Neomejen dostop do informacijskih sistemov z mobilnimi napravami

Purpose: Mobile devices have become an indispensible part of modern communicationsthey enable easy access to the Internet and also remote manipulation of data stored in corporate information systems. The number of mobile device users is on the rise, but most of them don’t comprehend completely the less obvious functions of these devices. Users also have almost no control over background computer programs, because they run without their knowledge and volition. From the standpoint of information security, a lack of awareness of the risks can seriously compromise the integrity of corporate networks and information systems. The weakest links are users, but also the technology itself. To ensure the functioning and security of information systems, corporations and individual users should learn about protective mechanisms. It is also important that users adhere to implemented (internal) safety regulations. Design/Methods/Approach: We used descriptive and comparative methods, and made an overview of published literature, as well as processes pertaining to the use of mobile devices and related security issues. We compared general elements of information security in regard to the use of mobile devices. Findings: At present mobile devices are more and more frequently used to access information systems. The majority of users are concerned almost exclusively with the question, how to get uninterrupted remote access to data, but far less with security issues. This paper presents some guidelines for achieving and maintaining information security. Research limitations/implications: It has been noted, that this is a time of turbulent development and evolution in the field of mobile devices, and also related security issues, so best practices haven’t been defined yet. Corporations and other organizations have just recently begun defining guidelines to eliminate security breaches through mobile devices, therefore a comparison of their implemented solutions is practically impossible. VS_ Practical implications: We propose guidelines, which can be used to: minimize information security risks posed by mobile devicesevaluate the current state of information securityand implement protective measures against cyber threats encountered by corporations and individual users of mobile devices. Originality/Value: Information security is a relatively new field because mobile devices and remote access to the Internet and data have just recently come into wider use. At the same time security issues and protective measures have stayed largely overlooked. Security threats are many, so it is impervious that users learn more about them and adopt some necessary security measures.Namen prispevka: Mobilne naprave so postale stalnica vsakodnevnega komuniciranja, dostopa do omrežij in oddaljenega dela s podatki v zaprtih korporativnih informacijskih sistemih. Število uporabnikov se skokovito povečuje, malo uporabnikov pa delovanje naprav razume, prav tako pa nimajo pregleda nad delovanjem elementov naprave za komunikacijo v ozadju, kjer ni potrebna direktna interakcija z uporabnikom. Nepoznavanje, s stališča informacijske varnosti oziroma varne uporabe mobilnih naprav, lahko resno ogrozi informacijski sistem celotne organizacije. Šibka člena pri zagotavljanju informacijske varnosti sta uporabnik in tehnologija. Za zagotavljanje stalnega dela in ustrezno stopnjo varnosti je pomembno poznavanje varnostnih mehanizmov s strani uporabnikov in spoštovanje predpisanih omejitev za varno delo. Metode: Uporabljeni sta bili deskriptivna in primerjalna metoda. Narejen je bil pregled literature in postopkov, ki navajajo rabo mobilnih naprav in njihovo zaščito. Primerjani so bili elementi splošne in varne rabe mobilnih naprav z vidika informacijske varnosti. Ugotovitve: Uporaba mobilnih naprav za oddaljen dostop do informacijskih sistemov je v začetni fazi. Večina organizacij in uporabnikov se ukvarja zgolj z zagotavljanjem dostopa in delom, pozabljajo pa na informacijsko-varnostni vidik. Prispevek predstavlja smernice za vzpostavitev večje stopnje informacijske varnosti. Omejitve/uporabnost raziskave: Zaradi turbolentnega razvoja in sprememb na omenjenem področju je razumevanje uporabe mobilnih naprav v začetni fazi in dostopnost do uspešnih praks (angl. best practices) omejena. Izdelava smernic varne rabe mobilnih naprav in njihovo udejanjanje v praksi je v začetni fazi, zato ni možna primerjalna analiza uspešnosti predlaganih ukrepov. Praktična uporabnost: Predstavljene so smernice varne rabe mobilnih naprav, ocena trenutnega stanja informacijske varnosti in smernice za zaščito pred grožnjami, katerim so izpostavljeni organizacije in posamezniki ob uporabi mobilnih naprav. Izvirnost/pomembnost prispevka: Uporabniki so šele pred kratkim začeli množično uporabljati mobilne naprave za dostopanje do podatkov, zato so nova tudi informacijsko-varnostna vprašanja, vezana na mobilno tehnologijo. Širša raba oddaljenega dostopanja se šele uveljavlja, varnostni postopki in mehanizmi pa so zanemarjeni. Ker se kažejo možnosti zlorabe in uresničenja groženj, pa je pred udejanjanjem pomembno zagotoviti ustrezna znanja in postopke, da ne pride do tega

Smart Internet of Things Modular Micro Grow Room Architecture

This article proposes the Internet of Things-based self-sustaining modular grow room architecture for optimising the seed germination and seedling development process. The architecture is scalable and flexible as it can be adapted to particular environments, scopes, requirements and plant types; it is modular as the host room can contain one or more smaller-scale grow rooms, each of them controlling their own micro-environment independently. One of the main goals of the research was to develop such a system that could be deployed efficiently, with minimal costs and energy footprint, which would enable its practical usage primarily in private self-sustainable households. The usage of widely available and inexpensive components, open source code, and free cloud services all enabled us to reach such a goal. Besides simple automation mostly described by existing solutions, the architecture proposed within this article offers remote control and data processing and visualisation, data trend tracking, smart optimisation, and actuator control, and event notifications

Influence of Video Games on Cognitive Abilities and Intelligence

This paper gives an overview of development in research concerning the influence of video games on cognitive development and intelligence. The first part of the paper mentions three categories used by different researchers in their research: generally speaking, the development of constructs and commercial games. StarCraft is mentioned in the paper, one of the most complex strategical games of all time, and its influence on professional players in eSport. Additionally, it presents a taxonomy of strategy games compared to real world situations, such as crisis management and control. The papers indexed in Scopus and Web of Science databases are chosen for this research since they are based on the cognitive relations between the games and players. One of the conclusions is that games can influence the enhancement of cognitive abilities in both directions

Elektronsko preverjanje znanja: pripravljenost študentov

Despite the fact that electronic learning has existed for a relatively long time, it is still in its infancy. The same goes for electronic examination.This paper presents the findings of our electro nic examination research. It discusses readiness of students for taking such exams. The study confirms that the majority of participants are prepared to take electronic exams. They are enthusiastic about the immediate feedback and time and place flexibility. However they have some reservations about the technological issues. Key words: e-learning, e-examination, group decision support systems, surveyElektronsko izobraževanje (e-izobraževanje) je kljub temu, da se o njem govori že mnogo let, še vedno v začetni fazi razvoja. Isto velja za elektronsko preverjanje znanja (e-preverjanje znanja). V prispevku podajamo rezultate raziskave pripravljenosti študentov za e-preverjanje znanja. Ugotovili smo, da je večina študentov pripravljena opravljati izpite v elektronski obliki in podpira tak način preverjanja znanja. Navdušeni so nad takojšnjo povratno informacijo in prilagodljivostjo glede časa in prostora preverjanja znanja. Pokazala pa se je zaskrbljenost zaradi problemov z uporabo sodobne informacijsko-komunikacijske tehnologije. Ključne besede: e-izobraževanje, e-preverjanje znanja, sistemi za podporo skupinskemu odločanju, raziskav

Mnenja študentov o e-preverjanju znanja pred in po e-testiranju

This paper is about one of the essential matters in electronic learning: taking electronic exams. It presents students’ opinion about electronic examinations before and after electronic testing. The studies in the years 2004 and 2005 confirmed that the majority of participants were prepared to take electronic exams. They were enthusiastic about the immediate feedback and time and place flexibility. However they had some reservations about the technological issues. Motivated by the positive students’ response we performed a pilot e-testing. After the testing we checked the students’ opinion again. The majority was enthusiastic and even more certain in introducing e-exams. Some of them think that this kind of taking exams is possible but they still do not see any advantages in it.Prispevek obravnava eno ključnih komponent elektronskega izobraževanja, to je elektronsko preverjanje znanja. Podaja mnenja študentov o takem načinu preverjanja znanja pred in po elektronskem testiranju. Raziskava izpeljana v letih 2004 in 2005 je pokazala, da je večina študentov pripravljenih na elektronsko preverjanje znanja. Navdušeni so predvsem nad takojšnjo povratno informacijo in prilagodljivim časom ter lokacijo izpitov. Skrbelo pa jih je pomanjkljivo obvladanje sodobne informacijsko-komunikacijske tehnologije. Motivirani s pozitivnim odzivom študentov smo pristopili k izvajanju e-testov in ponovno preverili mnenja udeležencev. Večina je bila navdušena in si želi e-preverjanja znanja s še večjo gotovostjo. Kaže pa se tudi, da nekateri še vedno v enaki meri menijo, da je tako preverjanje sicer mogoče, vendar ne prinaša nobene prednosti v primerjavi s klasičnimi načini

Information Warfare in Slovenia – from Traditional Local to Global Cyber Space

Namen prispevka: Opozoriti želimo na tveganja, ki so jim izpostavljeni vsi informacijski sistemi in jih prinaša informacijsko bojevanje. Z razvojem sodobne informacijskokomunikacijske tehnologije (v nadaljevanju IKT) je vojaško, politično, gospodarsko in ideološko motivirano bojevanje pridobilo popolnoma nove razsežnosti in nevarnosti, čeprav se njene resnosti marsikatera država še vedno ne zaveda. Zaradi anonimnosti, možnosti dostopanja z oddaljene lokacije in zakrivanja izvora napada, storilci svoje cilje dosegajo lažje in hitreje, kot je to bilo mogoče pred razvojem spleta in informacijske tehnologije. To je omogočilo razvoj in prenos informacijskega bojevanja na različna družbena področja. Ker pa so tehnike informacijskega bojevanja postale primerljive z ostalo (klasično) računalniško kriminaliteto, je kompleksnost problematike še toliko širša. Resnost in nevarnost tovrstne grožnje prikazujemo skozi primere. S predstavitvijo trenutne zakonske ureditve v Sloveniji pa želimo prikazati neustrezno normativno podlago za delo organov pregona. Trenutna zakonska ureditev omogoča stanje, v katerih je primere informacijskega bojevanja lažje vršiti kot preganjati. Metode: Podan je pregled definicij informacijskega bojevanja v strokovni literaturi. Na podlagi analize definicij je predlagana konkretna in natančnejša opredelitev pojava informacijskega bojevanja. Kratko so predstavljeni nekateri primeri kibernetskih napadov, ki potrjujejo obstoj tovrstne grožnje. Analizirana je aktualna zakonodaja v Republiki Sloveniji. Na podlagi ugotovljenih slabosti so podani utemeljeni predlogi za izboljšave zakonodaje. Ugotovitve: Temeljna ugotovitev prispevka je, da se je (informacijsko) bojevanje, kot tradicionalni način doseganja ciljev, z razvojem sodobne IKT razširilo v vse sfere družbenega življenja, skladno s tem pa so se spremenile tudi njegove tehnike delovanja. Kibernetsko okolje je tej grožnji omogočilo neobvladljivo širjenje, kar je povzročilo novo globalno/transnacionalno tveganje za države in organizacije. Gospodarstvo, kritična infrastruktura, politični odnosi in svetovni mir so tista temeljna področja, ki jih informacijsko bojevanje želi kompromitirati. Kot kaže trenutno stanje normativne ureditve informacijskega bojevanja, so na nacionalni ravni naše države pomanjkanje politične volje, nerazumevanje in ravnodušnost temeljni atributi, ki omogočajo obstoj in razvoj informacijskega bojevanja. Na ravni svetovnih velesil in mednarodnih organizacij pa gre, zaradi zavedanja in uporabe prednosti tovrstnega bojevanja, za poskus ohranjanja neurejenega stanja, saj z informacijskim bojevanjem napadajo normativno ureditev. Izvirnost/pomembnost prispevka: Izvirna vrednost prispevka je opredelitev informacijskega bojevanja. Poleg tega pa je pomemben tudi prikaz narave informacijskega bojevanja na primerih in stanje normativne ureditve. Slednje je glavni zaviralec za preprečevanje opisane problematike.Purpose: The purpose of this paper is to draw attention to security risks to information systems which confront every country and organization – the risk in question is information warfare. Development of modern information communication technology has led us to the situation in which politically, economically and ideologically motivated warfare has gained a completely new dimension and constitutes new dangers, but many countries still don’t acknowledge its presence. Anonymity, the possibility of accessing information from distant locations, and the possibility of concealing the source of the attack are enabling perpetrators to achieve their vicious goals much easier and faster than before the development of the Internet and information technology in general. Development made it possible for information warfare to spread to different social spheres. The complexity of this modern threat has become much more worrisome, because techniques of information warfare have became comparable with other (classic) computer crimes. We would like to demonstrate the gravity and danger of this threat through practical examples and present the current legal regulation of this issue in Slovenia. The current Slovenian legislation creates conditions in which it is easier to commit information warfare than prosecute it. Design/Methods/Approach: In forming a definition of information warfare, we used a comparative method. We carried out a comparison of different written sources published abroad. For better understanding the nature of modern warfare, we presented some practical examples. An understanding of the legislation in the Republic of Slovenia in reference to these issues was acquired through a thorough study and comparison of Slovenian legal acts. Findings: The main finding of this paper is that information warfare, which was used in the past for military purposes, has now (with the development of modern technology) spread into every area of society. Simultaneously the techniques of information warfare have also changed. Cyber space allowed information warfare to extend uncontrollably, and this resulted in the birth of new transnational and global threats to all countries and organizations. Economies, crucial national infrastructure, political relations and world peace are the main areas that information warfare tries to compromise. The current legislation, at the national and global levels, reflects, that a lack of political will, incomprehension and apathy are the major factors which allow information warfare to exist and develop. Originality/Value: The originality of this paper is in the suggested definition of information warfare, and further in the presentation of the nature of this specific threat through practical examples and an overview of the relevant legislature, which is the main obstacle in the prevention of this type of criminality

Combating cybercrime in Slovenia

Namen prispevka: Številna poročila mednarodnih in nacionalnih organizacij iz zadnjega obdobja govorijo o hitrem in inovativnem razvoju kibernetske kriminalitete. V tem prispevku želimo analizirati organiziranost in način boja proti kibernetski kriminaliteti v Sloveniji, proučiti pravne podlage za to področje in predstaviti nacionalne statistične podatke o njenem uresničevanju. Metode: Splošne ugotovitve so oblikovane na podlagi pregleda literature, pregleda dejavnosti v Republiki Sloveniji, javnih, zasebnih in mednarodnih organizacijah, povezanih s kibernetsko in informacijsko varnostjo, pregleda zakonodaje ter dostopnih uradnih statističnih podatkov o kibernetski kriminaliteti. Ugotovitve: Ključno vlogo pri preiskovanju kibernetske kriminalitete v Sloveniji imajo Center za računalniško preiskovanje, Slovenski center za posredovanje pri omrežnih incidentih (SI-CERT) in Evropski center za kibernetsko kriminaliteto. V boj proti kibernetski kriminaliteti so vključene tudi druge državne, nepolicijske organizacije, zasebna informacijsko-varnostna podjetja, nevladne in mednarodne organizacije. Pravna podlaga za boj proti kibernetski kriminaliteti v Sloveniji je napredna in je del več nacionalnih in mednarodnih pravnih aktov. Največji problem, s katerim se srečujejo organi pregona, je redko obravnavanje kibernetskih kaznivih dejanj v globalnem razcvetu kibernetske kriminalitete, saj smo imeli v Sloveniji v zadnjih sedmih letih le nekaj obsodilnih obsodb. Omejitve/uporabnost raziskave Prispevek proučuje boj proti kibernetski kriminaliteti v Sloveniji, vključujoč mednarodne organizacije, ki delujejo na območju države. Izvirnost/pomembnost prispevka: Na državni ravni še niso bili analizirani način, organiziranost in uspešnost boja proti kibernetski kriminaliteti. V prispevku izpostavljamo probleme, s katerimi se srečuje Slovenija, in predlagamo priporočila za uspešnejši boj proti kibernetski kriminaliteti.Purpose: Numerous recent reports by international and national organizations talk about the rapid and innovative development of cybercrime. In this paper we would like to analyze the structure and method of combating cybercrime in Slovenia, examine the legal basis regarding this field and present national statistics on its implementation. Methods: The general findings are reported on the basis of literature, reviews of the activities of individual state, public, private and international organizations related to cyber and information security, reviews of laws and further available official statistics in the field of cybercrime. Findings: The Center for computer investigation, SI-CERT and the European cybercrime center play a key role in the investigation of cybercrime in Slovenia. Additional nonpolice government organizations, private information-security companies, NGOs and international organizations are also included in the fight against cybercrime. The legal basis for the fight against cybercrime in Slovenia is advanced and is part of several national and international acts. The biggest problem faced by the law enforcement authorities is a rare approach to cyber criminal offenses during the global boom in cybercrime. For instance, there were only a few condemnatory convictions in Slovenia in the last seven years. Research limitations / Implications: The paper examines the combat against cybercrime in Slovenia, including international organizations which are operating in the country. Originality/Value: The exact method, the organization and level of success of the fight against cybercrime have not yet been analyzed within a national framework. In this paper, we highlight the problems which Slovenia faces, and recommend more effective methods to fight against cybercrime

Decision-making factors contributing to the management of information security in organisations

Namen prispevka: V preglednem znanstvenem prispevku analiziramo aktualne varnostne trende in sociološke ter psihološke ovire, s katerimi se sooča varnostni management, z namenom pojasniti dileme pri zagotavljanju informacijske varnosti. V času negotovih razmer v poslovnem okolju postaja informacijska varnost vse pomembnejši poslovni proces. Učinkovitost je pogojena z različnimi okoljskimi, strukturnimi in osebnostnimi dejavniki, ki jih je potrebno upravljati, če se želi ustrezno obvladovati tveganja, ki ogrožajo obstoj organizacij. Metode: Analiza varnostnih trendov je izvedena s pregledom aktualnih mednarodnih raziskav o trenutnem stanju informacijske varnosti. Prav tako je bil izveden pregled teorij, ki pojasnjujejo vpliv psiholoških dejavnikov na odločitvene procese. S sintezo ugotovitev smo izoblikovali predpostavke o vzrokih neracionalnih odločitev, teoretične pristope pa smo nadgradili z njihovo umestitvijo v organizacijsko in varnostno področje. Ugotovitve: Ugotavljamo, da organizacije funkcije informacijske varnosti ne razvijajo ustrezno. Pregled aktualnih raziskav je pokazal, da se organizacije pogosto neučinkovito odzivajo na povečana varnostna tveganja, saj jim to onemogočajo neugodne poslovne razmere, strokovna nepodkovanost in tradicionalna vodstvena mentaliteta, spremembe na področju varnostnih rešitev in kognitivne pristranskosti pri odločevalcih. Prav tako ugotavljamo, da je učinkovitost informacijske varnosti vse bolj pogojena z netehničnimi ukrepi, pri čemer največjo vlogo odigra usposobljen, dobro razvit in strateško naravnan varnostni management. Praktična uporabnost: Varnostni trendi, ki jih predstavljamo v prispevku, za večino sodobnih organizacij predstavljajo velik izziv pri doseganju poslovne uspešnosti. S prispevkom želimo opozoriti na sodobne varnostne dileme in prispevati k večji ozaveščenosti odgovornega managementa. Ponujamo tudi izhodiščne točke za učinkovito soočanje s kognitivnimi ovirami pri sprejemanju odločitev. Izvirnost/pomembnost prispevka: Prispevek je aktualen, saj analizira najnovejše raziskave o informacijski varnosti in na osnovi tega predstavlja sodobne trende. Prav tako je izviren, ker združuje spoznanja s področja psihologije tveganj in odločitev ter informacijske varnosti v organizacijski kontekst.Purpose: Information security is becoming an ever more important business process in this period characterised by uncertainty in the business environment. Its efficiency depends on various environmental, structural, and personal factors which need to be managed in order to adequately control all risks threatening organisations‘ survival. This paper analyses current security trends, as well as sociological and psychological obstacles in security management, with a view to clarifying different dilemmas related to the provision of information security. Design/Methods/Approach: The analysis of security trends was conducted on the basis of an overview of current international research on the present state of play in the field of information security. It also includes an overview of theories explaining the impact of psychological factors on decision-making processes. Assumptions regarding the reasons for irrational decisions were drawn by performing the synthesis of findings, while theoretical approaches were upgraded by placing them in the organisational and security fields. Findings: The authors find that organisations are not developing the function of information security in an adequate manner. The overview of current research shows that organisations are often inefficient in their response to higher security risks, since they are prevented from doing so by unfavourable business conditions, lack of expertise, traditional management mentality, changes in the field of security- related solutions and cognitive bias found in decision-makers. The authors also find that the efficiency of information security is ever more dependent on non- technical measures, whereby trained, well-developed and strategically-oriented security management plays a crucial role. Practical Implications: For the majority of modern organisations, security trends presented in this paper represent a great challenge in terms of achieving business success. This paper wishes to draw attention to contemporary security-related dilemmas and raise the awareness of responsible management. The paper also provides several starting points enabling an efficient confrontation with cognitive obstacles in the course of decision-making. Originality/Value: This paper is up-to-date, as it analyses the latest research into information security and uses such analysis to present contemporary trends. It is also original, since it combines findings from the fields of the psychology of risk and decision- making, as well as from information security, and places them in organisational context

Benzodiazepine use in Sao Paulo, Brazil

OBJECTIVES: To report the prevalence and factors associated with the use of benzodiazepines in the general population and those with a mental health condition in the metropolitan area of Sa˜o Paulo, Brazil. METHODS: 5,037 individuals from the Sao Paulo Megacity Mental Health Survey data were interviewed using the Composite International Diagnostic Interview, designed to generate DSM-IV diagnoses. Additionally, participants were asked if they had taken any medication in the previous 12 months for the treatment of any mental health condition. RESULTS: The prevalence of benzodiazepine use ranged from 3.6% in the general population to 7.8% among subjects with a mental health condition. Benzodiazepine use was more prevalent in subjects that had been diagnosed with a mood disorder as opposed to an anxiety disorder (14.7% vs. 8.1%, respectively). Subjects that had been diagnosed with a panic disorder (33.7%) or bipolar I/II (23.3%) reported the highest use. Individuals aged X50 years (11.1%), those with two or more disorders (11.2%), those with moderate or severe disorders (10%), and those that used psychiatric services (29.8%) also reported higher use. CONCLUSION: These findings give an overview of the use of benzodiazepines in the general population, which will be useful in the public health domain. Benzodiazepine use was higher in those with a mental health condition, with people that had a mood disorder being the most vulnerable. Furthermore, females and the elderly had high benzodiazepine use, so careful management in these groups is required

Information security: Listening to the perspective of organisational insiders

Aligned with the strategy-as-practice research tradition, this article investigates how organisational insiders understand and perceive their surrounding information security practices, how they interpret them, and how they turn such interpretations into strategic actions. The study takes a qualitative case study approach, and participants are employees at the Research & Development department of a multinational original brand manufacturer. The article makes an important contribution to organisational information security management. It addresses the behaviour of organisational insiders – a group whose role in the prevention, response and mitigation of information security incidents is critical. The article identifies a set of organisational insiders’ perceived components of effective information security practices (organisational mission statement; common understanding of information security; awareness of threats; knowledge of information security incidents, routines and policy; relationships between employees; circulation of stories; role of punishment provisions; and training), based on which more successful information security strategies can be developed