Prioritizing computer security controls for home users

10.7287/peerj.preprints.27540 ◽

2019 ◽

Author(s):

Justin Fanelli ◽

John Waxler

Keyword(s):

Computer Security ◽

Cyber Security ◽

Cyber Attacks ◽

Multi Criteria Decision Making ◽

Data Systems ◽

Security Controls ◽

Home Computers ◽

Subject Matter Expertise ◽

Home Users ◽

Home Computing

Hundreds of thousands of home users are victimized by cyber-attacks every year. Most experts agree that average home users are not doing enough to protect their computers and their information from cyber-attacks. Improperly managed home computers can lead to individuals losing data, systems performing slowly, loss of identity, and ransom payments; en masse attacks can act in concert to infect personal computers in business and government. Currently, home users receive conflicting guidance for a complicated terrain, often in the form of anecdotal 'Top 10' lists, that is not appropriate for their specific needs, and in many instances, users ignore all guidance. Often, these popular ‘Top 10’ lists appear to be based solely on opinion. Ultimately, we asked ourselves the following: how can we provide home users with better guidance for determining and applying appropriate security controls that meet their needs and can be verified by the cyber security community? In this paper, we propose a methodology for determining and prioritizing the most appropriate security controls for home computing. Using Multi Criteria Decision Making (MCDM) and subject matter expertise, we identify, analyze and prioritize security controls used by government and industry to determine which controls can substantively improve home computing security. We apply our methodology using examples to demonstrate its benefits.

Download Full-text

Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security

Symmetry ◽

10.3390/sym12040664 ◽

2020 ◽

Vol 12 (4) ◽

pp. 664 ◽

Cited By ~ 4

Author(s):

Rajeev Kumar ◽

Abhishek Kumar Pandey ◽

Abdullah Baz ◽

Hosam Alhakami ◽

Wajdi Alhakami ◽

...

Keyword(s):

Decision Making ◽

Information Security ◽

Information Management ◽

Cyber Security ◽

Cyber Attacks ◽

Multi Criteria Decision Making ◽

Local Hospital ◽

Healthcare Information ◽

Security Breaches ◽

The Impact

Growing concern about healthcare information security in the wake of alarmingly rising cyber-attacks is being given symmetrical priority by current researchers and cyber security experts. Intruders are penetrating symmetrical mechanisms of healthcare information security continuously. In the same league, the paper presents an overview on the current situation of healthcare information and presents a layered model of healthcare information management in organizations. The paper also evaluates the various factors that have a key contribution in healthcare information security breaches through a hybrid fuzzy-based symmetrical methodology of AHP-TOPSIS. Furthermore, for assessing the effect of the calculated results, the authors have tested the results on local hospital software of Varanasi. Tested results of the factors are validated through the comparison and sensitivity analysis in this study. Tabulated results of the proposed study propose a symmetrical mechanism as the most conversant technique which can be employed by the experts and researchers for preparing security guidelines and strategies.

Download Full-text

Cyber Security in Banking Sector

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2019.02.04 ◽

2019 ◽

Vol 8 (2) ◽

pp. 39-52

Author(s):

Michael BEST ◽

Lachezar KRUMOV ◽

Ioan BACIVAROV

Keyword(s):

Financial Institutions ◽

Cyber Security ◽

Banking Sector ◽

Paper Analysis ◽

Cyber Attacks ◽

Cyber Attack ◽

Network Graph ◽

Bottom Line ◽

Security Controls ◽

Bank Robbery

Because banks are very often target of a cyber-attack, they have also good security controls in place. This paper analysis modern threats to banks and proposes an approach to detect and visualize the risk of data leakage. In the first part of this paper, a comparative analysis of the most common threats to the banking sector is made, based on both bank reports and cyber security companies. The authors came to the conclusion that at the bottom line, insider knowledge is necessary, which is the result of data leakage. This paper comparatively analysis modern threats to banks and shows an approach to detect and visualize the risk of data leakage. In the second part of the paper, a model - based on network graph - that can enumerate the risk of data leakage is proposed. Graphing a network of an organization with the connections of data flow between assets and actors can identify insecure connections that may lead to data leakage. As is demonstrated in this paper, financial institutions are important targets of cyber attacks. Consequently, the financial sector must invest heavily in cybersecurity and find the best ways to counter cyber attacks and cyber bank robbery attempts.

Download Full-text

Role of Cyber Security in Today's Scenario

Detecting and Mitigating Robotic Cyber Security Risks - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-2154-9.ch013 ◽

2017 ◽

pp. 177-191 ◽

Cited By ~ 7

Author(s):

Manju Khari ◽

Gulshan Shrivastava ◽

Sana Gupta ◽

Rashmi Gupta

Keyword(s):

Information Security ◽

Computer Security ◽

Cyber Security ◽

Cyber Attacks ◽

Cyber Attack ◽

Individual Property ◽

Security Breaches ◽

Information Tools ◽

History Of ◽

Security Standards

Cyber Security is generally used as substitute with the terms Information Security and Computer Security. This work involves an introduction to the Cyber Security and history of Cyber Security is also discussed. This also includes Cyber Security that goes beyond the limits of the traditional information security to involve not only the security of information tools but also the other assets, involving the person's own confidential information. In computer security or information security, relation to the human is basically to relate their duty(s) in the security process. In Cyber security, the factor has an added dimension, referring humans as the targets for the cyber-attacks or even becoming the part of the cyber-attack unknowingly. This also involves the details about the cybercriminals and cyber risks going ahead with the classification of the Cybercrimes which is against individual, property, organisation and society. Impacts of security breaches are also discussed. Countermeasures for computer security are discussed along with the Cyber security standards, services, products, consultancy services, governance and strategies. Risk management with the security architecture has also been discussed. Other section involves the regulation and certification controls; recovery and continuity plans and Cyber security skills.

Download Full-text

Role of Cyber Security in Today's Scenario

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch001 ◽

2018 ◽

pp. 1-15 ◽

Cited By ~ 1

Author(s):

Manju Khari ◽

Gulshan Shrivastava ◽

Sana Gupta ◽

Rashmi Gupta

Keyword(s):

Information Security ◽

Computer Security ◽

Cyber Security ◽

Cyber Attacks ◽

Cyber Attack ◽

Individual Property ◽

Security Breaches ◽

Information Tools ◽

History Of ◽

Security Standards

Cyber Security is generally used as substitute with the terms Information Security and Computer Security. This work involves an introduction to the Cyber Security and history of Cyber Security is also discussed. This also includes Cyber Security that goes beyond the limits of the traditional information security to involve not only the security of information tools but also the other assets, involving the person's own confidential information. In computer security or information security, relation to the human is basically to relate their duty(s) in the security process. In Cyber security, the factor has an added dimension, referring humans as the targets for the cyber-attacks or even becoming the part of the cyber-attack unknowingly. This also involves the details about the cybercriminals and cyber risks going ahead with the classification of the Cybercrimes which is against individual, property, organisation and society. Impacts of security breaches are also discussed. Countermeasures for computer security are discussed along with the Cyber security standards, services, products, consultancy services, governance and strategies. Risk management with the security architecture has also been discussed. Other section involves the regulation and certification controls; recovery and continuity plans and Cyber security skills.

Download Full-text

AN INVESTIGATION AND ANALYSIS OF CYBER SECURITY INFORMATION SYSTEMS: LATEST TRENDS AND FUTURE SUGGESTION

INFORMATION TECHNOLOGY IN INDUSTRY ◽

10.17762/itii.v9i2.372 ◽

2021 ◽

Vol 9 (2) ◽

pp. 477-492

Author(s):

Tarun Dhar Diwan, Et. al.

Keyword(s):

Computer Security ◽

Cyber Security ◽

Web Applications ◽

Cyber Attacks ◽

Business Networks ◽

Small Companies ◽

Security Risks ◽

Cyber Threats ◽

Internet Resources ◽

Network Protection

Network protection includes of the strategies and procedures implemented in this paper to avoid and monitor intrusion attempts, infringement, manipulation or violation of a computer system and services accessed by the network. Network protection applies to the different countermeasures put in place to secure or flow through the network and data collected on or through it. Protection for web applications is the method of securing websites and internet resources from multiple security attacks that target weaknesses in an application. Security for web apps is a data management division that primarily deals with the security of websites, web applications and web services. Risks to cyber security include a broad range of allegedly criminal practices on the web. For years, computer security risks against utility assets were identified, cyber-attacks arising from the exploitation of data device weaknesses by unauthorized access users This study is a cyber infrastructure assault, vulnerability and vulnerabilities, including hardware and software devices, networks, business networks, intranets, and cyber intrusion usage. Only big organisations are at risk of cyber-attacks, a widespread misunderstanding. Even then, the targeting of small and medium sized enterprises has seen a large improvement. This is since less-sophisticated cyber defence mechanisms appear to be used by these smaller organisations. As many as 50% of all cyber-attacks hit small companies, wasting $200,000 on average, sufficient to get out of business for less-established entities. an enterprise-grade protection device and awareness of the various forms of cyber threats facing corporations in 2025 to safeguard company from hacking attacks. fight cyber threats successfully and decrease the exposure of enterprise.

Download Full-text

Cyber security on the farm: an assessment of cyber security practices in the United States agriculture industry

International Food and Agribusiness Management Review ◽

10.22434/ifamr2017.0045 ◽

2018 ◽

Vol 21 (3) ◽

pp. 317-334 ◽

Cited By ~ 2

Author(s):

Andrew Geil ◽

Glen Sagers ◽

Aslihan D. Spaulding ◽

James R. Wolf

Keyword(s):

Computer Security ◽

Cyber Security ◽

Technology Implementation ◽

Health Belief ◽

The United States ◽

Cyber Attacks ◽

Crime Victimization ◽

Security Technology ◽

Perceived Susceptibility ◽

Security Incident

The goal of this study was to survey farmers and agribusiness owners about their perceptions of cyber security, and how age, gender, and education might affect those perceptions. Using the Health Belief Model as a framework, the survey measured the constructs of perceived susceptibility, severity, benefits, barriers, self-efficacy and cues to action. In addition to the framework, levels of previous cyber-crime victimization and technology implementation were measured. The results of this survey demonstrated that perceived susceptibility to cyber-attacks and the perceived benefits of protective technology are related to an individual’s choice to implement cyber security technology. Over half of the respondents had been victims of a computer security incident, demonstrating that even individuals working in agriculture can be impacted by computer crime incidents. This project deepens the understanding of how individuals react to known threats, and what motivates them to adopt protection technologies.

Download Full-text

A Community-Oriented Approach to CIIP in Developing Countries

Cross-Cultural Interaction ◽

10.4018/978-1-4666-4979-8.ch048 ◽

2014 ◽

pp. 849-871

Author(s):

Ian Ellefsen ◽

Sebastiaan von Solms

Keyword(s):

Developing Countries ◽

Computer Security ◽

Cyber Security ◽

Information Infrastructure ◽

Cyber Attacks ◽

Security Measures ◽

Developing Regions ◽

Infrastructure Protection ◽

Internal Structures ◽

Oriented Approach

Developing countries are fast becoming players in an increasingly interconnected world. Many developing countries are making use of technological solutions to address unique challenges. However, in many cases, this growth is not accompanied with the development of appropriate information infrastructure protection structures. As technological solutions are deployed in developing countries, there will be a large number of new users gaining access to Internet-based systems. In many cases, these new users might lack the skills necessary to identify computer security threats. Inadequate cyber security measures can increase the risk and impact of cyber attacks. The development of internal structures to address Critical Information Infrastructure Protection (CIIP) is dependent on the environment in which it will be deployed. Therefore, traditional CIIP structures might not adequately address the technological challenges found in developing countries. In this chapter, the authors aim to address the development of CIIP structures in developing regions by elaborating on the set of unique challenges that exist. Furthermore, they aim to present a community-oriented structure aimed at providing CIIP, in what they refer to as a “bottom-up” manner. The larger aim of CIIP structures in developing regions is to support the future development and deployment of cyber security mechanisms and to allow developing countries to play a trusted role in global cyber security efforts.

Download Full-text

A Community-Oriented Approach to CIIP in Developing Countries

Securing Critical Infrastructures and Critical Control Systems ◽

10.4018/978-1-4666-2659-1.ch010 ◽

2013 ◽

pp. 240-261

Author(s):

Ian Ellefsen ◽

Sebastiaan von Solms

Keyword(s):

Developing Countries ◽

Computer Security ◽

Cyber Security ◽

Information Infrastructure ◽

Cyber Attacks ◽

Security Measures ◽

Developing Regions ◽

Infrastructure Protection ◽

Internal Structures ◽

Oriented Approach

Developing countries are fast becoming players in an increasingly interconnected world. Many developing countries are making use of technological solutions to address unique challenges. However, in many cases, this growth is not accompanied with the development of appropriate information infrastructure protection structures. As technological solutions are deployed in developing countries, there will be a large number of new users gaining access to Internet-based systems. In many cases, these new users might lack the skills necessary to identify computer security threats. Inadequate cyber security measures can increase the risk and impact of cyber attacks. The development of internal structures to address Critical Information Infrastructure Protection (CIIP) is dependent on the environment in which it will be deployed. Therefore, traditional CIIP structures might not adequately address the technological challenges found in developing countries. In this chapter, the authors aim to address the development of CIIP structures in developing regions by elaborating on the set of unique challenges that exist. Furthermore, they aim to present a community-oriented structure aimed at providing CIIP, in what they refer to as a “bottom-up” manner. The larger aim of CIIP structures in developing regions is to support the future development and deployment of cyber security mechanisms and to allow developing countries to play a trusted role in global cyber security efforts.

Download Full-text

Improvement of Network Cyber Security Services using Security Operation Models

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.a1279.059120 ◽

2020 ◽

Vol 9 (1) ◽

pp. 254-261

Keyword(s):

Power System ◽

Cyber Security ◽

Transmission Rate ◽

Traffic Analysis ◽

Cyber Attacks ◽

Data Link ◽

Link Layer ◽

Security Controls ◽

Data Link Layer ◽

User Data

Concerns for service computer networks’ security and reliability are growing rapidly due to increasing service devices with connections to external networks. This aggravates vulnerability of service networks to cyber attacks through external connections. Though encryption can provide security for user data transmissions, encryption itself could not provide protections against traffic analysis attacks. Techniques against traffic-analysis attacks through statistically controlling the transmission rate of padded and encrypted frames are unsuited for power system applications. This paper proposes three security operation modes for the newly developed security layer, located below DNP3 data-link layer, to strengthen encryption and authentication operations against the effectiveness of trafficanalysis and cryptanalysis attacks. The security models use padding to disguise the amount of user data transmitted and disguise the user data link layer frame amongst a group of manufactured frames similar to statistically controlling data transmission rate. The proposed security operations have been successfully applied to enhance power system security controls.

Download Full-text