Increasing Security Awareness Research Articles

Cybersecurity Strategy in Financial Application Systems in the Era of Industrial Revolution 4.0

In the Industrial Revolution 4.0 era, the development of information technology has had a significant impact on financial application systems. Along with these advances, cybersecurity risks are also increasing. This journal aims to investigate and analyze effective cyber security strategies in financial application systems in the Industrial Revolution 4.0 era. This research methodology uses a quasi-qualitative research method. Through in-depth interviews, observations, and engaging in-depth literature surveys to understand current trends in cyber security, their application to the financial sector, cybersecurity challenges in financial application systems, and cyber security strategies. The research results show that robust cybersecurity requires a holistic approach includes protection of sensitive data, proactive threat monitoring and detection and efforts to increase security awareness among users and stakeholders. The implementation of artificial intelligence technology and big data analysis was also found to play an important role in improving the effectiveness of cybersecurity strategies. These findings contribute to further understanding of the cyber security strategies needed to maintain the integrity and sustainability of financial application systems in the Industrial Revolution 4.0 era. The practical implications of this research include guidance for financial organizations in developing and strengthening cybersecurity strategies to address evolving threats in the digital world

Security Awareness and Forensic Investigation of Junior Zenbo Robot

Recently, the Internet of Things (IoT) technology has played a crucial role in our daily lives. It ensures the automatic transfer and response between various smart devices. Likewise, it enhances connections within networks and provides access to different information and data, making our lives easier. The innovation of the humanoid robot, which utilizes IoT technology, positively impacts our daily activities in many ways. However, compromising these robots may raise privacy and security concerns. This work aims to increase security awareness for robot users by highlighting and conducting common possible cyberattacks on Junior Zenbo robots using open, unsecured ports and weak Wi-Fi security, leading attackers to gain unauthorized access. In addition, the study intends to provide a comprehensive forensic guide that has been illustrated, detailing major Zenbo robot artifacts that can support forensic examiners in their investigations.

Multifunctional Textiles with Flame Retardant and Antibacterial Properties: A Review.

It is well known that bacterial infections and fire-hazards are potentially injurious in daily life. With the increased security awareness of life and properties as well as the improvement of living standards, there has been an increasing demand for multifunctional textiles with flame retardant and antibacterial properties, especially in the fields of home furnishing and medical protection. So far, various treatment methods, including the spray method, the dip-coating method, and the pad-dry-cure method, have been used to apply functional finishing agents onto fabrics to achieve the functionalization in the past exploration stage. Moreover, in addition to the traditional finishing technology, a number of novel technologies have emerged, such as layer-by-layer (LBL) deposition, the sol-gel process, and chemical grafting modification. In addition, some natural biomasses, including chitin, chitosan (CS), and several synthetic functional compounds that possess both flame-retardant and bacteriostatic properties, have also received extensive attention. Hence, this review focuses on introducing some commonly used finishing technologies and flame retardant/antibacterial agents. At the same time, the advantages and disadvantages of different methods and materials were summarized, which will contribute to future research and promote the development and progress of the industry.

Cyber Literacy Skills of Estonians: Activities and Policies For Encouraging Knowledge-Based Cyber Security Attitudes

With the advent of COVID-19, people spent more time at home. Countries, societies, companies and individuals suddenly became dependent on cyberspace overnight. Work, shopping and leisure meant we became more than ever weak to the risks of cyberspace. The human factor makes people the “key” to otherwise technically hardly penetrable systems – criminals play on people’s greed, emotions, happiness, etc.
 It is no surprise that Estonians are more active daily internet users compared to the rest of the Europeans. But what is being done in Estonia at the national level, as well as in cyber protection organisational level, to raise the awareness of residents about cyber security? What else should be done to reduce victims among ordinary citizens and how to protect various important public and private organisations from the consequences of the cyber-risky behaviour of their employees? What is the role of libraries in promoting cyber security awareness? A human error is a central target of cyber attacks, phishing scams, and data breaches. Cyber criminals are becoming more and more inventive. It is important to understand that cyber security risks can be managed and mitigated, but not completely eliminated. Increasing security awareness is the only factor that can help limit breaches caused by human frailty.

Identification of Malicious Encrypted Traffic Through Feature Fusion

The popularity of encrypted communication has grown due to increased security awareness and rapid internet development. End-to-end encryption can prevent data attacks but also poses new cybersecurity threats. Thus, identifying malicious encrypted traffic is a focus of research in network behavior analysis and anomaly detection. Recently, deep learning has brought new directions for the development of traffic classification and anomaly detection. Based on deep learning technology, this paper starts from the two directions of data preprocessing and model selection, studies and analyzes multi-dimensional traffic characteristics and multi-granularity carrier characteristics, and proposes corresponding solutions, and finally designs and proposes a malware-oriented Identification scheme for encrypted traffic. This paper first proposes a malicious encrypted traffic identification scheme MET-FMF based on fine-grained multi-feature fusion. Two sets of comparative experiments were designed to compare the multi-dimensional traffic features and the multi-branch network model on the recognition results. The results show that the combination of three-dimensional traffic characteristics and three-branch network model has the best results, with an average accuracy rate of 95.08%.Finally, compared with other schemes, it is found that this scheme has multi-dimensional traffic feature extraction, multi-granularity carrier feature Features such as early session detection and end-to-end transferable learning.

Spatial Multi-Presence System to Increase Security Awareness for Remote Collaboration in an Extended Reality Environment

Enhancing the sense of presence of participants is an important issue in terms of security awareness for remote collaboration in extended reality. However, conventional methods are insufficient to be aware of remote situations and to search for and control remote workspaces. This study proposes a spatial multi-presence system that simultaneously provides multiple spaces while rapidly exploring these spaces as users perform collaborative work in an extended reality environment. The proposed system provides methods for arranging and manipulating remote and personal spaces by creating an annular screen that is invisible to the user. The user can freely arrange remote participants and their workspaces on the annular screen. Because users can simultaneously view various spaces arranged on the annular screen, they can perform collaborative work while simultaneously feeling the presence of multiple spaces and can be fully immersed in a specific space. In addition, the personal spaces where users work can also be arranged through the annular screen. According to the results of the performance evaluations, users participating in remote collaborative works can visualize the spaces of multiple users simultaneously and feel their presence, thereby increasing their understanding of the spaces. Moreover, the proposed system reduces the time to perform tasks and gain awareness of the emergency in remote workspaces.

FORENSIC ACCOUNTING AND AUDIT TO STRENGTHEN CORPORATE GOVERNANCE

Forensic accounting is a distinct specialized field of accounting. It is described as a dynamic and all-encompassing instrument for investigating financial fraud that includes a thorough review of records to support financial fraud and serves as supporting documentation in legal proceedings. It involves applying scientific knowledge to legal proceedings and tries to use accounting reports for legal reasons to survive legal scrutiny for criminal prosecution. It has been determined that internal and statutory audit systems are insufficient to prevent frauds, and it is urgently necessary to redefine the function of auditors. As a result, forensic audit is expected to grow dramatically. This paper is descriptive and qualitative in nature and is based on secondary sources of data. It clarifies the idea and application of forensic accounting and recognises its significance in corporate governance. The Forensic Audit Investigation Methodology has been discussed and the regulatory stance on Forensic Audit in India has been elaborated. It also identifies the difficulties in implementing Forensic Accounting in India. The use of forensic auditing as a preventative measure has given management and regulators access to intricate financial concealment. Since stakeholders have grown to comprehend the significance of forensic audit and recognise its relevance, a regular procedure is now employed to preserve an entity's operational accuracy and managerial effectiveness. The forensic audit should be made mandatory in order to stop scams before they start and increase security awareness to fight fraud. India's financial sector reforms are intended to increase its versatility, efficiency, and competitiveness.

Assessment of Various Scheduling and Load Balancing Algorithms in Integrated Cloud-Fog Environment

Background: It is required to design a suitable scheduling algorithm that enhances the timely execution of goals such as load distribution, cost monitoring, and minimal time lag to react, increased security awareness, optimized energy usage, dependability, and so on. In order to attain these criteria, a variety of scheduling strategies based on hybrid, heuristic, and meta-heuristic techniques are under consideration. Objective: IoT devices and a variety of network resources make up the integrated cloud-fog environment. Every fog node has devices that release or request resources. A good scheduling algorithm is required in order to maintain the requests for resources made by various IoT devices. Method: This research focuses on analysis of numerous scheduling challenges and techniques employed in a cloud-fog context. This work evaluates and analyses the most important fog computing scheduling algorithms. Results: The survey of simulation tools used by the researchers is done. From the compared results, the highest percentage in the literature has 60% of scheduling algorithm which is related to task scheduling and 37% of the researchers have used iFogSim simulation tool for the implementation of the proposed algorithm defined in their research paper. Conclusion:: The findings in the paper provide a roadmap of the proposed efficient scheduling algorithms and can help researches to develop and choose algorithms close to their case studies.

2 Years in the anti-phishing group of a large company

The email threat landscape is constantly evolving and hence difficult to counteract even by carrier-grade spam filters. Dangerous spam emails may thus reach the users and then result in damaging attacks spreading through the corporate network. This paper describes a collaborative approach for early detection of malicious spam emails and its application in the context of large companies. By the joint effort of the employees and the security analysts during the last two years, a large dataset of potentially malicious spam emails has been collected with each email being labeled as critical or irrelevant spam. By analyzing the main distinguishing characteristics of dangerous emails, a set of both traditional and novel features was identified and then tested and optimized by applying common supervised machine learning classifiers. The obtained massive experimental results show that Support Vector Machine and Random Forest classifiers achieve the best performance, with the optimized feature set of only 36 features achieving 91.6% Recall and 95.2% Precision. These results, confirmed by a large empirical experiment conducted on 40,000+ company employees, led to the re-engineering of the email threat management process to ensure a high level of security in the company, as well as an increased security awareness of all company employees.

The Educational Role of the Family in Enhancing the Intellectual Security of Children

Family is the fundamental unit in building strong and cohesive societies. Therefore, it is essential to provide the family with a range of mechanisms and skills that help to fulfill its mandated role by immunizing its children from destructive beliefs. Thereby, the family plays a pivotal role in embodying what is known as intellectual security in society, which is a key factor in flourishing society's progress and prosperity. In addition, It plays a decisive role in society cohesion and pursuit to achieve intellectual security to its children. Therefore, this study aims to investigate the educational role of the family in enhancing the intellectual security of the children in the Saudi society. The sample consisted of (336) parents, aged between (30-60 years), (mean = 44.04, S.D. =7.42) living in Saudi Arabia. We used the questionnaire developed by researchers, consisting of (36) phrases distributed in three dimensions. The results indicated that the role of parents was in a high level in all dimensions of the questionnaire, Especially, Religious and moral dimension. In addition, Data analysis shows the importance of the educational role of the family in reinforcing the intellectual security of its children in the Saudi society. Based on these results, this study demonstrated the importance of encouraging responsible persons to consider this vital issue with great interests and awareness, and provide full support to Saudi families, helping them to achieve the intellectual security for their children, by increasing security awareness and explaining the dangers of extremism and terrorism to the security. Furthermore, strengthen the intellectual programs, and reduce the obstacles faced by families, and its negative consequences for society.

Integration of TOGAF 9.1 ADM in Enterprise Architecture Smart City Design in the Tourism Domain with ISO 27001

The purpose of this research is to create an enterprise architecture design smart city that has a high-security system in the tourism domain that includes smart experiences, smart destinations, and smart business ecosystems. The method used in this research was integrating ISO 27001 as an international information security standard on the TOGAF 9.1 ADM used as a framework for designing enterprise architecture. The result of design can improve Quality Assurance (QA) of the IT information security system, increase IT and business alignment and increase security awareness among government, tourists, industries, and the local community. Business Architecture focuses on centralized coordination by the board and evaluation of the performance of tourism stakeholders; Analysis results of data collection into information and useful on architecture or stakeholders; while application architecture has a focus on developing applications for tourists, business entities, and government monitoring; The technology architecture as the supports to the implementation of research with a data center, cloud service, and transaction interface that is given NFC technology. The result of this research is a smart city enterprise architecture design with a tourism domain that can be implemented in a smart city area and has a security system architecture after phase D of Requirements Management TOGAF 9.1 ADM with a higher security level.

Machine Learning Based Framework for Vehicle Make and Model Recognition

Nowadays, the speedy increase with in the rage of the automobiles on the main road and urban roads have created several challenges regarding the proper management and management of traffic. This is a very significant framework for intelligent traffic monitoring and management. Vehicle analysis is an important component for many smart applications, that includes automated toll collection, self-guided car driver assistance systems, smart car parking systems. In a recent years, due to increased security awareness in parking lots, restricted areas and building for access control systems, the need to identify and classify the vehicles has become important.

A modular framework for mobile security analysis

ABSTRACT This paper presents an innovative framework for the analysis of Mobile Applications, with specific emphasis on partial automation. Our methodology is based on a combination of static and dynamic analysis, allowing for increased overall accuracy. We adopted the OWASP “Mobile top 10” document as a guideline and a source for vulnerability relevance and statistics. The work has led to the development of a modular Framework, where each module aims at analyzing a specific vulnerability. The framework is multi-platform and allows to perform analyses on both Android and iOS devices. It also offers a graphical interface where the results of the analysis are reported. The implemented modules have focused, for the time being, on the analysis of Android applications, on the areas related to Data Storage and Network Communication, and on the Android Manifest. With the help of this framework, we have analyzed about 105 apps collected from the Google Play Store, for a number of different domains. In particular, we considered the apps that could collect and manage sensitive data, such as payment and banking data. The experimental results show that the framework is effective and accurate, and the set of discovered vulnerabilities suggest that it is necessary to increase security awareness not only for developers but also for users.

Do Reputational Sanctions Deter Negligence in Information Security Management? A Field Quasi‐Experiment

Security negligence, a major cause of data breaches, occurs when an organization's information technology management fails to adequately address security vulnerabilities. By conducting a field quasi‐experiment using outgoing spam as a focal security issue, this study investigates the effectiveness of reputational sanctions in reducing security negligence in a global context. In the quasi‐experiment, a reputational sanction mechanism based on outgoing spam was established for four countries, and for each country, reputational sanctions were imposed on the 10 organizations with the largest outgoing spam volumes—that is, these organizations were listed publicly. We find that because of our reputational sanction mechanism, organizations in the four countries, including those that were not listed, reduced outgoing spam significantly compared to those in similar countries. Within each country, the listed organizations, whose reputations were actually sanctioned, reduced spam to a greater extent than those that were not listed. The spam reduction in the not‐listed organizations is mainly driven by increased security awareness, while the reduction in the listed organizations is primarily due to reputation effect. Among the listed organizations, those ranked lower were more responsive to the reputational sanctions. Moreover, we find that reputational sanctions have a stronger effect on large organizations and important organizations that provide network access and transit to others.

Anti-Phishing Game Framework to Educate Arabic Users: Avoidance of URLs Phishing Attacks

Objectives: The main objective of this study is to address poor security awareness regarding phishing attack in Middle East by developing anti-phishing educational game to educate Arabic users about phishing URLs. Methods/statistical analysis: We start by identifying phishing site URL attributes that help identify phishing sites. Then, we followed a well-established game design framework (EDPE) to develop our anti-phishing game. We performed a study on 56 participants using pretest and post-test technique to assess the level of phishing awareness among participants before playing the game and after playing the game. We used paired t-test and one-way analysis of variance (ANOVA) statistical analysis to identify to what extent anti-phishing game could help users identify and avoid phishing attacks. Findings: The results obtained from pretest proved the clam that security awareness in Arabic region is still immature. While the results obtained from post-test prove that serious educational games in Arabic language could be used to educate Arabic users about security concepts and increase security awareness. In addition, the results reflect that employees need more training (as their performance were the lowest among different demographic participants) to help them correctly identify phishing sites. Moreover, by inspecting participants’ responses, we identified that similar and deceptive domains, is the hardest URL phishing category to be correctly identified by users. So, we should pay more attention to this category while performing users training. Application/improvements: Our anti-phishing game is the first security educational game in Arabic language. It proves the effectiveness of serious games as a training tool. It is a step towards raising security awareness in Arabic region.Keywords: Anti-Phishing, Attack, Arabic, Game, Framework

Prevention of Ransomware Attacks by Increasing Security Awareness

Abstract There is a strong relationship between groups of users who don’t use anti-virus and those who don’t backup their data, meaning that a similar proportion of users don't use either of these two means of protection. In case of users who lack knowledge in informatics there is an increase in the number of virus attacks; these users are more likely to not use anti-virus and neglect to back up their data. For digital systems, users who are – based on our classification – in a lower rank, represent increased risk based on the number of the occurred virus attacks. For every user group there is a need for continuous and repeated safety awareness training to reach and retain a high safety level/

Keep an eye on your personal belongings! The security of personal medical devices and their ecosystems.

Today, personal medical devices (PMDs) play an increasingly important role in healthcare ecosystems as patient life support equipment. As a result of technological advances, PMDs now encompass many components and functionalities that open the door to a variety of cyber-attacks. In this paper we present a taxonomy of ten widely-used PMDs based on the five diseases they were designed to treat. We also provide a comprehensive survey that covers 17 possible attacks aimed at PMDs, as well as the attacks' building blocks. For each PMD type, we create an ecosystem and data and attack flow diagram, which comprehensively describes the roles and interactions of the players associated with the PMD and presents the most vulnerable vectors and components within the PMDs' ecosystems; such knowledge can increase security awareness among PMD users and their healthcare providers. We also present the basic, yet important, building blocks that constitute the steps by which each of the attacks presented is carried out. Doing so allowed us to establish the foundations for the future development of a novel risk analysis methodology for medical devices. For each attack we mapped the building blocks required to carry out the attack and found that 50% of the attacks rely upon the ability to remotely connect to the PMD, while 61% of them rely on the physical proximity of the attacker to the PMD. Finally, by surveying 21 existing security mechanisms and mapping their coverage for the attacks, we identify the gaps between PMDs' security mechanisms and the possible attacks. We show that current security mechanisms generally fail to provide protection from all of the attacks against PMDs and suggest the development of a comprehensive framework to secure PMDs and protect the patients that rely upon them.

Automatic Intent-Based Secure Service Creation Through a Multilayer SDN Network Orchestration

Growing traffic demands and increasing security awareness are driving the need for secure services. Current solutions require manual configuration and deployment based on the customer's requirements. In this work, we present an architecture for an automatic intent-based provisioning of a secure service in a multilayer - IP, Ethernet, and optical - network while choosing the appropriate encryption layer using an open-source software-defined networking (SDN) orchestrator. The approach is experimentally evaluated in a testbed with commercial equipment. Results indicate that the processing impact of secure channel creation on a controller is negligible. As the time for setting up services over WDM varies between technologies, it needs to be taken into account in the decision-making process.

Fast Automated Processing and Evaluation of Identity Leaks

The relevance of identity data leaks on the Internet is more present than ever. Almost every week we read about leakage of databases with more than a million users in the news. Smaller but not less dangerous leaks happen even multiple times a day. The public availability of such leaked data is a major threat to the victims, but also creates the opportunity to learn not only about security of service providers but also the behavior of users when choosing passwords. Our goal is to analyze this data and generate knowledge that can be used to increase security awareness and security, respectively. This paper presents a novel approach to the processing and analysis of a vast majority of bigger and smaller leaks. We evolved from a semi-manual to a fully automated process that requires a minimum of human interaction. Our contribution is the concept and a prototype implementation of a leak processing workflow that includes the extraction of digital identities from structured and unstructured leak-files, the identification of hash routines and a quality control to ensure leak authenticity. By making use of parallel and distributed programming, we are able to make leaks almost immediately available for analysis and notification after they have been published. Based on the data collected, this paper reveals how easy it is for criminals to collect lots of passwords, which are plain text or only weakly hashed. We publish those results and hope to increase not only security awareness of Internet users but also security on a technical level on the service provider side.

User practice in password security: An empirical study of real-life passwords in the wild

Due to increasing security awareness of password from the public and little attention on the characteristics of real-life passwords, it is thus natural to understand the current state of characteristics of real-life passwords, and to explore how password characteristics change over time and how earlier password practice is understood in current context. In this work, we attempt to present an in-depth and comprehensive understanding of user practice in real-life passwords, and to see whether the previous observations can be confirmed or reversed, based on large-scale measurements rather than anecdotal knowledge or user surveys. Specifically, we measure password characteristics on over 6 million passwords, in terms of password length, password composition, and password selection. We then make informed comparisons of the findings between our investigation and previously reported results. Our general findings include: (1) average password length is at least 12% longer than previous results, and 75% of our passwords have the length between 8 and 10 characters; (2) there is a significant increase of using only numbers as passwords, and easy-to-reach symbols are always the first choice when users added symbols into passwords; (3) there observes a remarkable increase (about 40%) of using combo-meaningful data as passwords, and a striking proportion of using the most common passwords or login names as passwords. Our investigation also includes collecting statistics about the use of symbols, letter-case, and meaningful details, which presents a systematic analysis of password usage. The comparative results indicate that the password characteristics and password practice on this massive password data set are somewhat inconsistent with those from anecdotal knowledge and user surveys, and exhibit a substantial change over time in some ways. Further research needs to build upon this understanding for gaining insight into how password security can be improved.