People Are the Answer to Security: Establishing a Sustainable Information Security Awareness Training (ISAT) Program in Organization

Educating the users on the essential of information security is very vital and important to the mission of establishing a sustainable information security in any organization and institute. At the University Technology Malaysia (UTM), we have recognized the fact that, it is about time information security should no longer be a lacking factor in productivity, both information security and productivity must work together in closed proximity. We have recently implemented a broad campus information security awareness program to educate faculty member, staff, students and non-academic staff on this essential topic of information security. The program consists of training based on web, personal or individual training with a specific monthly topic, campus campaigns, guest speakers and direct presentations to specialized groups. The goal and the objective are to educate the users on the challenges that are specific to information security and to create total awareness that will change the perceptions of people thinking and ultimately their reactions when it comes to information security. In this paper, we explain how we created and implemented our information security awareness training (ISAT) program and discuss the impediment we encountered along the process. We explore different methods of deliveries such as target audiences, and probably the contents as we believe might be vital to a successful information security program. Finally, we discuss the importance and the flexibility of establishing a sustainable information security training program that could be adopted to meet current and future needs and demands while still relevant to our current users

Enhancing the Conventional Information Security Management Maturity Model (ISM3) in Resolving Human Factors in Organization Information Sharing

Information sharing in organization has been considered as an important approach in increasing organizational efficiency, performance and decision making. With the present and advances in information and communication technology, sharing information and exchanging of data across organizations has become more feasible in organization. However, information sharing has been a complex task over the years and identifying factors that influence information sharing across organization has becomes crucial and critical. Researchers have taken several methods and approaches to resolve problems in information sharing at all levels without a lasting solution, as sharing is best understood as a practice that reflects behavior, social, economic, legal and technological influences. Due to the limitation of the conventional ISM3 standards to address culture, social, legislation and human behavior, the findings in this paper suggest that, a centralized information structure without human practice, distribution of information and coordination is not effective. This paper reviews the previous information sharing research, outlines the factors affecting information sharing and the different practices needed to improve the management of information security by recommending several combinations of information security and coordination mechanism for reducing uncertainty during sharing of information .This thesis proposes information security management protocol (ISMP) as an enhancement towards ISM3 to resolve the above problems. This protocol provides a means for practitioners to identify key factors involved in successful information sharing....

The Acceptance Behavior of Online Recruitment Users in Malaysia

In this current economic climate, many people are searching for jobs from Internet-based (online) recruitment service providers. Online recruitment has become an effective way to reach the majority of candidates globally. The purpose of this paper is to determine the pattern of acceptance behavior and to test whether the quality of website would influence users’ perception. A set of working hypotheses pertaining to the relationship between quality of website and behavior were drawn from configurational acceptance behavior of online recruitment framework emphasizing a linkage between website characteristics, perceptions and behavior. This paper’s conceptual model and specific hypotheses were tested using a sample of 73 respondents from the college of business administration and accounting, UNITEN. This study will benefit the recruitment service providers or other business organizations in improving their recruitment website hence the users would have positive perception towards online recruitment system. Keywords: Accep

Graphical Password: Usable Graphical Password Prototype

Recently, graphical passwords have become a viable alternative to the conventional passwords due to their security and USAbility features. However, there are very limited researches in classifying, analyzing and development of the graphical password techniques. In this paper, we will propose a new USAble graphical password prototype of the recognition base graphical password. In this design we will focus on the USAbility features of the system to give new USAble graphical password system. Graphical passwords schemes are an alternative authentication method of the conventional password scheme in which users click on images to authenticate themselves rather than type the conventional passwords as letters or numbers or mixed. This research aims to design and come out with a new USAble graphical password prototype with the major important USAbility features. In this paper we will focus on implementation of the USAbility features on the new graphical password prototype design. This USAbility set includes the easy of use, memorize, creation, learning and satisfaction. Moreover, this work proposes to build a new system of graphical password system that provides promising USAbility features

Offering an Expert Electronic Roll Call and Teacher Assessment System Based on Mobile Phones for Higher Education

In this paper, we propose an expert electronic roll call for class attendance of students and teacher assessment system. The goal of this system is to design and develop a fully functional automated class attendance Register and assessment system, including hardware and application software. After the teacher initiates the roll call procedure, students in class check their own attendance simultaneously, and then the attendance data are collected into a database automatically .Also after ending a roll call procedure, a procedure of assessment of teacher becomes active and all presence student . We have employed Qt framework for web programming and SQL server database in proposed system. One questionnaire was used in assessment system to assess teacher performance at ending of class. In this system data obtained the questionnaire is collected into a SQL database of assessment system. Finally we use the data collection for assess each teacher in one semester. We also could utilize MATLAB software for exhibition the teacher performance resultant of evaluation and RATIONAL ROSE software for depictions

Survey on representation techniques for malware detection system

Malicious programs are malignant software’s designed by hackers or cyber offenders with a harmful intent to disrupt computer operation. In various researches, we found that the balance between designing an accurate architecture that can detect the malware and track several advanced techniques that malware creators apply to get variants of malware are always a difficult line. Hence the study of malware detection techniques has become more important and challenging within the security field. This review paper provides a detailed discussion and full reviews for various types of malware, malware detection techniques, various researches on them, malware analysis methods and different dynamic programmingbased tools that could be used to represent the malware sampled. We have provided a comprehensive bibliography in malware detection, its techniques and analysis methods for malware researchers

Dynamic broadcasting in vehicular ad hoc networks

Vehicular Ad hoc Network (VANET) is a subclass of mobile ad hoc networks (MANETs). VANETs provide a variety of interesting applications. Many of these applications rely on broadcasting of messages to other vehicles. The simplest broadcasting algorithm is flooding. Because of a large number of vehicles during peak hour, blindly flooding may lead to packet collision and high contention named broadcast storm problem. This paper presents a broadcasting approach for safety messages that dynamically adjust waiting time of a vehicle according to the number of neighbor vehicles and distance to source. We evaluate the performance of our proposed approach in terms of reachability, reliability. The simulation results show our protocol introduces better performance than flooding and random waiting time protocol

Offering a Proper E-learning model for Islamic Azad University of Roudsar and Amlash (IAURA)

One of the opportunities that apply Technology an information technology at university is utilization of E-learning. For this reason various models have been suggested for e-learning technologies. In this paper for developing e-learning at IAURA, we analyzed and offered a new model of E-learning as for their requirements and essential offered models (Interactive model, Blended model, Virtual model).In this paper three models were compared. Thus, based on TAM model and utilization of AHP method we weighted these models by Expert Choice Software base on two views as easy and essential of use .E-learning easy of use at IAURA was completed by analyzing and prioritizing models based on implementation requirements and e-learning essential of use at IAURA was completed by analysis of scale of information technology projects at higher education .then we used SAW model for combination of results and interactive model was offered with highest weight. For testing this model in higher education we start many researches and then designed a questionnaire with fifty seven questions for easy of use and essential utilization of interactive model. In this study questionnaire was completed and responded by directors groups, active researchers and experts in e-learning area. After collecting responses, responses were sent to university. Also in this study we used SPSS software for analyzing and finally was determined that education requirements are most important factors in easy of use in interactive model at IAURA. In end of study we exhibited many suggestions for implementation of offered model

The approaches to quantify web application security scanners quality: A review

The web application security scanner is a computer program that assessed web application security with penetration testing technique. The benefit of automated web application penetration testing is huge, which web application security scanner not only reduced the time, cost, and resource required for web application penetration testing but also eliminate test engineer reliance on human knowledge. Nevertheless, web application security scanners are possessing weaknesses of low test coverage, and the scanners are generating inaccurate test results. Consequently, experimentations are frequently held to quantitatively quantify web application security scanner's quality to investigate the web application security scanner's strengths and limitations. However, there is a discovery that neither a standard methodology nor criterion is available for quantifying the web application security scanner's quality. Hence, in this paper systematic review is conducted and analysed the methodology and criterion used for quantifying web application security scanners' quality. In this survey, the experiment methodologies and criterions that had been used to quantify web application security scanner's quality is classified and review using the preferred reporting items for systematic reviews and meta-analyses (PRISMA) protocol. The objectives are to provide practitioners with the understanding of methodologies and criterions that available for measuring web application security scanners' test coverage, attack coverage, and vulnerability detection rate, while provides the critical hint for development of the next testing framework, model, methodology, or criterions, to measure web application security scanner quality