A Review of Cyber-security Measuring and Assessment Methods for Modern Enterprises

Regarding the huge spread of technology among individuals and enterprises, technologies and electronic communications become one of the most important pillars of the operation of small and large enterprises alike, and the source of education and entertainment for individuals, this led to thinking about the risks of reliance on this technology and the impact on the economic index of enterprises market, reputation and the safety of individuals and enterprises, these fears forced the experts and decision-makers to think about information security and develop new methods to measure and assess the level of protection of information and data in enterprises and privacy of individuals. This paper introducing a review of recent cyber-security measuring and assessment methodologies and tools based on industry best practices for the measure and assesses of network security and protection of a modern enterprise data network. The analysis is based on a study the methods for the measurement and assessment of information security at the physical and technical level, penetration testing and identification of weaknesses in the cyber-security system followed and policies used in modern enterprises. A comprehensive description of the strengths, weaknesses, and licensing conditions for tools is presented. Moreover, major security requirements associated with modern enterprises is discussed and analyzed to discover vulnerability in the existing systems and explain the potential impact of this vulnerability.

Download Full-text

Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security

Symmetry ◽

10.3390/sym12040664 ◽

2020 ◽

Vol 12 (4) ◽

pp. 664 ◽

Cited By ~ 4

Author(s):

Rajeev Kumar ◽

Abhishek Kumar Pandey ◽

Abdullah Baz ◽

Hosam Alhakami ◽

Wajdi Alhakami ◽

...

Keyword(s):

Decision Making ◽

Information Security ◽

Information Management ◽

Cyber Security ◽

Cyber Attacks ◽

Multi Criteria Decision Making ◽

Local Hospital ◽

Healthcare Information ◽

Security Breaches ◽

The Impact

Growing concern about healthcare information security in the wake of alarmingly rising cyber-attacks is being given symmetrical priority by current researchers and cyber security experts. Intruders are penetrating symmetrical mechanisms of healthcare information security continuously. In the same league, the paper presents an overview on the current situation of healthcare information and presents a layered model of healthcare information management in organizations. The paper also evaluates the various factors that have a key contribution in healthcare information security breaches through a hybrid fuzzy-based symmetrical methodology of AHP-TOPSIS. Furthermore, for assessing the effect of the calculated results, the authors have tested the results on local hospital software of Varanasi. Tested results of the factors are validated through the comparison and sensitivity analysis in this study. Tabulated results of the proposed study propose a symmetrical mechanism as the most conversant technique which can be employed by the experts and researchers for preparing security guidelines and strategies.

Download Full-text

ANALYSIS OF THE STATE OF CYBER SECURITY IN THE LEADING COUNTRIES OF THE WORLD

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2019.4.613 ◽

2019 ◽

pp. 6-13

Author(s):

Yurii I. Khlaponin ◽

Svitlana V. Kondakova ◽

Yevheniia Ye. Shabala ◽

Liliia P. Yurchuk ◽

Pavlo S. Demianchuk

Keyword(s):

Information Security ◽

Social Relations ◽

Cyber Security ◽

Developed Countries ◽

Legal Regulation ◽

Cyber Attacks ◽

The State ◽

Modern World ◽

Electronic Communications ◽

The World

The article is devoted to the study of trends in cybercrime, which is a threat to the country's information security. The place and role of cybersecurity in the system of national security are determined. The state of the system of protection against cyber attacks in the developed countries of the world, such as France, Japan, China, South Korea and the United Kingdom, was analyzed. The main shortcomings and perspectives of protection of cyberspace are revealed. The use of modern information technologies in state structures, as well as in society in general, proposes solving information security problems as one of the main ones. The economy, logistics and security of the country increasingly depend on the technical infrastructure and its security. To improve the effectiveness of the fight against cybercrime, developed countries have long started the appropriate work needed to create their own cyber security strategy. Incidents in the field of cybersecurity affect the lives of consumers information and many other services and cyber attacks aimed at various objects of infrastructure of electronic communications systems or technological processes management. Modern world trends in the development of cybercrime and the strengthening of cyber attacks indicate an increase in the value of combating it for the further development of society, which in turn predetermines the assignment of certain groups of social relations of the cybersphere to the competence of legal regulation. The current situation with cybercrime requires constant improvement of methods the fight against cybercrime, the development of information systems and methods aimed at ensuring the cyber security of the country. Necessary tasks are the development of a national strategy on cybersecurity, which will include tactical and strategic priorities and tasks in this area for state bodies. So, the issue of cyberspace security, the fight against cybercrime is relevant both at the international level and at the level of the individual country, and therefore needs further consideration.

Download Full-text

Effectiveness of nudges on small business tax compliance behavior

Journal of Behavioral Public Administration ◽

10.30636/jbpa.32.141 ◽

2020 ◽

Vol 3 (2) ◽

Author(s):

Laura Leets ◽

Amber Sprenger ◽

Robert Hartman ◽

Nicholas Kohn ◽

Juli Simon Thomas ◽

...

Keyword(s):

Tax Compliance ◽

Business Owners ◽

Decision Makers ◽

Social Utility ◽

Effect Sizes ◽

Average Amount ◽

Compliance Behavior ◽

Potential Impact ◽

Reminder Letters ◽

The Impact

There has been a surge of basic and applied interest in exploring how small changes in decision contexts might be used to improve heuristic decision-making, “nudging” decision-makers toward choices that increase individual and social utility. The present study tested the impact of three types of nudges on tax compliance among delinquent businesses (n=3,130) in the state of Pennsylvania: (1) sending reminder letters that almost identically matched original tax delinquency notices, (2) sending redesigned reminder letters that simplified text and layout, increased the salience of critical information, and included an “Act Now” urgency statement, and (3) sending redesigned reminder letters with handwritten notes on the envelope. Redesigned reminder letters significantly increased the number of business owners who responded and the amount of delinquency paid within 15 days of receiving the notices. The addition of a handwritten note on the outside of the envelope did not additionally increase response rates or payment amount. Although the effect sizes observed in this study were small, the potential impact is large given the number of delinquent businesses and the average amount of taxes owed in Pennsylvania.

Download Full-text

The Role of User Behaviour in Improving Cyber Security Management

Frontiers in Psychology ◽

10.3389/fpsyg.2021.561011 ◽

2021 ◽

Vol 12 ◽

Author(s):

Ahmed A. Moustafa ◽

Abubakar Bello ◽

Alana Maurushat

Keyword(s):

Information Security ◽

Computer Science ◽

Computer System ◽

Cyber Security ◽

Science Studies ◽

Social Engineering ◽

Psychological Traits ◽

User Behaviour ◽

Long Time ◽

The Impact

Information security has for long time been a field of study in computer science, software engineering, and information communications technology. The term ‘information security’ has recently been replaced with the more generic term cybersecurity. The goal of this paper is to show that, in addition to computer science studies, behavioural sciences focused on user behaviour can provide key techniques to help increase cyber security and mitigate the impact of attackers’ social engineering and cognitive hacking methods (i.e., spreading false information). Accordingly, in this paper, we identify current research on psychological traits and individual differences among computer system users that explain vulnerabilities to cyber security attacks and crimes. Our review shows that computer system users possess different cognitive capabilities which determine their ability to counter information security threats. We identify gaps in the existing research and provide possible psychological methods to help computer system users comply with security policies and thus increase network and information security.

Download Full-text

THE ROLE OF INTERNAL AUDIT IN THE FIGHT AGAINST CYBER CRIME

EMC Review - Časopis za ekonomiju - APEIRON ◽

10.7251/emc2002514t ◽

2020 ◽

Vol 20 (2) ◽

Author(s):

Zdravko Todorović ◽

Boris Todorović ◽

Darko Tomaš

Keyword(s):

Internal Control ◽

Cyber Security ◽

Internal Audit ◽

International Standards ◽

Security Requirements ◽

Cyber Crime ◽

Global Business ◽

Research Results ◽

Internal Auditors ◽

The Impact

The internet is constantly changing the way we live and conduct business. Global business surroundings impose all organizations across to have a secure digital infrastructure for fighting against cybercrime. Cyber crime is on the raise in this decade. Cyber crime is a criminal activity that is focused against compromising security of information systems in enterprises, in order to acquire certain profits, or to incur damage, theft or loss. Types of cyber crime include theft, evasion, or using information in order to unlawfully obtain profits from them. This paper will present certain information about cyber crime and most common types of it. According to international standards for internal audits, internal auditors are authorized for fight against fraud, which means authorization for fight against cyber crime. Main purpose of this paper is to find model for organizing internal audit for purpose of fighting cyber crime. Therefore, it is necessary to determine: internal audit standards that your organization must adhere to in fight against cybercrime, identify security requirements for standards, determine the goals, risks and security policy of the organization, raise employee awareness of the dangers of cybercrime, involve top management in the orbit against cybercrime, conduct employee training on data security and the like. Cyber security is basically about managing future risk, and requires insight into current and future vulnerabilities and how to prevent or reduce them, the likelihood of threats and costs associated with potential outcomes, and how to mitigate them. Internal auditors must be aware of impending regulatory changes based on IIA standards (The International Standards for the Professional Practice of Internal Auditing) related to computer security. Internal auditors should understand the impact of cyber threats on the organization. In particular, they should include this in their internal audit plan based on the risk of cybercrime. Internal auditors should have a strong partnership with the CIO (Chief Information Officer) and CISO (Chief Information Security Officer), for the sake of a trusted advisor in the fight against cybercrime. Internal auditors should provide an independent overview of the cyber security strategy. Modal will be based on COSO (The Committee of Sponsoring Organizations of the Treadway Commission’s) Internal Control — Integrated Framework and will feature five core principles: 1) creating control environment for fighting against cyber crime, 2) risk assessment for cyber crime, 3) projecting and implementing activities for fighting against cyber crime, and 5) monitoring activities. Research results will show new scientific facts and knowledge about methods for fighting cyber crime worldwide. Managers and internal auditors will have practical benefit from research results for implementing cyber crime prevention programs.

Download Full-text

The Impact of Information Security International Standards : Enhancing the Efficiency of E-Publishing over Cloud Computing

10.24086/cocos17.17 ◽

2017 ◽

Cited By ~ 1

Author(s):

Thabit Thabit ◽

Yaser Jasim

Keyword(s):

Cloud Computing ◽

Information Security ◽

International Standards ◽

The Impact

Download Full-text

ANALYSIS AND ASSESSMENT OF METHODS AND MEANS OF DESTRUCTING INFORMATION FROM MAGNETIC MEDIA AS AN ELEMENT OF MODERN INFORMATION SECURITY

Collection of scientific works of Odesa Military Academy ◽

10.37129/2313-7509.2019.11.99-112 ◽

2019 ◽

pp. 99-112 ◽

Cited By ~ 1

Author(s):

O. Semenenko ◽

Y. Dobrovolsky ◽

V. Koverga ◽

O. Sechenev

Keyword(s):

Information Security ◽

Information Exchange ◽

Integrated Approach ◽

Operating Conditions ◽

Security Requirements ◽

Magnetic Media ◽

Security Technologies ◽

Analysis Of Means ◽

Complex Development ◽

Modern Information

Evolution of security technologies shows that only the concept of an integrated approach to information security can provide modern information security requirements. A comprehensive approach means the complex development of all the necessary methods and means of information protection. Today, the information exchange and information systems in the Ministry of Defense of Ukraine have certain means and approaches to the destruction of information, but each of them has different estimates of the effectiveness of their use, as well as different cost of their purchase and use. Therefore, the main purpose of the article is to carry out a comprehensive analysis of means of destroying confidential information of methods of its destruction in order to formulate practical recommendations for choosing the most effective and economically feasible for the Ministry of Defense of Ukraine. The perfection of methods and means of destroying information from magnetic media is an important element of modern information security. The results of the analysis carried out in the article are the disclosure of the main features of modern devices for the elimination of magnetic records, as well as the ability to formulate a list of basic requirements for modern devices for the destruction of information from magnetic media. Today, technical means of information security, in particular, the elimination of information on magnetic media, are constantly being improved, absorbing the latest advances in modern security technologies. Their model range, which takes into account the diversity of customer requirements, such as the type of energy supply, the level of mobility, reliability and operating conditions, expands. All this determines the relevance of research topics in this direction in the future.

Download Full-text

What is the Business with AI? Preparing Future Decision Makers and Leaders

Technology & Innovation ◽

10.21300/21.4.2020.4 ◽

2020 ◽

Author(s):

Helena S. Wisniewski

Keyword(s):

Data Science ◽

Decision Makers ◽

Management Skills ◽

Business Courses ◽

College Of Business ◽

College Of Engineering ◽

Investment Firm ◽

Business Curricula ◽

The University ◽

The Impact

With companies now recognizing how artificial intelligence (AI), digitalization, the internet of things (IoT), and data science affect value creation and the maintenance of a competitive advantage, their demand for talented individuals with both management skills and a strong understanding of technology will grow dramatically. There is a need to prepare and train our current and future decision makers and leaders to have an understanding of AI and data science, the significant impact these technologies are having on business, how to develop AI strategies, and the impact all of this will have on their employees’ roles. This paper discusses how business schools can fulfill this need by incorporating AI into their business curricula, not only as stand-alone courses but also integrated into traditional business sequences, and establishing interdisciplinary efforts and collaborative industry partnerships. This article describes how the College of Business and Public Policy (CBPP) at the University of Alaska Anchorage is implementing multiple approaches to meet these needs and prepare future leaders and decision makers. These approaches include a detailed description of CBPP’s first AI course and related student successes, the integration of AI into additional business courses such as entrepreneurship and GSCM, and the creation of an AI and Data Science Lab in partnership with the College of Engineering and an investment firm.

Download Full-text

How Bad is it? – A Branching Activity Model to Estimate the Impact of Information Security Breaches

SSRN Electronic Journal ◽

10.2139/ssrn.2233075 ◽

2013 ◽

Cited By ~ 5

Author(s):

Russell Cameron Thomas ◽

Marcin Antkiewicz ◽

Patrick Florer ◽

Suzanne Widup ◽

Matthew Woodyard

Keyword(s):

Information Security ◽

Activity Model ◽

Security Breaches ◽

The Impact

Download Full-text

Hospital Informatization in China During the COVID-19 Pandemic: A Cross-Sectional Internet-Based Survey Study (Preprint)

10.2196/preprints.25778 ◽

2020 ◽

Author(s):

Ke Zeng ◽

Weiguo Zhu ◽

Caiyou Wang ◽

Liyan Zhu

Keyword(s):

Information Technology ◽

Information Security ◽

Medical Information ◽

Survey Study ◽

Chinese Government ◽

Qr Code ◽

Cross Sectional ◽

Network Information ◽

Tertiary Hospitals ◽

The Impact

BACKGROUND The rapid spread of COVID-19 has created a severe challenge to China’s healthcare system. Hospitals across the country reacted quickly under the leadership of the Chinese government and implemented a range of informatization measures to effectively respond to the COVID-19. OBJECTIVE To understand the impact of the pandemic on the medical business of Chinese hospitals and the difficulties faced by hospital informatization construction. To discuss the application of hospital informatization measures during the COVID-19 pandemic. To summarize the practical experience of hospitals using information technology to fight the pandemic. METHODS Performing a cross-sectional on-line questionnaire survey in Chinese hospitals, of which the participants are invited including hospital information staff, hospital administrators, medical staff, etc. Statistical analyzing the collected data by using SPSS version 24. RESULTS A total of 804 valid questionnaires (88.45%) are collected in this study from 30 provinces in mainland China, of which 731 (90.92%) were filled out by hospital information staff. 473 (58.83%) hospitals are tertiary hospitals while the remaining 331 (41.17%) are secondary hospitals. The majority hospitals (82.46%) had a drop in their business volume during the pandemic and a more substantial drop is found in tertiary hospitals. 70.40% (n=566) of hospitals have upgraded or modified their information systems in response to the epidemic. The proportion of tertiary hospitals that upgraded or modified systems is significantly higher than that of secondary hospitals. Internet hospital consultation (70.52%), pre-check and triage (62.56%), telemedicine (60.32%), health QR code (57.71%), and telecommuting (50.87%) are the most used informatization anti-pandemic measures. There are obvious differences in the application of information measures between tertiary hospitals and secondary hospitals. Among these measures, most of them (41.17%) are aiming at serving patients and most of them (62.38%) are universal which continue to be used after pandemic. The informatization measures are mostly used to control the source of infection (48.19%), such as health QR Code, etc. During the pandemic, the main difficulties faced by the hospital information department are “information construction projects are hindered” (58.96%) and “increased difficulty in ensuring network information security” (58.58%). There are significant differences in this issue between tertiary hospitals and secondary hospitals. The shortcomings of hospital informatization that should be made up for are “shorten patient consultation time and optimize consultation process” (72.51%), “Ensure network information security” (72.14%) and “build internet hospital consultations platform” (59.95%). CONCLUSIONS A significant number of innovative medical information technology have been used and played a significant role in all phases of COVID-19 prevention and control in China. Since the COVID-19 brought many challenges and difficulties for informatization work, hospitals need to constantly improve their own information technology skills to respond to public health emergencies that arise at any moment.

Download Full-text