Strategy for Implementation of the Security Maturity Model in e-Government Systems in Indonesia

The security maturity level of Indonesia's e-Government system needs to be evaluated to determine the current status of security implementations and to plan for overall system security improvements. In general, the maturity model describes how a system consisting of humans and devices performs their duties. These capabilities include effective leadership and governance, level of awareness of implementers, and capabilities of existing tools. This study aims to create a strategy in implementing the security maturity model in the e-Government system in Indonesia. The research method uses a mix method, namely qualitative and quantitative methods. The qualitative method aims to obtain the Critical Success Factors Implementation of the security maturity model, and the quantitative method is used to analyze the results of the Critical success factor validation using SPSS. The strategy for the Security maturity model is based on the PDCA (Plan-Do-Check-Act) Model

The evolution of e-readiness assessment models: From the digital divide to design-reality gap

Background and Objective:In recent decades, every day we are facing new achievements in the applications of information and communication technology in the field of education and research. These new achievements have changed the expectations of education and research audiences from the level of services provided. Today, students and professors want easy and fast access to new scientific and research resources, interaction with each other in absentia, use of technology for better teaching and understanding, and in general, access to information and communication technology and its use for effect. Most of it is teaching and learning. To meet these expectations, universities and higher education institutions must continuously evaluate and equip themselves to achieve the desired level of access to and use of information and communication technology. The purpose of this research was to study the evolutionary trend of e-readiness assessment models with the approach of e-learning. Methods: For this purpose, the studies were examined by both qualitative and quantitative approaches. In the qualitative approach, by studying the articles in this field, the observed trends in these articles are compared with each other. Findings: In the quantitative approach, the latest articles are investigated based on important parameters such as the scope of application, the type of model used, the methods of data collection and analysis, the type of transaction reviewed in the article, evaluation indicators, sources used to publish the article, geographical concentration, the outputs of the study, the types of data used. Based on the results of the qualitative approach, 4 evolutionary periods, from national and one size fits all model with top-down approach to bottom-up approach with special purpose models, are identified. In addition, results of quantitative approach indicate that infrastructure, people and service are the most important factors in electronic readiness; and national scope has been investigated more than other areas. Most studies have quantitative approach with public service orientation for citizen transactions. Also, assessment, maturity and adoption models have been the most used fundamental models in the studies. Conclusion: Comparison of the three main parameters studied in most studies, namely infrastructure, people and services, shows that the rate of infrastructure review has been decreasing and the rate of reviewing people has been increasing, and services have maintained an almost balanced rate during this period. In terms of the geographical focus of the study, the readiness assessment is in the first place in the country and then the readiness assessment is in the province or state. The basic model used for evaluation also has several approaches, the first category is related to the use of preparation models and the next category is related to maturity models. Studies have generated different outputs and have about 18 types of outputs, among which the evaluation model, evaluation framework, effective parameters, current situation, relationship of indicators, strategies and guidelines have the most frequency. In terms of the type of data collected, quantitative data had the highest multiplicity, followed by historical data and finally qualitative data. In terms of data collection methods, the questionnaire is in the first place and the interview and evaluation of the existing documents are in the next rows. In terms of data analysis, categorization, descriptive analysis and strategic analysis have the highest number   ===================================================================================== COPYRIGHTS  ©2019 The author(s). This is an open access article distributed under the terms of the Creative Commons Attribution (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, as long as the original authors and source are cited. No permission is required from the authors or the publishers.  ====================================================================================

Trace malicious source to guarantee cyber security for mass monitor critical infrastructure

The proposed traceback scheme does not take into account the trust of node which leads to the low effectiveness. A trust-aware probability marking (TAPM) traceback scheme is proposed to locate malicious source quickly. In TAPM scheme, the node is marked with difference marking probability according to its trust which is deduced by trust evaluation. The high marking probability for low trust node can locate malicious source quickly, and the low marking probability for high trust node can reduce the number of marking to improve the network lifetime, so the security and the network lifetime can be improved in TAPM scheme

Informacijos saugos valdymo karkasas smulkiam ir vidutiniam verslui

Information security is one of the concerns any organization or person faces. The list of new threats appears, and information security management mechanisms have to be established and continuously updated to be able to fight against possible security issues. To be up to date with existing information technology threats and prevention, protection, maintenance possibilities, more significant organizations establish positions or even departments, to be responsible for the information security management. However, small and medium enterprise (SME) does not have enough capacities. Therefore, the information security management situation in SMEs is fragmented and needs improvement. In this thesis, the problem of information security management in the small and medium enterprise is analyzed. It aims to simplify the information security management process in the small and medium enterprise by proposing concentrated information and tools in information security management framework. Existence of an information security framework could motivate SME to use it in practice and lead to an increase of SME security level. The dissertation consists of an introduction, four main chapters and general conclusions. The first chapter introduces the problem of information security management and its’ automation. Moreover, state-of-the-art frameworks for information security management in SME are analyzed and compared. The second chapter proposes a novel information security management framework and guidelines on its adoption. The framework is designed based on existing methodologies and frameworks. A need for a model for security evaluation based on the organization’s management structure noticed in chapter two; therefore, new probability theory-based model for organizations information flow security level estimation presented in chapter three. The fourth chapter presents the validation of proposed security evaluation models by showing results of a case study and experts ranking of the same situations. The multi-criteria analysis was executed to evaluate the ISMF suitability to be applied in a small and medium enterprise. In this chapter, we also analyze the opinion of information technology employees in an SME on newly proposed information security management framework as well as a new model for information security level estimation. The thesis is summarized by the general conclusions which confirm the need of newly proposed framework and associated tools as well as its suitability to be used in SME to increase the understanding of current information security threat situation.Dissertatio