The Kingdom of Saudi Arabia(KSA)has achieved significant milestones in cybersecurity.KSA has maintained solid regulatorymechanisms to prevent,trace,and punish offenders to protect the interests of both individual user...The Kingdom of Saudi Arabia(KSA)has achieved significant milestones in cybersecurity.KSA has maintained solid regulatorymechanisms to prevent,trace,and punish offenders to protect the interests of both individual users and organizations from the online threats of data poaching and pilferage.The widespread usage of Information Technology(IT)and IT Enable Services(ITES)reinforces securitymeasures.The constantly evolving cyber threats are a topic that is generating a lot of discussion.In this league,the present article enlists a broad perspective on how cybercrime is developing in KSA at present and also takes a look at some of the most significant attacks that have taken place in the region.The existing legislative framework and measures in the KSA are geared toward deterring criminal activity online.Different competency models have been devised to address the necessary cybercrime competencies in this context.The research specialists in this domain can benefit more by developing a master competency level for achieving optimum security.To address this research query,the present assessment uses the Fuzzy Decision-Making Trial and Evaluation Laboratory(Fuzzy-DMTAEL),Fuzzy Analytic Hierarchy Process(F.AHP),and Fuzzy TOPSIS methodology to achieve segment-wise competency development in cyber security policy.The similarities and differences between the three methods are also discussed.This cybersecurity analysis determined that the National Cyber Security Centre got the highest priority.The study concludes by perusing the challenges that still need to be examined and resolved in effectuating more credible and efficacious online security mechanisms to offer amoreempowered ITES-driven economy for SaudiArabia.Moreover,cybersecurity specialists and policymakers need to collate their efforts to protect the country’s digital assets in the era of overt and covert cyber warfare.展开更多
Germany has recently taken multiple actions to adjust its security policy: for instance, promoting re-militarization, increasing foreign military intervention and overseas operations, and adopting measures to comprehe...Germany has recently taken multiple actions to adjust its security policy: for instance, promoting re-militarization, increasing foreign military intervention and overseas operations, and adopting measures to comprehensively safeguard security in the domains of energy, supply chain, and ideology. Externally, such moves result directly from the threat of a hot war emanating from the Russia–Ukraine crisis. Germany is severely deficient in hard power and the rules and order on which it previously relied are proving increasingly ineffective. The nation is also witnessing a sharply rising sense of insecurity as its inter-system competition with nonWestern countries intensifies. Internally, the present policy shift represents a continuation of German foreign policy transformations initiated during the Merkel era. This change is strongly driven by the new ruling coalition, especially the Green Party, and is staunchly supported by the public. In the future, Germany will probably further normalize its military, intensify its confrontations with non-Western countries, and diversify its means of comprehensively safeguarding security. However, security-related policy transformation processes will be time-consuming and Germany’s investments will not immediately pay off. Traditionally, Germany tends toward the pragmatic and balanced implementation of policies. Thus, it is less likely to pursue military hegemony than to increasingly assume security responsibilities within the Western alliance.展开更多
The concept of smart power requires to combine soft and hard power. Thus, smart power is a new approach for the US politics towards the Middle East. As a consequence of smart power politics of the US, some newly membe...The concept of smart power requires to combine soft and hard power. Thus, smart power is a new approach for the US politics towards the Middle East. As a consequence of smart power politics of the US, some newly members of the EU and Turkey has become a part of missile defense system. This is a significant indicator of usage of smart power for the EU members and Turkey. The security policies and practices of the US disclose a necessity for straight allies. For this reason, the relationship between the US, the EU and Turkey may be conceptualize with reference to the concept of smart power. In the case of Missile Defense System, Turkey has agreed to be a participant of this system after signing an agreement with the US. After that, Turkish government has confronted with some interior and exterior political difficulties. One of the most important difficulties is the interior resistance of missile defense system's Kiirecik Radar Station and its usage in Turkey. Another important point is the question of control of Turkish National Security and Defense strategy. In that respect, the US government's smart power applications may be included in the establishment of the radar station. The EU has also been included in that strategy. This paper will argue smart power practices of the US, the EU and Turkey with reference to comparative practices of power politics and the case of Missile Defense System. In this way, a comprehensive and system-type assessment of possible responses and the change in relations between stakeholder states not only in the issue of a set-up of a Turkish radar station, but on a broader range of international "hard" security balance will be demonstrated.展开更多
This comprehensive exploration delves into the intricate dynamics of national security policies in the realm of renewable and nonrenewable energy sources.From the present landscape characterized by the diversification...This comprehensive exploration delves into the intricate dynamics of national security policies in the realm of renewable and nonrenewable energy sources.From the present landscape characterized by the diversification of energy portfolios to the long-term vision encompassing nuclear fusion,this article navigates through the nuanced interplay of technology,resilience,and environmental responsibility.The synthesis of established nuclear fission technologies and evolving renewable sources forms the cornerstone of a strategic approach,addressing challenges and opportunities to ensure a secure,sustainable energy future.展开更多
Despite the advances in automated vulnerability detection approaches,security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems.Such security design flaws can ...Despite the advances in automated vulnerability detection approaches,security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems.Such security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data leakage.Therefore,it is an essential task to discover unrestricted and misimplemented behaviors of a system.However,it is a daunting task for security experts to discover such vulnerabilities in advance because it is timeconsuming and error-prone to analyze the whole code in detail.Also,most of the existing vulnerability detection approaches still focus on detecting memory corruption bugs because these bugs are the dominant root cause of software vulnerabilities.This paper proposes SMINER,a novel approach that discovers vulnerabilities caused by unrestricted and misimplemented behaviors.SMINER first collects unit test cases for the target system from the official repository.Next,preprocess the collected code fragments.SMINER uses pre-processed data to show the security policies that can occur on the target system and creates a test case for security policy testing.To demonstrate the effectiveness of SMINER,this paper evaluates SMINER against Robot Operating System(ROS),a real-world system used for intelligent robots in Amazon and controlling satellites in National Aeronautics and Space Administration(NASA).From the evaluation,we discovered two real-world vulnerabilities in ROS.展开更多
The management of network intelligence in Beyond 5G(B5G)networks encompasses the complex challenges of scalability,dynamicity,interoperability,privacy,and security.These are essential steps towards achieving the reali...The management of network intelligence in Beyond 5G(B5G)networks encompasses the complex challenges of scalability,dynamicity,interoperability,privacy,and security.These are essential steps towards achieving the realization of truly ubiquitous Artificial Intelligence(AI)-based analytics,empowering seamless integration across the entire Continuum(Edge,Fog,Core,Cloud).This paper introduces a Federated Network Intelligence Orchestration approach aimed at scalable and automated Federated Learning(FL)-based anomaly detection in B5Gnetworks.By leveraging a horizontal Federated learning approach based on the FedAvg aggregation algorithm,which employs a deep autoencoder model trained on non-anomalous traffic samples to recognize normal behavior,the systemorchestrates network intelligence to detect and prevent cyber-attacks.Integrated into a B5G Zero-touch Service Management(ZSM)aligned Security Framework,the proposal utilizes multi-domain and multi-tenant orchestration to automate and scale the deployment of FL-agents and AI-based anomaly detectors,enhancing reaction capabilities against cyber-attacks.The proposed FL architecture can be dynamically deployed across the B5G Continuum,utilizing a hierarchy of Network Intelligence orchestrators for real-time anomaly and security threat handling.Implementation includes FL enforcement operations for interoperability and extensibility,enabling dynamic deployment,configuration,and reconfiguration on demand.Performance validation of the proposed solution was conducted through dynamic orchestration,FL,and real-time anomaly detection processes using a practical test environment.Analysis of key performance metrics,leveraging the 5G-NIDD dataset,demonstrates the system’s capability for automatic and near real-time handling of anomalies and attacks,including real-time network monitoring and countermeasure implementation for mitigation.展开更多
Network security policy and the automated refinement of its hierarchies aims to simplify the administration of security services in complex network environments. The semantic gap between the policy hierarchies reflect...Network security policy and the automated refinement of its hierarchies aims to simplify the administration of security services in complex network environments. The semantic gap between the policy hierarchies reflects the validity of the policy hierarchies yielded by the automated policy refinement process. However, little attention has been paid to the evaluation of the compliance between the derived lower level policy and the higher level policy. We present an ontology based on Ontology Web Language (OWL) to describe the semantics of security policy and their implementation. We also propose a method of estimating the semantic similarity between a given展开更多
The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define ...The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define the sets of security issues, controls and organisation’s commitment for seamless integration with knowledge based platforms in order to protect critical assets and data. Such platforms are needed to evaluate and share violations which can create security loop-hole. The lack of rules-based approaches for discovering potential threats at organisation’s context, poses a challenge for many organisations in safeguarding their critical assets. To address the challenge, this paper introduces a Platform for Organisation Security Threat Analytic and Management (POSTAM) using rule-based approach. The platform enhances strategies for combating information security threats and thus improves organisations’ commitment in protecting their critical assets. R scripting language for data visualization and java-based scripts were used to develop a prototype to run on web protocol. MySQL database management system was used as back-end for data storage during threat analytic processes.展开更多
To meet the actual requirements of an automotive industry chain collaboration platform (AICCP), this paper offers several simple but effective security policies based upon the traditional security mechanism of data ...To meet the actual requirements of an automotive industry chain collaboration platform (AICCP), this paper offers several simple but effective security policies based upon the traditional security mechanism of data transfer, including user ID verification with SOAP (simple object access protocol), header, SOAP message encryption with SOAP extension and XML (extensible markup language) file encryption and decryption. Application of these policies to the AICCP for more than one year proves the effectiveness of the data exchange practice between the AICCP and enterprise Intranet.展开更多
The article gives an overview on the dynamic political processes in the Black Sea region after some major geostrategic changes posing instability concerns in the region. The aim is to summarise the policy tendencies o...The article gives an overview on the dynamic political processes in the Black Sea region after some major geostrategic changes posing instability concerns in the region. The aim is to summarise the policy tendencies of the international organisations (NATO and EU) towards Russia and to present some analytical thoughts on current Euro-Atlantic strategies. Proposed is a different way of thinking based on the "congagement" approach.展开更多
A news agency is an organization that gathers news reports and sells them to subscribing news organization, such as newspapers, magazines, radio and television broadcasters. A news agency may also be referred to as a ...A news agency is an organization that gathers news reports and sells them to subscribing news organization, such as newspapers, magazines, radio and television broadcasters. A news agency may also be referred to as a wire service, newswire, or news service. The main purpose of this paper is to evaluate the security policies and analyze the content of five press agencies in gulf countries which are (Kuwait News Agency (KUNA), Emirates News Agency (WAM), Saudi Press Agency (SPA), Bahrain News Agency (BNA), and Oman News Agency (OMA)) by using a fuzzy VIKOR approach where linguistic variables are applied to solve the uncertainties and subjectivities in expert decision making. Fuzzy VIKOR approach is one of the best Multi-Criteria Decision Making (MCDM) techniques working in fuzzy environment. This study benefits security and content analysis experts know which press agency has the mandate and the competence to educate the public on news agencies. Besides, this paper contributes to Gulf agencies in helping them in their resolve to ensure the quality of content information and information security policies over the internet.展开更多
It is widely agreed that the insider’s noncompliance to the marine information security policies has brought about a major security problem in the organizational context.Previous research has stressed the potential o...It is widely agreed that the insider’s noncompliance to the marine information security policies has brought about a major security problem in the organizational context.Previous research has stressed the potential of remunerative control,i.e.,reward,to better understand this problem.Few studies have been devoted to the exploration of the coupling incentive mechanism of tangible and intangible rewards that would induce insider’s compliance behavior towards the marine information security policy.In the present study,we address this research gap by proposing a theoretical model that explains the optimal coupling incentive mechanism of these two different types of remunerative control.Our findings have delivered insightful implications for practice and research on how to improve the marine information security policy compliance in a more subtle way.展开更多
In the organizational context of marine engineering,employee individual often prefers to concentrate herself to the day-to-day routine job,but to shirk the responsibilities of the Information Security Policies(ISPs)co...In the organizational context of marine engineering,employee individual often prefers to concentrate herself to the day-to-day routine job,but to shirk the responsibilities of the Information Security Policies(ISPs)compliance,after she has been delegated by the employer to perform the two different tasks in the same time period.This would lead to negative influences on the security of marine information systems and the employee’s routine job performance.In view of the task structures of employee’s routine job and marine ISPs compliance,the variables of emphasis on scheduling are incorporated into a multi-task principal-agent model to explore the optimal incentive scheme to motivate and control the employees to select appropriate effort levels for conducting the two highly structured tasks.The role of emphasis on scheduling on the incentive intensities for the two tasks have been clarified through modeling and simulation,and the corresponding incentive tactics are suggested.The new two-task incentive scheme is expected to provide useful insight for understanding and controlling marine engineering employee’s routine job and ISPs compliance behavior.展开更多
In the organizational setting of marine engineering,a significant number of information security incidents have been arised from the employees’failure to comply with the information security policies(ISPs).This may b...In the organizational setting of marine engineering,a significant number of information security incidents have been arised from the employees’failure to comply with the information security policies(ISPs).This may be treated as a principal-agent problem with moral hazard between the employer and the employee for the practical compliance effort of an employee is not observable without high cost-.On the other hand,according to the deterrence theory,the employer and the employee are inherently self-interested beings.It is worth examining to what extent the employee is self-interested in the marine ISPs compliance context.Moreover,it is important to clarify the proper degree of severity of punishment in terms of the deterrent effect.In this study,a marine ISPs compliance game model has been proposed to evaluate the deterrence effect of punishment on the non-compliance behavior of employee individuals.It is found that in a non-punishment contract,the employee will decline to comply with the marine ISPs;but in a punishment contract,appropriate punishment will lead her to select the marine ISPs compliance effort level expected by the employer,and cause no potential backfire effect.展开更多
To solve the shortage problem of the semantic descrip- tion scope and verification capability existed in the security policy, a semantic description method for the security policy based on ontology is presented. By de...To solve the shortage problem of the semantic descrip- tion scope and verification capability existed in the security policy, a semantic description method for the security policy based on ontology is presented. By defining the basic elements of the security policy, the relationship model between the ontology and the concept of security policy based on the Web ontology language (OWL) is established, so as to construct the semantic description framework of the security policy. Through modeling and reasoning in the Protege, the ontology model of authorization policy is proposed, and the first-order predicate description logic is introduced to the analysis and verification of the model. Results show that the ontology-based semantic description of security policy has better flexibility and practicality.展开更多
The problem of regulating access to XML documents has attracted much attention from both academic and industry communities. In existing approaches, the XML elements specified by access policies axe either accessible o...The problem of regulating access to XML documents has attracted much attention from both academic and industry communities. In existing approaches, the XML elements specified by access policies axe either accessible or inaccessible according to their sensitivity. However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible. This paper proposes a policy language to accommodate such cases, which can express the downgrading operations on sensitive data in XML documents through explicit calculations on them. The proposed policy language is called calculation-embedded schema (CSchema), which extends the ordinary schema languages with protection type for protecting sensitive data and specifying downgrading operations. CSchema language has a type system to guarantee the type correctness of the embedded calculation expressions and moreover this type system also generates a security view after type checking a CSchema policy. Access policies specified by CSchema are enforced by a validation procedure, which produces the released documents containing only the accessible data by validating the protected documents against CSchema policies. These released documents are then ready to be accessed by, for instance, XML query engines. By incorporating this validation procedure, other XML processing technologies can use CSchema as the access control module.展开更多
文摘The Kingdom of Saudi Arabia(KSA)has achieved significant milestones in cybersecurity.KSA has maintained solid regulatorymechanisms to prevent,trace,and punish offenders to protect the interests of both individual users and organizations from the online threats of data poaching and pilferage.The widespread usage of Information Technology(IT)and IT Enable Services(ITES)reinforces securitymeasures.The constantly evolving cyber threats are a topic that is generating a lot of discussion.In this league,the present article enlists a broad perspective on how cybercrime is developing in KSA at present and also takes a look at some of the most significant attacks that have taken place in the region.The existing legislative framework and measures in the KSA are geared toward deterring criminal activity online.Different competency models have been devised to address the necessary cybercrime competencies in this context.The research specialists in this domain can benefit more by developing a master competency level for achieving optimum security.To address this research query,the present assessment uses the Fuzzy Decision-Making Trial and Evaluation Laboratory(Fuzzy-DMTAEL),Fuzzy Analytic Hierarchy Process(F.AHP),and Fuzzy TOPSIS methodology to achieve segment-wise competency development in cyber security policy.The similarities and differences between the three methods are also discussed.This cybersecurity analysis determined that the National Cyber Security Centre got the highest priority.The study concludes by perusing the challenges that still need to be examined and resolved in effectuating more credible and efficacious online security mechanisms to offer amoreempowered ITES-driven economy for SaudiArabia.Moreover,cybersecurity specialists and policymakers need to collate their efforts to protect the country’s digital assets in the era of overt and covert cyber warfare.
文摘Germany has recently taken multiple actions to adjust its security policy: for instance, promoting re-militarization, increasing foreign military intervention and overseas operations, and adopting measures to comprehensively safeguard security in the domains of energy, supply chain, and ideology. Externally, such moves result directly from the threat of a hot war emanating from the Russia–Ukraine crisis. Germany is severely deficient in hard power and the rules and order on which it previously relied are proving increasingly ineffective. The nation is also witnessing a sharply rising sense of insecurity as its inter-system competition with nonWestern countries intensifies. Internally, the present policy shift represents a continuation of German foreign policy transformations initiated during the Merkel era. This change is strongly driven by the new ruling coalition, especially the Green Party, and is staunchly supported by the public. In the future, Germany will probably further normalize its military, intensify its confrontations with non-Western countries, and diversify its means of comprehensively safeguarding security. However, security-related policy transformation processes will be time-consuming and Germany’s investments will not immediately pay off. Traditionally, Germany tends toward the pragmatic and balanced implementation of policies. Thus, it is less likely to pursue military hegemony than to increasingly assume security responsibilities within the Western alliance.
文摘The concept of smart power requires to combine soft and hard power. Thus, smart power is a new approach for the US politics towards the Middle East. As a consequence of smart power politics of the US, some newly members of the EU and Turkey has become a part of missile defense system. This is a significant indicator of usage of smart power for the EU members and Turkey. The security policies and practices of the US disclose a necessity for straight allies. For this reason, the relationship between the US, the EU and Turkey may be conceptualize with reference to the concept of smart power. In the case of Missile Defense System, Turkey has agreed to be a participant of this system after signing an agreement with the US. After that, Turkish government has confronted with some interior and exterior political difficulties. One of the most important difficulties is the interior resistance of missile defense system's Kiirecik Radar Station and its usage in Turkey. Another important point is the question of control of Turkish National Security and Defense strategy. In that respect, the US government's smart power applications may be included in the establishment of the radar station. The EU has also been included in that strategy. This paper will argue smart power practices of the US, the EU and Turkey with reference to comparative practices of power politics and the case of Missile Defense System. In this way, a comprehensive and system-type assessment of possible responses and the change in relations between stakeholder states not only in the issue of a set-up of a Turkish radar station, but on a broader range of international "hard" security balance will be demonstrated.
文摘This comprehensive exploration delves into the intricate dynamics of national security policies in the realm of renewable and nonrenewable energy sources.From the present landscape characterized by the diversification of energy portfolios to the long-term vision encompassing nuclear fusion,this article navigates through the nuanced interplay of technology,resilience,and environmental responsibility.The synthesis of established nuclear fission technologies and evolving renewable sources forms the cornerstone of a strategic approach,addressing challenges and opportunities to ensure a secure,sustainable energy future.
基金This work was supported in part by the National Research Foundation of Korea(NRF)funded by the Ministry of Science and ICT(MSIT)Future Planning under Grant NRF-2020R1A2C2014336 and Grant NRF-2021R1A4A1029650.
文摘Despite the advances in automated vulnerability detection approaches,security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems.Such security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data leakage.Therefore,it is an essential task to discover unrestricted and misimplemented behaviors of a system.However,it is a daunting task for security experts to discover such vulnerabilities in advance because it is timeconsuming and error-prone to analyze the whole code in detail.Also,most of the existing vulnerability detection approaches still focus on detecting memory corruption bugs because these bugs are the dominant root cause of software vulnerabilities.This paper proposes SMINER,a novel approach that discovers vulnerabilities caused by unrestricted and misimplemented behaviors.SMINER first collects unit test cases for the target system from the official repository.Next,preprocess the collected code fragments.SMINER uses pre-processed data to show the security policies that can occur on the target system and creates a test case for security policy testing.To demonstrate the effectiveness of SMINER,this paper evaluates SMINER against Robot Operating System(ROS),a real-world system used for intelligent robots in Amazon and controlling satellites in National Aeronautics and Space Administration(NASA).From the evaluation,we discovered two real-world vulnerabilities in ROS.
基金supported by the grants:PID2020-112675RBC44(ONOFRE-3),funded by MCIN/AEI/10.13039/501100011033Horizon Project RIGOUROUS funded by European Commission,GA:101095933TSI-063000-2021-{36,44,45,62}(Cerberus)funded by MAETD’s 2021 UNICO I+D Program.
文摘The management of network intelligence in Beyond 5G(B5G)networks encompasses the complex challenges of scalability,dynamicity,interoperability,privacy,and security.These are essential steps towards achieving the realization of truly ubiquitous Artificial Intelligence(AI)-based analytics,empowering seamless integration across the entire Continuum(Edge,Fog,Core,Cloud).This paper introduces a Federated Network Intelligence Orchestration approach aimed at scalable and automated Federated Learning(FL)-based anomaly detection in B5Gnetworks.By leveraging a horizontal Federated learning approach based on the FedAvg aggregation algorithm,which employs a deep autoencoder model trained on non-anomalous traffic samples to recognize normal behavior,the systemorchestrates network intelligence to detect and prevent cyber-attacks.Integrated into a B5G Zero-touch Service Management(ZSM)aligned Security Framework,the proposal utilizes multi-domain and multi-tenant orchestration to automate and scale the deployment of FL-agents and AI-based anomaly detectors,enhancing reaction capabilities against cyber-attacks.The proposed FL architecture can be dynamically deployed across the B5G Continuum,utilizing a hierarchy of Network Intelligence orchestrators for real-time anomaly and security threat handling.Implementation includes FL enforcement operations for interoperability and extensibility,enabling dynamic deployment,configuration,and reconfiguration on demand.Performance validation of the proposed solution was conducted through dynamic orchestration,FL,and real-time anomaly detection processes using a practical test environment.Analysis of key performance metrics,leveraging the 5G-NIDD dataset,demonstrates the system’s capability for automatic and near real-time handling of anomalies and attacks,including real-time network monitoring and countermeasure implementation for mitigation.
基金the National Natural Science Foundation of China
文摘Network security policy and the automated refinement of its hierarchies aims to simplify the administration of security services in complex network environments. The semantic gap between the policy hierarchies reflects the validity of the policy hierarchies yielded by the automated policy refinement process. However, little attention has been paid to the evaluation of the compliance between the derived lower level policy and the higher level policy. We present an ontology based on Ontology Web Language (OWL) to describe the semantics of security policy and their implementation. We also propose a method of estimating the semantic similarity between a given
文摘The integration of organisation’s information security policy into threat modeling enhances effectiveness of security strategies for information security management. These security policies are the ones which define the sets of security issues, controls and organisation’s commitment for seamless integration with knowledge based platforms in order to protect critical assets and data. Such platforms are needed to evaluate and share violations which can create security loop-hole. The lack of rules-based approaches for discovering potential threats at organisation’s context, poses a challenge for many organisations in safeguarding their critical assets. To address the challenge, this paper introduces a Platform for Organisation Security Threat Analytic and Management (POSTAM) using rule-based approach. The platform enhances strategies for combating information security threats and thus improves organisations’ commitment in protecting their critical assets. R scripting language for data visualization and java-based scripts were used to develop a prototype to run on web protocol. MySQL database management system was used as back-end for data storage during threat analytic processes.
基金National High-Tech Research and De-velopment Program of China (863 Program) (No2004AA414010)Science Technology Project of Sichuan Province(No2006z03-015)
文摘To meet the actual requirements of an automotive industry chain collaboration platform (AICCP), this paper offers several simple but effective security policies based upon the traditional security mechanism of data transfer, including user ID verification with SOAP (simple object access protocol), header, SOAP message encryption with SOAP extension and XML (extensible markup language) file encryption and decryption. Application of these policies to the AICCP for more than one year proves the effectiveness of the data exchange practice between the AICCP and enterprise Intranet.
文摘The article gives an overview on the dynamic political processes in the Black Sea region after some major geostrategic changes posing instability concerns in the region. The aim is to summarise the policy tendencies of the international organisations (NATO and EU) towards Russia and to present some analytical thoughts on current Euro-Atlantic strategies. Proposed is a different way of thinking based on the "congagement" approach.
文摘A news agency is an organization that gathers news reports and sells them to subscribing news organization, such as newspapers, magazines, radio and television broadcasters. A news agency may also be referred to as a wire service, newswire, or news service. The main purpose of this paper is to evaluate the security policies and analyze the content of five press agencies in gulf countries which are (Kuwait News Agency (KUNA), Emirates News Agency (WAM), Saudi Press Agency (SPA), Bahrain News Agency (BNA), and Oman News Agency (OMA)) by using a fuzzy VIKOR approach where linguistic variables are applied to solve the uncertainties and subjectivities in expert decision making. Fuzzy VIKOR approach is one of the best Multi-Criteria Decision Making (MCDM) techniques working in fuzzy environment. This study benefits security and content analysis experts know which press agency has the mandate and the competence to educate the public on news agencies. Besides, this paper contributes to Gulf agencies in helping them in their resolve to ensure the quality of content information and information security policies over the internet.
文摘It is widely agreed that the insider’s noncompliance to the marine information security policies has brought about a major security problem in the organizational context.Previous research has stressed the potential of remunerative control,i.e.,reward,to better understand this problem.Few studies have been devoted to the exploration of the coupling incentive mechanism of tangible and intangible rewards that would induce insider’s compliance behavior towards the marine information security policy.In the present study,we address this research gap by proposing a theoretical model that explains the optimal coupling incentive mechanism of these two different types of remunerative control.Our findings have delivered insightful implications for practice and research on how to improve the marine information security policy compliance in a more subtle way.
文摘In the organizational context of marine engineering,employee individual often prefers to concentrate herself to the day-to-day routine job,but to shirk the responsibilities of the Information Security Policies(ISPs)compliance,after she has been delegated by the employer to perform the two different tasks in the same time period.This would lead to negative influences on the security of marine information systems and the employee’s routine job performance.In view of the task structures of employee’s routine job and marine ISPs compliance,the variables of emphasis on scheduling are incorporated into a multi-task principal-agent model to explore the optimal incentive scheme to motivate and control the employees to select appropriate effort levels for conducting the two highly structured tasks.The role of emphasis on scheduling on the incentive intensities for the two tasks have been clarified through modeling and simulation,and the corresponding incentive tactics are suggested.The new two-task incentive scheme is expected to provide useful insight for understanding and controlling marine engineering employee’s routine job and ISPs compliance behavior.
基金funded in part by the National Natural Science Foundation of China (No.70972058,No.71272092 and No.71431002)。
文摘In the organizational setting of marine engineering,a significant number of information security incidents have been arised from the employees’failure to comply with the information security policies(ISPs).This may be treated as a principal-agent problem with moral hazard between the employer and the employee for the practical compliance effort of an employee is not observable without high cost-.On the other hand,according to the deterrence theory,the employer and the employee are inherently self-interested beings.It is worth examining to what extent the employee is self-interested in the marine ISPs compliance context.Moreover,it is important to clarify the proper degree of severity of punishment in terms of the deterrent effect.In this study,a marine ISPs compliance game model has been proposed to evaluate the deterrence effect of punishment on the non-compliance behavior of employee individuals.It is found that in a non-punishment contract,the employee will decline to comply with the marine ISPs;but in a punishment contract,appropriate punishment will lead her to select the marine ISPs compliance effort level expected by the employer,and cause no potential backfire effect.
基金Supported by the National Natural Science Foundation of China(61462020,61363006,61163057)the Guangxi Experiment Center of Information Science Foundation(20130329)the Guangxi Natural Science Foundation(2014GXNSFAA118375)
文摘To solve the shortage problem of the semantic descrip- tion scope and verification capability existed in the security policy, a semantic description method for the security policy based on ontology is presented. By defining the basic elements of the security policy, the relationship model between the ontology and the concept of security policy based on the Web ontology language (OWL) is established, so as to construct the semantic description framework of the security policy. Through modeling and reasoning in the Protege, the ontology model of authorization policy is proposed, and the first-order predicate description logic is introduced to the analysis and verification of the model. Results show that the ontology-based semantic description of security policy has better flexibility and practicality.
文摘The problem of regulating access to XML documents has attracted much attention from both academic and industry communities. In existing approaches, the XML elements specified by access policies axe either accessible or inaccessible according to their sensitivity. However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible. This paper proposes a policy language to accommodate such cases, which can express the downgrading operations on sensitive data in XML documents through explicit calculations on them. The proposed policy language is called calculation-embedded schema (CSchema), which extends the ordinary schema languages with protection type for protecting sensitive data and specifying downgrading operations. CSchema language has a type system to guarantee the type correctness of the embedded calculation expressions and moreover this type system also generates a security view after type checking a CSchema policy. Access policies specified by CSchema are enforced by a validation procedure, which produces the released documents containing only the accessible data by validating the protected documents against CSchema policies. These released documents are then ready to be accessed by, for instance, XML query engines. By incorporating this validation procedure, other XML processing technologies can use CSchema as the access control module.