Assessing the Energy Performance of Public University in Malaysia by using Energy Conservation Measure (ECM): A Case Study of UiTM Tapah, Malaysia

The growth of energy consumption in Malaysian universities has elevated national concern because it increases government annual expenditure and at the same time influence the national energy performance. In managing the energy performance of universities, it is significant to monitor the energy usage whereby areas and facilities that have the potential for energy savings can be audited in order to obtain energy-efficiency. The objective of this research is to focus on the energy performance processes conducted by identify and evaluate a various of the Energy Conservation Measure (ECM) that may contribute towards energy efficiency in the public universities. ECM has been used to acquire achievable solutions and improvement of energy consumption during the energy audit. A related information on energy audit, like electrical and mechanical systems specifications have been compiled and the use of energy have been profiled. A potential finding method used was a comparative analysis between energy implementation process before and after audit. It has been found that the significant processes in an energy audit can help to save energy consumption by comparing the energy implementation process. It is done through an investigation of energy consumption behaviour in the ECM process for the electrical and mechanical systems, and buildings activities that have an impact on energy consumption which allow energy-efficiency in a building. A case study of UiTM in Tapah Campus, Malaysia has been selected for this research since this university is among new public university in Malaysia that has higher energy users.  It has been found that with the aid of ECM, this university will be able to achieve 135 kWh/m2/year of Building Energy Index (BEI). Eight (8) improvement strategies in ECMs have been suggested that significantly achieve the energy performance efficiency, involving eight (8) strategies, which are four (4) No-Cost Measures, two (2) Medium-Cost Measures and two (2) High-Cost Measures

Reviewing Cybersecurity Awareness Training Tools Used to Address Phishing Attack at the Workplace

Public sector data and sensitive information are a prime target for cyberattacks. There are numerous popular security tools used across the globe to achieve automated network protection. This study reviews the following tools within the current study: KnowBe4, PhishingBox, PhishInsight, PhishThreat, PhishMe, and Gophish. The rationale behind the detailed review is comparing and contrasting various cybersecurity awareness training tools used to address phishing attacks at the workplace. The selected tools can be used as assessment or enhancement awareness tools; this depends on each tools settings and system due to its integrated models and flexibility. Furthermore, social engineering attacks are recurrently evolving, so different security tools strengths and weaknesses could help pick the right instrument for spotting and responding to digital attacks. As a result, this study discusses the drawbacks of the selected tools that can guide developers and services providers in improving the existing phishing awareness tools

Employee Awareness on Phishing Threats: A Comparison of Related Frameworks and Models

Data and sensitive information in the public sector are major targets for cyberattacks. Officials in the public sector have developed a wide range of frameworks, models, and technology to help employees understand the risk of phishing attacks. However, these models havent been able to meet the total needs of institutions in terms of security. This study reviews the awareness frameworks and models used to increase users awareness of phishing scams and highlights the problems and drawbacks. Moreover, this study compares the various cybersecurity awareness frameworks and models. The findings show a need to enhance current phishing awareness frameworks and models that can handle phishing attacks in the workplace while also converting them into cybersecurity training input, mainly via a digital learning platform

Reviewing Cybersecurity Awareness Training Tools Used to Address Phishing Attack at the Workplace

Public sector data and sensitive information are a prime target for cyberattacks. There are numerous popular security tools used across the globe to achieve automated network protection. This study reviews the following tools within the current study: KnowBe4, PhishingBox, PhishInsight, PhishThreat, PhishMe, and Gophish. The rationale behind the detailed review is comparing and contrasting various cybersecurity awareness training tools used to address phishing attacks at the workplace. The selected tools can be used as assessment or enhancement awareness tools; this depends on each tools settings and system due to its integrated models and flexibility. Furthermore, social engineering attacks are recurrently evolving, so different security tools strengths and weaknesses could help pick the right instrument for spotting and responding to digital attacks. As a result, this study discusses the drawbacks of the selected tools that can guide developers and services providers in improving the existing phishing awareness tools

Vulnerabilities detection using attack recognition technique in multi-factor authentication

Authentication is one of the essentials components of information security. It has become one of the most basic security requirements for network communication. Today, there is a necessity for a strong level of authentication to guarantee a significant level of security is being conveyed to the application. As such, it expedites challenging issues on security and efficiency. Security issues such as privacy and data integrity emerge because of the absence of control and authority. In addition, the bigger issue for multi-factor authentication is on the high execution time that leads to overall performance degradation. Most of existing studies related to multi-factor authentication schemes does not detect weaknesses based on user behavior. Most recent research does not look at the efficiency of the system by focusing only on improving the security aspect of authentication. Hence, this research proposes a new multi-factor authentication scheme that can withstand attacks, based on user behavior and maintaining optimum efficiency. Experiments have been conducted to evaluate this scheme. The results of the experiment show that the processing time of the proposed scheme is lower than the processing time of other schemes. This is particularly important after additional security features have been added to the scheme

Cybersecurity Vulnerabilities in Smart Grids with Solar Photovoltaic: A Threat Modelling and Risk Assessment Approach

Cybersecurity is a growing concern for smart grids, especially with the integration of solar photovoltaics (PVs). With the installation of more solar and the advancement of inverters, utilities are provided with real-time solar power generation and other information through various tools. However, these tools must be properly secured to prevent the grid from becoming more vulnerable to cyber-attacks. This study proposes a threat modeling and risk assessment approach tailored to smart grids incorporating solar PV systems. The approach involves identifying, assessing, and mitigating risks through threat modeling and risk assessment. A threat model is designed by adapting and applying general threat modeling steps to the context of smart grids with solar PV. The process involves the identification of device assets and access points within the smart grid infrastructure. Subsequently, the threats to these devices were classified utilizing the STRIDE model. To further prioritize the identified threat, the DREAD threat-risk ranking model is employed. The threat modeling stage reveals several high-risk threats to the smart grid infrastructure, including Information Disclosure, Elevation of Privilege, and Tampering. Targeted recommendations in the form of mitigation controls are formulated to secure the smart grid’s posture against these identified threats. The risk ratings provided in this study offer valuable insights into the cybersecurity risks associated with smart grids incorporating solar PV systems, while also providing practical guidance for risk mitigation. Tailored mitigation strategies are proposed to address these vulnerabilities. By taking proactive measures, energy sector stakeholders may strengthen the security of their smart grid infrastructure and protect critical operations from potential cyber threats

An accuracy of attack detection using attack recognition technique in multi-factor authentication scheme

One popular scheme used for authentication security is the implementation of multi-factor authentication (MFA). There have been several researches that discusses on multi-factor authentication scheme but most of these research do not entirely protect data against all types of attacks. Furthermore, most current research only focuses on improving the security part of authentication while neglecting other important parts such as the systems accuracy. Accuracy is based on how perfect is the system able to identify a genuine user or an intruder. Current multifactor authentication schemes were simply not designed to have security and accuracy as their focus. Accuracy can be measured as the success rate on tasks that requires a certain degree. For instance, the number of users who is successfully logging into the system using any technique provides a measure of accuracy. Usually, accuracy demands of users are impacted by other demands such as recall of required information, environmental, or other factors. In authentication, the accuracy factor was identified through the device pairing studies. In many cases in the authentication system requires users to enter a password or biometric traits with 100 percent accuracy for comparing it. Nevertheless, this research analyzes the level of accuracy based on the biometric accuracy of authentication. In this paper will explain the evaluation process on the accuracy level of the proposed authentication to get a highly accurate performance, which is based on FAR (false acceptance rate) and FRR (false rejection rate). Result from the experiment shows that the accuracy of proposed scheme is better than the accuracy of other previous schemes. This is even after additional security features has been added to the scheme

My Guardian: a personal safety mobile application

Smartphones have become somewhat essential and most people have one on hand at all times. Smartphones have been considered a blessing as it has many capabilities and is not just limited to calling and text messaging unlike the regular mobile phone. It can be utilised by converting it into an emergency safety device that can be used when users are placed in a potentially unsafe and dangerous situation. It will ease the process of getting help by allowing users to quickly notify people of an emergency situation with a press of a button. My Guardian, a personal safety application developed for smartphones, intends to help allow users to notify a set of predefined contacts when they feel they are in an unsafe situation or is simply nervous about travelling alone. With a press of a button, the application will send a text message to these contacts with their location coordinates and a personalized emergency alert message

Cybersecurity risk assessment: modeling factors associated with higher education institutions

Most universities rely heavily on Information Technology (IT) to process their information and support their vision and mission. This rapid advancement in internet technology leads to increased cyberattacks in Higher Education Institutions (HEIs). To secure their infrastructure from cyberattacks, they must implement the best cybersecurity risk management approach, which involves technological and education-based solutions, to safeguard their environment. However, the main challenges in existing cybersecurity risk management approaches are limited knowledge of how organizations can determine or minimize the significance of risks. As a result, this research seeks to advance understanding to establish a risk assessment model for universities to measure and evaluate the risk in HEIs. The proposed model is based on theoretical aspects that we organized as follows: First, we review the existing cybersecurity frameworks to identify the suitability and limitation of each model. Next, we review current works on cybersecurity risk assessment in HEIs to evaluate the proposed risk assessment approaches, scope and steps. Based on the information gathered, we developed a risk assessment model. Finally, we conclude the study with directions for future research. The result presented from this study may give an insig1ht for HEIs staff to analyze what is to be assessed, how to measure the severity of the risk, and determine the level of risk acceptance, improving their decision-making on risk management

Healthcare Practitioner Behaviours That Influence Unsafe Use Of Hospital Information Systems

This study aims to investigate healthcare practitioner behaviour in adopting Health Information Systems which could affect patients’ safety and quality of health. A qualitative study was conducted based on a semi-structured interview protocol on 31 medical doctors in three Malaysian government hospitals implementing the Total Hospital Information Systems. The period of study was between March and May 2015. A thematic qualitative analysis was performed on the resultant data to categorize them into relevant themes. Four themes emerged as healthcare practitioners’ behaviours that influence the unsafe use of Hospital Information Systems. The themes include (1) carelessness, (2) workarounds, (3) noncompliance to procedure, and (4) copy and paste habit. By addressing these behaviours, the hospital management could further improve patient safety and the quality of patient care