scholarly journals Basic q-analysis of MCQA for Information Security System

2019 ◽  
Vol 3 (5) ◽  
Author(s):  
Oleh Kozlenko
Keyword(s):  
Information Systems ◽  
Structural Analysis ◽  
Information Security ◽  
System Analysis ◽  
Security System ◽  
Security Measures ◽  
Security Systems ◽  
Basic Principles ◽  
Application Methods ◽  
Security Incidents

Article explores application methods for systems structural analysis to use in study of security in information systems, which is based on variants of general attack scenarios, features of cybersecurity culture, q-analysis, which is part of MCQA . General security system analysis usually is based on different factors, which include  technical means, human-related mistakes in different ways and respond to security incidents. Q-analysis presents the basic principles of constructing model of information security systems elements connectivity on the example of two sets: set of threats and sets of security measures for information security and calculated numerical values. Elements of the two sets of are interconnected and form the basis of a system for ensuring their security. These calculations can be used to further determine overall formal assessment of security of the organization.

scholarly journals Cognitive Information Systems for Protection of Museum Complexes

2018 ◽  
Vol 7 (4.38) ◽  
pp. 82
Author(s):  
Aleksey Valentinovich Bogdanov ◽  
Igor Gennadievich Malygin
Keyword(s):  
Artificial Intelligence ◽  
Information Systems ◽  
Information Security ◽  
Security System ◽  
Structural Scheme ◽  
Cognitive Information ◽  
Technological Platform ◽  
Network Technologies ◽  
Cognitive Information Systems ◽  
Stratified Model

The paper considers the conceptual provisions of building a promising cognitive information security system of the museum complex on a cyber-physical basis. The stratified model of cognitive information security system of the museum complex was presented. It was shown that the key technological platform for the security of the museum complex is information and network technologies integrated (converged) with the technologies of industrial artificial intelligence. The generalized structural scheme of the cognitive cycle of the information security system of the museum complex was considered. The characteristic of the basic processes realized in a cognitive contour was given.   

scholarly journals Organizational Information Security Management for Sustainable Information Systems: An Unethical Employee Information Security Behavior Perspective

2020 ◽  
Vol 12 (8) ◽  
pp. 3163
Author(s):  
Amanda M. Y. Chu ◽  
Mike K. P. So
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Management ◽  
Information Security Management ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Different Types ◽  
Employee Information ◽  
Willingness To Report ◽  
Security Incidents

This article examines the occurrences of four types of unethical employee information security behavior—misbehavior in networks/applications, dangerous Web use, omissive security behavior, and poor access control—and their relationships with employees’ information security management efforts to maintain sustainable information systems in the workplace. In terms of theoretical contributions, this article identifies and develops reliable and valid instruments to measure different types of unethical employee information security behavior. In addition, it investigates factors affecting different types of such behavior and how such behavior can be used to predict employees’ willingness to report information security incidents. In terms of managerial contributions, the article suggests that information security awareness programs and perceived punishment have differential effects on the four types of unethical behavior and that certain types of unethical information security behavior exert negative effects on employees’ willingness to report information security incidents. The findings will help managers to derive better security rules and policies, which are important for business continuity.

Why not comply with information security? An empirical approach for the causes of non-compliance

2017 ◽  
Vol 41 (1) ◽  
pp. 2-18 ◽  
Author(s):  
Inho Hwang ◽  
Daejin Kim ◽  
Taeha Kim ◽  
Sanghyun Kim
Keyword(s):  
Information Security ◽  
Structural Equation ◽  
Measurement Model ◽  
Critical Issue ◽  
Security System ◽  
Service Firms ◽  
Security Systems ◽  
Content Type ◽  
Security Education ◽  
Systems Security

Purpose The purpose of this paper is to empirically investigate the negative casual relationships between organizational security factors (security systems, security education, and security visibility) and individual non-compliance causes (work impediment, security system anxiety, and non-compliance behaviors of peers), which have negative influences on compliance intention. Design/methodology/approach Based on literature review, the authors propose a research model together with hypotheses. The survey questionnaires were developed to collect data, which then validated the measurement model. The authors collected 415 responses from employees at manufacturing and service firms that had already implemented security policies. The hypothesized relationships were tested using the structural equation model approach with AMOS 18.0. Findings Survey results validate that work impediment, security system anxiety, and non-compliance peer behaviors are the causes of employee non-compliance. In addition, the authors found that security systems, security education, and security visibility decrease instances of non-compliance. Research limitations/implications Organizations should establish a mixture of security investment in their systems, education, and visibility in order to effectively reduce employees’ non-compliance. In addition, organizations should recognize the importance of minimizing the particular causes of employees’ non-compliance to positively increase intentions to comply with information security. Originality/value An important issue in information security management is employee compliance. Understanding the reasons behind employees’ non-compliance is a critical issue. This paper investigates empirically why employees do not comply, and how organizations can induce employees to comply by a mixture of investments in security systems, education, and visibility.

scholarly journals METHODS OF SYSTEM ANALYSIS IN THE FORMATION OF INFORMATION SECURITY POLICY ON TRANSPORT

2021 ◽  
Vol 1 (13) ◽  
pp. 81-91
Author(s):  
Valerii Lakhno ◽  
Borys Husiev ◽  
Victor Smolii ◽  
Andrii Blozva ◽  
Dmytro Kasatkin ◽  
...  
Keyword(s):  
Information Security ◽  
Optimal Strategy ◽  
Security Policy ◽  
System Analysis ◽  
System Development ◽  
Optimal Solution ◽  
Security System ◽  
Enterprise Management ◽  
Final Decision ◽  
Advantages And Disadvantages

Approaches to the application of methods of system analysis to solve problems related to information security of enterprises in transport, which have a complex IT structure with a large number of components. It is shown that the active expansion of the areas of informatization of the transport industry, especially in the segment of mobile, distributed and wireless technologies, is accompanied by the emergence of new threats to information security. It is shown that in order to build an effective information security system, the selection and implementation of adequate technical means of protection should be preceded by a stage of description, analysis and modeling of threats, vulnerabilities, followed by calculation of risks for IS and determining the optimal strategy for information security system. After evaluating the different NIB options according to several criteria, a decision is made: if the recommendations coincide, the optimal solution is chosen with greater confidence. If there is a contradiction of recommendations, the final decision is made taking into account its advantages and disadvantages, for example, the strategy of information security system development is chosen, which turned out to be optimal for at least two criteria. If different NIB development strategies are obtained for all three criteria, it is necessary to vary the values of pessimism-optimism in the Hurwitz criterion or change the data, for example, about possible threats to IP or automated enterprise management system. An algorithm for modeling the decision-making process for selecting the optimal strategy for managing investment design components of the information security system for the transport business entity is proposed.

scholarly journals DETERMINING THE PRIORITY OF CYBER SECURITY MEASURES FOR INCOMPLETE EXPERT RANKING

2020 ◽  
pp. 9-15
Author(s):  
Hryhoriy Hnatienko ◽  
Natalia Tmenova
Keyword(s):  
Information Security ◽  
Cyber Security ◽  
Human Life ◽  
Security System ◽  
Security Measures ◽  
Organizational System ◽  
Team Members ◽  
Expert Team ◽  
Expert Ranking ◽  
Choice Tasks

High-quality functioning of the information security system and solving problems that arise in the information protection, is currently a topical trend in various areas of human life. Successful cyber protection consist in creating and implementing a multi-level system of measures that cover various aspects with complex interact and complement each other. These measures have a different nature, and their priorities may differ significantly in terms of different services of the organization, so it is logical to formalize the sequence of cybersecurity implementation in a class of group choice tasks. The paper proposes a flexible mathematical apparatus for modeling information security problems and adequate application of the opinion analysis of experts’ team in practice. The approach to finding the resultant ranking of measures priority is described as a solution to the problem of multicriteria optimization, where the sequence of measures implementation may involve the interaction of performers and require regulation of the actions sequence of all elements and subsystems of the organizational system. This approach allows to combine different information security measures proposed by the experts of various departments; to find a compromise solution for a diverse group of experts; not to violate any expert's preferences under calculating the compromise ranking of cyber security measures. The proposed approach can be useful in developing appropriate cybersecurity measures and favorable in developing and implementing of rapid response procedures to threats, as well as it can be indispensable in the overall building or improving organization security system and it can contain elements of training, coordination, and complexity of expert team members, who are the heads of units of a single organizational system.

scholarly journals MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

2021 ◽  
Vol 335 (1) ◽  
pp. 14-18
Author(s):  
N. Baisholan ◽  
K.E. Kubayev ◽  
T.S. Baisholanov
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
Business Processes ◽  
Security Audit ◽  
Security Systems ◽  
Security Models ◽  
Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

scholarly journals ANALYSIS OF MATHEMATICAL METHODS OF MULTI-CRITERIA OPTIMIZATION AND DYNAMIC MANAGEMENT OF CYBERSECURITY RESOURCES OF INFORMATIZATION OBJECTS

2020 ◽  
Vol 72 (4) ◽  
pp. 162-167
Author(s):  
S.A. Аdiljanova ◽  
◽  
G.A. Тulepberdinova ◽  
M.J. Sakypbekova ◽  
N.A. Тekesbayeva ◽  
...  
Keyword(s):  
Genetic Algorithm ◽  
Information Security ◽  
Communication Systems ◽  
Cyber Attacks ◽  
Security System ◽  
Mathematical Methods ◽  
Dynamic Configuration ◽  
Security Systems ◽  
Dynamic Management ◽  
Information And Communication

The article discusses the possibility of modifying the genetic algorithm (GA) to solve the problems of selection, optimization and management of the dynamic configuration of information security means for the security chain of information and communication systems (ICS). The scientific novelty of the work lies in the fact that GA recommends using the total cost of information loss risks, as well as cost indicators for each class of information security systems as a criterion for optimizing the composition of the information security system. The genetic algorithm is considered as a kind of problem associated with multiple choice when optimizing the choice of information content of information security and solving problems of dynamic management of cybersecurity resources. In this concept, the optimization of the placement of the information security system along the security chain is considered as a modification of the combined backpack problem. The proposed approach allows not only to quickly calculate various versions of software and hardware information systems and their combinations for ICS, but also to dynamically manage the proposed algorithm with existing models and algorithms to optimize the composition of ICS cybersecurity chains and cybersecurity resources of various information objects. It is possible that such a combination of models and algorithms will quickly restore ICS protection by configuring profiles in accordance with the classes of new threats and cyber attacks.

scholarly journals Monitoring of information security system elements in the metallurgical enterprises

2018 ◽  
Vol 183 ◽  
pp. 01007
Author(s):  
Justyna Żywiołek
Keyword(s):  
Information Security ◽  
Information Management ◽  
Security System ◽  
Information Flows ◽  
Process Information ◽  
Security Incidents ◽  
Monitoring Information

The article concerns the monitoring of elements of the information security system in an enterprise. The purpose of the research was to determine the reasons for monitoring information flows in the surveyed enterprise. The identification of information flows facilitates information management, empowering individuals to process information and preventing information security incidents. The implementation of information management methods facilitates monitoring the information security status.

Sign in / Sign up

Export Citation Format

Share Document