A Study on the Challenges of Human-Centric Cyber-Security and the Guarantee of Information Quality

Information security and quality management are often considered two different fields. However, organizations must be mindful of how software security may affect quality control. This paper examines and promotes methods through which secure software development processes can be integrated into the Systems Software Development Life-cycle (SDLC) to improve system quality. Cyber-security and quality assurance are both involved in reducing risk. Software security teams work to reduce security risks, whereas quality assurance teams work to decrease risks to quality. There is a need for clear standards, frameworks, processes, and procedures to be followed by organizations to ensure high-level quality while reducing security risks. This research uses a survey of industry professionals to help identify best practices for developing software with fewer defects from the early stages of the SDLC to improve both the quality and security of software. Results show that there is a need for better security awareness among all members of software development teams.

Research on College Network Information Security Protection in the Digital Economy Era

In the era of the digital economy,the informatization degree of various industries is getting deeper and deeper,and network information security has also come into people’s eyes.Colleges and universities are in the position of training applied talents,because of the needs of teaching and education,as well as the requirements of teaching reform,the information construction of colleges and universities has been gradually improved,but the problem of network information security is also worth causing people to ponder.The low security of the network environment will cause college network information security leaks,and even hackers will attack the official website of the university and leak the personal information of teachers and students.To solve such problems,this paper studies the protection of college network information security against the background of the digital economy era.This paper first analyzes the significance of network information security protection,then points out the current and moral problems,and finally puts forward specific countermeasures,hoping to create a safe learning environment for teachers and students for reference.

Cluster DetectionMethod of Endogenous Security Abnormal Attack Behavior in Air Traffic Control Network

In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set for ATC cybersecurity attacks is constructed by setting the feature states,adding recursive features,and determining the feature criticality.The expected information gain and entropy of the feature data are computed to determine the information gain of the feature data and reduce the interference of similar feature data.An autoencoder is introduced into the AI(artificial intelligence)algorithm to encode and decode the characteristics of ATC network security attack behavior to reduce the dimensionality of the ATC network security attack behavior data.Based on the above processing,an unsupervised learning algorithm for clustering detection of ATC network security attacks is designed.First,determine the distance between the clustering clusters of ATC network security attack behavior characteristics,calculate the clustering threshold,and construct the initial clustering center.Then,the new average value of all feature objects in each cluster is recalculated as the new cluster center.Second,it traverses all objects in a cluster of ATC network security attack behavior feature data.Finally,the cluster detection of ATC network security attack behavior is completed by the computation of objective functions.The experiment took three groups of experimental attack behavior data sets as the test object,and took the detection rate,false detection rate and recall rate as the test indicators,and selected three similar methods for comparative test.The experimental results show that the detection rate of this method is about 98%,the false positive rate is below 1%,and the recall rate is above 97%.Research shows that this method can improve the detection performance of security attacks in air traffic control network.

Information Security in the Cloud: Emerging Trends and Challenges

This article explores the evolution of cloud computing, its advantages over traditional on-premises infrastructure, and its impact on information security. The study presents a comprehensive literature review covering various cloud infrastructure offerings and security models. Additionally, it deeply analyzes real-life case studies illustrating successful cloud migrations and highlights common information security threats in current cloud computing. The article concludes by offering recommendations to businesses to protect themselves from cloud data breaches and providing insights into selecting a suitable cloud services provider from an information security perspective.

Influence of Quantum Information Technology on International Security

Humanity is currently undergoing the fourth industrial revolution,characterized by advancements in artificial intelligence,clean energy,quantum information technology,virtual reality,and biotechnology.This technological revolution is poised to have a profound impact on the world.Quantum information technology encompasses both quantum computing and the transmission of quantum information.This article aims to integrate quantum information technology with international security concerns,exploring its implications for international security and envisioning its groundbreaking significance.

Challenges and Solutions of Information Security Issues in the Age of Big Data

Big data has been taken as a Chinese national strategy in order to satisfy the developments of the social and economic requirements and the development of new information technology. The prosperity of big data brings not only convenience to people's daily life and more opportunities to enterprises, but more challenges with information security as well. This paper has a research on new types and features of information security issues in the age of big data, and puts forward the solutions for the above issues: build up the big data security management platform, set up the establishment of information security system and implement relevant laws and regulations.

Information Security and the Theory of Unfaithful Information

In this article, the theory of information security is written as a context of national security. Article is devoted to an actual problem of legal support of information security in the Republic of Kazakhstan. The author analyzes modern problems and threats of information security in the conditions of globalization and considers aspects of information security. This article focuses on issues of spreading harmful information, which negatively affects the psyche, behavior, health, society and destabilizes the government administration. The article makes the case for improving the legislation of the Republic of Kazakhstan in strengthening informational security of individuals, society, the state, and measures to prevent the destructive impact of harmful information.

Information Availability: An Insight into the Most Important Attribute of Information Security

This paper presents an in-depth understanding of Availability, which is one of the important pillars of Information Security and yet is not taken too seriously while talking about the security of an information system. The paper highlights the importance of Availability w.r.t. Security of information and the other attributes of security and also gives a realistic shape to the existing CIA triad security model. An in-depth understanding of the various factors that can impact the Availability of an information system (Software, Hardware and Network) is given. The paper also gives a categorization of the type of Availability that a system can have. The paper also explains the relation between Availability and other security attributes and also explains through what issues an information system may go while providing Availability.

Neuro-Computing Applications in Security of Network Information Systems

Currently computing information systems have entered a new stage and the security of systems is more and more serious, and the research on system security is developing in depth. This paper discusses neuro-computing applications in security of network information systems.

Teaching Reform of Mathematics Foundations of Information Security with Algorithm as the Core

In view of the problems existing in the teaching of Mathematics Foundations of Information Security,such as emphasizing theory but neglecting practice,combined with the concept of engineering education certification and emerging engineering education teaching reform,this paper combs the knowledge points and learning context of Mathematics Foundations of Information Security,puts forward a new teaching mode of Mathematics Foundations of Information Security with algorithm as the core,and gives the teaching content,organization form and assessment method.Thus,it improves the students’learning interest and practical ability,and improves the achievement of graduation requirements.

Research on the Ideological and Political Construction of Mathematics Foundations of Information Security

Mathematics foundations of information security is a core course in the subject of information security.In view of the current national ideological and political conference in universities,finding a way to integrate this course with ideological and political education attracts a lot of attention from the education community.This paper makes an assay of the significance of the combination of mathematics foundations of information security course and ideological and political education,and introduces the teaching practice of mathematics foundations of information security course combined with ideological and political education.Through the combination of ideological and political education and curriculum content,cultivating all-round development of talents who study information security.

The Role of Information Security Development （ISD） in Effective Information Security Management （ISM） Implementation in the Banks： A Nigerian Case

This research discusses the role of information security development （ISD） using organizational factors such as information security plans, information security awareness, perceived quality training programs, information security policies and procedures, and organizational culture in effective information security management （ISM） implementation in the banks （a Nigerian case）. This paper explores the existing literature and a proposed framework that consists of ISD such as information security plans, information security awareness, perceived quality training programs, information security policies and procedures, and organizational culture in ISM implementation. ISD factors are found to be statistically significant, because it motivates an organization to implement effective ISM in the banks. Hence, it could be said that the role of ISD practices in an effective implementation of ISM among banks in Nigeria will be of great value.

The Necessity of Information Security in the Vulnerable Pharmaceutical Industry

The pharmaceutical industry produces billions of dollars in sales each year. The industry is evolving and relying on using technology more and more to conduct day-to-day business. The pharmaceutical industry generates enormous amounts of sensitive and private information such as medical records, employee information, financial data and research data. This makes the pharmaceutical industry vulnerable to cybercrime. The pharmaceutical industry has a big responsibility to stakeholders, patients, employees and customers all over the world to ensure this information is secure. It is imperative for organizations to budget adequate amounts of money and resources to have effective Information Security Management. Information Security Management is critical in the pharmaceutical industry and the alternative of not having it would be devastating to a pharmaceutical company. Cyber criminals can tarnish company reputations and the effects can take years to overcome. The main contributions of this paper will be to describe the concerns about the security of information in the pharmaceutical industry, provide examples of organizations that are victims of cybercrime, describe regulations in place to help reduce information security breaches and illustrate why information security is necessary in the pharmaceutical industry.

Using the Latin Square Design Model in the Prioritzation of Network Security Threats: A Quantitative Study

Society is becoming increasingly dependent on cyberspace for both business and pleasure. Cyber attackers continue to attack organizational computer networks, as those same computer networks become increasing critical to organizational business process. Strategic planning and managing IT security risks play an important role in the business and government planning process. Deploying defense in depth security measures can ensure that organizations continue to function in times of crisis. This quantitative study explores whether the Latin Square Design (LSD) model can be effectively applied to the prioritization of cybersecurity threats and to the linking of information assurance defense in-depth measures to those threats. The methods used in this study consisted of scanning 10 Cybersecurity Websites such as the Department of Homeland Security US CERT (United States-Computer Emergency Readiness Team [1]) and the SANS Institute (SysAdmin, Audit, Network and Security [2]) using the Likert Scale Model for the Website’s top ten list of cyber threats facing organizations and the network defense in depth measures to fight those threats. A comparison of each cybersecurity threats was then made using LSD to determine whether the Likert scale and the LSD model could be effectively applied to prioritize information assurance measures to protect organizational computing devices. The findings of the research reject the H0 null hypothesis that LSD does not affect the relationship between the ranking of 10 Cybersecurity websites top ten cybersecurity threats dependent variables and the independent variables of defense in depth measures used in protecting organizational devices against cyber-attacks.

The Challenge of Implementing Information Security Standards in Small and Medium e-Business Enterprises

The dynamic nature of online systems requires companies to be proactive with thwarting information security threats, and to follow a systematic way for managing and evaluating the security of their online services. The existence of security standards is an important factor that helps organisations to evaluate and manage security by providing guidelines and best practices that enable them to follow a standard and systematic way to protect their e-Business activities. However, the suitability of available information security standards for Small and Medium e-Business Enterprises (e-SME) is worth further investigation. In this paper three major security standards including Common Criteria, System Security Engineering-Capability and Maturity Model and ISO/IEC 27001 were analysed. Accordingly, several challenges associated with these standards that may render them difficult to be implemented in e-SME have been identified.

Strengthening the Security of Supervised Networks by Automating Hardening Mechanisms

In recent years, the place occupied by the various manifestations of cyber-crime in companies has been considerable. Indeed, due to the rapid evolution of telecommunications technologies, companies, regardless of their size or sector of activity, are now the target of advanced persistent threats. The Work 2035 study also revealed that cyber crimes (such as critical infrastructure hacks) and massive data breaches are major sources of concern. Thus, it is important for organizations to guarantee a minimum level of security to avoid potential attacks that can cause paralysis of systems, loss of sensitive data, exposure to blackmail, damage to reputation or even a commercial harm. To do this, among other means, hardening is used, the main objective of which is to reduce the attack surface within a company. The execution of the hardening configurations as well as the verification of these are carried out on the servers and network equipment with the aim of reducing the number of openings present by keeping only those which are necessary for proper operation. However, nowadays, in many companies, these tasks are done manually. As a result, the execution and verification of hardening configurations are very often subject to potential errors but also highly consuming human and financial resources. The problem is that it is essential for operators to maintain an optimal level of security while minimizing costs, hence the interest in automating hardening processes and verifying the hardening of servers and network equipment. It is in this logic that we propose within the framework of this work the reinforcement of the security of the information systems (IS) by the automation of the mechanisms of hardening. In our work, we have, on the one hand, set up a hardening procedure in accordance with international security standards for servers, routers and switches and, on the other hand, designed and produced a functional application which makes it possible to: 1) Realise the configuration of the hardening;2) Verify them;3) Correct the non conformities;4) Write and send by mail a verification report for the configurations;5) And finally update the procedures of hardening. Our web application thus created allows in less than fifteen (15) minutes actions that previously took at least five (5) hours of time. This allows supervised network operators to save time and money, but also to improve their security standards in line with international standards.

Information Systems Security Threats and Vulnerabilities: A Case of the Institute of Accountancy Arusha (IAA)

All modern computer users need to be concerned about information system security (individuals and organisations). Many businesses established various security structures to protect information system security from harmful occurrences by implementing security procedures, processes, policies, and information system security organisational structures to ensure data security. Despite all the precautions, information security remains a disaster in Tanzania’s learning institutions. The fundamental issue appears to be a lack of awareness of crucial information security factors. Various companies have different security issues due to differences in ICT infrastructure, implementations, and usage. The study focuses on identifying information system security threats and vulnerabilities in public higher learning institutions in Tanzania, particularly the Institute of Accountancy Arusha (IAA). The study involved all employees of IAA, academics, and other supporting staff, which totalled 302, and the sample size was 170. The study utilised a descriptive research design, where the quantitative methodology was used through a five-point Likert scale questionnaire, and found that key factors that affect the security of information systems at IAA include human factors, policy-related issues, work environment and demographic factors. The study proposed regular awareness and training programs;an increase in women’s awareness of information system security;proper policy creation and reviews every 4 years;promote actions that lessen information system security threats and vulnerabilities, and the creation of information system security policy documents independently from ICT policy.

Fuzzy VIKOR Approach to Evaluate the Information Security Policies and Analyze the Content of Press Agencies in Gulf Countries

A news agency is an organization that gathers news reports and sells them to subscribing news organization, such as newspapers, magazines, radio and television broadcasters. A news agency may also be referred to as a wire service, newswire, or news service. The main purpose of this paper is to evaluate the security policies and analyze the content of five press agencies in gulf countries which are (Kuwait News Agency (KUNA), Emirates News Agency (WAM), Saudi Press Agency (SPA), Bahrain News Agency (BNA), and Oman News Agency (OMA)) by using a fuzzy VIKOR approach where linguistic variables are applied to solve the uncertainties and subjectivities in expert decision making. Fuzzy VIKOR approach is one of the best Multi-Criteria Decision Making (MCDM) techniques working in fuzzy environment. This study benefits security and content analysis experts know which press agency has the mandate and the competence to educate the public on news agencies. Besides, this paper contributes to Gulf agencies in helping them in their resolve to ensure the quality of content information and information security policies over the internet.

Research on Network Platform of Information Management and Security

With the rapid development and wide application of network technology, information security issues are increasingly highlighted, received more and more attention. This article introduces the present situation of network information security, discusses the connotation of network information security, and analyzes the main threat to the security of the network information. And we separately detailed description of the data monitoring platform architecture from the data layer, network layer and presentation layer three levels, focuses on the functional structure of intelligent database platform, and puts forward to measures that ensure the safety of the platform and the internal data security. Through the design of the platform to improve the information security system has certain significance.

Interpretation of Information Security and Data Privacy Protection According to the Data Use During the Epidemic

COVID-19 has swept the whole our country and the world in the beginning of 2020.31 provinces and municipalities across the country have launched the first-level response to major public health emergencies since January 24,and China has carried out intensive epidemic control.It is critical for effectively responding to COVID-19 to collect,collate and analyze people’s personal data.What’s more,obtaining identity information,travel records and health information of confirmed cases,suspected cases and close contacts has become a crucial step in epidemic investigation.All regions have made full use of big data to carry out personnel screening,travel records analysis and other related work in epidemic prevention and control,effectively improving the efficiency of epidemic prevention and control.However,data leakage,personnel privacy data exposure,and personal attack frequently occurred in the process of personnel travel records analysis and epidemic prevention and control.It even happened in the WeChat group to forward a person’s name,phone number,address,ID number and other sensitive information.It brought discrimination,telephone and SMS harassment to the parties,which caused great harm to individuals.Based on these,lack of information security and data security awareness and other issues were exposed.Therefore,while big data has been widely concerned and applied,attention should be paid to protecting personal privacy.It is urgent to pay more attention to data privacy and information security in order to effectively protect the legitimate rights of the people.Therefore,measures can be taken to achieve this goal,such as improving the relevant legal system,strengthening technical means to enhance the supervision and management of information security and data protection.