Search results

The purpose of this paper is to provide a new mentality of constructing the evaluation index system on national energy security, in favor of analyzing its influencing factors and coupling relations thoroughly.

The complex adaptive system (CAS) theory has provided one kind analysis method on modeling and simulation for question of the social economic system, which based on the adaptive agent and mutual interaction. In view of this, the authors' expect to use this kind of new research paradigm for reference, and construct the evaluation index systems on national energy security using the integration of CAS theory and pressure‐state‐response (PSR) conceptual model.

Constructs a set of compound index system of “six parallel layers, gradually converge, six layers three dimensions three degrees.”

The evaluation index system on national energy security is in the discussion stage at present, and the comparatively systematic or accepted index system has not been established. So the further study on influencing factors and measurement indicator system based on multi‐dimension of national energy security, is the emphasis of the continued further research.

Constructing the evaluation index system on national energy security integrating PSR conceptual model from the perspective CAS.

Divides the carrier of energy security problem's happening into three energy domains (non‐renewable energy), and introduces the theory and method of CAS to construct the agent layer to carry on the multi‐agent gambling analysis. Simultaneously separately analyses the coal security, the petroleum security as well as the natural gas security using the concept framework of PSR.

To take relative actions to cope with the threat which network finance information security now encounters by constructing controlling tactical and synergetic model.

It is practical to use the synergetic self‐organization theory to calculate the effects that the force of synergetic system of controlling tactics to financial information security makes on network financial system, and it is also practical to construct the synergetic model of controlling tactics to network financial information security on the basis of it.

Through applying synergetic analysis to controlling tactical system of network financial information security, it can be found out that controlling tactical system is an open system which changes from disorder to order and which keeps away from a balancing state. As an opening system, controlling tactics are interacting with outside from now and then.

Network financial information security takes on dynamics, relativity, integrity and complexity. Accessibility of data is the main limitations which model will be applied.

From the view of network financial information security, constructing controlling tactical and synergetic model of information security are explained.

Network finance is orientated as a special social and economic system. The author does analysis on the network financial system, and expounds order parameters and model of network financial system.

Presents a young person’s view of the threats and security measures to deal with sensitive information in today’s constantly changing technological environment. Promotes the implementation of proactive security and warns of the problems caused by converging business markets and technologies. Discusses security policy, privacy, security logs, encryption, virus attacks, Internet concerns, firewalls and auditing. Outlines the work of the Computer Emergency Response Team and the Computer Incident Advisory Capability in the USA.

The purpose of this study is to increase awareness of current supply chain (SC) security-related issues by providing an extensive analysis of existing SC security solutions and their limitations. The security of SCs has received increasing attention from researchers, due to the emerging risks associated with their distributed nature. The increase in risk in SCs comes from threats that are inherently similar regardless of the type of SC, thus, requiring similar defence mechanisms. Being able to identify the types of threats will help developers to build effective defences.

In this work, we provide an analysis of the threats, possible attacks and traceability solutions for SCs, and highlight outstanding problems. Through a comprehensive literature review (2015–2021), we analysed various SC security solutions, focussing on tracking solutions. In particular, we focus on three types of SCs: digital, food and pharmaceutical that are considered prime targets for cyberattacks. We introduce a systematic categorization of threats and discuss emerging solutions for prevention and mitigation.

Our study shows that the current traceability solutions for SC systems do not offer a broadened security analysis and fail to provide extensive protection against cyberattacks. Furthermore, global SCs face common challenges, as there are still unresolved issues, especially those related to the increasing SC complexity and interconnectivity, where cyberattacks are spread across suppliers.

This is the first time that a systematic categorization of general threats for SC is made based on an existing threat model for hardware SC.

Looks at the growth and potential of the Internet in relation to security issues. Presently, lack of security is perceived as a major roadblock to doing business on‐line. Risks of system corruption, fraud, theft and viruses point companies to the need for enhanced security. Investigates the importance of securing a company’s systems, its individual users, and its commercial transactions, and provides a checklist along with a brief discussion of available protection measures for these three primary security concerns.

Since the emergence of the Internet in the twentieth century and the rapid growth of different types of information technologies (IT), our lives, either personal or professional, have become digitised. Adoption and diffusion of IT enhance individuals and organisational performance, yet scholars discovered a dual nature of IT in which IT usage may have negative aspects too. First, the inability to cope with IT in a healthy manner creates stress in users, termed technostress. Second, digitisation and adoption of new technologies (e.g. IoT and multi-cloud environments) have increased vulnerabilities to information security (InfoSec) threats. Although organisations utilise counteraction strategies (e.g., security systems, security policies), end-users remain the top source of security incidents. Existing behavioural research has approached technostress and InfoSec independently. However, it is not clear how technology-stressors influence employees’ security-related behaviours. This chapter reviews the interaction effect of these concepts in detail by proposing a conceptual model that explains that technostress is the main reason for employees’ non-compliance with security policies in which users with high-level perceptions of technostress are more likely to violate InfoSec policies. Counteraction strategies to mitigate technostress and security threats are also discussed.

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

Information systems' security is more critical than ever before since security threats are rapidly growing. Before putting in place information systems' security measures, organizations are required to determine the maturity level of their information security governance. Literature review reveals that there is no recent study on information systems' security maturity level of banks in Ethiopia. This study thus seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators.

Four private banks are selected as a representative sample. The system security engineering capability maturity model (SSE-CMM) is used as the maturity measurement criteria, and the measurement was based on ISO/IEC 27001 information security control areas. The data for the study were gathered using a questionnaire.

A total of 93 valid questionnaires were gathered from 110 participants in the study. Based on the SSE-CMM maturity model assessment criteria the private banking industry's current maturity level is level 2 (repeatable but intuitive). Institutions have a pattern that is repeated when completing information security operations but its existence was not thoroughly proven and institutional inconsistency still exists.

This study seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators. This topic has not been attempted previously in the context of Ethiopian financial sector.

Nowadays, to design the information security mechanism for computing and communication systems, there are various approaches available like cryptographic approach, game-theoretic approach, quantitative–qualitative analysis-based approach, cognitive-behavioral approach, digital forensic-based approach and swarm computing-based approach. The contemporary research in these various fields is independent in nature. The purpose of this paper is to investigate the relationship between these various approaches to information security and cybernetics.

To investigate the relationship between information security mechanisms and cybernetics, Norbert Wiener’s concepts and philosophy of the cybernetics have been used in the present work. For a detailed study, concepts, techniques and philosophy of the cybernetics have been extracted from the books of Norbert Wiener titled “The human use of human beings” and “Cybernetics or control and communication in the animal and the machine”.

By revisiting the concepts of the cybernetics from the information security perspectives, it has been found that the aspects of information security and the aspects of cybernetics have great bonding.

The present paper demonstrates how bonding between cybernetics and information security can be used to solve some of the complex research challenges in information security area.

The paper seeks to provide a foundational understanding of the socio‐technical system that is computer network intrusion detection, including the nature of the knowledge work, situated expertise, and processes of learning as supported by information technology.

The authors conducted a field study to explore the work of computer network intrusion detection using multiple data collection methods, including semi‐structured interviews, examination of security tools and resources, analysis of information security mailing list posts, and attendance at several domain‐specific user group meetings.

The work practice of intrusion detection analysts involves both domain expertise of networking and security and a high degree of situated expertise and problem‐solving activities that are not predefined and evolve with the dynamically changing context of the analyst's environment. This paper highlights the learning process needed to acquire these two types of knowledge, contrasting this work practice with that of computer systems administrators.

The research establishes a baseline for future research into the domain and practice of intrusion detection, and, more broadly, information security.

The results presented here provide a critical examination of current security practices that will be useful to developers of intrusion detection support tools, information security training programs, information security management, and for practitioners themselves.

There has been no research examining the work or expertise development processes specific to the increasingly important information security practice of intrusion detection. The paper provides a foundation for future research into understanding this highly complex, dynamic work.