Search results

The purpose of this paper is to propose a framework for security controls automation, in order to achieve greater efficiency and reduce the complexity of information security management.

This research reviewed the controls recommended by well known standards such as ISO/IEC 27001 and NIST SP 800‐53; and identified security controls that can be automated by existing hard‐and software tools. The research also analyzed the Security Information and Event Management (SIEM) technology and proposed a SIEM‐based framework for security controls automation, taking into account the automation potential of SIEM systems and their integration possibilities with several security tools.

About 30 per cent of information security controls can be automated and they were grouped in a list of ten automatable security controls. A SIEM‐based framework can be used for centralized and integrated management of the ten automatable security controls.

By implementing the proposed framework and therefore automating as many security controls as possible, organizations will achieve more efficiency in information security management, reducing also the complexity of this process. This research may also be useful for SIEM vendors, in order to include more functionality to their products and provide a maximum of security controls automation within SIEM platforms.

This paper delimits the boundaries of information security automation and defines what automation means for each security control. A novel framework for security controls automation is proposed. This research provides an automation concept that goes beyond what it is normally described in previous works and SIEM solutions.

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of security governance controls by organizations. The purpose of this paper, thus, is to construct and empirically validate an information security governance (ISG) process model through the plan–do–check–act (PDCA) cycle model of Deming.

This descriptive research using an interpretive paradigm follows a qualitative methodology using expert interviews of five respondents working in the ISG domain in United Arab Emirates (UAE) to validate the theoretical model.

The findings of this paper suggest the primacy of the PDCA Deming cycle for initiating ISG through a risk-based approach assisted by industry-wide best practices in ISG. Regarding selection of ISG frameworks, respondents preferred to have ISO 27K supported by NIST as the core framework with other relevant ISG frameworks/standards forming the peripheral layer. The implementation focus of the ISG model is on mapping ISO 27K/NIST IT controls relevant IT controls selected from ISG frameworks from a horizontal and vertical perspective. Respondents asserted the automation of measurement and control mechanism through automation to assist in the feedback loop of the PDCA cycle.

The validated model helps academics and practitioners gain insight into the methodology of the phased implementation of an information systems governance process through the PDCA model, as well as the positioning of ITG and ITG frameworks in ISG. Practitioners can glean valuable insights from the empirical section of the research where experts detail the success factors, the sequential steps and justification of these factors in the ISG implementation process.

The new technology of RF‐ID, intelligent tagging, has become widespread in some industries such as distribution and baggage handling, and is set to dominate retail security in the near future. Library security and automation are tailor‐made applications for it which are ready to roll. What is it and what does it mean for Librarians?

Introduction: Digitalization has become crucial in our daily lives. The rapid rise of new technologies and high interest levels of individuals enforces companies to invest in these technologies. Nowadays, as customers are willing to try new experiences, companies dynamically start to find new ways to develop their products and services. One of the most popular technologies used by companies to improve their services is the Internet of Things (IoT) technologies. Education, health, transportation, retail, and energy are some of the industries in which the IoT is frequently being used. As security concerns of individuals arose and willingness to remote control increases, innovative and technological projects with IoT applications are engaged in the construction and real estate sector.

Aim: The purpose of this chapter is to explore IoT applications within the new generation smart home systems. In this framework, the effect of IoT technologies on architectural structure of the smart home and operating systems as well as IoT and mobile-supported customer-focused applications and difficulties are analyzed.

Method: The study is designed as an exploratory study. The data are obtained from face-to-face interviews with companies operating on technology-based commercial and residential projects. Descriptive analysis method is used to analyze data. Sample selection was carried out by the judicial sampling technique.

Findings: The results showed that smart home systems offer several customer-oriented experiences to their users like personalized accessibility, comfort, time control, and energy savings. Wired and wireless communication protocols are included in the architecture of the system. Linux core software-based Android and iOS operating systems are used in order to enhance personal accessibility. However, some difficulties are noticed in the sector. Lack of information and internet infrastructure of companies that install electrical set-up are mentioned. Contractors, after sales service support, and customer-oriented applications are evaluated.

Presents an innovation in surveys and consulting activities in the performance evaluation of work environments in Brazilian cities such as São Paulo and Rio de Janeiro by means of selected and specific examples in the financial sector. Large office buildings, as intelligent enterprises, are still in need of efficient tools for quality control of production processes, use, operation and maintenance, besides the concerns for diverse agents involved in this design with aspects such as advanced technology, automation and security. Two case studies have been chosen in the financial sector – one of the fastest growing service sectors in large Latin American cities – where methods and evaluation techniques were applied, with a focus not only on technological aspects, but also on the collection of functional parameters and indicators of occupation, security and automation, which is aimed at productivity and satisfaction for the users and occupants of these office buildings.

The security of applications, systems and networks has always been the source of great concern for both enterprises and common users. Different security tools like intrusion detection system/intrusion prevention system and firewalls are available that provide preventive security to the enterprise networks. However, security information and event management (SIEM) systems use these tools in combination to collect events from diverse data sources across the network. SIEM is a proactive tool that processes the events to present a unified security view of the whole network at one location. SIEM system has, therefore, become an essential component of an enterprise network security architecture. However, from various options available, the selection of a suitable and cost-effective open source SIEM solution that can effectively meet most of the security requirements of small-to-medium-sized enterprises (SMEs) is not simple because of the lack of strong analysis.

In this work, the authors first review the security challenges faced by different SME sectors and then consider a comprehensive comparative analysis of the capabilities of well-known open source SIEM solutions. Based on this, the authors provide requirements based recommendations of open source SIEM solutions for SMEs. This paper aims to provide a valuable resource that can be referred to by SMEs for the selection of a SIEM system best suited to their organization’s security posture.

Security requirements of SMEs vary according to their network infrastructure; therefore, every open source SIEM solution would not be suitable for an SME. Selection of a SIEM solution from available open source solutions based upon the security requirements of an SME network is a critical task. Therefore, in this work, a meaningful insight for the selection of an appropriate SIEM solution for SMEs is provided.

Major contribution of this work is the mapping of the security requirements of the SME sectors under consideration, against the open source SIEM options to provide meaningful insight for SMEs in the selection of an appropriate solution.

The purpose of this paper is to support the implementation of safety and security guidelines in the Norwegian oil and gas industry and verify the actual use of the guidelines by industry and authorities.

An action research approach was used, exploring organisational learning as described by Argyris and Schon and by Nonaka and Takeuchi as “The knowledge‐creating company.” Interviews (analysis of interviews), workshops and reviews of guidelines and audits were performed in addition to “learning workshops” trying to create understanding and compliance related to the guidelines among industry and authorities.

The guideline OLF104 is used in the Norwegian oil and gas industry, by operators and by suppliers and checked through audits. However, the guideline should influence working procedures at operators more. The guideline seems to have improved resilience.

The impact of the guideline on safety and security should be more systematically assessed. It is suggested that improvement of experience and knowledge related to safety, security and resilience of distributed control systems could improve the guidelines.

The paper shows that there is improved awareness, safety, security and resilience when process control systems are integrated with ICT systems.

The contribution of the paper is the exploration of a broad‐based action‐based approach, involving key stakeholders in a structured manner, to improve practices and facilitate implementation of safety and security guidelines. The contribution is also an empirical documentation of the implementation of key issues of security and safety in guidelines between two different areas of competence, ICT and process control. The paper will be of interest to the key stakeholders: the industry, authorities and the media.

Artificial intelligence (AI) has become an input to the production of goods and services. Therefore, a general question is there that “How the labor hour/human resource will be replaced by the artificial intelligence?” To answer this question, the paper considers that both AI and the human resources (HR) are the inputs to the firm and explains the choice between the two with reference to the customer relationship management. The paper derives the individual firms and the industry demand functions of the AI and the HR when both are present in the production of the identical or closely related goods and services. Moreover, the paper also shows the strategic behavior of an individual firm with the industry in selecting the AI and the HR. It has been shown that the individual firm's choice in the industry depends on the choice of the industry leader. The paper explains the supermodular game between the firms in an industry.

Game theory, industrial organization and non-convexity theories have been used in this paper to identify the choice between the HR and the AI in the customer relationship management.

The paper explains analytically the preference and demand for AI in the industry. Individual firm's strategic behavior and decision on choosing AI and the industry equilibrium have been studied logically. Moreover, the paper gives some light on the question of employment in presence of AI. The paper proves that in the presence of AI, labor demand will not be reduced but both will be used.

This work proves for the first time using some logical derivation that AI will not crowd out labor from the market. Moreover, to run AI, labor should also be used. It has been proved that to complete a job with speed and quality, both AI and HR are to be used.