An Approach to Optimize the Management of Information Security in Public Organizations of Ecuador

The problems of information security in public organizations in Ecuador are evident, which, as a result, have led to corruptions that are present at all levels of operational, tactical and strategic management. The objective of this chapter is to analyze the available information found in different media, written, spoken, among others. The deductive method was used for the collection of information and observation techniques. It turned out the improve in the administrative processes, prototype diagram of sequence of access of users and services, prototype of integration of technologies of security of the information for public organizations of Ecuador. It was concluded that to avoid corruption in a country change should happen at all levels: the way of thinking and culture of the inhabitants, laws, penalties to politicians without parliamentary immunity, application of information and communications technologies (ICT) in an appropriate manner, and complying with international standards in information security. To improve information security, administrative policies on information security must be changed, and technologies related to immutable security algorithms, Ledger, Hyperledger, etc., must be used

Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning

Learning-based pattern classifiers, including deep networks, have shown impressive performance in several application domains, ranging from computer vision to cybersecurity. However, it has also been shown that adversarial input perturbations carefully crafted either at training or at test time can easily subvert their predictions. The vulnerability of machine learning to such wild patterns (also referred to as adversarial examples), along with the design of suitable countermeasures, have been investigated in the research field of adversarial machine learning. In this work, we provide a thorough overview of the evolution of this research area over the last ten years and beyond, starting from pioneering, earlier work on the security of non-deep learning algorithms up to more recent work aimed to understand the security properties of deep learning algorithms, in the context of computer vision and cybersecurity tasks. We report interesting connections between these apparently-different lines of work, highlighting common misconceptions related to the security evaluation of machine-learning algorithms. We review the main threat models and attacks defined to this end, and discuss the main limitations of current work, along with the corresponding future challenges towards the design of more secure learning algorithms.Comment: Accepted for publication on Pattern Recognition, 201

An Approach to Select Cost-Effective Risk Countermeasures Exemplified in CORAS

Risk is unavoidable in business and risk management is needed amongst others to set up good security policies. Once the risks are evaluated, the next step is to decide how they should be treated. This involves managers making decisions on proper countermeasures to be implemented to mitigate the risks. The countermeasure expenditure, together with its ability to mitigate risks, is factors that affect the selection. While many approaches have been proposed to perform risk analysis, there has been less focus on delivering the prescriptive and specific information that managers require to select cost-effective countermeasures. This paper proposes a generic approach to integrate the cost assessment into risk analysis to aid such decision making. The approach makes use of a risk model which has been annotated with potential countermeasures, estimates for their cost and effect. A calculus is then employed to reason about this model in order to support decision in terms of decision diagrams. We exemplify the instantiation of the generic approach in the CORAS method for security risk analysis.Comment: 33 page

Identity Theft Prevention Measures for State Unemployment Benefits Offices: A Case Study of Workforce West Virginia

Identity theft continues to pose an increasingly complex problem for government benefits offices. The purpose of this study was to explore the environmental factors that affected a state unemployment benefits office’s ability to reduce identity theft. Current research focused on protecting information systems’ hardware, software, and related infrastructure, focusing on cyberattacks such as phishing, Trojan horses, or illegal access. The U.S. government focuses on informing the consumer and assisting small businesses through risk assessments, strategic plans, and regulations for cybersecurity. Researchers have not conducted a thorough investigation of the environment that makes state government benefit offices susceptible to identity theft. The theoretical framework for this study was open systems theory using the six dimensions of digital governance. The research question involved the identification of the barriers to a state unemployment benefits office’s ability to reduce identity theft. A qualitative case study approach concentrated on the external environmental factors that affect the system. Data collection included documents, archival records, and artifacts from multiple sources. The outcome of this research may help to inform state governments to improve policies and procedures by providing administrative, operational, and technical controls. This study has implications for positive social change to inform efforts to reduce human costs (identity theft) and financial costs (government program fraud and individual recovery)

THE ETHICAL USE OF FACIAL RECOGNITION TECHNOLOGY: A CASE STUDY OF U.S. CUSTOMS AND BORDER PROTECTION

After the events of 9/11, facial recognition technology (FRT) emerged as a security solution for identifying and verifying individuals in a homeland security setting. Although FRT demonstrates security benefits, the public has not widely accepted the government’s use of the technology. FRT critics raise ethical and societal concerns regarding the negative impact of the technology on the public, including privacy concerns, constitutional rights violations, biased and inaccurate technology, and data management. How can FRT be implemented in a way that is both efficient and ethical? This thesis analyzes FRT through a three-pronged approach. First, the thesis applies the “How to Do It Right” ethical framework to a government agency’s decision-making process. The second step identifies ethical operating principles through a crosswalk of the varied and often inconsistent operating principles published by the security industry, government audit agencies, and watchdog groups. Finally, the thesis utilizes a real-world case study to explore an operational FRT program and illustrate best practices. It recommends that following an ethical framework during decision-making and incorporating ethical principles and best practices into FRT programs during development and implementation mitigates the public’s ethical and societal concerns.Civilian, Department of Homeland SecurityApproved for public release. Distribution is unlimited

Leadership Strategies and Initiatives for Combating Medicaid Fraud and Abuse

An estimated 3-10% of the $2 trillion spent annually on health care in the United States is lost to fraud. Improper payments undermine the integrity and financial sustainability of the Medicaid program and affect the ability of federal and state governments to provide health care services for individuals and families living at or below the poverty level. This study explored how health care leaders in the state of Arizona described factors contributing to the invisible nature of Medicaid fraud and abuse and necessary strategies for counteracting the business opportunities of Medicaid fraud and abuse. The institutional choice analytic framework grounded the study. Data were gathered from the review of documents and information received from 10 interviews with health care leaders responsible for the administration, delivery, and regulation of Medicaid services in Arizona. Collected data were coded to identify underlying themes. Key themes that emerged from the study included the need for health care leaders to use modern technologies to combat Medicaid fraud and abuse and concentrate and strengthen Medicaid fraud and abuse mitigation efforts at the state level. Study data might contribute to social change by identifying Medicaid fraud and abuse mitigation strategies that will protect the financial and structural integrity of the Medicaid program, ensuring Americans living at or below the poverty level have access to quality health care services

Voice Recognition Systems for The Disabled Electorate: Critical Review on Architectures and Authentication Strategies

An inevitable factor that makes the concept of electronic voting irresistible is the fact that it offers the possibility of exceeding the manual voting process in terms of convenience, widespread participation, and consideration for People Living with Disabilities. The underlying voting technology and ballot design can determine the credibility of election results, influence how voters felt about their ability to exercise their right to vote, and their willingness to accept the legitimacy of electoral results. However, the adoption of e-voting systems has unveiled a new set of problems such as security threats, trust, and reliability of voting systems and the electoral process itself. This paper presents a critical literature review on concepts, architectures, and existing authentication strategies in voice recognition systems for the e-voting system for the disabled electorate. Consequently, in this paper, an intelligent yet secure scheme for electronic voting systems specifically for people living with disabilities is presented

Security Risks and Protection in Online Learning: A Survey

This paper describes a survey of online learning which attempts to determine online learning providers\u27 awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have identified diverse security risks and have proposed solutions to mitigate the security threats in online learning, bloggers have not discussed security in online learning with great frequency. The differences shown in the survey results generated by the two different methods confirm that online learning providers and practitioners have not considered security as a top priority. The paper also discusses the next generation of an online learning system: a safer personal learning environment which requires a one-stop solution for authentication, assures the security of online assessments, and balances security and usability

Current State of Information Security Research In IS

The importance of information security in a pervasive networked environment is undeniable, yet there is a lack of research in this area. In this study we conduct a comprehensive survey of the information security articles published in leading IS journals. We then compared the research themes with those of the IBM Information Security Capability Reference Model