Factors that contribute to the organization performance in Bank Kerjasama Rakyat Malaysia Berhad / Nik Nurul Idayu Nik Yahya

The main purpose the establishment of bank is to provide a safety place to safe deposits by customer. It provides more security and customer will gaining more benefit with bank relationship. In this study, the focuses on factors that contribute to the Bank Kerjasama Rakyat Malaysia Berhad with the selected variables were examined. The sample banks that choose are Bank Kerjasama Rakyat Malaysia Berhad headquarters and selected branches. This paper presents an alternative perspective on the relationship of organization performance and knowledge acquisition, knowledge sharing, learning environment, meeting learning and development needs and applying learning at the workplace. The dependent variable is organization performance and independent variables would be knowledge acquisition, knowledge sharing, learning environment, identifying learning and development needs, meeting learning and development needs and applying learning at the workplace. By using SPSS software (version 16.0), Multiple Regression, Regression Coefficient, Coefficient of Determination (R2), Alpha Cronbach’s, and Pearson Correlation were analysed and interpreted from data collected. By using Analyse and choose Scale for Reliability tested, knowledge acquisition, knowledge sharing, learning environment and applying learning at the workplace are significant for Bank Rakyat Kerjasama Malaysia Berhad. Meeting learning and development needs have acceptable result

Utilizing public repositories to improve the decision process for security defect resolution and information reuse in the development environment

Security risks are contained in solutions in software systems that could have been avoided if the design choices were analyzed by using public information security data sources. Public security sources have been shown to contain more relevant and recent information on current technologies than any textbook or research article, and these sources are often used by developers for solving software related problems. However, solutions copied from public discussion forums such as StackOverflow may contain security implications when copied directly into the developers environment. Several different methods to identify security bugs are being implemented, and recent efforts are looking into identifying security bugs from communication artifacts during software development lifecycle as well as using public security information sources to support secure design and development. The primary goal of this thesis is to investigate how to utilize public information sources to reduce security defects in software artifacts through improving the decision process for defect resolution and information reuse in the development environment. We build a data collection tool for collecting data from public information security sources and public discussion forums, construct machine learning models for classifying discussion forum posts and bug reports as security or not-security related, as well as word embedding models for finding matches between public security sources and public discussion forum posts or bug reports. The results of this thesis demonstrate that using public information security sources can provide additional validation layers for defect classification models, as well as provide additional security context for public discussion forum posts. The contributions of this thesis are to provide understanding of how public information security sources can better provide context for bug reports and discussion forums. Additionally, we provide data collection APIs for collecting datasets from these sources, and classification and word embedding models for recommending related security sources for bug reports and public discussion forum posts.Masteroppgave i Programutvikling samarbeid med HVLPROG399MAMN-PRO

Horizontal Federated Learning and Secure Distributed Training for Recommendation System with Intel SGX

With the advent of big data era and the development of artificial intelligence and other technologies, data security and privacy protection have become more important. Recommendation systems have many applications in our society, but the model construction of recommendation systems is often inseparable from users' data. Especially for deep learning-based recommendation systems, due to the complexity of the model and the characteristics of deep learning itself, its training process not only requires long training time and abundant computational resources but also needs to use a large amount of user data, which poses a considerable challenge in terms of data security and privacy protection. How to train a distributed recommendation system while ensuring data security has become an urgent problem to be solved. In this paper, we implement two schemes, Horizontal Federated Learning and Secure Distributed Training, based on Intel SGX(Software Guard Extensions), an implementation of a trusted execution environment, and TensorFlow framework, to achieve secure, distributed recommendation system-based learning schemes in different scenarios. We experiment on the classical Deep Learning Recommendation Model (DLRM), which is a neural network-based machine learning model designed for personalization and recommendation, and the results show that our implementation introduces approximately no loss in model performance. The training speed is within acceptable limits.Comment: 5 pages, 8 figure

Development of the Web-Based Admissions and Management System for IELP

The academic program The Intensive English Language Program (IELP) at the University of New Orleans (UNO) offers one of the most effective and diverse language programs in the United States. This thesis is to report the development of the Webbased database application that manages admissions, students learning progress, and course offering of this program. The system development followed a simplified Unified Process for Software Development (UP) using the Unified Modeling Language (UML) models such as the requirement catch model – use cases, the analysis model – activity diagrams, and the design model –communication diagrams. The new system has met and exceeded all the business requirements and has been operating to support the further growth of the IELP at UNO. Significant attention has been given to information security; multiple techniques have been applied in addition to the security measures enforced in the hosting environment – the University Computing Center

Analysis of Theoretical and Applied Machine Learning Models for Network Intrusion Detection

Network Intrusion Detection System (IDS) devices play a crucial role in the realm of network security. These systems generate alerts for security analysts by performing signature-based and anomaly-based detection on malicious network traffic. However, there are several challenges when configuring and fine-tuning these IDS devices for high accuracy and precision. Machine learning utilizes a variety of algorithms and unique dataset input to generate models for effective classification. These machine learning techniques can be applied to IDS devices to classify and filter anomalous network traffic. This combination of machine learning and network security provides improved automated network defense by developing highly-optimized IDS models that utilize unique algorithms for enhanced intrusion detection. Machine learning models can be trained using a combination of machine learning algorithms, network intrusion datasets, and optimization techniques. This study sought to identify which variation of these parameters yielded the best-performing network intrusion detection models, measured by their accuracy, precision, recall, and F1 score metrics. Additionally, this research aimed to validate theoretical models’ metrics by applying them in a real-world environment to see if they perform as expected. This research utilized a quantitative experimental study design to organize a two-phase approach to train and test a series of machine learning models for network intrusion detection by utilizing Python scripting, the scikit-learn library, and Zeek IDS software. The first phase involved optimizing and training 105 machine learning models by testing a combination of seven machine learning algorithms, five network intrusion datasets, and three optimization methods. These 105 models were then fed into the second phase, where the models were applied in a machine learning IDS pipeline to observe how the models performed in an implemented environment. The results of this study identify which algorithms, datasets, and optimization methods generate the best-performing models for network intrusion detection. This research also showcases the need to utilize various algorithms and datasets since no individual algorithm or dataset consistently achieved high metric scores independent of other training variables. Additionally, this research also indicates that optimization during model development is highly recommended; however, there may not be a need to test for multiple optimization methods since they did not typically impact the yielded models’ overall categorization of v success or failure. Lastly, this study’s results strongly indicate that theoretical machine learning models will most likely perform significantly worse when applied in an implemented IDS ML pipeline environment. This study can be utilized by other industry professionals and research academics in the fields of information security and machine learning to generate better highly-optimized models for their work environments or experimental research

DevOps in an ISO 13485 Regulated Environment: A Multivocal Literature Review

Background: Medical device development projects must follow proper directives and regulations to be able to market and sell the end-product in their respective territories. The regulations describe requirements that seem to be opposite to efficient software development and short time-to-market. As agile approaches, like DevOps, are becoming more and more popular in software industry, a discrepancy between these modern methods and traditional regulated development has been reported. Although examples of successful adoption in this context exist, the research is sparse. Aims: The objective of this study is twofold: to review the current state of DevOps adoption in regulated medical device environment; and to propose a checklist based on that review for introducing DevOps in that context. Method: A multivocal literature review is performed and evidence is synthesized from sources published between 2015 to March of 2020 to capture the opinions of experts and community in this field. Results: Our findings reveal that adoption of DevOps in a regulated medical device environment such as ISO 13485 has its challenges, but potential benefits may outweigh those in areas such as regulatory, compliance, security, organizational and technical. Conclusion: DevOps for regulated medical device environments is a highly appealing approach as compared to traditional methods and could be particularly suited for regulated medical development. However, an organization must properly anchor a transition to DevOps in top-level management and be supportive in the initial phase utilizing professional coaching and space for iterative learning; as such an initiative is a complex organizational and technical task.Comment: ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM '20), October 8--9, 2020, Bari, Ital

Game Based Learning for Safety and Security Education

Safety and security education are important part of technology related education, because of recent number of increase in safety and security related incidents. Game based learning is an emerging and rapidly advancing forms of computer-assisted instruction. Game based learning for safety and security education enables students to learn concepts and skills without the risk of physical injury and security breach. In this paper, a pedestal grinder safety game and physical security game have been developed using industrial standard modeling and game development software. The average score of the knowledge test of grinder safety game was 82%, which is higher than traditional lecture only instruction method. In addition, the survey of physical security game shows 84% average satisfaction ratio from high school students who played the game during the summer camp. The results of these studies indicated that game based learning method can enhance students' learning without potential harm to the students

Open ICT tools project

The paper will introduce a project titled the ‘Open ICT Tools’ which aims to explore and trial out ICT tools to facilitate a global collaborative and secured engagement with external business and community partners. The challenge is to facilitate a communication and multimedia data exchange between Northumbria University and participating external educational and business organisations without compromising the security of either Northumbria University IT infrastructure or that of the partner organisations. This is one of eight projects funded by the JISC infoNet from across the country under its Trialling of Online Collaborative Tools for Business and Community Engagement programme. The Open ICT Tools project is directly connected with the Global Studio, an innovative model of research informed teaching and learning. The Global Studio is a cross-institutional collaboration between Northumbria University and international universities based in the USA, Australia, UK and Korea as well as industry partners such as Intel, Motorola and Inverness Medical. The Global Studio was initiated by the School of Design three years ago and since then it included nearly 300 students from six international universities such as Hong-ik in Korea and RMIT in Australia. The aim of the Global Studio is to equip design students with skills for working in globally networked organisations particularly development of skills in intercultural communication and collaboration. To achieve this aim, students from the participating universities work together on industry led projects. However, attempting to use existing university technical infrastructure has been problematic. A particular problem relates to software licence agreements, which limit use of certain software and/or the virtual learning environment to a particular institution’s students. Attempts to use open source software has not been straightforward, for example using Skype for synchronous cross – institutional communication has often failed as students cannot log into a university’s technical infrastructure, begin a Skype based dialogue with students in another institution and simultaneously view a PowerPoint presentation. Online file sharing has often failed, primarily due to the file size. Therefore the aim of the Global Studio project is to build on the excellent ICT infrastructure at Northumbria and to identify and trial a diverse range of collaborative Information Communication Technology (ICT) tools that: (a) could support engagement between the university and its external collaborative business and community partners and (b) be embedded with the current university IT infrastructure. This paper explores how various ICTs are being trialled in the Global Studio to facilitate information and data exchange between students, teachers and industry partners and how this enables/constrains collaboration. The paper will explore the technologies that have been chosen as well as the rationale underpinning their choice