This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
This article explores the evolution of cloud computing, its advantages over traditional on-premises infrastructure, and its impact on information security. The study presents a comprehensive literature review covering...This article explores the evolution of cloud computing, its advantages over traditional on-premises infrastructure, and its impact on information security. The study presents a comprehensive literature review covering various cloud infrastructure offerings and security models. Additionally, it deeply analyzes real-life case studies illustrating successful cloud migrations and highlights common information security threats in current cloud computing. The article concludes by offering recommendations to businesses to protect themselves from cloud data breaches and providing insights into selecting a suitable cloud services provider from an information security perspective.展开更多
In the era of the digital economy,the informatization degree of various industries is getting deeper and deeper,and network information security has also come into people’s eyes.Colleges and universities are in the p...In the era of the digital economy,the informatization degree of various industries is getting deeper and deeper,and network information security has also come into people’s eyes.Colleges and universities are in the position of training applied talents,because of the needs of teaching and education,as well as the requirements of teaching reform,the information construction of colleges and universities has been gradually improved,but the problem of network information security is also worth causing people to ponder.The low security of the network environment will cause college network information security leaks,and even hackers will attack the official website of the university and leak the personal information of teachers and students.To solve such problems,this paper studies the protection of college network information security against the background of the digital economy era.This paper first analyzes the significance of network information security protection,then points out the current and moral problems,and finally puts forward specific countermeasures,hoping to create a safe learning environment for teachers and students for reference.展开更多
The elliptic curve cryptography algorithm represents a major advancement in the field of computer security. This innovative algorithm uses elliptic curves to encrypt and secure data, providing an exceptional level of ...The elliptic curve cryptography algorithm represents a major advancement in the field of computer security. This innovative algorithm uses elliptic curves to encrypt and secure data, providing an exceptional level of security while optimizing the efficiency of computer resources. This study focuses on how elliptic curves cryptography helps to protect sensitive data. Text is encrypted using the elliptic curve technique because it provides great security with a smaller key on devices with limited resources, such as mobile phones. The elliptic curves cryptography of this study is better than using a 256-bit RSA key. To achieve equivalent protection by using the elliptic curves cryptography, several Python libraries such as cryptography, pycryptodome, pyQt5, secp256k1, etc. were used. These technologies are used to develop a software based on elliptic curves. If built, the software helps to encrypt and decrypt data such as a text messages and it offers the authentication for the communication.展开更多
In this paper,we aim to design a practical low complexity low-density parity-check(LDPC)coded scheme to build a secure open channel and protect information from eavesdropping.To this end,we first propose a punctured L...In this paper,we aim to design a practical low complexity low-density parity-check(LDPC)coded scheme to build a secure open channel and protect information from eavesdropping.To this end,we first propose a punctured LDPC coded scheme,where the information bits in a codeword are punctured and only the parity check bits are transmitted to the receiver.We further propose a notion of check node type distribution and derive multi-edge type extrinsic information transfer functions to estimate the security performance,instead of the well-known weak metric bit error rate.We optimize the check node type distribution in terms of the signal-to-noise ratio(SNR)gap and modify the progressive edge growth algorithm to design finite-length codes.Numerical results show that our proposed scheme can achieve a lower computational complexity and a smaller security gap,compared to the existing scrambling and puncturing schemes.展开更多
We advance here a novel methodology for robust intelligent biometric information management with inferences and predictions made using randomness and complexity concepts. Intelligence refers to learning, adap- tation,...We advance here a novel methodology for robust intelligent biometric information management with inferences and predictions made using randomness and complexity concepts. Intelligence refers to learning, adap- tation, and functionality, and robustness refers to the ability to handle incomplete and/or corrupt adversarial information, on one side, and image and or device variability, on the other side. The proposed methodology is model-free and non-parametric. It draws support from discriminative methods using likelihood ratios to link at the conceptual level biometrics and forensics. It further links, at the modeling and implementation level, the Bayesian framework, statistical learning theory (SLT) using transduction and semi-supervised lea- rning, and Information Theory (IY) using mutual information. The key concepts supporting the proposed methodology are a) local estimation to facilitate learning and prediction using both labeled and unlabeled data;b) similarity metrics using regularity of patterns, randomness deficiency, and Kolmogorov complexity (similar to MDL) using strangeness/typicality and ranking p-values;and c) the Cover – Hart theorem on the asymptotical performance of k-nearest neighbors approaching the optimal Bayes error. Several topics on biometric inference and prediction related to 1) multi-level and multi-layer data fusion including quality and multi-modal biometrics;2) score normalization and revision theory;3) face selection and tracking;and 4) identity management, are described here using an integrated approach that includes transduction and boosting for ranking and sequential fusion/aggregation, respectively, on one side, and active learning and change/ outlier/intrusion detection realized using information gain and martingale, respectively, on the other side. The methodology proposed can be mapped to additional types of information beyond biometrics.展开更多
This paper advances new directions for cyber security using adversarial learning and conformal prediction in order to enhance network and computing services defenses against adaptive, malicious, persistent, and tactic...This paper advances new directions for cyber security using adversarial learning and conformal prediction in order to enhance network and computing services defenses against adaptive, malicious, persistent, and tactical offensive threats. Conformal prediction is the principled and unified adaptive and learning framework used to design, develop, and deploy a multi-faceted?self-managing defensive shield to detect, disrupt, and deny intrusive attacks, hostile and malicious behavior, and subterfuge. Conformal prediction leverages apparent relationships between immunity and intrusion detection using non-conformity measures characteristic of affinity, a typicality, and surprise, to recognize patterns and messages as friend or foe and to respond to them accordingly. The solutions proffered throughout are built around active learning, meta-reasoning, randomness, distributed semantics and stratification, and most important and above all around adaptive Oracles. The motivation for using conformal prediction and its immediate off-spring, those of semi-supervised learning and transduction, comes from them first and foremost supporting discriminative and non-parametric methods characteristic of principled demarcation using cohorts and sensitivity analysis to hedge on the prediction outcomes including negative selection, on one side, and providing credibility and confidence indices that assist meta-reasoning and information fusion.展开更多
In view of the problems existing in the teaching of Mathematics Foundations of Information Security,such as emphasizing theory but neglecting practice,combined with the concept of engineering education certification a...In view of the problems existing in the teaching of Mathematics Foundations of Information Security,such as emphasizing theory but neglecting practice,combined with the concept of engineering education certification and emerging engineering education teaching reform,this paper combs the knowledge points and learning context of Mathematics Foundations of Information Security,puts forward a new teaching mode of Mathematics Foundations of Information Security with algorithm as the core,and gives the teaching content,organization form and assessment method.Thus,it improves the students’learning interest and practical ability,and improves the achievement of graduation requirements.展开更多
The popularization of mobile devices has caused considerable impact on the security of the military of the Republic of China.The military barrack-areas have long been faced the control of mobile devices four issues:th...The popularization of mobile devices has caused considerable impact on the security of the military of the Republic of China.The military barrack-areas have long been faced the control of mobile devices four issues:the lack of accurate use of resources,the lack of protection of the mobile device from the overall point of view,the unclear division of responsibility among specialized agencies,and unclear members’responsibilities for their own duties.This study applies the structure behavior coalescence(SBC)methodology to integrate the organizational structure of the participating management and control units with effective management behaviors in a visualized and useful manner.The units can effectively communicate with each other and solve the four issues faced by the military barrack-areas for the control of mobile devices.This research fulfills improving the lack of control of the military mobile devices by using of management resources effectively and the establishment of mobile devices management with the overall concept,and strengthening the rights and responsibilities and information security awareness,through the logical verification and enterprise interview results.展开更多
The contemporary environment within which command,control,communications,computers and intelligence (C4I platforms exist, have a number of characteristics. These characteristics may be most obviously identified as int...The contemporary environment within which command,control,communications,computers and intelligence (C4I platforms exist, have a number of characteristics. These characteristics may be most obviously identified as interconnectivity, international networking, speed of data transfer, the compact nature of electronic information and rapidly changing technology. Information security professionals employ a variety of approaches in order to counter risks within this complex and fluid environment. The gamut of potential security activities ranges form access control through a variety of auditing techniques to secure data communications. This field is broad and well documented. Indeed, the discipline of network risk management and data security is both well developed and sophisticated.This paper addresses twin themes:i.The fundamental issue of the method by which specific approaches are employed. This is a precursor to the adoption of an eventual strategy.ii.The crucial issues revolving around the展开更多
With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT...With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognized their responsibilities to safeguard physical and information assets. Security standards can be used as guideline or framework to develop and maintain an adequate information security management system (ISMS). The standards ISO/IEC 27000, 27001 and 27002 are international standards that are receiving growing recognition and adoption. They are referred to as “common language of organizations around the world” for information security [1]. With ISO/IEC 27001 companies can have their ISMS certified by a third-party organization and thus show their customers evidence of their security measures.展开更多
The aim of this work is mathematical education through the knowledge system and mathematical modeling. A net model of formation of mathematical knowledge as a deductive theory is suggested here. Within this model the ...The aim of this work is mathematical education through the knowledge system and mathematical modeling. A net model of formation of mathematical knowledge as a deductive theory is suggested here. Within this model the formation of deductive theory is represented as the development of a certain informational space, the elements of which are structured in the form of the orientated semantic net. This net is properly metrized and characterized by a certain system of coverings. It allows injecting net optimization parameters, regulating qualitative aspects of knowledge system under consideration. To regulate the creative processes of the formation and realization of mathematical know- edge, stochastic model of formation deductive theory is suggested here in the form of branching Markovian process, which is realized in the corresponding informational space as a semantic net. According to this stochastic model we can get correct foundation of criterion of optimization creative processes that leads to “great main points” strategy (GMP-strategy) in the process of realization of the effective control in the research work in the sphere of mathematics and its applications.展开更多
AIM To establish minimum clinically important difference(MCID) for measurements in an orthopaedic patient population with joint disorders.METHODS Adult patients aged 18 years and older seeking care for joint condition...AIM To establish minimum clinically important difference(MCID) for measurements in an orthopaedic patient population with joint disorders.METHODS Adult patients aged 18 years and older seeking care for joint conditions at an orthopaedic clinic took the Patient-Reported Outcomes Measurement Information System Physical Function(PROMIS~? PF) computerized adaptive test(CAT), hip disability and osteoarthritis outcome score for joint reconstruction(HOOS JR), and the knee injury and osteoarthritis outcome score for joint reconstruction(KOOS JR) from February 2014 to April 2017. MCIDs were calculated using anchorbased and distribution-based methods. Patient reports of meaningful change in function since their first clinic encounter were used as an anchor.RESULTS There were 2226 patients who participated with a mean age of 61.16(SD = 12.84) years, 41.6% male, and 89.7% Caucasian. Mean change ranged from 7.29 to 8.41 for the PROMIS~? PF CAT, from 14.81 to 19.68 for the HOOS JR, and from 14.51 to 18.85 for the KOOS JR. ROC cut-offs ranged from 1.97-8.18 for the PF CAT, 6.33-43.36 for the HOOS JR, and 2.21-8.16 for the KOOS JR. Distribution-based methods estimated MCID values ranging from 2.45 to 21.55 for the PROMIS~? PF CAT; from 3.90 to 43.61 for the HOOS JR, and from 3.98 to 40.67 for the KOOS JR. The median MCID value in the range was similar to the mean change score for each measure and was 7.9 for the PF CAT, 18.0 for the HOOS JR, and 15.1 for the KOOS JR.CONCLUSION This is the first comprehensive study providing a wide range of MCIDs for the PROMIS? PF, HOOS JR, and KOOS JR in orthopaedic patients with joint ailments.展开更多
The security breaches of sensitive information have remained difficult to solve due to increased malware programs and unauthorized access to data stored in critical assets. As risk appetite differ from one organizatio...The security breaches of sensitive information have remained difficult to solve due to increased malware programs and unauthorized access to data stored in critical assets. As risk appetite differ from one organization to another, it prompts the threat analysis tools be integrated with organization’s information security policy so as to ensure security controls at local settings. However, it has been noted that the current tools for threat assessment processes have not encompassed information security policy for effective security management (i.e.?confidentiality, integrity and availability) based on organization’s risk appetite and culture. The information security policy serves as a tool to provide guidance on how to manage and secure all business operations including critical assets, infrastructure and people in the organization. This guidance (e.g. usage and controls) facilitates the provisions for threat assessment and compliance based on local context. The lack of effective threat assessment frameworks at local context have promoted the exposure of critical assets such as database servers, mails servers, web servers and user smart-devices at the hand of attackers and thus increase risks and probability to compromise the assets. In this paper we have proposed a conceptual framework for security threat assessment based on organization’s information security policy. Furthermore, the study proposed the policy automation canvas for provision of a methodology to alert the security managers what possible threats found in their organizations for quick security mitigation without depending on security expertise.展开更多
The subversive nature of information war lies not only in the information itself, but also in the circulation and application of information. It has always been a challenge to quantitatively analyze the function and e...The subversive nature of information war lies not only in the information itself, but also in the circulation and application of information. It has always been a challenge to quantitatively analyze the function and effect of information flow through command, control, communications, computer, kill, intelligence,surveillance, reconnaissance (C4KISR) system. In this work, we propose a framework of force of information influence and the methods for calculating the force of information influence between C4KISR nodes of sensing, intelligence processing,decision making and fire attack. Specifically, the basic concept of force of information influence between nodes in C4KISR system is formally proposed and its mathematical definition is provided. Then, based on the information entropy theory, the model of force of information influence between C4KISR system nodes is constructed. Finally, the simulation experiments have been performed under an air defense and attack scenario. The experimental results show that, with the proposed force of information influence framework, we can effectively evaluate the contribution of information circulation through different C4KISR system nodes to the corresponding tasks. Our framework of force of information influence can also serve as an effective tool for the design and dynamic reconfiguration of C4KISR system architecture.展开更多
The purpose of this study is to examine the nature and content of the rapidly evolving undergraduate Principles of Information/Cybersecurity course which has been attracting an ever-growing attention in the computing ...The purpose of this study is to examine the nature and content of the rapidly evolving undergraduate Principles of Information/Cybersecurity course which has been attracting an ever-growing attention in the computing discipline, for the past decade. More specifically, it is to provide an impetus for the design of standardized principles of Information/Cybersecurity course. To achieve this, a survey of colleges and universities that offer the course was conducted. Several schools of engineering and business, in universities and colleges across several countries were surveyed to generate necessary data. Effort was made to direct the questionnaire only to Computer Information System (CIS), Computer Science (CS), Management Information System (MIS), Information System (IS) and other computer-related departments. The study instrument consisted of two main parts: one part addressed the institutional demographic information, while the other focused on the relevant elements of the course. There are sixty-two (62) questionnaire items covering areas such as demographics, perception of the course, course content and coverage, teaching preferences, method of delivery and course technology deployed, assigned textbooks and associated resources, learner support, course assessments, as well as the licensure-based certifications. Several themes emerged from the data analysis: (a) the principles course is an integral part of most cybersecurity programs;(b) majority of the courses examined, stress both strong technical and hands-on skills;(c) encourage vendor-neutral certifications as a course exit characteristic;and (d) an end-of-course class project, remains a standard requirement for successful course completion. Overall, the study makes it clear that cybersecurity is a multilateral discipline, and refuses to be confined by context and content. It is envisaged that the results of this study would turn out to be instructive for all practical purposes. We expect it to be one of the most definitive descriptive models of such a cardinal course, and help to guide and actually, shape the decisions of universities and academic programs focusing on information/cyber security in the updating and upgrading their curricula, most especially, the foundational principles course in light of new findings that are herein articulated.展开更多
This study examines the key factors that have impact on the successful adoption of Human Resource Information System (HRIS) within the Aqaba Special Economic Zone Authority (ASEZA)/Jordan. In order to accomplish the p...This study examines the key factors that have impact on the successful adoption of Human Resource Information System (HRIS) within the Aqaba Special Economic Zone Authority (ASEZA)/Jordan. In order to accomplish the purpose of the study four critical factors are inquired. So, four critical factors are inquired: First, TAM Model (Perceived Ease of Use (PEOU) and Perceived Usefulness (PU)). Second, Information Technology Infrastructure (ITI). Third, Top Management Support (TMS). Finally, Individual Experience with Computer (IEC). The research model was applied to collect data from the questionnaires answered by 45 users of HRIS as a source of primary data, based on a convenience sample the response rate was about 91%. In addition, the results were analyzed by utilizing the Statistical Package for Social Software (SPSS). Furthermore, the findings were analyzed;multiple Regression analysis indicated that all research variables have significant relationship on successful adoption of HRIS. The findings indicated IT infrastructures have a positive and significant effect on the successful adoption of HRIS. But there is no significant of PU, PEOU, TMS, and IEC on the successful adoption of HRIS. Finally, the results indicated that no significant statistical differences of demographic characteristics on HRIS adoption. Depending on the research’s findings;the researchers proposed a set of recommendations for better adoption of HRIS in SEZA.展开更多
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
文摘This article explores the evolution of cloud computing, its advantages over traditional on-premises infrastructure, and its impact on information security. The study presents a comprehensive literature review covering various cloud infrastructure offerings and security models. Additionally, it deeply analyzes real-life case studies illustrating successful cloud migrations and highlights common information security threats in current cloud computing. The article concludes by offering recommendations to businesses to protect themselves from cloud data breaches and providing insights into selecting a suitable cloud services provider from an information security perspective.
文摘In the era of the digital economy,the informatization degree of various industries is getting deeper and deeper,and network information security has also come into people’s eyes.Colleges and universities are in the position of training applied talents,because of the needs of teaching and education,as well as the requirements of teaching reform,the information construction of colleges and universities has been gradually improved,but the problem of network information security is also worth causing people to ponder.The low security of the network environment will cause college network information security leaks,and even hackers will attack the official website of the university and leak the personal information of teachers and students.To solve such problems,this paper studies the protection of college network information security against the background of the digital economy era.This paper first analyzes the significance of network information security protection,then points out the current and moral problems,and finally puts forward specific countermeasures,hoping to create a safe learning environment for teachers and students for reference.
文摘The elliptic curve cryptography algorithm represents a major advancement in the field of computer security. This innovative algorithm uses elliptic curves to encrypt and secure data, providing an exceptional level of security while optimizing the efficiency of computer resources. This study focuses on how elliptic curves cryptography helps to protect sensitive data. Text is encrypted using the elliptic curve technique because it provides great security with a smaller key on devices with limited resources, such as mobile phones. The elliptic curves cryptography of this study is better than using a 256-bit RSA key. To achieve equivalent protection by using the elliptic curves cryptography, several Python libraries such as cryptography, pycryptodome, pyQt5, secp256k1, etc. were used. These technologies are used to develop a software based on elliptic curves. If built, the software helps to encrypt and decrypt data such as a text messages and it offers the authentication for the communication.
文摘In this paper,we aim to design a practical low complexity low-density parity-check(LDPC)coded scheme to build a secure open channel and protect information from eavesdropping.To this end,we first propose a punctured LDPC coded scheme,where the information bits in a codeword are punctured and only the parity check bits are transmitted to the receiver.We further propose a notion of check node type distribution and derive multi-edge type extrinsic information transfer functions to estimate the security performance,instead of the well-known weak metric bit error rate.We optimize the check node type distribution in terms of the signal-to-noise ratio(SNR)gap and modify the progressive edge growth algorithm to design finite-length codes.Numerical results show that our proposed scheme can achieve a lower computational complexity and a smaller security gap,compared to the existing scrambling and puncturing schemes.
文摘We advance here a novel methodology for robust intelligent biometric information management with inferences and predictions made using randomness and complexity concepts. Intelligence refers to learning, adap- tation, and functionality, and robustness refers to the ability to handle incomplete and/or corrupt adversarial information, on one side, and image and or device variability, on the other side. The proposed methodology is model-free and non-parametric. It draws support from discriminative methods using likelihood ratios to link at the conceptual level biometrics and forensics. It further links, at the modeling and implementation level, the Bayesian framework, statistical learning theory (SLT) using transduction and semi-supervised lea- rning, and Information Theory (IY) using mutual information. The key concepts supporting the proposed methodology are a) local estimation to facilitate learning and prediction using both labeled and unlabeled data;b) similarity metrics using regularity of patterns, randomness deficiency, and Kolmogorov complexity (similar to MDL) using strangeness/typicality and ranking p-values;and c) the Cover – Hart theorem on the asymptotical performance of k-nearest neighbors approaching the optimal Bayes error. Several topics on biometric inference and prediction related to 1) multi-level and multi-layer data fusion including quality and multi-modal biometrics;2) score normalization and revision theory;3) face selection and tracking;and 4) identity management, are described here using an integrated approach that includes transduction and boosting for ranking and sequential fusion/aggregation, respectively, on one side, and active learning and change/ outlier/intrusion detection realized using information gain and martingale, respectively, on the other side. The methodology proposed can be mapped to additional types of information beyond biometrics.
文摘This paper advances new directions for cyber security using adversarial learning and conformal prediction in order to enhance network and computing services defenses against adaptive, malicious, persistent, and tactical offensive threats. Conformal prediction is the principled and unified adaptive and learning framework used to design, develop, and deploy a multi-faceted?self-managing defensive shield to detect, disrupt, and deny intrusive attacks, hostile and malicious behavior, and subterfuge. Conformal prediction leverages apparent relationships between immunity and intrusion detection using non-conformity measures characteristic of affinity, a typicality, and surprise, to recognize patterns and messages as friend or foe and to respond to them accordingly. The solutions proffered throughout are built around active learning, meta-reasoning, randomness, distributed semantics and stratification, and most important and above all around adaptive Oracles. The motivation for using conformal prediction and its immediate off-spring, those of semi-supervised learning and transduction, comes from them first and foremost supporting discriminative and non-parametric methods characteristic of principled demarcation using cohorts and sensitivity analysis to hedge on the prediction outcomes including negative selection, on one side, and providing credibility and confidence indices that assist meta-reasoning and information fusion.
基金supported in part by the Cooperative Education project of production and learning of Higher Education Department of the Ministry of Education under Grant 201802095001,201801002050,201801154052.
文摘In view of the problems existing in the teaching of Mathematics Foundations of Information Security,such as emphasizing theory but neglecting practice,combined with the concept of engineering education certification and emerging engineering education teaching reform,this paper combs the knowledge points and learning context of Mathematics Foundations of Information Security,puts forward a new teaching mode of Mathematics Foundations of Information Security with algorithm as the core,and gives the teaching content,organization form and assessment method.Thus,it improves the students’learning interest and practical ability,and improves the achievement of graduation requirements.
文摘The popularization of mobile devices has caused considerable impact on the security of the military of the Republic of China.The military barrack-areas have long been faced the control of mobile devices four issues:the lack of accurate use of resources,the lack of protection of the mobile device from the overall point of view,the unclear division of responsibility among specialized agencies,and unclear members’responsibilities for their own duties.This study applies the structure behavior coalescence(SBC)methodology to integrate the organizational structure of the participating management and control units with effective management behaviors in a visualized and useful manner.The units can effectively communicate with each other and solve the four issues faced by the military barrack-areas for the control of mobile devices.This research fulfills improving the lack of control of the military mobile devices by using of management resources effectively and the establishment of mobile devices management with the overall concept,and strengthening the rights and responsibilities and information security awareness,through the logical verification and enterprise interview results.
文摘The contemporary environment within which command,control,communications,computers and intelligence (C4I platforms exist, have a number of characteristics. These characteristics may be most obviously identified as interconnectivity, international networking, speed of data transfer, the compact nature of electronic information and rapidly changing technology. Information security professionals employ a variety of approaches in order to counter risks within this complex and fluid environment. The gamut of potential security activities ranges form access control through a variety of auditing techniques to secure data communications. This field is broad and well documented. Indeed, the discipline of network risk management and data security is both well developed and sophisticated.This paper addresses twin themes:i.The fundamental issue of the method by which specific approaches are employed. This is a precursor to the adoption of an eventual strategy.ii.The crucial issues revolving around the
文摘With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognized their responsibilities to safeguard physical and information assets. Security standards can be used as guideline or framework to develop and maintain an adequate information security management system (ISMS). The standards ISO/IEC 27000, 27001 and 27002 are international standards that are receiving growing recognition and adoption. They are referred to as “common language of organizations around the world” for information security [1]. With ISO/IEC 27001 companies can have their ISMS certified by a third-party organization and thus show their customers evidence of their security measures.
文摘The aim of this work is mathematical education through the knowledge system and mathematical modeling. A net model of formation of mathematical knowledge as a deductive theory is suggested here. Within this model the formation of deductive theory is represented as the development of a certain informational space, the elements of which are structured in the form of the orientated semantic net. This net is properly metrized and characterized by a certain system of coverings. It allows injecting net optimization parameters, regulating qualitative aspects of knowledge system under consideration. To regulate the creative processes of the formation and realization of mathematical know- edge, stochastic model of formation deductive theory is suggested here in the form of branching Markovian process, which is realized in the corresponding informational space as a semantic net. According to this stochastic model we can get correct foundation of criterion of optimization creative processes that leads to “great main points” strategy (GMP-strategy) in the process of realization of the effective control in the research work in the sphere of mathematics and its applications.
基金National Institute of Arthritis and Musculoskeletal and Skin Diseases of the National Institutes of Health,No.U01AR067138.
文摘AIM To establish minimum clinically important difference(MCID) for measurements in an orthopaedic patient population with joint disorders.METHODS Adult patients aged 18 years and older seeking care for joint conditions at an orthopaedic clinic took the Patient-Reported Outcomes Measurement Information System Physical Function(PROMIS~? PF) computerized adaptive test(CAT), hip disability and osteoarthritis outcome score for joint reconstruction(HOOS JR), and the knee injury and osteoarthritis outcome score for joint reconstruction(KOOS JR) from February 2014 to April 2017. MCIDs were calculated using anchorbased and distribution-based methods. Patient reports of meaningful change in function since their first clinic encounter were used as an anchor.RESULTS There were 2226 patients who participated with a mean age of 61.16(SD = 12.84) years, 41.6% male, and 89.7% Caucasian. Mean change ranged from 7.29 to 8.41 for the PROMIS~? PF CAT, from 14.81 to 19.68 for the HOOS JR, and from 14.51 to 18.85 for the KOOS JR. ROC cut-offs ranged from 1.97-8.18 for the PF CAT, 6.33-43.36 for the HOOS JR, and 2.21-8.16 for the KOOS JR. Distribution-based methods estimated MCID values ranging from 2.45 to 21.55 for the PROMIS~? PF CAT; from 3.90 to 43.61 for the HOOS JR, and from 3.98 to 40.67 for the KOOS JR. The median MCID value in the range was similar to the mean change score for each measure and was 7.9 for the PF CAT, 18.0 for the HOOS JR, and 15.1 for the KOOS JR.CONCLUSION This is the first comprehensive study providing a wide range of MCIDs for the PROMIS? PF, HOOS JR, and KOOS JR in orthopaedic patients with joint ailments.
文摘The security breaches of sensitive information have remained difficult to solve due to increased malware programs and unauthorized access to data stored in critical assets. As risk appetite differ from one organization to another, it prompts the threat analysis tools be integrated with organization’s information security policy so as to ensure security controls at local settings. However, it has been noted that the current tools for threat assessment processes have not encompassed information security policy for effective security management (i.e.?confidentiality, integrity and availability) based on organization’s risk appetite and culture. The information security policy serves as a tool to provide guidance on how to manage and secure all business operations including critical assets, infrastructure and people in the organization. This guidance (e.g. usage and controls) facilitates the provisions for threat assessment and compliance based on local context. The lack of effective threat assessment frameworks at local context have promoted the exposure of critical assets such as database servers, mails servers, web servers and user smart-devices at the hand of attackers and thus increase risks and probability to compromise the assets. In this paper we have proposed a conceptual framework for security threat assessment based on organization’s information security policy. Furthermore, the study proposed the policy automation canvas for provision of a methodology to alert the security managers what possible threats found in their organizations for quick security mitigation without depending on security expertise.
基金supported by the Natural Science Foundation Research Plan of Shanxi Province (2023JCQN0728)。
文摘The subversive nature of information war lies not only in the information itself, but also in the circulation and application of information. It has always been a challenge to quantitatively analyze the function and effect of information flow through command, control, communications, computer, kill, intelligence,surveillance, reconnaissance (C4KISR) system. In this work, we propose a framework of force of information influence and the methods for calculating the force of information influence between C4KISR nodes of sensing, intelligence processing,decision making and fire attack. Specifically, the basic concept of force of information influence between nodes in C4KISR system is formally proposed and its mathematical definition is provided. Then, based on the information entropy theory, the model of force of information influence between C4KISR system nodes is constructed. Finally, the simulation experiments have been performed under an air defense and attack scenario. The experimental results show that, with the proposed force of information influence framework, we can effectively evaluate the contribution of information circulation through different C4KISR system nodes to the corresponding tasks. Our framework of force of information influence can also serve as an effective tool for the design and dynamic reconfiguration of C4KISR system architecture.
文摘The purpose of this study is to examine the nature and content of the rapidly evolving undergraduate Principles of Information/Cybersecurity course which has been attracting an ever-growing attention in the computing discipline, for the past decade. More specifically, it is to provide an impetus for the design of standardized principles of Information/Cybersecurity course. To achieve this, a survey of colleges and universities that offer the course was conducted. Several schools of engineering and business, in universities and colleges across several countries were surveyed to generate necessary data. Effort was made to direct the questionnaire only to Computer Information System (CIS), Computer Science (CS), Management Information System (MIS), Information System (IS) and other computer-related departments. The study instrument consisted of two main parts: one part addressed the institutional demographic information, while the other focused on the relevant elements of the course. There are sixty-two (62) questionnaire items covering areas such as demographics, perception of the course, course content and coverage, teaching preferences, method of delivery and course technology deployed, assigned textbooks and associated resources, learner support, course assessments, as well as the licensure-based certifications. Several themes emerged from the data analysis: (a) the principles course is an integral part of most cybersecurity programs;(b) majority of the courses examined, stress both strong technical and hands-on skills;(c) encourage vendor-neutral certifications as a course exit characteristic;and (d) an end-of-course class project, remains a standard requirement for successful course completion. Overall, the study makes it clear that cybersecurity is a multilateral discipline, and refuses to be confined by context and content. It is envisaged that the results of this study would turn out to be instructive for all practical purposes. We expect it to be one of the most definitive descriptive models of such a cardinal course, and help to guide and actually, shape the decisions of universities and academic programs focusing on information/cyber security in the updating and upgrading their curricula, most especially, the foundational principles course in light of new findings that are herein articulated.
文摘This study examines the key factors that have impact on the successful adoption of Human Resource Information System (HRIS) within the Aqaba Special Economic Zone Authority (ASEZA)/Jordan. In order to accomplish the purpose of the study four critical factors are inquired. So, four critical factors are inquired: First, TAM Model (Perceived Ease of Use (PEOU) and Perceived Usefulness (PU)). Second, Information Technology Infrastructure (ITI). Third, Top Management Support (TMS). Finally, Individual Experience with Computer (IEC). The research model was applied to collect data from the questionnaires answered by 45 users of HRIS as a source of primary data, based on a convenience sample the response rate was about 91%. In addition, the results were analyzed by utilizing the Statistical Package for Social Software (SPSS). Furthermore, the findings were analyzed;multiple Regression analysis indicated that all research variables have significant relationship on successful adoption of HRIS. The findings indicated IT infrastructures have a positive and significant effect on the successful adoption of HRIS. But there is no significant of PU, PEOU, TMS, and IEC on the successful adoption of HRIS. Finally, the results indicated that no significant statistical differences of demographic characteristics on HRIS adoption. Depending on the research’s findings;the researchers proposed a set of recommendations for better adoption of HRIS in SEZA.
