Information Security Risks in Enabling e-Government: The Impact of IT Vendors

2011 ◽  
Vol 28 (4) ◽  
pp. 284-293 ◽  
Author(s):  
Peter Berghmans ◽  
Karel Van Roy
Keyword(s):  
Information Security ◽  
Security Risks ◽  
The Impact

scholarly journals APPROACH TO INFORMATION SECURITY RISK ASSESSMENT FOR A CLASS «1» AUTOMATED SYSTEM

2020 ◽  
Vol 2 (10) ◽  
pp. 98-112
Author(s):  
Iryna Litvinchuk ◽  
Ruslan Korchomnyi ◽  
Nataliia Korshun ◽  
Maksym Vorokhob
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Management System ◽  
Automated Systems ◽  
Security Risks ◽  
Advantages And Disadvantages ◽  
Information Security Management System ◽  
Class 1 ◽  
Iec 27002 ◽  
The Impact

The article is devoted to the assessment of information security risks in automated systems of class "1". An adapted approach to the assessment of information security risks in such automated systems using the Methodology and requirements of the standards of GSTU SUIB 1.0 / ISO / IEC 27001: 2010 and GSTU SUIB 2.0 / ISO / IEC 27002: 2010 is proposed. The efficiency and methods of implementation of the approach are proved on the example of consideration of real threats and vulnerabilities of class 1 automated systems. The main requirement for the creation of information security management system in the organization is risk assessment and identification of threats to information resources that are processed in information and telecommunications systems and speakers. The basic standards on information security in Ukraine are considered, which give general recommendations for the construction and assessment of information security risks within the ISMS. The most common methods and methodologies for assessing information security risks of international standard are analyzed, their advantages and disadvantages are identified. The order of carrying out of works on an estimation of risks of information security of the AS of a class "1" is defined. The vulnerabilities considered by the expert according to the standard ISO/IEC 27002:2005 and the Methodology are given. A conditional scale for determining the impact on the implementation of threats to integrity, accessibility, observation is given. Measures and means of counteracting the emergence of threats are proposed. This approach can be used both for direct information risk assessment and for educational purposes. It allows to get the final result regardless of the experience and qualifications of the specialist who conducts risk assessment, with the subsequent implementation and improvement of the existing risk management system in the organization.

scholarly journals Constructing a model for the dynamic evaluation of vulnerability in software based on public sources

2021 ◽  
Vol 6 (2 (114)) ◽  
pp. 19-29
Author(s):  
Yuliia Tatarinova ◽  
Olga Sinelnikova
Keyword(s):  
Mathematical Model ◽  
Information Security ◽  
Technical Information ◽  
General System ◽  
Security Risks ◽  
Dynamic Evaluation ◽  
System A ◽  
Neuro Fuzzy ◽  
The Cost ◽  
The Impact

One of the key processes in software development and information security management is the evaluation of vulnerability risks. Analysis and evaluation of vulnerabilities are considered a resource-intensive process that requires high qualifications and a lot of technical information. The main opportunities and drawbacks of existing systems for evaluation of vulnerability risks in software, which include the lack of consideration of the impact of trends and the degree of popularity of vulnerability on the final evaluation, were analyzed. During the study, the following information was analyzed in the structured form: the vector of the general system of vulnerability evaluation, the threat type, the attack vector, the existence of the original code with patches, exploitation programs, and trends. The obtained result made it possible to determine the main independent characteristics, the existence of a correlation between the parameters, the order, and schemes of the relationships between the basic magnitudes that affect the final value of evaluation of vulnerability impact on a system. A dataset with formalized characteristics, as well as expert evaluation for further construction of a mathematical model, was generated. Analysis of various approaches and methods for machine learning for construction of a target model of dynamic risk evaluation was carried out: neuro-fuzzy logic, regression analysis algorithms, neuro-network modeling. A mathematical model of dynamic evaluation of vulnerability risk in software, based on the dynamics of spreading information about a vulnerability in open sources and a multidimensional model with an accuracy of 88.9 %, was developed. Using the obtained model makes it possible to reduce the analysis time from several hours to several minutes and to make a more effective decision regarding the establishment of the order of patch prioritization, to unify the actions of experts, to reduce the cost of managing information security risks

scholarly journals Impact of digital nudging on information security behavior: an experimental study on framing and priming in cybersecurity

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Kavya Sharma ◽  
Xinhui Zhan ◽  
Fiona Fui-Hoon Nah ◽  
Keng Siau ◽  
Maggie X. Cheng
Keyword(s):  
Experimental Study ◽  
Information Security ◽  
Dual Process ◽  
Security Risks ◽  
Content Type ◽  
Perceived Severity ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Digital Nudging ◽  
The Impact

PurposePhishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.Design/methodology/approachA 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).FindingsThe findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.Originality/valueThis research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.

How Bad is it? – A Branching Activity Model to Estimate the Impact of Information Security Breaches

2013 ◽  
Author(s):  
Russell Cameron Thomas ◽  
Marcin Antkiewicz ◽  
Patrick Florer ◽  
Suzanne Widup ◽  
Matthew Woodyard
Keyword(s):  
Information Security ◽  
Activity Model ◽  
Security Breaches ◽  
The Impact

Hospital Informatization in China During the COVID-19 Pandemic: A Cross-Sectional Internet-Based Survey Study (Preprint)

2020 ◽  
Author(s):  
Ke Zeng ◽  
Weiguo Zhu ◽  
Caiyou Wang ◽  
Liyan Zhu
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Medical Information ◽  
Survey Study ◽  
Chinese Government ◽  
Qr Code ◽  
Cross Sectional ◽  
Network Information ◽  
Tertiary Hospitals ◽  
The Impact

BACKGROUND The rapid spread of COVID-19 has created a severe challenge to China’s healthcare system. Hospitals across the country reacted quickly under the leadership of the Chinese government and implemented a range of informatization measures to effectively respond to the COVID-19. OBJECTIVE To understand the impact of the pandemic on the medical business of Chinese hospitals and the difficulties faced by hospital informatization construction. To discuss the application of hospital informatization measures during the COVID-19 pandemic. To summarize the practical experience of hospitals using information technology to fight the pandemic. METHODS Performing a cross-sectional on-line questionnaire survey in Chinese hospitals, of which the participants are invited including hospital information staff, hospital administrators, medical staff, etc. Statistical analyzing the collected data by using SPSS version 24. RESULTS A total of 804 valid questionnaires (88.45%) are collected in this study from 30 provinces in mainland China, of which 731 (90.92%) were filled out by hospital information staff. 473 (58.83%) hospitals are tertiary hospitals while the remaining 331 (41.17%) are secondary hospitals. The majority hospitals (82.46%) had a drop in their business volume during the pandemic and a more substantial drop is found in tertiary hospitals. 70.40% (n=566) of hospitals have upgraded or modified their information systems in response to the epidemic. The proportion of tertiary hospitals that upgraded or modified systems is significantly higher than that of secondary hospitals. Internet hospital consultation (70.52%), pre-check and triage (62.56%), telemedicine (60.32%), health QR code (57.71%), and telecommuting (50.87%) are the most used informatization anti-pandemic measures. There are obvious differences in the application of information measures between tertiary hospitals and secondary hospitals. Among these measures, most of them (41.17%) are aiming at serving patients and most of them (62.38%) are universal which continue to be used after pandemic. The informatization measures are mostly used to control the source of infection (48.19%), such as health QR Code, etc. During the pandemic, the main difficulties faced by the hospital information department are “information construction projects are hindered” (58.96%) and “increased difficulty in ensuring network information security” (58.58%). There are significant differences in this issue between tertiary hospitals and secondary hospitals. The shortcomings of hospital informatization that should be made up for are “shorten patient consultation time and optimize consultation process” (72.51%), “Ensure network information security” (72.14%) and “build internet hospital consultations platform” (59.95%). CONCLUSIONS A significant number of innovative medical information technology have been used and played a significant role in all phases of COVID-19 prevention and control in China. Since the COVID-19 brought many challenges and difficulties for informatization work, hospitals need to constantly improve their own information technology skills to respond to public health emergencies that arise at any moment.

scholarly journals COVID-19 and Beyond: Employee Perceptions of the Efficiency of Teleworking and Its Cybersecurity Implications

2021 ◽  
Vol 13 (12) ◽  
pp. 6750
Author(s):  
Andreja Mihailović ◽  
Julija Cerović Smolović ◽  
Ivan Radević ◽  
Neli Rašović ◽  
Nikola Martinović
Keyword(s):  
Information Security ◽  
Latent Variables ◽  
Structural Equation ◽  
Relevant Literature ◽  
Cyber Attacks ◽  
Employee Perceptions ◽  
Organizational Efficiency ◽  
Digital Information ◽  
Starting Point ◽  
The Impact

The main idea of this research is to examine how teleworking has affected employee perceptions of organizational efficiency and cybersecurity before and during the COVID-19 pandemic. The research is based on an analytical and empirical approach. The starting point of the research is a critical and comprehensive analysis of the relevant literature regarding the efficiency of organizations due to teleworking, digital information security, and cyber risk management. The quantitative approach is based on designing a structural equation model (SEM) on a sample of 1101 respondents from the category of employees in Montenegro. Within the model, we examine simultaneously the impact of their perceptions on the risks of teleworking, changes in cyber-attacks during teleworking, organizations’ capacity to respond to cyber-attacks, key challenges in achieving an adequate response to cyber-attacks, as well as perceptions of key challenges related to cybersecurity. The empirical aspects of our study involve constructing latent variables that correspond to different elements of employee perception; namely, their perception of organizational efficiency and the extent to which the digital information security of their organizations has been threatened during teleworking during the pandemic.

scholarly journals Determinants of Social Media Impact in Local Government

2016 ◽  
Vol 28 (3) ◽  
pp. 82-103 ◽  
Author(s):  
Mohd Hisham Mohd Sharif ◽  
Indrit Troshani ◽  
Robyn Davidson
Keyword(s):  
Social Media ◽  
Local Government ◽  
Structural Equation ◽  
Limited Attention ◽  
Security Risks ◽  
Media Impact ◽  
The Public ◽  
Perceived Security ◽  
The Impact ◽  
Media Data

Limited attention has been directed towards understanding the impact of social media in the public sector, particularly in local government organisations. Although social media offer substantial benefits and opportunities to local government, research into the impact of social media remains scant. To address this gap, the authors draw on the technology, organisation, and environment (TOE) framework and propose a model of the determinants of social media impact in local government. The model is tested with data collected via a survey with 173 Australian local government organisations using social media. Data were analysed using the partial least squares-structural equation modelling (PLS-SEM) technique. The results indicate that TOE factors including perceived benefits, perceived security risks, compatibility, and degree of formalisation are important predictors of social media impact in local government.

Sign in / Sign up

Export Citation Format

Share Document