An Analysis of Information Security Event Managers

2016 ◽  
Author(s):  
Kutub Thakur ◽  
Sandra Kopecky ◽  
Moath Nuseir ◽  
Md Liakat Ali ◽  
Meikang Qiu
Keyword(s):  
Information Security ◽  
Security Event ◽  
Event Managers

Information Security Management in Picture Archiving and Communication Systems for the Healthcare Industry

2009 ◽  
pp. 682-690
Author(s):  
Carrison K.S. Tong ◽  
Eric T.T. Wong
Keyword(s):  
Health Care ◽  
Information System ◽  
Information Security ◽  
Clinical Information System ◽  
Security Management ◽  
Clinical Information ◽  
Information Security Management ◽  
Care Industry ◽  
Security Event ◽  
Picture Archiving And Communication

Like other information systems in banking and commercial companies, information security is also an important issue in the health care industry. It is a common problem to have security incidences in an information system. Such security incidences include physical attacks, viruses, intrusions, and hacking. For instance, in the USA, more than 10 million security incidences occurred in the year 2003. The total loss was over $2 billion. In the health care industry, damages caused by security incidences could not be measured only by monetary cost. The trouble with inaccurate information in health care systems is that it is possible that someone might believe it and do something that might damage the patient. In a security event in which an unauthorized modification to the drug regime system at Arrowe Park Hospital proved to be a deliberate modification, the perpetrator received a jail sentence under the Computer Misuse Act of 1990. In another security event (The Institute of Physics and Engineering in Medicine, 2003), six patients received severe overdoses of radiation while being treated for cancer on a computerized medical linear accelerator between June 1985 and January 1987. Owing to the misuse of untested software in the control, the patients received radiation doses of about 25,000 rads while the normal therapeutic dose is 200 rads. Some of the patients reported immediate symptoms of burning and electric shock. Two died shortly afterward and others suffered scarring and permanent disability. BS7799 is an information security management standard developed by the British Standards Institution (BSI) for an information security management system (ISMS). The first part of BS7799, which is the code of practice for information security, was later adopted by the International Organization for Standardization (ISO) as ISO17799. The ISO 27002 standard is the rename of the existing ISO 17799 standard. It basically outlines hundreds of potential controls and control mechanisms, which may be implemented. The second part of BS7799 states the specification for ISMS which was replaced by The ISO 27001 standard published in October 2005. The Picture Archiving and Communication System (PACS; Huang, 2004) is a clinical information system tailored for the management of radiological and other medical images for patient care in hospitals and clinics. It was the first time in the world to implement both standards to a clinical information system for the improvement of data security.

Specification of Quality Indicators for Security Event and Incident Management in the Supply Chain

2021 ◽  
pp. 22-30
Author(s):  
Igor V. Kotenko ◽  
Igor B. Parashchuk
Keyword(s):  
Supply Chain ◽  
Decision Support ◽  
Information Security ◽  
Quality Indicators ◽  
Analytical Description ◽  
State Transitions ◽  
Incident Management ◽  
Control Information ◽  
Security Event ◽  
Formalized Description

The paper proposes an approach to a formalized description of the process of changing the values of quality indicators of decision support for managing security events and incidents in the supply chain. The approach is based on the analysis of the functioning processes of modern quality control systems for information security in supply chain. In addition, it is based on an analysis of decision support processes. We use controlled Markov chains, represented by difference stochastic equations. The considered version of the analytical description of the state change in dynamics allows one to formalize, structure, and mathematically describe the process of this class from a uniform perspective. It is important to note that with this representation of the dynamics of state transitions, the requirements for operativity (timeliness), reliability, secrecy and resource costs for supporting decision-making to control information security in the supply chain are taken into account.

scholarly journals INFORMATION SECURITY EVENT CORRELATION ALGORITHMS

2020 ◽  
Vol 61 (3) ◽  
pp. 50-59
Author(s):  
Anton D. Moskvichev ◽  
◽  
Mikhail V. Dolgachev ◽  
Keyword(s):  
Information Security ◽  
Intrusion Detection ◽  
High Accuracy ◽  
Intrusion Detection Systems ◽  
Event Correlation ◽  
Detection Systems ◽  
Advantages And Disadvantages ◽  
Security Event ◽  
Correlation System ◽  
High Level

An event correlation system is a system that receives events from various intrusion detection systems, reduces the number of false events, detects high-level attacks, raises the value of incidents, predicts future attacks, and detects sources of attacks. Many algorithms have their advantages and disadvantages. This article provides an overview of existing event correlation algorithms. The material presented in the article is focused on the algorithms used in correlation mechanisms. The authors of the article introduce functions related to accuracy, functionality and computational capabilities, and compare the categories of algorithms using these functions. The result of this review shows that each category of algorithms has its own strengths, and ideal event correlation systems should have the strengths of each of the categories. In conclusion, the authors of the article conclude that these algorithms are effective and can be used as a correlator module in systems of the SIEM class. Based on the results, the authors make a choice in favor of knowledge base algorithms because of their high accuracy, which is a prerequisite for the application of the algorithm in the field of information security, and low resource consumption.

Information Security Management in Picture Archiving and Communication Systems for the Healthcare Industry

2011 ◽  
pp. 1714-1723
Author(s):  
Carrison K.S. Tong ◽  
Eric T.T. Wong
Keyword(s):  
Information System ◽  
Information Security ◽  
Clinical Information System ◽  
Security Management ◽  
Clinical Information ◽  
Healthcare Industry ◽  
Information Security Management ◽  
Picture Archiving ◽  
Security Event ◽  
Picture Archiving And Communication

Like other information systems in banking and commercial companies, information security is also an important issue in the healthcare industry. It is a common problem to have security incidences in an information system. Such security incidences include physical attacks, viruses, intrusions, and hacking. For instance, in the U.S.A., more than 10 million security incidences occurred in the year of 2003. The total loss was over $2 billion. In the healthcare industry, damages caused by security incidences could not be measured only by monetary cost. The trouble with inaccurate information in healthcare systems is that it is possible that someone might believe it and do something that might damage the patient. In a security event in which an unauthorized modification to the drug regime system at Arrowe Park Hospital proved to be a deliberate modification, the perpetrator received a jail sentence under the Computer Misuse Act of 1990. In another security event (The Institute of Physics and Engineering in Medicine, 2003), six patients received severe overdoses of radiation while being treated for cancer on a computerized medical linear accelerator between June 1985 and January 1987. Owing to the misuse of untested software in the control, the patients received radiation doses of about 25,000 rads while the normal therapeutic dose is 200 rads. Some of the patients reported immediate symptoms of burning and electric shock. Two died shortly afterward and others suffered scarring and permanent disability. BS7799 is an information-security-management standard developed by the British Standards Institution (BSI) for an information-securitymanagement system (ISMS). The first part of BS7799, which is the code of practice for information security, was later adopted by the International Organization for Standardization (ISO) as ISO17799. The second part of BS7799 states the specification for ISMS. The picture-archiving and -communication system (PACS; Huang, 2004) is a clinical information system tailored for the management of radiological and other medical images for patient care in hospitals and clinics. It was the first time in the world to implement both standards to a clinical information system for the improvement of data security.

Information Security Management in Picture Archiving and Communication Systems for the Healthcare Industry

2011 ◽  
pp. 396-403
Author(s):  
Carrison K.S. Tong ◽  
Eric T.T. Wong
Keyword(s):  
Information Security ◽  
Linear Accelerator ◽  
Communication Systems ◽  
Healthcare Industry ◽  
Permanent Disability ◽  
Inaccurate Information ◽  
Other Information ◽  
Security Event ◽  
Picture Archiving And Communication ◽  
Park Hospital

Like other information systems in banking and commercial companies, information security is also an important issue in the healthcare industry. It is a common problem to have security incidences in an information system. Such security incidences include physical attacks, viruses, intrusions, and hacking. For instance, in the U.S.A., more than 10 million security incidences occurred in the year of 2003. The total loss was over $2 billion. In the healthcare industry, damages caused by security incidences could not be measured only by monetary cost. The trouble with inaccurate information in healthcare systems is that it is possible that someone might believe it and do something that might damage the patient. In a security event in which an unauthorized modification to the drug regime system at Arrowe Park Hospital proved to be a deliberate modification, the perpetrator received a jail sentence under the Computer Misuse Act of 1990. In another security event (The Institute of Physics and Engineering in Medicine, 2003), six patients received severe overdoses of radiation while being treated for cancer on a computerized medical linear accelerator between June 1985 and January 1987. Owing to the misuse of untested software in the control, the patients received radiation doses of about 25,000 rads while the normal therapeutic dose is 200 rads. Some of the patients reported immediate symptoms of burning and electric shock. Two died shortly afterward and others suffered scarring and permanent disability.

scholarly journals Classifcation of events in information security systems based on neural networks

2019 ◽  
Vol 23 (1) ◽  
pp. 57-63
Author(s):  
A. A. Mikryukov ◽  
A. V. Babash ◽  
V. A. Sizov
Keyword(s):  
Neural Network ◽  
Neural Networks ◽  
Information Security ◽  
Integrated Approach ◽  
Neural Network Ensemble ◽  
Security Systems ◽  
Event Classification ◽  
Security Event ◽  
Neural Network Ensembles ◽  
Network Ensembles

Purpose of the research.The aim of the study is to increase the effectiveness of information security and to enhance accuracy and promptness of the classification of security events, security incidents, and threats in information security systems. To respond to this challenge, neural network technologies were suggested as a classification tool for information security systems. These technologies allow accommodating incomplete, inaccurate and unidentified raw data, as well as utilizing previously accumulated information on security issues. To address the problem more effectively, collective methods based on collective neural ensembles aligned with an advanced complex approach were implemented.Materials and methods:When solving complex classification problems, often none of the classification algorithms provides the required accuracy. In such cases, it seems reasonable to build compositions of algorithms, mutually compensating errors of individual algorithms. The study also gives an insight into the application of neural network ensemble to address security issues in the corporate information system and provides a brief review of existing approaches to the construction of neural network ensembles and methods to shape problem solving with neural networks classifiers. An advanced integrated approach is proposed to tackle problems of security event classification based on neural network ensembles (neural network committees). The approach is based on a three-step procedure. The stages of the procedure implementation are described. It is shown that the use of this approach facilitates the efficiency of solving the problem.Results:An advanced integrated approach to addressing security event classification based on neural network ensembles (neural network committees) is proposed. This approach applies adaptive reduction of neural network ensemble (selection of the best classifiers is based on the assessment of the compliance degree of the competence area of the private neural network classifier and convergence of the results of private classifiers), as well as the selection and rationale of the voting method (composition or aggregation of outputs of private classifiers). The results of numerical experiments support the effectiveness of the proposed approach.Conclusion:Collectively used artificial neural networks in the form of neural network ensembles (committees of neural networks) will provide more accurate and reliable results of security event classification in the corporate information network. Moreover, an advanced integrated approach to the construction of a neural network ensemble is proposed to facilitate effectiveness of the classification process. The approach is based on the application of the adaptive reduction procedure for the results of private classifiers and the procedure for selecting the method of aggregation of the results of private classifiers. These outcomes will enable advancement of the system control over information security incidents. Finally, the paper defines tendencies and directions of the development of collective solution methods applying neural network ensembles (committees of neural networks).

Computer and information security culture: Findings from two studies

2005 ◽  
Author(s):  
Sara Kraemer ◽  
Pascale Carayon
Keyword(s):  
Information Security ◽  
Security Culture ◽  
Information Security Culture

The formation of information security culture of college students

2019 ◽  
pp. 29-36
Author(s):  
I. D. Rudinskiy ◽  
D. Ya. Okolot
Keyword(s):  
College Students ◽  
Information Security ◽  
Information Society ◽  
Technical Aspect ◽  
Data Sources ◽  
Structural Components ◽  
Security Culture ◽  
The Individual ◽  
Information Security Culture ◽  
Ability And Willingness

The article discusses aspects of the formation of information security culture of college students. The relevance of the work is due to the increasing threats to the information security of the individual and society due to the rapid increase in the number of information services used. Based on this, one of the important problems of the development of the information society is the formation of a culture of information security of the individual as part of the general culture in its socio-technical aspect and as part of the professional culture of the individual. The study revealed the structural components of the phenomenon of information security culture, identified the reasons for the interest in the target group of students. It justifies the need for future mid-level specialists to form an additional universal competency that ensures the individual’s ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources. As a result of the study, recommendations were formulated on the basis of which a culture of information security for college students can be formed and developed and a decomposition of this process into enlarged stages is proposed. The proposals on the list of disciplines are formulated, within the framework of the study of which a culture of information security can develop. The authors believe that the recommendations developed will help future mid-level specialists to master the universal competency, consisting in the ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources, as well as to correctly access the necessary information and its further legitimate use, which ultimately forms a culture of information security.

Sign in / Sign up

Export Citation Format

Share Document