Enhancing Cybersecurity Competency in the Kingdom of Saudi Arabia:A Fuzzy Decision-Making Approach

The Kingdom of Saudi Arabia(KSA)has achieved significant milestones in cybersecurity.KSA has maintained solid regulatorymechanisms to prevent,trace,and punish offenders to protect the interests of both individual users and organizations from the online threats of data poaching and pilferage.The widespread usage of Information Technology(IT)and IT Enable Services(ITES)reinforces securitymeasures.The constantly evolving cyber threats are a topic that is generating a lot of discussion.In this league,the present article enlists a broad perspective on how cybercrime is developing in KSA at present and also takes a look at some of the most significant attacks that have taken place in the region.The existing legislative framework and measures in the KSA are geared toward deterring criminal activity online.Different competency models have been devised to address the necessary cybercrime competencies in this context.The research specialists in this domain can benefit more by developing a master competency level for achieving optimum security.To address this research query,the present assessment uses the Fuzzy Decision-Making Trial and Evaluation Laboratory(Fuzzy-DMTAEL),Fuzzy Analytic Hierarchy Process(F.AHP),and Fuzzy TOPSIS methodology to achieve segment-wise competency development in cyber security policy.The similarities and differences between the three methods are also discussed.This cybersecurity analysis determined that the National Cyber Security Centre got the highest priority.The study concludes by perusing the challenges that still need to be examined and resolved in effectuating more credible and efficacious online security mechanisms to offer amoreempowered ITES-driven economy for SaudiArabia.Moreover,cybersecurity specialists and policymakers need to collate their efforts to protect the country’s digital assets in the era of overt and covert cyber warfare.

Federated Network Intelligence Orchestration for Scalable and Automated FL-Based Anomaly Detection in B5G Networks

The management of network intelligence in Beyond 5G(B5G)networks encompasses the complex challenges of scalability,dynamicity,interoperability,privacy,and security.These are essential steps towards achieving the realization of truly ubiquitous Artificial Intelligence(AI)-based analytics,empowering seamless integration across the entire Continuum(Edge,Fog,Core,Cloud).This paper introduces a Federated Network Intelligence Orchestration approach aimed at scalable and automated Federated Learning(FL)-based anomaly detection in B5Gnetworks.By leveraging a horizontal Federated learning approach based on the FedAvg aggregation algorithm,which employs a deep autoencoder model trained on non-anomalous traffic samples to recognize normal behavior,the systemorchestrates network intelligence to detect and prevent cyber-attacks.Integrated into a B5G Zero-touch Service Management(ZSM)aligned Security Framework,the proposal utilizes multi-domain and multi-tenant orchestration to automate and scale the deployment of FL-agents and AI-based anomaly detectors,enhancing reaction capabilities against cyber-attacks.The proposed FL architecture can be dynamically deployed across the B5G Continuum,utilizing a hierarchy of Network Intelligence orchestrators for real-time anomaly and security threat handling.Implementation includes FL enforcement operations for interoperability and extensibility,enabling dynamic deployment,configuration,and reconfiguration on demand.Performance validation of the proposed solution was conducted through dynamic orchestration,FL,and real-time anomaly detection processes using a practical test environment.Analysis of key performance metrics,leveraging the 5G-NIDD dataset,demonstrates the system’s capability for automatic and near real-time handling of anomalies and attacks,including real-time network monitoring and countermeasure implementation for mitigation.

The Transformation of German Security Policy in the Context of the Russia–Ukraine Crisis

Germany has recently taken multiple actions to adjust its security policy: for instance, promoting re-militarization, increasing foreign military intervention and overseas operations, and adopting measures to comprehensively safeguard security in the domains of energy, supply chain, and ideology. Externally, such moves result directly from the threat of a hot war emanating from the Russia–Ukraine crisis. Germany is severely deficient in hard power and the rules and order on which it previously relied are proving increasingly ineffective. The nation is also witnessing a sharply rising sense of insecurity as its inter-system competition with nonWestern countries intensifies. Internally, the present policy shift represents a continuation of German foreign policy transformations initiated during the Merkel era. This change is strongly driven by the new ruling coalition, especially the Green Party, and is staunchly supported by the public. In the future, Germany will probably further normalize its military, intensify its confrontations with non-Western countries, and diversify its means of comprehensively safeguarding security. However, security-related policy transformation processes will be time-consuming and Germany’s investments will not immediately pay off. Traditionally, Germany tends toward the pragmatic and balanced implementation of policies. Thus, it is less likely to pursue military hegemony than to increasingly assume security responsibilities within the Western alliance.

SMINER:Detecting Unrestricted and Misimplemented Behaviors of Software Systems Based on Unit Test Cases

Despite the advances in automated vulnerability detection approaches,security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems.Such security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data leakage.Therefore,it is an essential task to discover unrestricted and misimplemented behaviors of a system.However,it is a daunting task for security experts to discover such vulnerabilities in advance because it is timeconsuming and error-prone to analyze the whole code in detail.Also,most of the existing vulnerability detection approaches still focus on detecting memory corruption bugs because these bugs are the dominant root cause of software vulnerabilities.This paper proposes SMINER,a novel approach that discovers vulnerabilities caused by unrestricted and misimplemented behaviors.SMINER first collects unit test cases for the target system from the official repository.Next,preprocess the collected code fragments.SMINER uses pre-processed data to show the security policies that can occur on the target system and creates a test case for security policy testing.To demonstrate the effectiveness of SMINER,this paper evaluates SMINER against Robot Operating System(ROS),a real-world system used for intelligent robots in Amazon and controlling satellites in National Aeronautics and Space Administration(NASA).From the evaluation,we discovered two real-world vulnerabilities in ROS.

Evolving National Security: A Roadmap from Present to Future in Renewable and Nonrenewable Energy Policies (A Technical Review)

This comprehensive exploration delves into the intricate dynamics of national security policies in the realm of renewable and nonrenewable energy sources.From the present landscape characterized by the diversification of energy portfolios to the long-term vision encompassing nuclear fusion,this article navigates through the nuanced interplay of technology,resilience,and environmental responsibility.The synthesis of established nuclear fission technologies and evolving renewable sources forms the cornerstone of a strategic approach,addressing challenges and opportunities to ensure a secure,sustainable energy future.

On Development of Platform for Organization Security Threat Analytics and Management (POSTAM) Using Rule-Based Approach

The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define the sets of security issues, controls and organisation’s commitment for seamless integration with knowledge based platforms in order to protect critical assets and data. Such platforms are needed to evaluate and share violations which can create security loop-hole. The lack of rules-based approaches for discovering potential threats at organisation’s context, poses a challenge for many organisations in safeguarding their critical assets. To address the challenge, this paper introduces a Platform for Organisation Security Threat Analytic and Management (POSTAM) using rule-based approach. The platform enhances strategies for combating information security threats and thus improves organisations’ commitment in protecting their critical assets. R scripting language for data visualization and java-based scripts were used to develop a prototype to run on web protocol. MySQL database management system was used as back-end for data storage during threat analytic processes.

Security Policies for Web Service Invocation of Automotive Industry Chain Collaboration Platform

To meet the actual requirements of an automotive industry chain collaboration platform （AICCP）, this paper offers several simple but effective security policies based upon the traditional security mechanism of data transfer, including user ID verification with SOAP （simple object access protocol）, header, SOAP message encryption with SOAP extension and XML （extensible markup language） file encryption and decryption. Application of these policies to the AICCP for more than one year proves the effectiveness of the data exchange practice between the AICCP and enterprise Intranet.

Fuzzy VIKOR Approach to Evaluate the Information Security Policies and Analyze the Content of Press Agencies in Gulf Countries

A news agency is an organization that gathers news reports and sells them to subscribing news organization, such as newspapers, magazines, radio and television broadcasters. A news agency may also be referred to as a wire service, newswire, or news service. The main purpose of this paper is to evaluate the security policies and analyze the content of five press agencies in gulf countries which are (Kuwait News Agency (KUNA), Emirates News Agency (WAM), Saudi Press Agency (SPA), Bahrain News Agency (BNA), and Oman News Agency (OMA)) by using a fuzzy VIKOR approach where linguistic variables are applied to solve the uncertainties and subjectivities in expert decision making. Fuzzy VIKOR approach is one of the best Multi-Criteria Decision Making (MCDM) techniques working in fuzzy environment. This study benefits security and content analysis experts know which press agency has the mandate and the competence to educate the public on news agencies. Besides, this paper contributes to Gulf agencies in helping them in their resolve to ensure the quality of content information and information security policies over the internet.

An optimal coupling incentive mechanism concerning insider’s compliance behavior towards marine information security policy

It is widely agreed that the insider’s noncompliance to the marine information security policies has brought about a major security problem in the organizational context.Previous research has stressed the potential of remunerative control,i.e.,reward,to better understand this problem.Few studies have been devoted to the exploration of the coupling incentive mechanism of tangible and intangible rewards that would induce insider’s compliance behavior towards the marine information security policy.In the present study,we address this research gap by proposing a theoretical model that explains the optimal coupling incentive mechanism of these two different types of remunerative control.Our findings have delivered insightful implications for practice and research on how to improve the marine information security policy compliance in a more subtle way.

Simulation of the role of emphasis on scheduling in the optimal incentive scheme for marine engineering employee’s routine job and information security compliance

In the organizational context of marine engineering,employee individual often prefers to concentrate herself to the day-to-day routine job,but to shirk the responsibilities of the Information Security Policies(ISPs)compliance,after she has been delegated by the employer to perform the two different tasks in the same time period.This would lead to negative influences on the security of marine information systems and the employee’s routine job performance.In view of the task structures of employee’s routine job and marine ISPs compliance,the variables of emphasis on scheduling are incorporated into a multi-task principal-agent model to explore the optimal incentive scheme to motivate and control the employees to select appropriate effort levels for conducting the two highly structured tasks.The role of emphasis on scheduling on the incentive intensities for the two tasks have been clarified through modeling and simulation,and the corresponding incentive tactics are suggested.The new two-task incentive scheme is expected to provide useful insight for understanding and controlling marine engineering employee’s routine job and ISPs compliance behavior.

Understanding the deterrence effect of punishment for marine information security policies non-compliance

In the organizational setting of marine engineering,a significant number of information security incidents have been arised from the employees’failure to comply with the information security policies(ISPs).This may be treated as a principal-agent problem with moral hazard between the employer and the employee for the practical compliance effort of an employee is not observable without high cost-.On the other hand,according to the deterrence theory,the employer and the employee are inherently self-interested beings.It is worth examining to what extent the employee is self-interested in the marine ISPs compliance context.Moreover,it is important to clarify the proper degree of severity of punishment in terms of the deterrent effect.In this study,a marine ISPs compliance game model has been proposed to evaluate the deterrence effect of punishment on the non-compliance behavior of employee individuals.It is found that in a non-punishment contract,the employee will decline to comply with the marine ISPs;but in a punishment contract,appropriate punishment will lead her to select the marine ISPs compliance effort level expected by the employer,and cause no potential backfire effect.

Semantic Description and Verification of Security Policy Based on Ontology

To solve the shortage problem of the semantic descrip- tion scope and verification capability existed in the security policy, a semantic description method for the security policy based on ontology is presented. By defining the basic elements of the security policy, the relationship model between the ontology and the concept of security policy based on the Web ontology language （OWL） is established, so as to construct the semantic description framework of the security policy. Through modeling and reasoning in the Protege, the ontology model of authorization policy is proposed, and the first-order predicate description logic is introduced to the analysis and verification of the model. Results show that the ontology-based semantic description of security policy has better flexibility and practicality.

CSchema： A Downgrading Policy Language for XML Access Control

The problem of regulating access to XML documents has attracted much attention from both academic and industry communities. In existing approaches, the XML elements specified by access policies axe either accessible or inaccessible according to their sensitivity. However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible. This paper proposes a policy language to accommodate such cases, which can express the downgrading operations on sensitive data in XML documents through explicit calculations on them. The proposed policy language is called calculation-embedded schema （CSchema）, which extends the ordinary schema languages with protection type for protecting sensitive data and specifying downgrading operations. CSchema language has a type system to guarantee the type correctness of the embedded calculation expressions and moreover this type system also generates a security view after type checking a CSchema policy. Access policies specified by CSchema are enforced by a validation procedure, which produces the released documents containing only the accessible data by validating the protected documents against CSchema policies. These released documents are then ready to be accessed by, for instance, XML query engines. By incorporating this validation procedure, other XML processing technologies can use CSchema as the access control module.