Explore the vast range of titles available.

Medical cyber-physical systems (MCPS) are healthcare critical integration of a network of medical devices. These systems are progressively used in hospitals to achieve a continuous high-quality healthcare. The MCPS design faces numerous challenges, including inoperability, security/privacy, and high assurance in the system software. In the current work, the infrastructure of the cyber-physical systems (CPS) are reviewed and discussed. This article enriched the researches of the networked Medical Device (MD) systems to increase the efficiency and safety of the healthcare. It also can assist the specialists of medical device to overcome crucial issues related to medical devices, and the challenges facing the design of the medical device’s network. The concept of the social networking and its security along with the concept of the wireless sensor networks (WSNs) are addressed. Afterward, the CPS systems and platforms have been established, where more focus was directed toward CPS-based healthcare. The big data framework of CPSs is also included.

Purpose Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in these evaluations is the assurance context in which they are conducted. This paper aims to explore the role of assurance context in system SAEs and proposes a conceptual model to integrate the assurance context into the evaluation process. Design/methodology/approach The conceptual model highlights the interrelationships between the various elements of the assurance context, including system boundaries, stakeholders, security concerns, regulatory compliance and assurance assumptions and regulatory compliance. Findings By introducing the proposed conceptual model, this research provides a framework for incorporating the assurance context into SAEs and offers insights into how it can influence the evaluation outcomes. Originality/value By delving into the concept of assurance context, this research seeks to shed light on how it influences the scope, methodologies and outcomes of assurance evaluations, ultimately enabling organizations to strengthen their system security postures and mitigate risks effectively.

Due to the high adoption of cloud services, the protection of data and information is critical. Cloud service customers (CSCs) need help to obtain the authoritative assurances required for the cloud services and negotiate the cloud service contract based on the terms and conditions set by cloud service providers (CSPs). Several standards and guidelines are available for assessing cloud security. However, most of these standards and guidelines are complex and time-consuming to select a service or make an informed decision for CSCs. Moreover, the existing methods are insufficient to solve this problem because they are process-oriented, neglect the importance of stakeholder requirements, and lack a comprehensive and rigid analytic method that can aid decision-makers in making the right decisions. In this paper, we developed two evaluation techniques: (i) a quantitative cloud security assurance method to assess the security level of cloud services by measuring the critical security properties and (ii) a novel and rigid categorical analytical method that enables CSPs to identify the major problems in the system and assess how much gain can be achieved by solving each of them. The cloud security assurance method is based on two important metrics: security requirement and vulnerability. It assists CSCs in avoiding severe mistakes and making informed decisions while selecting a cloud service. Moreover, these methods support CSPs in improving the security level of cloud services and meet customer requirements. The proposed methods are validated using different case scenarios on a private cloud platform.

Purpose This study aims to determine the impacts of the Bahrain Government framework [cyber-trust program (CTP)] on the cybersecurity maturity of government entities and how the CTP can impact the cybersecurity of government entities in the Kingdom of Bahrain. Design/methodology/approach The authors used a quantitative and qualitative approach. The data were collected by conducting semi-structured interviews with the information technology experts in the Bahrain Government entities participating in the CTP. Also, quantitative data was obtained through a questionnaire distributed to relevant people in the information technology field. Findings The findings of this study suggest that the CTP had a significant impact on the cybersecurity assurance of the government entities that participated in the CTP; it increased the employees’ awareness, reduced the number of cyberattacks and optimized the available resources. The findings also highlighted the role of top management in the success of the implementation of the CTP. The results also ensure that the CTP’s maturity model affected the cybersecurity compliance of an organization and the implementation of cybersecurity policies and controls. Practical implications This study enhances cybersecurity researchers’ and practitioners’ understanding of the impact of the CTP and its components and evaluates its influence on Bahrain’s cybersecurity assurance. Originality/value This study implies that to achieve better cybersecurity, managers should focus on implementing the policies and controls provided by cybersecurity frameworks to enhance cybersecurity assurance.

With the continuous expansion of air traffic flow, the increasingly serious aviation network security threats have a significant and far-reaching impact on the safe operation of the aviation industry. The networked air traffic management (ATM) system is an integrated space–air–ground network integrating communication, network, satellite, and data chain technology, which adopts a network-centric structure to provide network-enabled services and applications for the air transportation system. In view of the serious network threats faced by networked ATM, this paper studies the basic theories and key technologies of ATM information security assurance and designs a credible security architecture to provide comprehensive and systematic security assurance for networked ATM. Starting from the problems and development trend of ATM security assurance, this paper investigates the dynamic and complex data processing process of ATM system, analyzes the complex interaction between its cyber and physical system, and then constructs the networked ATM cyber–physical fusion system model and threat model. Furthermore, the causal relationship between ATM security threat alert information is mapped into a Bayesian network, and the game model of networked ATM is proposed using Bayesian Nash equilibrium strategy. At last, the information security assurance architecture of networked ATM system based on blockchain technology is formed by establishing a distributed co-trust mechanism and multi-chain storage structure. We expect this paper to bring some inspiration to the related research in academia and aviation so as to provide useful reference for the construction of ATM safety and security system and the development of technology.

PurposeThe purpose of this research is to explain the influence of information security monitoring and other social learning factors on employees’ security assurance behaviour. Security assurance behaviour represents employees’ intentional and effortful actions aimed towards protecting information systems. The behaviour is highly desired as it tackles the human factor within the information security framework. The authors posited that security assurance behaviour is a learned behaviour that can be enhanced by the implementation of information security monitoring.Design/methodology/approachTheoretical framework underlying this study with six constructs, namely, subjective norm, outcome expectation, information security monitoring, information security policy, self-efficacy and perceived inconvenience, were identified as significant in determining employees’ security assurance behaviour (SAB). The influence of these constructs on SAB could be explained by social cognitive theory and is empirically supported by past studies. An online questionnaire survey as the main research instrument is adopted to elicit information on the six constructs tested in this study. Opinion from industry and academic expert panels on the relevance and face validity of the questionnaire were obtained prior to the survey administration.FindingsFindings from this research indicate that organisations will benefit from information security monitoring by encouraging security behaviours that extend beyond the security policy. This study also demonstrates that employees tend to abandon security behaviour when the behaviour is perceived as inconvenient. Hence, organisations must find ways to reduce the perceived inconvenience using various security automation methods and specialised security training. Reducing perceived inconvenience is a challenge to information security practitioners.Research limitations/implicationsThere are some limitations in the existing work that could be addressed in future studies. One of them is the possible social desirability bias due to the self-reported measure adopted in the study. Even though the authors have made every effort possible to collect representative responses via anonymous survey, it is still possible that the respondents may not reveal true behaviour as good conduct is generally desired. This may lead to a bias towards favourable behaviour.Practical implicationsIn general, the present research provides a number of significant insights and valuable information related to security assurance behaviour among employees. The major findings could assist security experts and organisations to develop better strategies and policies for information security protection. Findings of this research also indicate that organisations will benefit from information security monitoring by encouraging security behaviours that extend beyond the security policy.Social implicationsIn this research, the social cognitive learning theory is used to explain the influence of information security monitoring and other social learning factors on employees’ security assurance behaviour; the finding implies that monitoring emphases expected behaviours and helps to reinforce organisational norms. Monitoring may also accelerate learning when employees become strongly mindful of their behaviours. Hence, it is important for organisations to communicate the monitoring practices implemented, even more imperative whenever security monitoring employed is unobtrusive in nature. Nonetheless, care must be taken in this communication to avoid resentment and mistrust among employees.Originality/valueThis study is significant in a number of ways. First, this study highlights significant antecedents of security assurance behaviour, which helps organisations to assess their current practices, which may nurture or suppress information security. Second, using users’ perspective, this study provides recommendations pertaining to monitoring as a form of information security measure. Third, this study provides theoretical contribution to the existing information security literature via the application of the social cognitive learning theory.

Security assurance (SA) is a technique that helps organizations to appraise the trust and confidence that a system can be operated correctly and securely. To foster effective SA, there must be systematic techniques to reflect the fact that the system meets its security requirements and, at the same time, is resilient against security vulnerabilities and failures. Quantitative SA evaluation applies computational and mathematical techniques for deriving a set of SA metrics to express the assurance level that a system reaches. Such metrics are intended to quantify the strength and weaknesses of the system that can be used to support improved decision making and strategic planning initiatives. Utilizing metrics to capture and evaluate a system’s security posture has gained attention in recent years. However, scarce work has described how to combine SA evaluation while taking into account both SA metrics modeling and analysis. This paper aims to develop a novel approach for the modeling, calculation, and analysis of SA metrics that could ultimately enhance quantitative SA evaluation.

As robotic systems become more integrated into our daily lives, there is growing concern about cybersecurity. Robots used in areas such as autonomous driving, surveillance, surgery, home assistance, and industrial automation can be vulnerable to cyber-attacks, which could have serious real-world consequences. Modern robotic systems face a unique set of threats due to their evolving characteristics. This paper outlines the SESAME project’s methodology for the automated security analysis of multi-robot systems (MRS) and the production of Executable Digital Dependability Identities (EDDIs). Addressing security challenges in MRS involves overcoming complex factors such as increased connectivity, human–robot interactions, and a lack of risk awareness. The proposed methodology encompasses a detailed process, starting from system description and vulnerability identification and moving to the generation of attack trees and security EDDIs. The SESAME security methodology leverages structured repositories like Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Attack Pattern Enumeration and Classification (CAPEC) to identify potential vulnerabilities and associated attacks. The introduction of Template Attack Trees facilitates modeling potential attacks, helping security experts develop effective mitigation strategies. This approach not only identifies, but also connects, specific vulnerabilities to possible exploits, thereby generating comprehensive security assessments. By merging safety and security assessments, this methodology ensures the overall dependability of MRS, providing a robust framework to mitigate cyber–physical threats.

There are more and more applications of sensors in today’s world. Moreover, sensor systems are getting more complex and they are used for many high-risk security-critical purposes. Security assurance is a key issue for sensors and for other information technology (IT) products. Still, sensor security facilities and methodologies are relatively poor compared to other IT products. That is why a methodical approach to the sensor IT security is needed, i.e., risk management, implementation of countermeasures, vulnerability removal, and security evaluation and certification. The author proposes to apply the main security assurance methodology specified in ISO/IEC 15408 Common Criteria to solve specific security problems of sensors. A new Common Criteria compliant method is developed which specifies the vulnerability assessment process and related data in a structured way. The input/output data of the introduced elementary evaluation processes are modeled as ontology classes to work out knowledge bases. The validation shows that sensor-specific knowledge can be acquired during the vulnerability assessment process and then placed in knowledge bases and used. The method can be applied in different IT products, especially those with few certifications, such as sensors. The presented methodology will be implemented in a software tool in the future.

Digital technologies are facilitating our daily activities, and thus leading to the social transformation with the upcoming 5G communications and the Internet of Things. However, mainstream and sophisticated attacks are remaining a threat, both for individuals and organisations. Cyber Range emerges as a promising solution to effectively train people in cybersecurity aspects. A Training Programme is considered adequate only if it can adapt to the scope of the attacks they cover and if the trainees apply the learning material to the operational system. Therefore, this study introduces the model-driven CYber Range Assurance platform (CYRA). The solution allows a trainee to be trained for known and new cyber-attacks by adapting to the continuously evolving threat landscape and examines if the trainees transfer the acquired knowledge to the working environment. Furthermore, this paper presents a use case on an operational backend ICT system, showing how the CYRA platform was utilised to increase the security posture of the organisation.