Remote Access Security: Optimum Strategy and Solutions for Small and Medium Scale Enterprises (SMEs)

Small and medium enterprises (SMEs) are depending more on their ICT framework however they do not possess the ability to direct it reasonably because of monetary impediments, limited assets, and insufficient specialized expertise. A sizeable number of SME executives expect that ICT security per remote access in their organizations is only like introducing a firewall and refreshing the antivirus program as frequently on a case by case basis. Remote access initiatives, against hacking systems and approaches, remote access controls, and numerous other related aspects are only investigated solely after security breaches. To improve remote access security in an organization comprehensively, four aspects including organizational, work process, data, and technical aspects must be figured out. With SMEs’ limited spending plans and more requirements for remote employees, it is exceptionally evident that they will remain easy prey for attackers since they cannot bear the cost of the typical secure remote access technologies and solutions. This paper explored a more ideal solution that will fit into the usual SME low remote access security financial plans but at the same time sufficiently powerful to protect them from digital and other IT attacks.

AWARENESS OF ICT SECURITY POLICY TO ENSURE DATA PROTECTION IN FORESTRY DEPARTMENT PENINSULAR MALAYSIA

The Forestry Department Peninsular Malaysia's (FDPM) ICT Security Policy was developed and implemented in 2012 and reviewed in 2015. This policy aims to take the lead in managing data, hardware, software, network, and ICT security under legal regulations. Amongst the department's responsibilities are to implement data confidentiality, integrity, and availability policies to ensure the continuity of activities and services while mitigating the impact of security incidents. Accidentally, on September 16, 2016, a fire broke out in the FDPM building, causing property damage and document destruction with an estimated loss of RM30 million. Currently, in Malaysia, cybercrime and government data intrusion has become increasingly difficult to combat. Raising public awareness, particularly among officers who serve as service providers and department employees, is therefore critical to address those issues. Therefore, the objectives of this research are to determine the level of awareness of FDPM employees regarding FDPM ICT Security Policy as well as to investigate the factors that influence information security awareness. Inputs from this study were derived from both primary and secondary sources to meet the objectives. Primary data was gathered through surveys where 130 questionnaires were distributed to FDPM headquarters employees at the management, professional, and support team levels. Meanwhile, secondary data was gathered from FDPM annual and management reports, statistical data, journals, reference documents, and the Internet. The findings were analyzed statistically using SPSS. The level of awareness has been determined and an appropriate criterion to improve the level of information security awareness among FDPM employees was recommended which may help for a better understanding of department culture and increase a higher level of security awareness among FDPM employees.

Re-Visiting Cyber Security Training in the COVID-19 Era

Cyber security training, as many other aspects in our lives, has been adapted to address concerns related to travel restrictions and group gatherings resulting from the COVID-19 pandemic. In this context, ENISA, the European Union Agency for Cybersecurity, had to re-visit and significantly modify its already established course on Information Security Management and ICT security, which is provided under the auspices of the European Security and Defence College (ESDC). The program provides public employees the opportunity to gain the necessary knowledge and skills to assume an Information Security Management role. The restructured course was introduced to address the COVID-19 restrictions and has proven to be equally effective to the classroom-delivered course, if not more effective at some parts. This paper presents the main structure of the fully online training, its innovative elements, and the assessment results which prove that COVID-19 pandemic has triggered the introduction of innovative and successful on-line training scenarios.

ICT security in tax administration - AV protection systems

The article discusses the topic of ICT security in tax administration. This paper presents a study of the security level of endpoints8, servers using three antivirus protection systems. It discusses three independent solutions used to ensure the protection of ICT equipment in public administration.

ICT security in tax administration - Rapid7 Nexpose vulnerability analysis

The article focuses on the subject of IT security in tax administration. This study presents the research on the security level of endpoints, servers, printing devices, network switches and other ICT devices using the Rapid Nexpose vulnerability scanner. We discuss the specifics of security research in public administration resulting from the laws in force in these institutions.

Challenges and Opportunities Related to Use of Models in Drilling Operations

Automation of managed pressure drilling (MPD) has a big potential for improving consistency, efficiency, and safety of operations, and is therefore pursued by many actors. While this development mitigates many risk elements, it also adds some related to for example mathematical algorithms and remote access. This work is based on document reviews, interviews, and working sessions with the industry, and adds insight on how risks associated with moving to higher levels of automation of MPD can be mitigated to a level where benefits are significantly larger than the sum of added risks. The work has resulted in many recommendations for the industry, where most were related to testing, verification, and validation of the models and data inputs, as well as meaningful human control and employing a holistic approach when introducing new models. Recommendations were also given to the Petroleum Safety Authority Norway. These were related to missing or inadequate use of standards by the industry, lack of ICT knowledge, and encouraging increased experience sharing. Future work should address how to enable meaningful human control as models become more complex or to a larger extent is based on empirical data and artificial intelligence as opposed to models based on first principles. Human control is important in unexpected situations in which the system fails to act safely. There is also a need to address ICT security issues arising when remote operation becomes more common.

CIVIL SERVANTS AWARENESS GUIDELINE TOWARDS COMPUTER SECURITY POLICY: A CASE STUDY AT THE MANPOWER DEPARTMENT, MINISTRY OF HUMAN RESOURCES

ICT Security Policy includes information security-related policies, guidelines and best practices that are enforced in the Malaysian public sector. These policies are priority areas that contain guidelines for implementing ICT infrastructure in the public sector. However, there is a significant gap between these policies and awareness towards computer security policy among government servants in the public sector. Therefore a study involving government servants in the Manpower Department, Ministry of Human Resources was carried out to identify the critical success factor of these policies. The study was conducted through quantitative and qualitative methods. A survey was conducted to measure the level of awareness among government servants in agencies against computer security policies. Flaw factors in computer security policy implementation were discussed to obtain strategies to ensure the successful implementation of computer security policies in an agency. The significant factors leading to a successful implementation of computer security policy at the governmental agencies were validated by experts. As a result, a guideline has been prepared to be applied as an improvement proposal to increase the awareness of government servants on ICT security policy in the agencies.