MEASUREMENT OF INFORMATION SECURITY AND PRIVACY AWARENESS USING THE MULTIPLE CRITERIA DECISION ANALYSIS (MCDA) METHOD

Information security is an asset that has value so it must be protected, along with increasing assets it is undeniable that many people wish to gain access and control it so that behind the convenience in the digital world there are many risks to information assets. There are several cases that occur related to information security such as data theft, illegal access, information leakage and vandalism where this becomes the privacy of the user. So it is necessary to do research from the user's perspective to measure the level of information security and privacy awareness of students and lecturers as well as recommendations that will be suggested based on the results of measuring information security and privacy awareness. The objects in this research are students and lecturers at the XYZ University. The method used is Multiple Criteria Decision Analysis (MCDA) by measuring the dimensions of knowledge, attitude, behavior in six areas of information security and three areas of privacy. Data were obtained by distributing questionnaires using a Likert scale of 5. Based on the questionnaire from the respondents, it can be seen students and lecturers have awareness that is at a "good" level of 85% in information security while privacy is at a "good" level with a result of 89% but in the behavior dimension there are several areas that are included in the "average" level including the area passwords by 62%, mobile equipment area by 77% incident area by 70% and on privacy security on the behavior dimension there is one area namely the login activity area by 78% so this needs to be given recommendations for improvement in order to reach a "good" level by providing socialization/ training for students and lecturer

Mobile-Based Applications:The Legal Challenges on Data Privacy

The mobile-based apps used is getting popular and continued to increased. Mobile user often downloaded the apps from various sources that provided from numerous of categorization of the application included health apps. Some of apps is optional to choose, but nevertheless, there are several apps is compulsory or must-action by citizens as instructed by the government or their agency. As for that, some issues of legal challenges on data privacy kin to data security have occurred. The issues on legal challenges is more intricate for non-legal educated users with non-awareness citizens while there are government involvements. Hence, in this paper, the issues and the legal challenges on the data privacy for mobile-based application are reviewed to give awareness for both side, the users (citizens) and apps provider (government or developer). Together with that, the idea of action, such as recommendation and option to react with the issues and challenges are also presented. Several Acts (legislation) are also proposed according to the legal issues and challenges that occurred, as showed the Personal Data Protection Act (PDPA) 2010 is became as the famous act used to confront with the existing privacy legislation in mobile-based application. The suggestions and recommendations might assist citizens to keep stand with their rights on data privacy issues in mobile apps, and to the other-side, it might provide some idea be more precise when create and develop the mobile apps.</p

Risk-Based Approach in the Self-Assessment of Nuclear Security Culture for Users of Radioactive Sources

The current emphasis on the need to protect radioactive sources from being used for malicious purposes makes it imperative to explore and shape an appropriate culture-based response. Promoting a robust security culture is consistent with the international legal instruments and standards including the Code of Conduct for the Safety and Security of Radioactive Sources and IAEA guidance publications. This promotion would be dependent upon the successful implementation of relevant self-assessment tools and a series of culture indicators, both of which would serve as benchmarks to take a culture’s measure and identify practical ways to improve security. This approach must adjust the generic IAEA model and self-assessment methodology for nuclear security culture in order to accommodate the specific requirements in operation when using radioactive sources. Though the IAEA’s concept of security culture and its self-assessment recommendations are designed to be generic in order to apply to a wide range of facilities and activities, the modifications proposed in this paper are needed to make those recommendations more user friendly and consistent with the security risks and requirements. The distinct features of the proposed recommendations, to be reflected in the new design of security culture, can be summarized as: continued prevalence of safety orientation, application in diverse work environments, multiple and inter-modal transport, integration of host organizations into overall security regime, mobile and portable operation, limited security awareness and resources, and disposal challenges. These special features also justify a differentiated approach to security culture inside organizations licensed to use radioactive sources. More frequent and more concerted efforts, including training and self-assessment, are expected to focus on a select group of employees who have direct relationships with radioactive sources (e.g. management teams, security personnel, operational staff, technicians and others). For other employees, efforts would be made concurrently to engage them in the process of raising security awareness, a less proactive endeavor than the development of security culture. The proposed differentiation is a targeted approach designed to make time and resource investment in training and culture assessment commensurate with specific roles and responsibilities of individuals. This risk-based approach can facilitate a more robust and sustainable security regime for radioactive sources throughout their life cycle, i.e. from cradle to grave

Security Evaluation of Cyber-Physical Systems in Society- Critical Internet of Things

In this paper, we present evaluation of security awareness of developers and users of cyber-physical systems. Our study includes interviews, workshops, surveys and one practical evaluation. We conducted 15 interviews and conducted survey with 55 respondents coming primarily from industry. Furthermore, we performed practical evaluation of current state of practice for a society-critical application, a commercial vehicle, and reconfirmed our findings discussing an attack vector for an off-line societycritical facility. More work is necessary to increase usage of security strategies, available methods, processes and standards. The security information, currently often insufficient, should be provided in the user manuals of products and services to protect system users. We confirmed it lately when we conducted an additional survey of users, with users feeling as left out in their quest for own security and privacy. Finally, hardware-related security questions begin to come up on the agenda, with a general increase of interest and awareness of hardware contribution to the overall cyber-physical security. At the end of this paper we discuss possible countermeasures for dealing with threats in infrastructures, highlighting the role of authorities in this quest

Generic system architecture for context-aware, distributed recommendation

In the existing literature on recommender systems, it is difficult to find an architecture for large-scale implementation. Often, the architectures proposed in papers are specific to an algorithm implementation or a domain. Thus, there is no clear architectural starting point for a new recommender system. This paper presents an architecture blueprint for a context-aware recommender system that provides scalability, availability, and security for its users. The architecture also contributes the dynamic ability to switch between single-device (offline), client-server (online), and fully distributed implementations. From this blueprint, a new recommender system could be built with minimal design and implementation effort regardless of the application.Electrical and Computer Engineerin

Architecture and Implementation of a Trust Model for Pervasive Applications

Collaborative effort to share resources is a significant feature of pervasive computing environments. To achieve secure service discovery and sharing, and to distinguish between malevolent and benevolent entities, trust models must be defined. It is critical to estimate a device\u27s initial trust value because of the transient nature of pervasive smart space; however, most of the prior research work on trust models for pervasive applications used the notion of constant initial trust assignment. In this paper, we design and implement a trust model called DIRT. We categorize services in different security levels and depending on the service requester\u27s context information, we calculate the initial trust value. Our trust value is assigned for each device and for each service. Our overall trust estimation for a service depends on the recommendations of the neighbouring devices, inference from other service-trust values for that device, and direct trust experience. We provide an extensive survey of related work, and we demonstrate the distinguishing features of our proposed model with respect to the existing models. We implement a healthcare-monitoring application and a location-based service prototype over DIRT. We also provide a performance analysis of the model with respect to some of its important characteristics tested in various scenarios

User Perceptions of Smart Home IoT Privacy

Smart home Internet of Things (IoT) devices are rapidly increasing in popularity, with more households including Internet-connected devices that continuously monitor user activities. In this study, we conduct eleven semi-structured interviews with smart home owners, investigating their reasons for purchasing IoT devices, perceptions of smart home privacy risks, and actions taken to protect their privacy from those external to the home who create, manage, track, or regulate IoT devices and/or their data. We note several recurring themes. First, users' desires for convenience and connectedness dictate their privacy-related behaviors for dealing with external entities, such as device manufacturers, Internet Service Providers, governments, and advertisers. Second, user opinions about external entities collecting smart home data depend on perceived benefit from these entities. Third, users trust IoT device manufacturers to protect their privacy but do not verify that these protections are in place. Fourth, users are unaware of privacy risks from inference algorithms operating on data from non-audio/visual devices. These findings motivate several recommendations for device designers, researchers, and industry standards to better match device privacy features to the expectations and preferences of smart home owners.Comment: 20 pages, 1 tabl

Security models for trusting network appliances

A significant characteristic of pervasive computing is the need for secure interactions between highly mobile entities and the services in their environment. Moreover,these decentralised systems are also characterised by partial views over the state of the global environment, implying that we cannot guarantee verification of the properties of the mobile entity entering an unfamiliar domain. Secure in this context encompasses both the need for cryptographic security and the need for trust, on the part of both parties, that the interaction is functioning as expected. In this paper we make a broad assumption that trust and cryptographic security can be considered as orthogonal concerns (i.e. cryptographic measures do not ensure transmission of correct information). We assume the existence of reliable encryption techniques and focus on the characteristics of a model that supports the management of the trust relationships between two devices during ad-hoc interactions

Encouraging Privacy-Aware Smartphone App Installation: Finding out what the Technically-Adept Do

Smartphone apps can harvest very personal details from the phone with ease. This is a particular privacy concern. Unthinking installation of untrustworthy apps constitutes risky behaviour. This could be due to poor awareness or a lack of knowhow: knowledge of how to go about protecting privacy. It seems that Smartphone owners proceed with installation, ignoring any misgivings they might have, and thereby irretrievably sacrifice their privacy

Privacy, security, and trust issues in smart environments

Recent advances in networking, handheld computing and sensor technologies have driven forward research towards the realisation of Mark Weiser's dream of calm and ubiquitous computing (variously called pervasive computing, ambient computing, active spaces, the disappearing computer or context-aware computing). In turn, this has led to the emergence of smart environments as one significant facet of research in this domain. A smart environment, or space, is a region of the real world that is extensively equipped with sensors, actuators and computing components [1]. In effect the smart space becomes a part of a larger information system: with all actions within the space potentially affecting the underlying computer applications, which may themselves affect the space through the actuators. Such smart environments have tremendous potential within many application areas to improve the utility of a space. Consider the potential offered by a smart environment that prolongs the time an elderly or infirm person can live an independent life or the potential offered by a smart environment that supports vicarious learning