Biblio

In order to control users’ access to the information system, it is necessary to develop a security system that can work in real time and easily reconfigure. This problem can be solved using a fuzzy logic. In this paper the authors propose a fuzzy distribution system for access to the student assessment system, which takes into account the level of user access, identifier and the risk of attack during the request. This approach allows process fuzzy or incomplete information about the user and implement a sufficient level of confidential information protection.

Early detection of conflict potentials around the community is vital for the Central Java Regional Police Department, especially in the Analyst section of the Directorate of Security Intelligence. Performance in carrying out early detection will affect the peace and security of the community. The performance of potential conflict detection activities can be improved using an integrated early detection information system by shortening the time after observation, report preparation, information processing, and analysis. Developed using Unified Process as a software life cycle, the obtained result shows the time-based performance variables of the officers are significantly improved, including observation time, report production, data finding, and document formatting.

This paper conducts the development of the key technologies of the legal case management information system considering QoS optimization. The designed system administrator can carry out that the all-round management of the system, including account management, database management, security setting management, core data entry management, and data statistics management. With this help, the QoS optimization model is then integrated to improve the systematic performance of the system as the key technology. Similar to the layering in the data source, the data set is composed of the fields of the data set, and contains the relevant information of the attribute fields of various entity element categories. Furthermore, the designed system is analyzed and implemented on the public data sets to show the results.

With the development of society, people have higher and higher requirements for the quality of life, and the management of legal cases has become more and more important. In this case, the research on how to realize electronization and networking has become the inevitable demand of the current information age. Therefore, this paper designs and develops the legal case management information system based on J2EE. Firstly, this paper introduces the related technologies of J2EE, then expounds the importance of legal case management informatization, and designs the legal case management information system according to the technical framework of J2EE. Finally, the performance of the system is tested. The test results show that the load capacity of the system is strong, the response time is 2–4 seconds, the resource utilization is relatively low, and the number of concurrent users is maintained at about 150. These show that the performance of the system fully meets the needs of legal case information management.

In today's society, with the continuous development of artificial intelligence, artificial intelligence technology plays an increasingly important role in social and economic development, and hass become the fastest growing, most widely used and most influential high-tech in the world today one. However, at the same time, information technology has also brought threats to network security to the entire network world, which makes information systems also face huge and severe challenges, which will affect the stability and development of society to a certain extent. Therefore, comprehensive analysis and research on information system security is a very necessary and urgent task. Through the security assessment of the information system, we can discover the key hidden dangers and loopholes that are hidden in the information source or potentially threaten user data and confidential files, so as to effectively prevent these risks from occurring and provide effective solutions; at the same time To a certain extent, prevent virus invasion, malicious program attacks and network hackers' intrusive behaviors. This article adopts the experimental analysis method to explore how to apply the most practical, advanced and efficient artificial intelligence theory to the information system security assessment management, so as to further realize the optimal design of the information system security assessment management system, which will protect our country the information security has very important meaning and practical value. According to the research results, the function of the experimental test system is complete and available, and the security is good, which can meet the requirements of multi-user operation for security evaluation of the information system.

The advancement of technology in the creation of new tools to solve problems such as information storage generates proportionally developing methods that search for security flaws or breaches that compromise said information. The need to periodically generate security reports on database managers is given by the complexity and number of attacks that can be carried out today. This project seeks to carry out an evaluation of the security of NoSQL database managers. The work methodology is developed according to the order of the objectives, it begins by synthesizing the types of vulnerabilities, attacks and protection schemes limited to MongoDB, Redis and Apache Cassandra. Once established, a prototype of a web system that stores information with a non-relational database will be designed on which a series of attacks defined by a test plan will be applied seeking to add, consult, modify or eliminate information. Finally, a report will be presented that sets out the attacks carried out, the way in which they were applied, the results, possible countermeasures, security advantages and disadvantages for each manager and the conclusions obtained. Thus, it is possible to select which tool is more convenient to use for a person or organization in a particular case. The results showed that MongoDB is more vulnerable to NoSQL injection attacks, Redis is more vulnerable to attacks registered in the CVE and that Cassandra is more complex to use but is less vulnerable.

The main threats in complex networks for large-scale information systems using web browsers or service browsers are analyzed. The necessary security features for these types of systems are compared. The advantages of systems developed with service-browser technology are shown.

Augmented Reality has a long history and has seen major technical advantages in the last years. With WebXR, a new web standard, Mobile Augmented Reality (MAR) applications are now available in the web browser. With our work, we implemented an Augmented Reality Information System and conducted a case study to evaluate the user acceptance of such an application build with WebXR. Our results indicate that the user acceptance regarding web-based MAR applications for our specific use case seems to be given. With our proposed architecture we also lay the foundation for other AR information systems.

This paper analyzes the necessity of artificial intelligence and big data in the security application of regulatory places. The author studies the specific application of artificial intelligence and big data in ideological dynamics management, access control system, video surveillance system, emergency alarm system, perimeter control system, police inspection system, daily behavior management, and system implementation management. The author puts forward how to do technical integration, improve information sharing, strengthen the construction of talents, and increase management fund expenditure. The purpose of this paper is to enhance the security management level of regulatory places and optimize the management environment of regulatory places.

With the development of business, management companies are currently facing a series of problems and challenges in terms of resource allocation and task management. In terms of the technical route, this research will use cloud services to implement the public honesty system, and carry out secondary development and interface development on this basis, the architecture design and the formulation of the process are realized for various types, relying on the support of the knowledge base and case library, through the system intelligent configuration corresponding work instructions, safety work instructions, case references and other reference information to the existing work plan to provide managers Reference; managers can configure and adjust the work content by themselves through specific requirements to efficiently and flexibly adapt to the work content.

In today's society, under the comprehensive arrival of the Internet era, the rapid development of technology has facilitated people's production and life, but it is also a “double-edged sword”, making people's personal information and other data subject to a greater threat of abuse. The unique features of big data technology, such as massive storage, parallel computing and efficient query, have created a breakthrough opportunity for the key technologies of large-scale network security situational awareness. On the basis of big data acquisition, preprocessing, distributed computing and mining and analysis, the big data analysis platform provides information security assurance services to the information system. This paper will discuss the security situational awareness in large-scale network environment and the promotion of big data technology in security perception.

The paper considers an expert system that provides an assessment of the state of information security in authorities and organizations of various forms of ownership. The proposed expert system allows to evaluate the state of compliance with the requirements of both organizational and technical measures to ensure the protection of information, as well as the level of compliance with the requirements of the information protection system in general. The expert assessment method is used as a basic method for assessing the state of information protection. The developed expert system provides a significant reduction in routine operations during the audit of information security. The results of the assessment are presented quite clearly and provide an opportunity for the leadership of the authorities and organizations to make informed decisions to further improve the information protection system.

When building the architecture of cyber defense systems, one of the important tasks is to create a methodology for current diagnostics of cybersecurity status of information systems and objects of information activity. The complexity of this procedure is that having a strong security level of the object at the software level does not mean that such power is available at the hardware level or at the cryptographic level. There are always weaknesses in all levels of information security that criminals are constantly looking for. Therefore, the task of promptly calculating the likelihood of possible negative consequences from the successful implementation of cyberattacks is an urgent task today. This paper proposes an approach of obtaining an instantaneous calculation of the probabilities of negative consequences from the successful implementation of cyberattacks on objects of information activity on the basis of delayed differential equation theory and the mechanism of constructing a logical Fuzzy function. This makes it possible to diagnose the security status of the information system.

In view of the demand for the continuous guarantee capability of the information system in the diversified task and the complex cyber threat environment, a dual loop architecture of the resilient cloud environment for mission assurance is proposed. Firstly, general technical architecture of cloud environment is briefly introduced. Drawing on the idea of software definition, a resilient dual loop architecture based on "perception analysis planning adjustment" is constructed. Then, the core mission assurance system deployment mechanism is designed using the idea of distributed control. Finally, the core mission assurance system is designed in detail, which is consisted of six functional modules, including mission and environment awareness network, intelligent anomaly analysis and prediction, mission and resource situation generation, mission and resource planning, adaptive optimization and adjustment. The design of the dual loop architecture of the resilient cloud environment for mission assurance will further enhance the fast adaptability of the information system in the complex cyber physical environment.

In this study, we conducted a survey of those who have used E-Government Services (civil servants, employees of public institutions, and the public) to empirically identify the factors affecting the continuous use intention E-Government Services, and conducted an empirical analysis using SPSS and Smart PLS with 284 valid samples except for dual, error and poor answers. Based on the success model of the information system (IS access model), we set independent variables which were divided into quality factors (service quality, system quality, information quality) and risk factors (personal information and security), and perceived ease of use and reliability, which are the main variables based on the technology acceptance model (TAM) that best describes the parameter group, were established as useful parameters. In addition, we design the research model by setting user satisfaction and the continuous use intention as dependent variables, conducted the study about how affecting factors influence to the acceptance factors through 14 hypotheses.The study found that 12 from 14 hypotheses were adopted and 2 were rejected. Looking at the results derived, it was analyzed that, firstly, 3 quality factors all affect perceived ease of use in relation to the quality of service, system quality, information quality which are perceived ease of use of E-Government Services. Second, in relation to the quality of service quality, system quality, information quality and perceived usefulness which are the quality factors of E-Government Services, the quality of service and information quality affect perceived usefulness, but system quality does not affect perceived usefulness. Third, it was analyzed that both factors influence reliability in the relationship between Privacy and security and trust which are risk factors. Fourth, the relationship between perceived ease of use and perceived usefulness has shown that perceived ease of use does not affect perceived usefulness. Finally, the relationship between user value factors (perceptual usability, perceived usefulness and trust) and user satisfaction and the continuous use intention was analyzed that user value factors affect user satisfaction while user satisfaction affects the continuous use intention. This study can be meaningful in that it theoretically presented the factors influencing the continued acceptance of e-government services through precedent research, presented the variables and measurement items verified through the empirical analysis process, and verified the causal relationship between the variables. The e-government service can contribute to the implementation of e-government in line with the era of the 4th Industrial Revolution by using it as a reference to the establishment of policies to improve the quality of people's lives and provide convenient services to the people.

An information system is only as secure as its weakest point. In many information systems that remains to be the human factor, despite continuous attempts to educate the users about the importance of password security and enforcing password creation policies on them. Furthermore, not only do the average users' password creation and management habits remain more or less the same, but the password cracking tools, and more importantly, the computer hardware, keep improving as well. In this study, we performed a broad targeted attack combining several well-established cracking techniques, such as brute-force, dictionary, and hybrid attacks, on the passwords used by the students of a Slovenian university to access the online grading system. Our goal was to demonstrate how easy it is to crack most of the user-created passwords using simple and predictable patterns. To identify differences between them, we performed an analysis of the cracked and uncracked passwords and measured their strength. The results have shown that even a single low to mid-range modern GPU can crack over 95% of passwords in just few days, while a more dedicated system can crack all but the strongest 0.5% of them.

A cyber attack is a malicious and deliberate attempt by an individual or organization to breach the integrity, confidentiality, and/or availability of data or services of an information system of another individual or organization. Being able to attribute a cyber attack is a crucial question for security but this question is also known to be a difficult problem. The main reason why there is currently no solution that automatically identifies the initiator of an attack is that attackers usually use proxies, i.e. an intermediate node that relays a host over the network. In this paper, we propose to formalize the problem of identifying the initiator of a cyber attack. We show that if the attack scenario used by the attacker is known, then we are able to resolve the cyber attribution problem. Indeed, we propose a model to formalize these attack scenarios, that we call attack patterns, and give an efficient algorithm to search for attack pattern on a communication history. Finally, we experimentally show the relevance of our approach.

An information system based on real-time file integrations has an important role in today's organizations' work process management. By connecting to the network, file flow and integration between corporate systems have gained a great significance. In addition, network and security issues have emerged depending on the file structure and transfer processes. Thus, there has become a need for an effective and self-learning anomaly detection module for file transfer processes in order to provide the persistence of integration channels, accountability of transfer logs and data integrity. This paper proposes a novel anomaly detection approach that focuses on file size and integration duration of file transfers between enterprise systems. For this purpose, size and time anomalies on transferring files will be detected by a machine learning-based structure. Later, an alarm system is going to be developed in order to inform the authenticated individuals about the anomalies.

The article focuses on Personal Data Cyber Security Systems. These systems are the critical components for Health Information Management Systems of Public Health enterprises. The purpose of this article is to inform and provide the reader with Personal Data Cyber Security Legislation and Regulation in Public Health Sector and enlighten him with the Information Systems that were designed and implemented for Personal Data Cyber Security in Public Health.

In this paper, we consider one of the approaches to the study of the characteristics of an information system that is under the influence of various factors, and their management using neural networks and wavelet transforms based on determining the relationship between the modified state of the information system and the possibility of dynamic analysis of effects. At the same time, the process of influencing the information system includes the following components: impact on the components providing the functions of the information system; determination of the result of exposure; analysis of the result of exposure; response to the result of exposure. As an input signal, the characteristics of the means that affect are taken. The system includes an adaptive response unit, the input of which receives signals about the prerequisites for changes, and at the output, this unit generates signals for the inclusion of appropriate means to eliminate or compensate for these prerequisites or directly the changes in the information system.

In the field of process mining, a lot of information about what happened inside the information system has been exploited and has yielded significant results. However, information related to the relationship between performers and performers is only utilized and evaluated in certain aspects. In this paper, we propose an algorithm to classify the temporal work transference from workflow enactment event log. This result may be used to reduce system memory, increase the computation speed. Furthermore, it can be used as one of the factors to evaluate the performer, active role of resources in the information system.

Due to flexibility, low cost and rapid deployment, wireless sensor networks (WSNs)have been drawing more and more interest from governments, researchers, application developers, and manufacturers in recent years. Nowadays, we are in the age of industry 4.0, in which the traditional industrial control systems will be connected with each other and provide intelligent manufacturing. Therefore, WSNs can play an extremely crucial role to monitor the environment and condition parameters for smart factories. Nevertheless, the introduction of the WSNs reveals the weakness, especially for industrial applications. Through the vulnerability of IWSNs, the latent attackers were likely to invade the information system. Risk evaluation is an overwhelmingly efficient method to reduce the risk of information system in order to an acceptable level. This paper aim to study the security issues about IWSNs as well as put forward a practical solution to evaluate the risk of IWSNs, which can guide us to make risk evaluation process and improve the security of IWSNs through appropriate countermeasures.

Traditional information Security Risk Assessment algorithms are mainly used for evaluating small scale of information system, not suitable for massive information systems in Energy Internet. To solve the problem, this paper proposes an Information Security Risk Algorithm based on Dynamic Risk Propagation (ISRADRP). ISRADRP firstly divides information systems in the Energy Internet into different partitions according to their logical network location. Then, ISRADRP computes each partition's risk value without considering threat propagation effect via RM algorithm. Furthermore, ISRADRP calculates inside and outside propagation risk value for each partition according to Dependency Structure Matrix. Finally, the security bottleneck of systems will be identified and the overall risk value of information system will be obtained.

Traditional information Security Risk Assessment algorithms are mainly used for evaluating small scale of information system, not suitable for massive information systems in Energy Internet. To solve the problem, this paper proposes an Information Security Risk Algorithm based on Dynamic Risk Propagation (ISRADRP). ISRADRP firstly divides information systems in the Energy Internet into different partitions according to their logical network location. Then, ISRADRP computes each partition's risk value without considering threat propagation effect via RM algorithm. Furthermore, ISRADRP calculates inside and outside propagation risk value for each partition according to Dependency Structure Matrix. Finally, the security bottleneck of systems will be identified and the overall risk value of information system will be obtained.

Continuously improving security on an information system requires unique combination of human aspect, policies, and technology. This acts as leverage for designing an access control management approach which avails only relevant parts of a system according to an end-users' scope of work. This paper introduces a framework for information security fundamentals at organizational and theoretical levels, to identify critical success factors that are vital in assessing an organization's security maturity through a model referred to as “information security digital divide maturity framework”. The foregoing is based on a developed conceptual framework for information security digital divide. The framework strives to divide system end-users into “specific information haves and have-nots”. It intends to assist organizations to continually evaluate and improve on their security governance, standards, and policies which permit access on the basis of each end-user's work scope. The framework was tested through two surveys targeting 90 end-users and 35 security experts.