A Systematic Mapping Study of Access Control in the Internet of Things

Internet of Things (IoT) provide wide range of services in both domestic and industrial environments. Access control plays a crucial role as to granting access rights to users and devices when an IoT device is connected to a network. Over the years, traditional access control models such as RBAC and ABAC have been extended to the IoT. Additionally, several other approaches have also been proposed for the IoT. This research performs a systematic mapping study of the research that has been conducted on the access control in the IoT. Based on the formulated search strategy, 1,617 articles were collected and screened for review. The systematic mapping study conducted in the paper answers three research questions regarding the access control in the IoT, i.e., what kind of access control related concerns have been raised in the IoT so far? what kind of solutions have been presented to improve access control in the IoT? what kind of research gaps have been identified in the access control research in the IoT? To the best of our knowledge, this is the first systematic mapping study performed on this topic

Usage of Technology enabled Services in Healthcare

https://scholar.dsu.edu/research-symposium/1006/thumbnail.jp

Compliance Based Penetration Testing as a Service

The current penetration testing method practiced in the information systems domain is insufficient to protect information systems. Penetration testing is done as a part of the final acceptance criteria before the system is released into a production environment. Once the system is in production, the environment and configuration are bound to change for various reasons, especially in cloud environments. This change has the potential to create vulnerabilities, and hackers take advantage of them. In cloud service models like PaaS, security is a shared responsibility of tenant and provider, and it is challenging to perform penetration testing. This paper introduces a new method called Compliance Based Penetration Testing (CBPT). The CBPT method is targeted specifically for PaaS environments to identify critical issues in cloud-based environments. As the cloud is the way moving forward, this approach will be beneficial and save effort and cost for all cloud consumers

Compliance Based Penetration Testing as a Service

The current penetration testing method practiced in the information systems domain is insufficient to protect information systems. Penetration testing is part of the final acceptance criteria before the system is released into a production environment. Once the system is in production, the environment and configuration are bound to change for various reasons, especially in cloud environments. This change can create vulnerabilities, and hackers take advantage of them. In cloud service models like PaaS, security is a shared responsibility of tenant and provider, and it is challenging to perform penetration testing. This paper introduces a new method called Compliance Based Penetration Testing (CBPT). The CBPT method explicitly targets PaaS environments to identify critical issues in cloud-based environments. As the cloud is the way moving forward, this approach will be beneficial and save effort and cost for all cloud consumers

Towards Trusted Data Processing for Information and Intelligence Systems

Data is a valued asset and its security is essential for any enterprise and organization. This paper introduces Trusted Data Processing (TDP) and addresses three fundamental questions in TDP: 1) what are the essential requirements to achieve TDP? 2) what security mechanisms and safeguards are available to ensure TDP? 3) how to integrate TDP to practice? Based on the attacks targeting at data assets and their consequences, the requirements to achieve TDP, including data security, data privacy, accountability, transparency, distributed computing, and trusted elements, are identified. Available security mechanisms and safeguards to ensure TDP are discussed. This paper also summarizes the challenges to achieve TDP and provides a practical guidance to achieve TDP through the integration with NIST Cybersecurity Framework

Improving the Effectiveness of Security Controls to Prevent APT Attacks

An advanced persistent threat (APT) is a prolonged, aimed attack on a specific target. Cyber attackers gain access to a system or network and remain there for an extended period without being detected. The goal of APT attackers is generally stealing data and intellectual property. Despite all the awareness, technological advancements, and massiveinvestment, the fight against APTs is a losing battle. A false sense of security is a belief that the organization is safer than it is . We researched whether organizations have a false sense of security against APT attacks and what contributes to that belief. Our research indicated that employees were not confident about organizations’ cybersecurity posture. In this paper, we discuss one of our research contributions, which suggests remediation strategies that organizations can employ to increase the effectiveness of security controls against APT attacks

What are Healthcare Providers\u27 Perceptions of Health Information Technology Project Training?

Technological change in the healthcare environment provides opportunities to improve quality of care, increase patient satisfaction and reduce costs. However, employee training is seen as a major factor that influences the change management processes of healthcare projects. This research focuses on the healthcare providers’ perceptions of Health Information Technology project training. A qualitative survey was used to collect physicians’ and healthcare provider responses. Open coding was used to analyze the data. Our findings reveal that the physicians and healthcare providers are not satisfied with the Health Information Technology project training. From the analysis, we identify five categories that influence user training

A False Sense of Security — Organizations Need a Paradigm Shift on Protecting Themselves against APTs

Advanced Persistent Threats (APTs) are among the most complex cyberattacks and are generally executed by cyber-attackers linked to nation-states. An organization may have security strategies to prevent APTs. However, a false sense of security may exist when the focus is on implementing security strategies but not on the effectiveness of implemented security strategies. This research aims to find out 1) if organizations are in a false sense of security while preventing APT attacks, 2) what factors influence the false sense of security, and 3) whether organizational culture influence factors contributing to the false sense of security. A theoretical model is developed to evaluate the sense of security to answer the three research questions. The initial model includes seven independent variables, one moderator variable, and one dependent variable. We designed and conducted a survey among cybersecurity professionals to test 14 hypotheses on the sense of security. We further refined and finalized the model based on the data analysis from the survey data. This research confirms that employees are not confident about organizations‟ cybersecurity posture despite all the awareness training, technological advancements, and massive investment. We also identified key factors which influence the employee perception of cybersecurity posture. Based on the research findings, we provided recommendations that can be followed to improve the effectiveness of implemented security strategies

Improving the Effectiveness of Security Controls to Prevent APT Attacks

An advanced persistent threat (APT) is a prolonged, aimed attack on a specific target. Cyber attackers gain access to a system or network and remain there for an extended period without being detected. The goal of APT attackers is generally stealing data and intellectual property. Despite all the awareness, technological advancements, and massive investment, the fight against APTs is a losing battle. A false sense of security is a belief that the organization is safer than it is. We researched whether organizations have a false sense of security against APT attacks and what contributes to that belief. Our research indicated that employees were not confident about organizations’ cybersecurity posture. In this paper, we discuss one of our research contributions, which suggests remediation strategies that organizations can employ to increase the effectiveness of security controls against APT attacks

Classification of COVID-19 Cases: The Customized Deep Convolutional Neural Network and Transfer Learning Approach

The recent advancements under the umbrella of artificial intelligence (AI) open opportunities to tackle complex problems related to image analysis. Recently, the proliferation of COVID-19 brought multiple challenges to medical practitioners, such as precise analysis and classification of COVID-19 cases. Deep learning (DL) and transfer learning (TL) techniques appear to be attractive solutions. To provide the precise classification of COVID-19 cases, this article presents a customized Deep Convolutional Neural Network (DCNN) and pre-trained TL model approach. Our pipeline accommodated several popular pre-trained TL models, namely DenseNet121, ResNet50, InceptionV3, EfficientNetB0, and VGG16, to classify COVID-19 positive and negative cases. We evaluated and compared the performance of these models with a wide range of measures, including accuracy, precision, recall, and F1 score for classifying COVID-19 cases based on chest X-rays. The results demonstrate that our customized DCNN model performed well with randomly assigned weights, achieving 98.5% recall and 97.0% accuracy