Research Analysis of Cyber Security

In an age of cyber technology with it fast pacing and ever evolving, securing data in cyber space is a major enigmawhich needs to be resolved.With vulnerabilities everywhere, data security and privacy is always at risk. This specially comes in play when services of third party are used knowingly or unknowingly. Government and business organizations are testing and implementing security and monitoring techniques to stand a better chance in raging war against cyber-crimes. Moreover, the formulation of new methods also poses new limitations of the systems as well as the users like lack of efficiency or complexity which need to be resolved in order to get better results. In this research paper some of those limitations and their solutions are discussed

How to Cultivate Cyber Security Culture? The Evidences from Literature

Cyber Security Culture (CSC) is a culture that could produce a secure cyber space and could improve the quality of cyber world engagement. Despite many benefits that could be offered by CSC, there is a lack of models and guidelines on how to cultivate this culture. This paper discusses the concept of CSC model in terms of elements that form the model to suggest how CSC could be cultivated. Information Security Culture (ISC) model developed by [1] is used as a framework in discussing the concept of CSC. A literature search also is conducted to find and analyses the most suitable elements for CSC. A new model of CSC was proposed as a result of this study. The findings could provide better understanding of CSC and could be used as baseline to conduct more research on CSC

Evaluasi Tingkat Kapabilitas Keamanan Sistem Informasi Menggunakan Kerangka Kerja Cobit 2019

Ketergantungan organisasi terhadap dukungan teknologi informasi semakin besar. Proses bisnis saat ini hampir tidak ada yang tidak menggunakan teknologi informasi untuk meningkatkan daya saing. Penggunaan teknologi informasi harus disertasi dengan peningkatan keamanan informasinya. Gangguan terhadap keamanan informasi di organisasi akan menghambat pencapaian tujuan dan strategi organisasi. Informasi saat ini merupakan aset yang sangat penting bagi universitas XYZ, karena itu evaluasi terhadap seberapa baik pengendalian dan kegiatan dalam melindungi aset informasi perlu dilakukan di universitas XYZ. Evaluasi dilakukan menggunakan kerangka kerja COBIT 2019 pada domain APO12, APO13 dan DSS05 untuk mengidentifikasi berapa tingkat kapabilitas universitas XYZ dalam mengelola keamanan informasi. Hasil evaluasi menunjukkan pengelolaan keamanan informasi di Universitas XYZ masih di tingkat kepabilitas 2 untuk domain APO12, APO13 dan DSS05. Telah dihasilkan 17 rekomendasi perbaikan peningkatan implementasi keamanan informasi

Fine Grained Approach for Domain Specific Seed URL Extraction

Domain Specific Search Engines are expected to provide relevant search results. Availability of enormous number of URLs across subdomains improves relevance of domain specific search engines. The current methods for seed URLs can be systematic ensuring representation of subdomains. We propose a fine grained approach for automatic extraction of seed URLs at subdomain level using Wikipedia and Twitter as repositories. A SeedRel metric and a Diversity Index for seed URL relevance are proposed to measure subdomain coverage. We implemented our approach for \u27Security - Information and Cyber\u27 domain and identified 34,007 Seed URLs and 400,726 URLs across subdomains. The measured Diversity index value of 2.10 conforms that all subdomains are represented, hence, a relevant \u27Security Search Engine\u27 can be built. Our approach also extracted more URLs (seed and child) as compared to existing approaches for URL extraction

Pengaruh Analisis Kebutuhan Pelatihan Budaya Keamanan Siber Sebagai Upaya Pengembangan Kompetensi bagi Aparatur Sipil Negara di Era Digital

The results of Monitoring and Evaluation of Electronic-Based Government Systems (SPBE) that not been optimal, the high incidence of cyber in the government domain. go.id due to system vulnerability as well as the number of government pages with unsafe conditions and not in accordance with existing international standards, show the need for ASN as a manager of digital competence to oversee digitalization in the government environment. To discuss this issue, the method chosen was the study of literature, by reviewing various literature and collection of research results in accordance with the problem. Descriptive qualitative analysis using the technique "PRISMA protocol". The findings of this study are important for designing training programs as part of the development of sustainable digital ASN competencies, specifically related to training in cybersecurity culture in government environments, especially in public services. Given the technology and knowledge of hacking efforts in cybercrime is developing very fast, it is necessary to anticipate investment in human resources through training in cybersecurity cultureHasil Pemantauan dan Evaluasi Sistem Pemerintahan Berbasis Elektronik (SPBE) yang belum optimal dan tingginya insiden siber pada domain pemerintah.go.id akibat dari kerentanan sistem serta masih banyaknya laman pemerintah dengan kondisi tidak aman dan belum sesuai standar internasional yang ada menyiratkan adanya kebutuhan ASN sebagai pengelola yang berkompetensi digital untuk mengawal digitalisasi di lingkungan pemerintahan. Metode yang dipilih adalah studi kepustakaan dengan meninjau berbagai literatur dan kumpulan hasil-hasil penelitian sesuai dengan permasalahan. Analisis deskriptif kualitatif menggunakan teknik “PRISMA protokol”. Temuan dari penelitian ini penting untuk merancang program pelatihan sebagai bagian dari pengembangan kompetensi digital ASN yang berkelanjutan, khususnya terkait pelatihan budaya keamanan siber di lingkungan pemerintahan, terutama dalam pelayanan publiknya. Mengingat teknologi dan pengetahuan tentang upaya peretasan dalam kejahatan siber berkembang sangat cepat, perlu antisipasi investasi sumber daya manusia melalui pelatihan budaya keamanan siber

Developing a Cyber Security Culture: Current Practices and Future Needs

While the creation of a strong security culture has been researched and discussed for decades, it continues to elude many businesses. Part of the challenge faced is distilling pertinent, recent academic findings and research into useful guidance. In this article, we aim to tackle this issue by conducting a state-of-the-art study into organisational cyber security culture research. This work investigates four questions, including how cyber security culture is defined, what factors are essential to building and maintaining such a culture, the frameworks proposed to cultivate a security culture and the metrics suggested to assess it. Through the application of the PRISMA systematic literature review technique, we identify and analyse 58 research articles from the last 10 years (2010-2020). Our findings demonstrate that while there have been notable changes in the use of terms (e.g., information security culture and cyber security culture), many of the most influential factors across papers are similar. Top management support, policy and procedures, and awareness for instance, are critical in engendering cyber security culture. Many of the frameworks reviewed revealed common foundations, with organisational culture playing a substantial role in crafting appropriate cyber security culture models. Questionnaires and surveys are the most used tool to measure cyber security culture, but there are also concerns as to whether more dynamic measures are needed. For practitioners, this article highlights factors and models essential to the creation and management of a robust security culture. For research, we produce an up-to-date characterisation of the field and also define open issues deserving of further attention such as the role of change management processes and national culture in an enterprise's cyber security culture

Guidelines for cybersecurity education campaigns

In our technology- and information-infused world, cyberspace is an integral part of modern-day society. As the number of active cyberspace users increases, so too does the chances of a cyber threat finding a vulnerable target increase. All cyber users who are exposed to cyber risks need to be educated about cyber security. Human beings play a key role in the implementation and governing of an entire cybersecurity and cybersafety solution. The effectiveness of any cybersecurity and cybersafety solutions in a societal or individual context is dependent on the human beings involved in the process. If these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in these cybersecurity solutions. It is essential that all users be educated to combat any threats. Children are a particularly vulnerable subgroup within society. They are digital natives and make use of ICT, and online services with increasing frequency, but this does not mean they are knowledgeable about or behaving securely in their cyber activities. Children will be exposed to cyberspace throughout their lifetimes. Therefore, cybersecurity and cybersafety should be taught to children as a life-skill. There is a lack of well-known, comprehensive cybersecurity and cybersafety educational campaigns which target school children. Most existing information security and cybersecurity education campaigns limit their scope. Literature reports mainly on education campaigns focused on primary businesses, government agencies and tertiary education institutions. Additionally, most guidance for the design and implementation of security and safety campaigns: are for an organisational context, only target organisational users, and mostly provide high-level design recommendations. This thesis addressed the lack of guidance for designing and implementing cybersecurity and cybersafety educational campaigns suited to school learners as a target audience. The thesis aimed to offer guidance for designing and implementing education campaigns that educate school learners about cybersecurity and cybersafety. This was done through the implementation of an action research process over a five-year period. The action research process involved cybersecurity and cybersafety educational interventions at multiple schools. A total of 18 actionable guidelines were derived from this research to guide the design and implementation of cybersecurity and cybersafety education campaigns which aim to educate school children