Information Security Research Articles

Information Technology Governance Using the COBIT 2019 Framework at PT Bank Pembangunan Daerah Papua

Effective and efficient information technology (IT) management is crucial for the banking industry, especially for PT Bank Pembangunan Daerah Papua (BPDP), which seeks to reinforce its role within the Papua region. Leveraging the COBIT 2019 framework, BPDP aims to enhance IT governance, addressing operational efficiency, information security, and regulatory compliance. This study highlights BPDP's strategic priorities, such as revenue growth, fostering innovation, and customer service excellence, which are essential for sustaining competitive advantage amidst regional geopolitical challenges. By identifying these key priorities, the research uncovers critical areas of improvement, including IT investment optimization, mitigation of regulatory and security risks, and solidifying IT's strategic role in driving business growth. To evaluate BPDP's IT governance maturity, this study applies COBIT 2019's ten design factors, from enterprise goals and risk profiles to IT-related issues, compliance needs, and technology adoption strategies. The findings underscore gaps in risk management, project lifecycle oversight, and resource allocation, offering actionable insights for governance improvement. Enhanced IT integration can support BPDP's larger objectives of sustainable growth and economic development within the region. Furthermore, the study demonstrates that a well-structured governance framework strengthens BPDP's operational efficiency, builds customer trust, and ensures alignment with regulatory standards and evolving technology landscapes. By adopting these governance recommendations, BPDP can achieve long-term success and secure its position as a prominent financial institution in Papua, thus reinforcing its commitment to regional economic growth and compliance with national regulatory standards.

Implementation of controlled unitary gates and its application in a remote-controlled quantum gate

Recently, remote-controlled quantum information processing has been proposed for its applications in secure quantum processing protocols and distributed quantum networks. For remote-controlled quantum gates, the experimental realization of controlled unitary (CU) gates between any quantum gates is an essential task. Here, we propose and experimentally demonstrate a scheme for implementing CU gates between any pair of unitary gates using the polarization and time-bin degrees of freedom of single photons. Then, we experimentally implement remote-controlled single-qubit unitary gates by controlling either the state preparation or measurement of the control qubit with high process fidelities. We believe the proposed remote-controlled quantum gate model can pave the way for secure and efficient quantum information processing.

Exploration of Factors Affecting Pro-social Intention to Disclose Information in Healthcare Settings

This study investigated the relationships of situational factors, motivational assessment–related factors, and situationally induced personal characteristics with pro-social intention to disclose patient information among health and medical students. In total, 210 students from Konyang University participated in the survey, including 116 medical students and 94 other health students. To measure the influence of variables on pro-social intention to disclose information related to health information security, a 27-item questionnaire was used. The reliability of the survey was shown by Cronbach’s α values of 0.859 to 0.917. According to students’ perceptions, higher disease severity was significantly related to higher impacts on the patient, family, and themselves (p<0.01), as well as higher situational empathy (p<0.05). Pro-social intention to disclose showed negative correlations with health information security awareness, information education experience, perceived impact on the self, responsibility to disclose, and personal norms (r=-0.136 to -0.647, p<0.05). Responsibility to disclose and situational empathy explained approximately 44% of the variance in pro-social intention to disclose. Additionally, students who received information security training perceived a significantly higher responsibility to disclose, exhibited higher health information security awareness, and had lower pro-social intention to disclose. This study confirmed the need for information security education for health and medical students, and suggested that pro-social characteristics such as empathy and responsibility need to be carefully addressed in information security education.

How About Enhancing Organizational Security

Despite its importance, there is little research on how organizations perceive information security management. This study classified critical success factors in information security management at the organizational level. A performance model was designed to empirically test the validity of these factors. Data were collected through an online questionnaire from prominent information technology managers and specialists who worked in Saudi organizations and contributed to decision making about information security. The data were analyzed using structural equation modeling. The selected constructs—business alignment, top management support, information security awareness, and security controls—appeared to significantly influence information security management, with the balanced scorecard shown as an effective way of measuring performance.

Automated production of batched unclonable micro-patterns anti-counterfeiting labels with strong robustness and rapid recognition speed

Anti-counterfeiting technologies are indeed crucial for information security and protecting product authenticity. Traditional anti-counterfeiting methods have their limitations due to their clonable nature. Exploring new technologies, particularly those based on pixel-level textures, is a promising avenue to address the clonable issue due to high encoding capacity. However, research in this field is still in its early stages. This work introduces a new fluorescent anti-counterfeiting label technology with four key characteristics: efficient laser etching, high-throughput fabrication and segmentation, robustness aided by data augmentation, and an exceptionally high recognition speed. Specifically, the etching achieves a speed of 1,200 labels/3s, the high-throughput procedures yield a rate of 2,400 labels/4 mins, and the total count is about 5.2 × 104 labels. The number of labels is further augmented to about 5.2 × 106 by implementing arbitrary rotation and brightness variation to enhance the robustness in the recognition procedure. We divide these labels into 44 categories based on differences in patterns. Utilizing machine learning methods, we have achieved a total recognition (including extraction and search process) time per label averaging 421.96 ms without classification, and 40.13 ms with classification. Specifically, the search process with classification is nearly fiftieth times shorter than the non-classification method, reaching 8.52 ms in average. The overall recognition time is much faster than previous works, and achieves an accuracy of over 98.7%. This work significantly increases the practical significance of pixel-level anti-counterfeiting labels.

Automated Fingerprint Identification System

Abstract: AFIS is regarded as one of the greatest advancements in biometric systems as it enables fast and efficient identification of an individual by their distinct fingerprint designs. This system employs the use of digital imaging, finger-power techniques and other technologies in the storage and comparison of fingerprints. With AFIS, fingerprint images are all digitized making it easier to carry out crime investigations, border control and general identification of persons. The strength of AFIS systems is evidenced by the increased accuracy levels along with the capacity to accommodate numerous records and still allow for fast searches by fingerprinting matching to existing images for law enforcement on file. Some problems nevertheless persist which include the quality of fingerprints and environmental interferences, however machine learning and artificial intelligence improvements are still being incorporated into the systems to make them work even better. This paper investigates the system architecture and components, operational aspects, and prospects for development of the AFIS technology, which is essential in contemporary informational security

Analysis of the Application of Logical Operations to Cryptographic Transformations of Information Security Means

In the article, the solution to the problem of determining logical operations that ensure cryptographic stability of the transformation of algorithms of cryptographic methods of information security is justified by the criterion of regularity - equal distribution"0" and "1" in the truth table. A logical operation with a truth table of uniform distribution of "0" and "1" and or blocks of bits has the property of cryptographic resistance.

The impact of ISO security standards on enhancing cybersecurity posture in organizations

The increasing frequency and sophistication of cyber threats have made organizations need to adopt robust cybersecurity frameworks. ISO security standards, particularly the ISO/IEC 27000 series, play a critical role in enhancing organizations' cybersecurity posture worldwide. These standards provide a systematic approach to managing sensitive information, ensuring its confidentiality, integrity, and availability. ISO/IEC 27001, which focuses on establishing an Information Security Management System (ISMS), is widely recognized for its ability to help organizations identify, manage, and mitigate cybersecurity risks. By adopting ISO standards, organizations benefit from improved risk management, enhanced incident response capabilities, and stronger alignment with regulatory compliance requirements, such as GDPR and HIPAA. In addition, ISO security standards promote a security-first culture within organizations, fostering greater employee awareness and encouraging the consistent implementation of best practices across departments and regions. The adoption of standards like ISO/IEC 27001 (Information security, cybersecurity and privacy protection), ISO/IEC 27018 (Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors), ISO/IEC 27017 (code of practice for information security controls based on ISO/IEC 27002 for Cloud services), ISO/IEC 27015 (Information security management guidelines for financial services) ISO/IEC 27002 (Information security, cybersecurity and privacy protection - Information security controls), and ISO/IEC 27701 (Security techniques- Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – requirements and guidelines) has demonstrated significant improvements in data protection, especially in industries handling sensitive personal or financial data. Despite their benefits, implementing ISO standards poses challenges, such as resource constraints, scalability, and the need for continuous updates. As the threat landscape evolves, ISO security standards will remain integral to developing a proactive cybersecurity strategy, integrating with emerging technologies such as artificial intelligence and IoT. The global adoption of these standards reflects their pivotal role in securing the digital infrastructure of modern organizations.

Using Artificial Intelligence tools to create a smart university to employ digital transformation in the sustainability of higher education development Applied study, White Nile University - Sudan, 2023

The study aimed to introduce artificial intelligence and design a smart technology educational environment that works to develop digital capabilities and smart digitization in universities by using artificial intelligence methods to achieve the maximum level of education according to different capabilities and skills, raise the value of higher education and improve the quality of education. The problem of the study lies in the presence of real challenges in The field of education, due to the lack of interest in developing innovative tools to meet the needs of society. The study relied on the descriptive analytical approach to define and analyze the conceptual framework for building a smart university that has all the elements of development and electronic renaissance. The study reached the most important results, including the impact of digital transformations on smart universities, and digital transformation achieves many goals. For students and faculty members, digital transformation helps faculty members cope with the increasing number of students, provides thousands of educational sites, and the most important recommendations of the study are preparing an integrated vision between the components of digital transformation and applying it to the smart university, providing the necessary insurance and security of information in the smart digital environment.

Prospects and challenges of mobile banking in Bangladesh: A case study

Mobile banking is a technology advancement that enables convenient, anytime, anywhere access to financial services. When using mobile banking, customers can access banking services via their phones without having to wait in line. It is a branchless kind of banking. The purpose of the study was to identify the prospects and challenges facing Bangladeshi mobile banking in the twenty-first century. Over 80 respondents were selected using Yaro Yamani formula from a sample of bank clients and bankers and given a standardized questionnaire. The study's goal has been perceived through the application of the descriptive research approach. Based on the study's findings, people's interest in mobile banking is growing daily due to its advantages. Certain banks do not presently offer all mobile banking services, and not all respondents are aware of all the mobile banking options available. Fast data transfer and cost-effective usage are two factors that entice customers. Some of the disadvantages of mobile banking are that it is very expensive, private, complex, etc. Lowering operational risks and increasing consumer confidence in Bangladesh's mobile banking services can be achieved through robust technical information control and security procedures that ensure the integrity and confidentiality of financial transactions.

Evolution of Information Security Awareness towards Maturity: A Systematic Review

Evolution of Information Security Awareness towards Maturity: A Systematic Review

Cyber risk management technology to strengthen the information security of the national economy

Purpose. Developing a technology for managing cyber risks based on their improved classification by the level of impact on the occurrence of an extreme situation. Methodology. To achieve the goal, general scientific and special methods of cognition were used in the study: dialectical and systemic approaches, analysis and synthesis, logical generalization and grouping, structural-logical method, iterative approach, modeling, method of formal representations of uncertainty. Findings. A cyber risk management technology has been developed, consisting of four main stages: analysis of cyber threats (context establishment; security audit; formation of scenario concepts); scenario modeling (threat decomposition; scenario formation; setting criteria; setting probability estimates of concepts (variables); building a network architecture; formation of a private threat model; scenario analysis); risk assessment; object classification. The proposed approach to cybersecurity risk management provides vulnerability detection and risk assessment (risk potential) and simplifies the development of management solutions to prevent events affecting cybersecurity. Originality. The proposed technology differs from the existing ones by focusing on identifying those vulnerabilities and cyber threats that, according to their improved classification by the level of impact on the occurrence of an extreme situation, can lead to serious disruptions in the functioning of critical information infrastructure of the national economy. Practical value. The practical significance of the study lies in the fact that the proposed cyber risk management technology is one of the tools for preventing the realization of risks in cyberspace and the basis for strengthening the information security of economic entities in particular and the national economy as a whole.

Incident response: A structured model from detection to containment and recovery

As cyber-attacks evolve in sophistication; organizations are under constant threat. This necessitates a cohesive approach to prioritize incident response (IR) capabilities and mitigate potential damages. This research paper explores integrating Information Security Management (ISM) and Incident Response (IR) functions; underlining the need for a unified strategy that leverages organizational learning theory. The study comprehensively analyzes the Incident Response Lifecycle; outlining the critical phases of preparation; detection and analysis; containment; eradication; recovery; and post-incident activities. It also investigates the crucial role and structure of Incident Response Teams (IRTs); advocating for tailored team formations that adapt to the dynamic nature of cyber incidents. By fostering collaboration between ISM and IR functions and focusing on technical and socio-technical factors; organizations can enhance their resilience against cyber threats and improve their overall security posture.

Legal protection of personal data security in Indonesian Local Government apps: Al Farabi's perspective

The rapid advancement of technology is a double-edged sword. While it provides easy access to information, it also opens the door to unrestricted access, including personal data. Governments worldwide are leveraging technology to enhance their connection with citizens and deliver top-tier public services. In this vein, the Provincial Government of DKI Jakarta as an Indonesian local government, launched a SuperApps called JAKI in 2019 as a dynamic platform for two-way communication between DKI Jakarta residents and local authorities. This research employs empirical juridical methods, incorporating statutory and conceptual approaches. Drawing from primary sources, including DKI Jakarta Regional Secretariat Decree Number 99 of 2022 concerning the Citizen Relations Management application and interviews with the Smart City Developer Service Unit, the study demonstrates that JAKI ensures robust data security. The app complies with ISO 2700, an international standard that regulates information security management systems and fulfils the three core components: confidentiality, integrity and availability. Furthermore, in alignment with Al Farabi's concept of information security accountability, the emphasis is placed on collaborative social responsibility between data owners and collectors, represented by DKI Jakarta Provincial Government. This cooperation is both fair and beneficial, adhering to the fundamental principles of political philosophy and ethics.

A Literature Review of the Research on Digital Management in Higher Education

Digital management holds significant importance in higher education, especially in cultivating digital literacy personnel. The theoretical foundation of digital management encompasses various domains, such as information science, management studies, and education. In practice, digital management has achieved notable results in teaching, research, and administrative management. Scholars have proposed strategies to address challenges like information security and data sharing. The future development trends of digital management in higher education distinctly point towards intelligence and personalization, aiming to significantly enhance management efficiency and promote equitable distribution of educational resources through technological innovation. However, a major challenge currently faced in this research area is insufficient diversity exploration. Therefore, future studies must expand both breadth and depth.

A Model of Information Security and Competition

We study platforms’ incentives to invest in cybersecurity under ad-funded and subscription-funded business models.

Implementasi Sistem Manajemen Log untuk Penanggulangan Serangan Server dengan SIEM

In the current digital era, information security has become a primary focus for organizationsworldwide. Rapid technological advancements have brought significant benefits but alsointroduced increasingly sophisticated cyber threats and attacks. One approach to addressing thesechallenges is through Security Information and Event Management (SIEM). SIEM integratesSecurity Information Management (SIM) and Security Event Management (SEM) to collect,analyze, and report security data from various network sources, enabling more effective detection,response, and management of security incidents. This study focuses on handling server attacksusing Wazuh SIEM as an early warning system. The methodology involves setting up a networktopology to detect Distributed Denial of Service (DDoS) attacks using SIEM, collecting andanalyzing log data, correlating data to identify threats, and responding to detected threats. Theresults indicate that SIEM is crucial in modern cybersecurity, providing real-time threat detectionand response capabilities. The system successfully detected and blocked 42 attacks during thetrial. In conclusion, SIEM offers greater security visibility and control, enabling organizations todetect and respond to complex security threats efficiently and effectively. Modern SIEM systems,equipped with advanced analytics and machine learning, can identify anomaly patterns and newthreats, thus strengthening an organization's cybersecurity defenses.

Development of a Flexible Information Security Risk Model Using Machine Learning Methods and Ontologies

This paper presents a significant advancement in information security risk assessment by introducing a flexible and comprehensive model. The research integrates established standards, expert knowledge, machine learning, and ontological modeling to create a multifaceted approach for understanding and managing information security risks. The combination of standards and expert insights forms a robust foundation, ensuring a holistic grasp of the intricate risk landscape. The use of cluster analysis, specifically applying k-means on information security standards, expands the data-driven approach, uncovering patterns not discernible through traditional methods. The integration of machine learning algorithms in the creation of information security risk dendrogram demonstrates effective computational techniques for enhanced risk discovery. The introduction of a heat map as a visualization tool adds innovation, facilitating an intuitive understanding of risk interconnections and prioritization for decision makers. Additionally, a thesaurus optimizes risk descriptions, ensuring comprehensiveness and relevance despite evolving terminologies in the dynamic field of information security. The development of an ontological model for structured risk classification is a significant stride forward, offering an effective means of categorizing information security risks based on ontological relationships. These collective innovations enhance understanding and management of information security risks, paving the way for more effective approaches in the ever-evolving technological landscape.

PEMANFAATAN TEKNOLOGI INFORMASI PADA SEKOLAH MENENGAH ATAS DI BELINYU

The implementation of infrastructure and development of information technology (IT) services in educational environments such as schools and campuses plays an important role in supporting quality learning experiences. Regarding the introduction of IT infrastructure and service development in the educational environment. IT infrastructure covers various aspects such as providing hardware and software to meet educational needs, providing a reliable communications network, and ensuring data and information security. Services provided include training for teachers in the use of learning technology, technical support for students and staff, as well as implementation of related policies. With the right infrastructure, students and lecturers can access learning resources efficiently and interact in a technology-integrated learning environment. This service also plays an important role in increasing the technological literacy of students and teachers and ensuring the smooth operation of systems in educational environments. The services provided at schools can have a positive impact on improving the quality of education, preparing students to face the challenges of the digital world, and creating an inclusive and innovative learning environment. A holistic and coordinated implementation approach and ongoing support from all stakeholders will be key to achieving this goal.

Implementation of a novel secured authentication protocol for cyber security applications

Robust verification protocols are crucial for maintaining the security and reliability of sensitive information due to the increasing complexity of cyber-attacks. This paper introduces a novel 5G Secure Handover Protocol aimed at addressing security and effectiveness issues encountered in existing systems. The proposed protocol is robust against various attacks, including de-synchronization, replay, man-in-the-middle (MITM), denial of services (DoS), and jamming, ensures perfect forward key secrecy, safeguarding communication confidentiality. The proposed protocol utilizes a combination of spiking neural network and fuzzy logic (SNN-FL) techniques that must choose the goal cell as carefully as possible before initiating the transfer process. By combining fuzzy logic and spiking neural networks to reduce handover latency and thwart several types of cyberattacks, the proposed 5G Secure Handover Protocol improves security. Extensive simulations show its efficacy and emphasize its potential for safe communication in large-scale cybersecurity applications. The paper presents a novel secure authentication protocol that significantly reduces handover delays and improves efficiency. Simulations show its resilience against common security threats, protecting sensitive information and maintaining secure communication channels. The protocol, with low communication expenses, complex spatial, and latency for changeover verification, is ideal for large-scale cybersecurity applications, contributing to the development of secure digital authentication mechanisms.