Database Encryption for Balance Between Performance and Security

According to many business publications, firms that experience information security breaches suffer substantial reputational penalties. This paper examines incidents in which confidential information, for a firms customers or employees, is stolen from or lost by publicly traded companies. Firms that experience such breaches suffer statistically significant losses in the market value of their equity. On the whole, the data indicate that these losses are of similar magnitudes to the direct costs. Thus, direct costs, and not reputational penalties, are the primary deterrents to information security breaches. Contrary to many published assertions, on average, firms that lose customer information do not suffer reputational penalties. However, when firms lose employee information, we find significant reputational penalties.

Download Full-text

Protective Coating Based on Carbon Nanotubes to Ensure Information Security of Particularly Important Objects and Confidential Information

"Smart Technologies" for Society, State and Economy - Lecture Notes in Networks and Systems ◽

10.1007/978-3-030-59126-7_19 ◽

2020 ◽

pp. 164-171

Author(s):

Ilya S. Dvuzhilov ◽

Yulia V. Dvuzhilova ◽

Mikhail M. Belonenko

Keyword(s):

Carbon Nanotubes ◽

Information Security ◽

Protective Coating ◽

Confidential Information

Download Full-text

Improved Algorithm of Steganography Combined with Cryptography

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.35792 ◽

2021 ◽

Vol 9 (VI) ◽

pp. 3793-3804

Author(s):

Anees Banu

Keyword(s):

Information Security ◽

Multimedia Information ◽

Secret Data ◽

Confidential Information ◽

Additional Layer ◽

Confidential Data ◽

The World ◽

Cryptographic Algorithms ◽

Written Form ◽

Improved Algorithm

When it comes to preventing unauthorised access to, destruction of, or inspection of confidential data, information security has always been a major factor. Multimedia information is now used in every field throughout the world. The confidential information that is used in these areas must be kept secure. There are a variety of methods for keeping data secure. One of these is steganography, which is concealing information within other data into a format that the cover information remains unchanged. Cryptography, an encryption process that scrambles data into a written form that is sometimes referred to as a hash, is an auxiliary approach for securing information. Steganography and cryptography each have their own set of benefits and drawbacks. Even though both technologies give security, it is usually a good practise to combine Cryptographic algorithms to create additional layers of security. When cryptographic with steganography are combined, a multi-layer security paradigm is created. The proposed work's main goal is to add an additional layer of protection by using cryptography and steganography to encrypt and embed secret data conveyed across an insecure channel.

Download Full-text

AUTOMATED SYSTEM FOR ESTIMATION-EFFICIENCYSOFTWARE MEANS OF IN-FORMATION PROTECTION

Automation and modeling in design and management of ◽

10.30987/article_5cf2d22c9dcd72.20436206 ◽

2019 ◽

Vol 2019 (2) ◽

pp. 25-32

Author(s):

Алексей Горлов ◽

Aleksey Gorlov ◽

Михаил Рытов ◽

Mikhail Rytov ◽

Дмитрий Лысов ◽

...

Keyword(s):

Information Security ◽

Automated System ◽

Security Threats ◽

Information Protection ◽

Technical Documentation ◽

Confidential Information ◽

Hardware System ◽

Material Costs ◽

Software And Hardware

This article discusses the process of automating the assessment of the effectiveness of software and hardware information protection by creating an automated system. The main functions of the proposed system are: conducting an audit of information security, forming a model of information security threats, forming recommendations for creating a software and hardware system for protecting information, and creating organizational-technical documentation. The developed automated system for evaluating the effectiveness of software and hardware protection of information allows in an automated way to build a model of information security threats, to form organizational and technical documentation governing the protection of confidential information, and also to make recommendations for improving the software and hardware system for protecting information. The use of this system will significantly reduce the time and material costs of auditing information security and developing additional measures to protect information.

Download Full-text

Conceptual principles for ensuring effective protection of information in the context of economic security of the enterprise

Ekonomìka ta upravlìnnâ APK ◽

10.33245/2310-9262-2020-155-1-84-92 ◽

2020 ◽

pp. 84-92

Author(s):

A.V. Pecheniuk

Keyword(s):

Information Security ◽

Information And Communication Technologies ◽

Security Policy ◽

Criminal Responsibility ◽

Economic Security ◽

Information Policy ◽

Security System ◽

Theory And Practice ◽

Confidential Information ◽

Information Security Policy

The necessity of formation of an effective information security system of the enterprise is substantiated. It is emphasized that when designing an information policy, the firm must comply with the requirements of the current legislation, take into account the level of technical support, especially the regulation of employees' access to confidential information, etc. It is stated that the costs of organizing information security measures should be appropriate to its value. The article identifies major threats that could be breached by confidential information. The list of the main normative legal acts aimed at bringing to civil, administrative and criminal responsibility for illegal collection, disclosure and use of information constituting a trade secret. The main stages of building an information security policy are summarized, the most common types of information threats related to the use of modern computer technologies are described. The necessity of developing a domestic original accounting (management) program that could be used in the long term by the vast majority of Ukrainian enterprises is pointed out. There are three groups of tools that are applied in the theory and practice of information security of the enterprise (active, passive and combined), emphasizing the need for planning and continuous monitoring in real time of all important processes and conditions that affect data security. It is noted that even if the information security system is built taking into account all modern methods and means of protection, it does not guarantee one hundred percent protection of the information resources of the enterprise, but a well-designed information security policy allows to minimize the corresponding risks. Key words: information security, information policy, information security, confidential information, information threats, information and communication technologies, software.

Download Full-text

INFORMATION SECURITY AS A COMPONENT OF THE ECONOMIC SECURITY OF THE ENTERPRISE

Business security management in modern conditions ◽

10.26526/chapter_60258635b4a2f5.44169199 ◽

2021 ◽

pp. 119-129

Author(s):

Vera Shumilina ◽

Elena Tetunashvili

Keyword(s):

Information Security ◽

Information Leakage ◽

Economic Security ◽

Confidential Information ◽

Unauthorized Access ◽

Modern Enterprise

The article is devoted to the study of information security as an integral part of the economic security of any modern enterprise. Threats are described that can lead to disclosure of confidential information, leakage of confidential information, unauthorized access to protected information, etc. Means and ways of countering the presented threats are also given

Download Full-text

THE CONCEPT OF IMPLEMENTATION OF THE STATE INFORMATION POLICY AND ENSURING INFORMATION SECURITY OF UKRAINE (IN THE CONDITIONS OF THE CONFLICT WITH THE RUSSIAN FEDERATION)

Theoretical and practical aspects of development of legal knowledge, national security and physical education of citizens (1st ed.) ◽

10.36074/tpadlknspec.ed-1.01 ◽

2021 ◽

Author(s):

O. Voitko ◽

V. Onishchuk

Keyword(s):

Information Security ◽

Information Policy ◽

The State ◽

Armed Conflicts ◽

State Information ◽

World Information ◽

Psychological Operations ◽

Definition Of ◽

Internal And External Factors ◽

Political Governance

The events analysis since the beginning of the aggravation of relations between Ukraine and Russia evidences about the inefficiency of information policy, incoordination of activity of different subjects of ensuring the information security of the state, the weak presence of Ukraine in the world information space etc. At the same time, the problems of ensuring the information security of the state and realization of effective set of counter-propaganda measures, realization of information policy, aimed at consolidating Ukrainian society and the international community for the purpose of suppression of armed aggression are identified by the higher military-political governance of Ukraine as the most priority. Various internal and external factors negatively affect at the ability of Ukraine to adequately respond to challenges and risks in the military sphere. The insufficient and unprofessional efforts of Ukraine’s state authorities in the field of counteraction to the Russian Federation’s propaganda and information-psychological operations are the most important ones. That’s why there’s necessity of development the system of opinions and determination of the plan of the higher military-political governance’s of Ukraine actions regarding the implementation of state information policy and providing of information security of Ukraine and legislative definition of a conceptual document. Besides the importance of this fact consist in that after the restoration of the territorial integrity of Ukraine the main aims of military policy will be prevention the emergence of new armed conflicts, systematic strengthen the state's defense capability and increasing the role and authority of Ukraine in the international area.

Download Full-text

Reaction of users as potential victims of information security breach

Information and Computer Security ◽

10.1108/ics-07-2020-0118 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Suparak Janjarasjit ◽

Siew H. Chan

Keyword(s):

Information Security ◽

Emotional Distress ◽

Design Methodology ◽

Mediating Effect ◽

Security Breach ◽

Content Type ◽

Perceived Intensity ◽

Good Intention ◽

Negative Effect ◽

A Company

Purpose The purpose of this study is to examine whether users’ perceived moral affect explains the effect of perceived intensity of emotional distress on responsibility judgment of a perpetrator and company, respectively, in an ill and good intention breach. Design/methodology/approach Participants completed a questionnaire containing items measuring their perceived intensity of emotional distress, perceived moral affect and responsibility judgment of a perpetrator and company, respectively. Findings The results support the mediating hypothesis on responsibility judgment of a perpetrator regardless of intention. The mediating hypothesis is also supported in an ill intention breach in responsibility judgment of a company. However, the mediating effect is not observed in a good intention breach when users assess a company’s responsibility. Originality/value The findings support the notion that users use the consequentialism approach when assessing a perpetrator’s responsibility because they focus on the victims’ emotional distress and discount a perpetrator’s intent, resulting in similar mediating effect of perceived moral affect in an ill and good intention breach. The results also indicate that perceived moral affect increases the negative effect of perceived intensity of emotional distress on responsibility judgment of a company, suggesting that users may exhibit empathetic feelings toward a company and perceive it as a victim of an ill intention breach. The lack of mediating effect in responsibility judgment of a company in a good intention breach may be attributed to the diminished effect of a perpetrator’s feelings of regret, sorrow, guilt and shame for causing emotional distress to the victims.

Download Full-text

A Mark-Up Language for the Specification of Information Security Governance Requirements

Privacy Solutions and Security Frameworks in Information Protection ◽

10.4018/978-1-4666-2050-6.ch007 ◽

2013 ◽

pp. 103-123

Author(s):

Anirban Sengupta ◽

Chandan Mazumdar

Keyword(s):

Information Systems ◽

Information Security ◽

Security Requirements ◽

Security Requirement ◽

Security Governance ◽

Digital World ◽

Information Security Governance ◽

Version 2.0 ◽

Enterprise Security ◽

And Control

As enterprises become dependent on information systems, the need for effective Information Security Governance (ISG) assumes significance. ISG manages risks relating to the confidentiality, integrity and availability of information, and its supporting processes and systems, in an enterprise. Even a medium-sized enterprise contains a huge collection of information and other assets. Moreover, risks evolve rapidly in today’s connected digital world. Therefore, the proper implementation of ISG requires automation of the various monitoring, analysis, and control processes. This can be best achieved by representing information security requirements of an enterprise in a standard, structured format. This paper presents such a structured format in the form of Enterprise Security Requirement Markup Language (ESRML) Version 2.0. It is an XML-based language that considers the elements of ISO 27002 best practices.

Download Full-text

Digital Image Steganography

Advanced Image Processing Techniques and Applications - Advances in Computational Intelligence and Robotics ◽

10.4018/978-1-5225-2053-5.ch015 ◽

2017 ◽

pp. 324-346 ◽

Cited By ~ 1

Author(s):

Chitra A. Dhawale ◽

Naveen D. Jambhekar

Keyword(s):

Communication Network ◽

Performance Analysis ◽

Information Security ◽

Digital Image ◽

Data Communication ◽

Image Steganography ◽

Digital Data ◽

Confidential Information ◽

Unauthorized Access ◽

Data Communication Network

Digital data transmitted over the insecure communication can be prone to attacks. Intruders try various attacks to unauthorized access of the confidential information. The Steganography is such as security system that provide the protection to the images, text and other type of data digitally transferred through the data communication network. This chapter elaborates the basics of Digital Image Steganographic techniques from ancient era to digital edge, types of images used for the steganography, payload used for the steganography, various attacks and different algorithms that can provide the information security. The performance analysis of the various Digital Image Steganographic algorithms are discussed. The current applications and their necessities are discussed in this chapter.

Download Full-text