Cyber Resilience through Real-Time Threat Analysis in Information Security

This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].

气象观测场在汽车试验场中的应用研究

汽车试验场作为汽车开展道路测试的重要场所,用于验证汽车产品的品质以及可靠性。除了场地道路外,气象条件作为汽车道路测试的重要一环,在《GB/T12534-1990汽车道路试验方法通则》中也有明确要求,如:试验时应是无雨无雾天气,相对湿度小于95%,气温0-40℃,风速不大于3m/s。同时气象条件也作为试验场道路管控的重要依据,实时风速、雨量、能见度等信息为场地管理者发布限速、限行、封场等通知提供必要参考依据,直接影响道路测试安全管控的及时性。因此,文章从气象观测场的建设、气象服务、异常天气道路管控等方面开展气象观测场在汽车试验场中的应用研究。

西藏交通警察道路执法工作的风险与防范

西藏自治区自然、地理与气候环境复杂且特殊,道路交通环境相对恶劣,这导致当地交通警察道路执法工作面临诸多风险,包括警员人身安全和执法效能等风险。对此,文章对西藏交通警察道路执法工作风险进行了调查分析,从地区环境、警员安全意识与技能、执法装备、社会宣传和教育等角度探讨了相关风险的成因,针对性相关风险成因,提出从优化警力配置与道路信息推送、加强警员培训、完善警务装备、加强法治化宣传教育等工作来消除相关风险,以期保障警员安全并改善西藏交通环境。

Information Security in the Cloud: Emerging Trends and Challenges

This article explores the evolution of cloud computing, its advantages over traditional on-premises infrastructure, and its impact on information security. The study presents a comprehensive literature review covering various cloud infrastructure offerings and security models. Additionally, it deeply analyzes real-life case studies illustrating successful cloud migrations and highlights common information security threats in current cloud computing. The article concludes by offering recommendations to businesses to protect themselves from cloud data breaches and providing insights into selecting a suitable cloud services provider from an information security perspective.

Research on College Network Information Security Protection in the Digital Economy Era

In the era of the digital economy,the informatization degree of various industries is getting deeper and deeper,and network information security has also come into people’s eyes.Colleges and universities are in the position of training applied talents,because of the needs of teaching and education,as well as the requirements of teaching reform,the information construction of colleges and universities has been gradually improved,but the problem of network information security is also worth causing people to ponder.The low security of the network environment will cause college network information security leaks,and even hackers will attack the official website of the university and leak the personal information of teachers and students.To solve such problems,this paper studies the protection of college network information security against the background of the digital economy era.This paper first analyzes the significance of network information security protection,then points out the current and moral problems,and finally puts forward specific countermeasures,hoping to create a safe learning environment for teachers and students for reference.

Sensitive Information Security Based on Elliptic Curves

The elliptic curve cryptography algorithm represents a major advancement in the field of computer security. This innovative algorithm uses elliptic curves to encrypt and secure data, providing an exceptional level of security while optimizing the efficiency of computer resources. This study focuses on how elliptic curves cryptography helps to protect sensitive data. Text is encrypted using the elliptic curve technique because it provides great security with a smaller key on devices with limited resources, such as mobile phones. The elliptic curves cryptography of this study is better than using a 256-bit RSA key. To achieve equivalent protection by using the elliptic curves cryptography, several Python libraries such as cryptography, pycryptodome, pyQt5, secp256k1, etc. were used. These technologies are used to develop a software based on elliptic curves. If built, the software helps to encrypt and decrypt data such as a text messages and it offers the authentication for the communication.

A Practical Regular LDPC Coded Scheme for Physical-Layer Information Security

In this paper,we aim to design a practical low complexity low-density parity-check(LDPC)coded scheme to build a secure open channel and protect information from eavesdropping.To this end,we first propose a punctured LDPC coded scheme,where the information bits in a codeword are punctured and only the parity check bits are transmitted to the receiver.We further propose a notion of check node type distribution and derive multi-edge type extrinsic information transfer functions to estimate the security performance,instead of the well-known weak metric bit error rate.We optimize the check node type distribution in terms of the signal-to-noise ratio(SNR)gap and modify the progressive edge growth algorithm to design finite-length codes.Numerical results show that our proposed scheme can achieve a lower computational complexity and a smaller security gap,compared to the existing scrambling and puncturing schemes.

Intelligent Biometric Information Management

We advance here a novel methodology for robust intelligent biometric information management with inferences and predictions made using randomness and complexity concepts. Intelligence refers to learning, adap- tation, and functionality, and robustness refers to the ability to handle incomplete and/or corrupt adversarial information, on one side, and image and or device variability, on the other side. The proposed methodology is model-free and non-parametric. It draws support from discriminative methods using likelihood ratios to link at the conceptual level biometrics and forensics. It further links, at the modeling and implementation level, the Bayesian framework, statistical learning theory (SLT) using transduction and semi-supervised lea- rning, and Information Theory (IY) using mutual information. The key concepts supporting the proposed methodology are a) local estimation to facilitate learning and prediction using both labeled and unlabeled data;b) similarity metrics using regularity of patterns, randomness deficiency, and Kolmogorov complexity (similar to MDL) using strangeness/typicality and ranking p-values;and c) the Cover – Hart theorem on the asymptotical performance of k-nearest neighbors approaching the optimal Bayes error. Several topics on biometric inference and prediction related to 1) multi-level and multi-layer data fusion including quality and multi-modal biometrics;2) score normalization and revision theory;3) face selection and tracking;and 4) identity management, are described here using an integrated approach that includes transduction and boosting for ranking and sequential fusion/aggregation, respectively, on one side, and active learning and change/ outlier/intrusion detection realized using information gain and martingale, respectively, on the other side. The methodology proposed can be mapped to additional types of information beyond biometrics.

Cyberspace Security Using Adversarial Learning and Conformal Prediction

This paper advances new directions for cyber security using adversarial learning and conformal prediction in order to enhance network and computing services defenses against adaptive, malicious, persistent, and tactical offensive threats. Conformal prediction is the principled and unified adaptive and learning framework used to design, develop, and deploy a multi-faceted?self-managing defensive shield to detect, disrupt, and deny intrusive attacks, hostile and malicious behavior, and subterfuge. Conformal prediction leverages apparent relationships between immunity and intrusion detection using non-conformity measures characteristic of affinity, a typicality, and surprise, to recognize patterns and messages as friend or foe and to respond to them accordingly. The solutions proffered throughout are built around active learning, meta-reasoning, randomness, distributed semantics and stratification, and most important and above all around adaptive Oracles. The motivation for using conformal prediction and its immediate off-spring, those of semi-supervised learning and transduction, comes from them first and foremost supporting discriminative and non-parametric methods characteristic of principled demarcation using cohorts and sensitivity analysis to hedge on the prediction outcomes including negative selection, on one side, and providing credibility and confidence indices that assist meta-reasoning and information fusion.

Teaching Reform of Mathematics Foundations of Information Security with Algorithm as the Core

In view of the problems existing in the teaching of Mathematics Foundations of Information Security,such as emphasizing theory but neglecting practice,combined with the concept of engineering education certification and emerging engineering education teaching reform,this paper combs the knowledge points and learning context of Mathematics Foundations of Information Security,puts forward a new teaching mode of Mathematics Foundations of Information Security with algorithm as the core,and gives the teaching content,organization form and assessment method.Thus,it improves the students’learning interest and practical ability,and improves the achievement of graduation requirements.

Study on Architecture-Oriented Information Security Management Model for Using Mobile Devices Control

The popularization of mobile devices has caused considerable impact on the security of the military of the Republic of China.The military barrack-areas have long been faced the control of mobile devices four issues:the lack of accurate use of resources,the lack of protection of the mobile device from the overall point of view,the unclear division of responsibility among specialized agencies,and unclear members’responsibilities for their own duties.This study applies the structure behavior coalescence(SBC)methodology to integrate the organizational structure of the participating management and control units with effective management behaviors in a visualized and useful manner.The units can effectively communicate with each other and solve the four issues faced by the military barrack-areas for the control of mobile devices.This research fulfills improving the lack of control of the military mobile devices by using of management resources effectively and the establishment of mobile devices management with the overall concept,and strengthening the rights and responsibilities and information security awareness,through the logical verification and enterprise interview results.

The Business of Managing Risk and Network Security:An Exploration of Knowledge Transfer Issues within the Context of Data Security and Countermeasure Trade Offs

The contemporary environment within which command,control,communications,computers and intelligence (C4I platforms exist, have a number of characteristics. These characteristics may be most obviously identified as interconnectivity, international networking, speed of data transfer, the compact nature of electronic information and rapidly changing technology. Information security professionals employ a variety of approaches in order to counter risks within this complex and fluid environment. The gamut of potential security activities ranges form access control through a variety of auditing techniques to secure data communications. This field is broad and well documented. Indeed, the discipline of network risk management and data security is both well developed and sophisticated.This paper addresses twin themes:i.The fundamental issue of the method by which specific approaches are employed. This is a precursor to the adoption of an eventual strategy.ii.The crucial issues revolving around the

ISO/IEC 27000, 27001 and 27002 for Information Security Management

With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognized their responsibilities to safeguard physical and information assets. Security standards can be used as guideline or framework to develop and maintain an adequate information security management system (ISMS). The standards ISO/IEC 27000, 27001 and 27002 are international standards that are receiving growing recognition and adoption. They are referred to as “common language of organizations around the world” for information security [1]. With ISO/IEC 27001 companies can have their ISMS certified by a third-party organization and thus show their customers evidence of their security measures.

Semantic model and optimization of creative processes at mathematical knowledge formation

The aim of this work is mathematical education through the knowledge system and mathematical modeling. A net model of formation of mathematical knowledge as a deductive theory is suggested here. Within this model the formation of deductive theory is represented as the development of a certain informational space, the elements of which are structured in the form of the orientated semantic net. This net is properly metrized and characterized by a certain system of coverings. It allows injecting net optimization parameters, regulating qualitative aspects of knowledge system under consideration. To regulate the creative processes of the formation and realization of mathematical know- edge, stochastic model of formation deductive theory is suggested here in the form of branching Markovian process, which is realized in the corresponding informational space as a semantic net. According to this stochastic model we can get correct foundation of criterion of optimization creative processes that leads to “great main points” strategy (GMP-strategy) in the process of realization of the effective control in the research work in the sphere of mathematics and its applications.

Establishing minimum clinically important difference values for the Patient-Reported Outcomes Measurement Information System Physical Function, hip disability and osteoarthritis outcome score for joint reconstruction, and knee injury and osteoarthritis out

AIM To establish minimum clinically important difference(MCID) for measurements in an orthopaedic patient population with joint disorders.METHODS Adult patients aged 18 years and older seeking care for joint conditions at an orthopaedic clinic took the Patient-Reported Outcomes Measurement Information System Physical Function(PROMIS~? PF) computerized adaptive test(CAT), hip disability and osteoarthritis outcome score for joint reconstruction(HOOS JR), and the knee injury and osteoarthritis outcome score for joint reconstruction(KOOS JR) from February 2014 to April 2017. MCIDs were calculated using anchorbased and distribution-based methods. Patient reports of meaningful change in function since their first clinic encounter were used as an anchor.RESULTS There were 2226 patients who participated with a mean age of 61.16(SD = 12.84) years, 41.6% male, and 89.7% Caucasian. Mean change ranged from 7.29 to 8.41 for the PROMIS~? PF CAT, from 14.81 to 19.68 for the HOOS JR, and from 14.51 to 18.85 for the KOOS JR. ROC cut-offs ranged from 1.97-8.18 for the PF CAT, 6.33-43.36 for the HOOS JR, and 2.21-8.16 for the KOOS JR. Distribution-based methods estimated MCID values ranging from 2.45 to 21.55 for the PROMIS~? PF CAT; from 3.90 to 43.61 for the HOOS JR, and from 3.98 to 40.67 for the KOOS JR. The median MCID value in the range was similar to the mean change score for each measure and was 7.9 for the PF CAT, 18.0 for the HOOS JR, and 15.1 for the KOOS JR.CONCLUSION This is the first comprehensive study providing a wide range of MCIDs for the PROMIS? PF, HOOS JR, and KOOS JR in orthopaedic patients with joint ailments.

A Conceptual Framework for Threat Assessment Based on Organization’s Information Security Policy

The security breaches of sensitive information have remained difficult to solve due to increased malware programs and unauthorized access to data stored in critical assets. As risk appetite differ from one organization to another, it prompts the threat analysis tools be integrated with organization’s information security policy so as to ensure security controls at local settings. However, it has been noted that the current tools for threat assessment processes have not encompassed information security policy for effective security management (i.e.?confidentiality, integrity and availability) based on organization’s risk appetite and culture. The information security policy serves as a tool to provide guidance on how to manage and secure all business operations including critical assets, infrastructure and people in the organization. This guidance (e.g. usage and controls) facilitates the provisions for threat assessment and compliance based on local context. The lack of effective threat assessment frameworks at local context have promoted the exposure of critical assets such as database servers, mails servers, web servers and user smart-devices at the hand of attackers and thus increase risks and probability to compromise the assets. In this paper we have proposed a conceptual framework for security threat assessment based on organization’s information security policy. Furthermore, the study proposed the policy automation canvas for provision of a methodology to alert the security managers what possible threats found in their organizations for quick security mitigation without depending on security expertise.

A framework of force of information influence and application for C4KISR system

The subversive nature of information war lies not only in the information itself, but also in the circulation and application of information. It has always been a challenge to quantitatively analyze the function and effect of information flow through command, control, communications, computer, kill, intelligence,surveillance, reconnaissance (C4KISR) system. In this work, we propose a framework of force of information influence and the methods for calculating the force of information influence between C4KISR nodes of sensing, intelligence processing,decision making and fire attack. Specifically, the basic concept of force of information influence between nodes in C4KISR system is formally proposed and its mathematical definition is provided. Then, based on the information entropy theory, the model of force of information influence between C4KISR system nodes is constructed. Finally, the simulation experiments have been performed under an air defense and attack scenario. The experimental results show that, with the proposed force of information influence framework, we can effectively evaluate the contribution of information circulation through different C4KISR system nodes to the corresponding tasks. Our framework of force of information influence can also serve as an effective tool for the design and dynamic reconfiguration of C4KISR system architecture.

Empirical Evidence for a Descriptive Model of Principles of Information Security Course

The purpose of this study is to examine the nature and content of the rapidly evolving undergraduate Principles of Information/Cybersecurity course which has been attracting an ever-growing attention in the computing discipline, for the past decade. More specifically, it is to provide an impetus for the design of standardized principles of Information/Cybersecurity course. To achieve this, a survey of colleges and universities that offer the course was conducted. Several schools of engineering and business, in universities and colleges across several countries were surveyed to generate necessary data. Effort was made to direct the questionnaire only to Computer Information System (CIS), Computer Science (CS), Management Information System (MIS), Information System (IS) and other computer-related departments. The study instrument consisted of two main parts: one part addressed the institutional demographic information, while the other focused on the relevant elements of the course. There are sixty-two (62) questionnaire items covering areas such as demographics, perception of the course, course content and coverage, teaching preferences, method of delivery and course technology deployed, assigned textbooks and associated resources, learner support, course assessments, as well as the licensure-based certifications. Several themes emerged from the data analysis: (a) the principles course is an integral part of most cybersecurity programs;(b) majority of the courses examined, stress both strong technical and hands-on skills;(c) encourage vendor-neutral certifications as a course exit characteristic;and (d) an end-of-course class project, remains a standard requirement for successful course completion. Overall, the study makes it clear that cybersecurity is a multilateral discipline, and refuses to be confined by context and content. It is envisaged that the results of this study would turn out to be instructive for all practical purposes. We expect it to be one of the most definitive descriptive models of such a cardinal course, and help to guide and actually, shape the decisions of universities and academic programs focusing on information/cyber security in the updating and upgrading their curricula, most especially, the foundational principles course in light of new findings that are herein articulated.

Factors Influencing the Successful Adoption of Human Resource Information System: The Content of Aqaba Special Economic Zone Authority

This study examines the key factors that have impact on the successful adoption of Human Resource Information System (HRIS) within the Aqaba Special Economic Zone Authority (ASEZA)/Jordan. In order to accomplish the purpose of the study four critical factors are inquired. So, four critical factors are inquired: First, TAM Model (Perceived Ease of Use (PEOU) and Perceived Usefulness (PU)). Second, Information Technology Infrastructure (ITI). Third, Top Management Support (TMS). Finally, Individual Experience with Computer (IEC). The research model was applied to collect data from the questionnaires answered by 45 users of HRIS as a source of primary data, based on a convenience sample the response rate was about 91%. In addition, the results were analyzed by utilizing the Statistical Package for Social Software (SPSS). Furthermore, the findings were analyzed;multiple Regression analysis indicated that all research variables have significant relationship on successful adoption of HRIS. The findings indicated IT infrastructures have a positive and significant effect on the successful adoption of HRIS. But there is no significant of PU, PEOU, TMS, and IEC on the successful adoption of HRIS. Finally, the results indicated that no significant statistical differences of demographic characteristics on HRIS adoption. Depending on the research’s findings;the researchers proposed a set of recommendations for better adoption of HRIS in SEZA.

Exploration and Practice of Postgraduate Training Mode Based on Medical Imaging Information Security

In the process of continuous maturity and development of medical imaging diagnosis,it is common to transmit images through public networks.How to ensure the security of transmission,cultivate talents who combine medical imaging and information security,and explore and cultivate new discipline growth points are difficult problems and challenges for schools and educators.In order to cope with industrial changes,a new round of scientific and technological revolution,and the challenges of the further development of artificial intelligence in medicine,this article will analyze the existing problems in the training of postgraduates in medical imaging information security by combining the actual conditions and characteristics of universities,and put forward countermeasures and suggestions to promote the progress of technology in universities.