12,284 research outputs found
Implementation of risk management in library information system at Surabaya City Library
Libraries may be at risk of data security issues. The threat of data loss or data damage is prone to occur in libraries. Information technology embedded in libraries has developed Artificial Intelligence (AI) for information retrieval systems. The application of information technology in the Surabaya City Library has potential risks to data security and force majeure aspects so that need a disaster mitigation plant. This study aimed to implement information system risk management at Surabaya City Libraries as a disaster mitigation plan. The research method was descriptive qualitative. Based on the risk analysis, the recommendations for applying risk to information technology Surabaya City Library were elimination and engineering. The manifestation of these two recommendations made the data access protocol use multiple authentications to avoid data theft attempts due to infiltration, hacking, and cracking. Study results recommended a protocol for each data access. The protocol would save every change, deletion, and system login in the log history. Implementing data authentication twice per login can avoid data theft caused by the intrusion. This activity log is used for activity tracking when the system is infiltrated. The limitation of this study lies in the scope of the research object, namely the library, which has limitations on the system or application used and does not impact the wider community. Conclusion of research, the library can implement risk management strategy with elimination and engineering models through recording system login activities, which mitigate the risk of data breaches originating from insiders
Post-Westgate SWAT : C4ISTAR Architectural Framework for Autonomous Network Integrated Multifaceted Warfighting Solutions Version 1.0 : A Peer-Reviewed Monograph
Police SWAT teams and Military Special Forces face mounting pressure and
challenges from adversaries that can only be resolved by way of ever more
sophisticated inputs into tactical operations. Lethal Autonomy provides
constrained military/security forces with a viable option, but only if
implementation has got proper empirically supported foundations. Autonomous
weapon systems can be designed and developed to conduct ground, air and naval
operations. This monograph offers some insights into the challenges of
developing legal, reliable and ethical forms of autonomous weapons, that
address the gap between Police or Law Enforcement and Military operations that
is growing exponentially small. National adversaries are today in many
instances hybrid threats, that manifest criminal and military traits, these
often require deployment of hybrid-capability autonomous weapons imbued with
the capability to taken on both Military and/or Security objectives. The
Westgate Terrorist Attack of 21st September 2013 in the Westlands suburb of
Nairobi, Kenya is a very clear manifestation of the hybrid combat scenario that
required military response and police investigations against a fighting cell of
the Somalia based globally networked Al Shabaab terrorist group.Comment: 52 pages, 6 Figures, over 40 references, reviewed by a reade
On Evaluating Commercial Cloud Services: A Systematic Review
Background: Cloud Computing is increasingly booming in industry with many
competing providers and services. Accordingly, evaluation of commercial Cloud
services is necessary. However, the existing evaluation studies are relatively
chaotic. There exists tremendous confusion and gap between practices and theory
about Cloud services evaluation. Aim: To facilitate relieving the
aforementioned chaos, this work aims to synthesize the existing evaluation
implementations to outline the state-of-the-practice and also identify research
opportunities in Cloud services evaluation. Method: Based on a conceptual
evaluation model comprising six steps, the Systematic Literature Review (SLR)
method was employed to collect relevant evidence to investigate the Cloud
services evaluation step by step. Results: This SLR identified 82 relevant
evaluation studies. The overall data collected from these studies essentially
represent the current practical landscape of implementing Cloud services
evaluation, and in turn can be reused to facilitate future evaluation work.
Conclusions: Evaluation of commercial Cloud services has become a world-wide
research topic. Some of the findings of this SLR identify several research gaps
in the area of Cloud services evaluation (e.g., the Elasticity and Security
evaluation of commercial Cloud services could be a long-term challenge), while
some other findings suggest the trend of applying commercial Cloud services
(e.g., compared with PaaS, IaaS seems more suitable for customers and is
particularly important in industry). This SLR study itself also confirms some
previous experiences and reveals new Evidence-Based Software Engineering (EBSE)
lessons
The future of Cybersecurity in Italy: Strategic focus area
This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management
SciTech News Volume 71, No. 1 (2017)
Columns and Reports From the Editor 3
Division News Science-Technology Division 5 Chemistry Division 8 Engineering Division Aerospace Section of the Engineering Division 9 Architecture, Building Engineering, Construction and Design Section of the Engineering Division 11
Reviews Sci-Tech Book News Reviews 12
Advertisements IEEE
Economics and Engineering for Preserving Digital Content
Progress towards practical long-term preservation seems to be stalled. Preservationists cannot afford specially developed technology, but must exploit what is created for the marketplace.
Economic and technical facts suggest that most preservation ork should be shifted from repository institutions to information producers and consumers. Prior publications describe solutions for all known conceptual challenges of preserving a single digital object, but do not deal with software development or scaling to large collections. Much of the document handling software needed is available. It has, however, not yet been selected, adapted, integrated, or
deployed for digital preservation. The daily tools of both information producers and information consumers can be extended to embed preservation packaging without much burdening these users.
We describe a practical strategy for detailed design and implementation. Document handling is intrinsically complicated because of human sensitivity to communication nuances. Our engineering section therefore starts by discussing how project managers can master the many pertinent details.
Migrating to Post-Quantum Cryptography: a Framework Using Security Dependency Analysis
Quantum computing is emerging as an unprecedented threat to the current state
of widely used cryptographic systems. Cryptographic methods that have been
considered secure for decades will likely be broken, with enormous impact on
the security of sensitive data and communications in enterprises worldwide. A
plan to migrate to quantum-resistant cryptographic systems is required.
However, migrating an enterprise system to ensure a quantum-safe state is a
complex process. Enterprises will require systematic guidance to perform this
migration to remain resilient in a post-quantum era, as many organisations do
not have staff with the expertise to manage this process unaided. This paper
presents a comprehensive framework designed to aid enterprises in their
migration. The framework articulates key steps and technical considerations in
the cryptographic migration process. It makes use of existing organisational
inventories and provides a roadmap for prioritising the replacement of
cryptosystems in a post-quantum context. The framework enables the efficient
identification of cryptographic objects, and can be integrated with other
frameworks in enterprise settings to minimise operational disruption during
migration. Practical case studies are included to demonstrate the utility and
efficacy of the proposed framework using graph theoretic techniques to
determine and evaluate cryptographic dependencies.Comment: 21 Page
Search based software engineering: Trends, techniques and applications
© ACM, 2012. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version is available from the link below.In the past five years there has been a dramatic increase in work on Search-Based Software Engineering (SBSE), an approach to Software Engineering (SE) in which Search-Based Optimization (SBO) algorithms are used to address problems in SE. SBSE has been applied to problems throughout the SE lifecycle, from requirements and project planning to maintenance and reengineering. The approach is attractive because it offers a suite of adaptive automated and semiautomated solutions in situations typified by large complex problem spaces with multiple competing and conflicting objectives.
This article provides a review and classification of literature on SBSE. The work identifies research trends and relationships between the techniques applied and the applications to which they have been applied and highlights gaps in the literature and avenues for further research.EPSRC and E
Current established risk assessment methodologies and tools
The technology behind information systems evolves at an exponential rate, while at the same time becoming more and more ubiquitous. This brings with it an implicit rise in the average complexity of systems as well as the number of external interactions. In order to allow a proper assessment of the security of such (sub)systems, a whole arsenal of methodologies, methods and tools have been developed in recent years. However, most security auditors commonly use a very small subset of this collection, that best suits their needs. This thesis aims at uncovering the differences and limitations of the most common Risk Assessment frameworks, the conceptual models that support them, as well as the tools that implement them. This is done in order to gain a better understanding of the applicability of each method and/or tool and suggest guidelines to picking the most suitable one
- …