Information Security Research Articles

Utilizing ISO 27001:2022 to Design Information Security for BPRACo SME Digital Transformation

In the digital age of the Industrial Revolution 4.0, organizations like BPRACo must undergo Digital Transformation (DT). A significant challenge is the lack of adequate information security controls, which can lead to DT failure. Smaller banks, such as BPR, face difficulties in adopting effective information security management strategies that are proven for larger institutions. This study aims to identify the application of ISO 27001:2022 standards and develop an information security management system focusing on the most critical annex clauses for SME digital transformation. It also seeks to evaluate and analyze the impact of an information security management system aligned with these key clauses on SME DT success. The research employs a five-stage Design Science Research (DSR). Data were collected through interviews and document analysis, then analyzed using the ISO 27001:2022 framework for Information Security Management Systems (ISMS). The study identified six priority Clause and Annex controls for BPRACo. Based on the gaps, six essential solutions were designed, compiled into an implementation roadmap to enhance BPRACo readiness for full ISMS implementation and certification, supporting DT success in small banks. This research provides valuable insights and practical implications for information security management in small banks.

An image encryption algorithm for colour images based on a cellular neural network and the Chua's chaotic system

In the internet era, image encryption technology plays a crucial role in ensuring the security of image information. Aiming at the problem that low-dimensional chaotic encryption has a relatively small key space and is vulnerable to chosen-plain attacks, this paper proposed a novel colour image block encryption algorithm based on the cellular neural network and the Chua's chaotic system. Firstly, the plain is separated into three primary colours. And Fourier transform is applied to achieve optical transformation, generating six chaotic sequences iteratively. Secondly, the chaotic sequences were combined in pairs. And then combined with the plain to form three sequences, which were used in the diffusion process. Finally, the improved Chua's chaotic system is used to scramble the image. Both diffusion and scrambling are performed synchronously during encryption. Through the above operation, we get the final colour encrypted picture. The experimental results show that the algorithm has excellent encryption effect and can resist common attacks.

Application of zero trust model in preventing medical errors.

Medical errors can occur in many areas of healthcare, including hospitals, clinics, and surgery centers. They can result in negative consequences for patients and their loved ones. Over the years, different methods have been used to reduce medical errors. Zero Trust is an information security model that denies access to applications and data by default. Other industries have successfully used Zero Trust Model (ZTM), and it has been shown to improve outcomes. This editorial analyzes how the ZTM can be introduced to prevent medical errors in healthcare settings. ZTM application in healthcare could potentially revolutionize patient safety by tightly controlling and monitoring access to sensitive patient data and critical systems. By enhancing security measures, the ZTM could address the paramount concerns of patient data privacy and safety in healthcare. The zero-trust approach offers a potential solution by identifying consistent causes of errors and providing viable solutions to prevent their recurrence. In the era of worsening ransomware attacks on healthcare systems, the ZTM could also have enormous implications in other cybersecurity aspects. With this manuscript, the authors advocate for the broader application of ZTM across other facets of healthcare cybersecurity.

Information Security of the Islamic Republic of Iran

Information Security of the Islamic Republic of Iran

Intelligent Connected Vehicle Information Security Risks and Countermeasures

The development of intelligent connected vehicles has promoted the upgrading of the transportation system, but it also brings challenges in information security. This paper analyzes the current information security vulnerabilities of intelligent connected vehicles, including attack methods, security vulnerabilities, and protective measures. Firstly, through the analysis of the existing attack methods and their principles, the potential security vulnerabilities and threats are summarized. Then, based on security and cryptography technology, relevant measures for information security protection are proposed to achieve all-round protection of intelligent connected vehicle information. Finally, The paper puts forward the measures to solve the information security problem of intelligent connected vehicle from three aspects: Encryption and Authentication, Firewall and Intrusion Detection System, and Over-the-air (OTA).

Ai-driven Predictive Analytics, Healthcare Outcomes, Cost Reduction, Machine Learning, Patient Monitoring

Integrated with predictive analytics and machine learning, AI has exceeded the traditional approaches of health care contexts by focusing on patient outcomes and costs. This paper aims to discuss the adoption of integrated AI in healthcare systems, categorizing these by how AI predictive models help improve patient health by proactively estimating the course of their illness and its potential impact, prioritizing patient readmissions, and developing effective individualized treatment strategies. The research also identifies more important savings realised through avoiding redundant tests, better utilisation of resources, and shorter hospitalisations. In the current study, the authors present concrete findings for AI-driven Predictive Analytics based on realistic scenarios and quantitative data of health care systems. It also points to the fact that healthcare organisations adopting the use of AI technology have gained an objective that reduced their operations costs by 25% and improved patient outcomes whereby the readmission rates were reduced by between 15% and 20%. Furthermore, there is an evaluation of the ethical considerations of applying AI in healthcare, especially on the subject of patient’s information security. To the best of our knowledge, this study is the first to systematically review AI applications in healthcare and provide detailed suggestions for better understanding the general impact of AI in healthcare to enhance patient outcomes and manage costs. With advancement in artificial intelligence technology, there is a growing importance of how the technology can transform the health care industry.

Systematic Literature Review of Barriers and Enablers to Implementing Food Informatics Technologies: Unlocking Agri-Food Chain Innovation.

Access to food products is becoming more and more complex due to population growth, climate change, political and economic instability, disruptions in the global value chain, as well as changes in consumption dynamics and food insecurity. Therefore, agri-food chains face increasingly greater challenges in responding to these dynamics, where the digitalization of agri-food systems has become an innovative alternative. However, efforts to adopt and use the technologies of the fourth industrial revolution (precision agriculture, smart agriculture, the Industrial Internet of Things, and the Internet of Food, among others) are still a challenge to improve efficiency in the links of production (cultivation), processing (food production), and final consumption, from the perspective of the implementation of Food Informatics technologies that improve traceability, authenticity, consumer confidence, and reduce fraud. This systematic literature review proposes the identification of barriers and enablers for the implementation of Food Informatics technologies in the links of the agri-food chain. The PRISMA methodology was implemented for the identification, screening, eligibility, and inclusion of articles from the Scopus and Clarivate databases. A total of 206 records were included in the in-depth analysis, through which a total of 34 barriers to the adoption of Food Informatics technologies (13 for the production link, 12 for the processing link, and 9 for the marketing link) and a total of 27 enablers (8 for the production link, 11 for the processing link, and 8 for the marketing link) were identified. Among the barriers analogous to the three links analyzed are privacy and information security and high investment and maintenance costs, while the analogous enablers are mainly government support.

Threats to the security of banking activities in modern Russian practice

Among other sectors of the Russian economy, the banking sector is one of the most dynamically developing. Consequently, its resistance to various shocks and possible threats will be one of the central points of support for the economic security of the state. Modern statistics show an increase in various types of incidents in the financial sector. Regular monitoring and detailed analysis of fraudulent schemes will minimize the possibility of criminal manipulation, thereby significantly reducing the number of risks and the amount of financial losses.The presented article provides a structural and geographical analysis of incidents in the financial sector recorded in 2023, and a sketch of the modern landscape of possible threats is compiled. The optimal approach to the formation of information and economic security of personal and financial data, in particular, and banking activities in general, involves comprehensive protection measures both from the point of view of the individual user and from the position of representatives of the banking community and the regulator.

Analyzing Cryptographic Techniques and Machine Learning Algorithms for Crime Prediction

This report discusses cryptography techniques. Network security is defined as "keeping information hidden and secure from unauthorized users," whereas cryptography is defined as "the science of data protection." The Fundamental Requirements for Data Transmission are addressed in this work and as well as security attacks such as Data Transmission Interruption, Interception, and Modification. The Cryptographic Framework is explained using a generalized function, in which data is encrypted and decrypted using techniques such as the RSA algorithm, Hash Functions, and other cryptographic algorithms.SVM algorithms to analysis and predict the future cyber crime. This report introduces Cryptography Techniques. Cryptography is “The science of protecting data” & Network Security “keeping information private and Secure from unauthorized Users”. This paper gives the Fundamental Requirements for the Data Transmission, the security attacks like Interruption, Interception and Modification of the data Transmission. Keywords—cryptography, cybersecurity, machine learning, cybercrime prediction

Ultralong Room-Temperature Phosphorescence in Ca(II) Metal-Organic Frameworks Based on Nicotinic Acid Ligands.

In recent years, metal-organic framework (MOF) materials with long persistent luminescence (LPL) have inspired extensive attention and presented various applications in security systems, information anticounterfeiting, and biological imaging fields. However, obtaining LPL materials with ultralong lifetime remains challenging. Halogen atoms, as nonmetallic elements existing in the frameworks, can not only induce the heavy-atom effect, effectively enhancing spin-orbit coupling and promoting intersystem crossing (ISC) processes, but also suppress non-radiative transition of the triplet states through the intra- and intermolecular interactions. Specifically, fluorine atoms with the strongest electronegativity may form intermolecular aggregate interlockings through halogen-bonding interactions that restrict molecular motions and vibrations, thereby improving phosphorescent lifetime. With the aforementioned considerations, two distinct types of MOFs with/without fluorine atoms (namely, Ca-MOF and 5FCa-MOF) were synthesized. Notably, by introducing fluorine atoms into MOFs, fluorine-induced intermolecular aggregate interlockings effectively enhanced the phosphorescent lifetime of 5FCa-MOF exceeding 264 ms compared to that of Ca-MOF (103.94 ms). Remarkably, both MOFs displayed bright LPL to the naked eye after removal of the irradiation source, especially 5FCa-MOF which can last for about 2 s. By introducing fluorine atoms, 5FCa-MOF exhibits greatly enhanced ISC with a rate constant up to 4.1 × 106 s-1 and suppressed non-radiative decay down to 3.73 s-1, thereby extending the LPL time. The thus obtained LPL provides potential in information encryption, security systems, optical anticounterfeiting, and so on.

Quantum Physical Unclonable Function Based on Multidimensional Fingerprint Features of Single Photon Emitters in Random AlN Nanocrystals

AbstractPhysical unclonable function (PUF) has emerged as a unique physical'fingerprint' that is inherently difficult to replicate. It shows tremendous application value in various hardware security areas such as identity authentication, chip anticounterfeiting, communication encryption, blockchain, etc. However, with the rapid development of 3D nanoprinting, classical PUFs constructed with disordered micro‐nanostructures face tremendous threats from physical cloning attacks. Herein, this study proposes and demonstrates the utilization of room‐temperature single‐photon emitters derived from atomic defects in randomly distributed pyramidal aluminum nitride (AlN) nanocrystals as a novel quantum PUF to resist physical cloning attacks. The fabrication of this quantum PUF on silicon (Si) wafers enables seamless integration with silicon photonic integrated circuits. The multidimensional fingerprint features of the single‐photon emitters are highly sensitive to the lattice parameters of the uneven AlN nanocrystals. Furthermore, each single photon emitter can work as a quantum random number generator to ensure the fundamental unpredictability of PUFs. The subatomic precision requirement coupled with unpredictable quantum emission behavior makes it practically impossible to attack the proposed quantum PUF, providing a promising solution for information security in the post‐quantum era.

Design and implementation of anti-mapping security access technology based on illegal scanning

Abstract In the current field of information security, illegal network scanning activities are prevalent, and such behaviors are usually aimed at detecting security vulnerabilities in network systems and preparing for future attack activities. This study proposes a secure access system based on anti-mapping technology, which aims to effectively block illegal scanning behaviors while ensuring that the normal access of legitimate users is not affected. The system integrates advanced behavioral analysis algorithms that utilize machine learning techniques for deep learning and pattern recognition of network traffic, and is able to accurately distinguish between normal user activities and malicious scanning attempts. At the core of the system is a set of dynamic adaptive identification mechanisms that update the detection algorithms in real time to adapt to emerging scanning techniques and attack strategies by continuously learning from changes in network traffic. In addition, the system employs role-based access control (RBAC) policies to enhance the protection of sensitive resources. The Secure Access Gateway is deployed at the boundary of the network to monitor and filter all ingress traffic, effectively intercepting unauthorized scanning activities by comprehensively evaluating the source, behavior and frequency of traffic. Experimental results show that the proposed two-layer network structure performs well in detecting common threats such as port scanning, DDoS attacks, and SQL injections, with an accuracy rate of over 95%. Especially for complex and covert APT (advanced persistent threat) attacks, the system can significantly reduce the false alarm rate and effectively improve the detection speed. However, when dealing with some highly customized malware, the system's recognition ability still needs to be improved, which indicates that future research needs to focus more on enhancing the ability to learn and adapt to unknown threats.

Full‐Color Tunability Room Temperature Phosphorescence from Inorganic Crystal Frameworks

AbstractRoom temperature afterglow (RTA) materials have aroused prodigious research interests owing to their unique long‐life luminescent properties. However, it is rare for RTA materials to be reported with full‐color afterglow emission. Herein, a universal strategy is designed to activate full‐color tunability RTA based on phenylboronic acid derivatives (BOH) and boric acid (BA) via an ingenious solvent‐free solid‐phase heating. As the conjugation degrees of aromatic groups of the guest molecule expanded, the BOH/BA composites showed tunable afterglow colors ranging from blue to red after ultraviolet (UV) irradiation. This strategy is to firmly anchor the guest molecule in a rigid framework of the inorganic metaboric acid matrix by abundant hydrogen‐bonding interactions between the host and guest, suppressing molecular motion and promoting the intersystem crossing (ISC) rate between the singlet and triplet excited states for enhanced afterglow emission. In addition, through mixing in multiple guest molecules into BA simultaneously, the obtained composite can be modulated in a wide excitation range from blue to red. This fascinating study provides a simple and universal method to fabricate full‐color tunability RTA composites, making them a promising candidate for applications in advanced information security and multi‐level encryption.

An adaptive robust watermarking scheme based on chaotic mapping

Digital images have become an important way of transmitting information, and the risk of attacks during transmission is increasing. Image watermarking is an important technical means of protecting image information security and plays an important role in the field of information security. In the field of image watermarking technology, achieving a balance between imperceptibility, robustness, and embedding capacity is a key issue. To address this issue, this paper proposes a high-capacity color image adaptive watermarking scheme based on discrete wavelet transform (DWT), Heisenberg decomposition (HD), and singular value decomposition (SVD). In order to enhance the security of the watermark, Logistic chaotic mapping was used to encrypt the watermark image. By adaptively calculating the embedding factor through the entropy of the cover image, and then combining it with Alpha blending technology, the watermark image is embedded into the Y component of the YCbCr color space to enhance the imperceptibility of the algorithm. In addition, the robustness of the algorithm was further improved through singular value correction methods. The experimental results show that the average PSNR and SSIM of the watermarking scheme are 45.3437dB and 0.9987, respectively. When facing various attacks, the average NCC of the extracted watermark reaches above 0.95, indicating good robustness. The embedding capacity of this scheme is 0.6667bpp, which is higher than other watermarking schemes, and the average running time is 1.1136 seconds, which is better than most schemes.

Efficient Nanofibrous Electromagnetic Wave Absorber Inspired by Spider Silk Hunting.

With the rapid advancements in wireless communication and radar detection technologies, there has been a significant uptick in the utilization frequency of electromagnetic waves across both civilian and military sectors, consequently generating substantial electromagnetic radiation and interference. These electromagnetic pollutants present a considerable threat to public health and information security. Consequently, materials capable of absorbing and mitigating electromagnetic pollution have garnered significant attention.The nanomaterials with multiple components and various heterogeneous interfaces have been considered as preferred efficient electromagnetic wave (EMW) absorbers. In this work, carbon nanofibers doped with magnetic metal oxide particles (Co/Ni-CNFs) are prepared by electrospinning and heat treatment. In these samples, the minimum reflection loss can reach -40.13dB at 4.6mm, and the widest effective absorption bandwidth is 4.4GHz. The excellent microwave absorption is attributed to the appropriate impedance matching. The electromagnetic parameters of Co/Ni-CNFs are balanced by adjusting the concentration of magnetic metal-organic framework material (MOFs) in the precursor solution. It is believed that this work can provide a reference for developing lightweight, flexible, and robust electromagnetic wave-absorbing materials.

Component structure of economic security of an agricultural enterprise

The article examines the component struc­ture of economic security of an agricultural enterprise. The main components of economic security and their interrelation are analyzed. The peculiarities of ensuring economic security in the agricultural sector are revealed. A comprehensive approach to the formation of the economic security system of an agricultural enterprise is proposed, taking into account the specifics of the industry. The necessity of integ­ra­ting various security components to achieve sustainable development of agricultural enter­prises is substantiated. The research hypothesis is that an effective economic security system of an agricultural enterprise should be based on the integration of various security components, considering their interconnection and mutual influence. The methodological basis of the research is a systematic approach, methods of analysis and synthesis, comparison, and gene­ralization. Based on the analysis of scientific sources and considering industry specifics, a component structure of economic security for agricultural enterprises is proposed, which includes financial, production and techno­logi­cal, market, personnel, innovatve investment, environmental, and information security. The necessity of a comprehensive approach to for­ming the economic security system of an agricultural enterprise is substantiated, taking into account the interconnection and mutual influ­ence of its components. The proposed approach allows for a systematic assessment of the economic security level and the development of strategies for its provision in agricultural enterprises. It can be used in forming a monito­ring system for economic security and making management decisions to improve it. The research results create a theoretical foundation for developing a methodology for integrated assessment of the economic security level of an agricultural enterprise and forming an organi­zational and economic mechanism for its provi­sion in modern economic conditions, which defines prospects for further research in this direction

Unleashing the potential of eHealth in outpatient cancer care for patients undergoing immunotherapy-a quantitative study considering patients' needs and current healthcare challenges.

The use of online information and communication is globally increasing in the healthcare sector. In addition to known benefits in other medical fields, possible specific potentials of eHealth lie in the monitoring of oncological patients undergoing outpatient therapy. Specifically, the treatment with immune checkpoint inhibitors (ICI) requires intensive monitoring due to various possible negative side effects. The present study explores cancer patients' perspectives on eHealth and demonstrates how eHealth applications, from the patients' point of view, can contribute to further improving outpatient immunotherapy. Our multicenter study was executed at the university hospitals in Bonn and Aachen. A structured questionnaire was distributed to patients receiving outpatient immunotherapy. Contents addressed were (1) the patients' attitude towards eHealth applications, (2) the use of modern information and communications technologies (ICT) in (2a) everyday life and (2b) health-related information search including eHealth literacy, (3) the use of internet-enabled devices as well as (4) socio-demographic data. 164 patients were included in the study, of whom 39.0% were female and 61.0% male and the average age was 62.8 years. Overall, there was a high distribution of internet-enabled devices for everyday use and a great interest in integrating eHealth applications into outpatient immunotherapy. The assessment of eHealth potentials significantly depended on age. The younger participants demonstrated a broader use of modern ICT and a higher affinity for its use in outpatient immunotherapy. In some aspects, level of education and gender were also relevant factors influencing the patients' view on eHealth. This study demonstrates the potential for further integration of eHealth applications into outpatient immunotherapy from the patients' perspective. It indicates a dependency on age and educational level for the further integration of eHealth into patient care in oncology. Due to particular patient needs regarding age, level of education, gender and other subgroups, specific education and training as well as target-group specific digital health interventions are necessary to fully utilize the potentials of eHealth for outpatient immunotherapy. Future studies are required to specifically address target-group specific usability of eHealth applications and eHealth literacy, as well as to address information security and data protection.

The Influence of Information Security Management System Implementation on the Financial Performance of Indian Companies: Examining the Moderating Effect of National Culture

The extensive focus on information technology (IT) within organizations, along with the substantial significance of information security issues, has made information security a top priority for executives. The International Organization for Standardization 27001 (ISO-27001) policy outlines the requirements for an effective Information Security Management System (ISMS). Implementing an ISMS not only enhances the overall profitability of a firm, but it also has a significant impact in various scenarios. In this study, we examined how ISMS implementation can assist corporations financially, with a specific focus on the moderating effect of Indian national culture. We analyzed financial performance following ISMS and ISO-27001 implementation using sample data from 420 Indian small and medium-sized enterprises (SMEs). By analyzing 256 survey questionnaires from 420 SMEs, we found that national culture amplifies the strong interaction between ISMS implementation and SME performance in India. We found that ISMS implementation increased the profitability of recognized Indian firms, supporting study hypotheses. The findings provide valuable insights for SMEs seeking to enhance financial performance through ISMS implementation, emphasizing the moderating role of national culture in shaping these outcomes.

We need to aim at the top: Factors associated with cybersecurity awareness of cyber and information security decision-makers.

Cyberattacks pose a significant business risk to organizations. Although there is ample literature focusing on why people pose a major risk to organizational cybersecurity and how to deal with it, there is surprisingly little we know about cyber and information security decision-makers who are essentially the people in charge of setting up and maintaining organizational cybersecurity. In this paper, we study cybersecurity awareness of cyber and information security decision-makers, and investigate factors associated with it. We conducted an online survey among Slovenian cyber and information security decision-makers (N = 283) to (1) determine whether their cybersecurity awareness is associated with adoption of antimalware solutions in their organizations, and (2) explore which organizational factors and personal characteristics are associated with their cybersecurity awareness. Our findings indicate that awareness of well-known threats and solutions seems to be quite low for individuals in decision-making roles. They also provide insights into which threats (e.g., distributed denial-of-service (DDoS) attacks, botnets, industrial espionage, and phishing) and solutions (e.g., security operation center (SOC), advanced antimalware solutions with endpoint detection and response (EDR)/extended detection and response (XDR) capabilities, organizational critical infrastructure access control, centralized device management, multi-factor authentication, centralized management of software updates, and remote data deletion on lost or stolen devices) are cyber and information security decision-makers the least aware of. We uncovered that awareness of certain threats and solutions is positively associated with either adoption of advanced antimalware solutions with EDR/XDR capabilities or adoption of SOC. Additionally, we identified significant organizational factors (organizational role type) and personal characteristics (gender, age, experience with information security and experience with information technology (IT)) related to cybersecurity awareness of cyber and information security decision-makers. Organization size and formal education were not significant. These results offer insights that can be leveraged in targeted cybersecurity training tailored to the needs of groups of cyber and information security decision-makers based on these key factors.

Posthumanist Technologies in Business: AI and Cloud Computing for Global Optimization and Ethical Challenges

. This study explores the integration of artificial intelligence (AI) and cloud computing within posthumanist technologies, focusing on their impact on business optimization and information security. A systematic review of 40 studies across sectors such as banking and retail highlights the benefits of AI in automating tasks and enhancing decision-making, while cloud computing provides flexibility and scalability. However, risks like data privacy issues, algorithmic bias, and cybersecurity vulnerabilities demand attention. The research emphasizes the need for ethical frameworks and security strategies to mitigate these risks. Additionally, it stresses the importance of equitable access to these technologies for small and medium-sized enterprises (SMEs) and marginalized communities. The study provides actionable recommendations for businesses and calls for future research on the long-term societal implications of these technologies