Ontology Based Multi Agent Modelling for Information Security Measurement

2012 ◽  
pp. 225-255
Author(s):  
Partha Saha ◽  
Ambuj Mahanti
Keyword(s):  
Information Security ◽  
Denial Of Service ◽  
Malicious Code ◽  
Multiple Sources ◽  
Security Governance ◽  
Computer Hacking ◽  
Legal Obligations ◽  
Industry Standards ◽  
Wide Range ◽  
Multi Agent

IT security governance bridges the gap between corporate governance and information security which is defined as the protection of information and other valuable assets in the organization from a wide range of threats in order to maximize ROI (Return On Investment) and minimize risk. These risks emanate from multiple sources like espionage, sabotage, malicious code, computer hacking, sophisticated denial of service attacks, vandalism, fire, flood, and other natural or manmade calamities. Information security in an organization is achieved by implementing suitable sets of safeguards or controls, including policies, processes, procedures etc. These controls need to be established, monitored, and suitably implemented across organization to ensure smooth functioning of business. There are existing sets of internationally recognized standards like CobiT, ISO17799, and others available, which are country and industry specific. These standards include a set of specific controls. Organizations operating in a particular country should be compliant of these standards, and as often these are legal obligations. Stakeholders and auditors are concerned with discrepancies that accrue in the implementation phases of implementation of these standards in any organization. Compliance Auditing (CA) is the process that identifies and analyses any misalignment of the organization’s rules and policies with respect to government regulations/industry best practices, which they are supposed to implement. A distinct challenge in compliance auditing is the measurement of discrepancies between company policies, controls, and industry standards vis-a-vis actual organizational practices.

Information Security Governance

2012 ◽  
pp. 293-315 ◽  
Author(s):  
Mamoun Alazab ◽  
Sitalakshmi Venkatraman ◽  
Paul Watters ◽  
Moutaz Alazab
Keyword(s):  
Information Security ◽  
Digital Forensics ◽  
Forensic Analysis ◽  
Malicious Code ◽  
Computing Systems ◽  
Detection Techniques ◽  
Security Governance ◽  
Information Security Governance ◽  
Current Detection ◽  
Innovative Techniques

Detecting malicious software or malware is one of the major concerns in information security governance as malware authors pose a major challenge to digital forensics by using a variety of highly sophisticated stealth techniques to hide malicious code in computing systems, including smartphones. The current detection techniques are futile, as forensic analysis of infected devices is unable to identify all the hidden malware, thereby resulting in zero day attacks. This chapter takes a key step forward to address this issue and lays foundation for deeper investigations in digital forensics. The goal of this chapter is, firstly, to unearth the recent obfuscation strategies employed to hide malware. Secondly, this chapter proposes innovative techniques that are implemented as a fully-automated tool, and experimentally tested to exhaustively detect hidden malware that leverage on system vulnerabilities. Based on these research investigations, the chapter also arrives at an information security governance plan that would aid in addressing the current and future cybercrime situations.

Forewarned is forearmed

2019 ◽  
Vol 26 (8) ◽  
pp. 2443-2467
Author(s):  
S. Vijayakumar Bharathi
Keyword(s):  
Risk Assessment ◽  
Decision Making ◽  
Information Security ◽  
Denial Of Service ◽  
Malicious Code ◽  
Content Type ◽  
Pareto Analysis ◽  
Security Issues ◽  
Risks Assessment ◽  
Risk Taxonomy

Purpose Internet of Things (IoT) interconnects many heterogeneous devices to each other, collecting and processing large volumes of data for decision making without human intervention. However, the information security concern it brings has attracted quite a lot of attention, and, at this stage, the smart step would be to analyze the security issues of IoT platform and get to the state of readiness before embarking upon this attractive technology. The purpose of this paper is to address these issues. Design/methodology/approach IoT risk assessment through the application of the analytical hierarchy process (AHP), a favorite multi-criteria decision making technique, is proposed. The IoT risks are prioritized and ranked at different layers, before which a well-defined IoT risk taxonomy is defined comprising of 25 risks across six layers of the IoT model for developing control and mitigation plans for information security of IoT. Findings People and processes layer, network layer and applications layer are the top three critical layers with risks like the lack of awareness, malware injection, malicious code injection, denial of service and inefficient policies for IoT practice get the highest priority and rank. Pareto analysis of the overall risk factors revealed that the top ten factors contribute to 80 percent of the risks perceived by information security experts. Research limitations/implications The study focuses only on certain predefined constructs or layers of the IoT model traced from legacy studies. It is essential to re-look these constructs on a timely basis to prolong the results’ validity. The study’s empirical scope is confined only to the risk perception of select IoT experts and does not encompass a broader segment of the IoT ecosystem. Therefore, the risks assessment may not be sweeping to a bigger audience. Practical implications The study implications are two-fold: one it consolidates the earlier siloed works to intensify the need for risk assessment in the IoT domain, and second the study brings yet another contextual avenue of extending the application AHP and Pareto principle combination. The paper also draws specific critical organizational interventions about IoT risks. A comprehensive approach to prioritizing and ranking IoT risks are present in this research paper. Originality/value The contribution of this study to the benchmarking of IoT risk assessment is two-fold. One, a comprehensive risk assessment taxonomy is proposed, and two, the risks are prioritized and ranked to give a convincing reference for the organizations while making information security plans for IoT technology.

The use of intelligent agents in modeling an integrated information system of transport logistics

2020 ◽  
Vol 5 ◽  
pp. 59-66
Author(s):  
Y.M. Iskanderov ◽  
Keyword(s):  
Information System ◽  
Supply Chains ◽  
Intelligent Agents ◽  
Technological Processes ◽  
Transport Services ◽  
Wide Range ◽  
Integrated Information System ◽  
Multi Agent ◽  
Transport Logistics ◽  
Integrated Information

Aim. The use of intelligent agents in modeling an integrated information system of transport logistics makes it possible to achieve a qualitatively new level of design of control systems in supply chains. Materials and methods. The article presents an original approach that implements the possibilities of using multi-agent technologies in the interests of modeling the processes of functioning of an integrated information system of transport logistics. It is shown that the multi-agent infrastructure is actually a semantic shell of the information system, refl ecting the rules of doing business and the interaction of its participants in the supply chains. The characteristic of the model of the class of an intelligent agent, which is basic for solving problems of management of transport and technological processes, is given. Results. The procedures of functioning of the model of integration of information resources of the participants of the transport services market on the basis of intelligent agents are considered. The presented procedures provide a wide range of network interaction operations in supply chains, including traffi c and network structure “fl exible” control, mutual exchange of content and service information, as well as their distributed processing, and information security. Conclusions. The proposed approach showed that the use of intelligent agents in modeling the functioning of an integrated information system makes it possible to take into account the peculiarities of transport and technological processes in supply chains, such as the integration of heterogeneous enterprises, their distributed organization, an open dynamic structure, standardization of products, interfaces and protocols.

Memories of Tiananmen

2021 ◽  
Author(s):  
Francis Lee ◽  
Joseph Man Chan
Keyword(s):  
Hong Kong ◽  
Collective Memory ◽  
Digital Media ◽  
Political Communication ◽  
Civil Liberties ◽  
Significant Degree ◽  
Historical Period ◽  
Multiple Sources ◽  
News Reports ◽  
Wide Range

This book analyzes how collective memory regarding the 1989 Beijing student movement and the Tiananmen crackdown was produced, contested, sustained, and transformed in Hong Kong between 1989 and 2019. Drawing on data gathered through multiple sources such as news reports, digital media content, vigil onsite surveys, population surveys, and in-depth interviews with activists, rally participants, and other stakeholders, it identifies six key processes in the dynamics of social remembering: memory formation, memory mobilization, memory institutionalization, intergenerational transfer, memory repair, and memory balkanization. Memories of Tiananmen demonstrates how a socially dominant collective memory, even one the state finds politically irritable, can be generated and maintained through constant negotiation and efforts by a wide range of actors. While the book mainly focuses on the interplay between political changes and Tiananmen commemoration in the historical period within which the society enjoyed a significant degree of civil liberties, it also discusses how the trajectory of the collective memory may take a drastic turn as Hong Kong's autonomy is abridged. The book promises to be a key reference for anyone interested in collective memory studies, social movement research, political communication, and China and Hong Kong studies.

Sign in / Sign up

Export Citation Format

Share Document