Cybersecurity and information security: similarities and differences

Вестник Адыгейского государственного университета, серия «Естественно-математические и технические науки» ◽

10.53598/2410-3225-2021-3-286-88-97 ◽

2021 ◽

pp. 88-97

Author(s):

Наталья Шумафовна Козлова ◽

Виталий Анатольевич Довгаль

Keyword(s):

Information Security ◽

Current State ◽

Similarities And Differences

Проводится анализ понятий «кибербезопасность» и «информационная безопасность», объясняются различия между ними, описывается их эволюция, рассматриваются важные области совпадения, приводятся различные теоретические обоснования - концепции и возможные способы использования. Оценивая современное состояние указанных понятий и сопоставляя их с мировыми тенденциями, определяются основные направления необходимых изменений в рассматриваемых терминах. The concepts of “cybersecurity” and “information security” are analyzed, the differences between them are explained, their evolution is described, important areas of overlap are considered, and various theoretical justifications - concepts and possible uses - are given. Assessing the current state of these concepts and matching them with world trends, the main directions of the necessary changes are determined in the terms considered.

Download Full-text

Peculiarities of legal regulation of activities of the National Police of Ukraine in the field of ensuring information security in Ukraine

Law and Safety ◽

10.32631/pb.2020.4.04 ◽

2020 ◽

Vol 79 (4) ◽

pp. 32-38

Author(s):

І. Д. Казанчук ◽

В. П. Яценко

Keyword(s):

Information Security ◽

Legal Regulation ◽

Legal Analysis ◽

Legal Principles ◽

Cyber Threats ◽

Current State ◽

Effective System ◽

Definition Of ◽

Definition Of Information ◽

National Police

Based on the analysis of scientific concepts and legal principles the author has provided the definition of information security, provision of information security in Ukraine and has characterized its components. The current state of legal regulation of the organization and activity of cyberpolice units of the National Police of Ukraine has been analyzed. Particular attention has been paid to the legal analysis of the tasks, functions and structure of the Cyberpolice Department of the National Police of Ukraine. Special attention has been drawn to certain shortcomings of Ukrainian legislation in the field of ensuring information security by the police, its compliance with the norms and standards of international law. Taking into account the specifics of the tasks, the author has provided characteristics of the functions of cyberpolice units in the information sphere, which should be divided according to the purpose into: 1) basic (external), which are focused on law enforcement and preventive aspects; 2) auxiliary (intrasystem), which are focused on promoting the implementation of basic functions, the introduction of appropriate management mechanisms within the system. It has been stated that the modern system of ensuring information security and cybersecurity in Ukraine should be one effective system, consisting of such mandatory components as legal, educational and technical. It has been concluded that in order to improve the legal principles for the organization and activities of cyberpolice units of the National Police in the field of ensuring information security and counteracting cyber threats, first of all, it is necessary to optimize the organizational structure of cyberpolice, reasonably distribute the functions (powers) between cyberpolice units and other subjects combating cyber threats in Ukraine, to create appropriate conditions for reaching a qualitatively new level of interaction between them and coordination of their activities in the field of ensuring information security in modern conditions.

Download Full-text

CLOUD COMPUTING AND ANALYSIS FEATURES OF CLOUD INFORMATION SECURITY

КОМП’ЮТЕРНО-ІНТЕГРОВАНІ ТЕХНОЛОГІЇ: ОСВІТА, НАУКА, ВИРОБНИЦТВО ◽

10.36910/6775-2524-0560-2019-37-1 ◽

2019 ◽

pp. 5-9

Author(s):

І. Андрущак ◽

В. Марценюк ◽

I. Андрощук ◽

В. Чудовець ◽

М. Потейчук

Keyword(s):

Cloud Computing ◽

Information Security ◽

Detailed Analysis ◽

Cloud Security ◽

Scientific Activity ◽

European Network ◽

Advantages And Disadvantages ◽

Current State ◽

Guidance Documents ◽

Security Alliance

The article discusses the current state of application and development of cloud computing, the main advantages and disadvantages of their use in the states, enterprises and in scientific activity. The standards, regulations and guidance documents in the field of cloud computing information security are developed and analyzed, developed by the Cloud Security Alliance (CSA), the European Network and Information Security Agency (ENISA) and the National Institute of Standards and Technology (NIST), and the results of a detailed analysis of the issues information security in the cloud.

Download Full-text

An Integrative Framework for the Study of Information Security Management Research

Handbook of Research on Information Security and Assurance ◽

10.4018/978-1-59904-855-0.ch006 ◽

2009 ◽

pp. 55-67

Author(s):

John D’Arcy ◽

Anat Hovav

Keyword(s):

Information Security ◽

Best Practices ◽

Security Management ◽

Comprehensive Approach ◽

Information Security Management ◽

Future Studies ◽

Integrative Framework ◽

Current State ◽

Industry Standards ◽

Multiple Dimensions

A number of academic studies that focus on various aspects of information security management (ISM) have emerged in recent years. This body of work ranges from the technical, economic, and behavioral aspects of ISM to the effect of industry standards, regulations, and best practices. The purpose of this chapter is to review the current state of ISM research, while providing an integrative framework for future studies. Using the proposed framework as a guide, we identify areas of depth within current ISM literature and areas where research is underdeveloped. Finally, we call for a more comprehensive approach to ISM research that considers multiple dimensions of our framework and their interrelationships.

Download Full-text

Information and Computer Security

Managerial Guide for Handling Cyber-Terrorism and Information Warfare ◽

10.4018/978-1-59140-583-2.ch001 ◽

2011 ◽

pp. 1-23

Author(s):

Lech J. Janczewski ◽

Andrew M. Colarik

Keyword(s):

United States ◽

Information Security ◽

Computer Security ◽

Computer Science ◽

The United States ◽

The State ◽

Science Laboratory ◽

Computing Systems ◽

Current State ◽

State Of Affairs

The current state of the information security domain in the United States and much of the rest of the industrialized world can best be characterized as overly optimistic. The protection of computing systems and telecommunication infrastructures from unauthorized usage, manipulation, and sabotage faces serious challenges to ensure ongoing serviceability. This is especially true when we consider our growing dependence on these infrastructures. The state of affairs regarding the security aspects of these systems is even worse. Peter G. Neumann of the Computer Science Laboratory at SRI International in Menlo Park, California states:

Download Full-text

The phenomenon of cybercrime in modern criminological theory

Law Review of Kyiv University of Law ◽

10.36695/2219-5521.4.2020.72 ◽

2020 ◽

pp. 401-404

Author(s):

Ihor Kharytonenko

Keyword(s):

Information Security ◽

Sharp Increase ◽

High Mobility ◽

Criminological Theory ◽

Information Space ◽

High Tech ◽

Cyber Threats ◽

Current State ◽

Domestic Legislation ◽

High Level

The article considers the concepts and signs of cybercrime, the phenomenon of cybercrime through the prism of indicators thatcharacterize it, in particular the level, dynamics, structure. The social conditionality and the current state are determined taking intoaccount various factors that influence the change of quantitative and qualitative indicators. Globalism, a high level of public danger andthe massive consequences of cyber threats are emphasized.It is pointed out that the scale of threats to the information space is not limited to the borders of one country, as modern globalcomputer networks cover the vast majority of countries, which further contributes to a sharp increase in criminal computer professiona lism and high mobility of criminals. Therefore, it is timely to study and analyze the system of rapidly changing high-tech cyberthreats, tactics of interaction in the field of information security, which affects the formation of sustainable development of society, thefunctioning of mechanisms to counter information threats taking into account modern realities.The signs of the phenomenon of cybercrime through the prism of indicators that characterize it are highlighted:– the scale of threats to the information space is not limited to the borders of one state;– changes in the quantitative and qualitative indicators of cybercrime, in particular a sharp increase in criminal computer professionalismand high mobility of criminals;– the level of cybercrime is closely related to the economic level of development of society in different countries and regions;– cyber threats are fast-changing and high-tech;– high level of latency;– the dependence of the geography of distribution on the factor of urbanization;– Cybercrime is a social phenomenon that manifests itself in a set of cybercrimes.It is noted that in order to prevent these crimes it is necessary to conduct further research in social and criminological areas to studythe psychophysiological properties of cybercriminals, improve domestic legislation in the field of state secrets and official information,international cooperation in information security, improve the content of higher education information security professionals states.

Download Full-text

НОРМАТИВНО-ПРАВОВЕ ЗАБЕЗПЕЧЕННЯ ІНФОРМАЦІЙНОЇ БЕЗПЕКИ В ДІЯЛЬНОСТІ СЛУЖБИ БЕЗПЕКИ УКРАЇНИ

Manager. Bulletin of Donetsk State University of Management ◽

10.35340/2308-104x.2019.82-1-16 ◽

2019 ◽

Vol 82 (1) ◽

pp. 169-177

Author(s):

KHARCHENKO S.,

Keyword(s):

Information Security ◽

Mutual Influence ◽

Legal Regulation ◽

Regulatory Framework ◽

The Internet ◽

National Legislation ◽

Legal Provision ◽

Current State ◽

Hierarchical Levels ◽

The Creation

Стаття присвячена питанням визначення сучасного станунормативно-правове забезпечення інформаційної безпеки в діяльностіСлужби безпеки України та формування пропозицій з йогоудосконалення. Дослідження правових актів національногозаконодавства дозволило виділити такі ієрархічні рівні правовогорегулювання організації забезпечення інформаційної безпеки в діяльностіСБУ: конституційно-законодавчий, міжнародний, підзаконний тавідомчий. Зазначені правові норми являють собою певну сукупність, хоч іне мають об’єктивно наданої їм систематизованої форми. Між циминормами наявні внутрішні правові зв’язки, вони взаємозумовлені іхарактеризуються взаємовпливом. На сучасному етапі більшнормативно опрацьованими є питання забезпечення кібернетичноїбезпеки. Водночас, сьогодні необхідно забезпечити закріплення у відомчійнормативній базі таких заходів як здійснення контролю у інтернетпросторі (проблема блокування сайтів) та створення інтегрованогобанку даних про загрози і небезпеки у сфері інформаційної безпеки вдіяльності СБУ. The article is devoted to the issues of identifying the current state of thenormative and legal provision of information security in the activities of theSecurity Service of Ukraine and the formation of proposals for itsimprovement. The study of legal acts of the national legislation allowed tospecify the following hierarchical levels of legal regulation of the organizationof ensuring information security in the SSU activities: constitutional andlegislative, international, sub-legislative and departmental. These legal normsrepresent a certain set, although they do not have a systematized form providedto them objectively. Between these norms there are internal legal relations;they are mutually interconnected and characterized by mutual influence. At thepresent stage, the issues of ensuring cybernetic security are more normativelyelaborated. At the same time, today it is necessary to ensure the consolidationin the departmental regulatory framework of such measures as theimplementation of control in the Internet space (the problem of blocking sites)and the creation of an integrated database of threats and danger in the field ofinformation security in the activities of SSU.

Download Full-text

Security Requirements Elicitation

Social and Human Elements of Information Security ◽

10.4018/978-1-60566-036-3.ch018 ◽

2011 ◽

pp. 316-325

Author(s):

Manish Gupta

Keyword(s):

Information Security ◽

Human Factors ◽

Information Assurance ◽

Systems Design ◽

Requirements Elicitation ◽

Security Requirements ◽

Current State ◽

Systems Requirements ◽

State Of Affairs ◽

Electronic Channels

Information security is becoming increasingly important and more complex as organizations are increasingly adopting electronic channels for managing and conducting business. However, state-of-the-art systems design methods have ignored several aspects of security that arise from human involvement or due to human factors. The chapter aims to highlight issues arising from coalescence of fields of systems requirements elicitation, information security, and human factors. The objective of the chapter is to investigate and suggest an agenda for state of human factors in information assurance requirements elicitation from perspectives of both organizations and researchers. Much research has been done in the area of requirements elicitation, both systems and security, but, invariably, human factors are not been taken into account during information assurance requirements elicitation. The chapter aims to find clues and insights into acquisition behavior of human factors in information assurance requirements elicitation and to illustrate current state of affairs in information assurance and requirements elicitation and why inclusion of human factors is required.

Download Full-text

International Ethical Attitudes and Behaviors

Information Assurance and Security Ethics in Complex Systems - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-61692-245-0.ch004 ◽

2010 ◽

pp. 55-80 ◽

Cited By ~ 1

Author(s):

Dave Yates ◽

Albert Harris

Keyword(s):

Information Security ◽

Security Policy ◽

Data Access ◽

Policy Makers ◽

Ethical Attitudes ◽

Individual Level ◽

Attitudes And Behaviors ◽

Survey Results ◽

Similarities And Differences ◽

And Behaviors

Organizational information security policy must incorporate organizational, societal, and individual level factors. For organizations that operate across national borders, cultural differences in these factors, particularly the ethical attitudes and behaviors of individuals, will impact the effectiveness of these policies. This research looks at the differences in attitudes and behaviors that exist among five different countries and the implications of similarities and differences in these attitudes for organizations formulating information security policies. Building on existing ethical frameworks, we developed a set of ethics scenarios concerning data access, data manipulation, software use, programming abuse, and hardware use. Using survey results from 599 students in five countries, results show that cultural factors are indicative of the differences we expected, but that the similarities and differences among cultures that should be taken into account are complex. We conclude with implications for how organizational policy makers should account for these effects with some specific examples based on our results.

Download Full-text

A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

Australasian Journal of Information Systems ◽

10.3127/ajis.v21i0.1697 ◽

2017 ◽

Vol 21 ◽

Cited By ~ 4

Author(s):

Agata McCormac ◽

Dragana Calic ◽

Marcus Butavicius ◽

Kathryn Parsons ◽

Tara Zwaans ◽

...

Keyword(s):

Information Security ◽

Security Awareness ◽

Cultural Changes ◽

Information Security Awareness ◽

Training Interventions ◽

Human Aspects ◽

Current State ◽

Awareness Programs ◽

Test Retest Reliability ◽

Security Incidents

The Human Aspects of Information Security Questionnaire (HAIS-Q) is designed to measure Information Security Awareness. More specifically, the tool measures an individual’s knowledge, attitude, and self-reported behaviour relating to information security in the workplace. This paper reports on the reliability of the HAIS-Q, including test-retest reliability and internal consistency. The paper also assesses the reliability of three preliminary over-claiming items, designed specifically to complement the HAIS-Q, and identify those individuals who provide socially desirable responses. A total of 197 working Australians completed two iterations of the HAIS-Q and the over-claiming items, approximately 4 weeks apart. Results of the analysis showed that the HAIS-Q was externally reliable and internally consistent. Therefore, the HAIS-Q can be used to reliably measure information security awareness. Reliability testing on the preliminary over-claiming items was not as robust and further development is required and recommended. The implications of these findings mean that organisations can confidently use the HAIS-Q to not only measure the current state of employee information security awareness within their organisation, but they can also measure the effectiveness and impacts of training interventions, information security awareness programs and campaigns. The influence of cultural changes and the effect of security incidents can also be assessed.

Download Full-text

The Survey on Applications of Information Hiding Technology in E-Commerce Security

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.433-435.1866 ◽

2013 ◽

Vol 433-435 ◽

pp. 1866-1870

Author(s):

Yan Mei Chai ◽

Su Wen Zhu ◽

Wen Ying Han

Keyword(s):

Information Security ◽

Research And Development ◽

Information Hiding ◽

Recent Progress ◽

State Of The Art ◽

Development Trends ◽

Security Sector ◽

Basic Model ◽

Current State

The booming e-commerce industry is suffering from serious information security problems. As a potential and effective security solution, information hiding technology has been widely applied in many fields and drawn unprecedented attention. Based on our research, this paper provides a survey on the current state of the art information hiding technology, mainly covering the fundamental concepts, basic model, the recent progress of information hiding methods and its applications in e-commerce security sector. At last, possible research and development trends of information hiding technology are discussed.

Download Full-text