Security Research Research Articles

Analysis of existing approaches to the formation of functional security profiles

The work examines existing methods for forming functional security profiles (FSP) for information protection systems. The purpose of the work is to analyze approaches to deter-mining FSP when designing information protection systems based on their comparative char-acteristics. Solved tasks: formation of requirements for the characteristics of approaches and methods for determining the FSP, analysis of existing approaches and methods for determin-ing the FSP and their comparative characteristics. The authors explore the key characteris-tics of various methodologies, such as time consumption, complexity, the influence of expert qualification, and the possibility of creating non-standard profiles. The work compares the advantages and limitations of existing methods. The research shows that all methodologies require significant time and are dependent on the qualifications of specialists. At the same time, most methods support the development of non-standard profiles, allowing them to be adapted to specific information security requirements. Based on the analysis, it is concluded that the use of automated systems based on intelligent methods is necessary to improve the efficiency and accuracy of FSP formation. Thus, the work makes a significant contribution to the field of information security research, providing practical recommendations for improv-ing methodologies for forming FSP in the context of increasing threats in the information technology sphere.

A study of human factors toward compliance with organization’s information security policy

ABSTRACT While organizations increasingly rely on information technology for competitive advantage, safeguarding sensitive data hinges on more than just technical safeguards. Alarmingly, employee actions account for a growing percentage of information security breaches, highlighting the critical role of human factors. Building upon the understanding that human resources are key to maintaining organizational security, this study investigates the relationship between five key human factors security culture, awareness, training, risk perception, and reinforcement and employee compliance with information security policies. Through quantitative research, we propose and validate a conceptual framework demonstrating a significant positive association between these human factors and compliant behavior. Our findings emphasize the profound influence of security culture as a primary driver of secure practices within organizations. These insights offer practical guidance for organizations to move beyond a technology centric approach and prioritize a human centric security strategy that integrates these factors into policy design, training programs, and organizational culture.

Water insecurity is human: why social science must be at the core of water security research and practice

Many water scholars believe we are at an inflection point in which new approaches to water research and management are needed, and I agree. Water insecurity is fundamentally driven by human behavior and is socially determined. To address this, the emerging science of water security can build on well-established and theoretically-robust findings from social science. Foundational work establishes the formative role of human social structures in producing water insecurity, particularly for populations experiencing poverty, racial/ethnic minoritization, and political exclusion. While infrastructural and legal/regulatory reforms are essential to advance water security, they have failed vulnerable populations in patterned, predictable ways globally. New research highlights how social and engineered infrastructures that are hybrid, modular, adaptive, and decentralized can improve water security for the most vulnerable populations. However, reliance on such systems is inherently a feature of unjust, inequitable water governance. Social scientists have a valuable role to play in explaining these dynamics, addressing water system failures, and developing more equitable water solutions.

Cyber safety in e-learning: The effects of cyber awareness and information security policies with moderating effects of gender and experience levels among e-learning students

Cyber safety in e-learning: The effects of cyber awareness and information security policies with moderating effects of gender and experience levels among e-learning students

Analytic Hierarchy Process Optimization of Strategic Resource Management for Sustainable Development: Enhancing International Economic and Commercial Relations through Circular Economy Factors in Open Socio-Economic Systems

This article explores how the Analytic Hierarchy Process (AHP) can optimize strategic resource management for sustainable development, emphasizing circular economy factors in open socio-economic systems. A thorough literature review links existing research in financial security, innovation, and risk management to illustrate the significance of integrating environmental considerations into long-term resource allocation. The proposed AHP framework decomposes complex decision-making into a hierarchical structure that includes both quantitative metrics, such as financial stability and waste reduction, and qualitative concerns, like stakeholder engagement and regulatory compliance. Expert evaluations highlight the primacy of environmental and circular economy factors in resource management, closely followed by financial and risk considerations. Waste reduction, resource reuse, and supply chain resilience emerge as top-ranked sub-criteria, underscoring the importance of balancing ecological imperatives with economic viability. The study further highlights digital transformation as an essential enabler of real-time analysis and adaptive resource allocation. Integrating these insights within a broader policy and managerial context offers a roadmap for enhancing international economic and commercial relations, especially in turbulence-prone global markets. The findings suggest that holistic, multi-criteria decision-making—supported by AHP—provides a robust pathway toward sustainable development, promoting resilience and competitiveness in open socio-economic systems.

Exploring the Mediating Role of Information Security Culture in Enhancing Sustainable Practices Through Integrated Systems Infrastructure

The need for sustainable development, coupled with the growth in industrialization, creates a complex environment in which businesses strive to achieve and maintain a competitive advantage. Information now forms a vital part of how firms perform in today’s globalized corporate world. This paper explores the impact of information systems on sustainable organizational operations. Furthermore, it observes how IT infrastructure and information security policy (ISP) play vital roles in the changing business environment. The importance of information security culture (ISC) as a mediator in developing the association between the independent and dependent variables is also investigated. Reviewing these categories’ interactions within the context of transitional economics is the main goal. To assess and predict the impact of ISs, ISP, ITI, and ISC on sustainable organizational performance (SOP), 214 businesses took part in a structured survey. For data cleaning and reliability analysis, SPSS software was used; for mediation analysis, the Preacher and Hayes approach was applied; and, for multiple linear regression analysis, Python was applied. The study is significant for developing countries in the role of IS for the effectiveness of IT governance and strategic integration. The findings indicate that organizational performance is substantially impacted by information security policy (ISP), IT infrastructure (ITI), and information security culture (ISC).

ОРГАНІЗАЦІЯ СИСТЕМИ ЗАХИСТУ ЦИФРОВОЇ ІНФОРМАЦІЇ У ФІНАНОВОМУ ОБЛІКУ

Abstract. Introduction. The constant development of technologies, changing forms of threats and the need to adapt to new conditions will require organizations to constantly improve their security systems. The purpose of this work is to systematize theoretical provisions and substantiate practical recommendations regarding the organization of protection of digital financial accounting data. Methods. In the process of research, the method of induction was used at the stage of collecting, processing and systematization of the received information, the method of analysis and synthesis - to combine the constituent elements of economic phenomena in a single process. Results. The essential characteristics of the concepts of information security, digital security and data cyber security in the context of economic security of the enterprise are revealed. A set of measures in the system of organizing digital security of financial accounting data has been identified. National and international legal acts, standards and recommendations define mandatory requirements for data storage, processing and transmission, thus providing a legal basis for the implementation of information security policies. The main directions of state policy in the field of information security have been determined. The state in which business entities currently work is accompanied by constant cyber-attacks both on the enterprises themselves and on the totality of their digital data in the field of accounting and taxation. The main measures to ensure cyber security for critical infrastructure enterprises have been determined. They singled out the main problems of digital information protection in accounting, namely: data leakage; software attacks; phishing and social engineering; malware. The main methods of preventing cyber threats are summarized. Recommendations on the organization of the system for ensuring the security of digital data in financial accounting have been formed. The actions of the accounting staff of the enterprise or the enterprise of the partner, which may create a threat of information leakage, are singled out. A set of information sources in need of protection has been identified. Conclusions. The digital information protection system should become an element of the company's accounting policy, and its implementation will contribute to the economic security of the business entity.

The Impact of Digital Transformation on Internal Auditing and Financial Performance of Iraqi Banks

This study investigates the extent to which regulatory systems for electronic accounting information systems, with conventional controls, are implemented in banks. The research employs a questionnaire divided into two main sections : the first section focuses on the personal characteristics of the study sample, while the second section is divided into eight themes. These themes cover the bank's commitment to deregulation of electronic accounting systems, regulatory controls on access to information, security and protection of files, documentation and development of the electronic accounting system, input and output controls, operations, and the risks associated with electronic accounting information systems. Key recommendations include improving control procedures, protecting software and hardware, and adopting clear regulations for responsibilities and powers within banks. The study underscores the importance of continuous internal audits and the development of efficient electronic accounting information systems to mitigate risks and enhance the overall performance of Iraqi private banks.

AI applications for nutrition and food security research: a taxonomy and competencies

AI applications for nutrition and food security research: a taxonomy and competencies

Remote Food Security Research Project: Applying an Indigenist Research Lens.

This paper aimed to reflect on how Rigney's model of Indigenist research informed the research design of a project which explored community-led solutions to improve food security in remote Aboriginal and Torres Strait Islander communities. The project was conducted in partnership with two Aboriginal Community Controlled Health Organisations (ACCHOs); Apunipima Cape York Health Council (Apunipima) and Central Australian Aboriginal Congress (Congress), communities in Central Australia and Cape York, Queensland and researchers from the University of Queensland, Monash University, Dalhousie University and Menzies School of Health Research. On reflection the principles of Indigenist research were evident providing a means of resistance to oppression through Indigenous stakeholders being in control of research to address social determinants, in this case food security. Aboriginal and Torres Strait Islander world views, lived experiences and knowledges were embedded in the research and informed governance, implementation and knowledge translation. ACCHOs and communities gained a political voice through advocacy and actions at the local, state and national levels. The development of a Community Framework led by ACCHOs and community stakeholders to address food security serves to talk to the three principles of 'Resistance, Political Integrity and Privileging Indigenous Voices'.

Evaluating the Impact of Mandatory Information Security Disclosure and Policy Improvement Recommendations

Evaluating the Impact of Mandatory Information Security Disclosure and Policy Improvement Recommendations

Cybersecurity in The Health Sector in The Reality of Artificial Intelligence, And Information Security Conceptually

Healthcare service delivery, especially in terms of safeguarding personal data, requires ensuring the confidentiality of information. In this regard, establishing cybersecurity systems that ensure information security is highly necessary. The rapid advancement of technologies increases the likelihood of cyberattacks, and particularly, AI-supported threats can cause serious harm in service delivery. In the current era, attacks not only come from humans but also from AI tools, posing threats to information security. Considering that AI technology is expected to further advance in the future, it's evident that this technology could become even more menacing. This is especially pertinent to the healthcare sector. Cyberattacks can lead to breaches in healthcare system data and disrupt service delivery to the extent of paralyzing the healthcare system. Our study, which includes case examples, is a compilation-type research. Within the scope of our research, searches were conducted using the keywords healthcare sector, information security, and cybersecurity on Google Scholar and Web of Science. The most current topic headings intersecting information security with the healthcare sector were examined based on the articles found on the subject. Our study evaluates the following topics in order: information and cyber security concepts, cyber threats and public services, electronic health records and security, major cyber-attacks in the health sector, why healthcare data is attractive for cyberattacks, information security in the artificial intelligence era, and information security policies for Türkiye and other countries in the world. Ransomware holds a significant place among cyberattacks. Therefore, users within the healthcare system are advised to pay particular attention to this issue. Attacks generally occur via email, starting with enticing the user into a cyber-threat through email. Artificial intelligence can also be used to get rid of such spam mails. Hence, it is strongly recommended that users in the healthcare sector undergo training on this matter. These trainings should be conducted regularly and continuously, with the institution's IT center offering an institutional approach in this regard.

Factors Influencing Information Security Culture in Organizations Dealing With Economic Crime in Kenya

Information security culture is very important for any organization, especially in the public sector, where sensitive information is regularly processed and stored. This importance has become more pronounced in recent years because the frequency and sophistication of cyber-attacks have increased, highlighting the need for effective information security measures such as control policies including access controls, password regulations. However, the success of these measures depends on the development of a strong information security culture within the organization. This study thus aimed to establish the organizational factors influencing information security culture in the organization dealing with economic crime in Kenya. The study focused on information security control, organization structure and organizational culture and how they influence information security culture. The study was underpinned on Security Culture Framework, CIA triad model, structural contingency theory and organizational culture theory. Descriptive research design was adopted. The study targeted 5729 employees in the Economic crimes investigative organizations in Kenya. Stratified random sampling approach was used to classify the sample frame. Simple random sampling technique was utilized to select respondents from each stratum to come up with a sample size of 361 respondents. Data was gathered from the five organizations located in Nairobi County, using self-administered questionnaires. The questionnaires were distributed through a drop and pick-up method, wherein the researcher personally delivered them to the respondents at their workplace. The study produced quantitative data that was coded and entered into Statistical Packages for Social Scientists (SPSS Version 26) for analysis, using both descriptive and inferential statistics. The quantitative data was presented using tables and graphs, with accompanying explanations in prose. The study concludes that information security control has a positive and significant effect on information security culture in five selected state-owned organizations dealing with economic crime in Kenya. In addition, the study concludes that organization structure has a positive and significant effect on information security culture in five-selected state-owned organization dealing with economic crime in Kenya. Further, the study concludes that organizational culture has a positive and significant effect on information security culture in five-selected state-owned organization dealing with economic crime in Kenya. Based on the study findings, the study recommends that the management of state-owned organization dealing with economic crime in Kenya should establish a dedicated and well-defined information security governance structure. This involves creating a specialized information security department or team that reports directly to top management, ensuring that information security is prioritized at the highest organizational level.

The ‘urgencies’ of implementing an RRI approach in EU-funded law enforcement technology development: between frameworks and practice

ABSTRACT RRI aspirations are complicated by two kinds of ‘urgency' in the field of EU-funded security research: the timeframe and requirements for such technologies often present researchers with ‘urgency' due to the sensitive nature of the security domain and it is ‘urgent' for building societal trust in security technology that RRI approaches shall be introduced and effectively implemented in the lifecycle of developing such technologies. Drawing on experience from an H2020-multidisciplinary project, this article presents the gap between the top-down formal frameworks and bottom-up practice of designing and implementing RRI approaches under conditions of ‘urgency’ and time pressure. In the case of EU-funded security research, it is argued, there are still significant practical challenges which hinder the effective implementation of RRI approaches, potentially limiting the extent to which such approaches deliver meaningful impact. The paper reflects on these challenges, as well as on potential strategies to overcome them in the future.

Utilization of Participatory Research Theory and a National Framework to Advance a State Food Security Research Agenda: A Mixed-Methods Study.

The 2022 White House National Strategy on Hunger, Nutrition, and Health outlined goals for ending hunger in the US. Actions fell into five areas, called pillars; the goal of Pillar 5 was to enhance nutrition and food security research. This study leveraged participatory research theory and the National Strategy for developing a statewide, evidence-informed food security research agenda. A mixed-methods study employing the Community Engagement in Research Continuum (CEnR) was implemented. Engagement strategies included collecting baseline data via a statewide survey and encouraging participants of a statewide Summit to participate in a collective prioritization process. Surveys were emailed to a purposive sample of 1575 contacts; 31 registered for the in-person session. A total of 197 records were included in the survey analysis; all 31 registrants attended the in-person session. The research agenda was to include two objectives for implementation over the next two years. Academic and nonacademic stakeholders interacted as peers during the prioritization exercise. The first research objective was to conduct food assistance usage gap analyses; the second was to investigate barriers to collaboration among Idaho's food security programs. The CEnR proved efficacious for producing a stakeholder-generated research agenda. Leveraging a national framework helped facilitate asset-based, actionable strategies within a proposed timeline.

Building Patient Trust through Enhanced Data Security: A Saudi Arabian Hospital Case Study

Purpose: The study highlights the need for healthcare providers to prioritize the implementation of enhanced authentication mechanisms and consent management systems to align with patient expectations and build trust. Additionally, the research emphasizes the importance of addressing the knowledge gap among healthcare staff through mandatory training programs and clear communication strategies. The proposed action plan outlines concrete steps to enhance data security and transparency, positioning the hospital as a leader in safeguarding patient information. Methodology: A survey was conducted among patients in a private hospital setting to assess their perceptions and expectations regarding the security of their medical information. The survey explored patient awareness of data security risks, preferences for authentication methods, and views on consent protocols for accessing health records. Originality and implication: This study provides valuable insights into patient perspectives on data security within a private hospital setting, an area often overlooked in broader healthcare data security research. The findings have significant implications for healthcare providers, emphasizing the need to align security practices with evolving patient expectations to maintain trust and ensure the responsible handling of sensitive medical information. Keywords: Patient Data Security, Healthcare Data Privacy, Patient Consent, Authentication Methods, OTP Verification, Electronic Health Records, Security Awareness Training, Trust in Healthcare, Private Hospital Setting

THE PUBLIC ADMINISTRATION OF INFORMATION TECHNOLOGIES IN HEALTH CARE FIELD UNDER THE CONDITIONS OF MARTIAL STATE

In the conditions of martial state, the need for fast and accurate processing of large volumes of information, especially in the field of health care, is increasing. This is due to a lack of resources, an increase in the number of victims of military operations, displaced persons, the complication of access to medical services in connection with hostilities, the loss of individual specialists and information arrays, as well as increased risks for information security and the entire process of public management of information technologies in the health care field. The public administration of information technologies in health care is becoming critical to ensure the stability of healthcare services, support communications between healthcare facilities and government agencies, and effectively process and protect healthcare data. The analysis of scientific works on the issue of the public administration of information technologies in health care under the conditions of martial state is insufficiently researched. The article highlights the main challenges of the industry related to the war: ensuring the continuity of medical services, the appropriateness of public administration decision-making in conditions of limited access to open information, problems with logistics, and stable power supply, information protection and cyber security, shortage of qualified personnel; adopted management decisions, and information technology tools, which were used by authorities at the state and regional levels to respond to new challenges, were investigated. In the article, we are offered some recommendations for the further development and management of information technologies in the healthcare field. The main ones are further measures to strengthen cybersecurity, namely the widespread implementation of the Digital Competency Framework for Healthcare Workers in various areas, the implementation of modern information protection systems, the implementation of an information security policy, measures to legalize and update software, deepening the integration of mHealth into the existing eHealth system to enable rapid and remote collection of medical information and the introduction of artificial intelligence elements into healthcare management processes.

Access to and use of Data for better Healthcare: A Plea for a cooperative data and Research Infrastructure of Statutory and Private Health Insurers and the Network University Medicine (NUM)

With the Network of University Medicine (NUM) and the Medical Informatics Initiative (MII), the BMBF is funding two pioneering, structure-building research measures that are now being merged. The data integration centers (DIZ) of the MII are to be consolidated in the NUM. The aim is to establish a standardized research infrastructure within which the existing data from the clinical routine care of the 36 German university hospitals, from clinical cohorts and clinical-epidemiological studies can be used for various research questions upon request and via coordinated processes. The legal basis for this was the MII's "Informed Broad Consent", which had been agreed upon with ethics committees and data protection authorities and implemented in all NUM locations, with a so-called "health insurance module" that allows the collection and linking of routine medical data from statutory health insurance funds (GKV) and private health insurers (PKV) as a category of care-related data (VeDa). Linking this routine data with data from hospital information systems offers particularly high potential, as no single data source provides a complete picture of medical care and the two data sources complement each other optimally. The aim now is to integrate this routine data into the NUM's secure, transparent and participatory research infrastructure in a strategic partnership with statutory health insurance funds and private health insurance companies. This promotes Germany in its role as a research location and makes a decisive contribution to improving the quality and safety of healthcare in Germany in an evidence-based manner.

Evaluating the Role of Protection Motivation Theory in Information Security Policy Compliance: Insights from the Banking Sector Using PLS-SEM Approach

Evaluating the Role of Protection Motivation Theory in Information Security Policy Compliance: Insights from the Banking Sector Using PLS-SEM Approach

Ensuring the Security of an Internet-based E-learning System through the Use of Integrated Encryption Methods

Most schools have used information technology (IT) to enhance and advance their various educational methodologies to attract more learners. Institutions have implemented IT to facilitate E-learning and mobile learning, enhancing the cost and versatility of educational offerings. Most educational institutions are providing online instruction using technology such as cloud computing (CC) and networking. Educational institutions have established their own E-Learning Systems (ELS) to facilitate online learning, enabling remote education. However, ELS must confront several security concerns related to hacks and data breaches via unauthorized entry. Also, a novel idea of Internet-based ELS architecture has emerged to enhance service proximity to the customer. This research presents a novel CC and Internet-based ELS system. This study proposed the implementation of Integrated Encryption Methods (IEM), which incorporates two encryption algorithms, Rivest-Shamir-Adleman (RSA) and Advanced Encryption Standard (AES), to meet the safety and latency requirements for communication among the CC and the ELS. The suggested technique explicitly extends learning material from the CC to the network's boundary. It enhances the effectiveness of instructional data analysis, alleviates the computational cost of encryption on users' devices by delegating some of the encryption workload to CC servers, and offers limited access to educational material via the encryption of courses and examinations using IEM. Security research indicates that the proposed approach can accomplish information privacy, precise access management, and resistance to conspiracy. Performance studies illustrate the efficacy of the proposed framework, particularly regarding IEM computational costs.