The development of a biometric keystroke authentication framework to enhance system security

Computer systems have proven to be essential to achieving our daily tasks such as managing our banking accounts, managing our health information and managing critical information systems such as drinking water systems or nuclear power plant systems. Such distributed systems are networked and must be protected against cyber threats. This research presents the design and implementation of a stand alone web based biometric keystroke authentication framework that creates a user\u27s keystroke typing profile and use it as a second form of authentication. Several biometric models were then bench marked for their accuracy by computing their EER. By using keystroke biometrics as a second form of authentication the overall system\u27s security is enhanced without the need of extra peripheral devices and without interrupting a user\u27s work-flow

Including Technical and Security Risks in the Development of Information Systems: A Programmatic Risk Management Model

Developing and managing an information systems project has always been challenging, but with increased security concerns and tight budget resources, the risks are even greater. With more networks, mobility, and telecommuting, there is an increased need for an assessment of the technical and security risks. These risks if realized can have devastating impacts: interruptions of service, data theft or corruption, embezzlement and fraud, and compromised customer privacy. The software risk assessment literature (for example, Barki et al. 2001; Lyytinen et al. 1998; Schmidt et al. 2001) has focused primarily on managerial (i.e., development) risks, while the security risk models (for example, Cohen et al. 1998; Straub and Welke 1998) do not include the development risks and implementation costs. Theoretical risk models need to be developed that can provide a framework for assessing and managing the critical technical failure and security risk factors in conjunction with the managerial and development risks. This research seeks to model this problem by extending risk models originally developed for large-scale engineering systems

Cybersecurity Awareness and Training (CAT) Framework for Remote Working Employees

Currently, cybersecurity plays an essential role in computing and information technology due to its direct effect on organizations’ critical assets and information. Cybersecurity is applied using integrity, availability, and confidentiality to protect organizational assets and information from various malicious attacks and vulnerabilities. The COVID-19 pandemic has generated different cybersecurity issues and challenges for businesses as employees have become accustomed to working from home. Firms are speeding up their digital transformation, making cybersecurity the current main concern. For software and hardware systems protection, organizations tend to spend an excessive amount of money procuring intrusion detection systems, antivirus software, antispyware software, and encryption mechanisms. However, these solutions are not enough, and organizations continue to suffer security risks due to the escalating list of security vulnerabilities during the COVID-19 pandemic. There is a thriving need to provide a cybersecurity awareness and training framework for remote working employees. The main objective of this research is to propose a CAT framework for cybersecurity awareness and training that will help organizations to evaluate and measure their employees’ capability in the cybersecurity domain. The proposed CAT framework will assist different organizations in effectively and efficiently managing security-related issues and challenges to protect their assets and critical information. The developed CAT framework consists of three key levels and twenty-five core practices. Case studies are conducted to evaluate the usefulness of the CAT framework in cybersecurity-based organizational settings in a real-world environment. The case studies’ results showed that the proposed CAT framework can identify employees’ capability levels and help train them to effectively overcome the cybersecurity issues and challenges faced by the organizations

A New Prototype for Intelligent Visual Fraud Detection in Agent-Based Auditing Framework

While US. Sarbanes Oxley act has been viewed by most as an onerous and expensive requirement; it is having a positive impact on driving appropriate levels of investment in IT security, controls, and transactional systems. This paper introduces a new secure solution for auditing and accounting based on artificial intelligence technology. These days, security is a big issue among regulatory firms. Big companies are concerned about their data to be disseminated to their competitors; this high risk prevents them to provide full information to the regulatory firms. This solution not only significantly reduces the risk of unauthorized access to the company’s information but also facilitate a framework for controlling the flow of disseminating information in a risk free method. Managing security is performed by a network of mobile agents in a pyramid structure among regulatory organization like securities and exchanges commissions, stock exchanges in top of this pyramid to the companies in the button. Because of security considerations, our strategy is to delegate all fraud detection algorithms to Intelligent Mobile Auditing Agent and web service undertake all inter communicational activity. Web services can follow auditing actives in predefined framework and they can act based on permitted security allowance to auditors. The current solution is designed based on Java-based mobile agents. Such design reaps strong mobility and security benefits. This new prototyped solution could be a framework for strengthening security for future development in this area. An insider trading case study is used to demonstrate and evaluate the approach

Boundary Mapping and Geodatabase Strategy for National Security Information System in Nigeria

Boundary mapping is the delineation of the territorial limits of a state, country as a sovereign state and its political division and administrative framework under a constitution. The likely consequences of boundary uncertainty, errors and omissions and distortion include: disputes, conflicts and anarchy which are serious brewers of security breakdown if not effectively managed. In recent years, the Office of the Surveyor General of the Federation (OSGoF) and National Boundary Commission (NBC) have been involved in the redefinition and management tasks of International and National boundaries of Nigeria. Some States of the Federation have attempted the demarcations of their local government area boundaries in order to provide the geospatial limits on the ground, but often led to skirmishes over disputed boundaries; whose adjudications are sometimes subjective. This problem exists because there is no definite geodatabase strategy for all boundaries’ related information, thereby rendering the physical extent of the country and states an amorphous status to be maneuvered by political leaders. This underscores the importance of boundary infrastructure as a key national security regulatory tool. This paper attempts an examination of boundary mapping and the requisite geodatabase strategy for creating and managing National Security Information System (NSIS) for Nigeria. Key geodatabase fields and records elements were identified and a sample geodatabase structure for managing boundary related security issues in Nigeria was developed using ArcGIS/ArcInfo platform. A total of 111 International boundary pillars distributed among the 20 states in Nigeria that have international borders were proposed. The study recommends the used of sub-meter resolution satellite imagery integrated with the existing NigNet CORS for creating an up-dated boundary, administrative and security base maps  and information systems for Nigeria. Keywords: Geodesy, Boundary Mapping, Geodatabase Strategy, National Security Information Syste

A Holistic Approach to eHealth Security in Australia: Developing a National eHealth Sercurity and Access Framework (NESAF)

The Australian ehealth landscape is confronted with new challenges for healthcare providers in appropriately managing and protecting personal health information. The vision of the National eHealth Security and Access Framework (NESAF) is to adopt a consistent approach to the application of health information security standards and provide better practice guidance in relation to eHealth specific security and access practices. The eHealth information security landscape has a number of unique attributes, many that are faced by other business that provide a service or products – but we see that there is no industry in Australia where such widespread changes in the access to, the creation and delivery of information is transpiring. As the significant investment in Australian eHealth unfolds the emerging threat and risk assessment for information security and access is more prominent. There is an increasing volume of information being exchanged and accessed, and that this will occur in novel ways supporting emerging clinical models and to meet patient needs and growing expectations from the information age. One key area that must be examined is data provenance, ensuring that all electronic health information is traceable from its creation at a verifiable trusted source, and through its transition and possible augmentation enroute to its destination for immediate and potential futures uses. This will support better health outcomes for patients, and also the use of the information to support tertiary and secondary uses. For example, Clinical Research may generate personal health content in the context of a clinical trial and its context of use bound to the research environment in which it was generated. The goals and principles of the NESAF are intended to guide in the design and implementation of secure eHealth systems to manage and protect healthcare information. This paper presents a description and discussion of the NESAF framework, and the work that has driven its formulation

A Holistic Approach to eHealth Security in Australia: Developing a National eHealth Sercurity and Access Framework (NESAF)

The Australian ehealth landscape is confronted with new challenges for healthcare providers in appropriately managing and protecting personal health information. The vision of the National eHealth Security and Access Framework (NESAF) is to adopt a consistent approach to the application of health information security standards and provide better practice guidance in relation to eHealth specific security and access practices. The eHealth information security landscape has a number of unique attributes, many that are faced by other business that provide a service or products – but we see that there is no industry in Australia where such widespread changes in the access to, the creation and delivery of information is transpiring. As the significant investment in Australian eHealth unfolds the emerging threat and risk assessment for information security and access is more prominent. There is an increasing volume of information being exchanged and accessed, and that this will occur in novel ways supporting emerging clinical models and to meet patient needs and growing expectations from the information age. One key area that must be examined is data provenance, ensuring that all electronic health information is traceable from its creation at a verifiable trusted source, and through its transition and possible augmentation enroute to its destination for immediate and potential futures uses. This will support better health outcomes for patients, and also the use of the information to support tertiary and secondary uses. For example, Clinical Research may generate personal health content in the context of a clinical trial and its context of use bound to the research environment in which it was generated. The goals and principles of the NESAF are intended to guide in the design and implementation of secure eHealth systems to manage and protect healthcare information. This paper presents a description and discussion of the NESAF framework, and the work that has driven its formulation

Planning, Managing and Monitoring Technological Security Infrastructures

Over the past few decades many different Information Technologies (IT) policies have been introduced, including COSO, ITIL, PMBook, CMM,ISO 2700x, Six Sigma, being COBIT IT (Control Objectives for IT) the framework that encompasses all IT and Information Systems (IS) governance activities at the organization’s level. As part of the applicability of quality services certification (ISO 9001) in all IT services of a public institution, it is presented a case study aimed at planning, managing and monitoring technological security infrastructures. It followed the guidelines for the ISO 2700x family, COBIT, ITIL and other standards and conducted a survey to complement the IT process’s objectives. With regard to an action-research methodology for problem-solving (i.e., a kind of attempt to improve or investigate practice) and according to the issue under analyze, the question is put into the terms, viz. “How can the ISO 2700x, COBIT, ITIL and other guidelines help with the planning, management and monitoring of technological security infrastructures and minimize the risk management of IT and IS?”. Indeed, it may be resolved that it is possible to achieve the goals of planning, managing and monitoring a technological security infrastructure. In the future, we will use Artificial Intelligence based approaches to problem solving such as Artificial Neural Networks and Cased Based Reasoning, to evaluate this issue

AN OPERATIONAL RISK MANAGEMENT FRAMEWORK FOR FINANCIAL SERVICES INDUSTRY

Financial corporations are considered to be adept at measuring and managing their operational risks. The rapid adoption of information systems in every part of the finance industry has forced the actors to measure and manage their information-systems risks as well. However, identifying the relationships among the information systems and the business processes and how those relations affect the operational risks of those business processes has proven to be quite difficult resulting in a multitude of different frameworks that measure IS related risks separately from the operational risks of business processes. Those approaches obviously yield an incomplete picture as the integrity, security or the availability of a financial transaction can’t be approximated without considering the enormous IS infrastructure used to create and store it. Our research aims to create a framework that treats IS related risks as variables in the overall operational risk function for a holistic risk measurement by using enterprise architecture perspective and improving on existing operational risk management and IS risk management frameworks