Nowadays information system has become popular used for help effectiveness and efficiency
operation on a company. Bring Your Own Device (BYOD) system is a growing trend in corporate
environment, where employees could access the system from anywhere. BYOD system is system
information development using some technology like a Virtual Private Networks (VPN) or using some
application to make the client on outside network office can access to inside networks with remote system.
The remote system has strength to help employees working anywhere and anytime, that could make some
issue for a security thing. The security issue that can be happen is unauthorized access and lost some
important of company information. XYZ company as a manufacturing company in Tangerang, Indonesia
has been used BYOD system in their company. They want to improve the security of the system with do
risk analysis, with the aim to protect the internal data. The risk analysis use Cybersecurity Framework
NIST will assist organizations to understand the risk of BYOD system. The analysist results obtained by
the use of cybersecurity analysis on BYOD system in XYZ company are found some improvement need to
develop in terms of security system recommended. According to the stages of respond with the analysis
using Cybersecurity NIST framework and ISO/IEC 27002:2013.
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXIJNSA Journal
Nowadays, use of wireless technology in organizations is a regular act, and we can see this technology erupted in all possible different areas. Related to employing wireless technology those organizations need to apply properly security level, depend on security policy which already defined. If security system applied but not required, or security system required but not provided, leads to improper security system. In this paper we have shown the way to evaluate the data significant and their appropriate security level. Here a model to evaluate the cost of data on security point of view by consideration of some parameters like sensitivity, volume, life, frequency, etc…, this research makes organizations to predict and implement or understand the cost involved for security of their data by measuring the data value. We used questionnaire and survey methodologies to collect the data; and then used SPSS and SAS program to calculate and design a model. In this way regression and BOOTSTARP help us to find accurate result.
Top cited managing information technology articlesIJMIT JOURNAL
The International Journal of Managing Information Technology (IJMIT) is a quarterly open access peer-reviewed journal that publishes articles that contribute new results in all areas of the strategic application of information technology (IT) in organizations. The journal focuses on innovative ideas and best practices in using IT to advance organizations – for-profit, non-profit, and governmental.
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...Thierry Labro
1. The survey found that the number of personal mobile devices connecting to corporate networks continues to grow significantly, with 75% of companies now allowing personal devices on networks, up from 67% in 2013.
2. IT and security professionals expect that the rise in mobile devices will lead to more mobile security incidents, with 82% anticipating increased incidents in the coming year. The costs of remediating incidents is also increasing.
3. Employee behavior is seen as a major factor in mobile security risks, with most respondents saying careless employees pose a greater threat than cybercriminals and that employee actions likely enabled recent high-profile breaches.
Mobile Security Trends in the WorkplaceBlueboxer2014
Mobile security is a top priority for IT professionals in 2014 according to a survey. By 2020, 80% of access to enterprises will be via mobile devices. While 90% of employees use personal devices for work, less than half of organizations have mobile security policies. The majority of IT professionals see securing mobile data as important but only 13% feel their current solutions effectively do so. There is also a disconnect between BYOD policies and employee awareness and compliance, creating risks of unintended data leakage. [/SUMMARY]
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaJim Kaplan CIA CFE
A presentation for the 2014 TeamMate User Conference as a guide for auditors on bring your own device and mobile device management – an important and timely topic for auditors in all organizations.
The rise in IT spending is fueling the increased adoption of the bring-your-own-device (BYOD) culture in the region, and given its inherent advantages for employees and employers, BYOD adoption is bound to grow further in the coming years.
However, BYOD adoption is accompanied by IT security risks arising out of lack of awareness about device security among employees. The situation is compounded by insufficient network resources and the lack of formal BYOD policies at organizations to manage security risks emanating from use of personal devices on official servers and networks.
CIOs in the region need to respond by preparing IT networks and formulating a BYOD policies, which are designed to manage this increased demand for BYOD and mobile diversity in the region.
This document summarizes a research paper that proposes a phishing detector plugin called PHISCAN that uses machine learning to detect phishing websites. The plugin is developed for the Chrome browser using JavaScript and HTML. It extracts features from URLs to train classifiers like random forest that can accurately classify URLs as phishing or benign in less than a second while maintaining user privacy. The paper conducts a literature review of existing phishing detection systems and techniques using blacklists, heuristics, or machine learning. It motivates the need for the proposed plugin by discussing the increasing prevalence and sophistication of phishing attacks.
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXIJNSA Journal
Nowadays, use of wireless technology in organizations is a regular act, and we can see this technology erupted in all possible different areas. Related to employing wireless technology those organizations need to apply properly security level, depend on security policy which already defined. If security system applied but not required, or security system required but not provided, leads to improper security system. In this paper we have shown the way to evaluate the data significant and their appropriate security level. Here a model to evaluate the cost of data on security point of view by consideration of some parameters like sensitivity, volume, life, frequency, etc…, this research makes organizations to predict and implement or understand the cost involved for security of their data by measuring the data value. We used questionnaire and survey methodologies to collect the data; and then used SPSS and SAS program to calculate and design a model. In this way regression and BOOTSTARP help us to find accurate result.
Top cited managing information technology articlesIJMIT JOURNAL
The International Journal of Managing Information Technology (IJMIT) is a quarterly open access peer-reviewed journal that publishes articles that contribute new results in all areas of the strategic application of information technology (IT) in organizations. The journal focuses on innovative ideas and best practices in using IT to advance organizations – for-profit, non-profit, and governmental.
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...Thierry Labro
1. The survey found that the number of personal mobile devices connecting to corporate networks continues to grow significantly, with 75% of companies now allowing personal devices on networks, up from 67% in 2013.
2. IT and security professionals expect that the rise in mobile devices will lead to more mobile security incidents, with 82% anticipating increased incidents in the coming year. The costs of remediating incidents is also increasing.
3. Employee behavior is seen as a major factor in mobile security risks, with most respondents saying careless employees pose a greater threat than cybercriminals and that employee actions likely enabled recent high-profile breaches.
Mobile Security Trends in the WorkplaceBlueboxer2014
Mobile security is a top priority for IT professionals in 2014 according to a survey. By 2020, 80% of access to enterprises will be via mobile devices. While 90% of employees use personal devices for work, less than half of organizations have mobile security policies. The majority of IT professionals see securing mobile data as important but only 13% feel their current solutions effectively do so. There is also a disconnect between BYOD policies and employee awareness and compliance, creating risks of unintended data leakage. [/SUMMARY]
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaJim Kaplan CIA CFE
A presentation for the 2014 TeamMate User Conference as a guide for auditors on bring your own device and mobile device management – an important and timely topic for auditors in all organizations.
The rise in IT spending is fueling the increased adoption of the bring-your-own-device (BYOD) culture in the region, and given its inherent advantages for employees and employers, BYOD adoption is bound to grow further in the coming years.
However, BYOD adoption is accompanied by IT security risks arising out of lack of awareness about device security among employees. The situation is compounded by insufficient network resources and the lack of formal BYOD policies at organizations to manage security risks emanating from use of personal devices on official servers and networks.
CIOs in the region need to respond by preparing IT networks and formulating a BYOD policies, which are designed to manage this increased demand for BYOD and mobile diversity in the region.
This document summarizes a research paper that proposes a phishing detector plugin called PHISCAN that uses machine learning to detect phishing websites. The plugin is developed for the Chrome browser using JavaScript and HTML. It extracts features from URLs to train classifiers like random forest that can accurately classify URLs as phishing or benign in less than a second while maintaining user privacy. The paper conducts a literature review of existing phishing detection systems and techniques using blacklists, heuristics, or machine learning. It motivates the need for the proposed plugin by discussing the increasing prevalence and sophistication of phishing attacks.
The document discusses how internet technology has revolutionized organizations. It has allowed for virtual meetings, remote work, and social media networking, improving communication and marketing. Data storage and analysis has also been improved. However, increased internet usage opens organizations to cyber threats from hackers. As a result, organizations must implement security strategies like training cybersecurity teams, restricting access to confidential data, and using software to prevent hacking and data theft. Proper security measures are needed to protect the organization while harnessing the benefits of new technologies.
This document describes a proposed mobile application to allow users to easily report public issues and complaints. The application would allow users to submit complaints on issues like broken infrastructure, improper public services, and other community problems. Complaints submitted through the app would be routed to the relevant authorities and departments. The status of complaints could be tracked, and complaints would be escalated if no action was taken within a set time period. The goal is to create a more efficient system for citizens to report issues and have them addressed in a timely manner. The document outlines the proposed modules, architecture, and functionality of the mobile app.
A Bring Your Own Device Risk Assessment ModelCSCJournals
Bring Your Own Device (BYOD), a technology where individuals or employees use their own devices on the organization’s network to perform tasks assigned to them by the organization has been widely embraced. The reasons for adoption are diverse in every organization. In spite of the security control strategies implemented by these organizations to safeguard their information resources, there has been an upsurge in information security breaches as a result of existing vulnerabilities in these systems and the legacy systems in use. Various approaches have been employed to deal with security challenges in BYOD, but according to literature, risk assessment has proved to be the first key step towards improving security of the BYOD environment in an enterprise. Risk assessment models have been proposed by various researchers, although, most are largely influenced by the degree of technological advancement and utilization as well as the working cultures within institutions. The existing models were largely developed in technologically advanced countries and thus do not fit well in developing countries. This study sought to develop flexible BYOD risk assessment model that can be adopted by varied institutions to secure their information resources. The study was carried out in Five (5) purposively selected state universities in Kenya. The research adopted a mixed research design approach with mixed sampling technique utilized to select the participants. Reliability and validity of data collection tools were evaluated and recommended by IT security and network experts. The qualitative and quantitative data was collected by interviewing experts and administering a questionnaire to sampled participants. The developed model was validated both statistically and by experts. The findings revealed that threats and vulnerabilities contributed to 39.9% and 69.2% respectively to the risk of the BYOD environment while Data Encryption (DE) and Software Updates (SU) came out strongly as intervening variables which have a major impact on the relationship between the dependent and independent variables.
Mobile devices present new challenges for backing up data as more employees use their personal smartphones and tablets for work. IT needs to implement a smart mix of policies, cloud services, and mobile device management to address these challenges. Specifically, the policy should clearly define the company's requirements for accessing corporate data on personal devices and clarify IT's responsibilities for backing up corporate versus personal data. The cloud can help with backups, but full device backups are difficult due to limitations of mobile operating systems.
Osterman Research conducted two surveys in February and March 2013 focused on Bring Your Own Device (BYOD) issues in small, mid-sized and large organizations, primarily in North America.
2010 survey on information security businessHai Nguyen
The document discusses information security policies, infrastructures, and measures taken by Korean businesses. It finds that about 25% of businesses have established official information security policies and guidelines for employees. Most businesses recognize computer criminals as the largest security threat. Over 60% of management and employees view information security as important. However, only 18% of businesses provide information security training for employees. The most common training is on basic security for general staff.
A Smart Receptionist Implementing Facial Recognition and Voice InteractionCSCJournals
The purpose of this research is to implement a smart receptionist system with facial recognition and voice interaction using deep learning. The facial recognition component is implemented using real time image processing techniques, and it can be used to learn new faces as well as detect and recognize existing faces. The first time a customer uses this system, it will take the person’s facial data to create a unique user facial model, and this model will be triggered if the person comes the second time. The recognition is done in real time and after which voice interaction will be applied. Voice interaction is used to provide a life-like human communication and improve user experience. Our proposed smart receptionist system could be integrated into the self check-in kiosks deployed in hospitals or smart buildings to streamline the user recognition process and provide customized user interactions. This system could also be used in smart home environment where smart cameras have been deployed and voice assistants are in place.
The document discusses the consumerization of information technology in enterprises. It notes that trends originating in consumer technologies like social media and mobile devices are increasingly being used in the workplace. This blurs the lines between work and personal technologies and devices. It poses security challenges as employees use their own smartphones and tablets for work. The document recommends that enterprises establish policies and protocols to securely manage the use of consumer devices and platforms at work. It also suggests implementing data loss prevention programs to mitigate the risks to confidential data and intellectual property from the consumerization of IT.
White Paper: Balance Between Embedded Operating System Security Features and ...Samsung Biz Mobile
Android smartphones and tablets are used extensively for business purposes. Many of these devices are accessing sensitive company information that must be protected. Read this white paper to understand how additional hardware/software based protection can help you protect your business.
IRJET- Two Way Authentication for Banking SystemsIRJET Journal
This document presents a proposed two-factor authentication system for banking using QR codes and mobile phones. The system aims to improve security over traditional username and password authentication. It would generate a unique QR code for each login attempt, encoding a random string along with user details like their IMEI number. Users would scan the QR code with their registered mobile phone, with the phone number and IMEI number validating their identity. If the network is available, the encoded string would automatically login the user. Otherwise, a one-time password would be displayed to manually enter. The system seeks to establish a secure authentication method using mobile phones as trusted devices to both display login QR codes and verify user identities.
This survey was conducted from July 28-30, 2014 with 82 respondents involved in purchasing or managing mobile device security at their organizations. Key findings include: three of five organizations allow personal devices but only support them sometimes; lost/stolen devices caused one third of data compromises; and passwords, remote wipes, and encryption are security solutions a majority plan to use in the next year. Most organizations are only somewhat confident current measures can prevent issues and over half plan to tighten BYOD policies.
Employee record for admin application using android smartphoneIRJET Journal
This document describes an employee monitoring system that uses Android smartphones. The system allows managers to monitor employee phone use, including calls, messages, location via GPS. It stores call logs, messages, and location updates on a centralized server. Managers can log into the server to view employee phone activity details. The system is designed to help managers screen employees and avoid misuse of company phones. It uses Android phones for employees and sends alerts to managers via SMS. The literature review discusses previous research on similar employee monitoring systems using Android phones and GPS tracking of employees.
IRJET- Design and Implementation of an Intelligent Biometric Attendance S...IRJET Journal
This document proposes the design and implementation of an intelligent biometric attendance system using IoT. The system uses fingerprint authentication with an Arduino Uno microcontroller connected to a fingerprint sensor and other components. When attendance is approved by the fingerprint sensor, it is sent to a website where it can be viewed in various ways, such as by date to see who was present on a particular date, or by student ID to view an individual student's attendance percentage and records. The system aims to provide a more efficient and accurate alternative to traditional paper-based attendance methods.
IRJET- Sniffer for Tracking Lost MobileIRJET Journal
This document describes a proposed system called a "sniffer" to track lost mobile phones. The sniffer would act as a base station using sniffer technology. It would include a sniffer base station to maintain frequency, a unidirectional antenna to transmit and receive signals at the desired frequency, and tracking software. The tracking software would input the IMEI number of the lost phone from its RAM and check for response signals from the phone. If a response signal is received, the location of the lost phone could be determined. The document discusses the design of the sniffer base station, antenna, and software to implement this tracking system using the phone's unique IMEI number.
This summary provides an overview of a document that examines electronic health records (EHR) information security dynamics for EHR projects using service-oriented architecture (SOA). The document discusses how SOA solutions can increase interoperability but also complexity of security aspects for distributed EHR systems. It presents frameworks like IHE ATNA and BPPC that provide security standards. The document aims to adapt Forrester's market growth model using system dynamics to analyze policy changes and feedback effects for EHR projects. It discusses factors in an SOA security model like organizational maturity, costs, risks and quality. The modeling aims to help understand complex dynamics and reduce decision-making complexity in EHR security management.
The rapid adoption of mobility in healthcare is on rise, with the explosion of mobility in health-related services and applications on mobile devices has made it easy for timely delivery and the global health trends and relevant government policies can be characterized by a shift towards care in the community and at home, as well as the greater reliance upon shared responsibility and greater self-management by the patient themselves.
IRJET- Biometric Attendance Management System using Raspberry PiIRJET Journal
This document summarizes a biometric attendance management system that uses Raspberry Pi. The system uses two modules - fingerprint and facial recognition - to uniquely record student attendance. Fingerprint data is stored and matched using an optical fingerprint reader connected to Raspberry Pi. Facial recognition uses the PiCamera module and implements LBPH face recognition to detect and recognize faces from a pre-registered dataset. Recorded attendance data is sent to a Firebase real-time database using Python. This allows attendance data to be retrieved and customized reports to be generated from a web application. The system aims to provide a fully functional backup method for recording attendance compared to other existing biometric systems.
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...IRJET Journal
The document discusses the benefits and risks of cloud-based services for the healthcare system. It begins by introducing how cloud computing has impacted various sectors including healthcare by enabling storage of large amounts of patient data and easy access. It then categorizes existing cloud applications and services used in healthcare. The document also analyzes security and privacy risks of cloud-based healthcare services and compares the risks of secure vs insecure cloud systems. It proposes that adopting cloud services in healthcare requires addressing security issues.
The document discusses how internet technology has revolutionized organizations. It has allowed for virtual meetings, remote work, and social media networking, improving communication and marketing. Data storage and analysis has also been improved. However, increased internet usage opens organizations to cyber threats from hackers. As a result, organizations must implement security strategies like training cybersecurity teams, restricting access to confidential data, and using software to prevent hacking and data theft. Proper security measures are needed to protect the organization while harnessing the benefits of new technologies.
This document describes a proposed mobile application to allow users to easily report public issues and complaints. The application would allow users to submit complaints on issues like broken infrastructure, improper public services, and other community problems. Complaints submitted through the app would be routed to the relevant authorities and departments. The status of complaints could be tracked, and complaints would be escalated if no action was taken within a set time period. The goal is to create a more efficient system for citizens to report issues and have them addressed in a timely manner. The document outlines the proposed modules, architecture, and functionality of the mobile app.
A Bring Your Own Device Risk Assessment ModelCSCJournals
Bring Your Own Device (BYOD), a technology where individuals or employees use their own devices on the organization’s network to perform tasks assigned to them by the organization has been widely embraced. The reasons for adoption are diverse in every organization. In spite of the security control strategies implemented by these organizations to safeguard their information resources, there has been an upsurge in information security breaches as a result of existing vulnerabilities in these systems and the legacy systems in use. Various approaches have been employed to deal with security challenges in BYOD, but according to literature, risk assessment has proved to be the first key step towards improving security of the BYOD environment in an enterprise. Risk assessment models have been proposed by various researchers, although, most are largely influenced by the degree of technological advancement and utilization as well as the working cultures within institutions. The existing models were largely developed in technologically advanced countries and thus do not fit well in developing countries. This study sought to develop flexible BYOD risk assessment model that can be adopted by varied institutions to secure their information resources. The study was carried out in Five (5) purposively selected state universities in Kenya. The research adopted a mixed research design approach with mixed sampling technique utilized to select the participants. Reliability and validity of data collection tools were evaluated and recommended by IT security and network experts. The qualitative and quantitative data was collected by interviewing experts and administering a questionnaire to sampled participants. The developed model was validated both statistically and by experts. The findings revealed that threats and vulnerabilities contributed to 39.9% and 69.2% respectively to the risk of the BYOD environment while Data Encryption (DE) and Software Updates (SU) came out strongly as intervening variables which have a major impact on the relationship between the dependent and independent variables.
Mobile devices present new challenges for backing up data as more employees use their personal smartphones and tablets for work. IT needs to implement a smart mix of policies, cloud services, and mobile device management to address these challenges. Specifically, the policy should clearly define the company's requirements for accessing corporate data on personal devices and clarify IT's responsibilities for backing up corporate versus personal data. The cloud can help with backups, but full device backups are difficult due to limitations of mobile operating systems.
Osterman Research conducted two surveys in February and March 2013 focused on Bring Your Own Device (BYOD) issues in small, mid-sized and large organizations, primarily in North America.
2010 survey on information security businessHai Nguyen
The document discusses information security policies, infrastructures, and measures taken by Korean businesses. It finds that about 25% of businesses have established official information security policies and guidelines for employees. Most businesses recognize computer criminals as the largest security threat. Over 60% of management and employees view information security as important. However, only 18% of businesses provide information security training for employees. The most common training is on basic security for general staff.
A Smart Receptionist Implementing Facial Recognition and Voice InteractionCSCJournals
The purpose of this research is to implement a smart receptionist system with facial recognition and voice interaction using deep learning. The facial recognition component is implemented using real time image processing techniques, and it can be used to learn new faces as well as detect and recognize existing faces. The first time a customer uses this system, it will take the person’s facial data to create a unique user facial model, and this model will be triggered if the person comes the second time. The recognition is done in real time and after which voice interaction will be applied. Voice interaction is used to provide a life-like human communication and improve user experience. Our proposed smart receptionist system could be integrated into the self check-in kiosks deployed in hospitals or smart buildings to streamline the user recognition process and provide customized user interactions. This system could also be used in smart home environment where smart cameras have been deployed and voice assistants are in place.
The document discusses the consumerization of information technology in enterprises. It notes that trends originating in consumer technologies like social media and mobile devices are increasingly being used in the workplace. This blurs the lines between work and personal technologies and devices. It poses security challenges as employees use their own smartphones and tablets for work. The document recommends that enterprises establish policies and protocols to securely manage the use of consumer devices and platforms at work. It also suggests implementing data loss prevention programs to mitigate the risks to confidential data and intellectual property from the consumerization of IT.
White Paper: Balance Between Embedded Operating System Security Features and ...Samsung Biz Mobile
Android smartphones and tablets are used extensively for business purposes. Many of these devices are accessing sensitive company information that must be protected. Read this white paper to understand how additional hardware/software based protection can help you protect your business.
IRJET- Two Way Authentication for Banking SystemsIRJET Journal
This document presents a proposed two-factor authentication system for banking using QR codes and mobile phones. The system aims to improve security over traditional username and password authentication. It would generate a unique QR code for each login attempt, encoding a random string along with user details like their IMEI number. Users would scan the QR code with their registered mobile phone, with the phone number and IMEI number validating their identity. If the network is available, the encoded string would automatically login the user. Otherwise, a one-time password would be displayed to manually enter. The system seeks to establish a secure authentication method using mobile phones as trusted devices to both display login QR codes and verify user identities.
This survey was conducted from July 28-30, 2014 with 82 respondents involved in purchasing or managing mobile device security at their organizations. Key findings include: three of five organizations allow personal devices but only support them sometimes; lost/stolen devices caused one third of data compromises; and passwords, remote wipes, and encryption are security solutions a majority plan to use in the next year. Most organizations are only somewhat confident current measures can prevent issues and over half plan to tighten BYOD policies.
Employee record for admin application using android smartphoneIRJET Journal
This document describes an employee monitoring system that uses Android smartphones. The system allows managers to monitor employee phone use, including calls, messages, location via GPS. It stores call logs, messages, and location updates on a centralized server. Managers can log into the server to view employee phone activity details. The system is designed to help managers screen employees and avoid misuse of company phones. It uses Android phones for employees and sends alerts to managers via SMS. The literature review discusses previous research on similar employee monitoring systems using Android phones and GPS tracking of employees.
IRJET- Design and Implementation of an Intelligent Biometric Attendance S...IRJET Journal
This document proposes the design and implementation of an intelligent biometric attendance system using IoT. The system uses fingerprint authentication with an Arduino Uno microcontroller connected to a fingerprint sensor and other components. When attendance is approved by the fingerprint sensor, it is sent to a website where it can be viewed in various ways, such as by date to see who was present on a particular date, or by student ID to view an individual student's attendance percentage and records. The system aims to provide a more efficient and accurate alternative to traditional paper-based attendance methods.
IRJET- Sniffer for Tracking Lost MobileIRJET Journal
This document describes a proposed system called a "sniffer" to track lost mobile phones. The sniffer would act as a base station using sniffer technology. It would include a sniffer base station to maintain frequency, a unidirectional antenna to transmit and receive signals at the desired frequency, and tracking software. The tracking software would input the IMEI number of the lost phone from its RAM and check for response signals from the phone. If a response signal is received, the location of the lost phone could be determined. The document discusses the design of the sniffer base station, antenna, and software to implement this tracking system using the phone's unique IMEI number.
This summary provides an overview of a document that examines electronic health records (EHR) information security dynamics for EHR projects using service-oriented architecture (SOA). The document discusses how SOA solutions can increase interoperability but also complexity of security aspects for distributed EHR systems. It presents frameworks like IHE ATNA and BPPC that provide security standards. The document aims to adapt Forrester's market growth model using system dynamics to analyze policy changes and feedback effects for EHR projects. It discusses factors in an SOA security model like organizational maturity, costs, risks and quality. The modeling aims to help understand complex dynamics and reduce decision-making complexity in EHR security management.
The rapid adoption of mobility in healthcare is on rise, with the explosion of mobility in health-related services and applications on mobile devices has made it easy for timely delivery and the global health trends and relevant government policies can be characterized by a shift towards care in the community and at home, as well as the greater reliance upon shared responsibility and greater self-management by the patient themselves.
IRJET- Biometric Attendance Management System using Raspberry PiIRJET Journal
This document summarizes a biometric attendance management system that uses Raspberry Pi. The system uses two modules - fingerprint and facial recognition - to uniquely record student attendance. Fingerprint data is stored and matched using an optical fingerprint reader connected to Raspberry Pi. Facial recognition uses the PiCamera module and implements LBPH face recognition to detect and recognize faces from a pre-registered dataset. Recorded attendance data is sent to a Firebase real-time database using Python. This allows attendance data to be retrieved and customized reports to be generated from a web application. The system aims to provide a fully functional backup method for recording attendance compared to other existing biometric systems.
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...IRJET Journal
The document discusses the benefits and risks of cloud-based services for the healthcare system. It begins by introducing how cloud computing has impacted various sectors including healthcare by enabling storage of large amounts of patient data and easy access. It then categorizes existing cloud applications and services used in healthcare. The document also analyzes security and privacy risks of cloud-based healthcare services and compares the risks of secure vs insecure cloud systems. It proposes that adopting cloud services in healthcare requires addressing security issues.
DIFFERENCES OF CLOUD-BASED SERVICES AND THEIR SAFETY RENEWAL IN THE HEALTH CA...IRJET Journal
The document discusses the benefits and risks of cloud-based services for healthcare systems. It begins by outlining how cloud computing has enabled new diagnostic technologies and easy access to patient data. However, it also notes security and privacy risks, such as data breaches and unauthorized access. The document then reviews existing literature on revolutionary impacts of cloud solutions, predictive threat analysis using big data, and risk analysis of cloud models. It proposes a methodology for categorizing cloud benefits and risks to help healthcare workers and IT professionals. The methodology aims to securely manage data exchange while addressing challenges like cyberattacks and lack of technical knowledge.
1
Running Header: ORGANIZATIONAL SECURITY
4
ORGANIZATIONAL SECURITY
ORGANIZATIONAL SECURITY
Student’s Name
Tutor’s Name
Course Title
Date
Introduction
The security of the world is currently increasing in a simultaneous manner. Many countries all around the world try harder to cater to its citizens despite having huge numbers of citizens. Business is the core factor that gives out people a way to a better life. Organizations have emerged and that they all try as much as possible to be successful, despite having many challenges in the market square. The exchange of goods and services is the main core issue that led to the emergence of business globally. In general terms there are different products that are produced all around the world, researchers have proven that for the business to be rated in a successful level the security status of the business must also be considered. Security generally protects the product and services of the organization. It is very important to keep the security of the of the company high, this is based on the fact that all the product and services produced by the company will be secured from competitors and the ill motive individuals who might want to bring down the business. Employers and employees are the ones who are responsible for keeping the security in an organization to be at a high level.
Background information
In today’s world, everything that is tangible is always stored in a digital form. When the business lacks a form to defend its digital assets generally the business is lost, thus the potential loss of the business will grow bigger every day. (Gupta, Rees, Chaturvedi & Chi, 2006) The need of having legal security in the organization literally existed ever since the introduction of the first computer in the business environment. Recently the paradigm has greatly shifted over the years, nevertheless from the client-server systems and terminal server mainframe systems.
Despite the security system being very important, in many terms it has not always been set aside to be critical in organizational success. With the existence of the mainframe system being in the place, many organizations manage to protect their own systems from the abuse of the resources, for instances having unauthorized user gaining access to the organizational system and also the act of authorized user hogging company’s resources. Such types of abuse were considered to be more damaging based on the fact that the system had a higher cost during the early mainframes days. As time goes by, the technology techniques developed and increased to some level, hence the cost of the systems resources decreases, this issue apparently becomes less important to the business environment. (Gupta, Rees, Chaturvedi & Chi, 2006)The evolving act of having remote access outside the organizational networks was also considered to be non-existence. Furthermore, only the underground community had higher tools and knowledge that is rightfully needed.
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organization’s assets is not enough; there is a need to consider the
human factor by raising users’ security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of users’ security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organization’s website through the process of development
life cycle.
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...IRJET Journal
This document discusses the importance of cybersecurity awareness training for organizations and proposes an effective training model. It analyzes how artificial intelligence (AI) can enhance security awareness programs. Specifically, it examines the Technology Acceptance Model (TAM) and how AI-enabled tools like the viCyber system can help design training based on the National Initiative for Cybersecurity Education (NICE) framework. The study concludes that regular, comprehensive security awareness training is critical to address the human factors that can weaken an organization's cyber defenses. AI tools show promise in developing trainings but require further evaluation of their usability and reliability.
MEASURING TECHNOLOGICAL, ORGANIZATIONAL AND ENVIRONMENTAL FACTORS INFLUENCING...csandit
This document summarizes a research study that examined factors influencing the adoption intentions of public cloud computing among private sector firms. The study used a proposed integrated model to analyze technological, organizational, and environmental factors. A survey of IT decision makers at 40 firms across various industries received 122 responses. The results found that compatibility, cost savings, trialability, and external support were the most influential factors in adoption intentions. The study provides recommendations to help increase cloud adoption rates among firms and improve cloud services.
Attacks on the enterprise are getting increasingly sophisticated. Current solutions available do not seem to be adequate given the innovativeness, precision and persistence of these attacks in different forms and of different dimensions. Organisations thus want to increase the sophistication of their employees and also of the solutions to be deployed given this backdrop.
Leading businesses are stretching their boundaries and creating the fabric that connects customers, services and devices through the IoT. Security implications emerge that should be proactively addressed by enterprises looking to operate in the broad digital ecosystem and the “We Economy.”
Proposed T-Model to cover 4S quality metrics based on empirical study of root...IJECEIAES
There are various root causes of software failures. Few years ago, software used to fail mainly due to functionality related bugs. That used to happen due to requirement misunderstanding, code issues and lack of functional testing. A lot of work has been done in past on this and software engineering has matured over time, due to which software’s hardly fail due to functionality related bugs. To understand the most recent failures, we had to understand the recent software development methodologies and technologies. In this paper we have discussed background of technologies and testing progression over time. A survey of more than 50 senior IT professionals was done to understand root cause of their software project failures. It was found that most of the softwares fail due to lack of testing of non-functional parameters these days. A lot of research was also done to find most recent and most severe software failures. Our study reveals that main reason of software failures these days is lack of testing of non-functional requirements. Security and Performance parameters mainly constitute non-functional requirements of software. It has become more challenging these days due to lots of development in the field of new technologies like Internet of things (IoT), Cloud of things (CoT), Artificial Intelligence, Machine learning, robotics and excessive use of mobile and technology in everything by masses. Finally, we proposed a software development model called as T-model to ensure breadth and depth of software is considered while designing and testing of software.
Is ‘Enterprise Mobility’ The Way Forward For Enterprises? Part I: Findings an...IJERA Editor
Attracted by the benefits offered by mobility technologies directly relating to cost savings and improved productivity, enterprises are keen to adopt BYOD models; however, without proper feasibility studies and mobility policies in place, BYOD will not be able to generate the desired results. The commercialization of technology or BYOD is rapidly transforming the enterprise mobility landscape and changing the way that organizations conduct business. However, the adoption of this concept enables enterprises to devise stringent and precise mobility policies to avoid any security and privacy issues.
Running head INTERNET OF THINGS1INTERNET OF THINGS10.docxcowinhelen
Running head: INTERNET OF THINGS1
INTERNET OF THINGS10
Internet of Things
Ideation Process
Innovation technology is mainly concerned with the introduction of a new idea into the market. Any basic innovation technology has an ideation process as its basis. Ideation becomes the most basic step. During this stage, a thought is generated. From this thought, an idea is analyzed and provided. The analysis process is done purposefully to determine the feasibility of the implementation of the developed idea. Analysis also establishes the market demand of the idea that has been developed. It determines the possible profit, and this such of an idea would bring to the organization upon its implementation. This explanation will be discussed on the aspect of a new technology known as Internet of Things, which was designed with a main reason of providing internet faculties to all locations on the surface of the earth on each scale.
When an analysis has been completed, what follows afterwards is the aspect of idea implementation. Implementation of the idea is always followed by the testing of the idea (Gubbi et al., 2013). Here, the idea is tested for its validity to be established. The validity here is trying to answer the question of whether the idea is trying to answer the problem that led to its establishment and implementation. Validity also gives the corrections and accuracy on the assessment of the set system. In case the assessment gives the right thing that the set idea was meant to provide, then the idea is valued and worth to be used in the market. If a contrary occurs, then it becomes advisable for the idea to be scripted. Every system needs to pass the validity test for it to be reliable, although some experts argues that not all valid systems are reliable.
Alternative
Solution
s
Most cases of the idealization process require alternatives to limit any possible risk or loss. Sometimes, it is evident that the innovative idea may bring some critical challenges in the implementation process. Some aspects that should be considered in the process include budget, and other critical resources that are required in the implementation process. For instance, the IoT can be used to supply internet connectivity in case the other alternative fails or vice versa. It is recommended that any form of learning and research should be done to control any possible discrepancies in the IoT technology. Any other technology can be implemented if it depicts the same functionality as the one described by the IoT.
Overview
The IoT refers to ever-growing technology that provides IP addresses to all objects and substances that one may imagine associating with. The assigned objects can promote communication amongst themselves. This technology tries to improve communication among individuals on a large scale by using the internet. The data grouping as well as digitizing the concept of IoT, calls for construction of four c ...
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...IRJET Journal
1. The document discusses the implementation of a machine learning-based security system for office premises using user authentication.
2. The proposed system uses four-step security including login credentials, one-time passwords, and face recognition to authenticate users and restrict unauthorized access, while also featuring auto-saving of data to servers and automatic logouts.
3. The system aims to provide strong security, integrity, and confidentiality of data by making unauthorized access more difficult through multi-factor authentication barriers.
The document discusses the consumerization of information technology in enterprises. It notes that trends originating in consumer technologies like social media and mobile devices are increasingly being used in the workplace. This blurs the lines between work and personal technologies and devices. It poses security challenges as employees use their own smartphones and tablets for work. The document recommends that enterprises establish policies and protocols to securely manage the use of consumer devices and platforms at work. It also suggests implementing data loss prevention programs to mitigate the risks to confidential data and intellectual property from the consumerization of IT.
Handheld Devices & BYOD: Are Enterprises There Yet? - Management Information ...Vishrut Shukla
This document provides a summary of a term paper on handheld devices and BYOD (Bring Your Own Device) adoption in enterprises. It discusses drivers of BYOD such as increased use of mobile devices and collaborative applications. Executives at Cisco were interviewed and noted that BYOD can boost productivity but challenges include security issues and changing employee behaviors. The document also analyzes factors fueling BYOD adoption such as the overlap of work and personal tasks on mobile devices. However, BYOD implementation presents security and policy challenges for IT that companies are working to address.
CONTRIBUTION TO SECURING BYOD SYSTEMS IN FINANCIAL AUTHORITIES AND PUBLIC ADM...ijmvsc
The growth of digital tools, such as mobile phones, computers, and tablets, and the advent of new
information and communication technologies have generated new phenomena in terms of communication
capacity and data processing. This phenomenon is called BYOD, which stands for Bring Your Own Device,
meaning employees use their own devices to access company resources within the company's IT network,
whether internally or externally. On the one hand, it has brought many benefits and opportunities, but on
the other hand, it carries many cybersecurity risks. Incidents of cybercrime, embezzlement, espionage, and
cyberattacks. These are recorded every day in ZELECAF countries in general and in Congo Brazzaville in
particular. In this article, a contribution and optimization to the security of BYOD systems in the financial
authorities of the countries of the African Continental Free Trade Area are presented. Congo Brazzaville
was chosen for the field study, and a few Central African countries were chosen for an online study. The
results obtained are encouraging to the extent that the survey carried out revealed the use of digital tools
in financial management by workers. Also, the lack of solid security in the existing computer networks
within these structures was noted. The principles of raising public awareness of cybersecurity culture,
protecting information, authenticating passwords by the IT manager or network administrator, hiding the
wireless network, and enabling the firewall are part of the attempted solutions proposed. Compared to
studies in the literature, the methodology is adapted, so that in the literature [14], [15], the majority of
surveys were carried out in the field, with a very limited number.
IRJET- Android based Porter Application on PT Jerindo Jaya AbadiIRJET Journal
This document describes a proposed Android-based application to facilitate ordering porters in Indonesia. It begins with background on the prevalence of smartphone usage in Indonesia and how people currently order porters. The proposed application aims to make it easier for customers to order porters as needed by connecting them directly. The document outlines the SWOT analysis and SDLC Waterfall methodologies that will be used to design and develop the application. It also describes the existing manual porter ordering process and identifies weaknesses like the time it takes to search for an available porter. The proposed application aims to streamline the relationship between porters and customers to minimize search time.
A critical gap exists between the enterprise mobility vision and
real-world implementations.
Enterprise mobility and trends like bring your own device
(BYOD) aren’t just hot topics of conversation.
According to the over 1,600 IT and security professionals we surveyed, mobility is a top priority for most IT departments.
Unfortunately, there’s a critical gap between the vision these IT leaders have for enterprise mobility and the real-world implementations.
The insights gathered from IT professionals in the Americas, Asia Pacific, Europe, the Middle East, and Africa demonstrate that organisations from around the world share many of the same priorities, challenges and risks.
Student Attendance Management System by Using Fingerprint ReaderIRJET Journal
The document presents a student attendance management system that uses fingerprint recognition to address issues with traditional manual attendance tracking methods. The system aims to streamline the attendance process, minimize errors, and enhance security by leveraging biometric technology. It employs fingerprint scans to uniquely identify each student and record attendance accurately while eliminating proxy attendance. The proposed methodology outlines developing the system by defining requirements, designing the architecture and interface, collecting and recognizing fingerprints, integrating hardware and software, testing functionality and security, and backing up data for recovery.
MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PREMISESIRJET Journal
The document discusses a machine learning based security system for office premises that uses four steps for authentication: 1) credentials for login, 2) facial recognition using Haar cascade, 3) one-time password generation, and 4) auto-logout. This approach aims to provide strong security by restricting unauthorized access and automatically logging users out. It also ensures data integrity and confidentiality. The system is meant to authenticate users in an office setting and maintain individual work privacy.
Similar to Security risk analysis of bring your own device system in manufacturing company at Tangerang (20)
Amazon products reviews classification based on machine learning, deep learni...TELKOMNIKA JOURNAL
In recent times, the trend of online shopping through e-commerce stores and websites has grown to a huge extent. Whenever a product is purchased on an e-commerce platform, people leave their reviews about the product. These reviews are very helpful for the store owners and the product’s manufacturers for the betterment of their work process as well as product quality. An automated system is proposed in this work that operates on two datasets D1 and D2 obtained from Amazon. After certain preprocessing steps, N-gram and word embedding-based features are extracted using term frequency-inverse document frequency (TF-IDF), bag of words (BoW) and global vectors (GloVe), and Word2vec, respectively. Four machine learning (ML) models support vector machines (SVM), logistic regression (RF), logistic regression (LR), multinomial Naïve Bayes (MNB), two deep learning (DL) models convolutional neural network (CNN), long-short term memory (LSTM), and standalone bidirectional encoder representations (BERT) are used to classify reviews as either positive or negative. The results obtained by the standard ML, DL models and BERT are evaluated using certain performance evaluation measures. BERT turns out to be the best-performing model in the case of D1 with an accuracy of 90% on features derived by word embedding models while the CNN provides the best accuracy of 97% upon word embedding features in the case of D2. The proposed model shows better overall performance on D2 as compared to D1.
Design, simulation, and analysis of microstrip patch antenna for wireless app...TELKOMNIKA JOURNAL
In this study, a microstrip patch antenna that works at 3.6 GHz was built and tested to see how well it works. In this work, Rogers RT/Duroid 5880 has been used as the substrate material, with a dielectric permittivity of 2.2 and a thickness of 0.3451 mm; it serves as the base for the examined antenna. The computer simulation technology (CST) studio suite is utilized to show the recommended antenna design. The goal of this study was to get a more extensive transmission capacity, a lower voltage standing wave ratio (VSWR), and a lower return loss, but the main goal was to get a higher gain, directivity, and efficiency. After simulation, the return loss, gain, directivity, bandwidth, and efficiency of the supplied antenna are found to be -17.626 dB, 9.671 dBi, 9.924 dBi, 0.2 GHz, and 97.45%, respectively. Besides, the recreation uncovered that the transfer speed side-lobe level at phi was much better than those of the earlier works, at -28.8 dB, respectively. Thus, it makes a solid contender for remote innovation and more robust communication.
Design and simulation an optimal enhanced PI controller for congestion avoida...TELKOMNIKA JOURNAL
This document describes using a snake optimization algorithm to tune the gains of an enhanced proportional-integral controller for congestion avoidance in a TCP/AQM system. The controller aims to maintain a stable and desired queue size without noise or transmission problems. A linearized model of the TCP/AQM system is presented. An enhanced PI controller combining nonlinear gain and original PI gains is proposed. The snake optimization algorithm is then used to tune the parameters of the enhanced PI controller to achieve optimal system performance and response. Simulation results are discussed showing the proposed controller provides a stable and robust behavior for congestion control.
Improving the detection of intrusion in vehicular ad-hoc networks with modifi...TELKOMNIKA JOURNAL
Vehicular ad-hoc networks (VANETs) are wireless-equipped vehicles that form networks along the road. The security of this network has been a major challenge. The identity-based cryptosystem (IBC) previously used to secure the networks suffers from membership authentication security features. This paper focuses on improving the detection of intruders in VANETs with a modified identity-based cryptosystem (MIBC). The MIBC is developed using a non-singular elliptic curve with Lagrange interpolation. The public key of vehicles and roadside units on the network are derived from number plates and location identification numbers, respectively. Pseudo-identities are used to mask the real identity of users to preserve their privacy. The membership authentication mechanism ensures that only valid and authenticated members of the network are allowed to join the network. The performance of the MIBC is evaluated using intrusion detection ratio (IDR) and computation time (CT) and then validated with the existing IBC. The result obtained shows that the MIBC recorded an IDR of 99.3% against 94.3% obtained for the existing identity-based cryptosystem (EIBC) for 140 unregistered vehicles attempting to intrude on the network. The MIBC shows lower CT values of 1.17 ms against 1.70 ms for EIBC. The MIBC can be used to improve the security of VANETs.
Conceptual model of internet banking adoption with perceived risk and trust f...TELKOMNIKA JOURNAL
Understanding the primary factors of internet banking (IB) acceptance is critical for both banks and users; nevertheless, our knowledge of the role of users’ perceived risk and trust in IB adoption is limited. As a result, we develop a conceptual model by incorporating perceived risk and trust into the technology acceptance model (TAM) theory toward the IB. The proper research emphasized that the most essential component in explaining IB adoption behavior is behavioral intention to use IB adoption. TAM is helpful for figuring out how elements that affect IB adoption are connected to one another. According to previous literature on IB and the use of such technology in Iraq, one has to choose a theoretical foundation that may justify the acceptance of IB from the customer’s perspective. The conceptual model was therefore constructed using the TAM as a foundation. Furthermore, perceived risk and trust were added to the TAM dimensions as external factors. The key objective of this work was to extend the TAM to construct a conceptual model for IB adoption and to get sufficient theoretical support from the existing literature for the essential elements and their relationships in order to unearth new insights about factors responsible for IB adoption.
Efficient combined fuzzy logic and LMS algorithm for smart antennaTELKOMNIKA JOURNAL
The smart antennas are broadly used in wireless communication. The least mean square (LMS) algorithm is a procedure that is concerned in controlling the smart antenna pattern to accommodate specified requirements such as steering the beam toward the desired signal, in addition to placing the deep nulls in the direction of unwanted signals. The conventional LMS (C-LMS) has some drawbacks like slow convergence speed besides high steady state fluctuation error. To overcome these shortcomings, the present paper adopts an adaptive fuzzy control step size least mean square (FC-LMS) algorithm to adjust its step size. Computer simulation outcomes illustrate that the given model has fast convergence rate as well as low mean square error steady state.
Design and implementation of a LoRa-based system for warning of forest fireTELKOMNIKA JOURNAL
This paper presents the design and implementation of a forest fire monitoring and warning system based on long range (LoRa) technology, a novel ultra-low power consumption and long-range wireless communication technology for remote sensing applications. The proposed system includes a wireless sensor network that records environmental parameters such as temperature, humidity, wind speed, and carbon dioxide (CO2) concentration in the air, as well as taking infrared photos.The data collected at each sensor node will be transmitted to the gateway via LoRa wireless transmission. Data will be collected, processed, and uploaded to a cloud database at the gateway. An Android smartphone application that allows anyone to easily view the recorded data has been developed. When a fire is detected, the system will sound a siren and send a warning message to the responsible personnel, instructing them to take appropriate action. Experiments in Tram Chim Park, Vietnam, have been conducted to verify and evaluate the operation of the system.
Wavelet-based sensing technique in cognitive radio networkTELKOMNIKA JOURNAL
Cognitive radio is a smart radio that can change its transmitter parameter based on interaction with the environment in which it operates. The demand for frequency spectrum is growing due to a big data issue as many Internet of Things (IoT) devices are in the network. Based on previous research, most frequency spectrum was used, but some spectrums were not used, called spectrum hole. Energy detection is one of the spectrum sensing methods that has been frequently used since it is easy to use and does not require license users to have any prior signal understanding. But this technique is incapable of detecting at low signal-to-noise ratio (SNR) levels. Therefore, the wavelet-based sensing is proposed to overcome this issue and detect spectrum holes. The main objective of this work is to evaluate the performance of wavelet-based sensing and compare it with the energy detection technique. The findings show that the percentage of detection in wavelet-based sensing is 83% higher than energy detection performance. This result indicates that the wavelet-based sensing has higher precision in detection and the interference towards primary user can be decreased.
A novel compact dual-band bandstop filter with enhanced rejection bandsTELKOMNIKA JOURNAL
In this paper, we present the design of a new wide dual-band bandstop filter (DBBSF) using nonuniform transmission lines. The method used to design this filter is to replace conventional uniform transmission lines with nonuniform lines governed by a truncated Fourier series. Based on how impedances are profiled in the proposed DBBSF structure, the fractional bandwidths of the two 10 dB-down rejection bands are widened to 39.72% and 52.63%, respectively, and the physical size has been reduced compared to that of the filter with the uniform transmission lines. The results of the electromagnetic (EM) simulation support the obtained analytical response and show an improved frequency behavior.
Deep learning approach to DDoS attack with imbalanced data at the application...TELKOMNIKA JOURNAL
A distributed denial of service (DDoS) attack is where one or more computers attack or target a server computer, by flooding internet traffic to the server. As a result, the server cannot be accessed by legitimate users. A result of this attack causes enormous losses for a company because it can reduce the level of user trust, and reduce the company’s reputation to lose customers due to downtime. One of the services at the application layer that can be accessed by users is a web-based lightweight directory access protocol (LDAP) service that can provide safe and easy services to access directory applications. We used a deep learning approach to detect DDoS attacks on the CICDDoS 2019 dataset on a complex computer network at the application layer to get fast and accurate results for dealing with unbalanced data. Based on the results obtained, it is observed that DDoS attack detection using a deep learning approach on imbalanced data performs better when implemented using synthetic minority oversampling technique (SMOTE) method for binary classes. On the other hand, the proposed deep learning approach performs better for detecting DDoS attacks in multiclass when implemented using the adaptive synthetic (ADASYN) method.
The appearance of uncertainties and disturbances often effects the characteristics of either linear or nonlinear systems. Plus, the stabilization process may be deteriorated thus incurring a catastrophic effect to the system performance. As such, this manuscript addresses the concept of matching condition for the systems that are suffering from miss-match uncertainties and exogeneous disturbances. The perturbation towards the system at hand is assumed to be known and unbounded. To reach this outcome, uncertainties and their classifications are reviewed thoroughly. The structural matching condition is proposed and tabulated in the proposition 1. Two types of mathematical expressions are presented to distinguish the system with matched uncertainty and the system with miss-matched uncertainty. Lastly, two-dimensional numerical expressions are provided to practice the proposed proposition. The outcome shows that matching condition has the ability to change the system to a design-friendly model for asymptotic stabilization.
Implementation of FinFET technology based low power 4×4 Wallace tree multipli...TELKOMNIKA JOURNAL
Many systems, including digital signal processors, finite impulse response (FIR) filters, application-specific integrated circuits, and microprocessors, use multipliers. The demand for low power multipliers is gradually rising day by day in the current technological trend. In this study, we describe a 4×4 Wallace multiplier based on a carry select adder (CSA) that uses less power and has a better power delay product than existing multipliers. HSPICE tool at 16 nm technology is used to simulate the results. In comparison to the traditional CSA-based multiplier, which has a power consumption of 1.7 µW and power delay product (PDP) of 57.3 fJ, the results demonstrate that the Wallace multiplier design employing CSA with first zero finding logic (FZF) logic has the lowest power consumption of 1.4 µW and PDP of 27.5 fJ.
Evaluation of the weighted-overlap add model with massive MIMO in a 5G systemTELKOMNIKA JOURNAL
The flaw in 5G orthogonal frequency division multiplexing (OFDM) becomes apparent in high-speed situations. Because the doppler effect causes frequency shifts, the orthogonality of OFDM subcarriers is broken, lowering both their bit error rate (BER) and throughput output. As part of this research, we use a novel design that combines massive multiple input multiple output (MIMO) and weighted overlap and add (WOLA) to improve the performance of 5G systems. To determine which design is superior, throughput and BER are calculated for both the proposed design and OFDM. The results of the improved system show a massive improvement in performance ver the conventional system and significant improvements with massive MIMO, including the best throughput and BER. When compared to conventional systems, the improved system has a throughput that is around 22% higher and the best performance in terms of BER, but it still has around 25% less error than OFDM.
Reflector antenna design in different frequencies using frequency selective s...TELKOMNIKA JOURNAL
In this study, it is aimed to obtain two different asymmetric radiation patterns obtained from antennas in the shape of the cross-section of a parabolic reflector (fan blade type antennas) and antennas with cosecant-square radiation characteristics at two different frequencies from a single antenna. For this purpose, firstly, a fan blade type antenna design will be made, and then the reflective surface of this antenna will be completed to the shape of the reflective surface of the antenna with the cosecant-square radiation characteristic with the frequency selective surface designed to provide the characteristics suitable for the purpose. The frequency selective surface designed and it provides the perfect transmission as possible at 4 GHz operating frequency, while it will act as a band-quenching filter for electromagnetic waves at 5 GHz operating frequency and will be a reflective surface. Thanks to this frequency selective surface to be used as a reflective surface in the antenna, a fan blade type radiation characteristic at 4 GHz operating frequency will be obtained, while a cosecant-square radiation characteristic at 5 GHz operating frequency will be obtained.
Reagentless iron detection in water based on unclad fiber optical sensorTELKOMNIKA JOURNAL
A simple and low-cost fiber based optical sensor for iron detection is demonstrated in this paper. The sensor head consist of an unclad optical fiber with the unclad length of 1 cm and it has a straight structure. Results obtained shows a linear relationship between the output light intensity and iron concentration, illustrating the functionality of this iron optical sensor. Based on the experimental results, the sensitivity and linearity are achieved at 0.0328/ppm and 0.9824 respectively at the wavelength of 690 nm. With the same wavelength, other performance parameters are also studied. Resolution and limit of detection (LOD) are found to be 0.3049 ppm and 0.0755 ppm correspondingly. This iron sensor is advantageous in that it does not require any reagent for detection, enabling it to be simpler and cost-effective in the implementation of the iron sensing.
Impact of CuS counter electrode calcination temperature on quantum dot sensit...TELKOMNIKA JOURNAL
In place of the commercial Pt electrode used in quantum sensitized solar cells, the low-cost CuS cathode is created using electrophoresis. High resolution scanning electron microscopy and X-ray diffraction were used to analyze the structure and morphology of structural cubic samples with diameters ranging from 40 nm to 200 nm. The conversion efficiency of solar cells is significantly impacted by the calcination temperatures of cathodes at 100 °C, 120 °C, 150 °C, and 180 °C under vacuum. The fluorine doped tin oxide (FTO)/CuS cathode electrode reached a maximum efficiency of 3.89% when it was calcined at 120 °C. Compared to other temperature combinations, CuS nanoparticles crystallize at 120 °C, which lowers resistance while increasing electron lifetime.
In place of the commercial Pt electrode used in quantum sensitized solar cells, the low-cost CuS cathode is created using electrophoresis. High resolution scanning electron microscopy and X-ray diffraction were used to analyze the structure and morphology of structural cubic samples with diameters ranging from 40 nm to 200 nm. The conversion efficiency of solar cells is significantly impacted by the calcination temperatures of cathodes at 100 °C, 120 °C, 150 °C, and 180 °C under vacuum. The fluorine doped tin oxide (FTO)/CuS cathode electrode reached a maximum efficiency of 3.89% when it was calcined at 120 °C. Compared to other temperature combinations, CuS nanoparticles crystallize at 120 °C, which lowers resistance while increasing electron lifetime.
A progressive learning for structural tolerance online sequential extreme lea...TELKOMNIKA JOURNAL
This article discusses the progressive learning for structural tolerance online sequential extreme learning machine (PSTOS-ELM). PSTOS-ELM can save robust accuracy while updating the new data and the new class data on the online training situation. The robustness accuracy arises from using the householder block exact QR decomposition recursive least squares (HBQRD-RLS) of the PSTOS-ELM. This method is suitable for applications that have data streaming and often have new class data. Our experiment compares the PSTOS-ELM accuracy and accuracy robustness while data is updating with the batch-extreme learning machine (ELM) and structural tolerance online sequential extreme learning machine (STOS-ELM) that both must retrain the data in a new class data case. The experimental results show that PSTOS-ELM has accuracy and robustness comparable to ELM and STOS-ELM while also can update new class data immediately.
Electroencephalography-based brain-computer interface using neural networksTELKOMNIKA JOURNAL
This study aimed to develop a brain-computer interface that can control an electric wheelchair using electroencephalography (EEG) signals. First, we used the Mind Wave Mobile 2 device to capture raw EEG signals from the surface of the scalp. The signals were transformed into the frequency domain using fast Fourier transform (FFT) and filtered to monitor changes in attention and relaxation. Next, we performed time and frequency domain analyses to identify features for five eye gestures: opened, closed, blink per second, double blink, and lookup. The base state was the opened-eyes gesture, and we compared the features of the remaining four action gestures to the base state to identify potential gestures. We then built a multilayer neural network to classify these features into five signals that control the wheelchair’s movement. Finally, we designed an experimental wheelchair system to test the effectiveness of the proposed approach. The results demonstrate that the EEG classification was highly accurate and computationally efficient. Moreover, the average performance of the brain-controlled wheelchair system was over 75% across different individuals, which suggests the feasibility of this approach.
Adaptive segmentation algorithm based on level set model in medical imagingTELKOMNIKA JOURNAL
For image segmentation, level set models are frequently employed. It offer best solution to overcome the main limitations of deformable parametric models. However, the challenge when applying those models in medical images stills deal with removing blurs in image edges which directly affects the edge indicator function, leads to not adaptively segmenting images and causes a wrong analysis of pathologies wich prevents to conclude a correct diagnosis. To overcome such issues, an effective process is suggested by simultaneously modelling and solving systems’ two-dimensional partial differential equations (PDE). The first PDE equation allows restoration using Euler’s equation similar to an anisotropic smoothing based on a regularized Perona and Malik filter that eliminates noise while preserving edge information in accordance with detected contours in the second equation that segments the image based on the first equation solutions. This approach allows developing a new algorithm which overcome the studied model drawbacks. Results of the proposed method give clear segments that can be applied to any application. Experiments on many medical images in particular blurry images with high information losses, demonstrate that the developed approach produces superior segmentation results in terms of quantity and quality compared to other models already presented in previeous works.
Automatic channel selection using shuffled frog leaping algorithm for EEG bas...TELKOMNIKA JOURNAL
Drug addiction is a complex neurobiological disorder that necessitates comprehensive treatment of both the body and mind. It is categorized as a brain disorder due to its impact on the brain. Various methods such as electroencephalography (EEG), functional magnetic resonance imaging (FMRI), and magnetoencephalography (MEG) can capture brain activities and structures. EEG signals provide valuable insights into neurological disorders, including drug addiction. Accurate classification of drug addiction from EEG signals relies on appropriate features and channel selection. Choosing the right EEG channels is essential to reduce computational costs and mitigate the risk of overfitting associated with using all available channels. To address the challenge of optimal channel selection in addiction detection from EEG signals, this work employs the shuffled frog leaping algorithm (SFLA). SFLA facilitates the selection of appropriate channels, leading to improved accuracy. Wavelet features extracted from the selected input channel signals are then analyzed using various machine learning classifiers to detect addiction. Experimental results indicate that after selecting features from the appropriate channels, classification accuracy significantly increased across all classifiers. Particularly, the multi-layer perceptron (MLP) classifier combined with SFLA demonstrated a remarkable accuracy improvement of 15.78% while reducing time complexity.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Applications of artificial Intelligence in Mechanical Engineering.pdfAtif Razi
Historically, mechanical engineering has relied heavily on human expertise and empirical methods to solve complex problems. With the introduction of computer-aided design (CAD) and finite element analysis (FEA), the field took its first steps towards digitization. These tools allowed engineers to simulate and analyze mechanical systems with greater accuracy and efficiency. However, the sheer volume of data generated by modern engineering systems and the increasing complexity of these systems have necessitated more advanced analytical tools, paving the way for AI.
AI offers the capability to process vast amounts of data, identify patterns, and make predictions with a level of speed and accuracy unattainable by traditional methods. This has profound implications for mechanical engineering, enabling more efficient design processes, predictive maintenance strategies, and optimized manufacturing operations. AI-driven tools can learn from historical data, adapt to new information, and continuously improve their performance, making them invaluable in tackling the multifaceted challenges of modern mechanical engineering.
Discover the latest insights on Data Driven Maintenance with our comprehensive webinar presentation. Learn about traditional maintenance challenges, the right approach to utilizing data, and the benefits of adopting a Data Driven Maintenance strategy. Explore real-world examples, industry best practices, and innovative solutions like FMECA and the D3M model. This presentation, led by expert Jules Oudmans, is essential for asset owners looking to optimize their maintenance processes and leverage digital technologies for improved efficiency and performance. Download now to stay ahead in the evolving maintenance landscape.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
An improved modulation technique suitable for a three level flying capacitor ...IJECEIAES
This research paper introduces an innovative modulation technique for controlling a 3-level flying capacitor multilevel inverter (FCMLI), aiming to streamline the modulation process in contrast to conventional methods. The proposed
simplified modulation technique paves the way for more straightforward and
efficient control of multilevel inverters, enabling their widespread adoption and
integration into modern power electronic systems. Through the amalgamation of
sinusoidal pulse width modulation (SPWM) with a high-frequency square wave
pulse, this controlling technique attains energy equilibrium across the coupling
capacitor. The modulation scheme incorporates a simplified switching pattern
and a decreased count of voltage references, thereby simplifying the control
algorithm.
2. ◼ ISSN: 1693-6930
TELKOMNIKA Vol. 17, No. 2, April 2019: 753-762
754
side of work, increasing productivity and efficiency of employees [4]. BYOD is where a company
allows employees to use their personal devices for access into corporate networks [5, 6]. By
using a remote system the employees only need to have a mobile device and internet, then use
the remote system to be able to access the office system from everywhere [7]. But it turns out
that in addition to providing benefits from the implementation of BYOD systems in a company,
BYOD also need to be considered for its use related to the security of information and data
available on the company. Based on the explanation by [4], where there is a risk to the
implementation of the BYOD system is the existence of loopholes for loss of data from the side
of important information company or the possibility of data taken by unauthorized parties. XYZ
company as a manufacturing company in Tangerang, Indonesia has been used BYOD system
in their company. XYZ company has used Virtual Private Network (VPN) to monitor the use of
system. They want to improve the security of the system with risk analysis, with the aim to
protect the internal data.
Cybersecurity framework National Institute of Standards and Technology (NIST) is an
easy-to-apply framework because it's easier to discuss technical or non-technical. By using the
NIST stakeholder cybersecurity framework, partners and suppliers will be easier to discuss to
achieve the intended goal [8]. Based on the survey conducted by tenable, 84% of organizations
in various countries have implemented several types of security framework, one of them is NIST
cybersecurity framework [9]. NIST's Cybersecurity framework is one of the framework options
for assessing information systems security, analyzing risks that will occur in information systems
and can build effective strategies to tighten the security of the current system. Gartner has an
expectation that the upgrading of the implementation of the NIST cybersecurity framework will
reach 50% by 2020 [10].
Based on the survey, it is estimated there are 74% of companies that have or want to
apply to allow employees to use their personal devices to work [11]. This means showing that
the implementation of the BYOD system to work has started to become a trend and survey
results by the Indonesia cloud forum show that only 44.2% of employees prefer to work in the
office, the rest of them say they feel more comfortable working outside the office with the largest
percentage at home (39.5%) or in places such as cafe/mall (16.3%) [12, 13] . The advantage of
using the system with BYOD method from the side of the company is very clear by just using the
system BYOD this company can improve the productivity of work of existing employees. While
from the employees themselves get the benefit of the employees will be more mobile and
flexible to work anytime and anywhere [4].
The challenge when it comes to implementing the BYOD system is whether the data
accessed by employees using their personal device is secure or whether it is in accordance with
authentication that should be allowed to access the server or information. But it cannot be
denied that from this BYOD system there are some shortcomings of security aspect related to
information or company asset. This aspect is worth noting for the implementation of this BYOD
system is a matter of security and confidentiality [4, 14].
The application of BYOD system also needs to be considered in terms of data security
company, based on study by security firm CPP UK found that over 50% of used mobile devices
still contained large amounts of data from previous mobile devices owners and the fact is 86%
survey data found that they must remove all personal data first before selling or recycling the
mobile devices [5].
This paper will be presented the risk of information system security with the
cybersecurity NIST framework, which is related to how the framework can perform risk analysis
on the existing information system. The expectation of this analysis is to reduce the risk of data
security in XYZ company. We use a case study in XYZ company as a manufacturing company
in Tangerang, Indonesia which is has been used BYOD system in their company.
2. Research Method
The research methodology used in this study consists of 3 stages. First, doing analysis
of existing information systems, focused on the security risks in the use of BYOD. Secondly,
made a recommendation design system based on the results of the analysis in the first stage.
The design made based on ISO 27002: 2013. The last stage is a recommendation system
based on Gardner Quadran. Figure 1 presented the research methodology in this research. This
paper disscussed stage 1 and 2.
3. TELKOMNIKA ISSN: 1693-6930 ◼
Security risk analysis of bring your own device system in... (Astari Retnowardhani)
755
Figure 1. Research methodoly of this reseach
The way to make this BYOD trend working well is to improve security on information to
make sure that the information is not leaking to the people there is not authorized to access or
have that information [15]. In first stage the analysis of the system is done by use Cybersecurity
NIST framework. Cybersecurity NIST framework has 3 components, they are core framework,
profile framework, and implementation tier framework. This research focused on core
framework. This framework is a set of cybersecurity activities, desired outcomes, and applicable
references that are common across critical infrastructure sector [16]. The core framework
comprises 4 elements: Functions, Categories, Subcategories, and Informative References.
Function element organize basic cybersecurity activities at their highest level. These Functions
are Identify, Protect, Detect, Respond, and Recover, depicted on Figure 2.
Figure 2. NIST core framework
4. ◼ ISSN: 1693-6930
TELKOMNIKA Vol. 17, No. 2, April 2019: 753-762
756
This study use ISO/IEC 27002:2013 Information Technology at stage 2 [17]. The reason
of the use this ISO because ISO/IEC 27002:2013 also introduces how to achieve technical
security architecture that is of good quality, risk aspects, design and control related to network
scenarios and network technology areas. This is accordance with the purpose of the study.
ISO/IEC 27002:2013 has 14 security control clauses as follows: Information security policies,
Organization of information security, Human resource security, Asset management, Access
control, Cryptography, Physical and environmental security, Operation security, Communication
security, System acquisition,development, and maintenance, Supplier relationship, Information
security incident management, Information security aspects of business continuity management,
Compliance. Gartner Magic Quadrant also use in this research in stage 3. It is provide a graphic
competitive position of four types of technology categories in a rapidly growing market: leader,
visionary, niche player and challenger. As a side note gartner can provide a deeper insight into
the recommended conformity of products and services of information systems based on specific
or customized use case [18]. However, this paper focussing on stage 1 and 2.
3. Results and Analysis
XYZ company as a manufacturing company in Tangerang engaged in the production
and sale of paint products. XYZ company has implemented information system for database
using oracle and network security system. In head office already has network firewall as internet
gateway. They uses a virtual private network (VPN) method where the IT department can
remotely monitor the system from anywhere, as well as the sales and manager levels. VPN is
one way to safely remotely [19]. XYZ company using the existing VPN on windows system so
that employees who have access to VPN can access the existing system at office by using
laptop provided by office or personal laptop. This is the focus in this study related to the
existence of the system BYOD by giving permission to perform remote access system by using
the VPN method of course there is an excess or risk that will occur when applying the system
BYOD [20-22].
With this remote system implementation make the job more efficient because there is a
reduction in working time due to having to go to the office first if you want to access data
available on XYZ system. Information security has become a critical issue. Various steps have
been taken to improve and develop the level of security [23, 24]. The reason of remote system
implementation is because the need for control when the system needed during a sudden
condition, while the person in charge is not available at the office but they need to access the
system to do their work. Then, with this remote system implementation they can access the
system to retrieve or input data and also seen from the needs of the sales team or some other
end-user to check the database system, or inventory of paint production.
For the infrastructure itself is supported by the implementation of wireless network and
authorization system for wireless network access, where only employees who can access the
system when using wireless network while for guests are only allowed to access the internet
when using the wireless network available at the office. In terms of wireless access is set can
only be used by employees only based of SSID and password for wireless connectivity access
at headquarters. The company uses a system of centralization where each system is at the
head office, so for the Tangerang branch requires a connection to the headquarters in advance
if you want to access the existing system. For the gateway side there is already a firewall that
serves as the internet gateway headquarters, but for each branch and every segmentation zone
on the system still no firewall. On the server side for the current condition is still using the
manual backup server and data or information available in the PC or laptop office.
With the implementation of a remote system certainly can help and facilitate employees
in performing their duties while working, but in the application of this remote system also there
are risks associated with the security of corporate data. Figure 3 has shown the network
topology of the system. In analysis and recommend stages is done based on interview and
observation method to get the data. The interviews conducted to IT supervisor and IT manager,
plan manager, IT senior, and production engineering manager. The Identify Function from NIST
Core framework are listed in Table 1. The Identify Function Results listed in Table 2. The results
have shown several subcategory need to check again and need to do action to solve the
problem.
5. TELKOMNIKA ISSN: 1693-6930 ◼
Security risk analysis of bring your own device system in... (Astari Retnowardhani)
757
Figure 3. Network topology at XYZ Company
Table 1. Identify Function
Category ID Subcategory Informative References
Asset Management
ID.1 Responsibility for assets
ISO/IEC 27002:2013 Section 8ID.2 Information classification
ID.3 Media handling
Business Environment
ID.4 Internal organization
ISO/IEC 27002:2013 Section 6
ID.5 Mobile devices and teleworking
Governance ID.6 Rules of Employment ISO/IEC 27002:2013 Section 7
Risk Assessment
ID.7 Backup
ISO/IEC 27002:2013 Section 12
ID.8 Operational procedures and responsibilities
ID.9 Protection from malware
ID.10 Logging and monitoring
ID.11 Control of operational software
ID.12 Information systems audit considerations
In implementation of Protect Function XYZ company has implemented security gateway
like firewall as internet access gateway can help in general to handle attacks and also maintain
XYZ internal network, rules are made to handle viruses implemented in network gateway for
inbound or outbound traffic as well as sandboxing method on firewall in order to know zero day
malware where the virus that has a new signature and certainly cannot be maintained only with
intrusion prevention system (IPS) that exist in the firewall because it still uses a signature based
to guard against threats.
From the authentication side there is also a special user to do remote with VPN
technology to maintain the security of communication between networks. From the side of the
router also has done access control list so that only certain IP from the WAN side that can
access to the existing system in the head office. In XYZ company also has been doing
protection for endpoint devices by using antivirus to keep from direct threats directly attack from
the endpoint devices.
Awareness of users related to information updates or updates that are trend so as to
reduce the risk of threats from the side of the user's habits related to existing threats, as
described in the discussion by [25] about "policy based framework BYOD for preserving
confidentiality in BYOD environments" which explained that the data protection needs done as
separation of confidential data of company with personal data. Table 3 has listed a Protect
6. ◼ ISSN: 1693-6930
TELKOMNIKA Vol. 17, No. 2, April 2019: 753-762
758
Function Subcategory based on ISO/IEC 27002:2013. Table 4 is a summary of the steps in
protecting NIST's cyber security framework in XYZ company:
Table 2. Result of Identify Function
ID Subcategory Result Status
ID 1
Responsibility for
assets
XYZ company has identified and registered all devices or
devices in accordance with their ownership
Ok
ID 2
Information
classification
XYZ company has categorized every critical server until it is
not critical server
Ok
ID 3 Media handling
XYZ COMPANY has implemented control of USB
Need to
check
ID 4 Internal organization
XYZ company has provided division of parts for IT as the
responsibility of the system
Ok
ID 5
Mobile devices and
teleworking
XYZ company has installed antivirus for every PC or laptop
office, but XYZ COMPANY cannot manage centrally for
mobile devices
Need to do
an action
ID 6 Rules of Employment
XYZ company has applied access to every employee profile
for accessing system
Ok
ID 7 Backup
XYZ company has implemented a backup system using
storage craft for server but for system log still not exist
Need to do
an action
ID 8
Operational
procedures and
responsibilities
XYZ company still uses manual processing for
documentation, PT did not have a system that can
automatically documented all process
Need to do
an action
ID 9
Protection from
malware
XYZ company only apply antivirus on the gateway side and
endpoint device
Need to do
an action
ID 10
Logging and
monitoring
XYZ company will implement system logging using
loganalyze
Ok
ID 11
Control of operational
software
XYZ company has implemented controls for each system
manually through the IT division
Need to do
an action
ID 12
Information systems
audit considerations
XYZ company has not conducted an audit system Need to do
an action
Table 3. Protect Function
Category ID Subcategory Informative References
Access Control
PT.1
Business requirements of access
control
ISO/IEC 27002:2013
Section 9
PT.2 User access management
PT.3 User responsibilities
PT.4
System and application access
control
Awareness and
Training
PT.5
Information security in supplier
relationships ISO/IEC 27002:2013
Section 15
PT.6
Supplier service delivery
management
Data Security and
Information
Protection
PT.7 Network security management ISO/IEC 27002:2013
Section 13PT.8 Information transfer
Maintenance and
Protective
Technology
PT.9
Security requirements of information
systems ISO/IEC 27002:2013
Section 14
PT.10
Security in development and
support processes
The BYOD system running on XYZ company can improve the efficiency level of work.
However, this system needs to be developed the security side. The system due to access using
VPN connection without enough protection such as encryption data from the system, then the
data can be moved safely as recommended ISO/IEC 27002: 2013 related cryptography.
Based on ISO/IEC 27002: 2013 section 9.4 related password management required
account management system. It is about user authentication to assist in standardization, such
as password that must have more than 6 characters with numbers, alphabet and special
characters. In addition, it is expected that this account management system can also prevent
unnecessary login. In addition, account management can also set the schedule for the change
of password periodically. Table 5 has listed a Detect Function Subcategory based on ISO/IEC
7. TELKOMNIKA ISSN: 1693-6930 ◼
Security risk analysis of bring your own device system in... (Astari Retnowardhani)
759
27002:2013. Table 6 is an results of Detect Function in XYZ company. The results have shown
all status of subcategory are need to do an action from company.
Table 4. Result of Protect Function
ID Subcategory Result Status
PT.1 Business requirements
of access control
XYZ company has implemented a company regulation
policy in firewall and router
Ok
PT.2 User access
management
XYZ company has applied user access profile Ok
PT.3 User responsibilities XYZ company has done periodic knowledge sharing on
end user of remote system user
Ok
PT.4 System and application
access control
XYZ company has implemented control based on
access list, for password management still need to do
with manually control
Need to do
an action
PT.5 Information security in
supplier relationships
XYZ company only implements open communication
with branch office
Ok
PT.6 Supplier service
delivery management
XYZ company only implements open communication
with branch office
Ok
PT.7 Network security
management
XYZ company has divided every segment network
including wireless, server and branch office
Ok
PT.8 Information transfer XYZ company only implements open communication
with branch office
Ok
PT.9 Security requirements
of information systems
XYZ company has applied profile and access using
username and password
Ok
PT.10 Security in development
and support processes
XYZ COMPANY is still implementing manually testing
for development system
Need to do
an action
Table 5. Detect Function
Category ID Subcategory
Informative
References
Anomalies and
Event
DT.1
Management of information security
incidents and improvements
ISO/IEC
27002:2013
Section 16
Continuous
Monitoring
Detection Process
Based on ISO/IEC 27002: 2013, access control is one of the important things in doing
security practitioners to make the running system more secure. The solution required for XYZ
company is an integrated solution and can provide event related information that occurs on XYZ
company system. In ISO/IEC 27002: 2013, information technology is related to network security
management guidance in terms of monitoring, logging and as well as detection of existing
systems, as well as security information and event management solutions which can provide
information related to devices and traffic that are experiencing or have the possibility of system
down, then the backup system must be prepared at the time the incident did occur.
Based on ISO/IEC 27002: 2013 in section 18 need an audit system and also testing on
each segmentasinya to know the conditions that have been implemented whether it is in
accordance with standard or compliance of existing information systems in XYZ company.
Implementation of the BYOD system in XYZ company also needs to be documented on every
security event that occurs, it is required in accordance with ISO/IEC 27002:2013 section 16
standards related to information security incident management in order to respond to a
cybersecurity event that occurs and can perform analysis to perform system recovery if needed.
8. ◼ ISSN: 1693-6930
TELKOMNIKA Vol. 17, No. 2, April 2019: 753-762
760
Table 6. Result of Detect Function
ID Subcategory Result Status
DT.1
Management of
information security
incidents and
improvements
XYZ company needs to do awareness to users
related to office device that can be lost (with
confidential data company)
Detection ID.5, Need to
do an action
DT.2
XYZ company needs to do awareness and
monitoring to users change password
periodically with the high complexity of
password
Detection PT.4, Need to
do an action
DT.3
XYZ company needs to keep and analyze
every log of the existing system
Detection ID.7, Need to
do an action
DT.4
Management of
information security
incidents and
improvements
XYZ company needs to do awareness about
regularity of sharing password to another, XYZ
company need to enhance with two-factor
authentication
Detection PT.9, Need to
do an action
DT.5
XYZ company needs to do a periodic system
testing
Detection ID.12, Need to
do an action
DT.6
XYZ company still documented all process
manually after changes configuration
Detection ID.8, Need to
do an action
The IT department needs to do awareness to the management regarding the
information system at XYZ company and the possible risks that will occur if the system is still
running without any improvement from the current system. This should be applied as a
continuation of XYZ company business as recommended in ISO/IEC 27002: 2013 section 17.
Also be re-generated new standard with new system security implementation in accordance
with ISO/IEC 27002: 2013 standard in section 5.
In addition, based on interviews related to log-analyzer implementation, it is necessary
to realize the standard ISO/IEC 27002: 2013 section 12.4 that is related to system user activity
and administrator/operator, exceptions, correction and event log should be recorded and
protected. Table 7 has listed a Respond Function Subcategory based on ISO/IEC 27002:2013.
Table 8 is an implementation summary of Respond Function in XYZ company:
Table 7. Respond Function
Category ID Subcategory Informative References
Response
Planning
RP.1
Response
Planning
ISO/IEC 27002:2013
Section 14,18
Communic
ations
RP.2
Communicati
ons
ISO/IEC 27002:2013
Section 10, 11,17
Based on ISO/IEC 27002: 2013 section 17 related information security continuity that
explains about how to plan, implement and check the system running for the interests and
continuation of XYZ company business. Where necessary awareness of possible risks such as
company formulation or data related price or company sales that can occur when the use of the
remote system is not used with care. This can happen due to loss of laptop or smartphone used
to run the remote system because of course the device stores data taken from the oracle
system in the central office, and the absence of a system that provides a password or
encryption of the file. At this stage in accordance with the standard ISO/IEC 27002: 2013
section 5 where the management must re-determine the policy of each system running and of
course related to information or company data needs to be reviewed. If we want to continue
implementation the system BYOD then there should be an adjustment of existing security
systems in XYZ company. This is done for the continuation of XYZ company business, for the
current system is expected to be adjusted and a more strict policy such as the written
documentation related to the rules of the company to be awareness on every user who uses
BYOD remote system. Table 9 has listed a Recovery Function Subcategory based on ISO/IEC
27002:2013. Table 10 is a Results of Recovery Function analysis and recommended action in
XYZ company:
9. TELKOMNIKA ISSN: 1693-6930 ◼
Security risk analysis of bring your own device system in... (Astari Retnowardhani)
761
Table 8. Result of Respond Function
ID Subcategory Result Action
XYZ COMPANY needs to implement a two-factor
authentication system
Response for DT.4
XYZ COMPANY needs to implement a password
management system
Response for DT.2
RP.1
Response
Planning
XYZ COMPANY needs to upgrade more advanced
endpoint security
Response for ID.9,
ID.11 & DT.1
XYZ COMPANY needs to perform testing and
checking by 3rd
party on the system to match the
compliance
Response for PT.10
&
DT.5
XYZ COMPANY needs to implement log analyzer
system
Response for ID.10
&
DT.3
XYZ COMPANY needs to implement security
information and event management
Response for DT.6
RP.2 Communications
Need for communicate to the management related the
respond planning
Need to do an action
Table 9. Recovery Function
Category ID
Subcategory Informative
References
Recovery Planning RC.1 Recovery Planning ISO/IEC
27002:2013
Section 5
Improvement RC. 2 Improvement
Communication RC. 3 Communication
Table 10. Results of Recovery Function
ID Subcategory Result Action
RC.1 Recovery Planning
Need to do documentation related
to the rules about awareness users
of system BYOD
Need to do an action
RC.2 Improvement
Need to improve the security
system based on respond planning
Need do an action
RC.3 Communications
Need to do awareness related to
cybersecurity for user who using
BYOD system
need to do an action
4. Conclusion
Based on data gained from interview and observation we make an analysis about
BYOD system security risk. The results obtained by the use of cybersecurity analysis on BYOD
system in XYZ Company there are some points need improvement to develop in terms of
security system recommended. Based on the stages of respond with the analysis using
Cybersecurity NIST framework and ISO/IEC 27002:2013 then the results and actions were
obtained. In Identify Function obtained 10 results.
In Protect Function also obtained 10 results. In Detect Function obtained 6 results, one
of the results as like a company needs to do awareness and monitoring to users change
password periodically with the high complexity of password. In Respond Function results have 7
results, such as need to upgrade and implement the security planning of the BYOD system. In
Recovery Function generate 3 results, such as a XYZ company is urgent to make a rules
documentation. Then, the use of Cybersecurity NIST framework is useful to determine the
weaknesses of the BYOD system security in XYZ company.
References
[1] Cnn Indonesia, www.cnnindonesia.com. Retrieved from CNN Indonesia:
https://www.cnnindonesia.com/teknologi/20150326134506-185-42064/2014-pengguna-internet-
indonesia-capai-881-juta/
[2] Emarketer,www.emarketer.com. Retrieved from Emarketer: www.emarketer.com/Chart/Smartphone-
Activities-of-Smartphone-Users-Indonesia-by-Age-July-2016-of-respondents/194074
10. ◼ ISSN: 1693-6930
TELKOMNIKA Vol. 17, No. 2, April 2019: 753-762
762
[3] Syntonic. Employee Report: BYOD Usage in the Enterprise. Retrieved from Syntonic:
https://syntonic.com/byodresearch/. 2016.
[4] Garba A B, Armarego J, Murray D. Bring Your Own Device Organisational Information Security and
Privacy. ARPN. Journal of Engineering and Applied Sciences. 2015; 10(3):1279-1287.
[5] Wang Y, Wei J, Vangury K. Bring Your Own Device Security Issues and Challenges. IEEE 11th
Consumer Communications and Networking Conference (CCNC). 2014.
[6] Bailette P, Barlette Y, Leclercq-Vandelannoitte A. Bring Your Own Device in Organizations:
Extending The Reversed IT Adoption Logic To Security Paredoxes for CEOs and end users.
International Journal of Information Management. 2018; 43: 76-84
[7] Wanda P, Jie Huang J. Efficient Data Security for Mobile Instant Messenger. TELKOMNIKA
Telecommunication Computing Electronics and Control. 2018; 16(3): 1426-1434.
[8] Garlipp M. Benefits of The NIST Cybersecurity Framework. Retrieved from Govloop:
www.govloop.com/benefits-of-the-nist-cybersecurity-framework. 2015.
[9] Tenable. Adoption Cybersecurity framework NIST. Retrieved from Tenable:
https://www.tenable.com/blog/nist-cybersecurity-framework-adoption-on-the-rise. 2016.
[10] Infosecurity. Simplify NIST Cybersecurity Framework Adoption. Retrieved from Info Security:
https://www.infosecurity-magazine.com/opinions/simplify-nist-cybersecurity/. 2017.
[11] Zdnet, Research: 74 percent using or adopting BYOD, 2015, Retrieved from Zdnet:
http://www.zdnet.com/article/research-74-percent-using-or-adopting-byod/
[12] Biznetgiocloud, 2017, Retrieved from Biznetgiocloud: http://www.biznetgiocloud.com/byod-tren-
perusahaan-di-masa-depan/
[13] Dhingra M. Legal Issues in Secure Implementation of Bring Your Own Device. Procedia Computer
Science, International Conference on Information Security & Privacy, India. 2016; 78:179-184
[14] Disterer G, Kleiner C. BYOD Bring Your Own Device. Procedia Technology, International Conference
on Health and Social Care Information Systems and Technologies. 2013; 9: 43-53
[15] Matteson Scott. 10 Ways BYOD will evolve in 2016. Retrieved from Techrepublic:
http://www.techrepublic.com/blog/10-things/10-ways-byod-will-evolve-in-2016/
[16] NIST. Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards
and Technology, 2014, Retrieved from cyberframework@nist.gov
[17] Zhang S, Fever HL .An Examination of the Practicability of COBIT. Journal of Economics, Business
and Management. 2013; 1(4): 391-395.
[18] Techtarget. Gartner Magic Quadrant . 2013, Retrieved from Techtarget:
http://whatis.techtarget.com/definition/Gartner-Magic-Quadrants
[19] Ahlawat S, Anand A. An Introduction to Computer Networking. International Journal of Computer
Science and Information Technology Research, 2014: 373-377.
[20] Ghosh A, Gajar PK, Rai S. Bring Your Own Device (BYOD): Security Risks and Mitigating Strategies.
Journal of Global Research in Computer Science. 2013; 4(4).
[21] Network Intelligence. Mobile Device Management-Deployment, Risk Mitigation & Solutions. 2018.
Retrieved from https://www.niiconsulting.com/solutions/mobile-device-management.html
[22] Hilal, H, Nangim, A. Network Security Analysis SCADA System Automation on Industrial Process.
International Conference on Broadband Communication, Wireless Sensors and Powering (BCWSP).
2017: 1-6.
[23] Nurhaida I, Ramayanti D, Riesaputra. Digital Signature & Encryption Implementation for Increasing
Authentication, Integrity, Security and Data Non-Repudiation. International Research Journal of
Computer Science (IRJCS). 2017; 11(4): 4-14.
[24] Jillepali AA, Conte de Leon D, Steiner S, Alves-Foss J. Analysis of Web Browser Security
Configuration Options. KSII Transactions on Internet and Information Systems. 2018; 12(12):
6139-6160.
[25] Vorakulpipat C, Sirapaisan S, Rattanalerdnusorn E, Savangsuk V. A Policy-Based Framework for
Preserving Confidentiality inBYOD Environments: A Review of Information Security Perspectives.
Security and Communication Networks. 2017