Extending unified theory of acceptance and use of technology with ISO/IEC 27001 security standard to investigate factors influencing Bring Your Own Device adoption in South Africa

Background: As the use of mobile computing devices such as smartphones increase in developing countries, some employees in organisations prefer using their privately owned mobile devices for work purposes by following the Bring Your Own Device (BYOD) practice. However, the actual factors that influence the adoption of this practice are limited.Aim: This study aimed to investigate the factors that positively influence the employee’s behavioural intention to adopt the BYOD practice in organisations.Setting: The focus of the study is workers in various industries in South Africa.Method: A model is proposed which extends components of the Unified Theory of Acceptance and the Use of Technology (UTAUT) model by certain elements of the ISO/IEC 27001 security standard and an organisational factor. It is a quantitative study. Through a snowball method, a sample of 130 South African workers participated in the study by completing an electronic survey where 106 valid responses were received.Results: The data analysis was conducted through the SPSS data analysis tool. The results revealed that performance expectancy, effort expectancy, awareness and training, and policy existence positively influence the behavioural intention to adopt the BYOD Practice.Conclusion: The outcome of this study will benefit practitioners considering the implementation of BYOD and also researchers seeking to expand the scope of existing technology adoption frameworks.

General Cybersecurity Maturity Assessment Model: Best Practice to Achieve Payment Card Industry-Data Security Standard (PCI-DSS) Compliance

The use of technology in the era of the Industrial Revolution 4.0 is essential, marked by the use of technology in the economy and business. This situation makes many companies in the payment sector have to improve their information technology security systems. In Indonesia, Bank Indonesia and the Financial Services Authority (Otoritas Jasa Keuangan - OJK) are agencies that provide operational permits for companies by making Payment Card Industry-Data Security Standard (PCI-DSS) certification as one of the requirements for companies to obtain operating permits. However, not all companies can easily get PCI-DSS certification because many companies still do not meet the PCI-DSS requirements. The research offers a methodology for measuring the level of technology and information maturity using general cybersecurity requirements adopted from the cybersecurity frameworks of CIS, NIST, and Cobit. Then, the research also performs qualitative calculations based on interviews, observations, and data surveys conducted on switching companies that have been able to implement and obtain certification. PCI-DSS to produce practical cybersecurity measures, in general, can be used as a measure of the maturity of technology and information security. The results and discussion provide a model assessment tool on the procedures and requirements needed to obtain PCI-DSS certification. The maturity level value of PT XYZ is 4.0667 at maturity level 4, namely quantitatively managed, approaching level 5 as the highest level at maturity level.

The Phenomenon of National Security within Postmodern Cultures: Interests, Values, Mentality

The article is devoted to defining the essence of security, particularly national security, its interpretation, main features, structure, and factors. The research focuses on the main concepts of the modern understanding of national security and defines national security according to recent research. The authors have performed a structural and functional analysis of the system of national security of Ukraine, which would be an adequate counteraction to threats to vital national interests. The article examines the multi-vector interpretation and representation of the security phenomenon with an increased focus on the axiological paradigm of postmodern society analysis. The cardinal role of postmodernism is considered as a manifestation of postmodern culture in the value dimension of social-political existence. Postmodernism, on the one hand, enabled new vectors of analytical understanding and perception of the security phenomenon. On the other hand, it introduced an imbalance and determined the crisis factor in the space of classical perception of security guarantors due to violating the established foundations and traditions (especially in the perception of the state institution). The rejection factor is seen as a core feature of postmodern social-political reality. The emphasis is given to the problem of the security standard in the security studies and the idea of the mutual determination of both national interests and national values. The article states the importance and priority of historical memory and the phenomenon of mentality in the context of future analytical discourses in the scope of Ukrainian security studies.

A Software Security Optimization Architecture (SoSOA) and its Adaptation for Mobile Applications

Security attacks become daily news due to an exposure of a security threat in a widely used software. Taking software security into consideration during the analysis, design, and implementation phases is a must. A software application should be protected against any security threat such as unauthorized distribution or code retrieval. Due to the lack of applying a software security standard architecture, developers may create software that may be vulnerable to many types of security threats. This paper begins by reviewing different types of known software security threats and their countermeasure mechanisms. Then, it proposes a new security optimization architecture for software applications. This architecture is a step towards establishing a standard to guarantee the software's security. Furthermore, it proposes an adapted software security optimization architecture for mobile applications. Besides, it presents an algorithmic implementation of the newly proposed architecture, then it proves its security. Moreover, it builds a secure mobile application based on the newly proposed architecture.

A Chosen Random Value Attack on WPA3 SAE protocol

Wi-Fi Alliance(WFA) recently standardized the new suites of security protocols, as known as WPA3, to enhance the Wi-Fi security, which includes the SAE protocol. SAE (Simultaneous Authentication of Equals), based on the Dragonfly key exchange protocol, is a password authenticated key exchange protocol, which has been ratified in Internet Engineering Task Force (IETF) RFC 7664. The SAE Authenti- cation Protocol was first submitted to the IEEE 802.11s (Wi-Fi Mesh Networks), and recently was successfully selected as a candidate security standard to become the next generation Wi- Fi security protocol, WPA3. The SAE key exchange protocol and its variants, i.e, the Dragonfly key exchange protocol and TLS-PWD, have received some cryptanalysis, in which the authors pointed out the Dragonfly protocol exists the sub- group attack vulnerability. In this paper, we also observed some vulnerability that could result in the impersonation attacks.

CLE against SOA with Better Data Security Storage to Cloud 5G

Cloud 5G and Cloud 6G technologies are strong backbone infrastructures to provide high data rate and data storage with low latency for preserving QoS (Quality of Service) and QoE (Quality of Experience) in applications such as driverless vehicles, drone-based deliveries, smart cities and factories, remote medical diagnosis and surgery, and artificial-intelligence-based personalized assistants. There are many techniques to support the aforementioned applications, but for privacy preservation of Cloud 5G, the existing methods are still not sufficient. Public key encryption (PKE) scheme is an important means to protect user data privacy in Cloud 5G. Currently, the most common PKE used in Cloud 5G is CCA or CPA secure ones. However, its security level maybe not enough. SOA security is a stronger security standard than CPA and CCA. Roughly speaking, PKE with SOA security means that the adversary is allowed to open a subset of challenger ciphertexts and obtains the corresponding encrypted messages and randomness, but the unopended messages and randomness remain secure in the rest of the challenger ciphertexts. Security against SOA in PKEs has been a research hotspot, especially with the wide discussion in Cloud 5G. We revisited the SOA-CLE and proposed a new security proof, which is more concise and user friendly to understand privacy preservation in Cloud 5G applications.

Cyber Security Methodologies and Attack Management

Cyber Security refers to the processes of protecting data and systems from cyber-attacks. Any firm without security policies and systematic security systems is at large risk and the important data related to that firm are not safe without security policies like. Payment Card Industry and Data Security Standard framework used to protect payment security credit card, debit card, etc. In maintaining access, the hacker inside the target system is used to exploit vulnerabilities and password cracking. In today’s era, day by day cybercrimes rise so it raised the requirement of system Security or even the entire network. As more business exercises are being mechanized and an expanding number of PCs are being utilized to store important data, the requirement for secure PC frameworks turns out to be more evident. As a result, network safety issues have become public safety issues.

Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS

Data or Information security in today's digital era is crucial in every organization that needs to pay attention. Management of organizational information is one of the components in realizing Good Corporate Governance. The measure of an adequate level of protection is an indicator of the cybersecurity awareness aspects of an organization's business processes in the short, medium, and long term, especially in the field that deals with information and communication technology (ICT). To make this happen, it requires a security standard that is appropriate and follows its needs to help organizations know the maturity level of cybersecurity in protecting its information security. The ABC organization is one of the Government agencies that manage the critical infrastructure and Indonesian digital economies. The organization has currently implemented several international security standards through its planning, implementation, evaluation document, and ICT activities. However, based on the national information security readiness assessment, information security management readiness results are still not optimal. In this study, an analysis of the NIST, ISO 27002, COBIT, and PCI DSS security standards has been carried out, which are ABC organizational security standards in managing ICT by assigned tasks and functions. Furthermore, the analysis result is used as materials for drafting a cybersecurity maturity framework through the four standard approaches that have become the basis for ICT management. The proposed concept of twenty-one integrated cybersecurity categories is expected to be a capital in measure ICT management performance in ABC organizations.