Search results
1 – 10 of over 1000Qais Saif Qassim, Norziana Jamil, Maslina Daud, Ahmed Patel and Norhamadi Ja’affar
The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape…
Abstract
Purpose
The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure.
Design/methodology/approach
This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems.
Findings
The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements.
Originality/value
This paper presents a review and a comparative analysis of several standard SCADA security assessment methodologies and guidelines published by internationally recognised bodies. In addition, it explores the adequacy of the existing methodologies in meeting cyber security assessment practices required for electrical power networks.
Details
Keywords
Ahmed Patel, Wei Qi and Mona Taghavi
Mobile agent‐based e‐marketplace is one type of business application that has been developed as a flexible and efficient approach to help companies or corporations to extend their…
Abstract
Purpose
Mobile agent‐based e‐marketplace is one type of business application that has been developed as a flexible and efficient approach to help companies or corporations to extend their businesses to outreach larger markets without regional and continental boundaries. However, every distributed system is unable to avoid the security problems due to the open internet environment. Mobile agent‐based e‐marketplaces are no exception. Thus, the security of mobile agents is a crucial factor in the design of mobile agent‐based e‐marketplaces. To overcome this kind of problem, the purpose of this paper is to design and implement a framework and system of secure and trustworthy mobile agent based e‐marketplace.
Design/methodology/approach
This paper presents the system design for the system implementation based on the designed framework. It includes three major aspects: the design issues, system design and development environment and tools for system implementation. The system architecture, use case diagram and use case specifications are presented in the system design section.
Findings
The system design is an essential step that is required before a prototype system is implemented. The system is designed based on the described and outlined requirements and evaluation criteria, therefore, to support a secure and trustworthy trading environment. The paper is concluded by discussing and highlighting further research work.
Originality/value
This paper presents the system design for implementing a secure and trustworthy mobile agent‐based e‐marketplace system by using the latest version of UML modeling tool and techniques.
Details
Keywords
Ahmed Patel, Wei Qi and Mona Taghavi
Mobile agent‐based e‐marketplaces are business applications that have been developed as flexible and efficient approaches to help companies or corporations to extend their…
Abstract
Purpose
Mobile agent‐based e‐marketplaces are business applications that have been developed as flexible and efficient approaches to help companies or corporations to extend their businesses to outreach larger markets without regional and continental boundaries. Every distributed system is unable to avoid security problems due to the open internet environment. Mobile agent‐based e‐marketplaces are no exceptions. The purpose of this paper is to design and implement a framework and system of a secure and trustworthy mobile agent‐based e‐marketplace to overcome this problem.
Design/methodology/approach
The authors present an analysis and evaluation of a secure and trustworthy mobile agent‐based e‐marketplace, which was specified and prototyped. The experimental results of the implemented system are used to address the evaluation of the system. The discussion of the solution is also presented.
Findings
The evaluation and performance results show that the proposed framework and system have the ability to provide a secure and efficient e‐marketplace environment for trading products. The authors draw conclusions and highlight future work on this specific research area.
Originality/value
The performance and scalability are the two most important issues for mobile‐agent based systems together with their feasibility. The evaluation and performance results are used to reflect the results of the research in its entirety.
Details
Keywords
Ahmed Patel, Wei Qi and Christopher Wills
There is a need to provide secure and safe information security systems through the use of firewalls, intrusion detection and prevention systems, encryption, authentication, and…
Abstract
Purpose
There is a need to provide secure and safe information security systems through the use of firewalls, intrusion detection and prevention systems, encryption, authentication, and other hardware and software solutions. The purpose of this paper is therefore to propose a framework which includes safe, secure, trusted, and auditable services, as well as forensic mechanisms to provide audit trails for digital evidence of transactions and protection against malicious and illegal activities.
Design/methodology/approach
The paper reviews the literature as the foundation and knowledge base for the proposed framework and system of secure and trustworthy mobile agent (MA)‐based e‐marketplaces. It consists of the current state of the art taxonomy for the classified MA‐based frameworks for e‐marketplace trading, underlying supporting systems, e‐payment systems, and the essential issues related to auditable and digital forensic services.
Findings
The current knowledge shows that there is a serious lack of auditable and digital forensic services to make secure and trustworthy MA‐based e‐marketplaces systems. The paper draws conclusions and highlights further research work which is ongoing and new work that needs to be performed.
Originality/value
The paper perceives the needs to define the requirements for secure and trustworthy MA‐based e‐marketplaces and proposes a framework to design effective systems using the latest techniques and technologies.
Details
Keywords
Ahmed Patel, Ali Seyfi, Yiqi Tew and Ayman Jaradat
Grid computing, cloud computing (CC), utility computing and software as a service are emerging technologies predicted to result in massive consolidation as meta‐level computing…
Abstract
Purpose
Grid computing, cloud computing (CC), utility computing and software as a service are emerging technologies predicted to result in massive consolidation as meta‐level computing services of everything beneath one umbrella in the future. The purpose of this study is to foster the understanding and differentiation, by using the three aforementioned types of computing technologies and software, as a service by both public and private libraries to meet their expectations and strategic objectives.
Design/methodology/approach
The approach in this study is a review based on comparing the four computing technologies with a brief analysis for researching and designing the mind map of a new meta‐level computing service approach, taking into consideration the need for new economic tariff and pricing models as well as service‐level agreements.
Findings
Since it is anticipated that there will be likely potential consolidation and integration of computing services, a study of these four most advanced computing technologies and their methodologies is presented through their definition, characteristics, functionalities, advantages and disadvantages. This is a well‐timed technological advancement for libraries.
Practical implications
It appears that the future of library services will become even more integrated, running over CC platforms based on usage rather than just storage of data.
Social implications
Libraries will become an open useful resource to all and sundry in a global context, and that will have huge societal benefits never imagined before.
Originality/value
Concisely addresses the strategies, functional characteristics, advantages and disadvantages by comparing these technologies from several service aspects with a view to assisting in creating the next generation outer space computing.
Details
Keywords
Ahmed Patel, Qais Qassim and Christopher Wills
The problem of protecting information and data flows has existed from the very first day of information exchange. Various approaches have been devised to protect and transfer such…
Abstract
Purpose
The problem of protecting information and data flows has existed from the very first day of information exchange. Various approaches have been devised to protect and transfer such information securely. However, as technology and communications advance and information management systems become more and more powerful and distributed, the problem has taken on new and more complex dimensions and has become a major challenge. The widespread use of wired and wireless communication networks, internet, web applications and computing has increased the gravity of the problem. Organizations are totally dependent on reliable, secure and fault‐tolerant systems, communications, applications and information bases. Unfortunately, serious security and privacy breaches still occur every day, creating an absolute necessity to provide secure and safe information security systems through the use of firewalls, intrusion detection and prevention systems (ID/PSs), encryption, authentication and other hardware and software solutions. This paper aims to address these issues.
Design/methodology/approach
This survey presents an up‐to‐date comprehensive state of the art overview of ID/PSs based on risk analysis, a description of what ID/PSs are, the functions they serve, its two primary types and different methods of ID that may employ.
Findings
As security incidents are increasing and are more aggressive, ID/PSs have also become increasingly necessary, they compliment the arsenal of security measures, working in conjunction with other information security tools such as malware filters and firewalls. Because of a growing number of intrusion events and also because the internet and local networks together with user applications have become so ubiquitous, the need arises to use sophisticated advanced techniques from autonomic computing, machine learning, artificial intelligence and data mining to make intelligent/smart ID/PSs.
Originality/value
This paper perceives the requirements of developing a new detection mechanism to detect known and unknown threats, based on intelligent techniques such as machine learning and autonomic computing.
Details
Keywords
Vasilios Katos and Ahmed Patel
This paper aims to propose a tool to help policy makers understand the dynamic relationships between security and privacy on a strategic (macro) level.
Abstract
Purpose
This paper aims to propose a tool to help policy makers understand the dynamic relationships between security and privacy on a strategic (macro) level.
Design/methodology/approach
The methodology is ported from the discipline of Macroeconomics, and applied to the information security and privacy domain. The methodology adopted is the so‐called “cross methodology” which claims ownership of the well‐known supply/demand market equilibrium exercise.
Findings
Early evaluation reveals that this is a potentially very effective tool in understanding societal behaviour and position towards information security and privacy and therefore makes this a suitable tool for investigating and exploring scenarios that can assist in policy making.
Originality/value
Up to date, research on the economics of security and privacy has been primarily focusing on a micro level. The main contribution of this paper is a methodology for investigating privacy and security on a macro level. We believe that our approach in undertaking this research is new and looking at the issues and relationships between security and privacy at a macro level, gives a better understanding of the problems at hand and how to resolve them.
Practical implications
The proposed tool may increase the efficiency of policy making and planning as it enables the policy makers on a governmental and strategic level to run scenarios in order to investigate the effect of their decisions (for example, an introduction of a stricter law relating to computer misuse) to the delicate balance of security and privacy.
Details
Keywords
Ahmed Patel, Kaveh Bakhtiyari and Mona Taghavi
This paper aims to focus on plagiarism and the consequences of anti‐plagiarism services such as Turnitin.com, iThenticate, and PlagiarismDetect.com in detecting the most recent…
Abstract
Purpose
This paper aims to focus on plagiarism and the consequences of anti‐plagiarism services such as Turnitin.com, iThenticate, and PlagiarismDetect.com in detecting the most recent cheatings in academic and other writings.
Design/methodology/approach
The most important approach is plagiarism prevention and finding proper solutions for detecting more complex kinds of plagiarism through natural language processing and artificial intelligence self‐learning techniques.
Findings
The research shows that most of the anti‐plagiarism services can be cracked through different methods and artificial intelligence techniques can help to improve the performance of the detection procedure.
Research limitations/implications
Accessing entire data and plagiarism algorithms is not possible completely, so comparing is just based on the outputs from detection services. They may produce different results on the same inputs.
Practical implications
Academic papers and web pages are increasing over time, and it is very difficult to capture and compare documents with all available data on the network in an up to date manner.
Originality/value
As many students and researchers use the plagiarism techniques (e.g. PDF locking, ghost‐writers, dot replacement, online translators, previous works, fake bibliography) to cheat in academic writing, this paper is intended to prevent plagiarism and find suitable solutions for detecting more complex kinds of plagiarism. This should also be of grave concern to teachers and librarians to provide up to date/standard anti‐plagiarism services. The paper proposes some new solutions to overcome these problems and to create more resilient and intelligent future systems.
Details
Keywords
INDIA: Poll in Gujarat may dent opposition gravely