parisa
Date:03/29/2020
University of Cumberland’s
ABSTRACT
Financial companies are under constant threats in the face of cyber-attacks, which are growing by the day. The companies usually implement measures that primarily focus on the deployment of technologies for suppressing the attacks. They do not consider user policies as essential elements that help curb the vulnerabilities. The policies put in place have a low level of enforceability, which lowers the impact of the plans. The research project will determine the relationship between policy enforceability and the vulnerabilities posed to a system by the internal and external users.
INTRODUCTION
Business companies in the financial sector have the responsibility of ensuring the data that belong to the customers are fully protected. Cyber-crimes are on the rise, and the approaches employed today are not entirely practical. Technological tools and measures are not efficient. They should be complemented by the behavioral standards that suppress the vulnerabilities in all the IT domains (Vincent, Higgs & Pinsker, 2015). Enforceable policies will ensure there is an integration of behavioral and technological measures for promoting data security and privacy.
LITERATURE REVIEW
Financial companies usually emphasize policies that guide the collection of customer and storage as well as access to the data by the internal and external users. These policies are relevant as they promote best practices at both levels. The companies have a belief that these are the areas that need closer monitoring and evaluation. However, the policies put in place are not always enforceable. A lack of enforceability creates a situation where the desired outcomes are not realized (Yeganeh, 2019). It explains why data breaches are still experienced even after such policies are formulated and implemented.
RESEARCH METHOD
To investigate the relationship between enforceability of the policies and the vulnerabilities that business organizations are exposed to, a case study method will be used. It is an essential tool that helps determine a causal relationship (White & McBurney, 2012). Also, it will provide insights that will inform the recommendations that need to be considered by the multiple business organizations in the financial sector. Credible data that are free of confounding variables must be collected, analyzed, and inferences drawn. Two data collection procedures will be utilized as follows.
i. Semi-structured interviews will be conducted to collect diverse data on the design and implementation of user and online policies. The interviewees will offer data that expound on the security and privacy positions of the systems.
ii. Independent observations will be made to inform the behaviors of the users, both internally and externally. The observation.
Presentation on the analysis of cybersecurity capacity building, finding a clear impact of capacity building on a reduction in end user problems and enhanced use by individuals, governments, and business.
Economic Security of the Enterprise Within the Conditions of Digital Transfor...Igor Britchenko
n the context of the digital economy development, the priority component of the economic security of an enterprise is changing from material to digital, constituting an independent element of enterprise security. The relevance of the present research is driven by the need to solve the issue of modernizing the economic security of the enterprise taking into account the new risks and opportunities of digitalization. The purpose of the academic paper lies in identifying the features of preventing internal and external negative influences (threats) in order to guarantee the effective and stable functioning and dynamic social development of the enterprise in the context of digitalization. The research methods are as follows: general scientific research methods, in particular, logical analysis, theoretical substantiation, methods of induction and deduction, formalization and generalization, statistical observation. Results. It has been proposed to introduce the concept of “digital security of the enterprise” for replacing the concept of “information component of economic security” in order to bring the terminology in line with new economic realities. The implementation of the “black box” model has made it possible to identify the latest risks and threats to the economic security of an enterprise within the conditions of the digitalization that differs from the existing ones. The assessment of enterprises’ digital security of the European Union member states has revealed that the digital security level does not depend on the size of the country, however, it is influenced by the institutional environment (in particular, digital development tools in the EU) and the size of enterprises. Also, within the research framework, an assessment of the digital security level of enterprises in the context of digitalization has been proposed. In order to characterize enterprises by the level of digital security, a calculation procedure using the coefficient method has been proposed.
Over the past several years, companies are pairing diversity efforts with inclusion initiatives and roles
surrounding innovations that promote diversity of thought [13]. However, much return on investment (ROI) focus
has been on business and corporate functioning in general, but not on specifics related to information governance
(IG). We address this research gap byconsidering various return on investment (ROI) metrics and what might
ground the benefits of diversity and inclusion initiatives related to IG policy. Then, wesuggest what the results
mean in terms of changing and influencing current industry practices.:
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
This is the most essential programme of the year around the dangers of cybercrime and how to manage safety within the most indispensable digital sphere & technology system. The reason is that, “Looking beyond Internet of Things (IoT) to Internet of Everything there is a potential market that is approximately $14.4 trillion and over 99% of physical devices are still unconnected.” ~Mo Dawson. Your participation give you golden access to a transcending Cyberspace picture, enhanced solution oriented capabilities as an ICT expert or practitioner, Telecommunications Corporates & Companies
Personnel, Aviation ICT Officials, Other Transportation controls network hubs, Business dealer in Cyberspace services provider or supplier, Academicians and researchers, Government Departments & Public service ICT systems Officials & staff, Students, general ICT security involvement and on top of that your enhanced multidimensional scope & prosperity out of this untapped gold mine is guaranteed.
Recapitulating the development initiatives of a robust information security s...IOSR Journals
Abstract: Most current information security systems performance vary with the nature of the filed its being
operating. With an increased emphasizes on the adoption of security tools and technologies, the anomalies and
intrusion are mostly said defined to be detected on system's algorithm, when most systems have well defined
mechanism for rapid reaction and identification of intrusions. However, despite this support for anomaly
detection, this is usually limited and often require a full recompilation of the system to deploy a comprehensive
framework of security governance, strategies and practices employing the policies in implementation.
As a result, the absence of a robust security framework securing both the education and corporate
resources has heightened the tension for a strategic information security solutions which might ends with cost,
complexities and cumbersome to develop. This paper thereby presents an alternative comprehensive system
namely RITS-B which accommodates both the nature of education and organizations without a need to for a
further modification. Implication of the proposed approach at real time depicts its suitability in the arena of
concern.
Keywords: Information Security, Governance, Strategies, Practices, Regional Cultures and Believes.
In the era of data-driven warfare, the integration of big data and machine learning (ML) techniques has
become paramount for enhancing defence capabilities. This research report delves into the applications of
big data and ML in the defence sector, exploring their potential to revolutionize intelligence gathering,
strategic decision-making, and operational efficiency. By leveraging vast amounts of data and advanced
algorithms, these technologies offer unprecedented opportunities for threat detection, predictive analysis,
and optimized resource allocation. However, their adoption also raises critical concerns regarding data
privacy, ethical implications, and the potential for misuse. This report aims to provide a comprehensive
understanding of the current state of big data and ML in defence, while examining the challenges and
ethical considerations that must be addressed to ensure responsible and effective implementation.
Trends in Network and Wireless Network Security in 2020IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Most trending articles 2020 - International Journal of Network Security & Its...IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Michael Goldsmith and I presented an overview of cybersecurity capacity building and current research findings for delegates from across the Commonwealth nations. The first section of slides introduces the Global Cyber Security Capacity Centre (GCSCC), and the second part presents a comparative analysis of the status and impact of capacity building.
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxMargenePurnell14
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
Walid Al-Ahmad, Bassil Mohammed, Vol. 2, No. 2
28
Addressing Information Security Risks by Adopting
Standards
Walid Al-Ahmad*‡, Bassil Mohammad**
*Computer Science Department, Faculty of Arts and Science, Gulf University for Science & Technology, Kuwait
**Ernst & Young, Amman, Jordan
‡
P.O.Box 7207 Hawally, 32093 Kuwait, Tel: +96525307321, Fax: +965 25307030, e-mail: [email protected]
Abstract- Modern society depends on information technology in nearly every facet of human activity including, finance,
transportation, education, government, and defense. Organizations are exposed to various and increasing kinds of risks,
including information technology risks. Several standards, best practices, and frameworks have been created to help
organizations manage these risks. The purpose of this research work is to highlight the challenges facing enterprises in their
efforts to properly manage information security risks when adopting international standards and frameworks. To assist in
selecting the best framework to use in risk management, the article presents an overview of the most popular and widely used
standards and identifies selection criteria. It suggests an approach to proper implementation as well. A set of recommendations
is put forward with further research opportunities on the subject.
Keywords- Information security; risk management; security frameworks; security standards; security management.
1. Introduction
The use of technology is increasingly covering
most aspects of our daily life. Businesses which
are heavily dependent on this technology use
information systems which were designed and
implemented with concentration on functionality,
costs reduction and ease of use. Information
security was not incorporated early enough into
systems and only recently has it started to get the
warranted attention. Accordingly, there is a need to
identify and manage these hidden weaknesses,
referred to as systems vulnerabilities, and to limit
their damaging impact on the information systems
integrity, confidentiality, and availability.
Vulnerabilities are exploited by attacks which are
becoming more targeted and sophisticated.
Attacking techniques and methods are virtually
countless and are evolving tremendously [1, 2].
In any enterprise, information security risks
must be identified, evaluated, analyzed, treated and
properly reported. Businesses that fail in
identifying the risks associated with the
technology they use, the people they employ, or
the environment where they operate usually
subject their business to unforeseen consequences
that might result in severe damage to the business
[3]. Therefore, it is critical to establish reliable
information security risk assessment and treatment
frameworks to guide organizations during the risk
management process.
Because risks cannot be complete.
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxbagotjesusa
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
Walid Al-Ahmad, Bassil Mohammed, Vol. 2, No. 2
28
Addressing Information Security Risks by Adopting
Standards
Walid Al-Ahmad*‡, Bassil Mohammad**
*Computer Science Department, Faculty of Arts and Science, Gulf University for Science & Technology, Kuwait
**Ernst & Young, Amman, Jordan
‡
P.O.Box 7207 Hawally, 32093 Kuwait, Tel: +96525307321, Fax: +965 25307030, e-mail: [email protected]
Abstract- Modern society depends on information technology in nearly every facet of human activity including, finance,
transportation, education, government, and defense. Organizations are exposed to various and increasing kinds of risks,
including information technology risks. Several standards, best practices, and frameworks have been created to help
organizations manage these risks. The purpose of this research work is to highlight the challenges facing enterprises in their
efforts to properly manage information security risks when adopting international standards and frameworks. To assist in
selecting the best framework to use in risk management, the article presents an overview of the most popular and widely used
standards and identifies selection criteria. It suggests an approach to proper implementation as well. A set of recommendations
is put forward with further research opportunities on the subject.
Keywords- Information security; risk management; security frameworks; security standards; security management.
1. Introduction
The use of technology is increasingly covering
most aspects of our daily life. Businesses which
are heavily dependent on this technology use
information systems which were designed and
implemented with concentration on functionality,
costs reduction and ease of use. Information
security was not incorporated early enough into
systems and only recently has it started to get the
warranted attention. Accordingly, there is a need to
identify and manage these hidden weaknesses,
referred to as systems vulnerabilities, and to limit
their damaging impact on the information systems
integrity, confidentiality, and availability.
Vulnerabilities are exploited by attacks which are
becoming more targeted and sophisticated.
Attacking techniques and methods are virtually
countless and are evolving tremendously [1, 2].
In any enterprise, information security risks
must be identified, evaluated, analyzed, treated and
properly reported. Businesses that fail in
identifying the risks associated with the
technology they use, the people they employ, or
the environment where they operate usually
subject their business to unforeseen consequences
that might result in severe damage to the business
[3]. Therefore, it is critical to establish reliable
information security risk assessment and treatment
frameworks to guide organizations during the risk
management process.
Because risks cannot be complete.
Similar to 2151049_SajjadOsman_PosterPresentation.pptx (20)
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Power-sharing Class 10 is a vital aspect of democratic governance. It refers to the distribution of power among different organs of government, levels of government, and social groups. This ensures that no single entity can control all aspects of governance, promoting stability and unity in a diverse society.
For more information, visit-www.vavaclasses.com
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
2151049_SajjadOsman_PosterPresentation.pptx
1. Student Name: Sajjad Osman | UOB ID: 2151049 | Unit Code: BSS056-6 | Submission Date: 10-March-2023
Poster presentation for Theory in to Practice Project Proposal
The impact of cyber threats in digital environment and the
implementation of corporate cybersecurity strategy to safeguard the
business in middle east region
2. Scope: Companies in middle east
region
Aim: Evaluation and Critical
analysis of the Impact of cyber
threats and implementation of
corporate cybersecurity strategy
to safeguard the business in
middle east region
Methodology:
1. Systematic review
2. Qualitative Analysis
3. Secondary data collection
Theories and framework:
1. Game theory
2. Fuzzy logic theory
3. Hypersecuritization
4. Risk management
5. Institutional theory
6. Corporate governance
Objectives:
1. Evaluate the key elements of
cyber threats
2. Analyse the impacts of cyber
attacks on business operations
3. Critically analyse the challenges
faced by the companies in MENA
region to implement an effective
cyber security measures
4. Propose most effective strategic
countermeasures to prevent the
cyber attacks to safeguard the
digital environments of the
companies in MENA region
Potential Outcome:
1. Awareness
2. Risk mitigation plan
3. Corporate governance and
strategies to secure business
from cyber threats
Evidences:
1. Need of impact analysis
2. Need of corporate
cybersecurity strategy
3. • Anderson, R., Barton, C., Böhme, R., Clayton, R., Van Eeten, M. J., Levi, M., Moore, T., & Savage, S. (2013). Measuring the cost of cybercrime.
WEIS, 2012, 265-200
• Björck, F. (2004). Institutional Theory: A New Perspective for Research into IS/IT Security in Organisations. Proceedings of the 37th Annual
Hawaii International Conference on System Sciences, Big Island, HI, 5-8 January 2004, 1-5.
https://doi.org/10.1109/HICSS.2004.1265444
• Bunker, G. (2012). Technology is not enough: Taking a holistic view for information assurance. Elsevier Information Security Technical Report
17, 19-25, retrieved from www.compeseconline.com/publications/prodinf.htm doi: http://dx.doi.org/10.1016/j.istr.2011.12.002.
• Davenport, T.H., & Prusak, L. (2000). Working knowledge: how organizations manage what they know.Boston MA: Harvard Business School
Press.
• E. Borgonovo, A. Cillo and C.L. Smith, Risk Analysis (2018)
• Gordon, L. A., Loeb, M. P., and Sohail, T. (2010). "Market value of voluntary disclosures concerning information security", MIS quarterly, 567-
594.
• Hovav, A., & D’Arcy, J. (2012). Applying an Extended Model of Deterrence Across Cultures: An Investigation of Information Systems Misuse in
the US and South Korea. Information & Management, 49, 99-110. https://doi.org/10.1016/j.im.2011.12.005
• Hughes, J., & Cybenko, G. (2013). Quantitative metrics and risk assessment: The three tenets model ofcybersecurity. Technology Innovation
Management Review, 3(8).
• Jirasek, V. (2012). Practical application of information security models. Elsevier Information Security Technical Report 17, 1-8.
doi:http://dx.doi.org/10.1016/j.istr.2011.12.004.
• James Shires, “Cybersecurity governance in the GCC,” In Rewired: Cybersecurity Governance, (2019): 2.
• Menz, M., Kunisch, S., Birkinshaw, J., Collis, D.J., Foss, N.J., Hoskisson, R.E. and Prescott, J.E. (2021), Corporate Strategy and the Theory of the
Firm in the Digital Age. J. Manage. Stud., 58: 1695-1720. https://doi.org/10.1111/joms.12760
References