Data Security Threats Sources

Driven by the difficulty in achieving complete security with technical tools, business investigators are looking into organizational and behavioral issues that could help make systems more secure. This chapter looks at the security of systems from the organizational perspective. Specifically, this study attempts to identify if different organizations have different predisposition to particular type(s) of security threat sources. Using publicly available security breach data from a privacy rights clearinghouse to investigate which organizational characteristics predisposes an institution to an external or internal threat source, it was concluded that as size of organization and the number of its valuable documents increase by one unit, the organization's probability of suffering an internal attacks decrease. Furthermore, when executive members have a business degree rather than information-security-related degrees, the likelihood of suffering an internal attack increases. Also, the probability of an organization suffering an internal or external attack is not based on its industry type.

Download Full-text

Confidential Data Protection as a Means of Ensuring Information Security

KnE Social Sciences ◽

10.18502/kss.v3i2.1528 ◽

2018 ◽

Vol 3 (2) ◽

pp. 85

Author(s):

Chicherov K.A. ◽

Norkina A. N.

Keyword(s):

Information Security ◽

Data Security ◽

Personal Data ◽

Security Threats ◽

Security Measures ◽

Security Threat ◽

Confidential Data ◽

Security Information ◽

Types Of Information ◽

Authorized Access

This article presents issues of protecting confidential data, ways to support information security, types of information security threats resulting in an authorized access to confidential data, countermeasures and security measures to ensure confidential data security. Keywords: confidential data, information security, information security threat(s), personal data, information systems, data security.

Download Full-text

Social engineering as a threat to personal financial security

National Interests Priorities and Security ◽

10.24891/ni.17.1.150 ◽

2021 ◽

Vol 17 (1) ◽

pp. 150-166

Author(s):

Andrei L. LOMAKIN ◽

Evgenii Yu. KHRUSTALEV ◽

Gleb A. KOSTYURIN

Keyword(s):

Information Security ◽

Personal Information ◽

Public Awareness ◽

Social Engineering ◽

Training System ◽

Security Threats ◽

Security Threat ◽

Public And Private ◽

Security Issues ◽

The Government

Subject. As the socio-economic relationships are getting digitalized so quickly, the society faces more and more instances of cybercrime. To effectively prevent arising threats to personal information security, it is necessary to know key social engineering methods and security activities to mitigate consequences of emerging threats. Objectives. We herein analyze and detect arising information security threats associated with social engineering. We set forth basic guidelines for preventing threats and improving the personal security from social engineering approaches. Methods. The study relies upon methods of systems analysis, synthesis, analogy and generalization. Results. We determined the most frequent instances associated with social engineering, which cause personal information security threats and possible implications. The article outlines guidelines for improving the persona; security from social engineering approaches as an information security threat. Conclusions and Relevance. To make information security threats associated with social engineering less probable, there should be a comprehensive approach implying two strategies. First, the information security protection should be technologically improved, fitted with various data protection, antivirus, anti-fishing software. Second, people should be more aware of information security issues. Raising the public awareness, the government, heads of various departments, top executives of public and private organizations should set an integrated training system for people, civil servants, employees to proliferate the knowledge of information security basics.

Download Full-text

Safeguarding the Information Systems in an Organization through Different Technologies, Policies, and Actions

Computer and Information Science ◽

10.5539/cis.v12n2p117 ◽

2019 ◽

Vol 12 (2) ◽

pp. 117

Author(s):

Hend K. Alkahtani

Keyword(s):

Information System ◽

Information Security ◽

Security Policy ◽

Background Information ◽

Security Threats ◽

Security Threat ◽

Information Security Policy ◽

Study Results ◽

Improved Performance ◽

Awareness Level

Background: Information system use has substantially increased among the organization based on its effective integration of the resources and improved performance. The increasing reliance on the information system serves as a great security threat for the firms. Objective: The study intends to evaluate the security of the information system in the organization located in the region of Saudi Arabia, concerning the user’s awareness level. Methods: The quantitative design of the study is adopted which uses the survey approach. A close-ended questionnaire is used for evaluating the awareness level among the individuals. A total of 109 participants (males and females) in the Saudi Company were recruited for the study. Results: Despite the implementation of the policy, employees were unaware of it. The study highlights that the development of the firm’s information security policy requires the firm to make employees aware of the significance of the information security. Conclusion: The study concludes that the organization needs to educate the workforce of the information security policy and develop their necessary understanding of the information security system. This allows the employees to identify and report security threats and risks which helps in the improvement of information security awareness.

Download Full-text

Security Audit Logging in Microservice-Based Systems: Survey of Architecture Patterns

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2021-2-71-80 ◽

2021 ◽

pp. 71-80

Author(s):

Alexander Barabanov ◽

◽

Denis Makrushin ◽

Keyword(s):

Information Security ◽

Service Oriented Architecture ◽

Security Requirements ◽

Incident Management ◽

Security Threats ◽

Security Threat ◽

Audit Process ◽

Internal Event ◽

High Level ◽

Security Standards

Objective. Service-oriented architecture increases technical abilities for attacker to move laterally and maintain multiple pivot points inside of compromised environment. Microservice-based infrastructure brings more challenges for security architect related to internal event visibility and monitoring. Properly implemented logging and audit approach is a baseline for security operations and incident management. The aim of this study is to provide helpful resource to application and product security architects, software and operation engineers on existing architecture patterns to implement trustworthy logging and audit process in microservice-based environments. Method. In this paper, we conduct information security threats modeling and a systematic review of major electronic databases and libraries, security standards and presentations at the major security conferences as well as architecture whitepapers of industry vendors with relevant products. Results and practical relevance. In this work based on research papers and major security conferences presentations analysis, we identified industry best practices in logging audit patterns and its applicability depending on environment characteristic. We provided threat modeling for typical architecture pattern of logging system and identified 8 information security threats. We provided security threat mitigation and as a result of 11 high-level security requirements for audit logging system were identified. High-level security requirements can be used by application security architect in order to secure their products

Download Full-text

Determining Information Security Threats for an IoT-Based Energy Internet by Adopting Software Engineering and Risk Management Approaches

Inventions ◽

10.3390/inventions4030053 ◽

2019 ◽

Vol 4 (3) ◽

pp. 53 ◽

Cited By ~ 2

Author(s):

Chen ◽

Huang

Keyword(s):

Risk Management ◽

Software Engineering ◽

Information Security ◽

Practical Case ◽

Security Threats ◽

Security Threat ◽

Energy Internet ◽

Flow Diagrams ◽

Management Approaches ◽

Functional Components

This paper introduces an information security threat modeling (ISTM) scheme, which leverages the strengths of software engineering and risk management approaches, called I-SERM. The proposed I-SERM scheme effectively and efficiently prioritizes information security threats for IT systems that utilize a large number of sensors, such as Internet of Things (IoT)-based energy systems. I-SERM operations include determining functional components, identifying associated threat types, analyzing threat items, and prioritizing key threats with the use of software engineering tools such as product flow diagrams, use case diagrams, and data flow diagrams. By simultaneously referring to a proposed STRIDE+p matrix and a defined threat breakdown structure with reference score (TBS+r) scheme, the I-SERM approach enables systematic ISTM. To demonstrate the usability of I-SERM, this study presents a practical case aimed at electricity load balancing on a smart grid. In brief, this study indicates a substantive research direction that combines the advantages of software engineering and risk management into a systematic ISTM process. In addition, the demonstration of I-SERM in practice provides a valuable and practical reference for I-SERM application, and contributes to research in the field of information security designs for IoT-based Energy Internet systems.

Download Full-text

An Insight of Information Security: A Skeleton

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.c4922.098319 ◽

2019 ◽

Vol 8 (3) ◽

pp. 2600-2605

Keyword(s):

Information Security ◽

Comparative Study ◽

Data Hiding ◽

Data Security ◽

Digital Signatures ◽

Security Threats ◽

Secret Data ◽

Shared Data ◽

Pros And Cons ◽

Infant Stage

In this age of growing and developing information and technology, data security, integrity and confidentiality are essential aspects related to shared data over some network or medium. Many techniques over the years have been developed for securing the messages from attack or theft or breach of very sensible and essential data when shared over a network. The security threats to data have been ascending, so are the data hiding or securing techniques. This is where Information Security has a role to play. Development of techniques and methods that prevents the essential and secret data being stolen and thus providing security to the data. This paper discusses the significance of Information Security, its evolution since its infant stage and study about various subdomains of the same. This paper also shows a comparative study of various Information Security Techniques, their pros and cons and the applications in various domains. This paper analyses various Information Security methods or techniques based on their various characteristics and effectiveness on securing the data from any adversaries. This includes a study of some benchmark techniques and their subsidiaries along with it. The techniques under focus for analyzing were Watermarking, Digital Signatures, Fingerprinting, Cryptography, Steganography and latest being CryptoSteganography Information Security Technique. The characteristics focused were security-related properties, data or message-related properties, their objectives, drawbacks, applications and algorithms.

Download Full-text

Application of Fractal Methods to Ensure the Cyber-Resilience of Self-Organizing Networks

Nonlinear Phenomena in Complex Systems ◽

10.33581/1561-4085-2019-22-4-336-341 ◽

2019 ◽

Vol 22 (4) ◽

pp. 336-341

Author(s):

D. V. Ivanov ◽

D. A. Moskvin

Keyword(s):

Information Security ◽

Network Structure ◽

Self Regulation ◽

Security Threats ◽

Self Organizing Networks ◽

Self Organizing ◽

Fractal Methods

In the article the approach and methods of ensuring the security of VANET-networks based on automated counteraction to information security threats through self-regulation of the network structure using the theory of fractal graphs is provided.

Download Full-text

Classification of Cloud Systems Cyber-security Threats and Solutions Directives

Application and Theory of Computer Technology ◽

10.22496/atct20170227147 ◽

2017 ◽

Vol 2 (3) ◽

pp. 1

Author(s):

Hanane Bennasar ◽

Mohammad Essaaidi ◽

Ahmed Bendahmane ◽

Jalel Benothmane

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Data Security ◽

Denial Of Service ◽

Security Threats ◽

Huge Number ◽

Open Problems ◽

Long Period ◽

Near Future

Cloud computing cyber security is a subject that has been in top flight for a long period and even in near future. However, cloud computing permit to stock up a huge number of data in the cloud stockage, and allow the user to pay per utilization from anywhere via any terminal equipment. Among the major issues related to Cloud Computing security, we can mention data security, denial of service attacks, confidentiality, availability, and data integrity. This paper is dedicated to a taxonomic classification study of cloud computing cyber-security. With the main objective to identify the main challenges and issues in this field, the different approaches and solutions proposed to address them and the open problems that need to be addressed.

Download Full-text

Security Threat Analyses and Attack Models for Approximate Computing Systems

ACM Transactions on Design Automation of Electronic Systems ◽

10.1145/3442380 ◽

2021 ◽

Vol 26 (4) ◽

pp. 1-31

Author(s):

Pruthvy Yellu ◽

Landon Buell ◽

Miguel Mark ◽

Michel A. Kinsy ◽

Dongpeng Xu ◽

...

Keyword(s):

Error Resilience ◽

Security Threats ◽

Approximate Computing ◽

Security Threat ◽

Security Vulnerabilities ◽

Computing Systems ◽

Quantitative Analyses ◽

Resilience Mechanisms ◽

The Impact ◽

Attack Models

Approximate computing (AC) represents a paradigm shift from conventional precise processing to inexact computation but still satisfying the system requirement on accuracy. The rapid progress on the development of diverse AC techniques allows us to apply approximate computing to many computation-intensive applications. However, the utilization of AC techniques could bring in new unique security threats to computing systems. This work does a survey on existing circuit-, architecture-, and compiler-level approximate mechanisms/algorithms, with special emphasis on potential security vulnerabilities. Qualitative and quantitative analyses are performed to assess the impact of the new security threats on AC systems. Moreover, this work proposes four unique visionary attack models, which systematically cover the attacks that build covert channels, compensate approximation errors, terminate normal error resilience mechanisms, and propagate additional errors. To thwart those attacks, this work further offers the guideline of countermeasure designs. Several case studies are provided to illustrate the implementation of the suggested countermeasures.

Download Full-text

Information security in the South Australian real estate industry

Information Management & Computer Security ◽

10.1108/imcs-10-2012-0060 ◽

2014 ◽

Vol 22 (1) ◽

pp. 24-41 ◽

Cited By ~ 9

Author(s):

Deepa Mani ◽

Kim-Kwang Raymond Choo ◽

Sameera Mubarak

Keyword(s):

Risk Management ◽

Information Security ◽

Real Estate ◽

South Australia ◽

Security Threats ◽

The South ◽

Content Type ◽

The Real ◽

The Real Estate ◽

Real Estate Sector

Purpose – Opportunities for malicious cyber activities have expanded with the globalisation and advancements in information and communication technology. Such activities will increasingly affect the security of businesses with online presence and/or connected to the internet. Although the real estate sector is a potential attack vector for and target of malicious cyber activities, it is an understudied industry. This paper aims to contribute to a better understanding of the information security threats, awareness, and risk management standards currently employed by the real estate sector in South Australia. Design/methodology/approach – The current study comprises both quantitative and qualitative methodologies, which include 20 survey questionnaires and 20 face-to-face interviews conducted in South Australia. Findings – There is a lack of understanding about the true magnitude of malicious cyber activities and its impact on the real estate sector, as illustrated in the findings of 40 real estate organisations in South Australia. The findings and the escalating complexities of the online environment underscore the need for regular ongoing training programs for basic online security (including new cybercrime trends) and the promotion of a culture of information security (e.g. when using smart mobile devices to store and access sensitive data) among staff. Such initiatives will enable staff employed in the (South Australian) real estate sector to maintain the current knowledge of the latest cybercrime activities and the best cyber security protection measures available. Originality/value – This is the first academic study focusing on the real estate organisations in South Australia. The findings will contribute to the evidence on the information security threats faced by the sector as well as in develop sector-specific information security risk management guidelines.

Download Full-text