scholarly journals Implementation of the fuzzy logic for measuring instrument evaluation results in Information Security Index

2021 ◽  
Vol 1098 (6) ◽  
pp. 062003
Author(s):  
F M Kaffah ◽  
M Irfan ◽  
C Slamet ◽  
C Bernat ◽  
A B A Rahman
Keyword(s):  
Fuzzy Logic ◽  
Information Security ◽  
Measuring Instrument ◽  
Instrument Evaluation ◽  
Security Index

scholarly journals ANALYSIS OF ROUTER ATTACK WITH SECURITY INFORMATION AND EVENT MANAGEMENT AND IMPLICATIONS IN INFORMATION SECURITY INDEX

2019 ◽  
Vol 2 (1) ◽  
pp. 1-7
Author(s):  
CITRA ARFANUDIN ◽  
Bambang Sugiantoro ◽  
Yudi Prayudi
Keyword(s):  
Information Security ◽  
Forensic Analysis ◽  
Event Management ◽  
Information Security Management System ◽  
Security Information ◽  
Information Assets ◽  
Security Index ◽  
Syn Flooding ◽  
The Government ◽  
The Impact

Information security is a need to secure organizational information assets. The government as the regulator issues an Information Security Management System (ISMS) and Information Security Index (US) as a measure of information security in the agency of a region. Security Information and Event Management (SIEM) is a security technology to secure information assets. SIEM is expected to provide information on attacks that occur on the router network and increase the value of the Indeks KAMI of government agencies. However, the use of SIEM is still questionable whether it can recognize a router attack and its impact on the value of our index. This research simulates attacks on routers with 8 attacks namely Mac Flooding, ARP-Poisoning, CDP Flooding, DHCP Starvation, DHCP Rogue, SYN Flooding SSH Bruteforce and FTP Bruteforce. 8 types of attacks followed by digital forensic analysis using the OSCAR method to see the impact on routers and SIEM. Also measured is index KAMI before and after the SIEM to be able to measure the effect of SIEM installation on the value of index KAMI. It was found that the use of SIEM to conduct security monitoring proved successful in identifying attacks, but not all were recognized by SIEM. SIEM only recognizes DHCP Starvation, DHCP Rogue, SSH Bruteforce and FTP Bruteforce. Mac Flooding, ARP-Poisoning, CDP Flooding, SYN Flooding attacks are not recognized by SIEM because routers do not produce logs. Also obtained is the use of SIEM proven to increase our index from the aspect of technology

scholarly journals Systematic Literature Review of the Role of Fuzzy Logic in the Development of Cryptographic and Steganographic Techniques

2021 ◽  
pp. 25-30
Author(s):  
Hari Murti ◽  
Endang Lestariningsih ◽  
Rara Sriartati Redjeki ◽  
Eka Ardhianto
Keyword(s):  
Fuzzy Logic ◽  
Information Security ◽  
Literature Review ◽  
Systematic Literature Review ◽  
Random Number Generator ◽  
Fuzzy Logic Approach ◽  
Logic Approach ◽  
Intelligent Technology ◽  
Cryptographic Techniques

The rapid technological revolution had an impact on a variety of information security techniques. This will be important because information can be confidential to some entities that communicate with each other. Internet in intelligent technology will be a loophole for cryptanalysts to look for information vulnerabilities. Cryptography is a method of securing data and information which is currently still supported by the development of the method. However, the data and information that are secured will still have vulnerabilities in their delivery. The combination of fuzzy logic techniques with cryptographic techniques has been applied to support the improvement of information security. This study applies a systematic literature review method, to find articles that combine the two fields. The purpose of this study is to see the development of information security techniques with a fuzzy logic approach. As a result, it is found that the development of cryptographic and steganographic techniques that utilize fuzzy logic to help improve information security. In addition, the use of fuzzy logic is also not limited to increasing security. Fuzzy logic also plays a role in selecting the best key and password and issuing random numbers from a Pseudo-Random Number Generator (PRNG).

scholarly journals Evaluasi Tingkat Kesiapan Keamanan Informasi Pada Lembaga Pendidikan Menggunakan Indeks Kami 4.0

2019 ◽  
Vol 1 (2) ◽  
pp. 53-62
Author(s):  
Pramudhita Ferdiansyah ◽  
Subektiningsih Subektiningsih ◽  
Rini Indrayani
Keyword(s):  
Information System ◽  
Information Security ◽  
Electronic System ◽  
Third Parties ◽  
Security Evaluation ◽  
Security Systems ◽  
Collection Method ◽  
System Requirements ◽  
Security Index ◽  
Iec 27001

Evaluasi keamanan sistem informasi sangat diperlukan bagi sebuah organisasi, instansi, maupun perusahaan guna mencegah kebocoran data ataupun kerusakan sistem informasi. Penelitian ini dilakukan di sektor pendidikan pada lembaga UPTD XYZ di bawah kuasa Dinas Pendidikan Provinsi Daerah Istimewa Yogyakarta. Evaluasi kematangan dan tata kelola keamanan informasi diterapkan berdasarkan standar ISO/IEC 27001:2017 dengan menggunakan indeks keamanan informasi KAMI versi 4.0. Metode pengumpulan data dilakukan dengan cara observasi langsung dan interview terhadap penanggungjawab sistem informasi. Hasil yang didapatkan dari evaluasi untuk kebutuhan sistem elektronik sebesar 20, sedangkan tingkat kelengkapan informasi mendapatkan skor 245. Dari hasil tersebut dapat disimpulkan bahwa tingkat keamanan informasi masih sangat rendah dan diperlukan perbaikan sistem keamanan informasi dengan bekerja sama dengan pengembang keamanan informasi dari pihak ketiga. Information system security evaluation is indispensable for an organization, agency, or company to prevent data leakage or damage to information systems. This research was conducted in the education sector at the UPTD XYZ institution under the authority of the Yogyakarta Provincial Education Office. Information security maturity and governance evaluation is implemented based on ISO / IEC 27001: 2017 standard by using the WE information security index version 4.0. The data collection method is done by direct observation and interviews with the person in charge of the information system. The results obtained from the evaluation for electronic system requirements were 20, while the level of completeness of information got a score of 245. From these results it can be concluded that the level of information security is still very low and it is necessary to improve information security systems in collaboration with information security developers from third parties.

Holistic framework for evaluating and improving information security culture

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Krunoslav Arbanas ◽  
Mario Spremic ◽  
Nikolina Zajdela Hrustek
Keyword(s):  
Information Security ◽  
Latent Variables ◽  
Convergent Validity ◽  
Social Issues ◽  
The Body ◽  
Measuring Instrument ◽  
Validity And Reliability ◽  
Content Type ◽  
Security Culture ◽  
Information Security Culture

PurposeThe objective of this research was to propose and validate a holistic framework for information security culture evaluation, built around a novel approach, which includes technological, organizational and social issues. The framework's validity and reliability were determined with the help of experts in the information security field and by using multivariate statistical methods.Design/methodology/approachThe conceptual framework was constructed upon a detailed literature review and validated using a range of methods: first, measuring instrument was developed, and then content and construct validity of measuring instrument was confirmed via experts' opinion and by closed map sorting method. Convergent validity was confirmed by factor analysis, while the reliability of the measuring instrument was tested using Cronbach's alpha coefficient to measure internal consistency.FindingsThe proposed framework was validated based upon the results of empirical research and the usage of multivariate analysis. The resulting framework ultimately consists of 46 items (manifest variables), describing eight factors (first level latent variables), grouped into three categories (second level latent variables). These three categories were built around technological, organizational and social issues.Originality/valueThis paper contributes to the body of knowledge in information security culture by developing and validating holistic framework for information security culture evaluation, which does not observe information security culture in only one aspect but takes into account its organizational, sociological and technical component.

scholarly journals About Some Risks Associated with Subjective Factors, and the Methodology for their Assessment

2021 ◽  
Vol 9 (3) ◽  
pp. 94-102
Author(s):  
A. Kozlov ◽  
N. Noga
Keyword(s):  
Risk Assessment ◽  
Fuzzy Logic ◽  
Information Security ◽  
Complex Network ◽  
Negative Consequences ◽  
Management Decisions ◽  
Personnel Policy ◽  
Critical Information ◽  
Implementation Period ◽  
Fuzzy Logic Method

The authors propose a methodology for assessing the risk associated with subjective factors that may affect the achievement of the final goals of business projects, including ensuring information security. Such factors may include the level of salary, the level of professionalism, and others. At the same time, we propose carrying out the risk assessment by using the fuzzy logic method, which allows us to determine the dependence of the risk on various parameters under conditions of their uncertainty. According to the authors, the proposed methodology will help avoid some incorrect management decisions in the formation of author (working) teams, which could lead to negative consequences in the further implementation of the business project. These negative consequences can be expressed in delaying the implementation period, increasing the project’s cost, or even losing business due to critical information and personnel leakage. Also, this method allows you to increase the effectiveness of personnel policy in the organisation or the company. We noted that this method is applicable not only for individual enterprises but also for corporations and associations with complex network structures.

scholarly journals Computerised Information Security Using Texture Based Fuzzy Cryptosystem

2018 ◽  
Vol 8 (6) ◽  
pp. 3598-3602
Author(s):  
A. A. Alghamdi
Keyword(s):  
Fuzzy Logic ◽  
Feature Extraction ◽  
Information Security ◽  
Texture Features ◽  
Experimental Results ◽  
Original Image ◽  
Secret Image ◽  
Carrier Image ◽  
Embedded Image

The main objective of this study is to form a unique and economical steganographic technique for digital pictures employed for secret transmission using texture and fuzzy logic. This technique is employed to embed data in the carrier image and to extract the hidden message within the same carrier image. Initially, fuzzification is completed which transforms the carrier and the secret image into numerous bitplanes. Afterward, the pixel number calculation is completed within the original image. Then feature extraction is completed within the secret image so as to represent the data in it. Finally, pixel merging follows within the sender region by assignment of white and black pixels in the original image and in the secret pictures. Pixel numbers and texture features are extracted and can be used as a key for retrieving the embedded image from the receiver. This modified approach can be applied in various images. Experimental results reveal that this method will hide and retrieve the secret messages in a carrier accurately.

Sign in / Sign up

Export Citation Format

Share Document