Information Security Breaches Research Articles

Exploring Libyan Higher Education Institutions Employees’ Information Security Policy Awareness

Incidents of data breach in higher education could harm students since the exposure of sensitive student data (e.g., social security numbers) could twist students into victims of identity theft and endanger their identities. Regrettably, while most of the developed countries have standard information security laws apply to higher education institutions, such laws are still in its infant stage in developing countries like Libya. However, there are established policies documented by Libyan authorities to guide employees against information security breach, yet existing higher education institutions’ information security awareness models did not investigate these policies into the awareness programs. Consequently, employees will rely on policies that can subvert the security best practice. This study aimed to explore the level of understanding of Libyan information security policies among employees of higher education institutions. The quantitative technique is applied in this research, 196 employees of Libyan higher education institutions were randomly surveyed to respond to Linker information security policy awareness questionnaire. Using SPSS statistics tools, a descriptive analysis of the data is achieved. The findings of the study revealed that employees of Libyan higher education institutions are much aware of Internet Usage and Workstation security policies.

Formation of Models for Registering Systemic Processes in The Digital Educational Environment of the University Based on Log File Analysis

It has been demonstrated that technologies and methods of intelligent data analysis (IDA) in the educational domain, particularly based on the analysis of digital traces (DT) of students, offer substantial opportunities for analyzing student activities. Notably, the DT of students are generated both during remote learning sessions and during blended learning modes. By applying IDA methods to DT, one can obtain information that is beneficial for both the educator in a specific discipline and for the educational institution's management. Such information might pertain to various aspects of the functioning of the digital educational environment (DEE) of the institution, such as: the student's learning style; individual preferences; the amount of time dedicated to a specific task, among others. An algorithm has been proposed for constructing a process model in the DEE based on log analysis within the DEE. This algorithm facilitates the description of a specific process in the DEE as a hierarchy of foundational process elements. Additionally, a model based on cluster analysis methods has been proposed, which may prove beneficial for analyzing the registration logs of systemic processes within the university's DEE. Such an analysis can potentially aid in detecting anomalous behavior of students and other individuals within the university's DEE. The algorithms proposed in this study enable research during log file analysis aimed at identifying breaches of information security within the university's DEE.

Electronic footprint analysis and cluster analysis techniques for information security risk research of university digital systems

In the article there are presented results of the study of the state of user competencies for different specialties of the university digital educational environment (UDEE) on issues related to information security (IS). The methods of cluster analysis and analysis of digital (electronic) traces (DT) of users are used. On the basis of analyzing the DTs of different groups of registered users in the UDEE, 6 types of users are identified. These types of users were a result of applying hierarchical classification and k-means method. Users were divided into appropriate clusters according to the criteria affecting IS risks. For each cluster, the UDEE IS expert can determine the probability of occurrence of high IS risk incidents and, accordingly, measures can be taken to address the causes of such incidents. The algorithms proposed in this study enable research during log file analysis aimed at identifying breaches of information security within the university's DEE.

PUBLIC DISCLOSURE OF INFORMATION SECURITY BREACH INCIDENTS: SHORT-TERM STOCK MARKET REACTION ON INDIAN LISTED FIRMS

ABSTRACT Data breach incidents are growing by the day and firms struggle to detect, defend, and respond to such breaches. Nowadays, security breaches are considered one of the major concerns for corporate organizations around the world. Hence, it is essential to assess the impact of such breaches on organizations. This article reports stock price reaction due to public disclosure of information security breach (ISB) incidents on publicly traded firms of India. Using the event study methodology on a sample of 120 publicly announced ISB incidents between January 2004 and April 2019 pertaining to 69 publicly listed firms of India, we found that exposure to an ISB incident exacerbates negative stock price reactions based on both one-factor market model and Fama-French three-factor model. On average, breached firms lost 0.55% of their market value within two days post the announcement of ISB incidents. Further, we found some factors that significantly negatively impacted Cumulative Abnormal Return (CAR). Important emerging factors such as type of compromised data, sentiment, subjectivity, and remedial strategy significantly impact CAR. According to our study findings, we suggest that firms should mention remedial measures in terms of apology and/or compensation in the ISB disclosure. Furthermore, the result indicates that investors penalize listed firms for subsequent ISB incidents. Thus, our findings may guide Chief Information Officers (CIOs), information security managers, and IT managers of publicly traded firms to devise various strategies in terms of IT security measures and content of the ISB disclosure.

Video Forgery Detection with Deep Learning Using RESNET and CNN Algorithm

Video forgery is continuously increasing in the digital world due to breaches of information security, consequently establishing a scenario for image and video content monitoring for forgery identification. The spread of fake videos raises security risks and anarchy in society. The reason for video forgery is to the augmentation in the malware, which has facilitated user (anyone) to upload, download, or share objects online comprising audio, images, or video. With the development of technology and ease of creation of fake content, the manipulation of media is carried out on a large scale in recent times. Video forgery detection has applications in media science, forensic analysis, digital investigations, and authenticity verification of a video. The purpose of video forensic technology is to extract features to distinguish fake content frames from original videos.

Does intellectual capital curb the long-term effect of information security breaches on firms’ market value?

Does intellectual capital curb the long-term effect of information security breaches on firms’ market value?

Filtering and Detection of Real-Time Spam Mail Based on a Bayesian Approach in University Networks

With the advent of digital technologies as an integral part of today’s everyday life, the risk of information security breaches is increasing. Email spam, commonly known as junk email, continues to pose a significant challenge in the digital realm, inundating inboxes with unsolicited and often irrelevant messages. This relentless influx of spam not only disrupts user productivity but also raises security concerns, as it frequently serves as a vehicle for phishing attempts, malware distribution, and other cyber threats. The prevalence of spam is fueled by its low-cost dissemination and its ability to reach a wide audience, exploiting vulnerabilities in email systems. This paper marks the inception of an in-depth investigation into the viability and potential implementation of a robust spam filtering and prevention system tailored explicitly to university networks. With the escalating threat of email-based hacking attacks and the incessant deluge of spam, the need for a comprehensive and effective defense mechanism within academic institutions becomes increasingly imperative. In exploring potential solutions, this study delves into the applicability and efficacy of Bayesian filters, a class of probabilistic classifiers renowned for their aptitude in distinguishing between legitimate emails and spam messages. Bayesian filters utilize statistical algorithms to analyze email content, learning patterns and features to accurately categorize incoming emails.

An Investigation of the Factors That Influence Information Security Culture in Government Organizations in Bhutan

ABSTRACT Organizations make large investments to secure data and networks, but information security breaches as a result of insiders continue to rise. One possible contributor to this is poor information security culture. This study investigated the key factors that contribute to effective information security culture in government organizations in Bhutan and how information security culture influences employee security behavior. A research model was developed for the study based on an analysis of the information security literature. Data was collected using an online survey of 181 government employees. Senior management support, information security policy, training and awareness campaigns, interpersonal trust, and job- versus employee-oriented organizational culture were all found to influence information security culture, and information security culture contributed to information security behavior. The study extends understanding of the roles of trust and different dimensions of organizational culture in improving information security culture and behavior. The findings should help government policy makers and information security practitioners when developing information security strategies and programs.

ALGORITHM FOR INCREASING PERSONAL DATA PROTECTION EFFICIENCY DUE TO COMBINATION OF THREAT AND SECURITY VIOLATOR MODELS

Statistics of information security breaches show that information compromise is one of the most frequent security violations, and almost half of them are aimed at acquiring personal data. Since companies suffer significant financial losses, lose customers and their reputation due to the leakage of personal data, it is this category of data that requires particularly reliable and effective protection. It has been established that for the effective protection of personal data processed in information and communication systems, it is necessary to implement a complex of normative-legal, organizational, engineering-technical and software-hardware measures. The basic principles of the regulatory and legal protection of personal data in Ukraine, which obliges enterprises, organizations and institutions that own or dispose of personal data, to ensure their proper protection, are considered. The paper analyzes the existing models of threats to personal data and data security tools, in particular the requirements for their formation, elements, factors and characteristics that must be considered during modeling. Based on the obtained results, an algorithm for improving the efficiency of personal data protection in ICS is proposed, which, thanks to the combination of threat and security violator models, has a synergistic effect and leads to an increase in the quality of data protection indicators. Achieving a synergistic effect on increasing the efficiency of personal data protection creates advantages of the presented model in comparison with existing models and algorithms. Recommendations for organizations and individuals on improving the efficiency of personal data protection in ICS are also presented, constant compliance with which will help reduce the number of incidents related to the compromise of personal information.

Peer governance effects of information security breaches

Peers' information security risks may have sent negative signals to the market, thus forcing firms to strengthen their internal control governance. Solow's paradox, however, suggests that when information technology (IT) investment does not reach equilibrium, firms may still blindly increase IT investment while neglecting information security management. Using the unique information security breaches data released by the China National Information Security Vulnerability Database (CNVD), we find that the peers' information security breaches have a governance effect on firm internal control. The underlying mechanism is that peer information security breach increases the cost of proprietary information and reputation maintenance. In addition, we find that the above peer governance effects are more significant in samples with higher agency conflicts, high-tech industries, and higher supply. Further, our further analysis also shows that the peer governance effects of information security breaches positively affect firms' investment efficiency. Overall, our findings verify the peer governance effects of the information security breaches.

Modified Caesar Cipher and Card Deck Shuffle Rearrangement Algorithm for Image Encryption

ABSTRACT In today's social networking era, information security breaches are at an all-time high, especially when it comes to texts and images, which should come as no surprise. Integrity is therefore crucial for information sharing over an unprotected connection. As a result, image/text encryption is a crucial preprocessing step in today's information transmission. Sensitive information may be sent via image encryption, which facilitates a variety of procedures. Here the proposed method is a combination of the Modified Caesar Cipher and the Card Deck Shuffle Algorithm for image encryption. The Card Deck Shuffle Algorithm rearranges the pixels from the result of the Modified Caesar approach, which encrypts the pixel value of each image. The method employs an n + 8 variable bit key (n is frequently more than 18 in real-world applications), which needs more than 2 26 brute force attacks to be successful. The method described here may be used to secure images in a variety of multimedia applications.

Leveraging Taxonomical Engineering for Security Baseline Compliance in International Regulatory Frameworks

A surge in successful Information Security (IS) breaches targeting Research and Education (R&E) institutions highlights a pressing need for enhanced protection. Addressing this, a consortium of European National Research and Education Network (NREN) organizations has developed a unified IS framework. This paper aims to introduce the Security Baseline for NRENs and a security maturity model tailored for R&E entities, derived from established security best practices to meet the specific needs of NRENs, universities, and various research institutions. The models currently in existence do not possess a system to smoothly correlate varying requirement tiers with distinct user groups or scenarios, baseline standards, and existing legislative actions. This segmentation poses a significant hurdle to the community’s capacity to guarantee consistency, congruency, and thorough compliance with a cohesive array of security standards and regulations. By employing taxonomical engineering principles, a mapping of baseline requirements to other security frameworks and regulations has been established. This reveals a correlation across most regulations impacting R&E institutions and uncovers an overlap in the high-level requirements, which is beneficial for the implementation of multiple standards. Consequently, organizations can systematically compare diverse security requirements, pinpoint gaps in their strategy, and formulate a roadmap to bolster their security initiatives.

Challenges and Opportunities in Password Management: A Review of Current Solutions

For over six decades, passwords have served as the primary authentication mechanism for almost all modern computer systems. However, password management is a challenging task for most computer users, and that has led users to many malpractices that open the door for most information security breaches over time. Despite many efforts, no alternative solution has ever succeeded in replacing passwords as the primary authentication mechanism. As a result, users are now heavily relying on password managers to alleviate the burden of manual password management. This paper addresses the topic of password management about different types of password managers and their inherent limitations. By evaluating the existing password management approaches and identifying potential improvements, this paper aims to signify an important research gap that exists in the study area; the need for fully automating the process of manual password management.

Security Baseline for Substation Automation Systems.

The use of information technology and the automation of control systems in the energy sector enables a more efficient transmission and distribution of electricity. However, in addition to the many benefits that the deployment of intelligent and largely autonomous systems brings, it also carries risks associated with information and cyber security breaches. Technology systems form a specific and critical communication infrastructure, in which powerful control elements integrating IoT principles and IED devices are present. It also contains intelligent access control systems such as RTU, IDE, HMI, and SCADA systems that provide communication with the data and control center on the outer perimeter. Therefore, the key question is how to comprehensively protect these specialized systems and how to approach security implementation projects in this area. To establish rules, procedures, and techniques to ensure the cyber security of smart grid control systems in the energy sector, it is necessary to understand the security threats and bring appropriate measures to ensure the security of energy distribution. Given the use of a wide range of information and industrial technologies, it is difficult to protect energy distribution systems using standard constraints to protect common IT technologies and business processes. Therefore, as part of a comprehensive approach to cyber security, specifics such as legislative framework, technological constraints, international standards, specialized protocols or company processes, and many others need to be considered. Therefore, the key question is how to comprehensively protect these specialized systems and how to approach security implementation projects in this area. In this article, a basic security concept for control systems of power stations, which are part of the power transmission and distribution system, is presented based on the Smart Grid domain model with emphasis on substation intelligence, according to the Purdue model. The main contribution of the paper is the comprehensive design of mitigation measures divided into mandatory and recommended implementation based on the standards defined within the MITRE ATT&CK matrix specified, concerning the specifications of intelligent distribution substations. The proposed and industry-tested solution is mapped to meet the international security standards ISO 27001 and national legislation reflecting the requirements of NIS2. This ensures that the security requirements will be met when implementing the proposed Security Baseline.

Examining sharing economy operations: A process perspective

<scp>Examining sharing economy operations</scp>: A <scp>process perspective</scp>

A systematic literature review of cybersecurity scales assessing information security awareness

Information Security Awareness (ISA) is a significant concept that got considerable attention recently and can assist in minimizing the risks associated with information security breaches. Several measurement scales have been developed in this regard, as measuring users’ ISA is paramount. Although ISA specific scales are very important, yet what methodological rigor they use in terms of initial conceptualization of ISA, data collection and analysis during the development, and scale validation of such scales are some unknown aspects. Therefore, we provide a comprehensive review of the existing ISA specific scales to address all the above concerns. A popular method, PRISMA, is utilized, and a total of 24 articles that match with criteria of this research are included for the final in-depth analysis. Also, a holistic evaluation framework is developed containing three phases and 19 criteria. Findings revealed that most studies treat ISA as a multi-dimensional construct, and ISA researchers rarely conduct both pilot testing and pre-text evaluation while validating and refining the initial scales. Additionally, several articles did not report some of the essential elements used for checking the rigor of factor analysis, and evidence for validities of the identified scales is inadequate. Consequently, existing ISA specific scales must be improved both in terms of the methodological thoroughness of the scale development procedure and their validities. Moreover, not only justifying why the development of a new scale is necessary, but also improving the quality of the existing scales by doing multiple iterations is significant in the future. Likewise, the inclusion of all the dimensions of ISA, while generating the initial items pool is an important aspect to be considered. A thorough discussion, recommendations for future research, conclusions, and study limitations are provided.

Design &amp; analysis of novel IT security framework for overcoming data security &amp; privacy challenges

IT security has always been a major concern for all organizations, especially after the rise in IT Integration amongst all processes, Post pandemic this has become a bigger issue than earlier. The organizations are growing also with IT Integration the negative impact of information related risk incidents are also increasing worldwide. There are several IT Risk Assessment Frameworks in use to address information security assaults, vulnerabilities, threats, and breaches, including ISO 270001/27005. COBIT, NIST SP- 800/53 etc, though following and implementation of these protocols, still organizations face challenges of IT risk, which may involve an asset or information. The biggest challenge is the data Security or privacy. Based on survey data, this study evaluates the majority of the current IT risk management frameworks and makes an effort to pinpoint any shortcomings in them. Based on the analysis done, a new IT Security framework is proposed and implemented in two organizations for its detailed analysis and validations with the existing models For the Risk Assessment of the same organization new technique for IT Risk Assessment is also proposed.

Information Security Breach Events and Stock Market Reactions: A Meta-Analysis

Information Security Breach Events and Stock Market Reactions: A Meta-Analysis

Factors Affecting Information Security and the Implementation of Bring Your Own Device (BYOD) Programmes in the Kingdom of Saudi Arabia (KSA)

In recent years, desktop computer use has decreased while smartphone use has increased. This trend is also prevalent in the Middle East, particularly in the Kingdom of Saudi Arabia (KSA). Therefore, the Saudi government has prioritised overcoming the challenges that smartphone users face as smartphones are considered critical infrastructure. The high number of information security (InfoSec) breaches and concerns has prompted most government stakeholders to develop comprehensive policies and regulations that introduce inclusive InfoSec systems. This has, mostly, been motivated by a keenness to adopt digital transformations and increase productivity while spending efficiently. This present study used quantitative measures to assess user acceptance of bring your own device (BYOD) programmes and identifies the main factors affecting their adoption using the unified theory of acceptance and use of technology (UTAUT) model. Constructs, such as the perceived business (PT-Bs) and private threats (PT-Ps) as well as employer attractiveness (EA), were also added to the UTAUT model to provide the public, private, and non-profit sectors with an acceptable method of adopting BYOD programmes. The factors affecting the adoption of BYOD programmes by the studied sectors of the KSA were derived from the responses of 857 participants.

Cyberterrorism Using Smart Phones

The explosive expansion of smart phones causes massive information security breaches. Smart phones are tempting targets and elements for attackers due to their popularity and lax security [6]. Government of Ghana should make a determined effort to promote youth awareness and foster patriotism. Multi-agency counter-cyber operations and techniques should also be included in a nation-wide strategy curtail this menace. This paper seeks to explore cyberterrorism using smart phones and counter measures in Ghana.