543 research outputs found

    Exploring The Role Of Cyber Security Measures (Encryption, Firewalls, And Authentication Protocols) In Preventing Cyber-Attacks On E-Commerce Platforms

    Get PDF
    The present study seeks to examine the significance of cybersecurity measures, specifically encryption strength (ES), firewall configuration (FC), and authentication protocols (AP), in protecting e-commerce platforms against cyber-attacks. The data collection process involved the administration of a survey to IT professionals responsible for overseeing e-commerce operations in a range of organisations located in Saudi Arabia. A convenience sampling method was employed to distribute a total of 300 questionnaires, out of which 190 completed responses were selected for analysis. The measurement model, which encompassed variables such as ES, FC, AP, security training (ST), cyber-attack incidents (CAI), customer trust (CT), and incident response time (IRT), was estimated using the structural equation model in Amos. The results of this study provide insights into the relationship between cybersecurity measures and their influence on the frequency of cyberattacks. The study highlights the significance of encryption, firewall configuration, and authentication protocols in strengthening e- commerce platforms. Additionally, this study examines the impact of security training on the improvement of overall cybersecurity posture and its subsequent effect on customer trust. The examination also takes into account the duration of incident response as a critical element in minimising the consequences of cyber incidents. The findings obtained from this study contribute to a more comprehensive comprehension of the cybersecurity environment within the realm of electronic commerce

    Exploring Current Trends and Challenges in Cybersecurity: A Comprehensive Survey

    Get PDF
    Cyber security is the process of preventing unauthorized access, theft, damage, and interruption to computers, servers, networks, and data. It entails putting policies into place to guarantee the availability, confidentiality, and integrity of information and information systems. Cyber security seeks to protect against a variety of dangers, including as hacking, data breaches, malware infections, and other nefarious actions.  Cyber security has grown to be a major worry as a result of the quick development of digital technology and the growing interconnection of our contemporary society. In order to gain insight into the constantly changing world of digital threats and the countermeasures put in place to address them, this survey seeks to study current trends and issues in the area of cyber security. The study includes responses from end users, business executives, IT administrators, and experts across a wide variety of businesses and sectors. The survey gives insight on important problems such the sorts of cyber threats encountered, the efficacy of current security solutions, future technology influencing cyber security, and the human elements leading to vulnerabilities via a thorough analysis of the replies. The most important conclusions include an evaluation of the most common cyber dangers, such as malware, phishing scams, ransom ware, and data breaches, as well as an investigation of the methods and tools used to counter these threats. The survey explores the significance of staff education and awareness in bolstering cyber security defenses and pinpoints opportunities for development in this area. The survey also sheds insight on how cutting-edge technologies like cloud computing, artificial intelligence, and the Internet of Things (IoT) are affecting cyber security practices. It analyses the advantages and disadvantages of using these technologies while taking into account issues like data privacy, infrastructure security, and the need for specialized skills. The survey also looks at the compliance environment, assessing how industry norms and regulatory frameworks affect cyber security procedures. The survey studies the obstacles organizations encounter in attaining compliance and assesses the degree of knowledge and commitment to these requirements. The results of this cyber security survey help to better understand the current status of cyber security and provide organizations and individual’s useful information for creating effective policies to protect digital assets. This study seeks to promote a proactive approach to cyber security, allowing stakeholders to stay ahead of threats and build a safe digital environment by identifying relevant trends and concerns

    Identity Management and Authorization Infrastructure in Secure Mobile Access to Electronic Health Records

    Get PDF
    We live in an age of the mobile paradigm of anytime/anywhere access, as the mobile device is the most ubiquitous device that people now hold. Due to their portability, availability, easy of use, communication, access and sharing of information within various domains and areas of our daily lives, the acceptance and adoption of these devices is still growing. However, due to their potential and raising numbers, mobile devices are a growing target for attackers and, like other technologies, mobile applications are still vulnerable. Health information systems are composed with tools and software to collect, manage, analyze and process medical information (such as electronic health records and personal health records). Therefore, such systems can empower the performance and maintenance of health services, promoting availability, readability, accessibility and data sharing of vital information about a patients overall medical history, between geographic fragmented health services. Quick access to information presents a great importance in the health sector, as it accelerates work processes, resulting in better time utilization. Additionally, it may increase the quality of care. However health information systems store and manage highly sensitive data, which raises serious concerns regarding patients privacy and safety, and may explain the still increasing number of malicious incidents reports within the health domain. Data related to health information systems are highly sensitive and subject to severe legal and regulatory restrictions, that aim to protect the individual rights and privacy of patients. Along side with these legislations, security requirements must be analyzed and measures implemented. Within the necessary security requirements to access health data, secure authentication, identity management and access control are essential to provide adequate means to protect data from unauthorized accesses. However, besides the use of simple authentication models, traditional access control models are commonly based on predefined access policies and roles, and are inflexible. This results in uniform access control decisions through people, different type of devices, environments and situational conditions, and across enterprises, location and time. Although already existent models allow to ensure the needs of the health care systems, they still lack components for dynamicity and privacy protection, which leads to not have desire levels of security and to the patient not to have a full and easy control of his privacy. Within this master thesis, after a deep research and review of the stat of art, was published a novel dynamic access control model, Socio-Technical Risk-Adaptable Access Control modEl (SoTRAACE), which can model the inherent differences and security requirements that are present in this thesis. To do this, SoTRAACE aggregates attributes from various domains to help performing a risk assessment at the moment of the request. The assessment of the risk factors identified in this work is based in a Delphi Study. A set of security experts from various domains were selected, to classify the impact in the risk assessment of each attribute that SoTRAACE aggregates. SoTRAACE was integrated in an architecture with requirements well-founded, and based in the best recommendations and standards (OWASP, NIST 800-53, NIST 800-57), as well based in deep review of the state-of-art. The architecture is further targeted with the essential security analysis and the threat model. As proof of concept, the proposed access control model was implemented within the user-centric architecture, with two mobile prototypes for several types of accesses by patients and healthcare professionals, as well the web servers that handles the access requests, authentication and identity management. The proof of concept shows that the model works as expected, with transparency, assuring privacy and data control to the user without impact for user experience and interaction. It is clear that the model can be extended to other industry domains, and new levels of risks or attributes can be added because it is modular. The architecture also works as expected, assuring secure authentication with multifactor, and secure data share/access based in SoTRAACE decisions. The communication channel that SoTRAACE uses was also protected with a digital certificate. At last, the architecture was tested within different Android versions, tested with static and dynamic analysis and with tests with security tools. Future work includes the integration of health data standards and evaluating the proposed system by collecting users’ opinion after releasing the system to real world.Hoje em dia vivemos em um paradigma móvel de acesso em qualquer lugar/hora, sendo que os dispositivos móveis são a tecnologia mais presente no dia a dia da sociedade. Devido à sua portabilidade, disponibilidade, fácil manuseamento, poder de comunicação, acesso e partilha de informação referentes a várias áreas e domínios das nossas vidas, a aceitação e integração destes dispositivos é cada vez maior. No entanto, devido ao seu potencial e aumento do número de utilizadores, os dispositivos móveis são cada vez mais alvos de ataques, e tal como outras tecnologias, aplicações móveis continuam a ser vulneráveis. Sistemas de informação de saúde são compostos por ferramentas e softwares que permitem recolher, administrar, analisar e processar informação médica (tais como documentos de saúde eletrónicos). Portanto, tais sistemas podem potencializar a performance e a manutenção dos serviços de saúde, promovendo assim a disponibilidade, acessibilidade e a partilha de dados vitais referentes ao registro médico geral dos pacientes, entre serviços e instituições que estão geograficamente fragmentadas. O rápido acesso a informações médicas apresenta uma grande importância para o setor da saúde, dado que acelera os processos de trabalho, resultando assim numa melhor eficiência na utilização do tempo e recursos. Consequentemente haverá uma melhor qualidade de tratamento. Porém os sistemas de informação de saúde armazenam e manuseiam dados bastantes sensíveis, o que levanta sérias preocupações referentes à privacidade e segurança do paciente. Assim se explica o aumento de incidentes maliciosos dentro do domínio da saúde. Os dados de saúde são altamente sensíveis e são sujeitos a severas leis e restrições regulamentares, que pretendem assegurar a proteção dos direitos e privacidade dos pacientes, salvaguardando os seus dados de saúde. Juntamente com estas legislações, requerimentos de segurança devem ser analisados e medidas implementadas. Dentro dos requerimentos necessários para aceder aos dados de saúde, uma autenticação segura, gestão de identidade e controlos de acesso são essenciais para fornecer meios adequados para a proteção de dados contra acessos não autorizados. No entanto, além do uso de modelos simples de autenticação, os modelos tradicionais de controlo de acesso são normalmente baseados em políticas de acesso e cargos pré-definidos, e são inflexíveis. Isto resulta em decisões de controlo de acesso uniformes para diferentes pessoas, tipos de dispositivo, ambientes e condições situacionais, empresas, localizações e diferentes alturas no tempo. Apesar dos modelos existentes permitirem assegurar algumas necessidades dos sistemas de saúde, ainda há escassez de componentes para accesso dinâmico e proteção de privacidade , o que resultam em níveis de segurança não satisfatórios e em o paciente não ter controlo directo e total sobre a sua privacidade e documentos de saúde. Dentro desta tese de mestrado, depois da investigação e revisão intensiva do estado da arte, foi publicado um modelo inovador de controlo de acesso, chamado SoTRAACE, que molda as diferenças de acesso inerentes e requerimentos de segurança presentes nesta tese. Para isto, o SoTRAACE agrega atributos de vários ambientes e domínios que ajudam a executar uma avaliação de riscos, no momento em que os dados são requisitados. A avaliação dos fatores de risco identificados neste trabalho são baseados num estudo de Delphi. Um conjunto de peritos de segurança de vários domínios industriais foram selecionados, para classificar o impacto de cada atributo que o SoTRAACE agrega. O SoTRAACE foi integrado numa arquitectura para acesso a dados médicos, com requerimentos bem fundados, baseados nas melhores normas e recomendações (OWASP, NIST 800-53, NIST 800-57), e em revisões intensivas do estado da arte. Esta arquitectura é posteriormente alvo de uma análise de segurança e modelos de ataque. Como prova deste conceito, o modelo de controlo de acesso proposto é implementado juntamente com uma arquitetura focada no utilizador, com dois protótipos para aplicações móveis, que providênciam vários tipos de acesso de pacientes e profissionais de saúde. A arquitetura é constituída também por servidores web que tratam da gestão de dados, controlo de acesso e autenticação e gestão de identidade. O resultado final mostra que o modelo funciona como esperado, com transparência, assegurando a privacidade e o controlo de dados para o utilizador, sem ter impacto na sua interação e experiência. Consequentemente este modelo pode-se extender para outros setores industriais, e novos níveis de risco ou atributos podem ser adicionados a este mesmo, por ser modular. A arquitetura também funciona como esperado, assegurando uma autenticação segura com multi-fator, acesso e partilha de dados segura baseado em decisões do SoTRAACE. O canal de comunicação que o SoTRAACE usa foi também protegido com um certificado digital. A arquitectura foi testada em diferentes versões de Android, e foi alvo de análise estática, dinâmica e testes com ferramentas de segurança. Para trabalho futuro está planeado a integração de normas de dados de saúde e a avaliação do sistema proposto, através da recolha de opiniões de utilizadores no mundo real

    Developing our capability in cyber security: Academic Centres of Excellence in Cyber Security Research

    Get PDF

    Mobile Application to support Scientific Conferences - UO ISEP

    Get PDF
    This dissertation aims to develop a mobile application for Instituto Superior de Engenharia do Porto (ISEP), to support scientific conferences. With the increase in the use of mobile devices and the growing trend of providing mobile applications for scientific conferences, the need for a mobile application that can enhance the conference experience and provide a convenient and user-friendly way to access information about a conference is becoming more important. This application is designed to be used for live conferences and includes features such as an interactive event schedule, speaker bios, ticket management, and rating of events among others. The attendees can have a seamless conference experience and make the most of the time spent at the conference. The application also includes features for conference organizers such as event registration, attendee management, and real-time analytics. Organizers are able to manage attendees, track attendance, and access analytics on attendee behavior and preferences, and use these features to evaluate the success of the conference, gather insights for future conferences, and improve the attendee’s experience. The development of this application is based on best practices and guidelines for the design and development of mobile applications and user-centered design methodologies. The de sign process is based on user research, interviews, and usability testing, to ensure that the application meets the needs and expectations of the users. The impact of this application on the conference experience is evaluated through user test ing and feedback. The evaluation is focused on measuring the usability, usefulness, and user satisfaction of the application. The results of this evaluation are used to improve the application and ensure that it provides a high-quality user experience. Overall, this thesis aims to contribute to the field of mobile applications for conferences by providing a comprehensive solution that can enhance the attendee experience and improve the overall effectiveness of the conference.Esta dissertação tem como objectivo desenvolver uma aplicação móvel para o ISEP com o intuito de auxiliar nas conferências científicas que o mesmo Instituto organiza. Com o aumento do uso de dispositivos móveis e a crescente tendência de fornecer aos visitantes de conferências aplicações móveis, a necessidade de uma aplicação móvel que permita melhorar a experiência e fornecer uma maneira conveniente e amigável de aceder informações sobre uma conferência organizada pelo ISEP é imperativo. A aplicação desenvolvida no âmbito desta dissertação é projectada para ser usada em conferências ao vivo e incluirá recursos como uma programação interactiva de eventos, biografias dos oradores e materiais de apresentação, além de um directório de participantes e oportunidades de networking. Com esta aplicação, o objectivo é que os participantes tenham uma experiência bastante positiva e que consigam aproveitar ao máximo o tempo gasto na conferência. A aplicação também inclui recursos para os organizadores da conferência, como registo de eventos, gestão de participantes e análises em tempo real. Os organizadores podem gerir os participantes, acompanhar a presença e ter acesso a análises sobre o seu comportamento e preferências, usando essa informação para avaliar o sucesso da conferência, coleccionar e analisar métricas relativas à conferência a fim de melhorar a experiência do participante. O desenvolvimento desta aplicação é baseado nas melhores práticas e directrizes para o desenho e desenvolvimento de aplicações móveis e metodologias de desenho centrada na experiência do utilizador. O processo de desenho é baseado em entrevistas com os organizadores actuais de conferências no ISEP e testes de usabilidade, para garantir que a aplicação atenda às necessidades e expectativas dos utilizadores. O impacto desta aplicação na experiência da conferência é avaliado por meio de testes e feedback dos visitantes e organizadores da conferência. A avaliação é focada em medir a usabilidade, utilidade e satisfação dos utilizadores com a aplicação. Os resultados desta avaliação são utilizados para melhorar a aplicação e garantir que esta proporcione uma experiência de utilizador de alta qualidade. Em geral, esta dissertação quer contribuir para o campo de aplicações móveis para conferências científicas, fornecendo uma solução abrangente que possa melhorar a experiência do participante e melhorar a eficácia geral da conferência. Além disso, a dissertação pretende apresentar uma abordagem de desenho centrado no utilizador e que possa ser utilizada como referência para o desenvolvimento de futuras aplicações móveis em outros domínios

    A Design Approach to IoT Endpoint Security for Production Machinery Monitoring

    Get PDF
    The Internet of Things (IoT) has significant potential in upgrading legacy production machinery with monitoring capabilities to unlock new capabilities and bring economic benefits. However, the introduction of IoT at the shop floor layer exposes it to additional security risks with potentially significant adverse operational impact. This article addresses such fundamental new risks at their root by introducing a novel endpoint security-by-design approach. The approach is implemented on a widely applicable production-machinery-monitoring application by introducing real-time adaptation features for IoT device security through subsystem isolation and a dedicated lightweight authentication protocol. This paper establishes a novel viewpoint for the understanding of IoT endpoint security risks and relevant mitigation strategies and opens a new space of risk-averse designs that enable IoT benefits, while shielding operational integrity in industrial environments

    Developing our capability in cyber security: academic centres of excellence in cyber security research

    Get PDF

    Security Monitoring in Production Areas

    Get PDF
    Teses de mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de CiênciasSince the late 1960s, a different set of technologies has been designed and implemented in parallel to assist in automating industrial and manufacturing processes. These systems, created parallel to IT (Information Technologies), became known as OT (Operational Technologies). Unlike IT technologies, these were developed with a different set of requirements. With a focus on resilience to adverse environmental conditions – such as temperature, humidity, and electromagnetic interference – and a need for high availability and near-real-time performance, these technologies took a back seat to other requirements. Such as information integrity and confidentiality. However, the need to automate processes has developed. Today, it is not only industrial areas – such as heavy manufacturing, oil and gas industries, electrical networks, water distribution processes, or sewage treatment – that need to increase their efficiency. The production areas of a manufacturing company also benefit from these two types of technologies – IT and OT. Furthermore, it is on the shop floor – i.e., in a production area – that the two meet and merge and interconnect the two networks to become a blended system. Often the requirements for the operation of one technology are the weak point of the other. A good example is an increasing need for IT devices to connect to the Internet. On the other hand, OT devices that often have inherent difficulty with authentication and authorization processes are exposed to untrusted networks. In recent years, and aggravated by the socio-political changes in the world, incidents in industrial and production areas have become larger and more frequent. As the impact of incidents in these areas has the potential to be immense, companies and government organizations are increasingly willing to implement measures to defend them. For information security, this is fertile ground for developing new methodologies or experimenting and validating existing ones. This master’s work aims to apply a threat model in the context of a production area, thus obtaining a set of the most relevant threats. With the starting point of these threats, the applicability and value of two security monitoring solutions for production areas will be analyzed. In this dissertation’s first part, and after reviewing state-of-the-art with the result of identifying the most mentioned security measures for industrial and manufacturing areas, a contextualization of what a production area will be performed—followed by an example, based on what was observed in the course of this work. After giving this background, a threat model will be created using a STRIDE methodology for identifying and classifying potential threats and using the DREAD methodology for risk assessment. The presentation of an attack tree will show how the identified threats can be linked to achieving the goal of disrupting a production area. After this, a study will be made on which security measures mentioned initially best mitigate the threats identified. In the final part, the two solutions will be analyzed with the functionalities of detecting connected devices and their vulnerabilities and monitoring and identifying security events using network traffic observed in an actual production area. This observation aims to verify the practical value of these tools in mitigating the threats mentioned above. During this work, a set of lessons learned were identified, which are presented as recommendations in a separate chapter

    Think twice before you click! : exploring the role of human factors in cybersecurity and privacy within healthcare organizations

    Get PDF
    The urgent need to protect sensitive patient data and preserve the integrity of healthcare services has propelled the exploration of cybersecurity and privacy within healthcare organizations [1]. Recognizing that advanced technology and robust security measures alone are insufficient [2], our research focuses on the often-overlooked human element that significantly influences the efficacy of these safeguards. Our motivation stems from the realization that individual behaviors, decision-making processes, and organizational culture can be both the weakest link and the most potent tool in achieving a secure environment. Understanding these human dimensions is paramount as even the most sophisticated protocols can be undone by a single lapse in judgment. This research explores the impact of human behavior on cybersecurity and privacy within healthcare organizations and presents a new methodological approach for measuring and raising awareness among healthcare employees. Understanding the human influence in cybersecurity and privacy is critical for mitigating risks and strengthening overall security posture. Moreover, the thesis aims to place emphasis on the human aspects focusing more on the often-overlooked factors that can shape the effectiveness of cybersecurity and privacy measures within healthcare organizations. We have highlighted factors such as employee awareness, knowledge, and behavior that play a pivotal role in preventing security incidents and data breaches [1]. By focusing on how social engineering attacks exploit human vulnerabilities, we underline the necessity to address these human influenced aspects. The existing literature highlights the crucial role that human factors and awareness training play in strengthening cyber resilience, especially within the healthcare sector [1]. Developing well-customized training programs, along with fostering a robust organizational culture, is vital for encouraging a secure and protected digital healthcare setting [3]. Building on the recognized significance of human influence in cybersecurity within healthcare organizations, a systematic literature review became indispensable. The existing body of research might not have fully captured all ways in which human factors, such as psychology, behavior, and organizational culture, intertwined with technological aspects. A systematic literature review served as a robust foundation to collate, analyze, and synthesize existing knowledge, and to identify gaps where further research was needed. In complement to our systematic literature review and investigation of human factors, our research introduced a new methodological approach through a concept study based on an exploratory survey [4]. Recognizing the need to uncover intricate human behavior and psychology in the context of cybersecurity, we designed this survey to probe the multifaceted dimensions of cybersecurity awareness. The exploratory nature of the survey allowed us to explore cognitive, emotional, and behavioral aspects, capturing information that is often overlooked in conventional analyses. By employing this tailored survey, we were able to collect insights that provided a more textured understanding of how individuals within healthcare organizations perceive and engage with cybersecurity measures

    Security in Computer and Information Sciences

    Get PDF
    This open access book constitutes the thoroughly refereed proceedings of the Second International Symposium on Computer and Information Sciences, EuroCybersec 2021, held in Nice, France, in October 2021. The 9 papers presented together with 1 invited paper were carefully reviewed and selected from 21 submissions. The papers focus on topics of security of distributed interconnected systems, software systems, Internet of Things, health informatics systems, energy systems, digital cities, digital economy, mobile networks, and the underlying physical and network infrastructures. This is an open access book
    • …
    corecore