Nowadays, most universities offer free Internet connections, access to scientific databases, and advanced computer networks for the members of their community, which generates dynamic and complex scenarios. In this context, it is necessary to define proactive security strategies, as well as the integration of technology and research. This work presents a general vision of the experience adopted by the universities in the field of information security management using cognitive security.
CAPTURE THE TALENT: SECONDARY SCHOOL EDUCATION WITH CYBER SECURITY COMPETITIONSijfcstjournal
Recent advances in computing have caused cyber security to become an increasingly critical issue that
affects our everyday life. Both young and old in society are exposed to benefits and dangers that
accompany technological advance. Cyber security education is a vital part of reducing the risks associated
with cyber-threats. This is particularly important for current and future youth, who are the most
technology-literate generations. Many research studies and competitions have been undertaken around the
world to emphasize and identify the significance of cyber security as a relevant and pressing research area.
Cyber security competitions are great means of raising interest in the young generation and attracting them
to educational programmes in this area. These competitions show the need for cyber security to be taught
as a formal subject in secondary schools to enhance the effectiveness of computer science concepts in cyber
space. This paper presents an effective educational approach, justifying such competitions as a means of
introducing cyber security as a computer science subject for New Zealand secondary school students, and
also presents methods of implementation.
June 2020: Top Read Articles in Advanced Computingacijjournal
Advanced Computing: An International Journal (ACIJ) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the advanced computing. The journal focuses on all technical and practical aspects of high performance computing, green computing, pervasive computing, cloud computing etc. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding advances in computing and establishing new collaborations in these areas.
Authors are solicited to contribute to the journal by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the areas of computing.
Security in Learning Management Systems: Designing Collaborative Learning Act...eLearning Papers
Authors: Jorge Miguel Moneo, Santi Caballé, Josep Prieto-Blázquez
The field of research on information technology applications in the design of computer supported collaborative learning (CSCL) activities generates very complex scenarios which must be studied from different approaches. One approach is to consider information security, but not only from a technological point of view.
A novel secure e contents system for multi-media interchange workflows in e-l...IJCNCJournal
The goal of e-learning is to benefit from the capabilities offered by new information technology (such as
remote digital communications, multimedia, internet, cell phones, teleconferences, etc.) and to enhance the
security of several government organizations so as to take into considerations almost all the contents of elearning
such as: information content, covering most of citizens or state firms or corporations queries.
Content provides a service to provide most if not all basic and business services; content of communicative
link provides the citizen and the state agencies together all the time and provides content security for all
workers on this network to work in securely environment. Access to information as well is safeguarded. The
main objective of this research is to build a novel multi-media security system (encrypting / decrypting
system) that will enable E-learning to exchange more secured multi-media data/information.
Recapitulating the development initiatives of a robust information security s...IOSR Journals
Abstract: Most current information security systems performance vary with the nature of the filed its being
operating. With an increased emphasizes on the adoption of security tools and technologies, the anomalies and
intrusion are mostly said defined to be detected on system's algorithm, when most systems have well defined
mechanism for rapid reaction and identification of intrusions. However, despite this support for anomaly
detection, this is usually limited and often require a full recompilation of the system to deploy a comprehensive
framework of security governance, strategies and practices employing the policies in implementation.
As a result, the absence of a robust security framework securing both the education and corporate
resources has heightened the tension for a strategic information security solutions which might ends with cost,
complexities and cumbersome to develop. This paper thereby presents an alternative comprehensive system
namely RITS-B which accommodates both the nature of education and organizations without a need to for a
further modification. Implication of the proposed approach at real time depicts its suitability in the arena of
concern.
Keywords: Information Security, Governance, Strategies, Practices, Regional Cultures and Believes.
A Bring Your Own Device Risk Assessment ModelCSCJournals
Bring Your Own Device (BYOD), a technology where individuals or employees use their own devices on the organization’s network to perform tasks assigned to them by the organization has been widely embraced. The reasons for adoption are diverse in every organization. In spite of the security control strategies implemented by these organizations to safeguard their information resources, there has been an upsurge in information security breaches as a result of existing vulnerabilities in these systems and the legacy systems in use. Various approaches have been employed to deal with security challenges in BYOD, but according to literature, risk assessment has proved to be the first key step towards improving security of the BYOD environment in an enterprise. Risk assessment models have been proposed by various researchers, although, most are largely influenced by the degree of technological advancement and utilization as well as the working cultures within institutions. The existing models were largely developed in technologically advanced countries and thus do not fit well in developing countries. This study sought to develop flexible BYOD risk assessment model that can be adopted by varied institutions to secure their information resources. The study was carried out in Five (5) purposively selected state universities in Kenya. The research adopted a mixed research design approach with mixed sampling technique utilized to select the participants. Reliability and validity of data collection tools were evaluated and recommended by IT security and network experts. The qualitative and quantitative data was collected by interviewing experts and administering a questionnaire to sampled participants. The developed model was validated both statistically and by experts. The findings revealed that threats and vulnerabilities contributed to 39.9% and 69.2% respectively to the risk of the BYOD environment while Data Encryption (DE) and Software Updates (SU) came out strongly as intervening variables which have a major impact on the relationship between the dependent and independent variables.
A Smart Receptionist Implementing Facial Recognition and Voice InteractionCSCJournals
The purpose of this research is to implement a smart receptionist system with facial recognition and voice interaction using deep learning. The facial recognition component is implemented using real time image processing techniques, and it can be used to learn new faces as well as detect and recognize existing faces. The first time a customer uses this system, it will take the person’s facial data to create a unique user facial model, and this model will be triggered if the person comes the second time. The recognition is done in real time and after which voice interaction will be applied. Voice interaction is used to provide a life-like human communication and improve user experience. Our proposed smart receptionist system could be integrated into the self check-in kiosks deployed in hospitals or smart buildings to streamline the user recognition process and provide customized user interactions. This system could also be used in smart home environment where smart cameras have been deployed and voice assistants are in place.
CAPTURE THE TALENT: SECONDARY SCHOOL EDUCATION WITH CYBER SECURITY COMPETITIONSijfcstjournal
Recent advances in computing have caused cyber security to become an increasingly critical issue that
affects our everyday life. Both young and old in society are exposed to benefits and dangers that
accompany technological advance. Cyber security education is a vital part of reducing the risks associated
with cyber-threats. This is particularly important for current and future youth, who are the most
technology-literate generations. Many research studies and competitions have been undertaken around the
world to emphasize and identify the significance of cyber security as a relevant and pressing research area.
Cyber security competitions are great means of raising interest in the young generation and attracting them
to educational programmes in this area. These competitions show the need for cyber security to be taught
as a formal subject in secondary schools to enhance the effectiveness of computer science concepts in cyber
space. This paper presents an effective educational approach, justifying such competitions as a means of
introducing cyber security as a computer science subject for New Zealand secondary school students, and
also presents methods of implementation.
June 2020: Top Read Articles in Advanced Computingacijjournal
Advanced Computing: An International Journal (ACIJ) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the advanced computing. The journal focuses on all technical and practical aspects of high performance computing, green computing, pervasive computing, cloud computing etc. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding advances in computing and establishing new collaborations in these areas.
Authors are solicited to contribute to the journal by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the areas of computing.
Security in Learning Management Systems: Designing Collaborative Learning Act...eLearning Papers
Authors: Jorge Miguel Moneo, Santi Caballé, Josep Prieto-Blázquez
The field of research on information technology applications in the design of computer supported collaborative learning (CSCL) activities generates very complex scenarios which must be studied from different approaches. One approach is to consider information security, but not only from a technological point of view.
A novel secure e contents system for multi-media interchange workflows in e-l...IJCNCJournal
The goal of e-learning is to benefit from the capabilities offered by new information technology (such as
remote digital communications, multimedia, internet, cell phones, teleconferences, etc.) and to enhance the
security of several government organizations so as to take into considerations almost all the contents of elearning
such as: information content, covering most of citizens or state firms or corporations queries.
Content provides a service to provide most if not all basic and business services; content of communicative
link provides the citizen and the state agencies together all the time and provides content security for all
workers on this network to work in securely environment. Access to information as well is safeguarded. The
main objective of this research is to build a novel multi-media security system (encrypting / decrypting
system) that will enable E-learning to exchange more secured multi-media data/information.
Recapitulating the development initiatives of a robust information security s...IOSR Journals
Abstract: Most current information security systems performance vary with the nature of the filed its being
operating. With an increased emphasizes on the adoption of security tools and technologies, the anomalies and
intrusion are mostly said defined to be detected on system's algorithm, when most systems have well defined
mechanism for rapid reaction and identification of intrusions. However, despite this support for anomaly
detection, this is usually limited and often require a full recompilation of the system to deploy a comprehensive
framework of security governance, strategies and practices employing the policies in implementation.
As a result, the absence of a robust security framework securing both the education and corporate
resources has heightened the tension for a strategic information security solutions which might ends with cost,
complexities and cumbersome to develop. This paper thereby presents an alternative comprehensive system
namely RITS-B which accommodates both the nature of education and organizations without a need to for a
further modification. Implication of the proposed approach at real time depicts its suitability in the arena of
concern.
Keywords: Information Security, Governance, Strategies, Practices, Regional Cultures and Believes.
A Bring Your Own Device Risk Assessment ModelCSCJournals
Bring Your Own Device (BYOD), a technology where individuals or employees use their own devices on the organization’s network to perform tasks assigned to them by the organization has been widely embraced. The reasons for adoption are diverse in every organization. In spite of the security control strategies implemented by these organizations to safeguard their information resources, there has been an upsurge in information security breaches as a result of existing vulnerabilities in these systems and the legacy systems in use. Various approaches have been employed to deal with security challenges in BYOD, but according to literature, risk assessment has proved to be the first key step towards improving security of the BYOD environment in an enterprise. Risk assessment models have been proposed by various researchers, although, most are largely influenced by the degree of technological advancement and utilization as well as the working cultures within institutions. The existing models were largely developed in technologically advanced countries and thus do not fit well in developing countries. This study sought to develop flexible BYOD risk assessment model that can be adopted by varied institutions to secure their information resources. The study was carried out in Five (5) purposively selected state universities in Kenya. The research adopted a mixed research design approach with mixed sampling technique utilized to select the participants. Reliability and validity of data collection tools were evaluated and recommended by IT security and network experts. The qualitative and quantitative data was collected by interviewing experts and administering a questionnaire to sampled participants. The developed model was validated both statistically and by experts. The findings revealed that threats and vulnerabilities contributed to 39.9% and 69.2% respectively to the risk of the BYOD environment while Data Encryption (DE) and Software Updates (SU) came out strongly as intervening variables which have a major impact on the relationship between the dependent and independent variables.
A Smart Receptionist Implementing Facial Recognition and Voice InteractionCSCJournals
The purpose of this research is to implement a smart receptionist system with facial recognition and voice interaction using deep learning. The facial recognition component is implemented using real time image processing techniques, and it can be used to learn new faces as well as detect and recognize existing faces. The first time a customer uses this system, it will take the person’s facial data to create a unique user facial model, and this model will be triggered if the person comes the second time. The recognition is done in real time and after which voice interaction will be applied. Voice interaction is used to provide a life-like human communication and improve user experience. Our proposed smart receptionist system could be integrated into the self check-in kiosks deployed in hospitals or smart buildings to streamline the user recognition process and provide customized user interactions. This system could also be used in smart home environment where smart cameras have been deployed and voice assistants are in place.
Cybersecurity education for the next generationIBM Security
In a world of increasing information security threats, academic initiatives focused on cybersecurity are proliferating – yet, there is still the danger of falling short in addressing the long-term threat.
To avoid becoming too focused on near-term issues, academic programs must be more collaborative across their own institutions, with industry, government and among the global academic community.
Only by working in concert can we meet today’s demand while educating the next generation to create a more secure future.
Learn more about IBM Security: http://ibm.com/security
Now Refer your #College or #University to #EMC Academic Alliance, a collaboration with colleges and universities worldwide to help prepare #students for successful #careers in a transforming #ITindustry via http://bit.ly/RefertoEMCAA
Widget and Smart Devices. A Different Approach for Remote and Virtual labsUNED
A vast number of learning content and tools can be found over Internet. Currently, most of them are ad-hoc solutions which are developed for a particular learning platform or environment. New concepts, such as Widgets, Smart devices, Internet of Thing and learning Clouds, are ideas whose goals is the creation of shareable online learning scenarios over different devices and environments.
A Multimedia Data Mining Framework for Monitoring E-Examination Environmentijma
Academic dishonesty has been a growing concern in e-learning environment due to the fact that eexamination takes place under supervised and unsupervised learning environment despite its huge advantages. The e-examination environment has faced various security breaches such as academic dishonesty (impersonation), identity theft, unauthorised access and illegal assistance as a result of inefficient measures employed. Hence, an efficient framework which will aid the monitoring of the eexamination is needed. This paper reviews the process of mining multimedia data and propose a framework for monitoring the e-examination environment in order to extract images and audio features. The framework has four major phases: data pre-processing, mining, association and post processing. The
pre-processing phases carries out the extraction and transformation of multimedia data features, the mining phase does the classification and clustering of these features, the association does pattern matching while the post processing carries out the knowledge interpretation and reporting. The approach presented in this study will allow for efficient and accurate monitoring of e-examination environment which will help provide adequate security and reduce unethical behaviour in e-examination environment.
Mobile devices have been playing vital roles in modern dayeducation delivery as students can access or
download learning materials on their smartphones and tablets, they can also install educational apps and
study anytime, anywhere. The need to provide adequate security forportable devices being used for
learning cannot be underestimated. In this paper, we present a mobile security enhancement app,
designed and developedfor Android smart mobile devices in order to promote security awareness among
students. The app can alsoidentify major and the most significant security weaknesses, scan or check for
vulnerabilities in m-learning devices and report any security threat.
Mobile devices have been playing vital roles in modern dayeducation delivery as students can access or
download learning materials on their smartphones and tablets, they can also install educational apps and
study anytime, anywhere. The need to provide adequate security forportable devices being used for
learning cannot be underestimated. In this paper, we present a mobile security enhancement app,
designed and developedfor Android smart mobile devices in order to promote security awareness among
students. The app can alsoidentify major and the most significant security weaknesses, scan or check for
vulnerabilities in m-learning devices and report any security threat
A PARADIGM FOR THE APPLICATION OF CLOUD COMPUTING IN MOBILE INTELLIGENT TUTOR...IJSEA
Nowadays, with the rapid growth of cloud computing, many industries are going to move their computing
activities to clouds. Researchers of virtual learning are also looking for the ways to use clouds through
mobile platforms. This paper offers a model to accompany the benefits of “Mobile Intelligent Learning”
technology and “Cloud Computing”. The architecture of purposed system is based on multi-layer
architecture of Mobile Cloud Computing. Despite the existing challenges, the system has increased the life
of mobile device battery. It will raise working memory capacity and processing capacity of the educational
system in addition to the greater advantage of the educational system. The proposed system allows the
users to enjoy an intelligent learning every-time and every-where, reduces training costs and hardware
dependency, and increases consistency, efficiency, and data reliability.
Ikeepsafe Cyber Safety, Ethics and Security CompetenciesJohn Macasio
The schools recognize the importance of computer and Internet to support 21st century skills building. We find the Department of Education in the Philippines investing on computer and Internet in the elementary schools. But at the side we find educators commenting on the downside of technology use on the child safety and morals. The education leaders and teachers need not re-invent the wheel to define competency standards on cyber safety, ethics and security.
TAROT2013 Testing School - Antonia Bertolino presentationHenry Muccini
TAROT 2013 9th International Summer School on Training And Research On Testing, Volterra, Italy, 9-13 July, 2013
These slides summarize Paolo Tonella's presentation about "Academic developments in search based testing for the Future Internet."
The AIRCC's International Journal of Computer Science and Information Technology (IJCSIT) is devoted to fields of Computer Science and Information Systems. The IJCSIT is a open access peer-reviewed scientific journal published in electronic form as well as print form. The mission of this journal is to publish original contributions in its field in order to propagate knowledge amongst its readers and to be a reference publication.
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...AI Publications
In the current digital landscape, cybercriminals continually evolve their techniques to execute successful attacks on businesses, thus posing a great challenge to information technology (IT) professionals. While traditional cybersecurity approaches like layered defense and reactive security have helped IT professionals cope with traditional threats, they are ineffective in dealing with evolving cyberattacks. This paper focuses on the need for a proactive cybersecurity culture among IT professionals to enable them combat evolving threats. The paper emphasis that building a proactive security approach and culture can help among IT professionals anticipate, identify, and mitigate latent threats prior to them exploiting existing vulnerabilities. This paper also points out that as IT professionals use reactive security when dealing with traditional attacks, they can use it collaboratively with proactive security to effectively protect their networks, data, and systems and avoid heavy costs of dealing with cyberattack’s aftermaths and business recovery.
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organization’s assets is not enough; there is a need to consider the
human factor by raising users’ security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of users’ security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organization’s website through the process of development
life cycle.
Current Issues In Education Technology WPG Consulting .pdfmeetsolanki44
Explore the forefront of education technology with WPG Consulting. Navigate current issues, trends, and solutions shaping the educational landscape for a tech-forward future.
Cybersecurity education for the next generationIBM Security
In a world of increasing information security threats, academic initiatives focused on cybersecurity are proliferating – yet, there is still the danger of falling short in addressing the long-term threat.
To avoid becoming too focused on near-term issues, academic programs must be more collaborative across their own institutions, with industry, government and among the global academic community.
Only by working in concert can we meet today’s demand while educating the next generation to create a more secure future.
Learn more about IBM Security: http://ibm.com/security
Now Refer your #College or #University to #EMC Academic Alliance, a collaboration with colleges and universities worldwide to help prepare #students for successful #careers in a transforming #ITindustry via http://bit.ly/RefertoEMCAA
Widget and Smart Devices. A Different Approach for Remote and Virtual labsUNED
A vast number of learning content and tools can be found over Internet. Currently, most of them are ad-hoc solutions which are developed for a particular learning platform or environment. New concepts, such as Widgets, Smart devices, Internet of Thing and learning Clouds, are ideas whose goals is the creation of shareable online learning scenarios over different devices and environments.
A Multimedia Data Mining Framework for Monitoring E-Examination Environmentijma
Academic dishonesty has been a growing concern in e-learning environment due to the fact that eexamination takes place under supervised and unsupervised learning environment despite its huge advantages. The e-examination environment has faced various security breaches such as academic dishonesty (impersonation), identity theft, unauthorised access and illegal assistance as a result of inefficient measures employed. Hence, an efficient framework which will aid the monitoring of the eexamination is needed. This paper reviews the process of mining multimedia data and propose a framework for monitoring the e-examination environment in order to extract images and audio features. The framework has four major phases: data pre-processing, mining, association and post processing. The
pre-processing phases carries out the extraction and transformation of multimedia data features, the mining phase does the classification and clustering of these features, the association does pattern matching while the post processing carries out the knowledge interpretation and reporting. The approach presented in this study will allow for efficient and accurate monitoring of e-examination environment which will help provide adequate security and reduce unethical behaviour in e-examination environment.
Mobile devices have been playing vital roles in modern dayeducation delivery as students can access or
download learning materials on their smartphones and tablets, they can also install educational apps and
study anytime, anywhere. The need to provide adequate security forportable devices being used for
learning cannot be underestimated. In this paper, we present a mobile security enhancement app,
designed and developedfor Android smart mobile devices in order to promote security awareness among
students. The app can alsoidentify major and the most significant security weaknesses, scan or check for
vulnerabilities in m-learning devices and report any security threat.
Mobile devices have been playing vital roles in modern dayeducation delivery as students can access or
download learning materials on their smartphones and tablets, they can also install educational apps and
study anytime, anywhere. The need to provide adequate security forportable devices being used for
learning cannot be underestimated. In this paper, we present a mobile security enhancement app,
designed and developedfor Android smart mobile devices in order to promote security awareness among
students. The app can alsoidentify major and the most significant security weaknesses, scan or check for
vulnerabilities in m-learning devices and report any security threat
A PARADIGM FOR THE APPLICATION OF CLOUD COMPUTING IN MOBILE INTELLIGENT TUTOR...IJSEA
Nowadays, with the rapid growth of cloud computing, many industries are going to move their computing
activities to clouds. Researchers of virtual learning are also looking for the ways to use clouds through
mobile platforms. This paper offers a model to accompany the benefits of “Mobile Intelligent Learning”
technology and “Cloud Computing”. The architecture of purposed system is based on multi-layer
architecture of Mobile Cloud Computing. Despite the existing challenges, the system has increased the life
of mobile device battery. It will raise working memory capacity and processing capacity of the educational
system in addition to the greater advantage of the educational system. The proposed system allows the
users to enjoy an intelligent learning every-time and every-where, reduces training costs and hardware
dependency, and increases consistency, efficiency, and data reliability.
Ikeepsafe Cyber Safety, Ethics and Security CompetenciesJohn Macasio
The schools recognize the importance of computer and Internet to support 21st century skills building. We find the Department of Education in the Philippines investing on computer and Internet in the elementary schools. But at the side we find educators commenting on the downside of technology use on the child safety and morals. The education leaders and teachers need not re-invent the wheel to define competency standards on cyber safety, ethics and security.
TAROT2013 Testing School - Antonia Bertolino presentationHenry Muccini
TAROT 2013 9th International Summer School on Training And Research On Testing, Volterra, Italy, 9-13 July, 2013
These slides summarize Paolo Tonella's presentation about "Academic developments in search based testing for the Future Internet."
The AIRCC's International Journal of Computer Science and Information Technology (IJCSIT) is devoted to fields of Computer Science and Information Systems. The IJCSIT is a open access peer-reviewed scientific journal published in electronic form as well as print form. The mission of this journal is to publish original contributions in its field in order to propagate knowledge amongst its readers and to be a reference publication.
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...AI Publications
In the current digital landscape, cybercriminals continually evolve their techniques to execute successful attacks on businesses, thus posing a great challenge to information technology (IT) professionals. While traditional cybersecurity approaches like layered defense and reactive security have helped IT professionals cope with traditional threats, they are ineffective in dealing with evolving cyberattacks. This paper focuses on the need for a proactive cybersecurity culture among IT professionals to enable them combat evolving threats. The paper emphasis that building a proactive security approach and culture can help among IT professionals anticipate, identify, and mitigate latent threats prior to them exploiting existing vulnerabilities. This paper also points out that as IT professionals use reactive security when dealing with traditional attacks, they can use it collaboratively with proactive security to effectively protect their networks, data, and systems and avoid heavy costs of dealing with cyberattack’s aftermaths and business recovery.
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organization’s assets is not enough; there is a need to consider the
human factor by raising users’ security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of users’ security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organization’s website through the process of development
life cycle.
Current Issues In Education Technology WPG Consulting .pdfmeetsolanki44
Explore the forefront of education technology with WPG Consulting. Navigate current issues, trends, and solutions shaping the educational landscape for a tech-forward future.
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
This is the most essential programme of the year around the dangers of cybercrime and how to manage safety within the most indispensable digital sphere & technology system. The reason is that, “Looking beyond Internet of Things (IoT) to Internet of Everything there is a potential market that is approximately $14.4 trillion and over 99% of physical devices are still unconnected.” ~Mo Dawson. Your participation give you golden access to a transcending Cyberspace picture, enhanced solution oriented capabilities as an ICT expert or practitioner, Telecommunications Corporates & Companies
Personnel, Aviation ICT Officials, Other Transportation controls network hubs, Business dealer in Cyberspace services provider or supplier, Academicians and researchers, Government Departments & Public service ICT systems Officials & staff, Students, general ICT security involvement and on top of that your enhanced multidimensional scope & prosperity out of this untapped gold mine is guaranteed.
Research Paper TopicITS835 – Enterprise Risk Managemen.docxaudeleypearl
Research Paper Topic
ITS835 – Enterprise Risk Management
Dr. Jerry Alsay
University of the Cumberlands
Introduction
All research reports begin with an introduction. (1 – 2 Pages)
Background
Provide your reader with a broad base of understanding of the research topic. The goal is to give the reader an overview of the topic, and its context within the real world, research literature, and theory. (3 – 5 Pages)
Problem Statement
This section should clearly articulate how the study will relate to the current literature. This is done by describing findings from the research literature that define the gap. Should be very clear what the research problem is and why it should be solved. Provide a general/board problem and a specific problem (150 – 200 Words)
Literature Review
Using your annotated bibliography, construct a literature review. (3-5 pages)
Discussion
Provide a discussion about your specific topic findings. Using the literature, you found, how do you solve your problem? How does it affect your general/board problem?
References
Running Head: CLOUD COMPUTING AND DATA SECURITY1
Cloud Computing and Data Security
Naresh Rama
Professor Dr.Jerry Alsay
07/14/2019
Cloud Computing and Data Security
Introduction
In today's world, the movement of data is from a store that is severe and it is located centrally to the storage of cloud, services in the cloud offer the flexibility, scalability, and concerns that are proportionate that concerns the issue of security. Safety is an aspect that is important and it associated with the computing of cloud because information can be stored on the cloud by the users with the help of providers that works in the service of the cloud. In the security f data and computing of the cloud, there are some problems that are available. They include backups of data that is improper and inadequate that have caused organizations been among those that are vulnerable to threats that re-associated with security measures.
Data that is found in an organization and is stored in files that are encrypted are interfered by these threats. Problem found under these investigations is significant to this study and these show that the threats that emerge because of backups concerning data that is improper lead to an issue that is significant in the security of data in the computing cloud and also security concerning data.
The study tends to shows that security of data and computing of data leads to the provision of ways that helps in the protection of data that is private and also information that is classified away from such threats. That may include attacks in the cyber sector and losses that occur in case of disasters (Strategic Cyber Security, 2011). This study has limitations that state that assurance of security to the computing of cloud is not available and that there is no protection of data that is vital in an organization to a hundred percent.
Background
Hacke ...
CAPTURE THE TALENT: SECONDARY SCHOOL EDUCATION WITH CYBER SECURITY COMPETITIONSijfcstjournal
Recent advances in computing have caused cyber security to become an increasingly critical issue that
affects our everyday life. Both young and old in society are exposed to benefits and dangers that
accompany technological advance. Cyber security education is a vital part of reducing the risks associated
with cyber-threats. This is particularly important for current and future youth, who are the most
technology-literate generations. Many research studies and competitions have been undertaken around the
world to emphasize and identify the significance of cyber security as a relevant and pressing research area.
Cyber security competitions are great means of raising interest in the young generation and attracting them
to educational programmes in this area. These competitions show the need for cyber security to be taught
as a formal subject in secondary schools to enhance the effectiveness of computer science concepts in cyber
space. This paper presents an effective educational approach, justifying such competitions as a means of
introducing cyber security as a computer science subject for New Zealand secondary school students, and
also presents methods of implementation.
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...ssuser793b4e
This paper reviewed the implications, challenges and the effects of cybercrimes and cybersecurity in the society. It fully defined cybersecurity based on governmental and national view, industrial view and academic view. From this it was concluded that cyber security and cyber-attack is best defined and prevented based on the field of research. This paper review 27 articles on cyber security and cybercrimes and it showed that cyber security is a complex task that relies on domain knowledge and requires cognitive abilities to determine possible threats from large amounts of network data. This study investigates how knowledge in network operations and information security influence the detection of intrusions in a simple network. This research paper also reviewed different strategies used by different researchers to prevent cyber-attack in different areas of work and also exposed the most recent used cyber security attacks, preventions, future threats and prospective ways to avoid cyber-attacks
Recently, modern technologies have made a positive contribution to most institutions of the society. However, they have generated serious issues with regard to the data security. For example, in the educational sector, most educational institutions have huge amounts of various types of data, which require rigorous protection ways to ensure their security and integrity. This study aims at reviewing the most recent data security methods, particularly the existing common encryption algorithms as well as designing an electronic system based on efficient and trusted ones to protect academic and nonacademic digital data in educational institutions. The study applies the satisfaction questionnaire as instrument to evaluate the proposed system efficiency. The questionnaire has been presented to the evaluation team whose members are divided into two groups: experts and end users. The results of the evaluation process have indicated that, the satisfaction ratio of the proposed system is encouraging. The overall satisfaction percentage is 96.25%, which demonstrates that the proposed system is an acceptable and suitable choice for various security applications.
Adoption of Digital Learning Technology: An Empirical Analysis of the Determi...IJAEMSJORNAL
Technology has advanced significantly from the analogue period to the digital era. Digital Learning Technology (DLT) is a learning paradigm based on the use of ubiquitous latest technologies, by using smart devices. It can be described as a learning environment that is assisted in daily life by wireless networks, mobile, and embedded computers. It aims to offer content and interaction to students wherever they are, at any time. The learning process has advanced thanks to the technology revolution, which has also fundamentally altered how knowledge is shared and learned. At present, there exist other frameworks too, but they are centered towards different paradigms, and point of view pertaining to DLT with its emphasis on Telecommunication Sector has not been taken into consideration. As, existing frameworks are centered towards different environments hence there exists a need to add dimensions of Empowered Learner, Digital Citizen, Knowledge Curator, Innovative Designer, Computational Thinker and Creator, Communicator & Global Collaborator. These have not been integrated together in existing available research. The study will ascertain level of knowledge of DLT and examined factors which affect the adoption rate, use, and role of DLT in telecoms setups. The results of this research will help create a framework that, if used in any academic or learning setting in a technology-based firm.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4
Information Security Management in University Campus Using Cognitive Security
1. Roberto Omar Andrade, Susana Cadena, Luis Tello, Iván Ortiz, Walter Fuertes, Alyssa Cadena, Daniela
Córdova & María Fernanda Cazares
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (4) : 2019 124
Information Security Management in University Campus Using
Cognitive Security
Roberto Omar Andrade Walter Fuertes
roberto.andrade@epn.edu.ec wmfuertes@espe.edu.ec
Escuela Politécnica Nacional Universidad de las Fuerzas
Armadas ESPE
Quito, Ecuador Sangolquí, Ecuador
Susana Cadena Alyssa Cadena
scadena@uce.edu.ec akcadena@espe.edu.ec
Universidad Central del Ecuador Universidad de las Fuerzas
Armadas ESPE
Quito, Ecuador Sangolquí, Ecuador
Luis Tello-Oquendo Daniela Córdova
luis.tello@unach.edu.ec daniela.cordova@epn.edu.ec
Universidad Nacional de Chimborazo Escuela Politécnica Nacional
Riobamba, Ecuador Quito, Ecuador
Iván Ortiz Garcés María Fernanda Cazares
Ivan.ortiz@udla.edu.ec mcazares@ups.edu.ec
Universidad de las Américas Universidad Politécnica Salesiana
Quito, Ecuador Quito, Ecuador
Abstract
Nowadays, most universities offer free Internet connections, access to scientific databases, and
advanced computer networks for the members of their community, which generates dynamic and
complex scenarios. In this context, it is necessary to define proactive security strategies, as well
as the integration of technology and research. This work presents a general vision of the
experience adopted by the universities in the field of information security management using
cognitive security.
Keywords: Security Operation Center, Cognitive Security, Big Data, Incident Response Team.
1. INTRODUCTION
University faces necessary changes due to the technological disruption of the last years. The use
of information and communication technologies (ICTs) in the classroom raises new educational
models that strengthen the interactive and collaborative work between teacher and student. The
teacher can share a document with the group of students who can edit it simultaneously and
discuss its content. For doing so, there is no need to be in the same physical space; the
interaction can be performed by video-conference and email collaboration services housed in
public clouds. The teacher can validate in real-time the existence of plagiarism and send
feedback before the final grade.
On the other hand, the ability of students and teachers to access scientific bibliographic
resources from around the world allows enriching the theoretical and practical content embodied
in the classrooms. Having access to scientific databases such as Scopus, ACM, IEEE or Web of
Science has become an invaluable tool that helps understand science and technology from a
2. Roberto Omar Andrade, Susana Cadena, Luis Tello, Iván Ortiz, Walter Fuertes, Alyssa Cadena, Daniela
Córdova & María Fernanda Cazares
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (4) : 2019 125
global perspective; this fact pushes the generation of entrepreneurship and innovation in the
university.
Furthermore, access to the Internet is considered one of the most significant enablers of the
change in traditional education models [1]. The social-technological model generated by a daily
behavior against the use of technology, and the accessibility to the Internet, poses new
challenges on how to define information security strategies.
Information security management in universities should be considered as a new scenario (hyper-
connected world), where students could have two or three devices from which they access to
Internet, share workbooks through the use of groups in social networks, search for educational
resources that are geographically dispersed, and use of large audio and video files in real-time in
classrooms.
Regarding the security of information, universities face security problems in recent years, such
as:
Unauthorized access;
Denial of service attacks;
Servers with malware;
Injection of malicious code.
The adoption of technological solutions such as Big Data, Cloud, Internet of Things (IoT), and
bring your own device (BYOD), improves the services to the members of the university
community but generates more dynamic and complex scenarios that strongly impact the security
of information. This has prompted new strategies to defend cybersecurity. The security team of
the universities establishes response actions to deal with the security attacks generated from the
security personnel’s experience, and many of the times this generated knowledge is lost because
it is not documented after the resolution of an incident.
Following good security practices, the use of lessons learned to defend against new attacks is
essential to reduce response times. In this context, the idea is to propose the use of
recommender systems so that the security team can access the most appropriate response
actions to resolve a security incident based on the use of previously generated knowledge and
take advantage of the experience and collaboration between members of the security team. In
order that the recommender system is not an isolated tool, an organizational model is proposed in
which the research processes, including new technologies and incident response, take advantage
of the cognitive processes inherent to the generation of knowledge and decisions making; for
which as an enabler of the organizational model proposal we consider the application of cognitive
security.
The remainder of this work is organized as follows. Sections 2 and 3 present an analysis of the
emerging technologies and security challenges that these technologies are generating, which
implies a change to traditional security models. Section 4 presents the security organization
model proposed by the universities. Section 5 describes the contribution of establishing an
academic computer security incident response team (CSIRT) and its components are mentioned
comprehensively. Finally, Section 6 presents the conclusions with the respective contributions of
this work.
2. EMERGING TECHNOLOGIES THAT CHANGE SECURITY MODELS
Universities, under the approach of “Open University”, have considered the implementation of
technological solutions that allow providing functionalities such as access to the Internet, mobility,
interconnection with other universities in the world, high-speed access, and security that are
required by the members of the university community (i.e., teachers, students, administrative,
visitors). In Figure 1, we present the leading technologies adopted by the universities on this
matter.
3. Roberto Omar Andrade, Susana Cadena, Luis Tello, Iván Ortiz, Walter Fuertes, Alyssa Cadena, Daniela
Córdova & María Fernanda Cazares
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (4) : 2019 126
FIGURE 1: Emerging Technologies in the University.
Regarding the use of cloud solutions, it was considered bearing in mind the availability, flexibility,
and scalability characteristics of this solution. Some cloud solutions considered by the universities
are:
• Infrastructure as a Service - IAAS, to provide resources of virtual machines to teachers
and students for experimental use or, from the universities perspective, as a customer of
the service for the redundancy and contingency of institutional web portals.
• Software as a service - SAAS, to provide the use of software in the campus model for
the development of experimental work or to have collaboration tools such as
videoconferencing or email.
The adoption of the Cloud has generated the universities to ask the following questions related to
the management of security:
• How to establish user authentication to these new services outside the universities?
• How to manage the privacy of information in the Cloud?
• How to establish information backup processes in the Cloud?
BYOD is a technological model in which students bring their device to school for accessing to
ICTs resources, but new challenges were generated for the security of the information of the
universities in these scenarios, among which we can mention:
• How to establish user authentication in different technological devices?
• How to handle the traceability processes of the connections made without invading the
privacy of the user?
• How to define high redundancy and scalability schemes to support about 10 thousand
users, which on average can have at least one technological device?
• How to verify the use of antivirus before access to the data network?
In the case of IoT deployment, it should be considered that deploying this type of networks
usually means that the devices do not handle authentication processes. As a new challenge for
universities, IoT identity management schemes should be considered.
Finally, in the case of Big Data, it is necessary to understand that information is extracted from
different sources of information; then, two key factors that have become challenges for the
universities should be considered:
• Confidentiality of information;
• The integrity of the information.
4. Roberto Omar Andrade, Susana Cadena, Luis Tello, Iván Ortiz, Walter Fuertes, Alyssa Cadena, Daniela
Córdova & María Fernanda Cazares
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (4) : 2019 127
In this case, two strategies are applied:
• Use of confidentiality agreements;
• Data quality processes.
Universities have to solve daily information security problems related to attacks in order to
guarantee the availability and integrity of the ICT services that are used by the university
community. Table I presents a consolidation of the most common attacks in the universities and
their percentage [7].
TABLE 1: Most Common Attacks in Universities.
Attacks Percentage
Defacement 50
SQLi 20
DNS Poisoning 10
Account Hijacking 5
Exploit Vulnerabilities 15
Aiming at handling these attacks, security solutions such as firewalls, intrusion prevention
systems (IPSs), redundancy systems, event correlation systems, and antivirus solutions have
been strengthened in the universities. However, the adoption of new technologies has generated
new vulnerabilities and gaps that can be exploited by attackers daily, which has led to identifying
which are the new challenges that must be faced to establish new security defense strategies.
3. COGNITIVE SECURITY ORGANIZATION MODEL PROPOSAL
Our Cognitive Security Organization Model proposal considers some components to establish an
adequate process in the management of information security, which allows to face problems for
proactive defense. The organizational model includes two main components:
1) Security strategies;
2) Enablers to execute the strategies.
Figure 2 depicts the components and elements that make up the organizational information
security model currently proposed in the universities.
FIGURE 2: Cognitive Security Organization Model Proposal.
5. Roberto Omar Andrade, Susana Cadena, Luis Tello, Iván Ortiz, Walter Fuertes, Alyssa Cadena, Daniela
Córdova & María Fernanda Cazares
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (4) : 2019 128
3.1 Security Strategies
1) Security Culture: The proposed model considers that security culture is the responsibility of all
members of the university, so it establishes a strategy to generate that students, professors, and
administrative staff perceive cybersecurity from their role and perspective. For this is necessary
that students understand that the inadequate use of institutional computing resources can have
legal implications, teachers perform the proper process of managing institutional credentials to
access the different technological services and under no circumstances loan credentials because
of the implications of the modification of information especially in educational systems. At the
administrative level, it has been sought that the management of information is carried out under
the principles of confidentiality and the processes of integrity and quality of the information that is
used for the administrative processes related to the members of the university are enhanced.
2) Security Policies: The administration of information security requires the establishment of
policies that institute the appropriate behavior of each member of the university related to the
proper use of technological resources and information. In the case of the universities, the
approval of policies is carried out by the highest collegiate body, the University Council, for which
a general security policy has been approved and from this about 23 security directives have been
created. Among them we have:
• Classification and access to information;
• Security guidelines computer network;
• Guidelines for handling passwords;
• Guidelines for antivirus management;
• Guidelines for backup, protection and retrieval of information;
• The standard for the creation of user accounts.
3.2 Security Services
The following are considered as security services:
• Classification and access to information;
• Security guidelines network;
• Guidelines for handling passwords;
• Guidelines for antivirus management;
• Guidelines for backup, protection, and retrieval of information;
• The standard for the creation of user accounts.
Also, three kinds of services are identified as follows:
1) Reactive Services:
• Incident management;
• Vulnerability Management.
2) Proactive Services:
• Technological surveillance;
• Security audits or evaluations;
• Development of security tools.
3) Security Management:
• Training.
The human being is considered the weakest link in the security chain; for this reason, training the
user is one of the most critical strategies in security. In this specific issue, the universities have
not only focused on the technical training of the CSIRT team but have also considered the scope
of the different members of the university community. The content of the training focuses on good
security practices, such as phishing detection, the use of antivirus, the identification of malicious
mail, the use of strong passwords, and clean desk procedures.
4. CSIRT-UNIVERSITIES
Some organizations establish as a security strategy the creation of a security incident response
team (CSIRT), which consists of a specialized group of security experts in both the technical and
6. Roberto Omar Andrade, Susana Cadena, Luis Tello, Iván Ortiz, Walter Fuertes, Alyssa Cadena, Daniela
Córdova & María Fernanda Cazares
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (4) : 2019 129
legal fields to be able to resolve attacks that have compromised the security of information [3].
There are different types of CSIRT in the commercial, military, business, and academic fields.
Academic CSIRTs are generally established in universities, and their functioning differs from the
others since they actively promote the processes of technological observation and research to
strengthen the generation of procedures, software, and training focused on the handling of
security incidents.
Universities have set up a CSIRT aiming at having a specialized team of professionals who focus
specifically on establishing information security strategies to be adopted by the universities to
minimize the impacts and risks of attacks that affect the cybersecurity of the institution. In the
CSIRT-Universities, three macro objectives have been proposed:
• Detect, identify and technically support the university community in the handling of computer
security incidents;
• Detect and investigate computer security threats;
• Publish the results and research of the institution that are related to the management of the
CSIRT.
The following are the basic components of the CSIRT [7]:
A. Staff
In order to perform security management and incident management processes, the following
personnel is required as minimum:
• Team leader / coordinator;
• Responsible for systems and information security;
• Communication or public relations team;
• Classifier or triage;
• Incident management team - second level;
• Legal team.
B. Infrastructure
The CSIRT requires an infrastructure that allows to carry out its management processes
independently of the technology unit. This infrastructure will also allow the analysis of malicious
emails or malicious software without affecting the institutional information systems. The minimum
infrastructure required in the CSIRT is the following [5]:
• Management system for requirements;
• Incident log system;
• Servers for monitoring services and applications;
• Servers for malicious code analysis;
• Independent Internet access.
C. Training
The following training courses are defined (as a minimum) to strengthen the technical skills of the
CSIRT staff:
• Forensic analysis;
• Handling of event correlation tools;
• Penetration testing techniques;
• Information security regulations.
D. Certification
To keep the staff and processes of the CSIRT in continuous improvement, certification in FIRST
can be established as an objective. To maintain the membership, it is necessary to meet specific
requirements such as:
• Updated policies;
• Maintenance of security infrastructure;
• Periodic staff training.
7. Roberto Omar Andrade, Susana Cadena, Luis Tello, Iván Ortiz, Walter Fuertes, Alyssa Cadena, Daniela
Córdova & María Fernanda Cazares
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (4) : 2019 130
E. External relations
The operation of the CSIRT requires the establishment of external relations that allow having
alerts or security bulletins to be informed. Sometimes, it is necessary to have this additional
support to resolve security incidents that may exceed the knowledge of the CSIRT staff.
F. Research lines
The academic CSIRT must be directly related to research projects that support the improvement
of the processes and tools used when handling security incidents:
1) Institutional Encryption;
2) Institutional Antibot;
3) Botnet vulnerability analysis;
4) Analysis of institutional Malware, collection, sample, classification, and statistics;
5) Intelligent log analysis software to detect malicious traffic: Http scans, https scans;
6) Vulnerability analysis defacement;
7) Data mining and/or algorithms focused on web 2.0;
8) Automatic generation of computer security testing rooms or rooms.
5. COGNITIVE SECURITY COMPONENT
Based on the literature review, business solutions, and approaches of internationally recognized
companies in the field of technology related to cognitive security, we define cognitive security as
the ability to generate cognition for efficient decision making in real-time by the human or a
computer system. This can be done based on the perception of cybersecurity that the computer
system generates from its environment (situational-awareness) and the knowledge about itself
(self-awareness or insights), through the analysis of any type of information (structured or
unstructured) using artificial intelligence techniques (data mining, machine learning, natural
language processing, and human-computer interaction) and data analysis (big data, processes
stochastics, game theory) emulating the human thought process for continuous learning, decision
making and security analysis.
The goal of the recommender system is to provide an overview of the state of the university
cybersecurity from a cognitive approach; therefore, we consider the three phases of the cognitive
processes as illustrated in Figure 3.
FIGURE 3: Cybersecurity Cognitive Phases.
Recommender systems (RS) or decision support systems (DSS), according to Holsapple and
Clyde [6] can be classified into six frameworks: text-oriented, database-oriented, spreadsheet-
oriented, solver-oriented, rule-oriented, and compound. Hybrid DSS containing at least two of the
mentioned frameworks provide better knowledge for decision making.
Proposals for decision-making models in cybersecurity can be based on [7-12]:
• Fuzzy decision making and risk assessment;
• Ontologies-Based;
8. Roberto Omar Andrade, Susana Cadena, Luis Tello, Iván Ortiz, Walter Fuertes, Alyssa Cadena, Daniela
Córdova & María Fernanda Cazares
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (4) : 2019 131
• Hierarchical task network planning;
• Risk impact tolerance;
• Attack damage costs;
• Markov decision.
Recommender systems can be classified into four types, which are shown in Figure 4.
FIGURE 4: Recommender System Types.
In Table 2, we present the main characteristics of the recommender systems. Generally, the most
common use of the recommender systems is focused on services to consumers; therefore, it is
necessary to adapt it to the cybersecurity context. The systems based on collaboration and
content require the monitoring of user actions and collection of rankings. For doing so, it is
necessary to consider the implementation of a data warehouse and consider the privacy aspects.
TABLE 2: Recommender Systems Attributes.
Type Attribute Typical
Application
Method Data
Collaborative User-item matrix Customer purchase Pearson’s
correlation
Track user
actions Collect
ratings
Content Similarity Item Customer purchase K-nearest-
neighbor
Track user
actions Collect
ratings
Knowledge Similarity Item Customer purchase Instance-Based
Learning
Features Items
In general terms, the proposed recommender system (see Figure 5) considers the interaction with
the members of both the CSIRT of the university and the national CSIRT. It proposes a data
warehouse for the maintenance of the actions of the agents and logs of the computer systems
and allows the integration with security solutions like SIEM and firewalls.
9. Roberto Omar Andrade, Susana Cadena, Luis Tello, Iván Ortiz, Walter Fuertes, Alyssa Cadena, Daniela
Córdova & María Fernanda Cazares
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (4) : 2019 132
FIGURE 5: Cybersecurity Recommender System.
Specifically, we propose a hybrid model in order to establish an accurate situational awareness.
This recommender system is aligned with the decision phase of the OODA model and supports
the cognitive process of projection to establish the future state of the cybersecurity situation
awareness [13]. The proposed recommender system consists of three layers: modeling,
processing, and presentation. In the following, we describe each layer briefly.
A. Modeling
This layer is related to the orientation phase of the OODA model and it allows to execute the
cognitive process of comprehension. For doing so, it establishes a correlation of dependence of
different security aspects such as vulnerabilities, threats, risks, and attacks, which allows
establishing a more accurate and real situational awareness based on solid facts.
To establish the dependency matrix, we propose the use of at least the following security analysis
models:
• Vulnerability model;
• Threat model;
• Attack model;
• Impact model;
• Planning model;
• Risk model.
B. Processing
In this layer, the cybersecurity situation awareness is established; the CSIRT team can select for
different models considering the following contexts:
• Intelligence-Driven;
• Data Driven;
• Goal Driven;
• Knowledge-Driven.
C. Presentation
In this layer, the visualization for the security team is established, through visual representations
such as attack graphs, commonly detected vulnerabilities, and the recommendations with the
highest score obtained based on the observations of the different agents.
10. Roberto Omar Andrade, Susana Cadena, Luis Tello, Iván Ortiz, Walter Fuertes, Alyssa Cadena, Daniela
Córdova & María Fernanda Cazares
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (4) : 2019 133
6. CONCLUSIONS
Different emerging technologies, together with different behavioral controls, bring as a
consequence an adequate safety culture within organizations. However, higher educational
institutes depend on technical security controls and ignore the adherence of end-users to the
information security policies implemented to guarantee the security of institutional resources. The
lack of end-user training concerning security incidents and institutional security policies results in
security breaches and legitimate damage to information. Nowadays, there is a need to prepare
university employees to realize the intensity of a possible deterioration of resources in the face of
a security incident. The provision of policies and periodic monitoring can play a vital role in the
protection of resources. The basis for an effective recommender system consists of three main
components: modeling, processing, and visualization. The hybrid model permits to handle the
attribute from content, collaboration, and knowledge types. If the recommender system is based
on using the knowledge generated about security, it is possible to take advantage of the lessons
learned and establish adequate and quick response actions.
7. ACKNOWLEDGMENT
The authors would like to thank the financial support of the Ecuadorian Corporation for the
Development of Research and the Academy (RED CEDIA) in the development of this work, under
Research Team GT-II-2017.
8. REFERENCES
[1] B. Collis and M. van der Wende, “Models of technology and change in higher education:
an international comparative survey on the current and future use of ICT in higher
education”. Netherlands: Center for Higher Education Policy Studies (CHEPS), 2002.
[2] BBC News. (2019). Students blamed for college cyber-attacks. [online] Available at:
https://www.bbc.com/news/education-45496714 [Accessed 27 Jul. 2019].
[3] K. Moller, “Setting up a grid-cert: experiences of an academic CSIRT” in¨ Campus-Wide
Information Systems, vol. 24, no. 4, 2007, pp. 260–270.
[4] Tello-Oquendo, L.; Tapia, F.; Fuertes, W.; Andrade, R.; Erazo, N.; Torres, J. and Cadena,
A. (2019). A Structured Approach to Guide the Development of Incident Management
Capability for Security and Privacy. In Proceedings of the 21st International Conference on
Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-372-8, pages 328-
336. DOI: 10.5220/0007753503280336.
[5] Cadena, A., Gualoto, F., Fuertes, W., Tello-Oquendo, L., Andrade, R., Tapia, F., & Torres,
J. (2019). Metrics and Indicators of Information Security Incident Management: A
Systematic Mapping Study. Developments and Advances in Defense and Security, 507–
519. DOI:10.1007/978-981-13-9155-2_40.
[6] C. Holsapple, “DSS architecture and types”, Decis. Support Syst., vol. 1, pp. 163–189, 01
2008.
[7] S. Berenjian, M. Shajari, N. Farshid, and M. Hatamian, “Intelligent automated intrusion
response system based on fuzzy decision making and risk assessment,” in 2016 IEEE 8th
International Conference on Intelligent Systems (IS), Sept 2016, pp. 709–714.
[8] V. M. Lanchas, V. A. V. Gonzalez, and F. R. Bueno, “Ontologies-based automated
intrusion response system,” in Computational Intelligence in Security for Information
Systems 2010, 2010, pp. 99–106.
[9] C. Mu and Y. Li, “An intrusion response decision-making model based on hierarchical task
network planning,” Expert Systems with Applications, vol. 37, pp. 2465–2472, 03 2010.
11. Roberto Omar Andrade, Susana Cadena, Luis Tello, Iván Ortiz, Walter Fuertes, Alyssa Cadena, Daniela
Córdova & María Fernanda Cazares
International Journal of Computer Science and Security (IJCSS), Volume (13) : Issue (4) : 2019 134
[10] A. Shameli-Sendi and M. Dagenais, “Arito: Cyber-attack response system using accurate
risk impact tolerance,” International Journal of Information Security, vol. 13, no. 4, pp. 367–
390, Aug 2014. [Online]. Available: https://doi.org/10.1007/s10207-013-0222-9.
[11] A. Shameli-Sendi, H. Louafi, W. He, and M. Cheriet, “Dynamic optimal countermeasure
selection for intrusion response system,” IEEE Trans. on Dep. and Sec. Comp., vol. 15, no.
5, pp. 755–770, Oct 2018.
[12] S. Iannucci and S. Abdelwahed, “Model-based response planning strategies for autonomic
intrusion protection,” ACM Trans. Auton. Adapt. Syst., vol. 13, no. 1, pp. 4:1–4:23, Apr.
2018. [Online]. Available: http://doi.acm.org/10.1145/3168446.
[13] Andrade, R., Torres, J., & Flores, P. (2018). Management of information security indicators
under a cognitive security model. 2018 IEEE 8th Annual Computing and Communication
Workshop and Conference (CCWC). DOI:10.1109/ccwc.2018.8301745.