An Evaluation of User Password Practice

Digital Business Security Development ◽

10.4018/978-1-60566-806-2.ch005 ◽

2011 ◽

pp. 112-128

Author(s):

John Campbell ◽

Kay Bryant

Keyword(s):

Information Systems ◽

User Authentication ◽

Computer Users ◽

Access To Information ◽

First Line ◽

Security Issues ◽

Meaningful Information ◽

Security Practices ◽

Access Controls ◽

Associated Data

Maintaining the security of information systems and associated data resources is vital if an organization is to minimize losses. Access controls are the first line of defense in this process. The primary function of authentication controls is to ensure that only authorized users have access to information systems and electronic resources. Password-based systems remain the predominant means of user authentication despite viable authentication alternatives. Research suggests that password-based systems are often compromised by poor user security practices. This chapter presents the results of a survey of 884 computer users that examines user practice in creating and reusing password keys, and reports the findings on user password composition and security practices for email accounts. Despite a greater awareness of security issues, the results show that many users still select and reuse weak passwords keys that are based on dictionary words and other meaningful information.

Download Full-text

An Evaluation of User Password Practice

Digital Rights Management ◽

10.4018/978-1-4666-2136-7.ch047 ◽

2013 ◽

pp. 969-980

Author(s):

John Campbell ◽

Kay Bryant

Keyword(s):

Information Systems ◽

User Authentication ◽

Computer Users ◽

Access To Information ◽

First Line ◽

Security Issues ◽

Meaningful Information ◽

Security Practices ◽

Access Controls ◽

Associated Data

Download Full-text

Securing Remote Access to Information Systems of Critical Infrastructure Using Two-Factor Authentication

Electronics ◽

10.3390/electronics10151819 ◽

2021 ◽

Vol 10 (15) ◽

pp. 1819

Author(s):

Rasa Bruzgiene ◽

Konstantinas Jurgilas

Keyword(s):

Information Systems ◽

Identity Management ◽

Critical Infrastructure ◽

User Authentication ◽

Remote Access ◽

Access To Information ◽

Digital Space ◽

Cyber Threats ◽

The Core ◽

Common Target

Information systems of critical infrastructure provide services on which the core functions of a state and its economy depend as well as welfare of society. Such systems are becoming an increasingly common target for crimes and attacks in cyberspace, as their vulnerabilities can be exploited for malicious activities seeking financial or political gain. One of the main reasons that threatens the security of these systems is the weak control of remote access, otherwise defined as management of a system’s user identity. Management of user identity depends on user authentication, authorization and the assignment of certain rights in the digital space. This paper provides the proposed two-factor (2FA) digital authentication method for remote access to an information system of a critical infrastructure. Results of testing the method’s usability and resilience to cyber threats have shown that the system, in which the method was implemented, is protected from dangerous HTTP requests and publicly available system’s endpoints are protected from threatening inputs that could cause malicious activities on the critical infrastructure. Additionally, the implementation of the authentication API application ensures the rapidity of the method for less than 500 ms for 100 users working in parallel with the system at the same time.

Download Full-text

Access and Access Controls

Essentials of Clinical Informatics ◽

10.1093/med/9780190855574.003.0015 ◽

2019 ◽

pp. 162-169

Author(s):

Karl E. Misulis ◽

Mark E. Frisse

Keyword(s):

Information Technology ◽

Information Systems ◽

Health Information Technology ◽

Health Information ◽

Healthcare Systems ◽

Access To Information ◽

Access Controls ◽

Privacy And Confidentiality ◽

Efficient Care ◽

Regulatory Landscape

Evolution of healthcare systems and the constantly changing regulatory landscape continuously alter all facets of health information technology including access. Access to information systems must be controlled in order to protect privacy and confidentiality. Access systems must be flexible enough to be applicable regardless of device and location. While access must be secure, it cannot obstruct the efficient care of patients. Access controls depend on position because privileges and permissions depend on position. These controls are the method of enforcing authorization through mechanisms and policies. This chapter discusses some of the mechanisms of controlling access. Also discussed are some practical considerations for client and device strategy.

Download Full-text

Implementasi Keamanan pada Transaksi Data Menggunakan Sertifikat Digital X.509

Jurnal ULTIMATICS ◽

10.31937/ti.v8i1.496 ◽

2017 ◽

Vol 8 (1) ◽

pp. 1-10

Author(s):

Is Mardianto ◽

Kuswandi Kuswandi

Keyword(s):

Mobile Phone ◽

Web Service ◽

Data Exchange ◽

User Authentication ◽

Digital Certificate ◽

Security Issues ◽

Diffie Hellman ◽

Digital Certificates ◽

Mobile Phone Applications ◽

Secure Hash Algorithm

Security issues have become a major issue on the Internet. One of the security methods that are widely used today is to implement a digital certificate. Digital certificates have evolved over time, one of which is the X.509 digital certificate. Digital certificates have been widely used as authentication applications, web network authentication and other authentication systems that require digital certificates. This research is carried out by implementing an X.509 digital certificate technology as a mobile web service with its client. Secure Hash Algorithm (SHA), Diffie-Hellman, and Advanced Encryption Standard (AES) are used to secure the data exchange transaction between the web service and mobile phone. SHA algorithm will be used for user authentication, Diffie-Hellman algorithm will be used for public key exchange and AES algorithms will be used for symmetric cryptography data. The results of the application of digital certificates, the SHA algorithm, Diffie-Hellman, and AES in mobile phone applications, provide security application running on web service. Index Terms—Digital Certificate, X.509, SHA, Diffie Hellman, AES

Download Full-text

A security study in Portuguese Public Hospitals - GDPR perspective (Preprint)

10.2196/preprints.17896 ◽

2020 ◽

Author(s):

Cátia Santos-Pereira

Keyword(s):

Information Systems ◽

Identity Management ◽

Personal Data ◽

Public Hospitals ◽

Hospital Environment ◽

Security Measures ◽

Eu Member States ◽

Security Issues ◽

Management Processes ◽

Authentication Security

BACKGROUND GDPR was scheduled to be formally adopted in 2016 with EU member states being given two years to implement it (May 2018). Given the sensitive nature of the personal data that healthcare organization process on a 24/7 basis, it is critical that the protection of that data in a hospital environment is given the high priority that data protection legislation (GDPR) requires. OBJECTIVE This study addresses the state of Public Portuguese hospitals regarding GDPR compliance in the moment of GDPR preparation period (2016-2018) before the enforcement in 25 May 2018, and what activities have started since then. The study focuses in three GDPR articles namely 5, 25 and 32, concerning authentication security, identity management processes and audit trail themes. METHODS The study was conducted between 2017 and 2019 in five Portuguese Public Hospitals (each different in complexity). In each hospital, six categories of information systems critical to health institutions were included in the study, trying to cover the main health information systems available and common to hospitals (ADT, EPR, PMS, RIS, LIS and DSS). It was conducted interviews in two phases (before and after GDPR enforcement) with the objective to identify the maturity of information systems of each hospital regarding authentication security, identity management processes and traceability and efforts in progress to avoid security issues. RESULTS A total of 5 hospitals were included in this study and the results of this study highlight the hospitals privacy maturity, in general, the hospitals studied where very far from complying with the security measures selected (before May 2018). Session account lock and password history policy were the poorest issues, and, on the other hand, store encrypted passwords was the best issue. With the enforcement of GDPR these hospitals started a set of initiatives to fill this gap, this is made specifically for means of making the whole process as transparent and trustworthy as possible and trying to avoid the huge fines. CONCLUSIONS We are still very far from having GDPR compliant systems and Institutions efforts are being done. The first step to align an organization with GDPR should be an initial audit of all system. This work collaborates with the initial security audit of the hospitals that belong to this study.

Download Full-text

Embedding security practices in contemporary information systems development approaches

Information Management & Computer Security ◽

10.1108/09685220110401254 ◽

2001 ◽

Vol 9 (4) ◽

pp. 183-197 ◽

Cited By ~ 29

Author(s):

T. Tryfonas ◽

E. Kiountouzis ◽

A. Poulymenakou

Keyword(s):

Information Systems ◽

Systems Development ◽

Information Systems Development ◽

Security Practices

Download Full-text

PRACTICAL IMPLEMENTATION OF THE MODEL OF FORMATION OF CADETS' READINESS TO ENSURE INFORMATION SECURITY IN PROFESSIONAL ACTIVITIES

SOCIETY INTEGRATION EDUCATION Proceedings of the International Scientific Conference ◽

10.17770/sie2021vol1.6470 ◽

2021 ◽

Vol 1 ◽

pp. 119-129

Author(s):

Dmitry Dvoretsky ◽

Natalia Kolesnikova ◽

Oksana Makarkina ◽

Kira Lagvilava

Keyword(s):

Information Systems ◽

Information Security ◽

Information Technologies ◽

The State ◽

Practical Implementation ◽

Positive Trend ◽

Pedagogical Tools ◽

Professional Activities ◽

Security Issues ◽

The Stability

The mass introduction of information technologies in the activities of state structures has made it possible to transfer the efficiency of their functioning to a qualitatively new level. Unfortunately, as a means of action, they have characteristic vulnerabilities and can be used not only for good, but also for harm. For the state, as a guarantor of the stability of a civilized society, the issue of ensuring the security of information processing is particularly important. Despite the automation of many information processes, the most vulnerable link in the work of information systems remains a person. A person acts as an operator of information systems and a consumer of information. The entire service process depends on the competence of the operator and the quality of his perception. There are areas of government activity where the cost of error is particularly high. These include ensuring the life and health of citizens, protecting public order and the state system, and ensuring territorial integrity. The specifics of the spheres must be taken into account when ensuring the security of information. This study concerns official activities that are provided by paramilitary groups. Currently, there is a discrepancy in the level of competence of new personnel in the first months of service. The author traces the shortcomings of general and special professional qualities in the field of information security. The purpose of the study is to substantiate certain pedagogical means of forming cadets ' readiness to ensure information security. As forms of theoretical knowledge, we will use the traditional hypothesis and model, as well as functionally distinguishable judgments – problem, assumption, idea and principle. Empirical forms of knowledge will be observation (experimental method) and fixation of facts. To evaluate the effectiveness of the developed pedagogical tools, we use statistical methods: observation (documented and interrogated) and calculation of generalizing indicators. To formulate conclusions, we will use logical methods: building conclusions and argumentation. The approbation of certain pedagogical tools described in this article showed a significant positive trend in terms of competence in information security issues.

Download Full-text

Internal Control Considerations for Information System Changes and Patches

Advances in Business Information Systems and Analytics - Information Systems and Technology for Organizational Agility, Intelligence, and Resilience ◽

10.4018/978-1-4666-5970-4.ch008 ◽

2014 ◽

pp. 161-179 ◽

Cited By ~ 2

Author(s):

Jeffrey S. Zanzig ◽

Guillermo A. Francia III ◽

Xavier P. Francia

Keyword(s):

Information System ◽

Information Systems ◽

Internal Control ◽

Security Requirements ◽

Information Technology Professionals ◽

Organization Management ◽

Internal Auditors ◽

Security Issues ◽

System Changes ◽

Current Change

The dependence of businesses on properly functioning information systems to allow organizational personnel and outside investors to make important decisions has never been more pronounced. Information systems are constantly evolving due to operational and security requirements. These changes to information systems involve a risk that they could occur in a way that results in improper processing of information and/or security issues. The purpose of this chapter is to consider related guidance provided in a Global Technology Audit Guide (GTAG) from The Institute of Internal Auditors in conjunction with current change and patch management literature in order to assist internal auditors and organizational personnel in better understanding a process that leads to efficient and effective information system changes. The authors describe how internal auditors and information technology professionals can work together with organization management to form a mature approach in addressing both major information system changes and patches.

Download Full-text

Cloud Computing and Cybersecurity Issues Facing Local Enterprises

Cyber Law, Privacy, and Security ◽

10.4018/978-1-5225-8897-9.ch087 ◽

2019 ◽

pp. 1777-1799

Author(s):

Emre Erturk

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Cloud Security ◽

Security Issues ◽

Contemporary Research ◽

Security Practices ◽

It Resources ◽

Security Incidents

This chapter sets out to explore new trends in cyber and cloud security, and their implications for businesses. First, the terminology and assumptions related to cloud computing are stated. Next, the chapter reports on contemporary research around the awareness of security issues, and the security processes within the cloud computing realm. Cyber security poses a different challenge to local small and medium sized organizations, which may seem to have less at stake financially. However, they are more vulnerable, due to fewer resources dedicated toward prevention. A series of serious security incidents may even keep them out of business. Furthermore, security needs to be understood and handled differently in a cloud based environment. Therefore, the chapter identifies unique security practices and recommendations for these businesses to run their IT resources safely in the cloud.

Download Full-text

Soft Systems Methodology in IT-Related Organizational Change

Applications of Soft Systems Methodology for Organizational Change - Advances in Business Strategy and Competitive Advantage ◽

10.4018/978-1-7998-4504-1.ch002 ◽

2021 ◽

pp. 32-54

Keyword(s):

Organizational Change ◽

Information Systems ◽

Information Technologies ◽

Soft Systems Methodology ◽

Main Concern ◽

Systems Methodology ◽

Soft Systems ◽

Meaningful Information ◽

Development Methodology ◽

Is Development

Any organization needs information technologies (IT) to attain efficient process and make effective decisions. The main discussion of this study is focused on IT as a reason of change in an organization. Besides providing a definition for information systems (IS), this chapter aims at explaining soft systems methodology (SSM) as an IS development methodology. Considering seven elements of philosophy, model, techniques and tools, scope, output, practice, and product, it clarified the SSM position in other methodologies. In this concern, it revealed the main concern of using SSM in the development of information systems (i.e., meeting the real needs of the organization through generating meaningful information based on the available data) as represented in five case studies of SSM in IT-related organizational change.

Download Full-text