信息安全(英文)最新文献

{"title":"Hacked by Bits and Pieces: What Can We Learn from an Example of Corporate Espionage?","authors":"Jack Schafer, M. Karlins","doi":"10.4236/jis.2021.123012","DOIUrl":"https://doi.org/10.4236/jis.2021.123012","url":null,"abstract":"Information security often involves the development and application of sophisticated software to protect sensitive \u0000information stored in corporate computers. Yet, in this example of \u0000corporate espionage, a clever person, a cellphone and some readily available \u0000software were all it took to crack through one company’s advanced security \u0000barriers. By reading this article it is hoped that employees at all levels of \u0000an organization’s hierarchy will become more aware of—and recognize—how: 1) \u0000bits and pieces of seemingly harmless and easy-to-acquire information can be \u0000used for sinister purposes; 2) building rapport and trust with a person can \u0000make them more likely to become unknowing co-conspirators in a devious \u0000undertaking; and 3) how one must be constantly alert not to give out information \u0000without carefully considering the authenticity and justification of the source \u0000requesting it.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41424549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Authentication of Video Evidence for Forensic Investigation: A Case of Nigeria","authors":"B. O. Akumba, A. Iorliam, S. Agber, E. O. Okube, K. D. Kwaghtyo","doi":"10.4236/JIS.2021.122008","DOIUrl":"https://doi.org/10.4236/JIS.2021.122008","url":null,"abstract":"Video shreds of evidence are usually admissible in the court of law all \u0000over the world. However, individuals manipulate these videos to either defame \u0000or incriminate innocent people. Others indulge in video tampering to falsely \u0000escape the wrath of the law against misconducts. One way impostors can forge \u0000these videos is through inter-frame video forgery. Thus, the integrity of such \u0000videos is under threat. This is because these digital forgeries seriously \u0000debase the credibility of video contents as being definite records of events. This leads to an increasing concern about the \u0000trustworthiness of video contents. Hence, it continues to affect the social and \u0000legal system, forensic investigations, intelligence services, and security and \u0000surveillance systems as the case may be. The problem of inter-frame video \u0000forgery is increasingly spontaneous as more video-editing software continues to \u0000emerge. These video editing tools can easily manipulate videos without leaving \u0000obvious traces and these tampered videos become viral. Alarmingly, even the \u0000beginner users of these editing tools can alter the contents of digital videos \u0000in a manner that renders them practically indistinguishable from the original \u0000content by mere observations. This paper, however, leveraged on the concept of \u0000correlation coefficients to produce a more elaborate and reliable inter-frame \u0000video detection to aid forensic investigations, especially in Nigeria. The \u0000model employed the use of the idea of a threshold to efficiently distinguish \u0000forged videos from authentic videos. A benchmark and locally manipulated video \u0000datasets were used to evaluate the proposed model. Experimentally, our approach \u0000performed better than the existing methods. The overall accuracy for all the \u0000evaluation metrics such as accuracy, recall, precision and F1-score was 100%. \u0000The proposed method implemented in the MATLAB programming language has proven \u0000to effectively detect inter-frame forgeries.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49613746","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Optimum Spending on Cybersecurity Measures: Part II","authors":"Sherita Tara Kissoon","doi":"10.4236/JIS.2021.121007","DOIUrl":"https://doi.org/10.4236/JIS.2021.121007","url":null,"abstract":"The purpose of this research is to \u0000investigate the decision-making process for cybersecurity investments in \u0000organizations through development and utilization of a digital cybersecurity \u0000risk management framework. The initial article, Optimum Spending on \u0000Cybersecurity Measures is published on Emerald Insight at: https://www.emerald.com/insight/1750-6166.htm, contains the detailed literature review, and the data results from \u0000Phase I and Phase II of this research REF _Ref61862658 r h * MERGEFORMAT [1]. This article will \u0000highlight the research completed in the area of organizational decision-making \u0000on cybersecurity spend. In leveraging the review of additional studies, this \u0000research utilizes a regression framework and case study methodology to \u0000demonstrate that effective risk-based decisions are necessary when implementing \u0000cybersecurity controls. Through regression analysis, the effectiveness of \u0000current implemented cybersecurity measures in organizations is explored when connecting a dependent variable with several independent \u0000variables. The focus of this article is on the strategic decisions made by \u0000organizations when implementing cybersecurity measures. This research belongs \u0000to the area of risk management, and various models within the field of 1) \u0000information security; 2) strategic management; and 3) organizational decision-making to determine optimum spending on \u0000cybersecurity measures for risk taking organizations. This research resulted in \u0000the development of a cyber risk investment model and a digital cybersecurity risk management framework. Using a case study methodology, \u0000this model and framework were leveraged to evaluate \u0000and implement cybersecurity measures. The case study methodology provides an \u0000in-depth view of a risk-taking organization’s risk mitigation strategy within \u0000the bounds of the educational environment focusing on five areas identified \u0000within a digital cyber risk model: 1) technology landscape and application \u0000portfolio; 2) data centric focus; 3) risk management \u0000practices; 4) cost-benefit analysis for cybersecurity measures; and 5) strategic development. The outcome of this research provides \u0000greater insight into how an organization makes decisions when implementing \u0000cybersecurity controls. This research shows that most organizations are \u0000diligently implementing security measures to effectively monitor and detect \u0000cyber security attacks, specifically showing \u0000that risk taking organizations implemented cybersecurity measures to meet \u0000compliance and audit obligations with an annual spend of $3.18 million. It also \u0000indicated that 23.6% of risk-taking organizations incurred more than 6 \u0000cybersecurity breaches with an average dollar loss of $3.5 million. In \u0000addition, the impact of a cybersecurity breach on risk taking organizations is \u0000as follows: 1) data loss; 2) brand/reputational \u0000impact; 3) financial loss fines; 4) increase oversight \u0000by regulators/internal audit; and 5) \u0000customer/client impact. The implication","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-01-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49016631","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Overview of Database Security Threats’ Solutions: Traditional and Machine Learning","authors":"Yong Wang, Jinsong Xi, Tong Cheng","doi":"10.4236/JIS.2021.121002","DOIUrl":"https://doi.org/10.4236/JIS.2021.121002","url":null,"abstract":"As an information-rich collective, \u0000there are always some people who choose to take risks for some ulterior purpose \u0000and others are committed to finding ways to deal with database security \u0000threats. The purpose of database security research is to prevent the database \u0000from being illegally used or destroyed. This paper introduces the main literature \u0000in the field of database security research in recent years. First of all, we \u0000classify these papers, the classification criteria are the influencing \u0000factors of database security. Compared with the traditional and machine \u0000learning (ML) methods, some explanations of concepts are interspersed to make \u0000these methods easier to understand. Secondly, we find that the related research \u0000has achieved some gratifying results, but there are also some shortcomings, \u0000such as weak generalization, deviation from reality. Then, possible future work \u0000in this research is proposed. Finally, we summarize the main contribution.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49186650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Information Theoretic Distinguishers for Timing Attacks with Partial Profiles: Solving the Empty Bin Issue","authors":"Éloi de Chérisey, S. Guilley, O. Rioul, Darshana Jayasinghe","doi":"10.4236/jis.2021.121001","DOIUrl":"https://doi.org/10.4236/jis.2021.121001","url":null,"abstract":"In any side-channel attack, it is desirable to exploit all the available leakage data to compute the distinguisher’s values. The profiling phase is essential to obtain an accurate leakage model, yet it may not be exhaustive. As a result, information theoretic distinguishers may come up on previously unseen data, a phenomenon yielding empty bins. A strict application of the maximum likelihood method yields a distinguisher that is not even sound. Ignoring empty bins reestablishes soundness, but seriously limits its performance in terms of success rate. The purpose of this paper is to remedy this situation. In this research, we propose six different techniques to improve the performance of information theoretic distinguishers. We study them thoroughly by applying them to timing attacks, both with synthetic and real leakages. Namely, we compare them in terms of success rate, and show that their performance depends on the amount of profiling, and can be explained by a bias-variance analysis. The result of our work is that there exist use-cases, especially when measurements are noisy, where our novel information theoretic distinguishers (typically the soft-drop distinguisher) perform the best compared to known side-channel distinguishers, despite the empty bin situation.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70334943","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Complex Encryption System Design Implemented by AES","authors":"Zhimao Lu, H. Mohamed","doi":"10.4236/JIS.2021.122009","DOIUrl":"https://doi.org/10.4236/JIS.2021.122009","url":null,"abstract":"With the rapid development of internet technology and the increasing popularity of e-commerce, data encryption technology plays a very important role in data security. Information security has two aspects: security protocol and cryptographic algorithm and the latter is the foundation and core technology of information security. Advanced Encryption Standard (AES) encryption algorithm is one of the most commonly used algorithms in symmetric encryption algorithms. Such algorithms face issues when used in the context of key management and security functions. This paper focuses on the systematic analysis of these issues and summarizes AES algorithm implementation, comprehensive application and algorithm comparison with other existing methods. To analyze the performance of the proposed algorithm and to make full use of the advantages of AES encryption algorithm, one needs to reduce round key and improve the key schedule, as well as organically integrate with RSA algorithm. Java language is used to implement the algorithm due to its large library, then to show the efficiency of the proposed method we compare different parameters, such as encryption/decryption speed, entropies and memory consumption...) with a classic algorithm. Based on the results of the comparison between AES and the hybrid AES algorithm, the proposed algorithm shows good performance and high security. It therefore can be used for key management and security functions, particularly for sharing sensitive files through insecure channel. This analysis provides a reference useful for selecting different encryption algorithms according to different business needs.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70334605","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Information Segmentation and Investing in Cybersecurity","authors":"Lawrence A. Gordon, Martin P. Loeb, Lei Zhou","doi":"10.4236/JIS.2021.121006","DOIUrl":"https://doi.org/10.4236/JIS.2021.121006","url":null,"abstract":"This paper provides an analysis of how the benefits of information segmentation can assist an organization to derive the appropriate amount to invest in cybersecurity from a cost-benefit perspective. An analytical model based on the framework of the Gordon-Loeb Model ([1]) is presented that provides a set of sufficient conditions for information segmentation to lower the total investments in cybersecurity and the expected loss from cybersecurity breaches. A numerical example illustrating the insights gained from the model is also presented.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70334566","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cyber Security Crimes, Ethics and a Suggested Algorithm to Overcome Cyber-Physical Systems Problems (CybSec1)","authors":"A. Hussien","doi":"10.4236/JIS.2021.121003","DOIUrl":"https://doi.org/10.4236/JIS.2021.121003","url":null,"abstract":"Digital systems have changed our world and will continue to change it. Supportive government policy, a strong research base and history of industrial success place the benefits of an emerging digital society. Protecting benefits and minimizing risks requires reliable and robust cyber security, backed by a robust research and translation system. Trust is essential for growth and maintenance of participation in the digital community. Organizations gain trust by acting in a trustworthy way leading to building reliable and secure systems, treating people, their privacy and their data with respect, and providing reliable and understandable information to help people understand how safe they are. Research and revolution in industry and academia will continue to make important contributions to create flexible and reliable digital environment. Cyber Security has a main role in the field of information technology because securing information has become one of the greatest challenges today. When we think about the cyber security, the first thing that comes to our mind is “cyber crimes” which are increasing exponentially day by day. Many governments and firms are taking many measures to prevent these cybercrimes. Besides the various measures, cyber security remains a major concern. This paper intended to give a deep overview of the concepts and principles of cyber security that affect the safety and security in an international context. It mainly focuses on challenges faced by cyber security on the latest technologies and focuses also on introducing security types, cyber security techniques, cyber security ethics, trends that change the face of cyber security and finally attempting to solve one of the most serious cyber security crimes of violating privacy on the internet by improving the security of sensitive personal information (SPI) in Cyber-physical systems using a selected proposed algorithm that analyzes the user’s information resources and determines the valid data to be encrypted, then uses adaptive acquisition methods to collect the information and finally a new cryptographic method is used to complete SPI secure encryption according to acquisition results as described in details in Section 4.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70334952","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Data Migration Need, Strategy, Challenges, Methodology, Categories, Risks, Uses with Cloud Computing, and Improvements in Its Using with Cloud Using Suggested Proposed Model (DMig 1)","authors":"Abouelela Abdou Hussein","doi":"10.4236/JIS.2021.121004","DOIUrl":"https://doi.org/10.4236/JIS.2021.121004","url":null,"abstract":"Data Migration is a multi-step process that begins with analyzing old data and culminates in data uploading and reconciliation in new applications. With the rapid growth of data, organizations constantly need to migrate data. Data migration can be a complex process as testing must be done to ensure data quality. Migration also can be very costly if best practices are not followed and hidden costs are not identified in the early stage. On the other hand, many organizations today instead of buying IT equipment (hardware and/or software) and managing it themselves, they prefer to buy services from IT service providers. The number of service providers is increasing dramatically and the cloud is becoming the preferred tool for more cloud storage services. However, as more information and personal data are transferred to the cloud, to social media sites, DropBox, Baidu WangPan, etc., data security and privacy issues are questioned. So, academia and industry circles strive to find an effective way to secure data migration in the cloud. Various resolving methods and encryption techniques have been implemented. In this work, we will try to cover many important points in data migration as Strategy, Challenges, Need, methodology, Categories, Risks, and Uses with Cloud computing. Finally, we discuss data migration security and privacy challenge and how to solve this problem by making improvements in it’s using with Cloud through suggested proposed model that enhances data security and privacy by gathering Advanced Encryption Standard-256 (ATS256), Data Dispersion Algorithms and Secure Hash Algorithm-512. This model achieves verifiable security ratings and fast execution times.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70334554","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Empirical Evidence for a Descriptive Model of Principles of Information Security Course","authors":"A. Adekoya, A. Donald, S. Akkaladevi, A. A. Akinola","doi":"10.4236/jis.2020.114012","DOIUrl":"https://doi.org/10.4236/jis.2020.114012","url":null,"abstract":"The purpose of this study is to examine the nature and content of the rapidly evolving undergraduate Principles of Information/Cybersecurity course which has been attracting an ever-growing attention in the computing discipline, for the past decade. More specifically, it is to provide an impetus for the design of standardized principles of Information/Cybersecurity course. To achieve this, a survey of colleges and universities that offer the course was conducted. Several schools of engineering and business, in universities and colleges across several countries were surveyed to generate necessary data. Effort was made to direct the questionnaire only to Computer Information System (CIS), Computer Science (CS), Management Information System (MIS), Information System (IS) and other computer-related departments. The study instrument consisted of two main parts: one part addressed the institutional demographic information, while the other focused on the relevant elements of the course. There are sixty-two (62) questionnaire items covering areas such as demographics, perception of the course, course content and coverage, teaching preferences, method of delivery and course technology deployed, assigned textbooks and associated resources, learner support, course assessments, as well as the licensure-based certifications. Several themes emerged from the data analysis: (a) the principles course is an integral part of most cybersecurity programs; (b) majority of the courses examined, stress both strong technical and hands-on skills; (c) encourage vendor-neutral certifications as a course exit characteristic; and (d) an end-of-course class project, remains a standard requirement for successful course completion. Overall, the study makes it clear that cybersecurity is a multilateral discipline, and refuses to be confined by context and content. It is envisaged that the results of this study would turn out to be instructive for all practical purposes. We expect it to be one of the most definitive descriptive models of such a cardinal course, and help to guide and actually, shape the decisions of universities and academic programs focusing on information/cyber security in the updating and upgrading their curricula, most especially, the foundational principles course in light of new findings that are herein articulated.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2020-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41387756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}