Visible to the public Biblio

Filters: Keyword is Standards organizations  [Clear All Filters]
2023-05-19
Neema, Himanshu, Roth, Thomas, Wang, Chenli, Guo, Wenqi Wendy, Bhattacharjee, Anirban.  2022.  Integrating Multiple HLA Federations for Effective Simulation-Based Evaluations of CPS. 2022 IEEE Workshop on Design Automation for CPS and IoT (DESTION). :19—26.
Cyber-Physical Systems (CPS) are complex systems of computational, physical, and human components integrated to achieve some function over one or more networks. The use of distributed simulation, or co-simulation, is one method often used to analyze the behavior and properties of these systems. High-Level Architecture (HLA) is an IEEE co-simulation standard that supports the development and orchestration of distributed simulations. However, a simple HLA federation constructed with the component simulations (i.e., federates) does not satisfy several requirements that arise in real-world use cases such as the shared use of limited physical and computational resources, the need to selectively hide information from participating federates, the creation of reusable federates and federations for supporting configurable shared services, achieving performant distributed simulations, organizing federations across different model types or application concerns, and coordinating federations across organizations with different information technology policies. This paper describes these core requirements that necessitate the use of multiple HLA federations and presents various mechanisms for constructing such integrated HLA federations. An example use case is implemented using a model-based rapid simulation integration framework called the Universal CPS Environment for Federation (UCEF) to illustrate these requirements and demonstrate techniques for integrating multiple HLA federations.
2023-04-14
Sadlek, Lukáš, Čeleda, Pavel, Tovarňák, Daniel.  2022.  Identification of Attack Paths Using Kill Chain and Attack Graphs. NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium. :1–6.
The ever-evolving capabilities of cyber attackers force security administrators to focus on the early identification of emerging threats. Targeted cyber attacks usually consist of several phases, from initial reconnaissance of the network environment to final impact on objectives. This paper investigates the identification of multi-step cyber threat scenarios using kill chain and attack graphs. Kill chain and attack graphs are threat modeling concepts that enable determining weak security defense points. We propose a novel kill chain attack graph that merges kill chain and attack graphs together. This approach determines possible chains of attacker’s actions and their materialization within the protected network. The graph generation uses a categorization of threats according to violated security properties. The graph allows determining the kill chain phase the administrator should focus on and applicable countermeasures to mitigate possible cyber threats. We implemented the proposed approach for a predefined range of cyber threats, especially vulnerability exploitation and network threats. The approach was validated on a real-world use case. Publicly available implementation contains a proof-of-concept kill chain attack graph generator.
ISSN: 2374-9709
2023-02-17
Ferrell, Uma D., Anderegg, Alfred H. Andy.  2022.  Holistic Assurance Case for System-of-Systems. 2022 IEEE/AIAA 41st Digital Avionics Systems Conference (DASC). :1–9.
Aviation is a highly sophisticated and complex System-of-Systems (SoSs) with equally complex safety oversight. As novel products with autonomous functions and interactions between component systems are adopted, the number of interdependencies within and among the SoS grows. These interactions may not always be obvious. Understanding how proposed products (component systems) fit into the context of a larger SoS is essential to promote the safe use of new as well as conventional technology.UL 4600, is a Standard for Safety for the Evaluation of Autonomous Products specifically written for completely autonomous Load vehicles. The goal-based, technology-neutral features of this standard make it adaptable to other industries and applications.This paper, using the philosophy of UL 4600, gives guidance for creating an assurance case for products in an SoS context. An assurance argument is a cogent structured argument concluding that an autonomous aircraft system possesses all applicable through-life performance and safety properties. The assurance case process can be repeated at each level in the SoS: aircraft, aircraft system, unmodified components, and modified components. The original Equipment Manufacturer (OEM) develops the assurance case for the whole aircraft envisioned in the type certification process. Assurance cases are continuously validated by collecting and analyzing Safety Performance Indicators (SPIs). SPIs provide predictive safety information, thus offering an opportunity to improve safety by preventing incidents and accidents. Continuous validation is essential for risk-based approval of autonomously evolving (dynamic) systems, learning systems, and new technology. System variants, derivatives, and components are captured in a subordinate assurance case by their developer. These variants of the assurance case inherently reflect the evolution of the vehicle-level derivatives and options in the context of their specific target ecosystem. These subordinate assurance cases are nested under the argument put forward by the OEM of components and aircraft, for certification credit.It has become a common practice in aviation to address design hazards through operational mitigations. It is also common for hazards noted in an aircraft component system to be mitigated within another component system. Where a component system depends on risk mitigation in another component of the SoS, organizational responsibilities must be stated explicitly in the assurance case. However, current practices do not formalize accounting for these dependencies by the parties responsible for design; consequently, subsequent modifications are made without the benefit of critical safety-related information from the OEMs. The resulting assurance cases, including 3rd party vehicle modifications, must be scrutinized as part of the holistic validation process.When changes are made to a product represented within the assurance case, their impact must be analyzed and reflected in an updated assurance case. An OEM can facilitate this by integrating affected assurance cases across their customer’s supply chains to ensure their validity. The OEM is expected to exercise the sphere-of-control over their product even if it includes outsourced components. Any organization that modifies a product (with or without assurance argumentation information from other suppliers) is accountable for validating the conditions for any dependent mitigations. For example, the OEM may manage the assurance argumentation by identifying requirements and supporting SPI that must be applied in all component assurance cases. For their part, component assurance cases must accommodate all spheres-of-control that mitigate the risks they present in their respective contexts. The assurance case must express how interdependent mitigations will collectively assure the outcome. These considerations are much more than interface requirements and include explicit hazard mitigation dependencies between SoS components. A properly integrated SoS assurance case reflects a set of interdependent systems that could be independently developed..Even in this extremely interconnected environment, stakeholders must make accommodations for the independent evolution of products in a manner that protects proprietary information, domain knowledge, and safety data. The collective safety outcome for the SoS is based on the interdependence of mitigations by each constituent component and could not be accomplished by any single component. This dependency must be explicit in the assurance case and should include operational mitigations predicated on people and processes.Assurance cases could be used to gain regulatory approval of conventional and new technology. They can also serve to demonstrate consistency with a desired level of safety, especially in SoSs whose existing standards may not be adequate. This paper also provides guidelines for preserving alignment between component assurance cases along a product supply chain, and the respective SoSs that they support. It shows how assurance is a continuous process that spans product evolution through the monitoring of interdependent requirements and SPI. The interdependency necessary for a successful assurance case encourages stakeholders to identify and formally accept critical interconnections between related organizations. The resulting coordination promotes accountability for safety through increased awareness and the cultivation of a positive safety culture.
ISSN: 2155-7209
Khan, Muhammad Maaz Ali, Ehabe, Enow Nkongho, Mailewa, Akalanka B..  2022.  Discovering the Need for Information Assurance to Assure the End Users: Methodologies and Best Practices. 2022 IEEE International Conference on Electro Information Technology (eIT). :131–138.

The use of software to support the information infrastructure that governments, critical infrastructure providers and businesses worldwide rely on for their daily operations and business processes is gradually becoming unavoidable. Commercial off-the shelf software is widely and increasingly used by these organizations to automate processes with information technology. That notwithstanding, cyber-attacks are becoming stealthier and more sophisticated, which has led to a complex and dynamic risk environment for IT-based operations which users are working to better understand and manage. This has made users become increasingly concerned about the integrity, security and reliability of commercial software. To meet up with these concerns and meet customer requirements, vendors have undertaken significant efforts to reduce vulnerabilities, improve resistance to attack and protect the integrity of the products they sell. These efforts are often referred to as “software assurance.” Software assurance is becoming very important for organizations critical to public safety and economic and national security. These users require a high level of confidence that commercial software is as secure as possible, something only achieved when software is created using best practices for secure software development. Therefore, in this paper, we explore the need for information assurance and its importance for both organizations and end users, methodologies and best practices for software security and information assurance, and we also conducted a survey to understand end users’ opinions on the methodologies researched in this paper and their impact.

ISSN: 2154-0373

2023-02-03
Kumar, Manish, Soni, Aman, Shekhawat, Ajay Raj Singh, Rawat, Akash.  2022.  Enhanced Digital Image and Text Data Security Using Hybrid Model of LSB Steganography and AES Cryptography Technique. 2022 Second International Conference on Artificial Intelligence and Smart Energy (ICAIS). :1453–1457.
In the present innovation, for the trading of information, the internet is the most well-known and significant medium. With the progression of the web and data innovation, computerized media has become perhaps the most famous and notable data transfer tools. This advanced information incorporates text, pictures, sound, video etc moved over the public organization. The majority of these advanced media appear as pictures and are a significant part in different applications, for example, chat, talk, news, website, web-based business, email, and digital books. The content is still facing various challenges in which including the issues of protection of copyright, modification, authentication. Cryptography, steganography, embedding techniques is widely used to secure the digital data. In this present the hybrid model of LSB steganography and Advanced Encryption Standard (AES) cryptography techniques to enhanced the security of the digital image and text that is undeniably challenging to break by the unapproved person. The security level of the secret information is estimated in the term of MSE and PSNR for better hiding required the low MSE and high PSNR values.
2023-01-13
Mandrakov, Egor S., Dudina, Diana A., Vasiliev, Vicror A., Aleksandrov, Mark N..  2022.  Risk Management Process in the Digital Environment. 2022 International Conference on Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). :108–111.
Currently, many organizations are moving to new digital management systems, which is accompanied not only by the introduction of new approaches based on the use of information technology, but also by a change in the organizational and management environment. Risk management is a process necessary to maintain the competitive advantage of an organization, but it can also become involved in the course of digitalization itself, which means that risk management also needs to change to meet modern conditions and ensure the effectiveness of the organization. This article discusses the risk management process in the digital environment. The main approach to the organization of this process is outlined, taking into account the use of information tools, together with the stages of this process, which directly affect the efficiency of the company. The risks that are specific to a digital organization are taken into account. Modern requirements for risk management for organizations are studied, ways of their implementation are outlined. The result is a risk management process that functions in a digital organization.
Lavanya, P., Subbareddy, I.V., Selvakumar, V..  2022.  Internet of Things enabled Block Level Security Mechanism to Big Data Environment using Cipher Security Policies. 2022 International Conference on Advances in Computing, Communication and Applied Informatics (ACCAI). :1–6.
The proliferation of linked devices in decisive infrastructure fields including health care and the electric grid is transforming public perceptions of critical infrastructure. As the world grows more mobile and connected, as well as as the Internet of Things (IoT) expands, the growing interconnectivity of new critical sectors is being fuelled. Interruptions in any of these areas can have ramifications across numerous sectors and potentially the world. Crucial industries are critical to contemporary civilization. In today's hyper-connected world, critical infrastructure is more vulnerable than ever to cyber assaults, whether they are state-sponsored, carried out by criminal organizations, or carried out by individuals. In a world where more and more gadgets are interconnected, hackers have more and more entry points via which they may damage critical infrastructure. Significant modifications to an organization's main technological systems have created a new threat surface. The study's goal is to raise awareness about the challenges of protecting digital infrastructure in the future while it is still in development. Fog architecture is designed based on functionality once the infrastructure that creates large data has been established. There's also an in-depth look of fog-enabled IoT network security requirements. The next section examines the security issues connected with fog computing, as well as the privacy and trust issues raised by fog-enabled Internet of Things (IoT). Block chain is also examined to see how it may help address IoT security problems, as well as the complimentary interrelationships between block-chain and fog computing. Additionally, Formalizes big data security goal and scope, develops taxonomy for identifying risks to fog-based Internet of Things systems, compares current development contributions to security service standards, and proposes interesting study areas for future studies, all within this framework
Sun, Jun, Liu, Dong, Liu, Yang, Li, Chuang, Ma, Yumeng.  2022.  Research on the Characteristics and Security Risks of the Internet of Vehicles Data. 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC). :299–305.
As a new industry integrated by computing, communication, networking, electronics, and automation technology, the Internet of Vehicles (IoV) has been widely concerned and highly valued at home and abroad. With the rapid growth of the number of intelligent connected vehicles, the data security risks of the IoV have become increasingly prominent, and various attacks on data security emerge in an endless stream. This paper firstly introduces the latest progress on the data security policies, regulations, standards, technical routes in major countries and regions, and international standardization organizations. Secondly, the characteristics of the IoV data are comprehensively analyzed in terms of quantity, standard, timeliness, type, and cross-border transmission. Based on the characteristics, this paper elaborates the security risks such as privacy data disclosure, inadequate access control, lack of identity authentication, transmission design defects, cross-border flow security risks, excessive collection and abuse, source identification, and blame determination. And finally, we put forward the measures and suggestions for the security development of IoV data in China.
2023-01-06
S, Harichandana B S, Agarwal, Vibhav, Ghosh, Sourav, Ramena, Gopi, Kumar, Sumit, Raja, Barath Raj Kandur.  2022.  PrivPAS: A real time Privacy-Preserving AI System and applied ethics. 2022 IEEE 16th International Conference on Semantic Computing (ICSC). :9—16.
With 3.78 billion social media users worldwide in 2021 (48% of the human population), almost 3 billion images are shared daily. At the same time, a consistent evolution of smartphone cameras has led to a photography explosion with 85% of all new pictures being captured using smartphones. However, lately, there has been an increased discussion of privacy concerns when a person being photographed is unaware of the picture being taken or has reservations about the same being shared. These privacy violations are amplified for people with disabilities, who may find it challenging to raise dissent even if they are aware. Such unauthorized image captures may also be misused to gain sympathy by third-party organizations, leading to a privacy breach. Privacy for people with disabilities has so far received comparatively less attention from the AI community. This motivates us to work towards a solution to generate privacy-conscious cues for raising awareness in smartphone users of any sensitivity in their viewfinder content. To this end, we introduce PrivPAS (A real time Privacy-Preserving AI System) a novel framework to identify sensitive content. Additionally, we curate and annotate a dataset to identify and localize accessibility markers and classify whether an image is sensitive to a featured subject with a disability. We demonstrate that the proposed lightweight architecture, with a memory footprint of a mere 8.49MB, achieves a high mAP of 89.52% on resource-constrained devices. Furthermore, our pipeline, trained on face anonymized data. achieves an F1-score of 73.1%.
2023-01-05
Singh, Pushpa Bharti, Tomar, Parul, Kathuria, Madhumita.  2022.  Comparative Study of Machine Learning Techniques for Intrusion Detection Systems. 2022 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COM-IT-CON). 1:274—283.
Being a part of today’s technical world, we are connected through a vast network. More we are addicted to these modernization techniques we need security. There must be reliability in a network security system so that it is capable of doing perfect monitoring of the whole network of an organization so that any unauthorized users or intruders wouldn’t be able to halt our security breaches. Firewalls are there for securing our internal network from unauthorized outsiders but still some time possibility of attacks is there as according to a survey 60% of attacks were internal to the network. So, the internal system needs the same higher level of security just like external. So, understanding the value of security measures with accuracy, efficiency, and speed we got to focus on implementing and comparing an improved intrusion detection system. A comprehensive literature review has been done and found that some feature selection techniques with standard scaling combined with Machine Learning Techniques can give better results over normal existing ML Techniques. In this survey paper with the help of the Uni-variate Feature selection method, the selection of 14 essential features out of 41 is performed which are used in comparative analysis. We implemented and compared both binary class classification and multi-class classification-based Intrusion Detection Systems (IDS) for two Supervised Machine Learning Techniques Support Vector Machine and Classification and Regression Techniques.
2022-11-18
Iskandar, Olimov, Yusuf, Boriyev, Mahmudjon, Sadikov, Azizbek, Xudoyberdiyev, Javohir, Ismanaliyev.  2021.  Analysis of existing standards for information security assessment. 2021 International Conference on Information Science and Communications Technologies (ICISCT). :1—3.
This article is devoted to the existing standards for assessing the state of information security, which provides a classification and comparative analysis of standards for assessing the state of information.
Aleksandrov, Mark N., Vasiliev, Victor A., Aleksandrova, Svetlana V..  2021.  Implementation of the Risk-based Approach Methodology in Information Security Management Systems. 2021 International Conference on Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). :137—139.
Currently, most companies systematically face challenges related to the loss of significant confidential information, including legally significant information, such as personal data of customers. To solve the problem of maintaining the confidentiality, integrity and availability of information, companies are increasingly using the methodology laid down in the basis of the international standard ISO / IEC 27001. Information security risk management is a process of continuous monitoring and systematic analysis of the internal and external environment of the IT environment, associated with the further adoption and implementation of management decisions aimed at reducing the likelihood of an unfavorable result and minimizing possible threats to business caused by the loss of manageability of information that is important for the organization. The article considers the problems and approaches to the development, practical implementation, and methodology of risk management based on the international standard ISO 31000 in the modern information security management system.
2022-09-09
Maiti, Ankita, Shilpa, R.G.  2020.  Developing a Framework to Digitize Supply Chain Between Supplier and Manufacturer. 2020 5th International Conference on Computing, Communication and Security (ICCCS). :1—6.
Supply chain plays a significant job in an organization making systems between an organization and its supplier to deliver and disperse items and administrations to the last purchasers. Digitization alludes to the way toward moving physical reports into physical documents. Digitization will make incredible open doors for associations and supply chain rehearses. Numerous associations need to turn out to be progressively “advanced” since they have watched the criticality and value of computerized advances for their development and their own organizations. This research study topic presents a review of the supply chain management digitization practices and dreams with a merged image of digitization and stream of data between the Supplier and Manufacturer chain. Value management, in value analysis, assumes a huge job in a viable Digital Supply Chain Management, it is progressively centered around mechanization, digitizing the procedure, and the coordination and reconciliation of the considerable number of components associated with the supply chain. In view of how value-chain management has developed, it assumes an urgent job in managing the ever-expanding unpredictability in supply chains all inclusive. This study presents an overview of the supply chain management digitization practices and visions with a consolidated picture of digitization and flow of information between the Supplier and Manufacturer chain. This study can be further improved by integrating the latest technology and tools AI and IoT-as a future study.
2022-08-26
Lotz, Volkmar.  2020.  Cybersecurity Certification for Agile and Dynamic Software Systems – a Process-Based Approach. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). :85–88.
In this extended abstract, we outline an approach for security certification of products or services for modern commercial systems that are characterized by agile development, the integration of development and operations, and high dynamics of system features and structures. The proposed scheme rather evaluates the processes applied in development and operations than investigates into the validity of the product properties itself. We argue that the resulting claims are still suitable to increase the confidence in the security of products and services resulting from such processes.
2022-07-13
Glantz, Edward J., Bartolacci, Michael R., Nasereddin, Mahdi, Fusco, David J., Peca, Joanne C., Kachmar, Devin.  2021.  Wireless Cybersecurity Education: A Focus on Curriculum. 2021 Wireless Telecommunications Symposium (WTS). :1—5.
Higher education is increasingly called upon to enhance cyber education, including hands-on "experiential" training. The good news is that additional tools and techniques are becoming more available, both in-house and through third parties, to provide cyber training environments and simulations at various features and price points. However, the training thus far has only focused on "traditional" Cybersecurity that lightly touches on wireless in undergraduate and master's degree programs, and certifications. The purpose of this research is to identify and recognize nascent cyber training emphasizing a broader spectrum of wireless security and encourage curricular development that includes critical experiential training. Experiential wireless security training is important to keep pace with the growth in wireless communication mediums and associated Internet of Things (IoT) and Cyber Physical System (CPS) applications. Cyber faculty at a university offering undergraduate and master's Cybersecurity degrees authored this paper; both degrees are offered to resident as well as online students.
2022-07-12
Patel, Mansi, Prabhu, S Raja, Agrawal, Animesh Kumar.  2021.  Network Traffic Analysis for Real-Time Detection of Cyber Attacks. 2021 8th International Conference on Computing for Sustainable Global Development (INDIACom). :642—646.
Preventing the cyberattacks has been a concern for any organization. In this research, the authors propose a novel method to detect cyberattacks by monitoring and analyzing the network traffic. It was observed that the various log files that are created in the server does not contain all the relevant traces to detect a cyberattack. Hence, the HTTP traffic to the web server was analyzed to detect any potential cyberattacks. To validate the research, a web server was simulated using the Opensource Damn Vulnerable Web Application (DVWA) and the cyberattacks were simulated as per the OWASP standards. A python program was scripted that captured the network traffic to the DVWA server. This traffic was analyzed in real-time by reading the various HTTP parameters viz., URLs, Get / Post methods and the dependencies. The results were found to be encouraging as all the simulated attacks in real-time could be successfully detected. This work can be used as a template by various organizations to prevent any insider threat by monitoring the internal HTTP traffic.
2022-04-01
Khurat, Assadarat, Sangkhachantharanan, Phirawat.  2021.  An Automatic Networking Device Auditing Tool Based on CIS Benchmark. 2021 18th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON). :409—412.
Security has become an important issue in an IT system of an organization. Each IT component has to be configured correctly, otherwise the risk of attack could increase. An important component is networking device such as router and switch. To avoid this misconfiguration, a well-known process called audit is used. There are several auditing tools both commercial and open-source. However, none of the existing tools that are open-source can automatically audit the security settings of networking device based on standard e.g., CIS benchmark. We, thus propose a tool that can verify the networking device automatically based on best practices so that auditors can conveniently check as well as issue a report.
2022-03-14
Baray, Elyas, Kumar Ojha, Nitish.  2021.  ‘WLAN Security Protocols and WPA3 Security Approach Measurement Through Aircrack-ng Technique’. 2021 5th International Conference on Computing Methodologies and Communication (ICCMC). :23–30.
From the beginning of technology and Wi-Fi based systems wireless networks had a prominent threat upon data security. Without security measures many organizations contribute on these flaws of security to make it better. There are many vulnerabilities of security models which are discussed in this article such as hacking through Wi-Fi security by Aircrack-ng, previous security model vulnerabilities and also the performance of Aircrack-ng attack on Wi-Fi modem or routers. In order to crack WPA/WPA2, kali Linux operating system will be needed along with Aircrack-ng packages installed on any compatible PC. Some of the new standard WPA3 such like downgrade problem on which the system will let the device to downgrade from WPA3 to WPA2 in order to connect with incompatible devise. Further, it makes a way for hackers to obtain Wi-Fi passwords even from new model defined such as WPA3 by using old techniques. The new model introduced Wi-Fi security protocol WPA3 is also no longer a secure model it can be penetrated. Researchers have discovered some new vulnerability enables hackers to get out the Wi-Fi passwords.
2021-12-21
Hatakeyama, Koudai, Kotani, Daisuke, Okabe, Yasuo.  2021.  Zero Trust Federation: Sharing Context under User Control towards Zero Trust in Identity Federation. 2021 IEEE International Conference on Pervasive Computing and Communications Workshops and Other Affiliated Events (PerCom Workshops). :514–519.
Perimeter models, which provide access control for protecting resources on networks, make authorization decisions using the source network of access requests as one of critical factors. However, such models are problematic because once a network is intruded, the attacker gains access to all of its resources. To overcome the above problem, a Zero Trust Network (ZTN) is proposed as a new security model in which access control is performed by authenticating users who request access and then authorizing such requests using various information about users and devices called contexts. To correctly make authorization decisions, this model must take a large amount of various contexts into account. However, in some cases, an access control mechanism cannot collect enough context to make decisions, e.g., when an organization that enforces access control joins the identity federation and uses systems operated by other organizations. This is because the contexts collected using the systems are stored in individual systems and no federation exists for sharing contexts. In this study, we propose the concept of a Zero Trust Federation (ZTF), which applies the concept of ZTN under the identity federation, and a method for sharing context among systems of organizations. Since context is sensitive to user privacy, we also propose a mechanism for sharing contexts under user control. We also verify context sharing by implementing a ZTF prototype.
2021-10-12
Zhang, Fengli, Huff, Philip, McClanahan, Kylie, Li, Qinghua.  2020.  A Machine Learning-Based Approach for Automated Vulnerability Remediation Analysis. 2020 IEEE Conference on Communications and Network Security (CNS). :1–9.
Security vulnerabilities in firmware/software pose an important threat ton power grid security, and thus electric utility companies should quickly decide how to remediate vulnerabilities after they are discovered. Making remediation decisions is a challenging task in the electric industry due to the many factors to consider, the balance to maintain between patching and service reliability, and the large amount of vulnerabilities to deal with. Unfortunately, remediation decisions are current manually made which take a long time. This increases security risks and incurs high cost of vulnerability management. In this paper, we propose a machine learning-based automation framework to automate remediation decision analysis for electric utilities. We apply it to an electric utility and conduct extensive experiments over two real operation datasets obtained from the utility. Results show the high effectiveness of the solution.
2021-09-16
Astakhova, Liudmila, Medvedev, Ivan.  2020.  The Software Application for Increasing the Awareness of Industrial Enterprise Workers on Information Security of Significant Objects of Critical Information Infrastructure. 2020 Global Smart Industry Conference (GloSIC). :121–126.
Digitalization of production and management as the imperatives of Industry 4.0 stipulated the requirements of state regulators for informing and training personnel of a significant object of critical information infrastructure. However, the attention of industrial enterprises to this problem is assessed as insufficient. This determines the relevance and purpose of this article - to develop a methodology and tool for raising the awareness of workers of an industrial enterprise about information security (IS) of significant objects of critical information infrastructure. The article reveals the features of training at industrial enterprises associated with a high level of development of safety and labor protection systems. Traditional and innovative methods and means of training personnel at the workplace within the framework of these systems and their opportunities for training in the field of information security are shown. The specificity of the content and forms of training employees on the security of critical information infrastructure has been substantiated. The scientific novelty of the study consists in the development of methods and software applications that can perform the functions of identifying personal qualities of employees; testing the input level of their knowledge in the field of IS; testing for knowledge of IS rules (by the example of a response to socio-engineering attacks); planning an individual thematic plan for employee training; automatic creation of a modular program and its content; automatic notification of the employee about the training schedule at the workplace; organization of training according to the schedule; control self-testing and testing the level of knowledge of the employee after training; organizing a survey to determine satisfaction with employee training. The practical significance of the work lies in the possibility of implementing the developed software application in industrial enterprises, which is confirmed by the successful results of its testing.
2021-01-11
Tiwari, P., Skanda, C. S., Sanjana, U., Aruna, S., Honnavalli, P..  2020.  Secure Wipe Out in BYOD Environment. 2020 International Workshop on Big Data and Information Security (IWBIS). :109–114.
Bring Your Own Device (BYOD) is a new trend where employees use their personal devices to connect to their organization networks to access sensitive information and work-related systems. One of the primary challenges in BYOD is to securely delete company data when an employee leaves an organization. In common BYOD programs, the personal device in use is completely wiped out. This may lead to the deletion of personal data during exit procedures. Due to performance and deletion latency, erasure of data in most file systems today results in unlinking the file location and marking data blocks as unused. This may suffice the need of a normal user trying to delete unwanted files but the file content is not erased from the data blocks and can be retrieved with the help of various data recovery and forensic tools. In this paper, we discuss: (1) existing work related to secure deletion, and (2) secure and selective deletion methods that delete only the required files or directories without tampering personal data. We present two per-file deletion methods: Overwriting data and Encryption based deletion which erase specific files securely. Our proposed per-file deletion methods reduce latency and performance overheads caused by overwriting an entire disk.
2020-11-20
Mousavi, M. Z., Kumar, S..  2019.  Analysis of key Factors for Organization Information Security. 2019 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon). :514—518.
Protecting sensitive information from illegal access and misuse is crucial to all organizations. An inappropriate Information Security (IS) policy and procedures are not only a suitable environment for an outsider attack but also a good chance for the insiders' misuse. In this paper, we will discuss the roles of an organization in information security and how human behavior affects the Information Security System (ISS). How an organization can create and instill an effective information security culture in an organization to improve their information safeguards. The findings in this review can be used to further researches and will be useful for organizations to improve their information security structure (ISC).
Bhaharin, S. H., Mokhtar, U. A., Sulaiman, R., Yusof, M. M..  2019.  Issues and Trends in Information Security Policy Compliance. 2019 6th International Conference on Research and Innovation in Information Systems (ICRIIS). :1—6.
In the era of Industry 4.0 (IR 4.0), information leakage has become a critical issue for information security. The basic approach to addressing information leakage threats is to implement an information security policy (ISP) that defines the standards, boundaries, and responsibilities of users of information and technology of an organization. ISPs are one of the most commonly used methods for controlling internal user security behaviours, which include, but not limited to, computer usage ethics; organizational system usage policies; Internet and email usage policies; and the use of social media. Human error is the main security threat to information security, resulting from negligence, ignorance, and failure to adhere to organizational information security policies. Information security incidents are a problem related to human behaviour because technology is designed and operated by humans, presenting the opportunities and spaces for human error. In addition to the factor of human error as the main source of information leakage, this study aims to systematically analyse the fundamental issues of information security policy compliance. An analysis of these papers identifies and categories critical factor that effect an employee's attitude toward compliance with ISP. The human, process, technology element and information governance should be thought as a significant scope for more efficiency of information security policy compliance and in any further extensive studies to improve on information security policy compliance. Therefore, to ensure these are properly understood, further study is needed to identity the information governance that needs to be included in organizations and current best practices for developing an information security policy compliance within organizations.
2020-07-30
TÎTU, Mihail Aurel, POP, Alina Bianca, ŢÎŢU, Ştefan.  2018.  The correlation between intellectual property management and quality management in the modern knowledge-based economy. 2018 10th International Conference on Electronics, Computers and Artificial Intelligence (ECAI). :1—6.
The aim of this research paper is to highlight the intellectual property place and role within an industrial knowledge-based organization which performs design activities. The research begins by presenting the importance of integrating intellectual property policy implementation with quality policy. The research is based on the setting of objectives in the intellectual property field. This research also establishes some intellectual property strategies, and improvement measures for intellectual property protection management. The basis for these activities is correlation of the quality policy with an intellectual property policy, as well as the point of strength identified in the studied organization. The issues discussed in this scientific paper conclude on the possibility of the implementation of standards in the intellectual property field.