PERANCANGAN SINGLE SIGN ON (SSO) PADA APLIKASI WEB MENGGUNAKAN CLOUD IDENTITY: (STUDI KASUS: POLITEKNIK NEGERI TANAH LAUT)

Politeknik Negeri Tanah Laut has several web-based systems that have been implemented. The systems built are still standalone and not yet integrated, so users must have different accounts on each system. Users must remember each account to access the system and for security reasons users usually change their passwords regularly. This Password change process will take a long time considering that every change made is directly proportional to the number of existing systems. Therefore we need a system that can integrate user accounts and manage the authentication and authorization process. This process requires an additional server that acts as a liaison between the system integrator and the application service system. The purpos of this research is to create an innovative system that can handle all authentication and authorization of each application system and is known as the Single Sign On (SSO) system. So that the benefits of research from the existence of a Single Sign On system, users only by using one user account can access many systems without entering repeated Usernames and passwords. In practice, user account data is retrieved from Cloud Identity via Secure LDAP, then user data is managed by the RADIUS Server and distributed to existing application service systems. The research has been successfully carried out and implemented on a website owned by the Politeknik Negeri Tanah Laut, with the implementation of Single Sign On, login to the website only by using the same Username and password.  Politeknik Negeri Tanah Laut memiliki beberapa sistem berbasis web yang telah diimplementasikan. Sistem-sistem yang dibangun tersebut masih bersifat standalone dan belum terintegrasi, sehingga pengguna harus memiliki akun yang berbeda pada masing-masing sistem. Pengguna harus mengingat setiap akun untuk mengakses sistem dan untuk alasan keamanan biasanya pengguna mengganti passwordnya secara rutin. Proses pergantian pada Password ini akan memerlukan waktu yang cukup lama mengingat setiap perubahan yang dilakukan berbanding lurus dengan jumlah sistem yang ada (existing). Oleh karena itu diperlukan sistem yang bisa mengintegrasikan akun pengguna dan mengelola proses otentikasi dan otorisasi. Proses ini membutuhkan sebuah unit server untuk tambahan yang menjadi media penghubung antara sistem layanan aplikasi dengan sistem integrator. Tujuan dari penelitian ini adalah menerapkan sebuah inovasi sistem yang bisa menangani seluruh otentikasi dan otorisasi setiap sistem aplikasi dan dikenal dengan sistem Single Sign On (SSO). Sehingga bisa ditarik manfaat penelitian dari adanya sistem Single Sign On pengguna hanya cukup dengan menggunakan satu akun pengguna bisa mengakses banyak sistem tanpa memasukkan Username dan Password berulang. Penerapannya data akun pengguna diambil dari Cloud Identity melalui Secure LDAP, kemudian data pengguna dikelola oleh RADIUS Server dan didistribusikan ke sistem layanan aplikasi yang ada (existing). Penelitian telah berhasil dilakukan dan diimplementasikan pada website yang dimiliki oleh Politeknik Negeri Tanah Laut, dengan diterapkannya Single Sign On maka login ke website hanya dengan menggunakan Username dan Password yang sama

A Generic Framework for Information Security Policy Development

Information security policies are not easy to create unless organizations explicitly recognize the various steps required in the development process of an information security policy, especially in institutions of higher education that use enormous amounts of IT. An improper development process or a copied security policy content from another organization might also fail to execute an effective job. The execution could be aimed at addressing an issue such as the non-compliance to applicable rules and regulations even if the replicated policy is properly developed, referenced, cited in laws or regulations and interpreted correctly. A generic framework was proposed to improve and establish the development process of security policies in institutions of higher education. The content analysis and cross-case analysis methods were used in this study in order to gain  a thorough understanding of the information security policy development process in institutions of higher educatio

The European Union Protection of Human Rights through its Global Policy: : The Implementation of the Regime of Restrictive Measures Against Serious Violations and Abuses of Human Rights

The Regime of Restrictive Measures against Serious Violations and Abuses of Human Rights launched at the end of 2020 by the European Union is part of the Commission's objective to reaffirm the Union's firm commitment to promoting universal values and strengthening its leadership in this field. However, the first year of implementation of the regime casts doubt on its effectiveness, given the existence of legal loopholes that tarnish it

Six Design Theories for IS Security Policies and Guidelines

The unpredictability of the business environment drives organizations to make rapid business decisions with little preparation. Exploiting sudden business opportunities may require a temporary violation of predefined information systems (IS) security policies. Existing research on IS security policies pays little attention to how such exceptional situations should be handled. We argue that normative theories from philosophy offer insights on how such situations can be resolved. Accordingly, this paper advances six design theories (the conservative-deontological, liberal-intuitive, prima-facie, virtue, utilitarian and universalizability theories) and outlines the use of their distinctive application principles in guiding the application of IS security policies. Based on the testable design product hypotheses of the six design theories, we derive a theoretical model to explain the influence of the different normative theories on the ¡°success¡± of IS security policies and guidelines

App Usage as Feedback for Mobile Energy-Awareness Apps

Energy plays a central role in mobile computing, especially energy-intensive activities such as watching videos or playing games on mobile devices have increased in popularity. These activities accelerate energy usage in the device, as a result, the question of economizing the energy consumption on mobile devices becomes relevant. Some research efforts have focused on energy management applications to prolong battery life by detecting energy-hungry applications and recommending users to close those applications. However, the recommended applications could be uniquely important to users’ mobile experience and usage might continue even if it means decreased battery life. Except increase battery life by economizing mobile behavior, it is relevant for the design of energy-saving applications to know how users behave when receiving both helpful and redundant recommendations. We conduct a study on mobile application user behavior when there is a mobile energy-aware application (Carat) present on the devices. This thesis provides an approach by using application usage as implicit feedback to study if user behavior changes when recommendations on energy-hungry applications are given over the study period. Firstly, the thesis describes procedures for pre-processing and cleaning the study datasets, such as running applications in sample dataset and energy-hungry applications recommended by Carat in bug dataset and hog dataset. Secondly, this thesis provides statistical analysis methods for analyzing mobile data in different aspects. For example, applications are divided into system and installable applications. We found that users have more common system applications on their devices while less overlapped installable applications. We also separately study bugs and hogs which are the two types of energy-hungry applications. In general, there are more unique energy-hungry applications detected as hogs than bugs. For an average user, system applications are slightly more often bugs than installable applications while installable applications are more often hogs when compared with system applications. Thirdly, this thesis utilizes point biserial correlation to study application usage and Carat recommendations. We found there is no relationship between application usage and recommended energy-hungry applications. We also found that Carat users previously collected information to make recommendations. In addition, we found applications might needed by users. Based on our findings, we suggest that Carat and other energy-hungry applications recommend actions based on recent data only, and do not recommend actions against user’s needs. ACM Computing Classification System (CCS): General and reference → Cross-computing tools and techniques → Empirical studies Probability and statistics → Statistical paradigms → Exploratory data analysis Human-centered computing → Human computer interaction → Empirical studies in HC

Our Nuclear Quandary: Deliberating U.S. Nuclear Armament & its Alternatives for Execution 1946-1961

Sitting amongst his National Security Councilors in 1958, President Eisenhower quipped of how he “could remember well when the military used to have no more than 70 targets in the Soviet Union and believed that destruction of these 70 targets would be sufficient.” Yet moments later, Eisenhower would grant his approval of a nuclear targeting plan which would strike all Soviet cities over the population of 25,000—a plan requiring thousands, not dozens, of nuclear weapons. The potential consequences of this dramatic surge in nuclear armament has led scholars to dispute how to characterize operational planning during the Nuclear Arms Race. Is the nature of nuclear deterrence one that results in a long peace as argued by John Lewis Gaddis? Or is David Alan Rosenberg’s assessment correct that U.S. nuclear posturing through the 1950’s was outright overkill? How can renowned scholars of nuclear history reach such incongruous conclusions as to what nuclear weapons fundamentally are? Through “Our Nuclear Quandary” I broaden the dialogue of nuclear planning beyond the entrenched “hawk-dove” debate. If executed, the nuclear plans orchestrated by the U.S. would be genocidal. Yet this fundamentally rational state could conceive of no alternative to wholescale and long-term death. My scholarship uses nuclear targeting to display the larger failures of the state-governance system in the atomic age. It contemplates the uneasy truth that a rational state is willing to fund, organize, and potentially execute a war plan that could end human habitation of this planet when threatened