Search results
1 – 10 of over 102000Fang Shuqiong, Yang Baoan and Yu Yin
The purpose of this paper is to provide a new mentality of constructing the evaluation index system on national energy security, in favor of analyzing its influencing factors and…
Abstract
Purpose
The purpose of this paper is to provide a new mentality of constructing the evaluation index system on national energy security, in favor of analyzing its influencing factors and coupling relations thoroughly.
Design/methodology/approach
The complex adaptive system (CAS) theory has provided one kind analysis method on modeling and simulation for question of the social economic system, which based on the adaptive agent and mutual interaction. In view of this, the authors' expect to use this kind of new research paradigm for reference, and construct the evaluation index systems on national energy security using the integration of CAS theory and pressure‐state‐response (PSR) conceptual model.
Findings
Constructs a set of compound index system of “six parallel layers, gradually converge, six layers three dimensions three degrees.”
Research limitations/implications
The evaluation index system on national energy security is in the discussion stage at present, and the comparatively systematic or accepted index system has not been established. So the further study on influencing factors and measurement indicator system based on multi‐dimension of national energy security, is the emphasis of the continued further research.
Practical implications
Constructing the evaluation index system on national energy security integrating PSR conceptual model from the perspective CAS.
Originality/value
Divides the carrier of energy security problem's happening into three energy domains (non‐renewable energy), and introduces the theory and method of CAS to construct the agent layer to carry on the multi‐agent gambling analysis. Simultaneously separately analyses the coal security, the petroleum security as well as the natural gas security using the concept framework of PSR.
Details
Keywords
Xiangzhao Huang, Hu Wan and Hongtao Zhou
To take relative actions to cope with the threat which network finance information security now encounters by constructing controlling tactical and synergetic model.
Abstract
Purpose
To take relative actions to cope with the threat which network finance information security now encounters by constructing controlling tactical and synergetic model.
Design/methodology/approach
It is practical to use the synergetic self‐organization theory to calculate the effects that the force of synergetic system of controlling tactics to financial information security makes on network financial system, and it is also practical to construct the synergetic model of controlling tactics to network financial information security on the basis of it.
Findings
Through applying synergetic analysis to controlling tactical system of network financial information security, it can be found out that controlling tactical system is an open system which changes from disorder to order and which keeps away from a balancing state. As an opening system, controlling tactics are interacting with outside from now and then.
Research limitations/implications
Network financial information security takes on dynamics, relativity, integrity and complexity. Accessibility of data is the main limitations which model will be applied.
Practical implications
From the view of network financial information security, constructing controlling tactical and synergetic model of information security are explained.
Originality/value
Network finance is orientated as a special social and economic system. The author does analysis on the network financial system, and expounds order parameters and model of network financial system.
Details
Keywords
Ethan Sanderson and Karen A. Forcht
Presents a young person’s view of the threats and security measures to deal with sensitive information in today’s constantly changing technological environment. Promotes the…
Abstract
Presents a young person’s view of the threats and security measures to deal with sensitive information in today’s constantly changing technological environment. Promotes the implementation of proactive security and warns of the problems caused by converging business markets and technologies. Discusses security policy, privacy, security logs, encryption, virus attacks, Internet concerns, firewalls and auditing. Outlines the work of the Computer Emergency Response Team and the Computer Incident Advisory Capability in the USA.
Details
Keywords
Betul Gokkaya, Erisa Karafili, Leonardo Aniello and Basel Halak
The purpose of this study is to increase awareness of current supply chain (SC) security-related issues by providing an extensive analysis of existing SC security solutions and…
Abstract
Purpose
The purpose of this study is to increase awareness of current supply chain (SC) security-related issues by providing an extensive analysis of existing SC security solutions and their limitations. The security of SCs has received increasing attention from researchers, due to the emerging risks associated with their distributed nature. The increase in risk in SCs comes from threats that are inherently similar regardless of the type of SC, thus, requiring similar defence mechanisms. Being able to identify the types of threats will help developers to build effective defences.
Design/methodology/approach
In this work, we provide an analysis of the threats, possible attacks and traceability solutions for SCs, and highlight outstanding problems. Through a comprehensive literature review (2015–2021), we analysed various SC security solutions, focussing on tracking solutions. In particular, we focus on three types of SCs: digital, food and pharmaceutical that are considered prime targets for cyberattacks. We introduce a systematic categorization of threats and discuss emerging solutions for prevention and mitigation.
Findings
Our study shows that the current traceability solutions for SC systems do not offer a broadened security analysis and fail to provide extensive protection against cyberattacks. Furthermore, global SCs face common challenges, as there are still unresolved issues, especially those related to the increasing SC complexity and interconnectivity, where cyberattacks are spread across suppliers.
Originality/value
This is the first time that a systematic categorization of general threats for SC is made based on an existing threat model for hardware SC.
Details
Keywords
Alicia Aldridge, Michele White and Karen Forcht
Looks at the growth and potential of the Internet in relation to security issues. Presently, lack of security is perceived as a major roadblock to doing business on‐line. Risks of…
Abstract
Looks at the growth and potential of the Internet in relation to security issues. Presently, lack of security is perceived as a major roadblock to doing business on‐line. Risks of system corruption, fraud, theft and viruses point companies to the need for enhanced security. Investigates the importance of securing a company’s systems, its individual users, and its commercial transactions, and provides a checklist along with a brief discussion of available protection measures for these three primary security concerns.
Details
Keywords
Forough Nasirpouri Shadbad and David Biros
Since the emergence of the Internet in the twentieth century and the rapid growth of different types of information technologies (IT), our lives, either personal or professional…
Abstract
Since the emergence of the Internet in the twentieth century and the rapid growth of different types of information technologies (IT), our lives, either personal or professional, have become digitised. Adoption and diffusion of IT enhance individuals and organisational performance, yet scholars discovered a dual nature of IT in which IT usage may have negative aspects too. First, the inability to cope with IT in a healthy manner creates stress in users, termed technostress. Second, digitisation and adoption of new technologies (e.g. IoT and multi-cloud environments) have increased vulnerabilities to information security (InfoSec) threats. Although organisations utilise counteraction strategies (e.g., security systems, security policies), end-users remain the top source of security incidents. Existing behavioural research has approached technostress and InfoSec independently. However, it is not clear how technology-stressors influence employees’ security-related behaviours. This chapter reviews the interaction effect of these concepts in detail by proposing a conceptual model that explains that technostress is the main reason for employees’ non-compliance with security policies in which users with high-level perceptions of technostress are more likely to violate InfoSec policies. Counteraction strategies to mitigate technostress and security threats are also discussed.
Details
Keywords
Eylem Thron, Shamal Faily, Huseyin Dogan and Martin Freer
Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at…
Abstract
Purpose
Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.
Design/methodology/approach
Overall, 26 interviews were conducted with 21 participants from industry and academia.
Findings
The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.
Originality/value
The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.
Details
Keywords
Tadele Shimels and Lemma Lessa
Information systems' security is more critical than ever before since security threats are rapidly growing. Before putting in place information systems' security measures…
Abstract
Purpose
Information systems' security is more critical than ever before since security threats are rapidly growing. Before putting in place information systems' security measures, organizations are required to determine the maturity level of their information security governance. Literature review reveals that there is no recent study on information systems' security maturity level of banks in Ethiopia. This study thus seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators.
Design/methodology/approach
Four private banks are selected as a representative sample. The system security engineering capability maturity model (SSE-CMM) is used as the maturity measurement criteria, and the measurement was based on ISO/IEC 27001 information security control areas. The data for the study were gathered using a questionnaire.
Findings
A total of 93 valid questionnaires were gathered from 110 participants in the study. Based on the SSE-CMM maturity model assessment criteria the private banking industry's current maturity level is level 2 (repeatable but intuitive). Institutions have a pattern that is repeated when completing information security operations but its existence was not thoroughly proven and institutional inconsistency still exists.
Originality/value
This study seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators. This topic has not been attempted previously in the context of Ethiopian financial sector.
Details
Keywords
Kushal Anjaria and Arun Mishra
Nowadays, to design the information security mechanism for computing and communication systems, there are various approaches available like cryptographic approach, game-theoretic…
Abstract
Purpose
Nowadays, to design the information security mechanism for computing and communication systems, there are various approaches available like cryptographic approach, game-theoretic approach, quantitative–qualitative analysis-based approach, cognitive-behavioral approach, digital forensic-based approach and swarm computing-based approach. The contemporary research in these various fields is independent in nature. The purpose of this paper is to investigate the relationship between these various approaches to information security and cybernetics.
Design/methodology/approach
To investigate the relationship between information security mechanisms and cybernetics, Norbert Wiener’s concepts and philosophy of the cybernetics have been used in the present work. For a detailed study, concepts, techniques and philosophy of the cybernetics have been extracted from the books of Norbert Wiener titled “The human use of human beings” and “Cybernetics or control and communication in the animal and the machine”.
Findings
By revisiting the concepts of the cybernetics from the information security perspectives, it has been found that the aspects of information security and the aspects of cybernetics have great bonding.
Originality/value
The present paper demonstrates how bonding between cybernetics and information security can be used to solve some of the complex research challenges in information security area.
Details
Keywords
John R. Goodall, Wayne G. Lutters and Anita Komlodi
The paper seeks to provide a foundational understanding of the socio‐technical system that is computer network intrusion detection, including the nature of the knowledge work…
Abstract
Purpose
The paper seeks to provide a foundational understanding of the socio‐technical system that is computer network intrusion detection, including the nature of the knowledge work, situated expertise, and processes of learning as supported by information technology.
Design/methodology/approach
The authors conducted a field study to explore the work of computer network intrusion detection using multiple data collection methods, including semi‐structured interviews, examination of security tools and resources, analysis of information security mailing list posts, and attendance at several domain‐specific user group meetings.
Findings
The work practice of intrusion detection analysts involves both domain expertise of networking and security and a high degree of situated expertise and problem‐solving activities that are not predefined and evolve with the dynamically changing context of the analyst's environment. This paper highlights the learning process needed to acquire these two types of knowledge, contrasting this work practice with that of computer systems administrators.
Research limitations/implications
The research establishes a baseline for future research into the domain and practice of intrusion detection, and, more broadly, information security.
Practical implications
The results presented here provide a critical examination of current security practices that will be useful to developers of intrusion detection support tools, information security training programs, information security management, and for practitioners themselves.
Originality/value
There has been no research examining the work or expertise development processes specific to the increasingly important information security practice of intrusion detection. The paper provides a foundation for future research into understanding this highly complex, dynamic work.
Details