System End-User Actions as aThreat to Information System Security

Information system security is of paramount importance to every institution that deals with digital information. Nowadays, efforts to address cybersecurity issues are mostly software or hardware-oriented. However, the most common types of cybersecurity breaches happen as a result of unintentional human errors also known as end user actions. Thus, this study aimed to identify the end-user errors and the resulting vulnerabilities that could affect the system security requirements, the CIA triad of information assets. The study further presents state-of-the-art countermeasures and intellectual ideas on how entities can protect themselves from advent events. Adopted is a mixed-method research approach to inform the study. A closed-ended questionnaire and semi-structured interviews were used as data collection tools. The findings of this study revealed that system end user errors remain the biggest threat to information systems security. Indeed errors make information systems vulnerable to certain cybersecurity attacks and when exploited puts legitimate users at risk.

Information System Security Evaluation Algorithm Based on PSO-BP Neural Network

With the deepening of big data and the development of information technology, the country, enterprises, organizations, and even individuals are more and more dependent on the information system. In recent years, all kinds of network attacks emerge in an endless stream, and the losses are immeasurable. Therefore, the protection of information system security is a problem that needs to be paid attention to in the new situation. The existing BP neural network algorithm is improved as the core algorithm of the security intelligent evaluation of the rating information system. The input nodes are optimized. In the risk factor identification stage, most redundant information is filtered out and the core factors are extracted. In the risk establishment stage, the particle swarm optimization algorithm is used to optimize the initial network parameters of BP neural network algorithm to overcome the dependence of the network on the initial threshold, At the same time, the performance of the improved algorithm is verified by simulation experiments. The experimental results show that compared with the traditional BP algorithm, PSO-BP algorithm has faster convergence speed and higher accuracy in risk value prediction. The error value of PSO-BP evaluation method is almost zero, and there is no error fluctuation in 100 sample tests. The maximum error value is only 0.34 and the average error value is 0.21, which proves that PSO-BP algorithm has excellent performance.

KAMI index as an evaluation of academic information system security at XYZ university

XYZ University is one of the universities that has used information technology to create quality service for students and the entire academic community. This Information technology service is managed by Information Technology and Communication Center (PUSTIK) which is responsible to carry out the development, management, service, and maintaining the security of information and communication technology. Good information technology governance should be able to maintain information security. Therefore, it is necessary to evaluate information system security especially the security of academic information systems. This information system security evaluation uses Keamanan Informasi (KAMI) Index which refers to the ISO/IEC 27001:2013 standard to be able to determine the maturity level of information security. An evaluation of five areas of the KAMI Index shows the Information Security Risk Management area gets the lowest score at 10 out of a total of 72. The result of the KAMI Index dashboard shows that the maturity level of each area of information security is at levels I and I+ with a total score of 166. This means that the level of completeness of implement ISO 27001:2013 standard is in the inadequate category.

Factors influencing information security compliance: an institutional perspective

Information is the critical resource of modern organization that needs to be protected from both internal and external threats so as to sustain in this competitive business environment. In order to do so, comprehensive security policy must be formulated and implemented. Every employee of the organization must comply with the organization’s security policy. Although organizations implement information security policy, it is commonly observed that employees do not comply with the organization information security policy. The purpose of this research was to identify organizational factors that shape employees behavior to comply with information system security policy in Ethio-telecom. Data were collected via using survey method. Multiple linear regression was used as data analysis method. The study result showed that management support, awareness and training, and accountability are leading organizational factors that shape employees behavior to comply with the existing information system security policy. This is a single case study; it cannot be generalized for other organizations. Other researchers can replicate this research for generalizability of the research findings across different contexts.