Information Quality Structure Framework In Developing An Information Security Management System (ISMS)

Organisations are progressively aware that information security is an important aspect of their business strategy. The awareness make organisations to achieve an ideal level of management system to establish and maintain a secure information environment. Hence, organisations are currently applying for information security management system (ISMS) to effectively manage their information assets. ISMS will ensure that the right people, processes and technologies are in place, and facilitates a proactive approach to manage security and risk. Unfortunately, limited scholarly investigation has been undertaken to present a need of properly defined steps of process approach in which a structured way of managing ISMS within an organisation is provided. This is due to the well-known process approach, “Plan-Do-Check-Act” lifecycle model which is unable to give information on how organisations should develop security objectives and ISMS strategies. Also, there are no recognized and standard ISMS frameworks for action. The lack of standardized and trustable ISMS methods, and complexity of ISMS standards has caused practitioners to face difficulties in understanding the ISMS requirements. However, after the daunting task on choosing one preferred methods, practitioners are also required to gather information to complete all the ISMS requirement planning. Practically, practitioners gather information in a surveillance mode rather than in decision mode. Hence, practitioners are required to evaluate the collected information resource in order to eliminate all the “garbage” information. Therefore, this research aims to provide an Information Quality Structure Framework for ISMS. This study adopts a mixed method and explanatory sequential approaches to achieve the research objectives. After an extensive literature review, the quantitative study begins with descriptive study in order to determine components of information structure. Then Likert structured questionnaire was distributed and the findings have been analyzed using Rasch Measurement Model (RMM) and SEM-PLS. Qualitative analysis was done by validating the framework on ensuring the proposed framework conforms to real working ISMS specification and its usefulness for organisations. Semi-structured interview among six expert panel in ISMS industry were conducted. The results from this study, managed to develop Information Quality Structure Framework for ISMS. The proposed framework consists of (1) information structure focuses on providing layout of information which is organized in a way, in which the components are put together to form a meaningful structure which can be navigated at any time and (2) quality dimensions: accuracy, objective, completeness, reliability and verifiability ensure the quality of information and (3) provide a synthesis of information quality dimensions parameters to ensure the quality of information is emphasized throughout the ISMS process. The proposed framework contributes to the field of ISMS, certification area and also contributes information quality theory in ISMS field. The proposed framework provides an awareness on knowing beforehand what to do and to what extent they are already conquering the quality information needed for getting clear direction and to develop ISMS

Customer profiling using classification approach for bank telemarketing

Telemarketing is a type of direct marketing where a salesperson contacts the customers to sell products or services over the phone. The database of prospective customers comes from direct marketing database. It is important for the company to predict the set of customers with highest probability to accept the sales or offer based on their personal characteristics or behaviour during shopping. Recently, companies have started to resort to data mining approaches for customer profiling. This project focuses on helping banks to increase the accuracy of their customer profiling through classification as well as identifying a group of customers who have a high probability to subscribe to a long-term deposit. In the experiments, three classification algorithms are used, which are Naïve Bayes, Random Forest, and Decision Tree. The experiments measured accuracy percentage, precision and recall rates and showed that classification is useful for predicting customer profiles and increasing telemarketing sales

E-store management using bell-lapadula access control security model

Generally, the existing store management system does not provide any access control mechanism in order to manage resources. All levels of user have the same right to access the store and borrow the equipment. Therefore, the E-Store management system using Bell- LaPadula access control model was proposed. The prototyping methodology was used to develop the system because methodology model is quickly constructed to test or illustrate design features and ideas, in order to gather user feedback. Moreover, the system is built using hypertext processor (PHP) language. The E-Store system has three types of users, which are known as top management of Welding Department, lecturers and students. The user’s access control is divided by high-level privilege to lower-level privilege. Therefore, each user will have different login interface according to their role and access right to the system. Through the system, high-level user manages in and out equipment flow, manages authorization, view history log in activity and verify complaint report. Lower-level user can view list of equipment, report complaint and damage equipment and borrow equipment. The E-Store management system is expected to manage the store effectively and reduced redundancy issues of equipment requested. The user access right has been assigned based on their access leve

E-store management using bell-lapadula access control security model

Generally, the existing store management system does not provide any access control mechanism in order to manage resources. All levels of user have the same right to access the store and borrow the equipment. Therefore, the E-Store management system using Bell- LaPadula access control model was proposed. The prototyping methodology was used to develop the system because methodology model is quickly constructed to test or illustrate design features and ideas, in order to gather user feedback. Moreover, the system is built using hypertext processor (PHP) language. The E-Store system has three types of users, which are known as top management of Welding Department, lecturers and students. The user’s access control is divided by high-level privilege to lower-level privilege. Therefore, each user will have different login interface according to their role and access right to the system. Through the system, high-level user manages in and out equipment flow, manages authorization, view history log in activity and verify complaint report. Lower-level user can view list of equipment, report complaint and damage equipment and borrow equipment. The E-Store management system is expected to manage the store effectively and reduced redundancy issues of equipment requested. The user access right has been assigned based on their access leve

You tube spam comment detection using support vector machine and k–nearest neighbor

Social networking such as YouTube, Facebook and others are very popular nowadays. The best thing about YouTube is user can subscribe also giving opinion on the comment section. However, this attract the spammer by spamming the comments on that videos. Thus, this study develop a YouTube detection framework by using Support Vector Machine (SVM) and K-Nearest Neighbor (k-NN). There are five (5) phases involved in this research such as Data Collection, Pre-processing, Feature Selection, Classification and Detection. The experiments is done by using Weka and RapidMiner. The accuracy result of SVM and KNN by using both machine learning tools show good accuracy result. Others solution to avoid spam attack is trying not to click the link on comments to avoid any problem

A conceptual framework of info structure for information security risk assessment (ISRA)

Information security has become a vital entity to most organizations today due to current trends in information transfer through a borderless and vulnerable world. The concern and interest in information security is mainly due to the fact that information security risk assessment (ISRA) is a vital method to not only to identify and prioritize information assets but also to identify and monitor the specific threats that an organization induces; especially the chances of these threats occurring and their impact on the respective businesses. However, organizations wanting to conduct risk assessment may face problems in selecting suitable methods that would augur well in meeting their needs. This is due to the existence of numerous methodologies that are readily available. However, there is a lack in agreed reference benchmarking as well as in the comparative framework for evaluating these ISRA methods to access the information security risk. Generally, organizations will choose the most appropriate ISRA method by carrying out a comparative study between the available methodologies in detail before a suitable method is selected to conduct the risk assessment. This paper suggests a conceptual framework of info-structure for ISRA that was developed by comparing and analysing six methodologies which are currently available. The info�structure for ISRA aims to assist organizations in getting a general view of ISRA flow, gath�ering information on the requirements to be met before risk assessment can be conducted successfully. This info-structure can be conveniently used by organizations to complete all the required planning as well as the selection of suitable methods to complete the ISRA

Information structure framework for ISMS planning and certification: Malaysian data

Information security are becoming an important aspect of organizations. Organisations also are progressively conscious of its important in their business strategy. The awareness make organisations are currently applying for information security management system (ISMS) to effectively manage their information assets. Therefore, this research aims to provide an Information Structure Framework for ISMS planning and certification. Then Likert structured questionnaire was distributed and the findings have been analyzed using Rasch Measurement Model (RMM). The results from this study, managed to develop Information Structure Framework for ISMS. The proposed framework consists of information structure focuses on providing the information outline which is structured in a way, in which the components are put together to form a meaningful structure which can be navigated at any time. The framework contributes to the field of ISMS and certification area. The framework provides an awareness on knowing beforehand what to do and to what extent they are already conquering the information needed for getting clear direction and to develop ISMS

Analysis of Four Historical Ciphers Against Known Plaintext Frequency Statistical Attack

The need of keeping information securely began thousands of years. The practice to keep the information securely is by scrambling the message into unreadable form namely ciphertext. This process is called encryption. Decryption is the reverse process of encryption. For the past, historical ciphers are used to perform encryption and decryption process. For example, the common historical ciphers are Hill cipher, Playfair cipher, Random Substitution cipher and Vigenère cipher. This research is carried out to examine and to analyse the security level of these four historical ciphers by using known plaintext frequency statistical attack. The result had shown that Playfair cipher and Hill cipher have better security compare with Vigenère cipher and Random Substitution cipher

Data wiping tool: ByteEditor Technique

This Wiping Tool is an anti-forensic tool that is built to wipe data permanently from laptop’s storage. This tool is capable to ensure the data from being recovered with any recovery tools. The objective of building this wiping tool is to maintain the confidentiality and integrity of the data from unauthorized access. People tend to delete the file in normal way, however, the file face the risk of being recovered. Hence, the integrity and confidentiality of the deleted file cannot be protected. Through wiping tools, the files are overwritten with random strings to make the files no longer readable. Thus, the integrity and the confidentiality of the file can be protected. Regarding wiping tools, nowadays, lots of wiping tools face issue such as data breach because the wiping tools are unable to delete the data permanently from the devices. This situation might affect their main function and a threat to their users. Hence, a new wiping tool is developed to overcome the problem. A new wiping tool named Data Wiping tool is applying two wiping techniques. The first technique is Randomized Data while the next one is enhancing wiping technique, known as ByteEditor. ByteEditor is a combination of two different techniques, byte editing and byte deletion. With the implementation of Object�Oriented methodology, this wiping tool is built. This methodology consists of analyzing, designing, implementation and testing. The tool is analyzed and compared with other wiping tools before the designing of the tool start. Once the designing is done, implementation phase take place. The code of the tool is created using Visual Studio 2010 with C# language and being tested their functionality to ensure the developed tool meet the objectives of the project. This tool is believed able to contribute to the development of wiping tools and able to solve problems related to other wiping tools

Malware awareness tool for internet safety using gamification techniques

Malwares are detrimental to those who are ignorant of their existence. However, the adverse effects of malwares can be easily avoided by being aware of Internet safety. In this paper, a malware awareness tool targeted for university students was developed. The Game Development Lifecycle (GDLC) model was applied in developing this tool. The tool development phase began with initiation, then pre-production, production, testing, beta testing, and ended with the release phase. Once the malware awareness tool was developed, functionality tests and awareness level tests were conducted on university students to ensure the tool is fully operative. Through the tests, it was shown that this tool was received with positive responses from its target users. As for the awareness level test, a majority of 15 students were aware of the purpose of the gamification in the malware awareness tool. In a nutshell, the malware awareness tool that was developed raised university student's consciousness on malwares and increased their awareness level pertaining to Internet threats