Information Systems Security Research Articles

Identifying the idiosyncrasies of behavioral information security discourse and proposing future research directions: A Foucauldian perspective

Information security (InfoSec)–related behaviors have been defined in many different ways in the security literature. Indeed, the coexistence of varying terms describing IS security behaviors could be seen as a conceptual inconsistency. However, we believe that it could also be construed as the sign of a vivid and living field embracing dispersed objects of study without changing the disciplinary discourse itself. To test this belief, we conduct a two-part study. Study 1 analyzes the definitions of InfoSec-related behaviors in the existing security literature. The result of Study 1 uncovers the Foucauldian rules that make possible the discourse on behavioral information security, including the surface of emergence, authorities of delimitation, and the grids of specification. Study 1 also indicates that, although behavioral Information Systems Security (ISS) shares the three rules with other disciplines, it is the only field that studies the relations between them. We therefore propose a disciplinary question that reflects this idiosyncrasy. We then conduct Study 2, using Foucault’s view on preconceptual schemata as a theoretical lens, to identify understudied areas in the ISS literature. We found that the existing literature utilizes two variations of the actor and organization schemata to form or to adapt concepts, and utilize two different approaches to study these two variations, namely, an antecedents approach and a dialectics approach. It is noteworthy that the latter is important but understudied in the literature. We then draw an analogy from moral studies to develop three concepts for future ISS research, namely, Stages of Awareness Development, Security Agency, and Security Disengagement.

Analysis of the security of on-board information systems in vehicles

The features of the functioning of the on-board information systems of a car are considered. Threats to their security are analyzed, and methods for ensuring information security and functional security of on-board information systems are proposed. The design of road networks in the organization of road traffic is one of the factors in ensuring the functional security of modern intelligent transport systems, that is, compliance with such information security attributes as data confidentiality, integrity, availability, authenticity and novelty of data. The security of on-board vehicle information systems is a critical issue in the modern world, as more and more vehicles are equipped with electronic systems that may be vulnerable to cyber attacks. One of the main challenges of protecting on-board information systems is the wide range of devices and technologies used in modern vehicles. Different systems may have different security requirements and vulnerabilities. They may interact with each other in a complex way. Another challenge is that many of these systems were not designed originally with security in mind. They may lack basic security features such as encryption and authentication and use outdated software and protocols that are vulnerable to known attacks. The main types of attacks and threats to the elements of the transportation system that interact with the VANET were identified to analyze the information security of vehicle in-vehicle systems. Based on the theory of fuzzy sets under conditions of uncertainty and using the Fuzzy Logic Toolbox in the integrated Matlab environment, the level of information security of the OBU-VANET system was modeled. The obtained results allowed us to formulate the degree of information security of vehicle operation elements against unauthorized access to data. The results of the study showed that technical communication systems have the highest security level (> 0.7), and vehicles become the most vulnerable in public places.

Performance Analysis of Two Famous Cryptographic Algorithms on Mixed Data

The rapid development of digital data sharing has made information security a crucial concern in data communication. The information security system heavily relies on encryption methods. These algorithms employ strategies to increase data secrecy and privacy by obscuring the information, which only those parties who have the accompanying key can decode or decrypt. Nevertheless, these methods also use a lot of computational resources, including battery life, memory, and CPU time. So, to determine the optimal algorithm to utilize moving forward, it is necessary to assess the performance of various cryptographic algorithms. Therefore, this study evaluates two well-known cryptographies (RSA and ElGamal) using mixed data such as binary, text, and image files. CPU internal clock was used to obtain the time complexity used by both algorithms during encryption and decryption. The algorithms used CPU internal memory to obtain memory usage during the encryption and decryption of mixed data. Evaluation criteria such as encryption time, decryption time, and throughput were used to compare these encryption algorithms. The response time, confidentiality, bandwidth, and integrity are all factors in the cryptography approach. The results revealed that RSA is a time-efficient and resourceful model, while the ElGamal algorithm is a memory-efficient and resourceful model.

Dynamic Optimization of Role Concepts for Role-Based Access Control Using Evolutionary Algorithms

To ensure the security of current information systems, role-based access control (RBAC) is a widely used concept. For this purpose, based on an initial assignment of permissions to users, permissions are grouped to roles, which are then assigned to users. The corresponding (NP-complete) optimization problem, the so-called role mining problem (RMP), aims at finding a minimal set of roles and a corresponding assignment of those roles to users. Previously, the RMP has been considered as a static optimization problem. However, the application of RBAC in real business use cases requires the inclusion of dynamically occurring events that reflect changes in the business environment of companies, as well as events that result from direct user interaction with the role mining process. Therefore, in this paper, we provide a comprehensive overview and classification of the most relevant events for role mining and present methods for integrating them into the framework of an evolutionary role mining algorithm. The functional performance of these methods as well as the overall performance gain of dynamic role mining compared to the static approach is then examined in a series of experiments.

Understanding employees' perceptions of SETA events: the role of pedagogical and communication approaches

PurposeSecurity education, training and awareness (SETA) programs are the key to addressing “people problems” in information systems (IS) security. Contrary to studies using conventional methods, the present study leveraged an “event” lens and dimensionalized employees' perceptions into three sub-dimensions: perceived novelty, perceived disruption and perceived criticality. Moreover, this research went a step further by examining how pedagogical and communication approaches to a SETA program affect employees' perceptions of the program. This study then investigated whether – and if so, how – these approaches impact employees' perceptions of the SETA program and their subsequent commitment to it.Design/methodology/approachUtilizing a factorial-based scenario survey, this study empirically tested a model of the above relationships via covariance-based structural equation modeling.FindingsThe results of this research showed that pedagogical approaches were more effective than communication approaches and that employees' perceptions of the SETA program accounted for a large variance in their commitment to SETA.Originality/valueFirst, this research deepens understanding of the protection of information assets by elaborating on the different approaches that organizations can take to encourage employees' commitment to SETA. Second, the study enriches the SETA literature by theorizing a SETA program as an organizational “event”, which represents a major shift from the conventional approach. Third, the study adds to the theoretical knowledge of the event lens by extending it to the SETA context and investigating the relationship among three event strength components.

A 200 kb/s 36 µw True Random Number Generator Based on Dual Oscillators for IOT Security Application

As a module of the internet of things (IOT) information security system, the true random number generator (TRNG) plays an important role in overall performance. In this paper, a low-power TRNG based on dual oscillators is proposed. Two high-frequency cross-coupled oscillators are used to generate high-jitter clock signals, and then the SR latch with power supply below standard power supply voltage is adopted to process the oscillator output to maintain its metastability and increase jitter. The circuit is realized by an SMIC 180 nm 1P6M mixed-signal process. The experimental results show that when power supply voltage is 1.8 V, the circuit outputs a random number bit rate of 200 kb/s, the core area is 0.0039 mm2, and the power consumption is only 36 µw. The output random sequences can pass the NIST SP 800-22 test.

SISTEM INFORMASI SISKAMLING UNTUK MEWUJUDKAN DESA DIGITAL

The process of disseminating information on environmental security or patrol schedules, information about events in the village community as well as information on important situations occurring in Klambir Lima Kebun village, the delivery process of which is carried out by attaching the patrol schedule to security posts or village offices, information dissemination is sometimes still word of mouth. word of mouth and the public often miss the latest environmental information. It would be nice if the conventional method was proposed to design an information system that could be used as a forum for information related to environmental safety that can be accessed anytime and anywhere by the public. A responsive web-based environmental security information system (SISKAMLING) will greatly support the process of accessing information about environmental security in Klambir Lima Kebun village. The web is a means of sharing information digitally. The web is one of the media that really supports human life, especially in today's internet era.

A Microservice and Serverless Architecture for Secure IoT System

In cross-border transactions, the transmission and processing of logistics information directly affect the trading experience and efficiency. The use of Internet of Things (IoT) technology can make this process more intelligent, efficient, and secure. However, most traditional IoT logistics systems are provided by a single logistics company. These independent systems need to withstand high computing loads and network bandwidth when processing large-scale data. Additionally, due to the complex network environment of cross-border transactions, the platform’s information security and system security are difficult to guarantee. To address these challenges, this paper designs and implements an intelligent cross-border logistics system platform that combines serverless architecture and microservice technology. This system can uniformly distribute the services of all logistics companies and divide microservices based on actual business needs. It also studies and designs corresponding Application Programming Interface (API) gateways to solve the interface exposure problem of microservices, thereby ensuring the system’s security. Furthermore, asymmetric encryption technology is used in the serverless architecture to ensure the security of cross-border logistics data. The experiments show that this research solution validates the advantages of combining serverless architecture and microservices, which can significantly reduce the operating costs and system complexity of the platform in cross-border logistics scenarios. It allows for resource expansion and billing based on application program requirements at runtime. The platform can effectively improve the security of cross-border logistics service processes and meet cross-border transaction needs in terms of data security, throughput, and latency.

Application of Internet of Things and Blockchain in Information Security and Privacy Protection of Global Organizations

Access control data will continue to be exposed to the threat of privacy leakage even if blockchain technology currently offers a new solution for the security and privacy of the internet of things (IoT). However, its usability and privacy are not completely leveraged. This paper first discusses the IoT and blockchain technology and then examines each technology's structural models in order to address the issue of information security and privacy protection for the global organization IoT based on blockchain. Second, the information security and privacy guarantee system based on blockchain is built with ZKP and TEE at its heart after problems with zero-knowledge proof (ZKP) and trusted execution environment (TEE) in information security guarantee based on blockchain are investigated. By comparing the simulation trials, the proposed system's viability is finally confirmed. The results demonstrate that the suggested algorithm's evidence generation time is 352 ms when it reaches the experiment's highest node 28, which is clearly faster than previous techniques.

Security Risk and Preventive Measures of Multimedia Database System under Remote Control of Network Robot

The rapid development of network technology makes the world enter a new era, but it also brings a variety of severe information security problems, which makes the network security more and more important. Based on the existing literature and information, this paper expounds the current situation of database information system security. In view of the security risks of the media database information, this paper proposes to use the remote control system of the network robot, through sorting out the organizational structure characteristics and technology of multimedia data, establish the security defense system, and try to manage the multimedia data security. This system takes the mobile robot as the control object and adds the vision and ultrasonic transducer for the robot, so that it can carry on the semi-autonomous movement under the control of human. In addition, the host PC is used as the main control terminal to send instructions to the remote robot and receive the feedback data information. The simulation results show that the robot remote control system has good security, can ensure the establishment of database security defense technology system, and has the characteristics of convenient operation, easy to expand, and strong mobility. From the research point of view of this paper, the combination of robotics and multimedia information security is booming and will become a new application prospect.

Neural network based single index evaluation for SQL injection attack detection in health care data

In recent years, there are a lot of security risks in the network, and there is the combination intersection between the computer network security problems and security evaluation. The scale of computer network is very large with vast information, so there are many loopholes in the system network. At present, many have established a computer network security evaluation system to monitor the network security vulnerabilities, viruses, and defects in healthcare. However, many places simply analyzed the risk assessment of network security, but there is no assessment of network security situation. For the network security evaluation system, there is no complete evaluation system of network information security. Therefore, a network security evaluation system must be constructed to develop an effective and practical simulation model of computer network security evaluation. Through the simulation model, the effect of network security can be improved. Since the reform and opening up, the simulation of computer network security evaluation in our country is a new subject. It can directly study the network security evaluation, build a network security evaluation model, and study the network security in detail. In the computer network simulation system, it can analyze, study, design, and plan various stages, so as to play an important role.

Information Security Problems of Computer Networks

The article deals with the problems of information security of computer networks and the main functions of the information security system.

Information Security System Using Blockchain Technology Implementation

In today's digital era, information security is a very important thing to pay attention to. There are many methods to maintain information security, but there are still many vulnerabilities that can be exploited by irresponsible parties. Blockchain technology provides a solution by providing a strong and reliable information security system. Blockchain technology can be used to ensure the integrity and validity of stored data. This can be done by storing data in blocks that are connected to one another and using encryption to maintain privacy. In addition, the decentralized system that exists in blockchain technology makes it difficult for irresponsible parties to change or delete it. The application of blockchain technology to information security systems can be carried out in various sectors, such as banking, commerce, and government. In the banking sector, blockchain technology can be used to maintain the integrity of transaction data and ensure that transactions are truly valid. In the trade sector, blockchain technology can be used to ensure that the goods being traded are genuine and have a verifiable source. In the government sector, blockchain technology can be used to store and verify election data, and ensure that election results are truly valid and representative.

Comparative Analysis of Open Source Security Information & Event Management Systems (SIEMs)

A Security Information and Event Management system (SIEM) is a tool used to collect, analyze, normalize and correlate data from various devices to identify potential cyber threats almost in real-time. SIEM provides a unified approach to security issues through two zones: Security Information Management (SIM) and Security Event Management (SEM). SIM deals with managing logs and reporting, while SEM deals with event management and real-time monitoring. SIEM tools collect data events in a central unit from various devices, normalize their format, analyze them, and generate reports and alerts. SIEM combines the ability of log management to generate a compliance report with the ability to manage threats. However, the central approach may present significant disadvantages, such as slowing system performance and complicating the prioritization of queries.

Internet law and cybersecurity of the PRC

The history of the emergence and subsequent cross-border evolution of Internet law around the world is, in a sense, paradoxical. The creators of the first version of the Internet as a national security information system hardly imagined that the legal regulation of the Internet, primarily in Western Europe, would fall under the influence of the Romano-Germanic legal system. We are talking about the basic division of the national legal order for continental Europe into public law (jus publicum) and private law (jus privatum). Accordingly, cybersecurity and other public needs of the Internet in continental Europe have become the subject of public Internet law. On the contrary, the specifics and protection of the individual rights of users and entrepreneurs in the Internet space have become the subject of regulation of private Internet law. In the context of such differentiation of the Internet space, the experience of the PRC is of particular interest, where the ratio of public need and private interest, due to the specifics of Chinese civilization, cannot be interpreted in the spirit of Western European dualism.

A Research of the Influence of Quantum Annealing Parameters on the Quality of the Solution of the Number Factorization Problem

Introduction. Modern information security systems use methods of asymmetric cryptography to transfer encryption keys, which are based on the high computational complexity of factorization of large numbers. Quantum computers (QCs) theoretically make it possible to accelerate the solution of the problem of factorization of numbers in comparison with classical computers and pose a potential threat to information security systems. However, real QCs have a limited number of connections between them and problems with preserving a stable low temperature, which reduces the probability of detecting a global minimum. The joint use of QCs with classical computers based on hybrid cloud services is advisable when the search for the optimal solution by direct methods is a complex problem both in the theoretical sense and in the sense of the required amount of calculations for tasks with specific data. The article proposes a method for improving the accuracy of solving the factorization problem based on multiple minimum search by the method of hardware reverse quantum annealing with a variation of its parameters. The results of numerical experiments for two different QC processors and a hybrid quantum-classical computer by D-Wave are presented, it is shown that the maximum number that can be factorized exclusively by direct annealing is 143, and with a combination of direct and reverse annealing 255. The purpose. Examination of the influence of the parameters of quantum annealing and the corresponding solutions for the adiabatic CC, developed by D-Wave, on the quality of the solution of the factorization problem. To give recommendations for improving the accuracy of solving the factorization problem and increasing the statistical frequency of the appearance of correct pairs of multipliers. Results. Numerical experiments have shown that for the problem of factorization of numbers, the successive application of direct and reverse annealing makes it possible to improve the probability of obtaining the correct pair of multipliers and to more than double the statistical frequency of its occurrence. Quantum annealing modes: pause and quenching reduce the probability of obtaining the correct solution and worsen the statistical frequency of the appearance of correct pairs of multipliers. Conclusions. The use of direct and reverse annealing makes it possible to increase the probability of obtaining the correct solution of the factorization problem for the adiabatic QC of D-Wave. Increasing the calculation time of the problem is justified, since it allows increasing the probability of a correct solution. The use of hybrid quantum-classical computing and cloud services allows factorization for numbers with a bit depth of up to twenty-two bits. Keywords: quantum annealing, factorization of natural numbers, asymmetric shifts, hardening, reverse annealing, combinatorial optimization.

Tax administration in the conditions of digitalization in the countries of the European Union: experience for Ukraine

The paper examines the problems of tax administration in the context of digitalization of the economy in the countries of the European Union, as well as outlines the prospects for improving tax administration in the context of digitalization in Ukraine based on the positive experience of European countries. It is emphasized that in the countries of the European Union there is a common system of tax administration, based on the principles of automation and integration, which includes electronic data exchange, automated systems of control and processing of tax information, as well as electronic services for taxpayers. The methods of tax administration used in such leading European countries as France, Germany, and Italy are analyzed. Attention is focused on the main problems and challenges facing the EU countries in the issue of tax administration in conditions of digitalization (determining the place of taxation; increasing the number of transactions carried out with the help of cryptocurrencies and blockchain technologies; increasing the number of electronic transactions, which threatens to increase the volume of electronic fraud and tax evasion), the ways of overcoming these challenges, which are used by European countries, are defined. The prospects for intensifying the implementation of digital technologies in tax administration in Ukraine as a means of improving the efficiency and transparency of taxation processes, taking into account the experience of EU countries in this area, in particular regarding the development and implementation of an effective and secure information system for collecting, processing and analyzing tax information, improving electronic communication between payers and state bodies, ensuring reliable protection of personal data and security of electronic payments.

The Language of the American Mass Media as an Instrument to Destabilize the Political Regime in Venezuela

The study aims to determine the role of the US media as a destabilizing factor in the contemporary domestic politics of Venezuela, especially in the context of the power crisis of 2013–2019. The study used the methods of data analysis obtained through interviews, discourse analysis, the method of grounded theory, content analysis of selected sources (CNN, The Washington Post, The New York Times, Bloomberg) and event analysis, which made it possible to analyze the most frequently mentioned in the American media developments in the domestic politics of Venezuela for the period 2013–2019. The results of the study reveal the bias of the American media and their dependence on the main US political course towards Venezuela, demonstrate the systematic creation of a negative image of Venezuela in the American media with a focus on the economic crisis and low living standards in the country, and attempts to influence US and international public opinion on the issue of recognizing the illegitimate parallel government of self-proclaimed President Juan Guaidó. The practical significance of the work’s findings is the that they can be used in developing a strategy for information interaction between Venezuela and the United States, creating an information security system that accounts for the identified threats and strengthening the regional media of Venezuela.

Semantic Attack on Disassociated Transaction Data

Accessing and sharing information, including personal data, has become easier and faster than ever because of the Internet. Therefore, businesses have started to take advantage of the availability of data by gathering, analysing, and utilising individuals’ data for various purposes, such as developing data-driven products and services that can help improve customer satisfaction and retention, and lead to better healthcare and well-being provisions. However, analysing these data freely may violate individuals’ privacy. This has prompted the development of protection methods that can deter potential privacy threats by anonymising data. Disassociation is one anonymisation approach used to protect transaction data. It works by dividing data into chunks to conceal sensitive links between the items in a transaction, but it does not account for semantic relationships that may exist among the items, which adversaries can exploit to reveal protected links. We show that our proposed de-anonymisation approach could break the privacy protection offered by the disassociation method by exploiting such semantic relationships. Our findings indicate that the disassociation method may not provide adequate protection for transactions: up to 60% of the disassociated items can be reassociated, thereby breaking the privacy of nearly 70% of the protected items. In this paper [an extension to our work reported in AlShuhail and Shao (Semantic attack on disassociated transactions. In: Proceedings of the 8th International Conference on information systems security and privacy-ICISSP, INSTICC. SciTePress, pp. 60–72, 2022)], we develop additional techniques to reconstruct transactions, with additional experiments to illustrate the impact of our attacking method.

Installation of integrated intellectual information security systems in open corporate networks – DDoS attack

Securing information security in open corporate networks is crucial, and building defense systems against potential threats is a critical step towards ensuring the availability, completeness, and confidentiality of system clients. Integrated information security systems play a pivotal role in safeguarding an organization's assets by identifying and mitigating security vulnerabilities. Therefore, it is essential to be aware of the various types of attacks that may be directed towards an information system and analyze them to prevent and mitigate the impact of such attacks. By taking proactive measures to protect against DDoS attacks and other types of cyber-attacks, organizations can minimize the risk of downtime, data breaches, and financial loss, ensuring the integrity, availability, and confidentiality of their systems and clients.