INFORMATION SECURITY OF SMALL BUSINESSES IN THE CONTEXT OF DIGITALIZATION

The article defines and analyzes the characteristic features of modern society digitalization, in particular the digital economy. It is noted that progress in the digital technology environment requires the application of information security measures, primarily in the financial and economic activities of small businesses. The interpretation of the definitions «information security» and «economic security» has been clarified. Attention is drawn to a conscious understanding of the interaction between people and technology during the digital transformation of the economy in such a way that the latest technologies must adapt to people, and not vice versa. It is emphasized that such an understanding can come only in the process of training and acquiring appropriate professional competencies, especially among small businesses. The types of small businesses information that are subject to protection and components of economic security are determined. Proposals have been formed for the creation of a comprehensive security program, which should include an action plan aimed at protecting the functioning of the enterprise's information system from external and internal influences, and a set of measures designed to protect the confidentiality, availability, and integrity of data from internal and external, malicious and accidental threats. Information security of small businesses in the context of digitalization should be based on the following positions: the management of the enterprise should regularly train all employees in the principles of Information Security, data protection and protect physical data carriers from cyber attacks; the corporate network should be segmented, and access to it – controlled; partnership with service providers from the point of view of information security should be equivalent; remote access to the corporate network of the enterprise, which is now becoming more widespread, should be as secure as possible and comply with information security standards. A promising area of further research is the development of a set of measures at the state level, which includes streamlining the simplified tax system, promoting the development of innovative entrepreneurship, cluster organization of small businesses, the formation of a modern information infrastructure to support entrepreneurship, the formation of a favorable business climate.

Download Full-text

Management of financial and economic security of a modern bank: remote maintenance risks

Russian Journal of Management ◽

10.12737/22427 ◽

2017 ◽

Vol 5 (1) ◽

pp. 62-70

Author(s):

Ольга Шумилина ◽

Ирина Езангина ◽

Irina Ezangina

Keyword(s):

Financial Literacy ◽

Financial Stability ◽

Banking System ◽

Main Tool ◽

State Institution ◽

Economic Security ◽

Cyber Attacks ◽

Remote Access ◽

Credit Institution ◽

Dual Nature

The paper emphasizes that the variety of products offered by a modern bank in the remote access mode, its permanent renewal, integration services increase the downside risks to economic and financial security of the credit institution. Risks writers associated with cyber attacks as the main tool of remote financial fraud, which is confirmed by reliable statistical material. Analyzed species, tools, the initiators of the attacks proved their dual nature associated with purposefulness as well as the infrastructure of the credit institution and its customer base. Continuing studied private practice to counter cybercrime. The conclusion about the significance of direct and indirect participation of the state institution to ensure financial stability of the banking system as the basis of its economic security. Special attention is given to describing the activities of the prospects created by the Chief of Security and Information Protection of the Bank of Russia, as well as a mechanism to increase the financial literacy of the population in order to minimize the risk of fraud by unscrupulous market participants

Download Full-text

Using honeynet data and a time series to predict the number of cyber attacks

Computer Science and Information Systems ◽

10.2298/csis200715040z ◽

2021 ◽

pp. 40-40

Author(s):

Matej Zuzcák ◽

Petr Bujok

Keyword(s):

Time Series ◽

Service Providers ◽

Effective Means ◽

Autonomous Systems ◽

Cyber Attacks ◽

Remote Access ◽

Real World Data ◽

Internet Service ◽

Geographical Regions ◽

The Individual

A large number of cyber attacks are commonly conducted against home computers, mobile devices, as well as servers providing various services. One such prominently attacked service, or a protocol in this case, is the Secure Shell (SSH) used to gain remote access to manage systems. Besides hu man attackers, botnets are a major source of attacks on SSH servers. Tools such as honeypots allow an effective means of recording and analysing such attacks. However, is it also possible to use them to effectively predict these attacks? The prediction of SSH attacks, specifically the prediction of activity on certain subjects, such as autonomous systems, will be beneficial to system administrators, internet service providers, and CSIRT teams. This article presents multiple methods for using a time series, based on real-world data, to predict these attacks. It focuses on the overall prediction of attacks on the honeynet and the prediction of attacks from specific geographical regions. Multiple approaches are used, such as ARIMA, SARIMA, GARCH, and Bootstrapping. The article presents the viability, precision and usefulness of the individual approaches for various areas of IT security.

Download Full-text

Role of Information Security in Terms of Digital Economy

Baikal Research Journal ◽

10.17150/2411-6262.20.11(1).6 ◽

2020 ◽

Vol 11 (1) ◽

Author(s):

Aleksey Bushuyev ◽

Irina Derevtsova ◽

Yulia Maltseva ◽

Viktoriya Terentyeva

Keyword(s):

Information Security ◽

New Technologies ◽

Statistical Data ◽

Personal Data ◽

Satellite Communications ◽

Economic Security ◽

Digital Economy ◽

Cyber Attacks ◽

The State ◽

Public Authorities

The current level of economic development implies an active use of the Internet, satellite communications, and new technologies of processing, storing, and transmitting information, which, in its turn, makes the problem of protecting personal data and ensuring information security of the state and enterprises urgent. Unauthorized access to information resources of organizations, destruction, blocking, copying and use of companies information for the deceptive purposes of third parties cause significant damage to both individuals and businesses and the state. The article examines the correlation of the concepts of information security and economic security, specifies todays existing challenges and threats to economic security in the context of digital transformation, analyzes the statistical data of economic crimes using digital technologies; it identifies possible causes and factors of weakening the security of the digital economy. The authors present an analysis of statistical data that characterize the number and structure of crimes related to violation of information security of the country and territories. In particular, they examine the following types of crimes: cyber attacks on the websites of public authorities; creation, use and distribution of malicious computer programs; fraud using electronic means of payment.

Download Full-text

DCSS Protocol for Data Caching and Sharing Security in a 5G Network

Network ◽

10.3390/network1020006 ◽

2021 ◽

Vol 1 (2) ◽

pp. 75-94

Author(s):

Ed Kamya Kiyemba Edris ◽

Mahdi Aiash ◽

Jonathan Loo

Keyword(s):

Mobile Networks ◽

Service Providers ◽

Security Analysis ◽

Mobile Network ◽

End Users ◽

Third Party ◽

Control Mechanisms ◽

Security Measures ◽

Data Caching ◽

Pi Calculus

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted.

Download Full-text

COVID-19 and Beyond: Employee Perceptions of the Efficiency of Teleworking and Its Cybersecurity Implications

Sustainability ◽

10.3390/su13126750 ◽

2021 ◽

Vol 13 (12) ◽

pp. 6750

Author(s):

Andreja Mihailović ◽

Julija Cerović Smolović ◽

Ivan Radević ◽

Neli Rašović ◽

Nikola Martinović

Keyword(s):

Information Security ◽

Latent Variables ◽

Structural Equation ◽

Relevant Literature ◽

Cyber Attacks ◽

Employee Perceptions ◽

Organizational Efficiency ◽

Digital Information ◽

Starting Point ◽

The Impact

The main idea of this research is to examine how teleworking has affected employee perceptions of organizational efficiency and cybersecurity before and during the COVID-19 pandemic. The research is based on an analytical and empirical approach. The starting point of the research is a critical and comprehensive analysis of the relevant literature regarding the efficiency of organizations due to teleworking, digital information security, and cyber risk management. The quantitative approach is based on designing a structural equation model (SEM) on a sample of 1101 respondents from the category of employees in Montenegro. Within the model, we examine simultaneously the impact of their perceptions on the risks of teleworking, changes in cyber-attacks during teleworking, organizations’ capacity to respond to cyber-attacks, key challenges in achieving an adequate response to cyber-attacks, as well as perceptions of key challenges related to cybersecurity. The empirical aspects of our study involve constructing latent variables that correspond to different elements of employee perception; namely, their perception of organizational efficiency and the extent to which the digital information security of their organizations has been threatened during teleworking during the pandemic.

Download Full-text

The Evolving Concept of the Japanese Security Strategy

10.1093/oxfordhb/9780198800682.013.42 ◽

2021 ◽

pp. 648-658

Author(s):

Yoko Nitta

Keyword(s):

Information Security ◽

National Security ◽

Critical Infrastructure ◽

Action Plan ◽

Global Risk ◽

Security Strategy ◽

Corporate Executives ◽

Foreign State ◽

Prime Concern ◽

Present Information

This chapter studies how the significant cyberattacks perpetrated against the Japan Pension Services (JPS) served to heighten awareness of the significance of cyber threats among political and corporate executives. According to the Japanese cybersecurity strategy, cyberattacks constitute a global risk and remain a prime concern for the development of appropriate countermeasures. As a result, Japan has regarded the strengthening of cybersecurity as a priority and outlined this to the National Security Council in 2014. At present, information security institutions in Japan are chaperoned by the cybersecurity strategy headquarters, which aims to promote constructive and efficient cybersecurity policies. In addition, Japan has implemented its third action plan on information security for critical infrastructure and revised its cybersecurity strategy in 2015. By working in partnership with countries around the world, Japan pursues its own national security as well as the peace and stability of the international community. International cooperation and partnerships also contribute to the international campaign against cyberattacks, especially those in which foreign state actors may be implicated.

Download Full-text

Building a Cybersecurity Culture in the Industrial Control System Environment

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2019.01.05 ◽

2019 ◽

Vol 8 (1) ◽

pp. 39-44

Author(s):

Claudia ARAUJO MACEDO ◽

Jos MENTING

Keyword(s):

Control System ◽

Control Systems ◽

Cyber Attacks ◽

Cyber Attack ◽

Industrial Control System ◽

Security Measures ◽

Industrial Control ◽

Industrial Control Systems ◽

System A ◽

Educational Processes

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

Download Full-text

SECURITY IN CLOUD COMPUTING IN INDIAN GOVERNMENT

INTERNATIONAL JOURNAL OF NEXT-GENERATION COMPUTING ◽

10.47164/ijngc.v12i3.808 ◽

2021 ◽

Vol 12 (3) ◽

Author(s):

Nitin Vishnu Choudhari ◽

Dr. Ashish B Sasankar

Keyword(s):

Cloud Computing ◽

Service Delivery ◽

Service Providers ◽

Cloud Service ◽

Cloud Security ◽

End Users ◽

Security Architecture ◽

Security Measures ◽

End User ◽

Cloud Service Providers

Abstract –Today Security issue is the topmost problem in the cloud computing environment. It leads to serious discomfort to the Governance and end-users. Numerous security solutions and policies are available however practically ineffective in use. Most of the security solutions are centered towards cloud technology and cloud service providers only and no consideration has been given to the Network, accessing, and device securities at the end-user level. The discomfort at the end-user level was left untreated. The security of the various public, private networks, variety of devices used by end-users, accessibility, and capacity of end-users is left untreated. This leads towards the strong need for the possible modification of the security architecture for data security at all levels and secured service delivery. This leads towards the strong need for the possible adaption of modified security measures and provisions, which shall provide secured hosting and service delivery at all levels and reduce the security gap between the cloud service providers and end-users. This paper investigates the study and analyze the security architecture in the Cloud environment of Govt. of India and suggest the modifications in the security architecture as per the changing scenario and to fulfill the future needs for the secured service delivery from central up to the end-user level. Keywords: Cloud Security, Security in GI Cloud, Cloud Security measures, Security Assessment in GI Cloud, Proposed Security for GI cloud

Download Full-text

Information Security Aspect of Operational Risk Management

Foundations of Management ◽

10.2478/v10238-012-0010-2 ◽

2009 ◽

Vol 1 (2) ◽

pp. 45-60 ◽

Cited By ~ 1

Author(s):

Janusz Zawiła-Niedźwiecki ◽

Maciej Byczkowski

Keyword(s):

Risk Management ◽

Information Security ◽

Organizational Structure ◽

Operational Risk ◽

The Other ◽

Security Measures ◽

Operational Risk Management ◽

Hand Shaping ◽

Product Service ◽

The One

Information Security Aspect of Operational Risk ManagementImproving organization means on the one hand searching for adequate product (service) matched to the market, on the other hand shaping the ability to react on risks caused by that activity. The second should consist of identifying and estimating types of risk, and consequently creating solutions securing from possible forms of it's realization (disturbances), following rules of rational choice of security measures as seen in their relation to costs and effectiveness. Activities of creating the security measures should be organized as constantly developing and perfecting and as such they need formal place in organizational structure and rules of management

Download Full-text

Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security

Symmetry ◽

10.3390/sym12040664 ◽

2020 ◽

Vol 12 (4) ◽

pp. 664 ◽

Cited By ~ 4

Author(s):

Rajeev Kumar ◽

Abhishek Kumar Pandey ◽

Abdullah Baz ◽

Hosam Alhakami ◽

Wajdi Alhakami ◽

...

Keyword(s):

Decision Making ◽

Information Security ◽

Information Management ◽

Cyber Security ◽

Cyber Attacks ◽

Multi Criteria Decision Making ◽

Local Hospital ◽

Healthcare Information ◽

Security Breaches ◽

The Impact

Growing concern about healthcare information security in the wake of alarmingly rising cyber-attacks is being given symmetrical priority by current researchers and cyber security experts. Intruders are penetrating symmetrical mechanisms of healthcare information security continuously. In the same league, the paper presents an overview on the current situation of healthcare information and presents a layered model of healthcare information management in organizations. The paper also evaluates the various factors that have a key contribution in healthcare information security breaches through a hybrid fuzzy-based symmetrical methodology of AHP-TOPSIS. Furthermore, for assessing the effect of the calculated results, the authors have tested the results on local hospital software of Varanasi. Tested results of the factors are validated through the comparison and sensitivity analysis in this study. Tabulated results of the proposed study propose a symmetrical mechanism as the most conversant technique which can be employed by the experts and researchers for preparing security guidelines and strategies.

Download Full-text