Cybersecurity

2020 ◽  
pp. 326-340
Author(s):  
Selem Charfi ◽  
Marko Mladenovic
Keyword(s):  
Information Security ◽  
Personal Data ◽  
Hazardous Materials ◽  
Production Lines ◽  
Cyber Threats ◽  
Global Problem ◽  
Do So

Cybersecurity is generally considered as an information security topic, often associated with personal data and information databases: collecting, exposing, corrupting, or deleting these data. However, it is a more global problem, and related to broader aspects, such as controlling cyber-systems. In ICS, the topic of cybersecurity is considered at the operational and responsible level as a secondary threat, and much more as an IT problem. This premise has proven to lead to substantial losses. For example, dangerous aspects in some installation can stress the cybersecurity in ICS, for instance, plants dealing with hazardous materials, as the attackers can take over control of the production lines. This chapter encapsulates points in common on the topic of cybersecurity in IT and ICS. IT has already devoted significant resources into cyber-threats. ICS has yet to do so. To do so, authors review a number of papers dealing with the same topic.

scholarly journals Protection of the Rights and Freedoms of Minors in the Digital Space

2020 ◽  
Vol 14 (2) ◽  
pp. 234-241
Author(s):  
Svetlana Mironova ◽  
Svetlana Simonova
Keyword(s):  
Information Security ◽  
Credit Card ◽  
Personal Data ◽  
The Internet ◽  
Digital Space ◽  
Cyber Threats ◽  
Successful Solution ◽  
Private Citizens ◽  
Special Information

The problem of ensuring information security is currently urgent for the Russian Federation as well as for the whole world. The number of cyber-threats is increasing at a great speed, and they concern not only private citizens, but also organizations, the community and the state. Special attention should be paid to the information security of children and teenagers. Minors are most susceptible to negative influences on the Internet, they risk becoming victims of cyberbullying, fraud and illegal access to personal data. Common threats to the information security of minors include a constant increase in the number of sites with aggressive or illegal content, including those inciting to suicide or abuse of drugs and psychoactive substances, as well as cyber-stalking or virtual sexual harassment. The information security of minors in the digital space is a complex issue, whose successful solution requires a consolidation of legal and information resources. The article analyzes Russian and foreign experience of ensuring the information security of minors. The authors summarize research approaches to solving the problem of protecting minors on the Internet. They present a classification of the most urgent cyber-threats: software-technical (intentional dissemination of viruses and Trojan software), economic (theft and sale of credit card details, phishing-attacks, hacking of payment accounts), and content (public dissemination of any materials, including illegal ones, on the Internet). The authors also examine legal, social and technical measures of ensuring the information security of minors and suggest changes to the current legislation which regulates the information security of minors. The authors also study specific methods of solving this task and outline a number of measures aimed at protecting the rights and freedoms of minors in the digital space (thematic prevention classes for minors, development of special information protection software).

The Shari’a Approach to Contemporary Problems of Mass Surveillance

2020 ◽  
Vol 0 (0) ◽  
Author(s):  
Sattam Eid Almutairi
Keyword(s):  
North America ◽  
Personal Data ◽  
Legal Systems ◽  
Legal Norms ◽  
Muslim Countries ◽  
Norms And Values ◽  
The World ◽  
State Surveillance ◽  
Mass Surveillance ◽  
Do So

AbstractThe phenomenon of mass surveillance has confronted legal systems throughout the world with significant challenges to their fundamental norms and values. These dilemmas have been most extensively studied and discussed in relation to the kind of privacy cultures that exist in Europe and North America. Although mass surveillance creates the same kinds of challenges in Muslim countries, the phenomenon has rarely been discussed from the perspective of Shari’a. This article seeks to demonstrate that this neglect of mass surveillance and other similar phenomena by Shari’a scholars is unjustified. Firstly, the article will address objections that Shari’a does not contain legal norms that are relevant to the modern practice of state surveillance and that, if these exist, they are not binding on rulers and will also seek to show that, whatever terminology is employed, significant aspects of the protection of privacy and personal data that exists in other legal systems is also be found deeply-rooted in Shari’a. Secondly, it will assess the specific requirements that it makes in relation to such intrusion on private spaces and private conduct and how far it can benefit from an exception to the general prohibition on spying. Finally, it is concluded that mass surveillance is unlikely to meet these Shari’a requirements and that only targeted surveillance can generally do so.

scholarly journals Peculiarities of legal regulation of activities of the National Police of Ukraine in the field of ensuring information security in Ukraine

2020 ◽  
Vol 79 (4) ◽  
pp. 32-38
Author(s):  
І. Д. Казанчук ◽  
В. П. Яценко
Keyword(s):  
Information Security ◽  
Legal Regulation ◽  
Legal Analysis ◽  
Legal Principles ◽  
Cyber Threats ◽  
Current State ◽  
Effective System ◽  
Definition Of ◽  
Definition Of Information ◽  
National Police

Based on the analysis of scientific concepts and legal principles the author has provided the definition of information security, provision of information security in Ukraine and has characterized its components. The current state of legal regulation of the organization and activity of cyberpolice units of the National Police of Ukraine has been analyzed. Particular attention has been paid to the legal analysis of the tasks, functions and structure of the Cyberpolice Department of the National Police of Ukraine. Special attention has been drawn to certain shortcomings of Ukrainian legislation in the field of ensuring information security by the police, its compliance with the norms and standards of international law. Taking into account the specifics of the tasks, the author has provided characteristics of the functions of cyberpolice units in the information sphere, which should be divided according to the purpose into: 1) basic (external), which are focused on law enforcement and preventive aspects; 2) auxiliary (intrasystem), which are focused on promoting the implementation of basic functions, the introduction of appropriate management mechanisms within the system. It has been stated that the modern system of ensuring information security and cybersecurity in Ukraine should be one effective system, consisting of such mandatory components as legal, educational and technical. It has been concluded that in order to improve the legal principles for the organization and activities of cyberpolice units of the National Police in the field of ensuring information security and counteracting cyber threats, first of all, it is necessary to optimize the organizational structure of cyberpolice, reasonably distribute the functions (powers) between cyberpolice units and other subjects combating cyber threats in Ukraine, to create appropriate conditions for reaching a qualitatively new level of interaction between them and coordination of their activities in the field of ensuring information security in modern conditions.

scholarly journals Cluster-type models in the logistics industry

2018 ◽  
Vol 7 (1) ◽  
pp. 39
Author(s):  
Anatoliy Nyrkov ◽  
Sergei Sokolov ◽  
Anna Karpina ◽  
Alex Chernyakov ◽  
Vagiz Gaskarov
Keyword(s):  
Information Security ◽  
Data Exchange ◽  
Exchange Process ◽  
Interaction Model ◽  
Personal Data ◽  
Electronic Document ◽  
Automated Control ◽  
Basic Principles ◽  
Logistics Industry ◽  
Hierarchical Interaction

The aim of the present article is to detect the basic principles of secure electronic document circulation (EDCS) systems for multi-location structure with multiple non-uniform connections. As far as the object of research is concerned, transport-logistical clusters are used. It is heterogeneous system with implicit classification. In the article were examined the basic stages of designing, methods and models of information security in electronic document circulation systems, operating in distributed network and interacting with other informational systems. The article contains analysis of regulatory and legal base in information security field of Russian Federation. The model of cluster information flows has been created for research purposes, based on hierarchical interaction model of transport-logistical cluster components. We describe transport-logistical cluster subjects, categorized information and supposed information assets. Based on potential threats and system vulnerabilities, mechanisms of EDCS information security have been described. EDCS data exchange process with another system, containing personal data has been described. As a result, a comprehensive set of measures was formed as well as information security tools based on requirements for data protection of personal data, and automated control systemsand transport-logistical cluster information systems at critical objects.

scholarly journals The phenomenon of cybercrime in modern criminological theory

2020 ◽  
pp. 401-404
Author(s):  
Ihor Kharytonenko
Keyword(s):  
Information Security ◽  
Sharp Increase ◽  
High Mobility ◽  
Criminological Theory ◽  
Information Space ◽  
High Tech ◽  
Cyber Threats ◽  
Current State ◽  
Domestic Legislation ◽  
High Level

The article considers the concepts and signs of cybercrime, the phenomenon of cybercrime through the prism of indicators thatcharacterize it, in particular the level, dynamics, structure. The social conditionality and the current state are determined taking intoaccount various factors that influence the change of quantitative and qualitative indicators. Globalism, a high level of public danger andthe massive consequences of cyber threats are emphasized.It is pointed out that the scale of threats to the information space is not limited to the borders of one country, as modern globalcomputer networks cover the vast majority of countries, which further contributes to a sharp increase in criminal computer professiona lism and high mobility of criminals. Therefore, it is timely to study and analyze the system of rapidly changing high-tech cyberthreats, tactics of interaction in the field of information security, which affects the formation of sustainable development of society, thefunctioning of mechanisms to counter information threats taking into account modern realities.The signs of the phenomenon of cybercrime through the prism of indicators that characterize it are highlighted:– the scale of threats to the information space is not limited to the borders of one state;– changes in the quantitative and qualitative indicators of cybercrime, in particular a sharp increase in criminal computer professionalismand high mobility of criminals;– the level of cybercrime is closely related to the economic level of development of society in different countries and regions;– cyber threats are fast-changing and high-tech;– high level of latency;– the dependence of the geography of distribution on the factor of urbanization;– Cybercrime is a social phenomenon that manifests itself in a set of cybercrimes.It is noted that in order to prevent these crimes it is necessary to conduct further research in social and criminological areas to studythe psychophysiological properties of cybercriminals, improve domestic legislation in the field of state secrets and official information,international cooperation in information security, improve the content of higher education information security professionals states.

scholarly journals Information Security Of Estonia: Experience For Ukraine

2019 ◽  
pp. 26-38
Author(s):  
L.V. Zinych
Keyword(s):  
Information Security ◽  
Critical Infrastructure ◽  
Personal Data ◽  
Information Infrastructure ◽  
Administrative Services ◽  
Personal Data Protection ◽  
The Creation ◽  
The Republic ◽  
The Individual ◽  
Concept Of Information

The article deals with features of information security in the Republic of Estonia. It is noted that the main factors that have helped to increase the level of information security in Estonia are the developed information infrastructure, effective cybersecurity policy and reliable protection of personal data. Cybersecurity depends on a combination of cybercrime, provision of critical infrastructure and e-services, and national defense. In the area of personal data protection, it is reasonable to create a private data market where companies and researchers propose to submit a date of use and license / lease / sale related to offers or license, lease, sell or withdraw their data from use. Analyzing the experience of the Republic of Estonia in information security, there are several factors that have become the basis for the creation of a secure information environment. First, only a comprehensive information policy enables the security of enterprises, institutions, organizations and the state as a whole. Secondly, Estonia has made every effort to ensure cybersecurity (as a component of information security) and has created favorable conditions for the arrival of foreign IT companies with significant capital and innovation. Third, in the context of information security, considerable attention in Estonia is given to the protection and use of personal data, which is carried out as transparently as possible, using digital signatures and encrypted messages. Practical recommendations for Ukraine’s acquisition of Estonia’s information security experience are provided. We believe that raising the level of information security will help a number of the following activities: 1) Create a working group with the involvement of international experts to develop the concept of information security and regulatory support for its activities 2) Ensure the creation of a single national electronic information resource in the concept of information security. 3) Enter a unique national ID for the individual. 4) Create a single secure web portal for electronic services with the possibility of creating electronic offices of individuals for receiving administrative services. Keywords: information security, cybersecurity, information infrastructure, personal data.

scholarly journals Personal data protection as an element of management security of information

2019 ◽  
Vol 2 (1) ◽  
pp. 515-522
Author(s):  
Justyna Żywiołek
Keyword(s):  
Information Security ◽  
Data Protection ◽  
Security Management ◽  
Personal Data ◽  
Systemic Approach ◽  
Information Security Management ◽  
Personal Data Protection ◽  
Standards Of Conduct

Abstract The article highlights the importance of information and the need to manage its security. The importance of information requires a systemic approach, which is why the standards of conduct for managing information security have been approximated. The results of research on information security management in the field of personal data protection have been presented. The research was carried out on a sample of 110 enterprises. The survey was extended to include an analysis of one of the companies subject to the survey. In the following, the case study regarding the production enterprise was also presented.

scholarly journals Fast Packet Inspection for End-To-End Encryption

Electronics ◽  
2020 ◽  
Vol 9 (11) ◽  
pp. 1937
Author(s):  
So-Yeon Kim ◽  
Sun-Woo Yun ◽  
Eun-Young Lee ◽  
So-Hyeon Bae ◽  
Il-Gu Lee
Keyword(s):  
Information Security ◽  
Information Transfer ◽  
High Speed ◽  
Personal Data ◽  
Security System ◽  
Frame Structure ◽  
Inspection Time ◽  
Deep Packet Inspection ◽  
End To End ◽  
Packet Inspection

With the recent development and popularization of various network technologies, communicating with people at any time, and from any location, using high-speed internet, has become easily accessible. At the same time, eavesdropping, data interception, personal data leakage, and distribution of malware during the information transfer process have become easier than ever. Recently, to respond to such threats, end-to-end encryption (E2EE) technology has been widely implemented in commercial network services as a popular information security system. However, with the use of E2EE technology, it is difficult to check whether an encrypted packet is malicious in an information security system. A number of studies have been previously conducted on deep packet inspection (DPI) through trustable information security systems. However, the E2EE is not maintained when conducting a DPI, which requires a long inspection time. Thus, in this study, a fast packet inspection (FPI) and its frame structure for quickly detecting known malware patterns while maintaining E2EE are proposed. Based on the simulation results, the proposed FPI allows for inspecting packets approximately 14.4 and 5.3 times faster, respectively, when the inspection coverage is 20% and 100%, as compared with a DPI method under a simulation environment in which the payload length is set to 640 bytes.

QUANTITATIVE ASSESSMENT OF OPERATING CHARACTERISTICS OF PERSONAL DATA PROTECTION SYSTEMS IN MEDICAL INFORMATION SYSTEMS

2021 ◽  
pp. 92-102
Author(s):  
Владимир Павлович Гулов ◽  
Виктор Анатольевич Хвостов ◽  
Айжана Михайловна Каднова ◽  
Галина Владимировна Сыч
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Data Protection ◽  
Medical Information ◽  
Personal Data ◽  
Security System ◽  
Medical Information Systems ◽  
Personal Data Protection ◽  
Operational Characteristics ◽  
Protection Systems

На основе анализа практических аспектов защиты персональных данных при автоматизированной обработке в организациях здравоохранения определен круг проблем, касающихся потребительского качества систем защиты информации. Одной из главных проблем защиты персональных данных в медицинских информационных системах является обеспечение своевременной настройки систем защиты информации администратором в соответствии с установленной политикой в организации. При этом ключевой проблемой является формирование условий работы администратора обеспечивающих стопроцентную гарантию реакции администратора на поступление заявок по настройке систем защиты информации, управлению пользователями, правами доступа, парированию угроз различной природы. В условиях отсутствия в настоящее время методических подходов к оценке временных (вероятностных) параметров деятельности администратора безопасности медицинских информационных систем, известных как операционные характеристики систем защиты информации, обеспечить стопроцентное соответствие настроек систем защиты информации текущей политике проблематично. В статье предложен вероятностный показатель для оценки операционных характеристик систем защиты информации. Разработана методика его оценки на основе эксперимента по фиксации движения курсора мыши при выполнении основных действий администратором и распределения его внимания (тепловой карты) по элементам интерфейса системы защиты информации. Представлены результаты оценок операционных характеристик системы защиты информации «Страж NT 3.0», выполненные с использованием предложенной экспериментальной методики Based on the analysis of the practical aspects of personal data protection (PD) during automated processing in healthcare organizations, a range of problems related to the consumer quality of information protection systems (ISS) has been identified. One of the main problems of PD protection in medical information systems (MIS) is to ensure the timely configuration of the information security system by the administrator in accordance with the established policy in the organization. At the same time, the key problem is the formation of the administrator's working conditions that provide one hundred percent guarantee of the administrator's reaction to the receipt of requests for setting up the information security system, managing users, access rights, and countering threats of various nature. In the absence of methodological approaches to assessing the temporal (probabilistic) parameters of the MIS security administrator's activities, known as the operational characteristics of the ISS, it is problematic to ensure that the ISS settings are 100% consistent with the current policy. The article proposes a probabilistic indicator for assessing the operational characteristics of the information security system. A methodology for its assessment was developed on the basis of an experiment on fixing the movement of the mouse cursor when performing basic actions by the administrator and distributing his attention (heat map) among the elements of the information security interface. The results of evaluations of the operational characteristics of the SZI "Ctrazh NT 3.0" carried out using the proposed experimental method are presented

Sign in / Sign up

Export Citation Format

Share Document