Hierarchically defining Internet of Things security: From CIA to CACA

With the rapid development of Internet of Things technology (e.g. wireless sensor networks), security has become a global issue. Confidentiality, integrity, and availability (known as the CIA triangle) is widely used to define and model information security. However, this CIA triangle is insufficient to address rapidly changing security requirements. In this article, we divide information systems into four layers: physical layer, operational layer, data layer, and content layers (PODC). Corresponding, hierarchy of information security is proposed. Furthermore, we define the basic security properties for each layer and show that the four properties (i.e. confidentiality, availability, controllability, and authentication, called CACA) are minimally complete and independent for information security. Based on PODC and CACA, a new definition of information security is proposed, which acts as a secure foundation for information systems.

Download Full-text

CURRENT ISSUES OF INFORMATION SECURITY IN THE ACTIVITIES OF THE NATIONAL POLICE OF UKRAINE

Juridical science ◽

10.32844/2222-5374-2020-105-3.23 ◽

2020 ◽

pp. 183-190

Author(s):

І. Є. Іванов

Keyword(s):

Information Systems ◽

Law Enforcement ◽

Information Security ◽

Information Technologies ◽

Public Information ◽

Information Protection ◽

The Law ◽

Definition Of ◽

Definition Of Information ◽

National Police

The article considers topical issues of information security in the activities of the National Police of Ukraine. It is determined that the main problem of information security in the law enforcement sphere arose due to the global contradiction between the possibilities of information technologies and the threats of their use. The settlement of the existing public information relations alone is insufficient, as the legislation does not keep pace with technical progress. The definition of "information security" is considered and the author's definition of this concept is offered. The main normative legal acts regulating the activity of the National Police in this direction are analyzed. It is stated that information security of the National Police of Ukraine is provided in two forms: organizational (related to the circulation, collection, processing, storage, use and protection of information); legal (preparation and approval of regulations (orders, instructions), development of regulations, instructions, algorithms, plans, etc.). The key to information protection is the administration of information systems. The European experience of information protection in the law enforcement sphere is considered. Attention is drawn to the need to implement a system of modern international information security standards ISO / IES series 27000, which is constantly updated. It is theoretically substantiated that: increasing the efficiency of the National Police of Ukraine can be solved through the introduction of a reliable information security system; to achieve the highest level of information security of law enforcement agencies it is necessary not only to improve the current legislation, but also to have a mechanism for its implementation; Security and protection in the information systems of the National Police should be based on a comprehensive approach to building a protection system, which provides for the integration into a single set of necessary measures and means of information protection at all levels of the information system.

Download Full-text

Model and Technique for Abonent Address Masking in Cyberspace

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2020-06-2-13 ◽

2020 ◽

pp. 2-13

Author(s):

Vadim Kuchurov ◽

◽

Roman Maximov ◽

Roman Sherstobitov ◽

◽

...

Keyword(s):

Information System ◽

Information Systems ◽

Information Security ◽

Information Exchange ◽

Information Technologies ◽

System Structure ◽

Security Requirements ◽

Kolmogorov Equation ◽

Basic Set ◽

Technical Solutions

Regulators charge to counter information security threats against the structural and functional characteristics of the information system to ensure the information security requirements. These requirements include information system structure and composition, information technologies and functioning characteristics, physical and logical, functional and technological interconnections between information system segments. They order false components of information system emulation as a basic step of protection, as well as information technologies hiding, information system configuration management and its switching to predetermined configuration that provides a protection. However that steps are not included into basic set and they protection aims are reached with compensative assets, formalizing and implementing inhibitory orders and set of organizational and technical measures on threat source. The purpose of research – to disclose and to state main ways of search of new technical solutions for structure masking of distributed information systems in cyberspace implementing masking traffic taking into account the requirements for the timeliness of information exchange. The method of research – operations research in the face of uncertainty, the application of the theory of Markov processes and Kolmogorov equation for solving the problem of increasing the efficiency of masking exchange. The result of research – finding the probabilistic and temporal characteristics of the functioning process of the data transmission network when applying technical solutions for information systems masking in cyberspace. The results obtained make it possible to explicitly implement protection measures aimed at forming persistent false stereotypes among violators about information systems and control processes implemented with their help.

Download Full-text

Peculiarities of legal regulation of activities of the National Police of Ukraine in the field of ensuring information security in Ukraine

Law and Safety ◽

10.32631/pb.2020.4.04 ◽

2020 ◽

Vol 79 (4) ◽

pp. 32-38

Author(s):

І. Д. Казанчук ◽

В. П. Яценко

Keyword(s):

Information Security ◽

Legal Regulation ◽

Legal Analysis ◽

Legal Principles ◽

Cyber Threats ◽

Current State ◽

Effective System ◽

Definition Of ◽

Definition Of Information ◽

National Police

Based on the analysis of scientific concepts and legal principles the author has provided the definition of information security, provision of information security in Ukraine and has characterized its components. The current state of legal regulation of the organization and activity of cyberpolice units of the National Police of Ukraine has been analyzed. Particular attention has been paid to the legal analysis of the tasks, functions and structure of the Cyberpolice Department of the National Police of Ukraine. Special attention has been drawn to certain shortcomings of Ukrainian legislation in the field of ensuring information security by the police, its compliance with the norms and standards of international law. Taking into account the specifics of the tasks, the author has provided characteristics of the functions of cyberpolice units in the information sphere, which should be divided according to the purpose into: 1) basic (external), which are focused on law enforcement and preventive aspects; 2) auxiliary (intrasystem), which are focused on promoting the implementation of basic functions, the introduction of appropriate management mechanisms within the system. It has been stated that the modern system of ensuring information security and cybersecurity in Ukraine should be one effective system, consisting of such mandatory components as legal, educational and technical. It has been concluded that in order to improve the legal principles for the organization and activities of cyberpolice units of the National Police in the field of ensuring information security and counteracting cyber threats, first of all, it is necessary to optimize the organizational structure of cyberpolice, reasonably distribute the functions (powers) between cyberpolice units and other subjects combating cyber threats in Ukraine, to create appropriate conditions for reaching a qualitatively new level of interaction between them and coordination of their activities in the field of ensuring information security in modern conditions.

Download Full-text

A Mark-Up Language for the Specification of Information Security Governance Requirements

Privacy Solutions and Security Frameworks in Information Protection ◽

10.4018/978-1-4666-2050-6.ch007 ◽

2013 ◽

pp. 103-123

Author(s):

Anirban Sengupta ◽

Chandan Mazumdar

Keyword(s):

Information Systems ◽

Information Security ◽

Security Requirements ◽

Security Requirement ◽

Security Governance ◽

Digital World ◽

Information Security Governance ◽

Version 2.0 ◽

Enterprise Security ◽

And Control

As enterprises become dependent on information systems, the need for effective Information Security Governance (ISG) assumes significance. ISG manages risks relating to the confidentiality, integrity and availability of information, and its supporting processes and systems, in an enterprise. Even a medium-sized enterprise contains a huge collection of information and other assets. Moreover, risks evolve rapidly in today’s connected digital world. Therefore, the proper implementation of ISG requires automation of the various monitoring, analysis, and control processes. This can be best achieved by representing information security requirements of an enterprise in a standard, structured format. This paper presents such a structured format in the form of Enterprise Security Requirement Markup Language (ESRML) Version 2.0. It is an XML-based language that considers the elements of ISO 27002 best practices.

Download Full-text

Definition of Information Systems Security Policies

Advances in Intelligent Systems and Computing - Recent Advances in Information Systems and Technologies ◽

10.1007/978-3-319-56541-5_23 ◽

2017 ◽

pp. 225-234

Author(s):

Isabel Maria Lopes ◽

João Paulo Pereira ◽

Pedro Oliveira

Keyword(s):

Information Systems ◽

Security Policies ◽

Information Systems Security ◽

Systems Security ◽

Definition Of ◽

Definition Of Information

Download Full-text

A definition of Information Security Classification in cybersecurity context

2017 11th International Conference on Research Challenges in Information Science (RCIS) ◽

10.1109/rcis.2017.7956520 ◽

2017 ◽

Cited By ~ 1

Author(s):

Guillaume Collard ◽

Stephane Ducroquet ◽

Eric Disson ◽

Guilaine Talens

Keyword(s):

Information Security ◽

Definition Of ◽

Definition Of Information

Download Full-text

IoT Information Security: Fundamental Statements Review

PROGRAMMNAYA INGENERIA ◽

10.17587/prin.11.259-269 ◽

2020 ◽

Vol 11 (5) ◽

pp. 259-269

Author(s):

V. A. Galatenko ◽

◽

K. A. Kostyukhin ◽

Keyword(s):

Information Security ◽

Internet Of Things ◽

Reference Model ◽

Integrated Approach ◽

Point Of View ◽

The Internet ◽

Physical Damage ◽

Security Breaches ◽

Internet Of Things Technology ◽

The Internet Of Things

Internet of things technology is developing at an exceptionally fast pace. This applies to both industrial and consumer Internet. The "things" account for billions, and many areas of application have been formed. At the same time, the state of information security of the Internet of things is not satisfactory, and protective measures are clearly inferior to Commerce. This is especially dangerous because the Internet of things spans two worlds: digital and physical, and security breaches can cause both informational and physical damage. The Internet of things is developing rapidly, so it is natural that it experiences typical growth diseases-fragmentation and uneven development. The base for ensuring security is mostly formed (but continues to be formed), the question is how quickly there will be a harmonization of approaches, and advanced ideas will be accepted by device manufacturers. Many state and non-state agencies actively promote security tools, inform and train manufacturers and consumers. The article is an overview of the main provisions of information security of the Internet of things. An attempt is made to consider software and technical and legislative levels of Internet of things security. This makes it different from other publications of a similar nature. Only a holistic, integrated approach can improve real information security. Authors outline basic concepts and describe a reference model of Internet of things, draw attention to the peculiarities of the Internet of things that are important from the security point of view, enumerate typical threats for Internet of things. The legislative level of information security, security recommendations for the Internet of things, manufacturers description of usage, and installation of software corrections are considered in detail.

Download Full-text

Why we need a new definition of information security

Computers & Security ◽

10.1016/s0167-4048(03)00407-3 ◽

2003 ◽

Vol 22 (4) ◽

pp. 308-313 ◽

Cited By ~ 40

Author(s):

James M. Anderson

Keyword(s):

Information Security ◽

Definition Of ◽

Definition Of Information

Download Full-text

Research on Micro-Certificate Based Security System for Internet of Things

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.263-266.3125 ◽

2012 ◽

Vol 263-266 ◽

pp. 3125-3129

Author(s):

Li Ping Du ◽

Ying Li ◽

Guan Ning Xu ◽

Fei Duan

Keyword(s):

Internet Of Things ◽

Large Scale ◽

Rapid Development ◽

Security System ◽

Security Requirements ◽

Full Account ◽

Chip Technology ◽

Cryptographic Algorithms ◽

Encryption Decryption ◽

The Internet Of Things

The rapid development of internet of things puts forward urgent needs for security. The security system must be studied to adapt to the characteristics of the internet of things. The micro- certificate based security system for internet of things takes full account of the security characteristics of things, and uses the symmetric cryptographic algorithms and security chip technology. This security system can meet the security requirements for large-scale sensor’s authentication, signification and encryption/decryption in internet of things, and improve the security performance of internet of things greatly.

Download Full-text

MANAGEMENT OF TECHNOLOGICAL INNOVATIONS OF LOGISTICS ENTERPRISES BASED ON THE USE OF THE INTERNET OF THINGS

10.32782/2224-6282/159-24 ◽

2020 ◽

Author(s):

Leonid Taraniuk ◽

◽

Qiu Hongzhou ◽

Nataliia Hlyboka ◽

◽

...

Keyword(s):

Internet Of Things ◽

Inventory Management ◽

Intelligent System ◽

Innovation Management ◽

Rapid Development ◽

Logistics Industry ◽

Advantages And Disadvantages ◽

Logistics Enterprises ◽

Management Optimization ◽

Internet Of Things Technology

The development of logistics enterprises is an important symbol to measure the level of development of science and technology and comprehensive strength of a country, and the level of logistics and logistics intelligence, information level to reflect the value. Internet of Things technology provides a enough platform for logistics industry to realize the combination of traditional logistics technology and intelligent system operation management, so as to enable enterprises to realize logistics automation, information and intelligent operation faster and better. This paper describes the important role and innovative application of management of Internet of Things technology in the development of logistics enterprises, analyzes the advantages and disadvantages of RFID technology and its important role in inventory management optimization. With the rapid development of logistics enterprises, how to efficiently use the emerging Internet of Things technology and apply it to all aspects of logistics operation requires logistics enterprises to carry out technological innovation management on the basis of the original technology and equipment, seize the opportunity of national policies and put forward the innovation management mode suitable for enterprise development.

Download Full-text