Visible to the public Biblio

Filters: Keyword is awareness  [Clear All Filters]
2023-08-25
Delport, Petrus M.J, van Niekerk, Johan, Reid, Rayne.  2022.  Introduction to Information Security: From Formal Curriculum to Organisational Awareness. 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). :463–469.
Many organisations responded to the recent global pandemic by moving operations online. This has led to increased exposure to information security-related risks. There is thus an increased need to ensure organisational information security awareness programs are up to date and relevant to the needs of the intended target audience. The advent of online educational providers has similarly placed increased pressure on the formal educational sector to ensure course content is updated to remain relevant. Such processes of academic reflection and review should consider formal curriculum standards and guidelines in order to ensure wide relevance. This paper presents a case study of the review of an Introduction to Information Security course. This review is informed by the Information Security and Assurance knowledge area of the ACM/IEEE Computer Science 2013 curriculum standard. The paper presents lessons learned during this review process to serve as a guide for future reviews of this nature. The authors assert that these lessons learned can also be of value during the review of organisational information security awareness programs.
ISSN: 2768-0657
2023-07-12
Salman, Fatema, Jedidi, Ahmed.  2022.  Trust-Aware Security system for Dynamic Southbound Communication in Software Defined Network. 2022 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT). :93—97.
The vast proliferation of the connected devices makes the operation of the traditional networks so complex and drops the network performance, particularly, failure cases. In fact, a novel solution is proposed to enable the management of the network resources and services named software defined network (SDN). SDN splits the data plane and the control plane by centralizing all the control plane on one common platform. Further, SDN makes the control plane programmable by offering high flexibility for the network management and monitoring mostly in failure cases. However, the main challenge in SDN is security that is presented as the first barrier for its development. Security in SDN is presented at various levels and forms, particularly, the communication between the data plane and control plane that presents a weak point in SDN framework. In this article, we suggest a new security framework focused on the combination between the trust and awareness concepts (TAS-SDN) for a dynamic southbound communication SDN. Further, TAS-SDN uses trust levels to establish a secure communication between the control plane and data plane. As a result, we discuss the implementation and the performance of TAS-SDN which presents a promote security solution in terms of time execution, complexity and scalability for SDN.
2022-12-01
Bemus, Peter, Noran, Ovidiu.  2021.  Static vs Dynamic Architecture of Aware Cyber Physical Systems of Systems. 2021 IEEE 25th International Enterprise Distributed Object Computing Workshop (EDOCW). :186–193.
The Enterprise Architecture and Systems Engineering communities are often faced with complexity barriers that develop due to the fact that modern systems must be agile and resilient. This requires dynamic changes to the system so as to adapt to changing missions as well as changes in the internal and external environments. The requirement is not entirely new, but practitioners need guidance on how to manage the life cycle of such systems. This is a problem because we must be able to architect systems by alleviating the difficulties in systems life cycle management (e.g., by helping the enterprise- or systems engineer organise and maintain models and architecture descriptions of the system of interest). Building on Pask’s conversation theoretic model of aware (human or machine) individuals, the paper proposes a reference model for systems that maintain their own models real time, act efficiently, and create system-level awareness on all levers of aggregation.
2021-10-12
Faurie, Pascal, Moldovan, Arghir-Nicolae, Tal, Irina.  2020.  Privacy Policy – ``I Agree''⁈ – Do Alternatives to Text-Based Policies Increase the Awareness of the Users? 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1–6.
Since GDPR was introduced, there is a reinforcement of the fact that users must give their consent before their personal data can be managed by any website. However, many studies have demonstrated that users often skip these policies and click the "I agree" button to continue browsing, being unaware of what the consent they gave was about, hence defeating the purpose of GDPR. This paper investigates if different ways of presenting users the privacy policy can change this behaviour and can lead to an increased awareness of the user in relation to what the user agrees with. Three different types of policies were used in the study: a full-text policy, a so-called usable policy, and a video-based policy. Results demonstrated that the type of policy has a direct influence on the user awareness and user satisfaction. The two alternatives to the text-based policy lead to a significant increase of user awareness in relation to the content of the policy and to a significant increase in the user satisfaction in relation to the usability of the policy.
2021-09-16
Astakhova, Liudmila, Medvedev, Ivan.  2020.  The Software Application for Increasing the Awareness of Industrial Enterprise Workers on Information Security of Significant Objects of Critical Information Infrastructure. 2020 Global Smart Industry Conference (GloSIC). :121–126.
Digitalization of production and management as the imperatives of Industry 4.0 stipulated the requirements of state regulators for informing and training personnel of a significant object of critical information infrastructure. However, the attention of industrial enterprises to this problem is assessed as insufficient. This determines the relevance and purpose of this article - to develop a methodology and tool for raising the awareness of workers of an industrial enterprise about information security (IS) of significant objects of critical information infrastructure. The article reveals the features of training at industrial enterprises associated with a high level of development of safety and labor protection systems. Traditional and innovative methods and means of training personnel at the workplace within the framework of these systems and their opportunities for training in the field of information security are shown. The specificity of the content and forms of training employees on the security of critical information infrastructure has been substantiated. The scientific novelty of the study consists in the development of methods and software applications that can perform the functions of identifying personal qualities of employees; testing the input level of their knowledge in the field of IS; testing for knowledge of IS rules (by the example of a response to socio-engineering attacks); planning an individual thematic plan for employee training; automatic creation of a modular program and its content; automatic notification of the employee about the training schedule at the workplace; organization of training according to the schedule; control self-testing and testing the level of knowledge of the employee after training; organizing a survey to determine satisfaction with employee training. The practical significance of the work lies in the possibility of implementing the developed software application in industrial enterprises, which is confirmed by the successful results of its testing.
2017-12-12
Santos, E. E., Santos, E., Korah, J., Thompson, J. E., Murugappan, V., Subramanian, S., Zhao, Yan.  2017.  Modeling insider threat types in cyber organizations. 2017 IEEE International Symposium on Technologies for Homeland Security (HST). :1–7.

Insider threats can cause immense damage to organizations of different types, including government, corporate, and non-profit organizations. Being an insider, however, does not necessarily equate to being a threat. Effectively identifying valid threats, and assessing the type of threat an insider presents, remain difficult challenges. In this work, we propose a novel breakdown of eight insider threat types, identified by using three insider traits: predictability, susceptibility, and awareness. In addition to presenting this framework for insider threat types, we implement a computational model to demonstrate the viability of our framework with synthetic scenarios devised after reviewing real world insider threat case studies. The results yield useful insights into how further investigation might proceed to reveal how best to gauge predictability, susceptibility, and awareness, and precisely how they relate to the eight insider types.

2017-05-19
Muhirwe, Jackson.  2016.  Towards a 3-D Approach to Cybersecurity Awareness for College Students. Proceedings of the 17th Annual Conference on Information Technology Education. :105–105.

College students as digital natives suffer from cyberattacks that include social engineering and phishing attacks. Moreover, students as college computer users and as future employees may inadvertently commit cybercrimes as insiders. Cybersecurity awareness programs and training have been found to be effective in reducing the risk of successful cyberattacks related to human users. In this outline, we propose a three dimensional (3D) approach to cybersecurity awareness and training for college students.