Analysis of personal information security behavior and awareness
It's a developing portion of human security that aims at raising awareness concerning the dangers of fast-evolving information forms and emerging threats to the info which focuses on human character. Since threats have developed and information is developing value, attackers have upgraded their abilities and extended to broader intentions. Also, more means of making the attacks have as well developed (Öğütçü, Testik & Chouseinoglou, 2016). The attacks have evolved to circumvent processes and controls. Aggressors have focused and effectively exploited the character of humans to breach relevant infrastructure schemes and corporate networks. Individual who are unaware about the threats may circumvent traditional processes and security controls and cause organization breach. In reply, information security awareness is growing.
The main aim of the concept in the discussion is to enhance awareness to everyone and inform that they can be a victim of the threats and risk any time. Information security consciousness responds to developing cyber-attacks. Most of the time, people assume that security it's all about technical controls (Ki-Aries & Faily, 2017). But the fact is that people are the targets and the character they possess can cause risk or offer countermeasures in response to threats and risks. Awareness metrics are increasing at a high rate to know and amount people threat landscape. The increase also aims at reducing risks associated with organizations and weigh the effectiveness and expense of awareness as the countermeasure.
Most of the organizations don't invest a lot in information security. Few organizations pay attention to security issues. They tend to assume all is well so long as they have a password in their systems. However, this not trust because if an attack occurs, such kind of organization is likely to suffer a lot. Security is an essential plan any organization can adopt to minimize security threats resulting from workers. Awareness plan assists associates to understand that security it's not personal responsibility but everyone's' responsibility. Everyone should be careful when it comes to security because nobody can choose to be a victim, but they only find themselves (Ki-Aries & Faily, 2017). Employees should be accountable for the actions done under their empathies. Security awareness enforces effective means of how business computers can be handled.
A policy developed should give awareness about social media and other types of virus. Workers should be aware of necessary to be followed when using computers. Alternatively, Companies can plan to form interactive sessions for every worker to get to understand more about their security. Such kind of interactive sessions entails consciousness about new risks and measure to overcome them. The program of awareness won't be gainful if no punishment for those who violate rules. Employees who don't adhere to the pr ...
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Analysis of personal information security behavior and awareness.docx
1. Analysis of personal information security behavior and
awareness
It's a developing portion of human security that aims at raising
awareness concerning the dangers of fast-evolving information
forms and emerging threats to the info which focuses on human
character. Since threats have developed and information is
developing value, attackers have upgraded their abilities and
extended to broader intentions. Also, more means of making the
attacks have as well developed (Öğütçü, Testik &
Chouseinoglou, 2016). The attacks have evolved to circumvent
processes and controls. Aggressors have focused and effectively
exploited the character of humans to breach relevant
infrastructure schemes and corporate networks. Individual who
are unaware about the threats may circumvent traditional
processes and security controls and cause organization breach.
In reply, information security awareness is growing.
The main aim of the concept in the discussion is to enhance
awareness to everyone and inform that they can be a victim of
the threats and risk any time. Information security
consciousness responds to developing cyber-attacks. Most of the
time, people assume that security it's all about technical
controls (Ki-Aries & Faily, 2017). But the fact is that people
are the targets and the character they possess can cause risk or
offer countermeasures in response to threats and risks.
Awareness metrics are increasing at a high rate to know and
amount people threat landscape. The increase also aims at
reducing risks associated with organizations and weigh the
effectiveness and expense of awareness as the countermeasure.
Most of the organizations don't invest a lot in information
security. Few organizations pay attention to security issues.
They tend to assume all is well so long as they have a password
in their systems. However, this not trust because if an attack
occurs, such kind of organization is likely to suffer a lot.
2. Security is an essential plan any organization can adopt to
minimize security threats resulting from workers. Awareness
plan assists associates to understand that security it's not
personal responsibility but everyone's' responsibility. Everyone
should be careful when it comes to security because nobody can
choose to be a victim, but they only find themselves (Ki-Aries
& Faily, 2017). Employees should be accountable for the
actions done under their empathies. Security awareness enforces
effective means of how business computers can be handled.
A policy developed should give awareness about social media
and other types of virus. Workers should be aware of necessary
to be followed when using computers. Alternatively, Companies
can plan to form interactive sessions for every worker to get to
understand more about their security. Such kind of interactive
sessions entails consciousness about new risks and measure to
overcome them. The program of awareness won't be gainful if
no punishment for those who violate rules. Employees who
don't adhere to the program should be reported for necessary
action to be taken. This will prevent such kind activities from
occurring from time to time.
References:
Öğütçü, G., Testik, Ö., & Chouseinoglou, O. (2016). Analysis
of personal information security behaviour and awareness.
Computers & Security, 56, 83-93. Doi:
10.1016/j.cose.2015.10.002
New Trends in Cybersecurity
In today's world, there are many new trends in the market. I
would like to discuss Business & cybercriminals with Artificial
intelligence that is taking centre stage in cybersecurity and
consists of Machine learning which has the potential to identify
and also to respond to the threats that occur. (Harlal et.al
2017)By the new technologies that will get more efficient for
protecting the customers and processing and prioritizing the
3. data and ascertaining with the threats in real ..
By Artificial intelligence and the machine learning that helps
with the huge the volume of the data into actionable insights
they can tangibly improve the organization cybersecurity
efforts, Also cybercriminals will also have to leverage them to
launch sophisticated attacks via Artificial intelligence botnets
and also better design phishing attacks etc(Atul Harilal,)
The design and outcome of the gamified competition that was
devised in order to obtain a data set that is containing realistic
instances of insider threats. The competition simulated user
interactions are among competing companies where two types of
behaviours that are incentivized. There are designed sessions
for two types of insider threats .in today's world insider has the
potential to bring harm to the organization in which they work.
Consisting knowledge of the edge of the insider.
In particular the detection of masqueraders that have been
studied actively since the work, who profiled that the
interaction of the various users in the Unix operating system .by
recording commands issued in a shell. The datasets were often
used to evaluate algorithms that are addressed user
authorization which is related but not equivalent to the
masquerader detection on the other side the existing data sets in
which the malicious data were collected either by synthetic
dataset etc. It is important to know about the potential risks of
the threats that have the potential to bring harm to the
organization.
Collected dataset: The collected data set is about the user
interactions in a simultaneous corporate environment and whose
purpose was to provide a comprehensive data set containing
interactive malicious insider threat activities involving both
masquerader traitors.
The collected data from several heterogeneous sources as an
attempt to study their cumulative effect for detection of
malicious attacks. Also, the data sets have been anonymized in
order to not reveal any privacy-sensitive information. During
the competition that was also observed some interesting events
4. .as such as the teams deploying effective countermeasures that
protected their assets from masquerade attacks. The overall
review about the insider threat and defense solutions, in
particular, are the divided commonly used the datasets for the
five categories. Masquerader based, traitor based, miscellaneous
malicious, substituted masqueraders etc.
Also which yields malicious and benign branches for the
malicious intent branch, by the manner in which the policy
violation was executed either by the user of the legitimate user's
branch by the manner in which the policy volition was executed
either by the user of legitimate users access .by obtaining
unauthorized access or when both of the cased are included in a
dataset separately
References:
https://www.researchgate.net/publication/320745933_TWOS_A
_Dataset_of_Malicious_Insider_Threat_Behavior_Based_on_a_
Gamified_Competition
https://www.cisecurity.org/blog/cybersecurity-trends-for-2019/
Internet of Things and its Security challenges:
Internet of things (IoT) may be referred to as powerful
technological advancements which are meant to ease real-time
interactions between objects from all points. In other words, the
internet of things is the connector between people and things.
For example, the use of technology may be applicable to areas
such as a kitchen for cooking the right food and at the right
time. Another example of the use of IoT may be applicable by a
car whereby it can sense a problem available to a car and even
detect nearby mechanics. However, much it may be useful to
human nature, it has been faced by numerous challenges. This
paper gives a discussion on some security challenges which are
associated with the internet of things.
To begin with, there is a challenge to the integrity of data.
Connectivity of internet of things to devices is very high
5. (Alkhalil & Ramadan, 2017). One may manipulate data from all
other points if they try manipulation of other areas of data.
When information is manipulated, it may affect other areas such
as the main server. With information about data manipulation,
one may use tactics such as having a central point for data
manipulation in order to ensure integrity.
Another challenge is the capability of encryption of data. Some
means of data encryption may be a continuous process (Alkhalil
& Ramadan, 2017). Processing data using IoT may not be
possible since data sensors may be weak. The capability of data
encryption is therefore done in the prevention of firewalls and
device segregation. Also, there may issue of privacy. IoT is a
connection between different devices such as data exchange
between platforms, devices, and consumers (Alkhalil &
Ramadan, 2017). Gathering of data is possible when information
is improved on decision making and better service provision.
Also, privacy issues may make the security of data higher. With
this information, most organizations can improve data security
while increasing their security.
Another challenge of the internet of things is evident by the use
of a common framework (Alkhalil & Ramadan, 2017). The
framework to all companies and organizations is managed by
individual company’s staff, therefore, there is no common mode
of information management. This problem can be solved when
different organizations and companies have a common
standardized framework.
Also, automation of the internet of things is another challenge.
Devices that use IoT have to be dealt with from different areas
(Banafa, 2016). Management of data may not be possible when
huge amounts of data are not well secured. However, getting a
way of automation of IoT will overcome the challenge.
A different challenge of IoT is on updates. It is not easy to
manage billions of devices that use IoT on the way they are
getting updated (Banafa, 2016). At times, not all devices that
use IoT can easily be updated thus giving a major challenge.
Some of them can be updated through manual means. Also, it is
6. necessary for one to keep tracking on available updates
otherwise IoT would not be helpful to device users when it does
not feature requirements. Process of taking action on updates
will always be time-consuming and therefore one has to have
enough time to keep track of updates.
In conclusion, with adequate knowledge of IoT, it is possible to
curb the current issues and device different ways in which one
can easily manage the problems. In addition, when information
on threats can be notified on time, it is easy for one to manage
them. Challenges facing IoT can easily be solved with a number
of steps being taken.
References:
Alkhalil, A., & Ramadan, R. A. (2017). IoT data provenance
implementation challenges. Procedia Computer Science, 109,
1134-1139.
Banafa, A. (2016). IoT standardization and implementation
challenges. IEEE Internet of Things Newsletter.
Smartphones risks and vulnerabilities:
As per Su, Wang, Liu, Choi & Choi, (2018), the threats of the
security in the smartphones have found to be constantly
changing as per to the circumstances and also of the
technological advancements that consist of the technical support
like the specifications in the smartphone devices and also of the
network infrastructures. Therefore from preventing the damage
from the focus of the emerging threat have been given by the
researchers to develop alternative solutions. It had been
observed that our world is turning into the society which
depends upon the smartphones. The users utilize the
smartphones for their regular activities like for online banking
services, purchasing things, for sending texts and also surfing
the internet for gathering knowledge.
Emerging security threats:
7. With the rise in the uses of smartphones by the user's
individuals used to carry out their personal services by logging
through the ID password in any place from their smartphones.
However, there found to rise in an emerging threat about
security within the smartphones. The risks and vulnerabilities
which the smartphone faces are of two types such as owner side
and device side. In context to the owner side, the individual
errors are the issues which occur by the individual mistakes.
Basically, the users used to utilize the smartphones without
getting aware of the intruders thereby the intruders get the
chances for gathering the valuable information. On the other
hand in regard to the device side, the smartphones possess the
AMOLED or LED screen size of 4 or 5 inches. Hence the
touchscreen uses to provide the input devices for
communicating with the owner and the owner used to put details
through the touchscreen for communicating with smartphones.
Thus through this way, the vulnerabilities used to occur. The
intruders used to attack smartphones through recording. This
attack has been caused by observing the secret information of
the users by non-direct and direct optical devices. In addition,
most of the security issues occur for the smartphones by
attacking the sensor of the devices by the intruders. The
intruders also attack the smartphones by guessing with the
embedded sensors. Simulating of the similar devices the hackers
used to guess the accurate shape of the pattern lock for leaking
out of the information.
Effective counter measures:
For ensuring the safety of the attacks on the smartphones the
researchers have proposed various mechanisms as well as ideas.
Hence the various countermeasures which the researchers have
researched for securing the threats are by pattern password,
graphical password, and keystroke dynamics. Through the
conventional authentication of the password procedure that
mainly based on the QWERTY structure of the keypad. So with
the utilization of the graphical passwords, the users do not
require in remembering the sequences and also of the text
8. information. In order to cope with the attacks of the intruders
the pattern authentication procedure have been utilized and it is
also a graphic based hence it provides the benefits of the users
about the graphical password. Apart from this the keystroke
authentication could be used for safeguarding the data of the
smartphones.
References:
Su, X., Wang, Z., Liu, X., Choi, C., & Choi, D. (2018). Study to
improve security for IoT smart device controller: drawbacks and
countermeasures. Security and Communication Networks, 2018.