Humanity is currently undergoing the fourth industrial revolution,characterized by advancements in artificial intelligence,clean energy,quantum information technology,virtual reality,and biotechnology.This technologic...Humanity is currently undergoing the fourth industrial revolution,characterized by advancements in artificial intelligence,clean energy,quantum information technology,virtual reality,and biotechnology.This technological revolution is poised to have a profound impact on the world.Quantum information technology encompasses both quantum computing and the transmission of quantum information.This article aims to integrate quantum information technology with international security concerns,exploring its implications for international security and envisioning its groundbreaking significance.展开更多
In today’s digitally driven landscape, robust Information Technology (IT) risk assessment practices are essential for safeguarding systems, digital communication, and data. This paper introduces “AssessITS,” an act...In today’s digitally driven landscape, robust Information Technology (IT) risk assessment practices are essential for safeguarding systems, digital communication, and data. This paper introduces “AssessITS,” an actionable method designed to provide organizations with comprehensive guidelines for conducting IT and cybersecurity risk assessments. Drawing extensively from NIST 800-30 Rev 1, COBIT 5, and ISO 31000, “AssessITS” bridges the gap between high-level theoretical standards and practical implementation challenges. The paper outlines a step-by-step methodology that organizations can simply adopt to systematically identify, analyze, and mitigate IT risks. By simplifying complex principles into actionable procedures, this framework equips practitioners with the tools needed to perform risk assessments independently, without too much reliance on external vendors. The guidelines are developed to be straightforward, integrating practical evaluation metrics that allow for the precise quantification of asset values, threat levels, vulnerabilities, and impacts on confidentiality, integrity, and availability. This approach ensures that the risk assessment process is not only comprehensive but also accessible, enabling decision-makers to implement effective risk mitigation strategies customized to their unique operational contexts. “AssessITS” aims to enable organizations to enhance their IT security strength through practical, actionable guidance based on internationally recognized standards.展开更多
In recent years,China has witnessed continuous development and progress in its scientific and technological landscape,with widespread utilization of computer networks.Concurrently,issues related to computer network in...In recent years,China has witnessed continuous development and progress in its scientific and technological landscape,with widespread utilization of computer networks.Concurrently,issues related to computer network information security,such as information leakage and virus invasions,have become increasingly prominent.Consequently,there is a pressing need for the implementation of effective network security measures.This paper aims to provide a comprehensive summary and analysis of the challenges associated with computer network information security processing.It delves into the core concepts and characteristics of big data technology,exploring its potential as a solution.The study further scrutinizes the application strategy of big data technology in addressing the aforementioned security issues within computer networks.The insights presented in this paper are intended to serve as a valuable reference for individuals involved in the relevant fields,offering guidance on effective approaches to enhance computer network information security through the application of big data technology.展开更多
The development of the Internet of Things(IoT)calls for a comprehensive in-formation security evaluation framework to quantitatively measure the safety score and risk(S&R)value of the network urgently.In this pape...The development of the Internet of Things(IoT)calls for a comprehensive in-formation security evaluation framework to quantitatively measure the safety score and risk(S&R)value of the network urgently.In this paper,we summarize the architecture and vulnerability in IoT and propose a comprehensive information security evaluation model based on multi-level decomposition feedback.The evaluation model provides an idea for information security evaluation of IoT and guides the security decision maker for dynamic protection.Firstly,we establish an overall evaluation indicator system that includes four primary indicators of threat information,asset,vulnerability,and management,respectively.It also includes eleven secondary indicators of system protection rate,attack detection rate,confidentiality,availability,controllability,identifiability,number of vulnerabilities,vulnerability hazard level,staff organization,enterprise grading and service continuity,respectively.Then,we build the core algorithm to enable the evaluation model,wherein a novel weighting technique is developed and a quantitative method is proposed to measure the S&R value.Moreover,in order to better supervise the performance of the proposed evaluation model,we present four novel indicators includes residual risk,continuous conformity of residual risk,head-to-tail consistency and decrease ratio,respectively.Simulation results show the advantages of the proposed model in the evaluation of information security for IoT.展开更多
The general goal of the management of communication and information technology (MCIT) in the health sector, is to accelerate collecting, achieving and supporting the health system processes, and effective decision-mak...The general goal of the management of communication and information technology (MCIT) in the health sector, is to accelerate collecting, achieving and supporting the health system processes, and effective decision-making for managing this system;because preparing and providing health care services for society is very complex, and highly dependent on the information system. The aim of this investigation is to determine the mean scores of the possibility of implementing the MCIT standards in Khorasan Razavi hospitals, from the perspective of managers. This was a cross sectional descriptive-analytic study conducted in two steps in all hospitals. In the first step, the applicability of the standards in hospitals was studied. In the second step, the current status of hospitals was compared with international standards MCIT. In order to determine the validity of the questionnaires, opinions of professors and experts were acquired. Regarding the reliability, the SPSS V. 12 calculated the value of Cronbach’s to be 0.95 for the first questionnaire and 0.86 for the second questionnaire. Data were analyzed using statistic tests of one way ANOVA and t-test. The level of significance was fixed at 0.5. In the 16 hospitals studied, the mean and standard deviation of MCIT were (57.25 ± 13.74). The MCIT standards are applicable in hospitals of Khorasan Razavi according to half (49.4%) of managers;nonetheless, their application requires greater efforts by the hospitals.展开更多
Method of fuzzy comprehensive evaluation is used to carry out suitability evaluation on the information service system of "Agricultural Science and Technology 110" in Sichuan Province, China. Analytic hierar...Method of fuzzy comprehensive evaluation is used to carry out suitability evaluation on the information service system of "Agricultural Science and Technology 110" in Sichuan Province, China. Analytic hierarchy process (AHP) and expert consultation method are used to determine the evaluation index system and index weight. Suitability effect of the information service system of "Agricultural Science and Technology 110" is taken as the target layer. The five indices at criterion layer are the organizational mode of agricultural information service, the support system of agricultural information resources, the agricultural information transfer system, the capital source of agricultural information service, and the support system of agricultural information service. And the index layer includes the talent team of agent service, the interaction between the subject and object, the accuracy of agricultural information, the convenience of agricultural information transfer, the adequacy of fund, the efficiency in the use of fund, the status of information infrastructure and so on. Evaluation result shows that the information service system of "Agricultural Science and Technology 110" in Sichuan Province is suitable for the rural economic development at present. The major factors restricting the information service system are the lack of continuity, the weak infrastructure of agricultural information infrastructure, and the relatively low education level of agricultural producers. Therefore, we should further explore and improve the operation mechanism of agricultural information service, expand the capital source of agricultural information service, strengthen the construction of agricultural infrastructure, and ensure the continuous operation of information service system.展开更多
Big data has been taken as a Chinese national strategy in order to satisfy the developments of the social and economic requirements and the development of new information technology. The prosperity of big data brings ...Big data has been taken as a Chinese national strategy in order to satisfy the developments of the social and economic requirements and the development of new information technology. The prosperity of big data brings not only convenience to people's daily life and more opportunities to enterprises, but more challenges with information security as well. This paper has a research on new types and features of information security issues in the age of big data, and puts forward the solutions for the above issues: build up the big data security management platform, set up the establishment of information security system and implement relevant laws and regulations.展开更多
With the skyrocketing development of technologies,there are many issues in information security quantitative evaluation(ISQE)of complex heterogeneous information systems(CHISs).The development of CHIS calls for an ISQ...With the skyrocketing development of technologies,there are many issues in information security quantitative evaluation(ISQE)of complex heterogeneous information systems(CHISs).The development of CHIS calls for an ISQE model based on security-critical components to improve the efficiency of system security evaluation urgently.In this paper,we summarize the implication of critical components in different filed and propose a recognition algorithm of security-critical components based on threat attack tree to support the ISQE process.The evaluation model establishes a framework for ISQE of CHISs that are updated iteratively.Firstly,with the support of asset identification and topology data,we sort the security importance of each asset based on the threat attack tree and obtain the security-critical components(set)of the CHIS.Then,we build the evaluation indicator tree of the evaluation target and propose an ISQE algorithm based on the coefficient of variation to calculate the security quality value of the CHIS.Moreover,we present a novel indicator measurement uncertainty aiming to better supervise the performance of the proposed model.Simulation results show the advantages of the proposed algorithm in the evaluation of CHISs.展开更多
‘Empowerment’is the result of pursuing special capabilities under a specific value orientation.The changes in related object capabilities triggered by scientific and technical information activities in the new envir...‘Empowerment’is the result of pursuing special capabilities under a specific value orientation.The changes in related object capabilities triggered by scientific and technical information activities in the new environment are important to the national scientific and technical(S&T)information governance.Based on the empowerment theories and evaluation practices,this study attempts to construct an empowerment evaluation framework for national S&T information governance and takes the participatory technology assessment and Altmetrics methods as examples to demonstrate its advantages:1)The capability changes and development potential are regarded as important basis for evaluation;2)The multi-person participation and multi-indicator comprehensive evaluation method is conducive to the democratic and objective nature of science and technology information governance policy formulation.展开更多
Our study aims to take a closer look at China's current information literacy(IL) program standards at secondary schools and to analyze their level of success and/or failures in a comparative way with those of the ...Our study aims to take a closer look at China's current information literacy(IL) program standards at secondary schools and to analyze their level of success and/or failures in a comparative way with those of the United States in terms of fulfilling their each other's mission-oriented mandates. Our research findings show that China's current IL standards of high schools contain a disproportionate emphasis on information technology(IT). Moreover, the stipulations of these IL standards are narrowly construed and without being solidly grounded on a broad and comprehensive educational perspective. We also suggest that there are two underlying causes for this set of unsound IL standards in China.Firstly, there is a lack of collaboration between two major competing forces engaged in the curricular development and research of IL in China: Those professionals in educational IT discipline vis-à-vis those in Library and Information Science. Secondly, library professionals have a very limited influence on major socio-cultural policies, even at their own institutions. As a result, this paper recommends the following three possible measures,which may help remedy this situation strategically: 1) Establishing a set of new IL curriculum standards based on an IL-centered educational perspective; 2) establishing a teacher-librarian's training program to promote school librarians' role in IL education; and 3) strengthening the research and development of an online IL education program and an accompanied evaluation mechanism.展开更多
The framework Information Technology professionals and Network Organizations use is often seen as open and dynamic. This can create many different pathways for cybercriminals to launch an attack on an enterprise netwo...The framework Information Technology professionals and Network Organizations use is often seen as open and dynamic. This can create many different pathways for cybercriminals to launch an attack on an enterprise network to cause panic, this situation could be prevented. Using the proposed framework, network administrators and networked organizations can improve their cybersecurity framework for future consumer networks. Implementing a network security plan that is up to date and outlines responsibilities of team members, creating a government subsidy to implement and increase safeguards on US based networks, and the analyzing of past cyber-attacks metadata to further understand the attacks that are causing problems for consumer networks can improve the cybersecurity framework for consumer networks and increase potential security on US based networks. Research found that the implementation of security plans, creating a government subsidy, and analyzing past metadata all show signs of improving the framework of cybersecurity in consumer based networks.展开更多
Society is becoming increasingly dependent on cyberspace for both business and pleasure. Cyber attackers continue to attack organizational computer networks, as those same computer networks become increasing critical ...Society is becoming increasingly dependent on cyberspace for both business and pleasure. Cyber attackers continue to attack organizational computer networks, as those same computer networks become increasing critical to organizational business process. Strategic planning and managing IT security risks play an important role in the business and government planning process. Deploying defense in depth security measures can ensure that organizations continue to function in times of crisis. This quantitative study explores whether the Latin Square Design (LSD) model can be effectively applied to the prioritization of cybersecurity threats and to the linking of information assurance defense in-depth measures to those threats. The methods used in this study consisted of scanning 10 Cybersecurity Websites such as the Department of Homeland Security US CERT (United States-Computer Emergency Readiness Team [1]) and the SANS Institute (SysAdmin, Audit, Network and Security [2]) using the Likert Scale Model for the Website’s top ten list of cyber threats facing organizations and the network defense in depth measures to fight those threats. A comparison of each cybersecurity threats was then made using LSD to determine whether the Likert scale and the LSD model could be effectively applied to prioritize information assurance measures to protect organizational computing devices. The findings of the research reject the H0 null hypothesis that LSD does not affect the relationship between the ranking of 10 Cybersecurity websites top ten cybersecurity threats dependent variables and the independent variables of defense in depth measures used in protecting organizational devices against cyber-attacks.展开更多
Studied in this article is whether the Bayesian Network Model (BNM) can be effectively applied to the prioritization of defense in-depth security tools and procedures and to the combining of those measures to reduce c...Studied in this article is whether the Bayesian Network Model (BNM) can be effectively applied to the prioritization of defense in-depth security tools and procedures and to the combining of those measures to reduce cyber threats. The methods used in this study consisted of scanning 24 peer reviewed Cybersecurity Articles from prominent Cybersecurity Journals using the Likert Scale Model for the article’s list of defense in depth measures (tools and procedures) and the threats that those measures were designed to reduce. The defense in depth tools and procedures are then compared to see whether the Likert scale and the Bayesian Network Model could be effectively applied to prioritize and combine the measures to reduce cyber threats attacks against organizational and private computing systems. The findings of the research reject the H0 null hypothesis that BNM does not affect the relationship between the prioritization and combining of 24 Cybersecurity Article’s defense in depth tools and procedures (independent variables) and cyber threats (dependent variables).展开更多
It is important to effectively identify the data value of open source scientific and technological information and to help intelligence analysts select high-value data from a large number of open-source scientific and...It is important to effectively identify the data value of open source scientific and technological information and to help intelligence analysts select high-value data from a large number of open-source scientific and technological information. The data value evaluation methods of scientific and technological information is proposed in the open source environment. According to the characteristics of the methods, the data value evaluation methods were divided into the following three aspects: research on data value evaluation methods based on information metrology, research on data value evaluation methods based on economic perspective and research on data value assessment methods based on text analysis. For each method, it indicated the main ideas, application scenarios, advantages and disadvantages.展开更多
Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global infor...Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.展开更多
文摘Humanity is currently undergoing the fourth industrial revolution,characterized by advancements in artificial intelligence,clean energy,quantum information technology,virtual reality,and biotechnology.This technological revolution is poised to have a profound impact on the world.Quantum information technology encompasses both quantum computing and the transmission of quantum information.This article aims to integrate quantum information technology with international security concerns,exploring its implications for international security and envisioning its groundbreaking significance.
文摘In today’s digitally driven landscape, robust Information Technology (IT) risk assessment practices are essential for safeguarding systems, digital communication, and data. This paper introduces “AssessITS,” an actionable method designed to provide organizations with comprehensive guidelines for conducting IT and cybersecurity risk assessments. Drawing extensively from NIST 800-30 Rev 1, COBIT 5, and ISO 31000, “AssessITS” bridges the gap between high-level theoretical standards and practical implementation challenges. The paper outlines a step-by-step methodology that organizations can simply adopt to systematically identify, analyze, and mitigate IT risks. By simplifying complex principles into actionable procedures, this framework equips practitioners with the tools needed to perform risk assessments independently, without too much reliance on external vendors. The guidelines are developed to be straightforward, integrating practical evaluation metrics that allow for the precise quantification of asset values, threat levels, vulnerabilities, and impacts on confidentiality, integrity, and availability. This approach ensures that the risk assessment process is not only comprehensive but also accessible, enabling decision-makers to implement effective risk mitigation strategies customized to their unique operational contexts. “AssessITS” aims to enable organizations to enhance their IT security strength through practical, actionable guidance based on internationally recognized standards.
基金supported by the Hainan Provincial Key Laboratory of Philosophy and Social Sciences for Hainan Free Trade Port International Shipping Development and Property Rights Digitization,Hainan Vocational University of Science and Technology(Qiong Social Science[2022]No.26).
文摘In recent years,China has witnessed continuous development and progress in its scientific and technological landscape,with widespread utilization of computer networks.Concurrently,issues related to computer network information security,such as information leakage and virus invasions,have become increasingly prominent.Consequently,there is a pressing need for the implementation of effective network security measures.This paper aims to provide a comprehensive summary and analysis of the challenges associated with computer network information security processing.It delves into the core concepts and characteristics of big data technology,exploring its potential as a solution.The study further scrutinizes the application strategy of big data technology in addressing the aforementioned security issues within computer networks.The insights presented in this paper are intended to serve as a valuable reference for individuals involved in the relevant fields,offering guidance on effective approaches to enhance computer network information security through the application of big data technology.
基金This work was supported in part by National Key R&D Program of China under Grant 2019YFB2102400in part by the BUPT Excellent Ph.D.Students Foundation under Grant CX2019117.
文摘The development of the Internet of Things(IoT)calls for a comprehensive in-formation security evaluation framework to quantitatively measure the safety score and risk(S&R)value of the network urgently.In this paper,we summarize the architecture and vulnerability in IoT and propose a comprehensive information security evaluation model based on multi-level decomposition feedback.The evaluation model provides an idea for information security evaluation of IoT and guides the security decision maker for dynamic protection.Firstly,we establish an overall evaluation indicator system that includes four primary indicators of threat information,asset,vulnerability,and management,respectively.It also includes eleven secondary indicators of system protection rate,attack detection rate,confidentiality,availability,controllability,identifiability,number of vulnerabilities,vulnerability hazard level,staff organization,enterprise grading and service continuity,respectively.Then,we build the core algorithm to enable the evaluation model,wherein a novel weighting technique is developed and a quantitative method is proposed to measure the S&R value.Moreover,in order to better supervise the performance of the proposed evaluation model,we present four novel indicators includes residual risk,continuous conformity of residual risk,head-to-tail consistency and decrease ratio,respectively.Simulation results show the advantages of the proposed model in the evaluation of information security for IoT.
文摘The general goal of the management of communication and information technology (MCIT) in the health sector, is to accelerate collecting, achieving and supporting the health system processes, and effective decision-making for managing this system;because preparing and providing health care services for society is very complex, and highly dependent on the information system. The aim of this investigation is to determine the mean scores of the possibility of implementing the MCIT standards in Khorasan Razavi hospitals, from the perspective of managers. This was a cross sectional descriptive-analytic study conducted in two steps in all hospitals. In the first step, the applicability of the standards in hospitals was studied. In the second step, the current status of hospitals was compared with international standards MCIT. In order to determine the validity of the questionnaires, opinions of professors and experts were acquired. Regarding the reliability, the SPSS V. 12 calculated the value of Cronbach’s to be 0.95 for the first questionnaire and 0.86 for the second questionnaire. Data were analyzed using statistic tests of one way ANOVA and t-test. The level of significance was fixed at 0.5. In the 16 hospitals studied, the mean and standard deviation of MCIT were (57.25 ± 13.74). The MCIT standards are applicable in hospitals of Khorasan Razavi according to half (49.4%) of managers;nonetheless, their application requires greater efforts by the hospitals.
基金Supported by the State Spark Program of China ( 2005EA810087)
文摘Method of fuzzy comprehensive evaluation is used to carry out suitability evaluation on the information service system of "Agricultural Science and Technology 110" in Sichuan Province, China. Analytic hierarchy process (AHP) and expert consultation method are used to determine the evaluation index system and index weight. Suitability effect of the information service system of "Agricultural Science and Technology 110" is taken as the target layer. The five indices at criterion layer are the organizational mode of agricultural information service, the support system of agricultural information resources, the agricultural information transfer system, the capital source of agricultural information service, and the support system of agricultural information service. And the index layer includes the talent team of agent service, the interaction between the subject and object, the accuracy of agricultural information, the convenience of agricultural information transfer, the adequacy of fund, the efficiency in the use of fund, the status of information infrastructure and so on. Evaluation result shows that the information service system of "Agricultural Science and Technology 110" in Sichuan Province is suitable for the rural economic development at present. The major factors restricting the information service system are the lack of continuity, the weak infrastructure of agricultural information infrastructure, and the relatively low education level of agricultural producers. Therefore, we should further explore and improve the operation mechanism of agricultural information service, expand the capital source of agricultural information service, strengthen the construction of agricultural infrastructure, and ensure the continuous operation of information service system.
基金supported by National Key Technology Support Program(No.2013BAD17B06)Major Program of National Social Science Fund(No.15ZDB154)
文摘Big data has been taken as a Chinese national strategy in order to satisfy the developments of the social and economic requirements and the development of new information technology. The prosperity of big data brings not only convenience to people's daily life and more opportunities to enterprises, but more challenges with information security as well. This paper has a research on new types and features of information security issues in the age of big data, and puts forward the solutions for the above issues: build up the big data security management platform, set up the establishment of information security system and implement relevant laws and regulations.
基金supported in part by the National Key R&D Program of China under Grant 2019YFB2102400,2016YFF0204001in part by the BUPT Excellent Ph.D.Students Foundation under Grant CX2019117.
文摘With the skyrocketing development of technologies,there are many issues in information security quantitative evaluation(ISQE)of complex heterogeneous information systems(CHISs).The development of CHIS calls for an ISQE model based on security-critical components to improve the efficiency of system security evaluation urgently.In this paper,we summarize the implication of critical components in different filed and propose a recognition algorithm of security-critical components based on threat attack tree to support the ISQE process.The evaluation model establishes a framework for ISQE of CHISs that are updated iteratively.Firstly,with the support of asset identification and topology data,we sort the security importance of each asset based on the threat attack tree and obtain the security-critical components(set)of the CHIS.Then,we build the evaluation indicator tree of the evaluation target and propose an ISQE algorithm based on the coefficient of variation to calculate the security quality value of the CHIS.Moreover,we present a novel indicator measurement uncertainty aiming to better supervise the performance of the proposed model.Simulation results show the advantages of the proposed algorithm in the evaluation of CHISs.
基金Supported by the National Social Science Fund of China(No.16BTQ058)
文摘‘Empowerment’is the result of pursuing special capabilities under a specific value orientation.The changes in related object capabilities triggered by scientific and technical information activities in the new environment are important to the national scientific and technical(S&T)information governance.Based on the empowerment theories and evaluation practices,this study attempts to construct an empowerment evaluation framework for national S&T information governance and takes the participatory technology assessment and Altmetrics methods as examples to demonstrate its advantages:1)The capability changes and development potential are regarded as important basis for evaluation;2)The multi-person participation and multi-indicator comprehensive evaluation method is conducive to the democratic and objective nature of science and technology information governance policy formulation.
文摘Our study aims to take a closer look at China's current information literacy(IL) program standards at secondary schools and to analyze their level of success and/or failures in a comparative way with those of the United States in terms of fulfilling their each other's mission-oriented mandates. Our research findings show that China's current IL standards of high schools contain a disproportionate emphasis on information technology(IT). Moreover, the stipulations of these IL standards are narrowly construed and without being solidly grounded on a broad and comprehensive educational perspective. We also suggest that there are two underlying causes for this set of unsound IL standards in China.Firstly, there is a lack of collaboration between two major competing forces engaged in the curricular development and research of IL in China: Those professionals in educational IT discipline vis-à-vis those in Library and Information Science. Secondly, library professionals have a very limited influence on major socio-cultural policies, even at their own institutions. As a result, this paper recommends the following three possible measures,which may help remedy this situation strategically: 1) Establishing a set of new IL curriculum standards based on an IL-centered educational perspective; 2) establishing a teacher-librarian's training program to promote school librarians' role in IL education; and 3) strengthening the research and development of an online IL education program and an accompanied evaluation mechanism.
文摘The framework Information Technology professionals and Network Organizations use is often seen as open and dynamic. This can create many different pathways for cybercriminals to launch an attack on an enterprise network to cause panic, this situation could be prevented. Using the proposed framework, network administrators and networked organizations can improve their cybersecurity framework for future consumer networks. Implementing a network security plan that is up to date and outlines responsibilities of team members, creating a government subsidy to implement and increase safeguards on US based networks, and the analyzing of past cyber-attacks metadata to further understand the attacks that are causing problems for consumer networks can improve the cybersecurity framework for consumer networks and increase potential security on US based networks. Research found that the implementation of security plans, creating a government subsidy, and analyzing past metadata all show signs of improving the framework of cybersecurity in consumer based networks.
文摘Society is becoming increasingly dependent on cyberspace for both business and pleasure. Cyber attackers continue to attack organizational computer networks, as those same computer networks become increasing critical to organizational business process. Strategic planning and managing IT security risks play an important role in the business and government planning process. Deploying defense in depth security measures can ensure that organizations continue to function in times of crisis. This quantitative study explores whether the Latin Square Design (LSD) model can be effectively applied to the prioritization of cybersecurity threats and to the linking of information assurance defense in-depth measures to those threats. The methods used in this study consisted of scanning 10 Cybersecurity Websites such as the Department of Homeland Security US CERT (United States-Computer Emergency Readiness Team [1]) and the SANS Institute (SysAdmin, Audit, Network and Security [2]) using the Likert Scale Model for the Website’s top ten list of cyber threats facing organizations and the network defense in depth measures to fight those threats. A comparison of each cybersecurity threats was then made using LSD to determine whether the Likert scale and the LSD model could be effectively applied to prioritize information assurance measures to protect organizational computing devices. The findings of the research reject the H0 null hypothesis that LSD does not affect the relationship between the ranking of 10 Cybersecurity websites top ten cybersecurity threats dependent variables and the independent variables of defense in depth measures used in protecting organizational devices against cyber-attacks.
文摘Studied in this article is whether the Bayesian Network Model (BNM) can be effectively applied to the prioritization of defense in-depth security tools and procedures and to the combining of those measures to reduce cyber threats. The methods used in this study consisted of scanning 24 peer reviewed Cybersecurity Articles from prominent Cybersecurity Journals using the Likert Scale Model for the article’s list of defense in depth measures (tools and procedures) and the threats that those measures were designed to reduce. The defense in depth tools and procedures are then compared to see whether the Likert scale and the Bayesian Network Model could be effectively applied to prioritize and combine the measures to reduce cyber threats attacks against organizational and private computing systems. The findings of the research reject the H0 null hypothesis that BNM does not affect the relationship between the prioritization and combining of 24 Cybersecurity Article’s defense in depth tools and procedures (independent variables) and cyber threats (dependent variables).
文摘It is important to effectively identify the data value of open source scientific and technological information and to help intelligence analysts select high-value data from a large number of open-source scientific and technological information. The data value evaluation methods of scientific and technological information is proposed in the open source environment. According to the characteristics of the methods, the data value evaluation methods were divided into the following three aspects: research on data value evaluation methods based on information metrology, research on data value evaluation methods based on economic perspective and research on data value assessment methods based on text analysis. For each method, it indicated the main ideas, application scenarios, advantages and disadvantages.
文摘Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.
