Explore the vast range of titles available.

Blockchain (BC) has recently paved the way for developing Decentralized Identity Management (IdM) systems for different information systems. Researchers widely use it to develop decentralized IdM systems for the Health Internet of Things (HIoT). HIoT is considered a vulnerable system that produces and processes sensitive data. BC-based IdM systems have the potential to be more secure and privacy-aware than centralized IdM systems. However, many studies have shown potential security risks to using BC. A Systematic Literature Review (SLR) conducted by the authors on BC-based IdM systems in HIoT systems showed a lack of comprehensive security and risk management frameworks for BC-based IdM systems in HIoT. Conducting a further SLR focusing on risk management and supplemented by Grey Literature (GL), in this paper, a security taxonomy, security framework, and cybersecurity risk management framework for the HIoT BC-IdM systems are identified and proposed. The cybersecurity risk management framework will significantly assist developers, researchers, and organizations in developing a secure BC-based IdM to ensure HIoT users’ data privacy and security.

Enterprise Security Risk Management (ESRM) is gaining popularity in industry circles, especially after the American Society of Industrial Security (ASIS International) elevated it as its strategic priority in 2016. However, research on its adoption has attracted little attention, especially in universities which are often characterized by outstanding variations in culture, structure, and more. In this paper, we conduct a self-assessment of ESRM maturity in Kenya’s accredited universities using process metrics of the 2019 ASIS ESRM Maturity Model and insights from university security executives. The findings reveal that more than 35% of accredited universities have achieved advanced levels of ESRM adoption, with over 57% at average or middle levels, predominantly at Level 3. Public accredited universities exhibit higher ESRM adoption levels compared to their private counterparts. The study also identifies variations in the terminology used, with 60% using “Security Risk Management (SRM),” 35% using “University Risk Management,” and a minority adopting ESRM. The discomfort with the “enterprise” term indicates a need for awareness and sensitization programs. We argue that benchmarking with optimized ESRM adopters and increasing awareness and integration of ESRM in strategic planning and institutional governance are crucial for comprehensive security risk management in higher education.

The emergence of the COVID-19 pandemic in early 2020 has transformed how individuals work and learn and how they can apply cyber-security requirements in their, mostly remote, environments. This transformation also affected the university student population; some needed to adjust to new remote work settings, and all needed to adjust to the new remote study environment. In this online research study, we surveyed a large number of university students (n = 798) to understand their expectations in terms of support and help for this new remote work and study environment. We also asked students to report on their practices regarding remote location and Wi-Fi security settings, smart home device usage, BYOD (bring your own device) and personal device usage and social engineering threats, which can all lead to compromised security. A key aspect of our work is a comparison between the practices of students having work experience with the practices of students having no such additional experience. We identified that both the expectations and the level of cyber-security awareness differ significantly between the two student populations and that cyber-security awareness is increased by work experience. Work experience students are more aware of the cyber-security risks associated with a remote environment, and a higher portion of them know the dedicated employee whom they can contact in the event of incidents. We present the organizational security practices through the lens of employees with initial work experience, contributing to a topic that has so far received only limited attention from researchers. We provide recommendations for remote study settings and also for remote work environments, especially where the existing research literature survey results differ from the findings of our survey.

Information technology outsourcing (ITO) is a USD multi-trillion industry. There is growing competition among ITO service providers to improve their service deliveries. Natural language processing (NLP) is a technique, which can be leveraged to gain a competitive advantage in the ITO industry. This paper explores the information security implications of using NLP in ITO. First, it explores the use of NLP to enhance information security risk management (ISRM) in ITO. Then, it delves into the information security risks (ISRs) that may arise from the use of NLP in ITO. Finally, it proposes possible ISRM approaches to address those ISRs in ITO from the use of NLP. The study follows a qualitative approach using the case study method. Nine participants from three organisations (an ITO client, service provider and sub-contractor) engaged in an ITO relationship in the ICT industry were interviewed through a semi-structured questionnaire. The research findings were verified through a focus group. Case study scenarios are provided for a clear understanding of the findings. To the best of our knowledge, it is the first study to investigate the information security implications of the use of NLP in ITO.

The supervision of security risk level of carbofuran pesticide residues can guarantee the food quality and security of residents effectively. In order to predict the potential key risk vegetables and regions, this paper constructs a security risk assessment model, combined with the k-means++ algorithm, to establish the risk security level. Then the evaluation index value of the security risk model is predicted to determine the security risk level based on the deep learning model. The model consists of a convolutional neural network (CNN) and a long short-term memory network (LSTM) optimized by an arithmetic optimization algorithm (AOA), namely, CNN-AOA-LSTM. In this paper, a comparative experiment is conducted on a small sample data set of independently constructed security risk assessment indicators. Experimental results show that the accuracy of the CNN-AOA-LSTM prediction model based on attention mechanism is 6.12% to 18.99% higher than several commonly used deep neural network models (gated recurrent unit, LSTM, and recurrent neural networks). The prediction model proposed in this paper provides scientific reference to establish the priority order of supervision, and provides forward-looking supervision for the government.

For the corporate sphere, cybersecurity becomes an inescapable business responsibility, and accountability becomes a way of providing trust and ensuring resilience against cyber risks and high-impact cyber threats. The purpose of this study was to create a disclosure index that allows analysis of the scope of the disclosure of voluntary and mandatory cybersecurity information. The content analysis technique used focuses on the examination and identification of the cybersecurity information revealed in the annual reports and the 20 F annual forms of the companies with the highest stock market prices in Argentina, Brazil, Chile, Colombia, Mexico, and Peru during the period of 2016–2020. Longitudinal analysis indicates an increase over time in the disclosures and scope of information. The findings highlight that the country with the highest related disclosure is Argentina; the most extensive disclosures are due to the financial sector; and the strategy dimension represents the greatest weight in the index score. The study provides a novel instrument for measuring the content of disclosure on cybersecurity that is applicable in any specific context. In this case, the scope of disclosure in Latin America—a region which, according to our research, does not have previous studies on the subject—is evaluated.

Life-critical embedded systems, including medical devices, are becoming increasingly interconnected and interoperable, providing great efficiency to the healthcare ecosystem. These systems incorporate complex software that plays a significantly integrative and critical role. However, this complexity substantially increases the potential for cybersecurity threats, which directly impact patients’ safety and privacy. With software continuing to play a fundamental role in life-critical embedded systems, maintaining its trustworthiness by incorporating fail-safe modes via a multimodal design is essential. Comprehensive and proactive evaluation and management of cybersecurity risks are essential from the very design to deployment and long-term management. In this paper, we present FIRE, a finely integrated risk evaluation methodology for life-critical embedded systems. Security risks are carefully evaluated in a bottom-up approach from operations-to-system modes by adopting and expanding well-established vulnerability scoring schemes for life-critical systems, considering the impact to patient health and data sensitivity. FIRE combines a static risk evaluation with runtime dynamic risk evaluation to establish comprehensive risk management throughout the lifecycle of the life-critical embedded system. We demonstrate the details and effectiveness of our methodology in systematically evaluating risks and conditions for risk mitigation with a smart connected insulin pump case study. Under normal conditions and eight different malware threats, the experimental results demonstrate effective threat mitigation by mode switching with a 0% false-positive mode switching rate.

Blockchain technology is ready to revolutionise the financial industry. The financial industry has various security challenges (e.g., tampering, repudiation, denial of service, etc). Also, the domain of information security has problems related to conceptual ambiguity and the semantic gap. The Corda platform provides suitable technological infrastructure to build the blockchain-based application (CorDapp) in the financial industry to overcome security challenges. In this paper, we build a Corda-based security ontology (CordaSecOnt) to improve the security of financial industry from an ontological analysis that combines blockchain-based Corda platform. We use Web ontology language (OWL) to build a semantic knowledge base to eliminate conceptual ambiguity and semantic gap in information security. Our ontology provides classifications of assets, security criteria, threats, vulnerabilities, risk treatments, security requirements, countermeasures and their relations. We evaluate the ontology by performing security risk management (SRM) of capital market post-trade matching and confirmation.

Versatile application security is a measure to make sure about applications from outside dangers like malware and other advanced fakes that hazard basic individual and money related data from programmers. Portable application security has gotten similarly significant in this day and age. A penetrate in versatile security cannot just give programmers access to the client's very own life progressively yet in addition reveal information like their present area, banking data, individual data, and significantly more. In this paper are presented security risks for Android ecosystem, for the iOS ecosystem and also some common risks for both platforms and recommendations in order to avoid this security flaws.

[Purpose/Significance] Research on the governance system and policy of data elements circulation is an important issue to be solved in the field of data governance in China at present, and research on the policy formulation and governance system of its circulation plays an important role in grasping the security of data circulation in China and promoting the market-oriented allocation of data elements. [Method/Process] First, this study is based on the reality of China's data factor market security and trustworthy, autonomous and controllable requirements. Based on the analysis of the security risk of data circulation, we put forward the data factor market risk governance countermeasures of the \"security-fairness-efficiency\" triangular structure. Then, based on the three-level system and five-dimensional standards of data factor market governance, we put forward the method of docking the security governance with the trusted ecosystem and the international data governance rule system for cross-border data flow, and constructed a governance system with Chinese characteristics for the national unified data factor market. [Results/Conclusions] Facing the security risks in data sovereignty, data market and data circulation, we should identify and monitor data sovereignty disputes and the operation situation of the circulation market, and establish a multi-party cooperative and joint governance model led by the government, operated by the platform owner, the main body of the enterprise and the participation of users. When assessing the market for data elements, a mixed assessment approach should be adopted, combining qualitative and quantitative aspects, combining expert opinion with objective data, and comparing objectives with results. For different types of data, the control boundaries and scope of use should be clarified in a hierarchical manner, and data ownership, use and income should be clarified; at the same time, a confirmation platform of data rights should be established to audit and register and certify the data service subject, data circulation process, and data circulation rules so as to ensure that the normative nature of data circulation is maintained.