VISTA:an inclusive insider threat taxonomy, with mitigation strategies

Insiders have the potential to do a great deal of damage, given their legitimate access to organisational assets and the trust they enjoy. Organisations can only mitigate insider threats if they understand what the different kinds of insider threats are, and what tailored measures can be used to mitigate the threat posed by each of them. Here, we derive VISTA (inclusiVe InSider Threat tAxonomy) based on an extensive literature review and a survey with C-suite executives to ensure that the VISTA taxonomy is not only scientifically grounded, but also meets the needs of organisations and their executives. To this end, we map each VISTA category of insider threat to tailored mitigations that can be deployed to reduce the threat

The impact of accounting information systems on enhancing financial information security in Jordanian banks

The aim of the current study is to examine the impact of accounting information systems (AIS) on enhancing financial information security in Jordanian banks by the moderating role information technology (IT) governance. The sample of the study includes 149 administrative employees in banks operating in Jordan and a questionnaire is used as the tool of the study. The results indicate that there is an effect for accounting information systems on enhancing financial information at operating banks in Jordan on information systems' operating, inputs, and outputs. The results also indicated in effect the level for information technology governance on the relationship between accounting information systems in achieving information security at the banks operating in Jordan. Considering the result obtained, the study concluded with a group of recommendations the most important among which was to work on establishing departments to protect and secure accounting information, as well as securing qualified cadres to monitor the systems

An Integrated Cybersecurity Risk Management (I-CSRM) Framework for Critical Infrastructure Protection

Risk management plays a vital role in tackling cyber threats within the Cyber-Physical System (CPS) for overall system resilience. It enables identifying critical assets, vulnerabilities, and threats and determining suitable proactive control measures to tackle the risks. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This research aims for an effective Cyber Security Risk Management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and Comprehensive Assessment Model (CAM) for evaluating the effectiveness of the existing controls. The proposed approach considers relevant CSRM concepts such as threat actor attack pattern, Tactic, Technique and Procedure (TTP), controls and assets and maps these concepts with the VERIS community dataset (VCDB) features for the purpose of risk predication. Also, the tool serves as an additional component of the proposed framework that enables asset criticality, risk and control effectiveness calculation for a continuous risk assessment. Lastly, the thesis employs a case study to validate the proposed i-CSRM framework and i-CSRMT in terms of applicability. Stakeholder feedback is collected and evaluated using critical criteria such as ease of use, relevance, and usability. The analysis results illustrate the validity and acceptability of both the framework and tool for an effective risk management practice within a real-world environment. The experimental results reveal that using the fuzzy set theory in assessing assets' criticality, supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers’ have shown exemplary performance in predicting different risk types including denial of service, cyber espionage, and Crimeware. An accurate prediction can help organisations model uncertainty with machine learning classifiers, detect frequent cyber-attacks, affected assets, risk types, and employ the necessary corrective actions for its mitigations. Lastly, to evaluate the effectiveness of the existing controls, the CAM approach is used, and the result shows that some controls such as network intrusion, authentication, and anti-virus show high efficacy in controlling or reducing risks. Evaluating control effectiveness helps organisations to know how effective the controls are in reducing or preventing any form of risk before an attack occurs. Also, organisations can implement new controls earlier. The main advantage of using the CAM approach is that the parameters used are objective, consistent and applicable to CPS

The impact of customer satisfaction on purchase intention in Malaysian takaful industry

To date the study of customer satisfaction and purchase intention have dominated the services literature. This study is aimed to investigate the impact of customer satisfaction on purchase intention among Takaful participants in Malaysia. A self-administered questionnaire is distributed to eight Takaful companies in Malaysia as a study setting for this study. Out of the total 600 distributed questionnaires 390 were finally selected for data analyses. It is expected that findings from this study will contribute to the existing literature to both theoretical and managerial approaches in order to better understand the pattern of customer satisfaction and purchase intention in Takaful industry settings

Информационные технологии в науке, управлении, социальной сфере и медицине. Ч. 1

Сборник посвящён теоретическим и практическим аспектам разработки и применения современных информационных технологий. Особое внимание уделено вопросам математического моделирования и применения информационных технологий в различных предметных областях. Представлены доклады российских и зарубежных учёных на V Международной конференции «Информационные технологии в науке, управлении, социальной сфере и медицине», прошедшей в г. Томске на базе Томского государственного педагогического университета и Томского политехнического университета

Информационные технологии в науке, управлении, социальной сфере и медицине. Ч. 1

Сборник посвящён теоретическим и практическим аспектам разработки и применения современных информационных технологий. Особое внимание уделено вопросам математического моделирования и применения информационных технологий в различных предметных областях. Представлены доклады российских и зарубежных учёных на V Международной конференции «Информационные технологии в науке, управлении, социальной сфере и медицине», прошедшей в г. Томске на базе Томского государственного педагогического университета и Томского политехнического университета

PIAAC Bibliography - 2008-2019

In order to enhance the performance of rehabilitation robots, it is imperative to know both force and motion caused by the interaction between user and robot. However, common direct measurement of both signals through force and motion sensors not only increases the complexity of the system but also impedes affordability of the system. As an alternative of the direct measurement, in this work, we present new force and motion estimators for the proper control of the upper-limb rehabilitation Universal Haptic Pantograph (UHP) robot. The estimators are based on the kinematic and dynamic model of the UHP and the use of signals measured by means of common low-cost sensors. In order to demonstrate the effectiveness of the estimators, several experimental tests were carried out. The force and impedance control of the UHP was implemented first by directly measuring the interaction force using accurate extra sensors and the robot performance was compared to the case where the proposed estimators replace the direct measured values. The experimental results reveal that the controller based on the estimators has similar performance to that using direct measurement (less than 1 N difference in root mean square error between two cases), indicating that the proposed force and motion estimators can facilitate implementation of interactive controller for the UHP in robot-mediated rehabilitation trainings

Информационные технологии в науке, управлении, социальной сфере и медицине. Ч. 1

Сборник посвящён теоретическим и практическим аспектам разработки и применения современных информационных технологий. Особое внимание уделено вопросам математического моделирования и применения информационных технологий в различных предметных областях. Представлены доклады российских и зарубежных учёных на V Международной конференции «Информационные технологии в науке, управлении, социальной сфере и медицине», прошедшей в г. Томске на базе Томского государственного педагогического университета и Томского политехнического университета