Search results

The increasing reliance of organisations on information systems connected to or extending over open data networks has established information security as a critical success factor for modern organisations. Risk analysis appears to be the predominant methodology for the introduction of security in information systems (IS). However, risk analysis is based on a very simple model of IS as consisting of assets, mainly data, hardware and software, which are vulnerable to various threats. Thus, risk analysis cannot provide for an understanding of the organisational environment in which IS operate. We believe that a comprehensive methodology for information systems security analysis and design (IS‐SAD) should incorporate both risk analysis and organisational analysis, based on business process modelling (BPM) techniques. This paper examines the possible contribution of BPM techniques to IS‐SAD and identifies the conceptual and methodological requirements for a technique to be used in this context. Based on these requirements, several BPM techniques have been reviewed. The review reveals the need for either adapting and combining current techniques or developing new, specialised ones.

In a risk analysis system, different underlying indices often play different roles in identifying the risk scale of the total target in a system, so a concept of discriminatory weight is introduced first. With the help of discriminatory weight and membership functions, a new method for information security risk analysis is proposed. The purpose of this paper is to discuss the above issues.

First, a concept of discriminatory weight is introduced. Second, with the help of fuzzy sets, risk scales are captured in terms of fuzzy sets (namely their membership functions). Third, a new risk analysis method involving discriminatory weights is proposed to realize a transformation from the membership degrees of the underlying indices to the membership degrees of the total target. At last, an example of information security risk analysis shows the effectiveness and feasibleness of the new method.

The new method generalizes the weighted-average method. The comparative analysis done with respect to other two methods show that the proposed method exhibits higher classification accuracy. Therefore, the proposed method can be applied to other risk analysis system with a hierarchial.

This paper proposes a new method for information security risk analysis with the help of membership functions and the concept of discriminatory weight. The new method generalizes the weighted-average method. Comparative analysis done with respect to other two methods show that the proposed method exhibits higher classification accuracy in E-government information security system. What is more, the proposed method can be applied to other risk analysis system with a hierarchial.

The purpose of this study is to increase awareness of current supply chain (SC) security-related issues by providing an extensive analysis of existing SC security solutions and their limitations. The security of SCs has received increasing attention from researchers, due to the emerging risks associated with their distributed nature. The increase in risk in SCs comes from threats that are inherently similar regardless of the type of SC, thus, requiring similar defence mechanisms. Being able to identify the types of threats will help developers to build effective defences.

In this work, we provide an analysis of the threats, possible attacks and traceability solutions for SCs, and highlight outstanding problems. Through a comprehensive literature review (2015–2021), we analysed various SC security solutions, focussing on tracking solutions. In particular, we focus on three types of SCs: digital, food and pharmaceutical that are considered prime targets for cyberattacks. We introduce a systematic categorization of threats and discuss emerging solutions for prevention and mitigation.

Our study shows that the current traceability solutions for SC systems do not offer a broadened security analysis and fail to provide extensive protection against cyberattacks. Furthermore, global SCs face common challenges, as there are still unresolved issues, especially those related to the increasing SC complexity and interconnectivity, where cyberattacks are spread across suppliers.

This is the first time that a systematic categorization of general threats for SC is made based on an existing threat model for hardware SC.

Alongside the remarkable evolution of cellular communication to 5G networks, significant security and privacy challenges have risen which can affect the widespread adoption of advanced communication technologies. In this context, the purpose of this paper is to examine research within security and privacy for 5G-based systems highlighting contributions made by the research community and identify research trends within different subdomains of 5G security where open issues still exist.

This paper uses a bibliographic approach to review the state-of-the-art in the field of 5G security and is the pioneering effort to investigate 5G security research using this methodology. Specifically, the paper presents a quantitative description of the existing contributions in terms of authors, organizations, and countries. It then presents detailed keyword and co-citation analysis that shows the quantity and pattern of research work in different subfields. Finally, 5G security areas are identified having open challenges for future research work.

The study shows that China leads the world in terms of published research in the field of 5G security with USA and India ranked second and third respectively. Xidian University, China is ranked highest for number of publications and h-index followed by University Oulu and AALTO University Finland. IEEE Access, Sensors and IEEE Internet of Things Journal are the top publication venues in the field of 5G security. Using VOSViewer aided analysis with respect to productivity, research areas and keywords, the authors have identified research trends in 5G security among scientific community whilst highlighting specific challenges which require further efforts.

Existing studies have focused on surveys covering state-of-the art research in secure 5G network (Zhang et al. 2019), physical layer security (Wu et al., 2018), security and privacy of 5G technologies (Khan et al., 2020) and security and privacy challenges when 5G is used in IoT (Sicari et al. 2020). However, our research has revealed no existing bibliometric studies in this area and therefore, to our best knowledge, this paper represents pioneering such effort for security within 5G.

The purpose of this paper is to investigate the lemming effect as a possible cause for the privacy paradox in information security.

Behavioural threshold analysis is used to test for the presence of the lemming effect in information security behaviour. Paradoxical behaviour may be caused by the influential nature of the lemming effect. The lemming effect is presented as a possible cause of the privacy paradox.

The behavioural threshold analysis indicates that the lemming effect is indeed present in information security behaviour and may lead to paradoxical information security behaviour.

The analysis of the lemming effect can be used to assist companies in understanding the way employees influence each other in their behaviour in terms of security. By identifying possible problem areas, this approach can also assist in directing their information security education endeavours towards the most relevant topics.

This research describes the first investigation of the lemming effect in information security by means of behavioural threshold analysis in practice.

Within critical-infrastructure industries, bow-tie analysis is an established way of eliciting requirements for safety and reliability concerns. Because of the ever-increasing digitalisation and coupling between the cyber and physical world, security has become an additional concern in these industries. The purpose of this paper is to evaluate how well bow-tie analysis performs in the context of security, and the study’s hypothesis is that the bow-tie notation has a suitable expressiveness for security and safety.

This study uses a formal, controlled quasi-experiment on two sample populations – security experts and security graduate students – working on the same case. As a basis for comparison, the authors used a similar experiment with misuse case analysis, a well-known technique for graphical security modelling.

The results show that the collective group of graduate students, inexperienced in security modelling, perform similarly as security experts in a well-defined scope and familiar target system/situation. The students showed great creativity, covering most of the same threats and consequences as the experts identified and discovering additional ones. One notable difference was that these naïve professionals tend to focus on preventive barriers, leading to requirements for risk mitigation or avoidance, while experienced professionals seem to balance this more with reactive barriers and requirements for incident management.

Our results are useful in areas where we need to evaluate safety and security concerns together, especially for domains that have experience in health, safety and environmental hazards, but now need to expand this with cybersecurity as well.

This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time, the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error.

This paper analyses recent published incidents and breaches to establish the proportions of human error and where possible subsequently uses the HEART (human error assessment and reduction technique) human reliability analysis technique, which is established within the safety field.

This analysis provides an understanding of the proportions of incidents and breaches that relate to human error, as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field.

This research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches to understand the proportions that relate to human error.

The purpose of this study is to develop the Counterintelligence Strategy as a conceptual document in the field of state security of Ukraine, identifying current security threats to Ukraine, which global landscape has been significantly transformed since the adoption of the Law of Ukraine “On Counterintelligence”, is substantiated. It is proved that the provisions of such Strategy should determine the current and projected counterintelligence environment via a set of the following elements. The nature of real and potential threats in the process of implementing state foreign and domestic policy course determined by Ukraine. Sources of such threats (individual states and their intelligence agencies, terrorist organizations, transnational organized crime, etc.). Features of the identified encroachment objects of foreign intelligence agencies, terrorist and other criminal organizations, including transnational ones. Long time strategy treats like COVID-19 pandemic.

During the past decades of the XXI century, intelligence has become a crucial tool in the system of determining and implementing the foreign policy in international relations. Modern realities confirm that this political and legal phenomenon directly affects the formation of the foreign policy course of any state, the development of its geopolitical strategy and defense doctrine. Possessing a powerful apparatus for obtaining primary information, fulfillment of government orders for monitoring, evaluation, analysis, forecasting and modeling of possible scenarios of global- or regional-scale events and processes, special services take an active part in perspective and current foreign and domestic policy implementation.

Thus, based on the state security paradigm, which cannot be defined in the absence of threats and ensured by their complete elimination, since negative factors for state security objects will always exist, the ensuring of its development requires first of all creation of the conditions under which threats will not be able to limit its development. That is why it is necessary not only to minimize the impact of such factors on vulnerable objects, but also to create a certain “immunity” to their impact, i.e. the ability of the state security system to function effectively in spite of the negative impact. Thus, maintaining the ability to function in terms of the existing threats is the most important area of practical activity for the state security protection, as well as ensuring the legitimate interests of the state.

During the paper decades of the XXI century, intelligence has become a crucial tool in the system of determining and implementing the foreign policy in international relations. Modern realities confirm that this political and legal phenomenon directly affects the formation of the foreign policy course of any state, the development of its geopolitical strategy and defense doctrine. Possessing a powerful apparatus for obtaining primary information, fulfillment of government orders for monitoring, evaluation, analysis, forecasting and modeling of possible scenarios of global- or regional-scale events and processes, special services take an active part in perspective and current foreign and domestic policy implementation.

This article presents two Brazilian Portuguese corpora collected from different media concerning public security issues in a specific location. The primary motivation is supporting analyses, so security authorities can make appropriate decisions about their actions.

The corpora were obtained through web scraping from a newspaper's website and tweets from a Brazilian metropolitan region. Natural language processing was applied considering: text cleaning, lemmatization, summarization, part-of-speech and dependencies parsing, named entities recognition, and topic modeling.

Several results were obtained based on the methodology used, highlighting some: an example of a summarization using an automated process; dependency parsing; the most common topics in each corpus; the forty named entities and the most common slogans were extracted, highlighting those linked to public security.

Some critical tasks were identified for the research perspective, related to the applied methodology: the treatment of noise from obtaining news on their source websites, passing through textual elements quite present in social network posts such as abbreviations, emojis/emoticons, and even writing errors; the treatment of subjectivity, to eliminate noise from irony and sarcasm; the search for authentic news of issues within the target domain. All these tasks aim to improve the process to enable interested authorities to perform accurate analyses.

The corpora dedicated to the public security domain enable several analyses, such as mining public opinion on security actions in a given location; understanding criminals' behaviors reported in the news or even on social networks and drawing their attitudes timeline; detecting movements that may cause damage to public property and people welfare through texts from social networks; extracting the history and repercussions of police actions, crossing news with records on social networks; among many other possibilities.

The work on behalf of the corpora reported in this text represents one of the first initiatives to create textual bases in Portuguese, dedicated to Brazil's specific public security domain.

The recent high food price and volatility, as well as economic recession, have reversed the last decade's progress in reducing hunger and poverty. This aim of this paper is to conduct a factor and sequential typology analysis to identify groups of countries categorized according to five measures of food security.

The recent high food price and volatility, as well as economic recession, have reversed the last decade's progress in reducing hunger and poverty. This paper conducts a factor and sequential typology analysis to identify groups of countries categorized according to five measures of food security – consumption, production, imports, distribution, and agricultural potential – by using indicators from 175 countries. The analysis first identifies five distinct food security groups, measured by the levels of nutrient intake, and then further splits these groups based on indicators of food production, trade security, and agricultural potential.

The results suggest that the terms of “developing country” or “low income country” can be inaccurate in the discussion of food security because they are too general and can actually mask the extreme heterogeneity in different aspects of food security. The results also indicate that different responses are needed by different types of food‐insecure countries to address their unique food and economic challenges.

The typology of food security and linkage between agricultural potential and food security contribute to a better understanding of the effectiveness of different policy interventions under a country's unique conditions.