VisTAS: blockchain-based visible and trusted remote authentication system

The information security domain focuses on security needs at all levels in a computing environment in either the Internet of Things, Cloud Computing, Cloud of Things, or any other implementation. Data, devices, services, or applications and communication are required to be protected and provided by information security shields at all levels and in all working states. Remote authentication is required to perform different administrative operations in an information system, and Administrators have full access to the system and may pose insider threats. Superusers and administrators are the most trusted persons in an organisation. “Trust but verify” is an approach to have an eye on the superusers and administrators. Distributed ledger technology (Blockchain-based data storage) is an immutable data storage scheme and provides a built-in facility to share statistics among peers. Distributed ledgers are proposed to provide visible security and non-repudiation, which securely records administrators’ authentications requests. The presence of security, privacy, and accountability measures establish trust among its stakeholders. Securing information in an electronic data processing system is challenging, i.e., providing services and access control for the resources to only legitimate users. Authentication plays a vital role in systems’ security; therefore, authentication and identity management are the key subjects to provide information security services. The leading cause of information security breaches is the failure of identity management/authentication systems and insider threats. In this regard, visible security measures have more deterrence than other schemes. In this paper, an authentication scheme, “VisTAS,” has been introduced, which provides visible security and trusted authentication services to the tenants and keeps the records in the blockchain.

Download Full-text

Corporate information security management

New Library World ◽

10.1108/03074809910285888 ◽

1999 ◽

Vol 100 (5) ◽

pp. 213-227 ◽

Cited By ~ 14

Author(s):

Ruth C. Mitchell ◽

Rita Marcella ◽

Graeme Baxter

Keyword(s):

Information Security ◽

Security Management ◽

Security Measures ◽

Electronic Information ◽

Security Risks ◽

Information Security Management ◽

Security Breaches ◽

Telephone Interviews ◽

It Department ◽

Corporate Information

To ensure business continuity the security of corporate information is extremely important. Previous studies have shown that corporate information is vulnerable to security attacks. Companies are losing money through security breaches. This paper describes an MSc project that aimed to investigate the issues surrounding corporate information security management. Postal questionnaires and telephone interviews were used. Findings indicate that companies are not proactively tackling information security management and thus are not prepared for security incidents when they occur. Reasons for this lack of action include: awareness of information security threats is restricted; management and awareness of information security is concentrated around the IT department; electronic information is viewed as an intangible business asset; potential security risks of Internet access have not been fully assessed; and surveyed companies have not yet encountered security problems, and therefore are unprepared to invest in security measures. The recommendations include that companies: carry out a formal risk analysis; move information security management from being an IT‐centric function; and alter perceptions towards electronic information so that information is viewed as a valuable corporate asset.

Download Full-text

Information security in healthcare supply chains: an analysis of critical information protection practices

Gestão & Produção ◽

10.1590/0104-530x5376-20 ◽

2020 ◽

Vol 27 (4) ◽

Author(s):

Tiago Murer Furlanetto ◽

Edimara Mezzomo Luciano ◽

Odirlei Antonio Magnagnagno ◽

Rafael Mendes Lübeck

Keyword(s):

Information Security ◽

Supply Chains ◽

Patient Information ◽

Vital Role ◽

Information Protection ◽

Security Measures ◽

Structured Interviews ◽

Four Dimensions ◽

Critical Information ◽

Security Practices

Abstract: Because of their vital role and the need to protect the patient information, interest in information security in Healthcare Supply Chains (HSCs) is growing. This study analyzes how decisions related to information security practices in HSCs contribute to protecting patient information. Eleven semi-structured interviews were performed. The interviewees were managers from Brazilian HSC organizations. Four dimensions and 14 variables identified in a literature review were used to perform categorical content analysis. The findings suggest organizations, while aware of their critical information and internal processes, lack the necessary metrics to measure the impacts of possible failures. It seems organizations tend to invest in standard security measures, while apparently ignoring the specificity and complexity of information in HSCs.

Download Full-text

A Survey on Performance Evolution Of Various Encryption Algorithms

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.37783 ◽

2021 ◽

Vol 9 (8) ◽

pp. 2721-2727

Author(s):

Pranjal Soni

Keyword(s):

Performance Evaluation ◽

Information Security ◽

Data Storage ◽

Computation Time ◽

Vital Role ◽

Encryption Algorithm ◽

Security Mechanism ◽

Malicious Attacks ◽

Cpu Time ◽

Encryption Algorithms

Abstract: Security is becoming much more important in data storage and transmission. Cryptography has come up as a solution which plays a vital role in information security system against malicious attacks. This security mechanism uses some algorithms to scramble data into unreadable text which can be only being decoded or decrypted by party those possesses the associated key. These algorithms consume a significant amount of computing resources such as CPU time, memory and computation time. In this paper we are studying the performance evaluation of the various encryption algorithms and also we are analyzing the best encryption algorithm from the widely used algorithms. Keywords: Cryptography, Encryption Algorithms, CPU Time, Computation Time

Download Full-text

Business Process and Information Security: A Cross-Listing Perspective

Journal of Industrial Integration and Management ◽

10.1142/s2424862216500093 ◽

2016 ◽

Vol 01 (02) ◽

pp. 1650009 ◽

Cited By ~ 2

Author(s):

Yong Chen ◽

Feng Dong ◽

Hong Chen

Keyword(s):

Information Security ◽

Stock Prices ◽

Business Processes ◽

Vital Role ◽

Sensitive Data ◽

Security Breaches ◽

Market Values ◽

Cross Listing ◽

Industry Integration ◽

The Impact

Sensitive data are often handled in business processes. As an important component of industry systems, information system (IS) plays a vital role in business processes. However, data and information may leak in business processes. The damages caused by information security breaches (ISBs) on firms are increasing in recent years. Previous studies have consistently found that the announcements of ISBs are negatively associated with the market values of the announcing firms during the days surrounding the breach announcements. Globalization drives firms in diverse industries to cross-list their stocks. With the benefits of cross-listing, firms are able to perform entrepreneurship and industry integration is improved as well. Because cross-listing improves information environments and provides better investor protection, this paper argues that cross-listing help firms to reduce the negative impacts caused by their announcements of ISBs. From the perspective of ISs engineering, this paper conducts an event study of 120 publicly traded firms and finds that cross-listing does not mitigate the impact of ISB announcements on a firm’s stock prices.

Download Full-text

How Bad is it? – A Branching Activity Model to Estimate the Impact of Information Security Breaches

SSRN Electronic Journal ◽

10.2139/ssrn.2233075 ◽

2013 ◽

Cited By ~ 5

Author(s):

Russell Cameron Thomas ◽

Marcin Antkiewicz ◽

Patrick Florer ◽

Suzanne Widup ◽

Matthew Woodyard

Keyword(s):

Information Security ◽

Activity Model ◽

Security Breaches ◽

The Impact

Download Full-text

The Market Value and Reputational Effects from Lost Confidential Information

International Journal of Financial Management ◽

10.21863/ijfm/2015.5.4.020 ◽

2015 ◽

Vol 5 (4) ◽

Cited By ~ 2

Author(s):

Joseph K. Tanimura ◽

Eric W. Wehrly

Keyword(s):

Information Security ◽

Market Value ◽

Direct Costs ◽

Publicly Traded ◽

Confidential Information ◽

Publicly Traded Companies ◽

Security Breaches ◽

Customer Information ◽

Employee Information

According to many business publications, firms that experience information security breaches suffer substantial reputational penalties. This paper examines incidents in which confidential information, for a firms customers or employees, is stolen from or lost by publicly traded companies. Firms that experience such breaches suffer statistically significant losses in the market value of their equity. On the whole, the data indicate that these losses are of similar magnitudes to the direct costs. Thus, direct costs, and not reputational penalties, are the primary deterrents to information security breaches. Contrary to many published assertions, on average, firms that lose customer information do not suffer reputational penalties. However, when firms lose employee information, we find significant reputational penalties.

Download Full-text

A security study in Portuguese Public Hospitals - GDPR perspective (Preprint)

10.2196/preprints.17896 ◽

2020 ◽

Author(s):

Cátia Santos-Pereira

Keyword(s):

Information Systems ◽

Identity Management ◽

Personal Data ◽

Public Hospitals ◽

Hospital Environment ◽

Security Measures ◽

Eu Member States ◽

Security Issues ◽

Management Processes ◽

Authentication Security

BACKGROUND GDPR was scheduled to be formally adopted in 2016 with EU member states being given two years to implement it (May 2018). Given the sensitive nature of the personal data that healthcare organization process on a 24/7 basis, it is critical that the protection of that data in a hospital environment is given the high priority that data protection legislation (GDPR) requires. OBJECTIVE This study addresses the state of Public Portuguese hospitals regarding GDPR compliance in the moment of GDPR preparation period (2016-2018) before the enforcement in 25 May 2018, and what activities have started since then. The study focuses in three GDPR articles namely 5, 25 and 32, concerning authentication security, identity management processes and audit trail themes. METHODS The study was conducted between 2017 and 2019 in five Portuguese Public Hospitals (each different in complexity). In each hospital, six categories of information systems critical to health institutions were included in the study, trying to cover the main health information systems available and common to hospitals (ADT, EPR, PMS, RIS, LIS and DSS). It was conducted interviews in two phases (before and after GDPR enforcement) with the objective to identify the maturity of information systems of each hospital regarding authentication security, identity management processes and traceability and efforts in progress to avoid security issues. RESULTS A total of 5 hospitals were included in this study and the results of this study highlight the hospitals privacy maturity, in general, the hospitals studied where very far from complying with the security measures selected (before May 2018). Session account lock and password history policy were the poorest issues, and, on the other hand, store encrypted passwords was the best issue. With the enforcement of GDPR these hospitals started a set of initiatives to fill this gap, this is made specifically for means of making the whole process as transparent and trustworthy as possible and trying to avoid the huge fines. CONCLUSIONS We are still very far from having GDPR compliant systems and Institutions efforts are being done. The first step to align an organization with GDPR should be an initial audit of all system. This work collaborates with the initial security audit of the hospitals that belong to this study.

Download Full-text

Effective Multi-Layer Security for Campus Network

Journal of Communications Technology Electronics and Computer Science ◽

10.22385/jctecs.v2i0.18 ◽

2015 ◽

Vol 2 ◽

pp. 6

Author(s):

Isiaka Ajewale Alimi

Keyword(s):

Network Architecture ◽

Communication Systems ◽

Denial Of Service ◽

High Rate ◽

Campus Network ◽

Security Measures ◽

Security Breaches ◽

Security Technologies ◽

Network Layers ◽

Firewall System

The development in different communication systems as well as multimedia applications and services leads to high rate of Internet usage. However, transmission of information over such networks can be compromised and security breaches such as virus, denial of service, unauthorized access, and theft of proprietary information which may have devastating impact on the system may occur if adequate security measures are not employed. Consequently, building viable, effective, and safe network is one of the main technical challenges of information transmission in campus networks. Furthermore, it has been observed that, network threats and attacks exist from the lower layers of network traffic to the application layer; therefore, this paper proposes an effective multi-layer firewall system for augmenting the functionalities of other network security technologies due to the fact that, irrespective of the type of access control being employed, attacks are still bound to occur. The effectiveness of the proposed network architecture is demonstrated using Cisco Packet Tracer. The simulation results show that, implementation of the proposed topology is viable and offers reasonable degree of security at different network layers.

Download Full-text

s2p: Provenance Research for Stream Processing System

Applied Sciences ◽

10.3390/app11125523 ◽

2021 ◽

Vol 11 (12) ◽

pp. 5523

Author(s):

Qian Ye ◽

Minyan Lu

Keyword(s):

Data Storage ◽

Stream Processing ◽

Processing System ◽

Coarse Grained ◽

Stream Data ◽

Related Data ◽

Dsp System ◽

Provenance Research ◽

Dsp Systems ◽

Abnormal Results

The main purpose of our provenance research for DSP (distributed stream processing) systems is to analyze abnormal results. Provenance for these systems is not nontrivial because of the ephemerality of stream data and instant data processing mode in modern DSP systems. Challenges include but are not limited to an optimization solution for avoiding excessive runtime overhead, reducing provenance-related data storage, and providing it in an easy-to-use fashion. Without any prior knowledge about which kinds of data may finally lead to the abnormal, we have to track all transformations in detail, which potentially causes hard system burden. This paper proposes s2p (Stream Process Provenance), which mainly consists of online provenance and offline provenance, to provide fine- and coarse-grained provenance in different precision. We base our design of s2p on the fact that, for a mature online DSP system, the abnormal results are rare, and the results that require a detailed analysis are even rarer. We also consider state transition in our provenance explanation. We implement s2p on Apache Flink named as s2p-flink and conduct three experiments to evaluate its scalability, efficiency, and overhead from end-to-end cost, throughput, and space overhead. Our evaluation shows that s2p-flink incurs a 13% to 32% cost overhead, 11% to 24% decline in throughput, and few additional space costs in the online provenance phase. Experiments also demonstrates the s2p-flink can scale well. A case study is presented to demonstrate the feasibility of the whole s2p solution.

Download Full-text

Strain-Multiplexing Optical-Tuning based on Single-Pulsed Holographic Nanostructures

Nanoscale ◽

10.1039/d1nr01586a ◽

2021 ◽

Author(s):

Muhammad Waqas Khalid ◽

Rajib Ahmed ◽

Haider Butt

Keyword(s):

Data Storage ◽

Near Infrared ◽

Vital Role

Holographic flexible and rigid-nanostructures in the visible to near infrared plays a vital role in various applications including display, data storage, imaging, and security. However, personalized use of holography is...

Download Full-text