Framework for Security Transparency in Cloud Computing

The migration of sensitive data and applications from the on-premise data centre to a cloud environment increases cyber risks to users, mainly because the cloud environment is managed and maintained by a third-party. In particular, the partial surrender of sensitive data and application to a cloud environment creates numerous concerns that are related to a lack of security transparency. Security transparency involves the disclosure of information by cloud service providers about the security measures being put in place to protect assets and meet the expectations of customers. It establishes trust in service relationship between cloud service providers and customers, and without evidence of continuous transparency, trust and confidence are affected and are likely to hinder extensive usage of cloud services. Also, insufficient security transparency is considered as an added level of risk and increases the difficulty of demonstrating conformance to customer requirements and ensuring that the cloud service providers adequately implement security obligations. The research community have acknowledged the pressing need to address security transparency concerns, and although technical aspects for ensuring security and privacy have been researched widely, the focus on security transparency is still scarce. The relatively few literature mostly approach the issue of security transparency from cloud providers’ perspective, while other works have contributed feasible techniques for comparison and selection of cloud service providers using metrics such as transparency and trustworthiness. However, there is still a shortage of research that focuses on improving security transparency from cloud users’ point of view. In particular, there is still a gap in the literature that (i) dissects security transparency from the lens of conceptual knowledge up to implementation from organizational and technical perspectives and; (ii) support continuous transparency by enabling the vetting and probing of cloud service providers’ conformity to specific customer requirements. The significant growth in moving business to the cloud – due to its scalability and perceived effectiveness – underlines the dire need for research in this area. This thesis presents a framework that comprises the core conceptual elements that constitute security transparency in cloud computing. It contributes to the knowledge domain of security transparency in cloud computing by proposing the following. Firstly, the research analyses the basics of cloud security transparency by exploring the notion and foundational concepts that constitute security transparency. Secondly, it proposes a framework which integrates various concepts from requirement engineering domain and an accompanying process that could be followed to implement the framework. The framework and its process provide an essential set of conceptual ideas, activities and steps that can be followed at an organizational level to attain security transparency, which are based on the principles of industry standards and best practices. Thirdly, for ensuring continuous transparency, the thesis proposes an essential tool that supports the collection and assessment of evidence from cloud providers, including the establishment of remedial actions for redressing deficiencies in cloud provider practices. The tool serves as a supplementary component of the proposed framework that enables continuous inspection of how predefined customer requirements are being satisfied. The thesis also validates the proposed security transparency framework and tool in terms of validity, applicability, adaptability, and acceptability using two different case studies. Feedbacks are collected from stakeholders and analysed using essential criteria such as ease of use, relevance, usability, etc. The result of the analysis illustrates the validity and acceptability of both the framework and tool in enhancing security transparency in a real-world environment

Analisis Faktor-faktor Yang Mempengaruhi Harga Ikan Layur (Trichiurus SP) Pada Alat Tangkap Pancing Ulur Di Ppn Palabuhanratu, Jawa Barat

Ikan layur (Trichiurus sp) merupakan ikan ekonomis penting di Pelabuhan Perikanan Nusantara Palabuhanratu. Pancing ulur merupakan alat tangkap dominan yang digunakan dalam menangkap ikan layur. Total produksi ikan layur (Trichiurus sp) pada tahun 2013 sebesar 83.936 kg. Harga merupakan salah satu penentu keberhasilan karena harga menentukan seberapa besar keuntungan yang akan diperoleh dari penjualan produknya baik berupa barang maupun jasa. Tujuan dari penelitian ini adalah adalah identifikasi distribusi pemasaran ikan layur (Trichiurus sp), menganalisis faktor-faktor yang mempengaruhi harga ikan layur (Trichiurus sp) dan menganalisis faktor-faktor yang paling berpengaruh terhadap pembentukan harga ikan layur di Pelabuhan Perikanan Nusantara Palabuhanratu. Penelitian ini dilaksanakan pada bulan Januari – Februari 2014 di PPN Palabuhanratu, Jawa Barat. Metode yang digunakan adalah metode studi kasus yang bersifat deskriptif, dimana data yang mula-mula disusun, dijelaskan dan kemudian dianalisa. Metode pengambilan sampel menggunakan metode purposive sampling. Analisis data yang digunakan adalah regresi linier berganda dan korelasi linier berganda. Hasil penelitian menunjukkan bahwa faktor-faktor yang mempengaruhi harga ikan layur (Trichiurus sp) adalah jumlah produksi, mutu dan berat ikan layur. Hairtail (Trichiurus sp) is one of an economical and important fish at Palabuhanratu Fishing Port. The most dominant fishing gear using handline for catching hairtail. The total production of hairtail (Trichiurus sp) in 2013 is equal to 83.936 kg. Price is one of the indicators to determine the success because the price influences the profit of the product selling, either for selling goods or providing service. The purpose of this research were to identify the marketing distribution of hairtail (Trichiurus sp), to analysis the factors that affected to the price of hairtail (Trichiurus sp), and to analysis the most factors influence the price of hairtail (Trichiurus sp) at Palabuhanratu Fishing Port. This research was conducted in January – February 2014 at Palabuhanratu Fishing Port, West Java. The method used descriptive case studies. The data was classified, described, and then analyzed. The sampling method used purposive sampling. The data was analyzed using multiple linear regression and multiple linear correlation. The result proved is the factors that affected to the price of hairtail (Thrichiurus sp) are total production, quality and size of hairtail

Vulnerability prediction for secure healthcare supply chain service delivery

Healthcare organisations are constantly facing sophisticated cyberattacks due to the sensitivity and criticality of patient health care information and wide connectivity of medical devices. Such attacks can pose potential disruptions to critical services delivery. There are number of existing works that focus on using Machine Learning(ML) models for pre-dicting vulnerability and exploitation but most of these works focused on parameterized values to predict severity and exploitability. This paper proposes a novel method that uses ontology axioms to define essential concepts related to the overall healthcare ecosystem and to ensure semantic consistency checking among such concepts. The application of on-tology enables the formal specification and description of healthcare ecosystem and the key elements used in vulnerabil-ity assessment as a set of concepts. Such specification also strengthens the relationships that exist between healthcare-based and vulnerability assessment concepts, in addition to semantic definition and reasoning of the concepts. Our work also makes use of Machine Learning techniques to predict possible security vulnerabilities in health care supply chain services. The paper demonstrates the applicability of our work by using vulnerability datasets to predict the exploitation. The results show that the conceptualization of healthcare sector cybersecurity using an ontological approach provides mechanisms to better understand the correlation between the healthcare sector and the security domain, while the ML algorithms increase the accuracy of the vulnerability exploitability prediction. Our result shows that using Linear Regres-sion, Decision Tree and Random Forest provided a reasonable result for predicting vulnerability exploitability

Legal Protection Model for Victims of Illegal Investment Crimes

The purpose of this study is to analyze and construct a model of legal protection for victims of illegal investment crimes.  This research is a type of normative research using several approaches, namely the statute approach,  case approach, and conceptual approach.  The analytical technique used in this study is using analytical descriptive techniques. The results showed that the legal protection model for victims of illegal investment is to reform the Money Laundering Law with an asset recovery approach to the Corruption Eradication Law. The concept contained in Article 18 of the Corruption Eradication Law is an additional crime that can be conceptualized in the provisions of the Money Laundering Law

Spatio-temporal patterns in a semiconductor-gas-discharge system: stability analysis and full numerical solutions

A system of gas discharge and semiconductor layer forms spatial and temporal patterns spontaneously when a DC voltage is applied. The system is modeled here with a simple glow discharge model for positive ions, electrons and electric field, and the semiconductor is approximated as a linear conductor. This model in previous work has reproduced the diagram for the phase transition from homogeneous stationary to homogeneous oscillating states semi-quantitatively. In the present work, the formation of spatial patterns is investigated, both through linear stability analysis and through numerical simulations of the initial-value problem. The two methods show very good agreement. They show the onset of spatio-temporal patterns for high semiconductor resistance in agreement with experiments. The parameter dependence of temporal or spatio-temporal pattern formation is discussed in detai

A new pedagogy for training the pre-service mathematics teachers readiness in teaching integrated stem education

The development of any country in the world depends largely on its escalating focus on integrated science, technology, engineering, and mathematics (iSTEM). Over the years in Nigeria, there are calls for action to integrate STEM disciplines as the pre-service teachers are only receiving training in the separate field of STEM. Therefore, the purpose of this study was to determine the effectiveness of the iSTEM course as a new pedagogy for training the pre-service mathematics teachers’ readiness in teaching the iSTEM disciplines in Sokoto State, Nigeria. The study utilised one group quasi-experimental research design. Purposive sampling was used in choosing all the 54 pre-service mathematics teachers in their 300-level undergoing a teacher training programme in Sokoto State University, Nigeria. The participants underwent a 5-week iSTEM course organised by the researchers that focused on the five levels of integration that include: Single, Combine, Multiple, Engineering Projects, and Fully Integrated STEM disciplines. Data was collected through the iSTEM pre- and post-survey Questionnaire (iSTEM-SQ) and analysed using descriptive statistics. The bar graph and non-parametric Wilcoxon Signed Ranks test were also used in describing the effectiveness of the pre- and post-survey test. The findings indicated that the iSTEM course was effective in preparing and empowering the pre-service mathematics teachers’ pedagogical strategy for teaching integrated STEM in their future classroom instruction. The paper also recommends for incorporation of the iSTEM approach in the curriculum of pre-service mathematics teachers at the various institutions of learning in Nigeria

Assessing the Job Selection Criteria of Accounting Students: a Normative Approach

This research assessed to what extent final-year Muslim accounting students in Malaysia considered Islamic principles when choosing a job after graduation. 356 final-year Muslim accounting students in four Malaysian universities were surveyed using an open-ended job selection scenario. The result shows that reality does not live up to the ideal. Only 16% of the respondents apply Islamic principles in making a job selection decision. The remaining 84% are more concerned with other criteria such as personal interests, salary considerations, and company reputation

The impacts of ICT on the students’ Performance: A Review of Access to Information

The study was on the Impact of Information and Communication Technology (ICT) on the students and his/her information to access in the Gomal University, Dera Ismail Khan. A sample of 50 respondents (students) was selected from the department of Political science, Gomal University, Dera Ismail Khan, Khyber Pakhtunkhwa, Pakistan. However, related literatures were reviewed from textbooks, journals and past researches. The research instruments were questionnaire which was statically analyzed with contingency tables while the hypotheses were tested by using the mean statistic. The results of the present study showed a diverse response of the student regarding the impact of ICT’s on the students and their access to information