An Algorithm Design to Evaluate the Security Level of an Information System

The accuracy of the existing security situation assessment model of information system for smart mobile devices is affected by expert evaluation preferences. This paper proposes an information system security situation assessment model for smart mobile devices, which is based on the modified interval matrix-entropy weight-based cloud (MIMEC). According to the security situation assessment index system, the interval judgment matrix reflecting the relative importance of different indexes is modified to improve the objectivity of the index layer weight vector. Then, the entropy weight-based cloud is used to quantify the criterion layer and the target layer security situation index, and the security level of the system is graded. The evaluation experiment on the departure control system for smart mobile devices not only verify the validity of this model but also demonstrate that this model has higher stability and reliability than other models.

Download Full-text

Analisis Keamanan Sistem Informasi Berbasis Website Dengan Metode Open Web Application Security Project (OWASP) Versi 4: Systematic Review

Computer Engineering Science and System Journal ◽

10.24114/cess.v5i2.17149 ◽

2020 ◽

Vol 5 (2) ◽

pp. 185

Author(s):

Anggi Elanda ◽

Robby Lintang Buana

Keyword(s):

Systematic Review ◽

Information System ◽

Web Application ◽

Web Server ◽

Security Level ◽

Web Application Security ◽

Web Based ◽

Non Profit ◽

Application Security

Abstract -- OWASP (Open Web Application Security Project) version 4 issued by a non-profit organization called owasp.org which is dedicated to the security of web-based applications. This systematic review is intended to review whether the Open Web Application Security Project (OWASP) method is widely used to detect security in a website-based Information System. In this systematic review, we review 3 literature from several publisher sources and make a comparison regarding OWASP version 4 results and the security level of a web server from the publisher's source.Keywords— OWASP, Website Vulnerability, Website Security Detection

Download Full-text

Security Assessment Methodology Based on the Semantic Model of Metrics and Data

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2021-1-29-40 ◽

2021 ◽

pp. 29-40

Author(s):

Elena Doynikova ◽

◽

Andrey Fedorchenko ◽

Igor Kotenko ◽

Evgenia Novikova ◽

...

Keyword(s):

Information System ◽

System Analysis ◽

Semantic Analysis ◽

Data Sources ◽

Security Level ◽

Security Assessment ◽

Semantic Model ◽

Security Metrics ◽

Security Research ◽

Proposed Model

The purpose of the article: development of semantic model of metrics and data and technique for security assessment based on of this model to get objective scores of information system security. Research method: theoretical and system analysis of open security data sources and security metrics, semantic analysis and classification of security data, development of the security assessment technique based on the semantic model and methods of logical inference, functional testing of the developed technique. The result obtained: an approach based on the semantic model of metrics and data is proposed. The model is an ontology generated considering relations among the data sources, information system objects and data about them, primary metrics of information system objects and integral metrics and goals of assessment. The technique for metrics calculation and assessment of unspecified information systems security level in real-time using the proposed model is developed. The case study demonstrating applicability of the developed technique and ontology to answer security assessment questions is provided. The area of use of the proposed approach are security assessment components of information security monitoring and management systems aimed at increasing their efficiency.

Download Full-text

The security system for maintenance of the required information security level

MATEC Web of Conferences ◽

10.1051/matecconf/201821004005 ◽

2018 ◽

Vol 210 ◽

pp. 04005

Author(s):

Maciej Kiedrowicz ◽

Jerzy Stanik

Keyword(s):

Information System ◽

Quality Management ◽

Information Security ◽

Working Conditions ◽

Information Resources ◽

Security System ◽

Security Level ◽

Security Feature ◽

Organizational Configurations ◽

The Impact

The article outlines the concept of maintaining the required security level of the information system in the organization (SIO) through appropriate control of the security configurations of the security system. The security system (SS) model was proposed and its basic elements characterized to maintain the current security level of the information resources. The desired current security feature of the SIO shall be obtained by generating appropriate security technical and organizational configurations from the set of permissible solutions. The proposed concept, which takes into account the impact of not only basic security elements of the information resources (e.g. types of resources, security attributes, risks, vulnerability), but also changes in the working conditions of the information system and security system as well as the entire security and quality management environment of the organization, constitutes own proposal of the authors.

Download Full-text

DEVELOPMENT OF THE AUTOMATED INFORMATION SYSTEM FOR ORGANIZATION’S INFORMATION SECURITY CULTURE LEVEL ASSESSMENT

TECHNICAL SCIENCES AND TECHNOLOG IES ◽

10.25140/2411-5363-2020-1(19)-124-132 ◽

2020 ◽

pp. 124-132 ◽

Cited By ~ 1

Author(s):

Lytvynov Vitalii ◽

Mariia Dorosh ◽

Iryna Bilous ◽

Mariia Voitsekhovska ◽

Valentyn Nekhai

Keyword(s):

Information System ◽

Information Security ◽

Development Process ◽

Source Analysis ◽

Security Level ◽

Functional Requirements ◽

Security Systems ◽

Security Culture ◽

Organization's Information Security ◽

Information Security Culture

Relevance of the research. Ensuring the effectiveness of the information security systems requires creation of an appropriate information security culture for the employees of the organization in order to reduce human-related risks. Target setting. The techniques currently available for assessing information security risk are excluded as a source of the potential vulnerability. Considering the role of the personnel in the organization's information security systems, there is a need to create automated systems of human-machine interaction assessment through the level of the personnel information security culture, and to determine the integral indicator of the organization's information security culture. Actual scientific researches and issues analysis. Open access publications on the problems of integrating the information security culture into the corporate culture of the organization as a tool for ensuring the proper information security level of business processes are considered. Uninvestigated parts of general matters defining. The absence of formalized models for assessing the organization's information security culture level, as well as an automated process for its assessing were revealed by source analysis. The research objective. The purpose of the article to build a model that describes the process of obtaining an organization's information security culture level assessment in IDEF0 notation. Then, to create an architecture and database for system of information security culture assessment to support the general organization's information security system. The statement of basic materials. According to functional requirements, a conceptual model of «The organization`s ISC level determination» development process was created. Input information, governing elements, execution elements and mechanism, and output information were defined. To accomplish these tasks, an architecture and database of information system for assessing the information security culture level of the organization were proposed. Conclusions. The functional model of top-level development process was proposed. Formed functional requirements became the basis for development of information system architecture with description of its modules and database structure.

Download Full-text

IMPACT OF THE DECISION ON TRANSPORT SYSTEMS’ RELIABILITY IN EMERGENCY SITUATIONS

Journal of Science of the Gen Tadeusz Kosciuszko Military Academy of Land Forces ◽

10.5604/01.3001.0010.7230 ◽

2017 ◽

Vol 186 (4) ◽

pp. 216-230

Author(s):

Jarosław KOŃCZAK ◽

Marcin MIETEŃ ◽

Krzysztof SZAFRAN

Keyword(s):

Information System ◽

Armed Forces ◽

Motor Vehicles ◽

Transport Systems ◽

Security Level ◽

Registration System ◽

Emergency Situations ◽

Reliability Indicators ◽

History Of

In the study, the authors focused on determination of reliability indicators of the transport systems, which currently constitute the Polish Armed Forces’ equipment. The methods of research of car fleets composed of distinct types of vehicles are presented. The algorithms of reliability indicators’ determination addressed in the study can serve to analyze other set of transportation means used in rescue, seasonal transport and specialized transportation assignments, as well as to determine the security level of any mission conducted. The appearance of information technology allowed transferring the paper-based registration system of operational occurrences into an integrated information system. It enables to follow the history of transportation fleets including single pieces of the equipment. The knowledge of reliability of particular types of the vehicles allows for proper planning of missions within the framework of possessed transport assets capacity. The study presents the method of achieving the intended objective to increase the effectiveness of management of motor vehicles fleet used intermittently. The algorithm for the selection of a vehicle or a group of vehicles for execution of tasks, developed on the basis of analytical procedures, envisages the assignment of mobile assets, complication and complexity of their structures, the level of modernity, operational history and branch regulations. Determined reliability indicators for particular groups of vehicles can be implemented into the Multilevel Information System

Download Full-text

Computer Information System Construction Based on Information System Security Level and Structure Model

International Journal of Simulation Systems Science & Technology ◽

10.5013/ijssst.a.16.4a.18 ◽

2020 ◽

Author(s):

Guest Editor Wanghe Jiang

Keyword(s):

Information System ◽

System Security ◽

Security Level ◽

Structure Model ◽

System Construction ◽

Information System Security ◽

Computer Information System

Download Full-text

Cryptanalysis and Improvement on an Image Encryption Algorithm Design Using a Novel Chaos Based S-Box

Symmetry ◽

10.3390/sym10090399 ◽

2018 ◽

Vol 10 (9) ◽

pp. 399 ◽

Cited By ~ 34

Author(s):

Congxu Zhu ◽

Guojun Wang ◽

Kehui Sun

Keyword(s):

Image Encryption ◽

Algorithm Design ◽

Security Analysis ◽

Feedback Mechanism ◽

Encryption Algorithm ◽

Security Level ◽

Diffusion Scheme ◽

Cryptographic System ◽

Image Cryptosystem ◽

Image Encryption Algorithm

This article performs the cryptanalysis of an image encryption algorithm using an S-box generated by chaos. The algorithm has the advantages of simple structure, high encryption efficiency, and good encryption performance. However, an attentive investigation reveals that it has some undiscovered security flaws. The image cryptosystem is totally breakable under proposed chosen-plaintext attack, and only two chosen plain-images are required. An array equivalent to the S-box is constructed by an elaborately designed chosen-plaintext image, and the cipher-image is deciphered without having to know the S-box itself. Both mathematical deduction and experimental results validate the feasibility of the attacking scheme. Furthermore, an improved encryption scheme is proposed, in which a feedback mechanism is introduced, a bidirectional diffusion scheme is designed, and values of the ciphertext are associated with more parameters in each diffusion process. Testing results and security analysis verify that the improved cryptographic system can achieve a higher security level and has a better performance than some of the latest encryption algorithms.

Download Full-text

Analisis dan Audit Sistem Manajemen Keamanan Informasi (SMKI) pada Instansi Perpustakaan dan Arsip Daerah Kota Salatiga

Jurnal Teknologi dan Sistem Informasi ◽

10.25077/teknosi.v3i2.2017.279-284 ◽

2017 ◽

Vol 3 (2) ◽

pp. 279-284

Author(s):

Gregorius Anung Hanindito

Keyword(s):

Information Technology ◽

Information System ◽

System Security ◽

Security Level ◽

Physical Security ◽

Information System Security ◽

Security Control ◽

Operation Control

Rapidly changing in Information Technology initiates various innovation that aims to provide convenience for enterprises, organizations, and institutions. Innovation is created to ease users in completing tasks and activities. Unfortunately, easiness in innovation gives chances of fraud and disruption to happen. This paper discusses how countermeasures on those issues are done in Salatiga Library and Archive Office using 4 (four) control aspects in Information System Audit: environtment security control, physical security control, logical security control, and IS operation control. This paper use three step of method, they are: planning and preparation, implementation, and reporting. The aim of this research is to examine the Information System security level in Salatiga Library and Archive Office.

Download Full-text