Cybersecurity posture research in small organizations

This study presents the results of empirical research of cybersecurity posture of small organizations in North Macedonia. The results are present as quantitative determined value within a defined taxonomy based on the theoretical foundation of prospect theory and status quo bias. The analyzed quantity is a relation between two key parameters of the cybersecurity posture of an organization, the cybersecurity readiness and the decision makers’ perceived risk of cyber-attack. The study also consists of a comparative analysis between these results and gain results during other studies in EU and USA

Cybersecurity posture research in small organizations

This study presents the results of empirical research of cybersecurity posture of small organizations in North Macedonia. The results are present as quantitative determined value within a defined taxonomy based on the theoretical foundation of prospect theory and status quo bias. The analyzed quantity is a relation between two key parameters of the cybersecurity posture of an organization, the cybersecurity readiness and the decision makers’ perceived risk of cyber-attack. The study also consists of a comparative analysis between these results and gain results during other studies in EU and USA

Implementation of a System for Physiological Status Monitoring by using Tactical Military Networks

E-health sensors are continuing to become more advanced and more reliable in monitoring the human physiological status. There is a continuous scope for improvement in their implementation in different emergency situations. Military organisations can take an advantage of this technology for applying physiological status monitoring on personnel engaged in military operations. This implementation is driven by continuous enhancements of existing communication equipment that produces more data capable radio networks in military environment. Based on these technologies we are proposing system communication architecture for applying real-time physiological status monitoring for personnel engaged in military operations. To examine the proposed architecture, a laboratory testing was performed. The laboratory work included a definition of military communication equipment, testing the received data with custom developed algorithm based on Markov decision process for automating the medical emergency protocol (MDP-AMEP) and implementation of adequate data protocols for data transmitting. Obtained results showed that physiological status of the military personnel can be successfully monitored by using tactical military network

Evaluation of the uncertainty contribution of the natural thermocouple characteristics in the empirical modelling of temperature during metal cutting process

This paper gives a recommendation of including the measurements uncertainty contribution of the natural thermocouple characteristics in the process of empirical modelling of the average temperature during machining process by turning. It is proposed that the calculated uncertainty value of this source should be a part of the overall uncertainty budget of the coefficients/degrees of the resulting power empirical model. The paper includes results of an example where thermo-voltage vs. temperature recordings of the natural thermocouple were analysed by the proposed approach

Eмпириско истражување на кибер безбедносната готовност на електронските и информациските системи

Оваа истражување ги презентира резултатите од емпириското истражување на сајбер безбедносната положба на малите организации во Северна Македонија. Резултатите се дадени како квантитативно одредена вредност во рамките на дефинирана таксономија заснована на теоријата на перспектива и сатус кво теоријата. Анализираната големина е однос помеѓу два клучни параметри на сајбер-безбедноста на една организација, сајбер-безбедносната подготвеност и перципираниот ризик за сајбер-напад од страна на носителите на одлуки. Истражувањето исто така содржи компаративна анализа помеѓу овие резултати и добиените резултати за време на други истражувања во ЕУ и САД

NOTIONES - iNteracting netwOrk of inTelligence and securIty practitiOners with iNdustry and acadEmia actorS

With cyberattacks becoming more and more dangerous in the current, connected digital landscape, it is necessary to develop methods and technologies to tackle them. The EU funded NOTIONES project will address the danger by building a network of practitioners from security and intelligence services. It will bring together 30 partners, practitioners from military, civil, financial, judiciary, local, national and international security and intelligence services from 9 EU Member States and 6 Associated Countries. Together they will monitor the results of academic research and industrial innovation and suggest actions. NOTIONES will organise and participate in workshops and conferences to present its findings to the broad intelligence community

ROOTKITS – CYBER SECURITY CHALLENGES AND MECHANISMS FOR PROTECTION

АbstractA rootkit is a collection of computer software, typically malicious, that has the intention to infiltrate the operatingsystem (OS) or database, avoiding detection, resist removal and maintain privileged access to the system. Manyrootkits are designed to attack the "root", or kernel, of the OS and therefore work without disclosing their presenceto the computer owner.A rootkit is one of the most dangerous malware programs because it allows any program to gain access to differentlevels of the operating system. Rootkit’s detection is difficult because a rootkit may be able to subvert the softwarethat is intended to find it, and usually the only effective way to remove it is to perform a clean reinstallation of theoperating system. Because rootkits can hijack or subvert security software, making it likely that this type ofmalware could live on your computer for a long time causing significant damage, with that positioning as one ofthe biggest concerns for IT administrators.This paper aims to review the types of rootkits, their attack methods, as well as to describe the detection andprevention methods against this type of malware.Key words: Rootkit, Backdoor, prevention, securit

E-LEARNING – CYBER SECURITY CHALLENGES AND PROTECTION MECHANISMS

АbstractIn the successful functioning of modern society, the traditional educational methods are not enough, andnew methods must be introduced. Given the constant development of technology today, a high-qualityworkforce is needed as much as possible. The fast changes in the modern way of living are forcing a lifein virtual spaces, in which smart devices are an essential part.The e-learning concept offers several advantages to educational organizations that use this technology,including short and effective training, flexibility, and modulation. The Internet is increasingly used for avariety of online courses, so one of the essential tasks is understanding the e-learning security issues.The security aspect is very important for the companies creating e-learning platforms, which shouldconsider the safety of the instructors, the students, as well as the companies / educational institutionsthat use the services. In this paper, we will look at the threats to the security and privacy of the mostpopular e-learning systems and suggest methods for overcoming those challenges.Keywords: e-learning, threats, security and privacy

TOOLS AND TECHNIQUES FOR MITIGATION AND PROTECTION AGAINST SQL INJECTION ATACKS

AbstractMost of the services we enjoy on the Web are provided by database applications. Web-based email, onlineshopping, forums, corporate web sites, and portals are all database-driven. To build a modern web site, youneed to develop a database application, usually a SQL database, which is responsible for managing data ina structured way. Recent attacks can lead ad to the conclusion that web applications are insufficientlyprotected and are the biggest threat to database security. The most popular form of attacks is the SQLinjection attacks that use the data entry, search and username or password fields to inject code into the SQLdatabase.These attacks can detect sensitive data, alter database data, or destroy an entire database. An attacker couldeven damage the operating system. Usually, the SQL injection attacks are just an introduction to some otherattacks, so preventing these attacks can also mean protection from other potentially more dangerous attacks.The purpose of this paper is to review the most common SQL Injection attacks, as well as to proposetechnical solutions and measures that can contribute to the mitigation of this kind of attacks.Key words: SQL injection, vulnerabilities, security, privac

SECURITY AND PRIVACY WITH E-LEARNING SOFTWARE

AbstractE-learning is becoming an increasingly common form of teaching process. It is most often used in holdingcourses, seminars, conferences, and similar lectures, but it can also be effectively implemented for the teachingprocess in high schools and colleges. The increase in demand for tools that would enable this process also raisesthe development of concepts and practical solutions to these problems. A number of tools and services areavailable for the practical realization of e-learning. An important aspect of these solutions is data security andprivacy. Implementation approaches and policies are individual to the providers of such services. But notcompletely. However, they are also subject to legal regulations. Within the European Union, the GDPR (GeneralData Protection Regulation) privacy policy is in force, which obliges private companies to have an ethical attitudetowards the user data they own. In essence, this regulation calls for transparency. In that sense, the companymust clearly state what type of user data it has, how it collects it, how it protects its privacy and for what purposeit uses it. The user must be notified of this in a timely manner and give his consent. Additionally, if the userrequests a report at any time and for any reason for the data that the company has about him, the company isobliged to submit it. If the company does not offer such transparency to customers in the European Union, it maybe subject to legal sanctions. Because online services generally operate worldwide, these privacy policies arewidely accepted, and because of the good ethical practice they imply, some companies implement them for usersaround the world.This paper will analyze 4 potential e-learning software solutions: ZOOM, Microsoft Teams,BigBlueButton and BlueJeans. An overview of their general functionalities, policies and functionalities within thesecurity, policies, and functionalities within the protection of user data privacy, as well as the GDPR complianceof each of these platforms will be given.Keywords: cyber security, e-learning, videoconference, GDRP complianc