Development and Validation of Users' Information Security Awareness Questionnaire (UISAQ)

Dosadašnja su istraživanja pokazala kako je čovjek najslabija karika u sigurnosnom sustavu te kako ne postoji pouzdan način mjerenja rizičnosti čovjekova ponašanja u vidu narušavanja sigurnosti informacijskog sustava. Cilj je istraživanja bio razviti valjan i pouzdan instrument koji će mjeriti utjecaj korisnika na sigurnost informacijskog sustava. U tu je svrhu kreiran Upitnik znanja i rizičnog ponašanja korisnika informacijskog sustava (UZPK ; Velki i Šolić, 2014 ; prema Velki, Šolić i Očević, 2014). Istraživanje je provedeno u tri vala prikupljanja podataka. Prvi se uzorak sastojao od 135 studenata druge godine preddiplomskog studija na kojem je provjerena konstruktna valjanost, pouzdanost i osjetljivost pojedinih subskala te odabrane odgovarajuće čestice. Drugi se uzorak sastojao od 211 studenata i zaposlenika, a na njemu su provjerene metrijske karakteristike poboljšanog instrumenta te je dobivena konačna verzija UZPK (k=33), koja se dijeli na dvije skale: Skala rizičnog ponašanja računalnih korisnika (k=17) [sastoji se od tri supskale: Supskala uobičajenih rizičnih ponašanja korisnika računala (k=6), Supskala održavanja osobnih računalnih sustava (k=6) i Supskala posuđivanja pristupnih podataka (k=5)] te Skala znanja o informacijskoj sigurnosti (k=16) (također se sastoji od tri supskale: Supskala stupnja sigurnosti računalne komunikacije (k=5), Supskala uvjerenja o sigurnosti računalnih podataka (k=5) i Supskala važnosti pravilne pohrane računalnih podataka (k=6). Treći se uzorak sastajao od 152 zaposlenika i na njemu je validiran UZPK. Dobivena je dobra konstruktna valjanost, sve skale i supskale imaju zadovoljavajuće metrijske karakteristike (pouzdanost i osjetljivost) te je dobivena i dobra kriterijska valjanost. Može se zaključiti kako Upitnik predstavlja valjan i pouzdan mjerni instrument, zadovoljavajućih psihometrijskih karakteristika

Experimental Evaluation of Desktop Operating Systems Networking Performance

The rapid advancement of network, communication and Internet technology resulted with always-on, always-connected, device-independent and remote online working, business, education and entertainment environment. Consequently, users are searching for solutions and technologies that enable fast and reliable wide area network connection and the typical solution is through using personal computers connected with ethernet cable to network equipment and infrastructure that supports gigabit ethernet connection. Besides the complex network infrastructure that can influence performance, the bottleneck can also be caused by insufficient hardware, operating system and software resources on clients’ machines. Therefore, in this paper a networking performance evaluation of three globally most common and most used versions of Windows operating systems; namely Windows 7TM, Windows 8.1TM and Windows 10TM, on two identical computer systems, is conducted. Networking performance measurements are performed with three different benchmarks: namely iPerf, D-ITG and NetStress. Performance evaluation results showed that a newer versions of an operating system bring certain networking performance improvements but by sacrificing other performances

Decision support based on the risk assessment of information systems and Bayesian learning

Procjena rizika je tema kojom se bave kompanije iz širokog spektra djelatnosti i na temelju iste donose važne odluke za buduće poslovanje. Vrlo je važno strateški se opredijeliti i odabrati ključne odluke i unutar sustava upravljanja informacijskim sustavima. Različiti rizici koji proizlaze iz prijetnji i ranjivosti računalne opreme, osoblja koje je zaduženo za upravljanje tom opremom i sustavima za koje je informacijska tehnologija podrška, ugrožavaju temeljni cilj informacijskih sustava, da rade efektivno i efikasno. Procjena rizika informacijskih sustava temelji se na identificiranju prijetnji i ranjivosti, te određivanju vjerojatnosti njihovih ostvarenja, a time i vjerojatnost ostvarenja rizika. U trenutku kada je vjerojatnost događaja opisanog indikatorima koji ga mogu prouzročiti poznata, može se raspravljati i o matematičkim modelima pomoću kojih je moguće izračunati vjerojatnost događaja u budućnosti. Ako je pored procjena, poznata i statistička analiza u obliku zapisa stvarnih događaja, tada je statistički model moguće razviti u ozbiljan alat za podršku odlučivanju prilikom upravljanja informacijskim sustavima. U radu je prikazan model koji objedinjuje procjenu rizika informacijskih sustava i Bayesovu teoriju odlučivanja.Risk protection has long been one of the main tasks of companies in a wide scope of business. From extensive range of risks the cyber-risks highlight as one of the most important. Cyber-risks are generated from hackers, malicious software, disgruntled employees, competitors, and many other sources both internal and external. Internal and external attacks on corporate assets and rapidly growing technology forced corporate management to conduct more appropriate awareness of the information security risks to information assets. The information security risk assessment, when performed correctly, can give corporate managers the information they need in order to understand and control the risks to their assets. The risks are in much more detail analysed in economic sectors, but in recent years there is increasing of risk assessment practice in the world of information technology. The model presented in this paper integrates the management and analysis of information risks and decision-making theory and thus creates a framework for the integrated management information system based on the technological risk assessment and Bayesian learning. The paper shows simulation and two case study scenarios in which is presented a potentially wide range of usage

The Impact of Information System Risk Management on the Frequency and Intensity of Security Incidents

The survey identified positive effects of work on information security risk management. Regarding the survey results of information system incidents, a significant reduction was recorded in the number of system downtime incidents. The scope of implementation of the risk assessment methodology is the whole ICT system, and therefore the implementation covers all parts of information assets. Positive effects are obtained by reducing the risk by known mitigation methods. Technical details of the implemented control measures were not considered in this paper. In accordance with the standards used in methodology development, significant and increasing levels of user awareness of ICT systems have been considered. The effects of all implemented measures have resulted in a significant increase in the availability of parts of ICT systems

Awareness About Information Security And Privacy Among Healthcare Employees

Aim: The aim of this study was to analyze healthcare employees’ knowledge of information security and potentially risky behavior on the Internet considering demographic parameters and in comparison with the standardized behavioral norms among Internet users in Croatia. Methods: The study was conducted as a cross- sectional study. Healthcare employees from three hospitals in different geographical areas (Osijek, Pula and Zagreb) were included in this study. The validated UISAQ (Users’ Information Security Awareness Questionnaire) was used for data collection. The questionnaire contains 33 questions, grouped in two scales and six subscales, and participants were self-evaluated using Likert scale. The time period of data collection was the summer of 2017. Results: Surveyed healthcare employees show significantly less risky behavior and overall better knowledge than the average Internet user in Croatia. Female participants display online behavior that is less risky than that of the male participants ; participants with a university degree are better at PC maintenance, while participants with a high school diploma are more skeptical in regard to loss of personal or professional data. Older people are significantly more careful and lend their access data to other colleagues at work less often. Conclusion: Healthcare employees included in this study display partially better results than the average Internet users in Croatia when it comes to their knowledge and potentially risky online behavior. However, their average estimations are only partially better than referent estimations and their scores are not very high, especially when it comes to their awareness measured in the “Security in Communications” and “Secured Data” subscales. As there is high risk of losing data because of the nature of business protocols, healthcare employees need more education and training in order for their awareness regarding the importance of information security and privacy to increase

Data Visualization Classification Using Simple Convolutional Neural Network Model

Data visualization is developed from the need to display a vast quantity of information more transparently. Data visualization often incorporates important information that is not listed anywhere in the document and enables the reader to discover significant data and save it in longer-term memory. On the other hand, Internet search engines have difficulty processing data visualization and connecting visualization and the request submitted by the user. With the use of data visualization, all blind individuals and individuals with impaired vision are left out. This article utilizes machine learning to classify data visualizations into 10 classes. Tested model is trained four times on the dataset which is preprocessed through four stages. Achieved accuracy of 89 % is comparable to other methods’ results. It is showed that image processing can impact results, i.e. increasing or decreasing level of details in image impacts on average classification accuracy significantly

Development and Validation of Users' Information Security Awareness Questionnaire (UISAQ)

Dosadašnja su istraživanja pokazala kako je čovjek najslabija karika u sigurnosnom sustavu te kako ne postoji pouzdan način mjerenja rizičnosti čovjekova ponašanja u vidu narušavanja sigurnosti informacijskog sustava. Cilj je istraživanja bio razviti valjan i pouzdan instrument koji će mjeriti utjecaj korisnika na sigurnost informacijskog sustava. U tu je svrhu kreiran Upitnik znanja i rizičnog ponašanja korisnika informacijskog sustava (UZPK ; Velki i Šolić, 2014 ; prema Velki, Šolić i Očević, 2014). Istraživanje je provedeno u tri vala prikupljanja podataka. Prvi se uzorak sastojao od 135 studenata druge godine preddiplomskog studija na kojem je provjerena konstruktna valjanost, pouzdanost i osjetljivost pojedinih subskala te odabrane odgovarajuće čestice. Drugi se uzorak sastojao od 211 studenata i zaposlenika, a na njemu su provjerene metrijske karakteristike poboljšanog instrumenta te je dobivena konačna verzija UZPK (k=33), koja se dijeli na dvije skale: Skala rizičnog ponašanja računalnih korisnika (k=17) [sastoji se od tri supskale: Supskala uobičajenih rizičnih ponašanja korisnika računala (k=6), Supskala održavanja osobnih računalnih sustava (k=6) i Supskala posuđivanja pristupnih podataka (k=5)] te Skala znanja o informacijskoj sigurnosti (k=16) (također se sastoji od tri supskale: Supskala stupnja sigurnosti računalne komunikacije (k=5), Supskala uvjerenja o sigurnosti računalnih podataka (k=5) i Supskala važnosti pravilne pohrane računalnih podataka (k=6). Treći se uzorak sastajao od 152 zaposlenika i na njemu je validiran UZPK. Dobivena je dobra konstruktna valjanost, sve skale i supskale imaju zadovoljavajuće metrijske karakteristike (pouzdanost i osjetljivost) te je dobivena i dobra kriterijska valjanost. Može se zaključiti kako Upitnik predstavlja valjan i pouzdan mjerni instrument, zadovoljavajućih psihometrijskih karakteristika

Proposal for a web portal managing registration for student accommodation in a dormitory

A proposal for developing a database model and a web portal for managing registration for student accommodation in a dormitory is given in this paper. The portal has two user profiles and corresponding functionalities; they are intended for users/students and administrators, respectively. In the process of application for student accommodation in a dormitory, every student has to provide data referring to GPA, i.e. academic achievement at school, level of education, university, parents’ status, household members, the number of siblings and their school age, and household monthly income. There are also extra conditions that could ensure direct allocation of accommodation at a dormitory. After the application process deadline has expired, the administrator can either accept or decline applications. At the end of the application process, the final ranking list can be published and made accessible. Advantages of using a web portal for the dormitory accommodation election and application process are e.g. better accessibility and the fact that students are exempt from delivering the necessary application documentation personally. In that way, costs are reduced, efficiency at work is increased and the possibility of making errors when entering and processing data is significantly lower

Empirical Study on the Correlation between User Awareness and Information Security

There are many existing high quality technical security solutions, but ongoing cyberwar is still not suppressed, which implies that there is a need for new concepts in information security. It is possible that the problem persists because the existing technical solutions have not included human factors. Those solutions are mostly focused on the attacker but should also be focused on the user as the integral part of the safeguarded system. It is possible that the user presents the weakest element in the security chain as the internal treats are among the most frequent information security issues. In this paper the authors analyse empirical data collected by simulation of e mail user behaviour caused by their level of security awareness. Results of this study confirm hypotheses that users can significantly influence the overall information system security level as well as private and business data used in e mail communication. The aim of this paper is to stress the problem of human influence on the information system security among technicians involved in developing technical security solutions, such as software engineers developing new algorithms for spam filters

Cost optimization and work quality improvement of small and medium enterprises in service activities by using a web application

The aim of this paper is the development of a web application for ordering in the service sector of small and medium enterprises with the purpose of optimizing the opportunity costs. A special focus is placed on the amount of services rendered, which increases with the minimization of cancelled orders that are not timely replaced with new ones, but also on the quality control of the performed services that reflects on the motivation of employees or their replacement with new ones in order to improve the business. The following web technologies were used while developing the web application: HTML, CSS, JavaScript, PHP and MySQL. An insight into the technologies used to create web applications is given and some of the basic concepts used in the web application are explained. The paper describes the functionality and design of the web application. The analysis of cost effectiveness through managerial control, management systems, digitization of businesses and employees evaluation is given. The functionality of this web application is aimed at small and medium enterprises engaged in the service industry