Information Security Experts Research Articles

Cybersecurity Challenges in the Era of Chinese Electric Passenger Vehicles

The present research focuses on investigating the security of data transmitted by electric passenger vehicles originating from the People’s Republic of China, particularly when sent for remote processing. Initially, the study examines the factors contributing to the widespread presence of Chinese vehicles in the European market. Additionally, it explores the measures undertaken by the European Union to safeguard the information and data security of its member states. Following this investigation, an in-depth qualitative research method involving semi-structured interviews was conducted. Ten experts in information security were interviewed, and their insights were analysed concerning the identified challenges. The primary objective of this publication is to draw attention to the conceptual deficiencies that impede the protection of data and information, highlighting how a large volume of data collected from a third country, in this case, electric passenger vehicles, may pose national security risks.

Research on Privacy-by-Design Behavioural Decision-Making of Information Engineers Considering Perceived Work Risk

Privacy by design (PbD) has attracted considerable attention from researchers and information security experts due to its enormous potential for protecting private information and improving the privacy and security quality of information technology products. The adoption of PbD among information engineers is currently limited owing to its innovativeness and the distinctive traits of the information technology industry. Utilising the Technology Acceptance Model as a framework, this study innovatively explores the pivotal factors and mechanisms that influence information engineers’ decision-making in the adoption of PbD from the viewpoint of the perceived work risk. In this empirical research, professional information engineers were invited to complete a questionnaire survey. After analysing the data using partial least squares structural equation modelling, the results reveal that information engineers’ perceived work risk in PbD (PWRP) negatively affects their perceptions of the usefulness and ease of use of PbD. This negative perception subsequently reduces their intention to implement PbD (INTP) and adversely impacts their attitudes towards implementing PbD (ATTP). Furthermore, the study findings reveal that a positive ATTP among engineers boosts their INTP and positively influences their behaviours regarding information security. This study provides an in-depth examination of these findings and lays a solid theoretical groundwork for the further promotion and implementation of PbD in information technology enterprises. Moreover, the findings offer invaluable support for management decisions in both information technology companies and information security regulatory authorities, significantly contributing to the expansion and deepening of research in the field of PbD.

Electronic footprint analysis and cluster analysis techniques for information security risk research of university digital systems

In the article there are presented results of the study of the state of user competencies for different specialties of the university digital educational environment (UDEE) on issues related to information security (IS). The methods of cluster analysis and analysis of digital (electronic) traces (DT) of users are used. On the basis of analyzing the DTs of different groups of registered users in the UDEE, 6 types of users are identified. These types of users were a result of applying hierarchical classification and k-means method. Users were divided into appropriate clusters according to the criteria affecting IS risks. For each cluster, the UDEE IS expert can determine the probability of occurrence of high IS risk incidents and, accordingly, measures can be taken to address the causes of such incidents. The algorithms proposed in this study enable research during log file analysis aimed at identifying breaches of information security within the university's DEE.

Importance of cyber protection in the power grid in the face of an uncertain future

In the digital era, cybersecurity is transforming the behavior of human beings in the correct use of technology, which is why it has become a critical element in business strategy, thus giving rise to the present research, which identified the current situation of associated companies in the process of generation, transmission, distribution and public lighting of electricity in Costa Rica, in the field of cybersecurity, with special emphasis on the identification, analysis and evaluation of policies, standards, procedures, controls, regulations and infrastructure in the sector. The study approach was quantitative, descriptive, and exploratory; based on a sample of experts in information security, where a survey was used for data collection. In the findings obtained, the existence of personnel with the technical knowledge to deal with a computer incident was observed, but from the business perspective, the lack of an institutional guideline and country strategy for the protection of the electrical network was recognized. In conclusion, there is a latent risk in the infrastructure of the national power grid, which is evidenced by the lack of a clear national strategy that establishes a roadmap to protect the sector against a possible cyber-attack.

Mapping the intellectual structure and evolution of information technology and auditing: a bibliometric review

Purpose- The goal of this study is to conduct a bibliometric analysis of papers relevant to information technology (IT) and auditing that were published in the Web of Science Core Collection database between 1978 and 2022. Methodology- This study does a bibliometric analysis of 2991 audit and information technology publications from a pool of 7738. It works in two steps: descriptive performance metrics and co-word analysis. The descriptive metrics include publishing patterns, productive nations and authors, effect on certain areas and journals, number of citations by country, and publications with the highest citations. The co-occurrence analysis maps the ties between concepts by utilizing social network analysis methods to investigate the field's interconnections. Findings- This study identifies six major trends in IT and auditing: increased technology use in internal auditing, the demand for information security expertise, transparency in the digital age, technology for ethical auditing, cloud-based auditing with blockchain, and post-COVID IT continuous auditing standards. These trends highlight the need for auditors to adapt to evolving technology and ethical considerations, prioritizing data security and privacy. Additionally, the survey reveals key authors, publications, and countries in this field, offering valuable insights for industry leaders and potential research collaborations. Conclusion- This study provides a complete overview of the topic of IT and auditing by integrating several methodological techniques. This study provides direction for future research in addition to offering significant insight into the main research trends, issues, and problems in this subject. Keywords: Information technology, auditing, co-occurrence analysis, bibliometric analysis. JEL Codes: M41, M42

Untangling the Link Between Digital Transformation and Information Security Management

Digital transformation is considered a source of competitive advantage and improved organisational performance. Within the public sector, leaders anticipate digital transformation to help them improve transparency and accountability, and stakeholders’ participation in public decision-making. At the same time, the accelerated adoption of digital technologies within the sector has also made information an important asset. Thus, the effectiveness of the information security management put in place determines whether an organisation can realise the benefits of successful digital transformation. Adopting a mixed-method approach (13 interviews and an online survey with 128 information security experts), this study identified various antecedents of effective information security management, i.e., leadership skills and attitudes, organisational culture, organisational structure, IT governance, IT alignment, and human resource management practices. Partial Least Structural Equation Modelling technique was adopted to test the proposed theoretical model and hypothesised causal relationships.

A Static Approach for Malware Analysis: A Guide to Analysis Tools and Techniques

Abstract: Malicious code presents a severe risk to computer systems, making work difficult for information security and cyber experts. Malware analysis is in great demand because of its importance and function in digital forensics and cyber security. Malware, often known as malicious software, is purposefully written software that harms or damages people, computers, servers, or networks. An overview of malware analysis methods and techniques in the fields of digital forensics and cyber security is given in this article. The study examines several malware types, their characteristics, and analysts' challenges in locating and analyzing them. It also highlights the importance of continuing this field's research and development to stay ahead of evolving malware threats. Trojan horses, worms, backdoors, rootkits, and adware are examples of malware. There are several methods for analyzing malware, but one of the most well-known is static analysis. This article will look at several methods for doing malware analysis and detection on corporate systems, as well as the resources available to assist with sample inspection to reduce the impact of malware assaults on an organization's operations. The investigator must first choose which methods and instruments to use for analysis. Static analysis, which includes malware scanners and detectors, is the first line of defense against malware. As technology advances, malware creators use various techniques to conceal their source code from scanners and detectors that search for strings, pattern matching, and other similar patterns to determine hash values that may be used to identify the infection. Malware experts decompress the packed file into unpacked one to examine obfuscated malware. This study examines efforts to investigate the many techniques and instruments malware uses in the real world.

File Encryption and Decryption Software

Since the advent of information technology (the internet) a few decades ago, there have been many changes made to the way information is shared and moved between people, between nations, and throughout the whole world. Information security experts are growing worried about how to solve the issue of information "theft," which has been for a long. Today, it is clear that information security is the solution due to the present spread of several recently developed cryptanalysis techniques. To create a file that can be hashed and firmly decrypted by reliable file storage software, our technique in this work is to use the encryption methods of AES and MD5 after a few steps in the encryption process. The key feature of our programme is the addition of those components throughout the encryption process to create a hashed result that is intertwined and immune to eavesdroppers' nasty techniques. Since any form of a file, including binary, text, and other types, may be effectively encrypted, the encryption results have demonstrated that the programme can provide a broad range of file encryption.

SECDFAN: A Cyber Threat Intelligence System for Discussion Forums Utilization

Cyber Threat intelligence (CTI) systems offer new capabilities in the arsenal of information security experts, who can explore new sources of data that were partially exploited during the past decades. This paper deals with the exploitation of discussion forums as a source of raw data for a cyber threat intelligence process. Specifically, it analyzes the discussion forums’ characteristics and investigates their relationship with CTI. It proposes a semantic schema for the representation of data collected from discussion forums. Then, it applies a systematic methodology to design the reference architecture of the SECDFAN system, which handles the creation of CTI products following a comprehensive approach from the source selection to CTI product sharing and security experts’ collaboration. The final product of this work is the SECDFAN reference architecture. The contribution of this paper is the development of a CTI reference architecture of a system that, by design, handles all CTI-related issues for creating CTI products by analyzing the content of discussion forums.

The Effect of Applying Information Security Awareness Concept of MOH Employees on Cybersecurity Department – Ministry of Health –Riyadh

The proposed study focuses on the effect of applying the concept of information security awareness of MOH employees on the cybersecurity department at the Ministry of Health in Riyadh. The researcher used the descriptive analytical method in order to achieve the study objectives and used a questionnaire for collecting data. The study sample consisted of around (430) of MOH employees. The results of the study showed a high level of agreement on answering its questions. The study yielded numerous recommendations; it stressed that spreading the culture of awareness on the importance of personal information, through holding workshops, is considered as the most effective way to reduce cybersecurity risks. Also, it showed that the cybersecurity department is keen to develop guidelines to be followed by employees in order to limit the sharing of personal information and that paramount importance should be attached to the human element by familiarizing it with the tricks used by cybercriminals. In addition, the cybersecurity department is keen to create an electronic archive that includes monitoring and recording of cybersecurity incidents and should encourage employees to view this archive and consider it as a means of exchanging knowledge and raising awareness. Moreover, it is imperative to use the contribution of information security experts in order to design awareness programs. In addition, advanced technical training should be directed to employees to keep pace with the rapid development in methods and techniques of information crime. The researcher achieved various design of training and education program.

Outsource or not? An AHP Based Decision Model for Information Security Management

Abstract Purpose: Outsourcing information security has proven to be an efficient solution for information security management; however, it may not be the most suitable approach for every organization. This research aimed to develop a multi-criteria decision-making model that would enable organizations to determine which approach to information security management (outsourcing or internal management) is more suitable for their needs and capabilities. Methods: Our study utilized several different research methods. First, the decision criteria were identified by reviewing related work and then selected by information security experts in a focus group. Second, a survey was conducted among information security practitioners to assign the criteria weights. Third, four use cases were conducted with four real-world organizations to assess the usability, ease of use, and usefulness of the developed model. Results: We developed a ten-criteria model based on the analytic hierarchy process. The survey results promote performance-related criteria as more important than efficiency-focused criteria. Evidence from use cases proves that the decision model is useful and appropriate for various organizations. Conclusion: To make informed decisions on approaching information security management, organizations must first conduct a thorough analysis of their capabilities and needs and investigate potential external contractors. In such a case, the proposed model can serve as a useful support tool in the decision-making process to obtain clear recommendations tailored to factual circumstances.

СИСТЕМА ПІДТРИМКИ ПРИЙНЯТТЯ РІШЕНЬ ЩОДО ПІДВИЩЕННЯ РІВНЯ ІНФОРМАЦІЙНОЇ БЕЗПЕКИ ПІДПРИЄМСТВА

The article proposes a decision support system (DSS) to increase the level of information security of domestic enterprises, which allows individual selection of methods and tools of such a policy based on expert data, as well as taking into account the wishes of the business entity. Its structure was determined and substantiated; program implementation of such DSS for adaptive selection of methods and means of information security policy was carried out. The main functions of such DSS to increase the level of information security of the enterprise are: user authentication; assessment by an independent information security expert of the priority of protection against possible or potential threats; the ability of the user to choose the most common threats to the company for which it is necessary to take specific protection; offer the user the most appropriate methods of information security policy, taking into account all his wishes; dynamic data update to monitor the latest security methods. The scientific novelty of the obtained results is that it was developed for the first the DSS which allows to increase the level of information security of the enterprise by means of system technique and ER-modelling and to select individual methods and tools of information security policy of enterprise based on the wishes of the entrepreneur and expert assessments text.

User Acceptance of Password Manager Software: Evidence from Australian Microbusinesses

While text passwords are still a pervasive authentication tool, their inadequacies are well recognized. Poorly chosen and weak passwords are the main reason behind security breaches. Multiple authentication techniques such as biometric, token-based, and knowledge-based authentication have been developed to overcome data leaks. However, acceptance of these authenticating techniques is complicated, and users find them hard to use. Microbusinesses, defined as having less than two employees, usually have very limited resources including budget, information security expertise and updated computer systems to fulfil the security requirements. Many microbusiness owners use the same information technology as in the home but for more sophisticated commercial reasons. An effective and easy way for microbusinesses to add an extra protection layer to their systems and passwords is through the use of password managers. This paper examines the useability and ease of use of the password manager software. We extended the Technology Acceptance Model (TAM) and tested the mediating role of self-efficacy on TAM's relationship with computer security usage. A sample of 420 microbusiness owners was taken to test the relationships among the variables through an online web-based survey. The results confirmed that self-efficacy plays a vital role in the user acceptance of password managers and reported its mediating role between perceived ease of use, perceived usefulness, and computer security usage.

Ensemble Learning for Threat Classification in Network Intrusion Detection on a Security Monitoring System for Renewable Energy

Most approaches for detecting network attacks involve threat analyses to match the attack to potential malicious profiles using behavioral analysis techniques in conjunction with packet collection, filtering, and feature comparison. Experts in information security are often required to study these threats, and judging new types of threats accurately in real time is often impossible. Detecting legitimate or malicious connections using protocol analysis is difficult; therefore, machine learning-based function modules can be added to intrusion detection systems to assist experts in accurately judging threat categories by analyzing the threat and learning its characteristics. In this paper, an ensemble learning scheme based on a revised random forest algorithm is proposed for a security monitoring system in the domain of renewable energy to categorize network threats in a network intrusion detection system. To reduce classification error for minority classes of experimental data in model training, the synthetic minority oversampling technique scheme (SMOTE) was formulated to re-balance the original data sets by altering the number of data points for minority class to imbue the experimental data set. The classification performance of the proposed classifier in threat classification when the data set is unbalanced was experimentally verified in terms of accuracy, precision, recall, and F1-score on the UNSW-NB15 and CSE-CIC-IDS 2018 data sets. A cross-validation scheme featuring support vector machines was used to compare classification accuracies.

Vulnerabilities caused by faulty settings of web application components

Any web application intrinsically consists of many components (bases, frameworks, loaders). Errors occurring in these components can have multiple implications and even a minor component can reduce the overall security of the application. The paper will be useful for both information security experts and casual users.

Information security governance in the electricity industry

Goal: This study aims to assess the importance and use of Information Security (IS) governance in the electricity industry and other segments, in order to propose IS governance guidelines for this industry.
 Design/methodology/approach: Literature review was made of scientific articles, frameworks and norms that supported the field research applied to managers, coordinators and experts from IS area, totaling 104 respondents from different countries. The data collected were analyzed by comparing the degree of importance with the use, and also by means of cross-analysis.
 Results: It was observed that most respondents agree with the importance of the themes approached, however, in practice, these concepts are not always used by the organization. Besides, it was observed that when security is directly responding for the high level of the organization, the maturity level is between optimized and managed. However, where security is subordinated to the technology area, the level appears with higher percentage, as repeatable.
 Limitations of the investigation: The sample size is a limiting factor as it was conditioned to questionnaire responses sent to IS experts through electronic means and social networks and it is not possible to generalize as the population size is not known.
 Practical implications: To assist the electricity industry in taking measures turned to IS governance, and, with that, increase consumer protection with regard to their classified data and the company’s reliability in power supply.
 Originality/value: The present research originality lies in the proposal of 10 IS governance guidelines obtained from the literature review and the field research applied to IS experts, aiming to raise, more and more, its level of maturity.

Information security vulnerability prediction based on business process model using machine learning approach

Identifying information security vulnerabilities of a new business process resulting from a business process redesign (BPR) must occur as early as possible. Organisations frequently initiate a BPR, and vulnerability identification that involves information security experts should follow. In developing countries, many organisations have insufficient experts, causing problems related to the experts’ workload. In this study, we propose a new method called Task-based Vulnerability Prediction (TbVP), which uses a machine-learning approach to predict information security vulnerabilities of the business process model. The method utilises the type and label of tasks in the model to predict vulnerabilities in implementing applications. Vulnerabilities data are taken from the Common Weakness Enumeration (CWE) dictionary. Our method consists of two main stages. First, we developed clusters using classification and clustering methods. Second, we built an automatic system to predict vulnerabilities using the clusters obtained from the first stage. Business processes of public universities were used as case studies to evaluate the method. We evaluated the automatic prediction system using the reliability test and comparing vulnerabilities our system predicted with actual vulnerabilities that materialised in the applications. The evaluation result shows that the system is a reliable predictor of application vulnerabilities, which our method can automatically predict based on a business process model, before implementing supporting applications.

Access to user data stored by organizations—divides surrounding information security professionals in Chinese IT organizations

With the rapid development of computer-based information systems in China, securing organizational systems as information assets is central to achieving a strategic advantage. Because information security (IS) experts with database access are the weakest link in the IS chain, scholarly contributions are needed in this important area. The interpretations of widespread data breaches committed by organizations’ information security experts have significant grounding. Drawing on social control theory, we propose a research framework to examine formal control, informal control, and self-control systems that can affect IS professionals’ perceptions and IS behaviors in Chinese IT organizations. We use in-depth interviews with IS professionals in Wuhan, Beijing, and Shenzhen to answer research questions relating to the research framework. The study’s primary contribution is to go beyond the extant IS research, which concentrates on sanction-based deterrence, and identify multiple dimensions rooted in social control perspectives. Based on interviews with practitioners and researchers, this study further advances our understanding of IS control deviance using information management and communication-related approaches.

Counteraction to information influence in social networking services by means of fuzzy logic system

The article describes a decision support system based on fuzzy inference aimed to automate the procedure of choosing a model of formalizing the interaction between actors in virtual communities of social networking services and synergistic management of such processes. The developed system aims to increase the effectiveness of counteracting threats to information security of the state in social networking services. The mathematical apparatus of the fuzzy set theory and the Mamdani algorithm are the basis for the functioning of the decision support system. The usage of the developed fuzzy inference system will remove the ambiguity of information security expertise in the course of choosing approaches to formalization and the model of synergistic management of actors’ interaction in the conditions of incomplete information and ambiguous assessment of the state information security threat in social networking services.

Chemical firms hit by cyberattacks

When hackers gain access to company networks, major real-world disruptions can ensue, as the recent ransomware attack on Colonial Pipeline showed. Chemical companies are not immune. Recent cyberattacks on Siegfried, Brenntag, and Symrise forced temporary halts in manufacturing and other operations while the firms investigated the breaches. The drug ingredient manufacturer Siegfried says it detected a malware attack May 21. In response, the Swiss company shut down production at multiple sites, cut off network connections, and scoured its information technology systems. Among other things, Siegfried packages the Pfizer-BioNTech COVID-19 vaccine. And just days after the May 7 attack on Colonial by DarkSide, information security experts reported that the chemical distributor Brenntag had also been a DarkSide victim. Lawrence Abrams, a malware specialist, wrote on the news site Bleepingcomputer.com that Brenntag had paid DarkSide a $4.4 million ransom in bitcoins to access company files that the hackers had encrypted and to