Security Experts Research Articles

Introducing Security Mechanisms in OpenFog-Compliant Smart Buildings

Designing smart building IoT applications is a complex task. It requires efficiently integrating a broad number of heterogeneous, low-resource devices that adopt lightweight strategies. IoT frameworks, especially if they are standard-based, may help designers to scaffold the applications. OpenFog, established as IEEE 1934 standard, promotes the use of free open source (FOS) technologies and has been identified for use in smart buildings. However, smart building systems may present vulnerabilities, which can put their integrity at risk. Adopting state-of-the-art security mechanisms in this domain is critical but not trivial. It complicates the design and operation of the applications, increasing the cost of the deployed systems. In addition, difficulties may arise in finding qualified cybersecurity personnel. OpenFog identifies the security requirements of the applications, although it does not describe clearly how to implement them. This article presents a scalable architecture, based on the OpenFog reference architecture, to provide security by design in buildings of different sizes. It adopts FOS technologies over low-cost IoT devices. Moreover, it presents guidelines to help developers create secure applications, even if they are not security experts. It also proposes a selection of technologies in different layers to achieve the security dimensions defined in the X.805 ITU-T recommendation. A proof-of-concept Indoor Environment Quality (IEQ) system, based on low-cost smart nodes, was deployed in the Faculty of Engineering of Vitoria-Gasteiz to illustrate the implementation of the presented approach. The operation of the IEQ system was analyzed using software tools frequently used to find vulnerabilities in IoT applications. The use of state-of-the-art security mechanisms such as encryption, certificates, protocol selection and network partitioning/configuration in the OpenFog-based architecture improves smart building security.

Key drivers of cybersecurity audit effectiveness: A neo‐institutional perspective

The aim of this paper is to analyse which factors explain the effectiveness of internal audit in providing assurance about cybersecurity risk management. On the basis of neo‐institutional theory, we hypothesize that coercive (cybersecurity regulation), normative (professionalization of internal auditors and Boards) and mimetic forces (outsourcing of cyber security assurance services) positively contribute to cybersecurity audit (CSA) effectiveness. As these forces do not come about in an interest free model, we study the role of and the interaction with other actors who shape the CSA practices—Boards and security experts. We hypothesize that Board's support to CSA and the level of internal auditors' cooperation with the first and the second line of defence positively affect CSA effectiveness. To test our hypothesis, we conducted a survey involving IT auditors and Chief Audit Executives from various industries, organizations of different sizes and countries. We examined the hypothesized relationships in a series of regression analyses. We find that normative forces (professionalization of the internal auditors and Boards' competences), Board's support to CSA and cooperation between the internal audit function (IAF) and the first two line of defence significantly explain the CSA effectiveness. We find no support for the effect of regulation as a coercive force and outsourcing as a mimetic force. We discuss potential reasons for our findings and their implications. The paper is an original analysis that advances our understanding of key drivers of CSA effectiveness and their relationships.

Research on Privacy-by-Design Behavioural Decision-Making of Information Engineers Considering Perceived Work Risk

Privacy by design (PbD) has attracted considerable attention from researchers and information security experts due to its enormous potential for protecting private information and improving the privacy and security quality of information technology products. The adoption of PbD among information engineers is currently limited owing to its innovativeness and the distinctive traits of the information technology industry. Utilising the Technology Acceptance Model as a framework, this study innovatively explores the pivotal factors and mechanisms that influence information engineers’ decision-making in the adoption of PbD from the viewpoint of the perceived work risk. In this empirical research, professional information engineers were invited to complete a questionnaire survey. After analysing the data using partial least squares structural equation modelling, the results reveal that information engineers’ perceived work risk in PbD (PWRP) negatively affects their perceptions of the usefulness and ease of use of PbD. This negative perception subsequently reduces their intention to implement PbD (INTP) and adversely impacts their attitudes towards implementing PbD (ATTP). Furthermore, the study findings reveal that a positive ATTP among engineers boosts their INTP and positively influences their behaviours regarding information security. This study provides an in-depth examination of these findings and lays a solid theoretical groundwork for the further promotion and implementation of PbD in information technology enterprises. Moreover, the findings offer invaluable support for management decisions in both information technology companies and information security regulatory authorities, significantly contributing to the expansion and deepening of research in the field of PbD.

Urban security challenges in major cities, with a specific emphasis on privacy management in the metropolises

The rapid growth of urban populations, particularly in the global south, has led to significant challenges in urban security. Insufficient urban security measures can hinder the achievement of future development goals. This study explores the impact of rapid urbanization in capital cities on social, cultural, and environmental issues. The influx of individuals who are not fully integrated into the city can compromise urban security and increase vulnerability in certain groups and areas. The research aims to investigate urban privacy in relation to urban security, with a specific focus on privacy management in the capital city. The study utilizes an applied approach with a descriptive and analytical methodology. The statistical population consists of 856,565 individuals, with a sample of 383 people selected through simple random sampling. The questionnaire was validated by experts, and the reliability of different sections was assessed using Cronbach’s alpha. The findings highlight the influence of factors such as lack of collaboration among security experts, diverse attitudes and political views, and legal and managerial differences on urban privacy vulnerability. Many studies have focused on general urban issues or specific crimes without addressing urban security. Weak regulations, inadequate plans and budgets, and a lack of security equipment are identified as variables affecting the security of the capital city. Managerial, legal, and structural vulnerabilities contribute to insecurity, lawlessness, cultural disparities, and a lack of safety and security in Tehran. The factor with the greatest impact (16.07%) is "coalition between security professionals," while the factor with the smallest impact (6.32%) is "sufficient security for investment and safety in night travel" among the total variables.

Expediting the design and development of secure cloud-based mobile apps

The adoption and popularity of mobile devices by end-users is partially driven by the increasing development and availability of mobile applications that can aid solving different problems and provide access to services in a wide range of domains or categories, namely healthcare, education, e-commerce or entertainment. While these applications use and benefit from the combination of a wide panoply of technologies from the Internet of Things, fog and cloud computing, data security and privacy are typically not fully taken into account before the creation of many mobile applications or during the software development phases. This paper presents an in-depth approach to modeling attacks on the specific cloud and mobile ecosystem, given its importance in the process of secure application development. Moreover, aiming at bridging the knowledge gap between developers and security experts, this paper presents an alpha version of the security by design for cloud and mobile ecosystem (secD4CloudMobile) framework. secD4CloudMobile is a set of tools that covers cloud and mobile security requirement elicitation (CMSRE), cloud and mobile security best practices guidelines (CMSBPG), cloud mobile attack modeling elicitation (CMAME), and cloud mobile security test specification and tools (CM2ST). The purpose of the framework is to provide cloud and mobile application developers useful readily applicable information and guidelines, striving to bring security engineering and software engineering closer, in a more accessible and automated manner, aiming at the incorporation of security by construction. Finally, the paper presents some preliminary results and discussion.

Explainable Spark-based PSO Clustering for Intrusion Detection

Given the exponential growth of available data in large networks, the existence of rapid, transparent and explainable intrusion detection systems has become of high necessity to effectively discover attacks in such huge networks. To deal with this challenge, we propose a novel explainable intrusion detection system based on Spark, Particle Swarm Optimization (PSO) clustering and eXplainable Artificial Intelligence (XAI) techniques. Spark is used as a parallel processing model for the effective processing of large-scale data, PSO is integrated for improving the quality of the intrusion detection system by avoiding sensitive initialization and premature convergence of the clustering algorithm and finally, XAI techniques are used to enhance interpretability and explainability of intrusion recommendations by providing both micro and macro explanations of detected intrusions. Experiments are conducted on several large collections of real datasets to show the effectiveness of the proposed intrusion detection system in terms of explainability, scalability and accuracy. The proposed system has shown high transparency in assisting security experts and decision-makers to understand and interpret attack behavior.

Unveiling suspicious phishing attacks: enhancing detection with an optimal feature vectorization algorithm and supervised machine learning

IntroductionThe dynamic and sophisticated nature of phishing attacks, coupled with the relatively weak anti-phishing tools, has made phishing detection a pressing challenge. In light of this, new gaps have emerged in phishing detection, including the challenges and pitfalls of existing phishing detection techniques. To bridge these gaps, this study aims to develop a more robust, effective, sophisticated, and reliable solution for phishing detection through the optimal feature vectorization algorithm (OFVA) and supervised machine learning (SML) classifiers.MethodsInitially, the OFVA was utilized to extract the 41 optimal intra-URL features from a novel large dataset comprising 2,74,446 raw URLs (134,500 phishing and 139,946 legitimate URLs). Subsequently, data cleansing, curation, and dimensionality reduction were performed to remove outliers, handle missing values, and exclude less predictive features. To identify the optimal model, the study evaluated and compared 15 SML algorithms arising from different machine learning (ML) families, including Bayesian, nearest-neighbors, decision trees, neural networks, quadratic discriminant analysis, logistic regression, bagging, boosting, random forests, and ensembles. The evaluation was performed based on various metrics such as confusion matrix, accuracy, precision, recall, F-1 score, ROC curve, and precision-recall curve analysis. Furthermore, hyperparameter tuning (using Grid-search) and k-fold cross-validation were performed to optimize the detection accuracy.Results and discussionThe findings indicate that random forests (RF) outperformed the other classifiers, achieving a greater accuracy rate of 97.52%, followed by 97.50% precision, and an AUC value of 97%. Finally, a more robust and lightweight anti-phishing model was introduced, which can serve as an effective tool for security experts, practitioners, and policymakers to combat phishing attacks.

تحديد عائد الاستثمارات الأمنية للشركات التقنية الناشئة

تعتبر الشركات الناشئة في مجال التكنولوجيا بالغة الأهمية في النهوض بالمبادرات الرقمية في العديد من البلدان التي تخضع لأجندة الدولة الذكية. وبالتالي ، فإن الشركات الناشئة في مجال التكنولوجيا هي بائعون وموردون للخدمات للمنظمات الكبيرة مثل القطاع الحكومي والشركات متعددة الجنسيات والمؤسسات المالية. على هذا النحو ، أصبحت الشركات الناشئة سريعًا نواقل هجوم للجناة الخبثاء للدخول عبر الأبواب الخلفية إلى المؤسسات الكبيرة. ومع ذلك ، لا تزال الشركات الناشئة حكيمة في إنفاقها على الأمن السيبراني لأن نجمها الشمالي هو توليد الإيرادات من خلال تقديم خدماتها والحد الأدنى من المنتجات القابلة للتطبيق (MVP) لعملائها. تقترح هذه الدراسة عائدًا معززًا على الاستثمار الأمني (ROSI) والذي يساعد الشركات الناشئة في مجال التكنولوجيا على حساب العائد على الاستثمار الأمني وتبرير ميزانيتها للإنفاق على الأمن السيبراني على الرغم من وجود نماذج حالية لحساب عائد الاستثمارات المخصصة لنفقات الأمن السيبراني ، إلا أنها معقدة نوعًا ما ولا تعطي وضوحًا للإدارة من حيث القيمة النقدية للإنفاق على الأمن السيبراني. علاوة على ذلك ، لا تلبي النماذج الحالية ديناميكيات وفروق الشركات الناشئة في مجال التكنولوجيا. يوفر النموذج المحسّن أيضًا للشركات الناشئة في مجال التكنولوجيا القدرة على تعديل استثماراتها في مجال الأمن السيبراني بشكل مناسب بناءً على حسابات قيم الحد الأدنى (الأدنى) والحد الأقصى (الأقصى) لمؤشر ROSI. تم التحقق من صحة نموذج ROSI المقترح والمحسّن من قبل 5 من خبراء الأمن السيبراني الذين اتفقوا على أهمية وضرورة النموذج الذي سيتم تطبيقه على الشركات الناشئة في مجال التكنولوجيا. تتيح نتائج دراسة الحالة الخاصة بشركة FinTech الناشئة حساب Min و Max ROSI لتبرير العائد على الاستثمارات الأمنية وتزويد الشركة الناشئة بالقدرة على ضبط الإنفاق على الأمن السيبراني وفقًا لذلك.

Early and Realistic Exploitability Prediction of Just-Disclosed Software Vulnerabilities: How Reliable Can It Be?

With the rate of discovered and disclosed vulnerabilities escalating, researchers have been experimenting with machine learning to predict whether a vulnerability will be exploited. Existing solutions leverage information unavailable when a CVE is created, making them unsuitable just after the disclosure. This paper experiments with early exploitability prediction models driven exclusively by the initial CVE record, i.e., the original description and the linked online discussions. Leveraging NVD and Exploit Database, we evaluate 72 prediction models trained using six traditional machine learning classifiers, four feature representation schemas, and three data balancing algorithms. We also experiment with five pre-trained large language models (LLMs). The models leverage seven different corpora made by combining three data sources, i.e., CVE description, Security Focus , and BugTraq . The models are evaluated in a realistic , time-aware fashion by removing the training and test instances that cannot be labeled “neutral” with sufficient confidence. The validation reveals that CVE descriptions and Security Focus discussions are the best data to train on. Pre-trained LLMs do not show the expected performance, requiring further pre-training in the security domain. We distill new research directions, identify possible room for improvement, and envision automated systems assisting security experts in assessing the exploitability.

Cyber Protection of Financial Data in Accounting: Implementation and Use of Cryptographic Techniques

"The primary objective of this study is to explore the effectiveness of cryptographic techniques in enhancing the cyber protection of financial data within accounting practices. As the digital landscape evolves, the security of financial information becomes increasingly critical. This research aims to assess the effectiveness of cryptographic methods and understand their impact on various facets of accounting systems. The study employs a two-pronged analytical approach: matrix analysis and Structural Equation Modeling (SEM). Through matrix analysis, focusing on substitution cyphers like the Hill cypher, the research provides a technical evaluation of encryption techniques. This analysis highlights the effectiveness of cryptographic methods in ensuring data confidentiality and integrity. The SEM analysis further reveals significant findings: Cryptographic techniques notably enhance perceived security (with a path coefficient β of 0.2 and a p-value of 0.03) and regulatory compliance (β = 0.5, p < 0.01). A positive impact on user satisfaction (β = 0.25, p = 0.04) is observed, albeit with challenges in implementation, particularly in training and technological infrastructure. The study concludes that cryptographic techniques are essential in safeguarding financial data in accounting. However, their effectiveness centres on strategic implementation, which includes considerations for user-centric design and adherence to evolving regulatory standards. The research highlights the importance of a balanced approach to cybersecurity, integrating advanced cryptographic methods with practical considerations for their implementation. This study contributes both qualitative insights and quantitative evidence, offering valuable guidance for practitioners, IT security experts, and policymakers in developing robust cyber protection strategies in the accounting sector."

Assessing the Vulnerabilities: Cybersecurity Challenges in Power System Infrastructure in Nigeria

This study examined the Cyber security Challenges in Power System Infrastructure in Nigeria. Four research questions guided the study which employed a survey research design. The population of the study was 46 respondents comprising 23 Technical Units Heads and 23 Heads of Cyber security Units from the (23) power-generating plants in Nigeria. The entire population was used hence, there was no sampling. The instrument used for data collection was a structured questionnaire titled: Cyber security Challenges in Power System Infrastructure Questionnaire (CCPSIQ) developed by the researchers. A reliability index of 0.89 was obtained using the Cronbach Alpha reliability method. The mean statistic was used to answer the research questions. The findings of the study revealed that the primary cyber threats targeting power system infrastructure in Nigeria including network-based attacks, insider threats, supply chain vulnerabilities, advanced persistent threats (APTs), physical attacks, zero-day exploits, data breaches, and ransom ware/extortion; it further reveal that cyber-attacks on power grid infrastructure in Nigeria lead to significant service disruptions, financial losses, equipment damage, safety compromises, erosion of customer confidence, regulatory non-compliance, increased vulnerability to future incidents, reputation damage, and prolonged recovery periods, underscoring the multifaceted impact of cyber threats on operational efficiency. The study recommended that: Collaboration among stakeholders, including government agencies, industry partners, and cyber security experts, is paramount to effectively address emerging threats and enhance cyber security resilience. By implementing proactive measures and fostering a culture of cyber security awareness, Nigeria can strengthen its power system infrastructure against cyber threats, safeguarding the reliability and security of critical services for its citizens.

The Most Important Types of Cyber Attacks that France is Expected to Face in the Future and the Cyber Security Measures it Must Implement to Protect Critical Infrastructure, Telecommunication Networks and Personal Data

As the digital landscape continues to evolve, nations like France find themselves on the frontline of an escalating cyber warfare scenario. This abstract provides an insightful overview of the most significant types of cyber attacks that France is expected to face in the future, offering a comprehensive analysis based on current trends and emerging technologies. The research delves into the realm of advanced persistent threats (APTs), examining the sophisticated techniques employed by state-sponsored actors and cybercriminal organizations to compromise critical infrastructure, sensitive data, and national security. It explores the evolving landscape of ransomware attacks, focusing on the potential impact on both public and private sectors, and the looming threat of extortion campaigns that could cripple essential services. Furthermore, the abstract sheds light on the rising concern of supply chain attacks, as interconnected global networks make businesses and government entities vulnerable to malicious actors seeking to exploit weaknesses in third-party systems. The research also explores the nuances of social engineering attacks, recognizing the human element as a critical vulnerability that threat actors may exploit through targeted phishing campaigns and manipulation tactics. In addition, the abstract touches upon the growing menace of Internet of Things (IoT) vulnerabilities, acknowledging the increased interconnectivity of devices and the potential for large-scale disruptions. It also considers the implications of emerging technologies such as artificial intelligence and quantum computing in shaping the future threat landscape. By examining these diverse aspects of cyber threats, this abstract aims to provide a forward-looking perspective on the challenges France is likely to encounter in the digital realm. As Cyber security becomes an integral component of national defense, understanding these anticipated threats is crucial for policymakers, security experts, and technology professionals seeking to fortify France’s resilience against the evolving nature of cyber attacks.

Securely Running High-Performance Workloads as Microservices in Cloud Environments

Over the past few years, the paradigm shift towards cloud computing has transformed and revolutionized how organizations manage high- performance workloads. The microservices architecture, renowned for its modularity and scalability, is increasingly being adopted to run these workloads in cloud environments. However, this transition is not without its challenges, particularly in security. This research article delves into the methods for securely running high-performance workloads as microservices in cloud environments, presenting the advantages and the challenges involved. The study aims to develop a comprehensive framework that not only addresses these security concerns but also optimizes performance, a crucial aspect in today's digital landscape. This research is a testament to our commitment to thoroughness and precision, as it combines both qualitative and quantitative approaches. Qualitative data were meticulously gathered through interviews with 15 cloud security experts, providing invaluable insights into prevalent security practices and challenges. Quantitative data, on the other hand, were collected from performance benchmarks that rigorously compared traditional monolithic applications with microservices- based applications in a cloud setting. The study employs robust statistical analysis tools such as SPSS and Grafana to analyze the collected data, ensuring the validity and reliability of our findings. Key interview findings highlighted critical security measures necessary for microservices, including service authentication, data encryption, and vulnerability management. The performance benchmarks revealed that microservices- based applications significantly outperformed monolithic applications, with notable improvements in CPU utilization, memory usage, and response time. For instance, the microservices architecture demonstrated a 21% reduction in CPU utilization and a 12% decrease in memory usage compared to its monolithic counterpart. The proposed framework integrates robust security practices, ensuring secure authentication, encrypted data transmission, and regular updates to mitigate vulnerabilities. This framework enhances security and optimizes resource allocation, leading to improved performance metrics.

A Novel Collaborative SRU Network With Dynamic Behaviour Aggregation, Reduced Communication Overhead and Explainable Features.

Leakage and tampering problems in collection and transmission of biomedical data have attracted much attention as these concerns instigates negative impression regarding privacy, security, and reputation of medical networks. This article presents a novel security model that establishes a threat-vector database based on the dynamic behaviours of smart healthcare systems. Then, an improved and privacy-preserved SRU network is designed that aims to alleviate fading gradient issue and enhance the learning process by reducing computational cost. Then, an intelligent federated learning algorithm is deployed to enable multiple healthcare networks to form a collaborative security model in a personalized manner without the loss of privacy. The proposed security method is both parallelizable and computationally effective since the dynamic behaviour aggregation strategy empowers the model to work collaboratively and reduce communication overhead by dynamically adjusting the number of participating clients. Additionally, the visualization of the decision process based on the explainability of features enhances the understanding of security experts by enabling them to comprehend the underlying data evidence and causal reasoning. Compared to existing methods, the proposed security method is capable of thoroughly analyzing and detecting severe security threats with high accuracy, reduce overhead and lower computation cost along with enhanced privacy of biomedical data.

Pre-Review Convolutional Neural Network for Detecting Object in Image Comprehensive Survey and Analysis

The Convolutional neural network (CNN) has significantly exposed a great performances and growing desire in the field of image processing within the research community, through relevant innovations in object detection by magnificent capacity in transfer learning and feature learning. With the advancement of CNN in object detection, huge amount of data is process with great speed. In respect to CNN, object detection has greatly advanced and become popular in the research community, security experts, traffic experts, and remote sensing community etc. In this review, comprehensive study of various CNN architecture for object detection in images based on conventional approached, novelty, and achievement were analysed in details. Therefore, it is an important review on how to achieve high performance in object detection via CNN. We first introduced the basic idea on CNN models and their improvement in detecting object. Secondly, we review CNN and its variant such as, ResNet, VGG, GoogleNet and other CNN architectures. Thirdly, we mention some performance metrics used for object detection. Lastly, we analyse some main contribution of CNN algorithm with their remarkable achievement and further analyse the challenge and its future direction

An Intelligence-Based Cybersecurity Approach: A Review

Nowadays, cybersecurity stands out as a prominent topic frequently discussed by companies aiming to safeguard their data from hacking attempts. The rise of cyberspace has fuelled the expansion of electronic systems, creating a virtual digital realm that links computers and smartphones within the Internet of Things framework. Thus, the purpose of this study is to present the progress made thus far in applying AI-based intrusion detection systems (IDSs) to address cybercrimes, demonstrating their efficacy in detecting and preventing cyberattacks. The review utilized 4 scholarly databases; ScienceDirect, IEEE-Explore, Web of science, and Springer. 437 studies were extracted from the 4 chosen databases out of which only 54 studies were found to be relevant, thus included. The review found AI-based intrusion detection systems (IDSs) to be more robust and flexible compared to other conventional IDSs. Interestingly, the study results highlight how AI-based intrusion detection systems such as; ANN-based intrusion detection systems, agent-based intrusion detection systems, and Genetic-fuzzy intrusion detection systems, and other machine learning detection systems can be used to assist security experts in analyzing, designing, and developing security frameworks for combating cybercrimes. Lastly, the study proposed some areas for future studies.

Don’t say peace: militarisation and the shrinking space for critical voices in the Swedish NATO debate

ABSTRACT Sweden, long known as a voice for peace on the international arena, has undergone a rapid and far-reaching domestic (re-)militarisation the last decade. Following Russia’s full-scale invasion of Ukraine, this process intensified with a surge in military spending and a radical shift from a longstanding position of non-alignment towards NATO membership. As ‘war’ moves to the center of Swedish public debate, military and security experts occupy most of the space, leaving little room for alternative and critical perspectives. Drawing from feminist scholars, we offer some reflections on Sweden’s (re-)militarisation and ask who gets to speak, who is silenced, and why? Focusing on the domestic public debate post February 2022, we argue that when war moves to the center of the debate, peace is considered an ‘issue for later’. As war is understood in narrow military terms, war expertise is limited to matters of warfare instead of being seen as a broader societal issue. Critical voices and peace advocates are considered naive, unrealistic, and even dangerous. Our reflections invite a discussion on how militarisation and the politics of war expertise affect democratic debate with potentially far-reaching consequences for domestic and international politics.

Numerical Analysis of Harmful Environmental Impact of Accidental Explosion at a Hydrogen Filling Station Environmental Impact of an Accident Hydrogen Explosion at a Gas Station

The purpose of this study is to evaluate numerically the consequences of a hydrogen-air mixture explosion at a vehicle hydrogen filling station. The physical process of the explosion, which takes place after the hydrogen gas release into the air due to the accidental destruction of a number of high-pressure storage cylinders, is considered. The blast pressure wave moves in all directions from the epicenter of the accident, gradually losing its intensity and having a negative shock impact on the service personnel of the filling station and the structures of the surrounding buildings. The scale of the accident depends on the number of destroyed cylinders, which determines the size of the hydrogen-air cloud and the power of the explosion. The degree of negative consequences for the environment depends on the maximum overpressure in the blast wave front. Numerical obtaining of spatial pressure distributions in the area of the accident based on a hydrogen explosion mathematical modeling makes it possible to separate zones that are dangerous to human health and building structures strength. The direct problem of gas dynamics of combustion products of a hemispherical cloud of a stoichiometric hydrogen-air mixture in the surface layer of the atmosphere is considered. The mathematical model of an instantaneous hydrogen explosion takes into account the three-dimensional and non-stationary nature of the propagation of the explosion wave, the compressibility of the gas flow, the complex terrain, the shape and initial concentration of the cloud of hydrogen combustion products, and their thermodynamic parameters. The model makes it possible to obtain three-dimensional fields of maximum overpressure, which are the basis for deterministic assessment of the consequences of an accident for human health and the integrity of structures in the area of the explosion. The presented computer technology allows security experts to identify potential dangerous zones by means of mathematical modeling, recommend effective protective measures to mitigate or even eliminate the negative consequences of the blast wave environmental impact.

Modeling security evaluation framework for IoHT-driven systems using integrated decision-making methodology

The intensification of the Internet of Health Things devices created security concerns due to the limitations of these devices and the nature of the healthcare data. While dealing with the security challenges, several authentication schemes, protocols, processes, and standards have been adopted. Consequently, making the right decision regarding the installation of a secure authentication solution or procedure becomes tricky and challenging due to the large number of security protocols, complexity, and lack of understanding. The major objective of this study is to propose an IoHT-based assessment framework for evaluating and prioritizing authentication schemes in the healthcare domain. Initially, in the proposed work, the security issues related to authentication are collected from the literature and consulting experts’ groups. In the second step, features of various authentication schemes are collected under the supervision of an Internet of Things security expert using the Delphi approach. The collected features are used to design suitable criteria for assessment and then Graph Theory and Matrix approach applies for the evaluation of authentication alternatives. Finally, the proposed framework is tested and validated to ensure the results are consistent and accurate by using other multi-criteria decision-making methods. The framework produces promising results such as 93%, 94%, and 95% for precision, accuracy, and recall, respectively in comparison to the existing approaches in this area. The proposed framework can be picked as a guideline by healthcare security experts and stakeholders for the evaluation and decision-making related to authentication issues in IoHT systems

Importance of cyber protection in the power grid in the face of an uncertain future

In the digital era, cybersecurity is transforming the behavior of human beings in the correct use of technology, which is why it has become a critical element in business strategy, thus giving rise to the present research, which identified the current situation of associated companies in the process of generation, transmission, distribution and public lighting of electricity in Costa Rica, in the field of cybersecurity, with special emphasis on the identification, analysis and evaluation of policies, standards, procedures, controls, regulations and infrastructure in the sector. The study approach was quantitative, descriptive, and exploratory; based on a sample of experts in information security, where a survey was used for data collection. In the findings obtained, the existence of personnel with the technical knowledge to deal with a computer incident was observed, but from the business perspective, the lack of an institutional guideline and country strategy for the protection of the electrical network was recognized. In conclusion, there is a latent risk in the infrastructure of the national power grid, which is evidenced by the lack of a clear national strategy that establishes a roadmap to protect the sector against a possible cyber-attack.