8,601 research outputs found
A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view
Recommendation of a security architecture for data loss prevention
Data and people are the most important assets of any organization. The amount of
information that is generated increases exponentially due to the number of new devices
that create information. On the other hand, more and more organizations are covered by
some type of regulation, such as the General Data Protection Regulation.
Organizations implement several security controls, however, they do not focus on
protecting the information itself and information leakage is a reality and a growing
concern. Based on this problem, there is a need to protect confidential information, such
as clinical data, personal information, among others. In this regard, data loss prevention
solutions (DLP – Data Loss Prevention) that have the ability to identify, monitor and act
on data considered confidential, whether at the endpoint, data repositories or in the
network, should be part of the information security strategy of organizations in order to
mitigate these risks.
This dissertation will study the topic of data loss prevention and evaluate several
existing solutions in order to identify the key components of this type of solutions. The
contribution of this work will be the recommendation of a security architecture that
mitigates the risk of information leakage and that can be easily adaptable to any DLP
solution to be implemented by organizations. In order to prove the efficiency of the
architecture, it was implemented and tested to mitigate the risk of information leakage in
specific proposed scenarios.A informação e as pessoas são os ativos mais importantes de qualquer organização. A
quantidade de informação que é gerada aumenta exponencialmente devido à quantidade
de novos dispositivos que produzem informação. Por outro lado, cada vez mais
organizações são abrangidas por algum tipo de regulamento, como o Regulamento Geral
de Proteção de Dados.
As organizações implementam vários controlos de segurança, no entanto, não se focam
na proteção da informação em si e a fuga da informação é uma realidade e uma
preocupação crescente. Com base neste problema, existe a necessidade de proteger a
informação confidencial, como dados clÃnicos, informação pessoal, entre outros. Neste
sentido, as soluções de prevenção da fuga de informação (DLP – Data Loss Prevention)
que têm a capacidade de identificar, monitorizar e atuar em dados considerados
confidenciais, seja ao nÃvel do endpoint, repositório de dados ou na rede, devem fazer
parte da estratégia da segurança da informação das organizações por forma a mitigar estes
riscos.
Esta dissertação vai analisar a temática da prevenção da fuga de informação e avaliar
várias soluções existentes com o propósito de identificar as componentes chave deste tipo
de soluções. A principal contribuição deste trabalho será a recomendação de uma
arquitetura de segurança que mitigue o risco da fuga da informação e que poderá ser
facilmente adaptável a qualquer solução de DLP a ser implementada pelas organizações.
Por forma a comprovar a eficiência da arquitetura, a mesma foi implementada e testada
para mitigar o risco de fuga da informação em cenários especÃficos que foram definidos
Mitigating the Risk of Knowledge Leakage in Knowledge Intensive Organizations: a Mobile Device Perspective
In the current knowledge economy, knowledge represents the most strategically
significant resource of organizations. Knowledge-intensive activities advance
innovation and create and sustain economic rent and competitive advantage. In
order to sustain competitive advantage, organizations must protect knowledge
from leakage to third parties, particularly competitors. However, the number
and scale of leakage incidents reported in news media as well as industry
whitepapers suggests that modern organizations struggle with the protection of
sensitive data and organizational knowledge. The increasing use of mobile
devices and technologies by knowledge workers across the organizational
perimeter has dramatically increased the attack surface of organizations, and
the corresponding level of risk exposure. While much of the literature has
focused on technology risks that lead to information leakage, human risks that
lead to knowledge leakage are relatively understudied. Further, not much is
known about strategies to mitigate the risk of knowledge leakage using mobile
devices, especially considering the human aspect. Specifically, this research
study identified three gaps in the current literature (1) lack of in-depth
studies that provide specific strategies for knowledge-intensive organizations
based on their varied risk levels. Most of the analysed studies provide
high-level strategies that are presented in a generalised manner and fail to
identify specific strategies for different organizations and risk levels. (2)
lack of research into management of knowledge in the context of mobile devices.
And (3) lack of research into the tacit dimension of knowledge as the majority
of the literature focuses on formal and informal strategies to protect explicit
(codified) knowledge.Comment: The University of Melbourne PhD Thesi
The Effective Leadership Style in Health Sector of Pakistan and Its Impact on Information Security
Purpose – The purpose of this paper is to examine the most prevalent Leadership style in health sector (i.e. Hospitals) of Pakistan and to explore the impact of leadership on Information security and their mutual relationship. Design/methodology/approach – This paper’s approach is quantitative and involved data collected from 107 respondents of 73 hospitals through a questionnaire. The respondents were administrators or doctors or both at the same time from various private and public hospitals. The questionnaire comprised 5 questions for ‘Leadership concern for Production’, 7 questions for ‘Leadership concern for people’ and 7 questions for ‘Information security’. For effective analysis the results, the data have been obtained through the following cities of Pakistan, namely; Karachi, Lahore, Islamabad, Peshawar, Hyderabad, Larkana, Khairpur, Sukkar, Dera Ismail Khan, Bannu, Sarai Naurang, Karak and Tank. For analysis and accurate output SPSS and MS Excel are used..Findings – The analysis revealed that Team Management/Leadership is the most predominant style in health sector (i.e. hospitals) of Pakistan. Majority of the respondents replied that the aforementioned style has greater correlation with the information security practices. This study is beneficial for all those individuals who really want to have a deep insight into the exploration of leadership style and its impact on information security practices within Health sector (i.e. hospitals) of Pakistan.Research limitations/implications –This study does not show individually and independently the leadership style and its impact on information security of private as well as public hospitals.Originality/value – This study is one of the first studies to empirically demonstrate the most prevalent leadership style in health sector (i.e. hospitals) across Pakistan and to determine its impact on information security practices. Keywords: information security, leadership, privacy, confidentiality, People, Tas
Privacy Violation and Detection Using Pattern Mining Techniques
Privacy, its violations and techniques to bypass privacy violation have grabbed the centre-stage of both academia and industry in recent months. Corporations worldwide have become conscious of the implications of privacy violation and its impact on them and to other stakeholders. Moreover, nations across the world are coming out with privacy protecting legislations to prevent data privacy violations. Such legislations however expose organizations to the issues of intentional or unintentional violation of privacy data. A violation by either malicious external hackers or by internal employees can expose the organizations to costly litigations. In this paper, we propose PRIVDAM; a data mining based intelligent architecture of a Privacy Violation Detection and Monitoring system whose purpose is to detect possible privacy violations and to prevent them in the future. Experimental evaluations show that our approach is scalable and robust and that it can detect privacy violations or chances of violations quite accurately. Please contact the author for full text at [email protected]
Split Learning for Distributed Collaborative Training of Deep Learning Models in Health Informatics
Deep learning continues to rapidly evolve and is now demonstrating remarkable
potential for numerous medical prediction tasks. However, realizing deep
learning models that generalize across healthcare organizations is challenging.
This is due, in part, to the inherent siloed nature of these organizations and
patient privacy requirements. To address this problem, we illustrate how split
learning can enable collaborative training of deep learning models across
disparate and privately maintained health datasets, while keeping the original
records and model parameters private. We introduce a new privacy-preserving
distributed learning framework that offers a higher level of privacy compared
to conventional federated learning. We use several biomedical imaging and
electronic health record (EHR) datasets to show that deep learning models
trained via split learning can achieve highly similar performance to their
centralized and federated counterparts while greatly improving computational
efficiency and reducing privacy risks
- …