جستجوی مقالات مرتبط با کلیدواژه « امنیت سایبری » در نشریات گروه « فنی و مهندسی »

Cyber security issues have become a complex challenge for companies that obligating to Industry 4.0 paradigm. On the other hand, the concept of cybersecurity in the context of Industry 4.0 proved to be an emerging topic in recent literature. Therefore, in the present study, for the first time, a hybrid FMEA model developed based on multi-criteria decision-making methods in uncertain environments with the Bowtie method in four phases has been used to evaluate cyber security in Industry 4.0. First, based on the literature, 16 cybersecurity risks in the fourth industrial revolution are identified based on the FMEA model and the determinants of RPN are quantified. Then PIPRECIA Fuzzy method was used for weighting the factors and Z-EDAS method for prioritization and critical identification. Finally, Bowtie analysis has been used to analyze these analyses. The result of the proposed implementation has shown its capability and superiority compared to other methods of traditional results such as FMEA and Fuzzy EDAS.

As oil and gas resources play an essential role in energy, oil and gas industry technologies have also developed rapidly in recent years, such as smart drilling technology, smart oil and gas transmission pipelines, and digital offshore platforms. The oil and gas industry has four aspects: business, management and decision-making, monitoring and cyber security. Finally, the state of application programs, the level of understanding of block chain in the security of the Internet of Things in the oil and gas industry, opportunities, challenges and risks and the development process are examined. Therefore, the main goal of the research is to provide a model of block chain mechanisms for the security of the Internet of Things in the Iranian National Oil Company. The nature of the current research is exploratory and qualitative data is used in it. The statistical population of the research is the experts and professors of doctorate in management and information technology in the oil and gas industry (NISOC). In this context, the researcher used the snowball method to achieve theoretical saturation, and the researcher achieved theoretical saturation after structured interviews with 10 elites and experts. Data analysis was done with the qualitative method of Foundation Data Theory and Maxqda2020 software. The findings indicate that the causal factors affecting the block-chain mechanisms for the cyber security of the Internet of Things in the oil and gas industry in the form of three concepts, including data aggregation and storage (network), validation and identity management and key management and data encryption were identified. Also, influential background factors include nine concepts of financial resources, management, distribution of infrastructure services, data confidentiality, system stability, scalability, accessibility, transparency, expertise. and intervening (environmental) factors include seven concepts of environment. Operational standards, standards and procedures are the nature of data for mechanisms in various industries, social environment, cultural environment, government laws and regulations, political relations and the strategies of block chain mechanisms for the cyber security of the Internet of Things, in the form of six concepts of electronic health, creating a secure layer, smart transportation, smart networks, the use of smart block chain contracts, the design of industrial Internet of Things (IIOT) devices, and the consequences And the results of the implementation of block chain. Mechanisms for the cyber security of the Internet of Things in the oil and gas industry of the National Company of the Southern Oil Rich Regions(Nisoc), including the attitude of reducing production costs, high capacity for storage, intelligent field, organizational agility, environmental dynamics, security, System accessibility, improvement of the user interface, the quality of information (distribution and variety of information) and the speed of data processing.

Cyber security education in Iran is not aligned with global standards and approaches, and three factors, the educational sector, training applicants and stakeholders, and companies do not have proper knowledge of the required specializations and work roles. Different specializations in cyber security work fields in Iran do not match the international standard puzzles and this has created security holes in the country's cyber ecosystem. People working in cyberspace need a combination of domain-specific knowledge, skills, abilities, and other expertise to be as reliable and resilient as the technologies they work with.At the international level, several frameworks have been designed and implemented for the training and employment of cybersecurity professionals. The most important of which are the US National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, the European Cybersecurity Skills Framework (ECSF), and the Australian Signals Directorate (ASD) Cyber Skills Framework. In this paper, each of these frameworks is briefly introduced and their key features, including purpose, structure, and components, are reviewed and analyzed. In addition, their effectiveness in handling global organizations' challenges in creating and developing cybersecurity expert human resources is evaluated and analyzed critically. This review highlights the strengths and weaknesses of each framework, shows the propinquity of one of the frameworks to Iran's educational and labor markets, and provides recommendations for designing a national framework for training and employing cybersecurity professionals, which can be a great lesson for the country to ensure that the necessary measures are taken as soon as possible by those in charge.

Designing a model based on blockchain technology to strengthen cyber security in the banking industry is one of the new methods studied in the banking industry to strengthen cyber security. Accordingly, this study seeks to achieve the goal of evaluating a model based on blockchain technology to strengthen cyber security in the banking industry based on artificial neural networks. This model is based on a conceptual model used in an MLP neural network simulation that simulates a blockchain-like process. Also, the neural networks created in the block chain have a strong connection and the possibility of breaking them is low. The data became closer to normal distribution after learning, indicating that blockchain technology will be able to provide cyber security. The level of correlation and efficiency presented was also reported and the findings of the study showed that the efficiency related to blockchain technologies after learning reached the level of 770.57 units, which shows that using the MLP method to learn the process of blockchain technology can be Lead to greater efficiency for cyber security. Also, the value of variance is equal to 27.77 and the mean value of computational values is equal to 0.35 and the value of correlation is equal to 0.99.

Designing a model based on blockchain technology to strengthen cyber security in the banking industry is one of the new methods studied in the banking industry to strengthen cyber security. Accordingly, this study seeks to achieve the goal of evaluating a model based on blockchain technology to strengthen cyber security in the banking industry based on artificial neural networks. This model is based on a conceptual model used in an MLP neural network simulation that simulates a blockchain-like process. Also, the neural networks created in the block chain have a strong connection and the possibility of breaking them is low. The data became closer to normal distribution after learning, indicating that blockchain technology will be able to provide cyber security. The level of correlation and efficiency presented was also reported and the findings of the study showed that the efficiency related to blockchain technologies after learning reached the level of 770.57 units, which shows that using the MLP method to learn the process of blockchain technology can be Lead to greater efficiency for cyber security. Also, the value of variance is equal to 27.77 and the mean value of computational values is equal to 0.35 and the value of correlation is equal to 0.99.

With the advancement of mankind in the information age and the advent of the digital information age, dependence on national infrastructure has become more important than ever. Lack of cyber security in infrastructure, disrupts the functioning of various sectors such as government, economy and services. By disrupting critical infrastructure, irreparable damage may occur in areas such as human casualties, economic damage, and loss of public confidence. Thus, information technology and cyber security have a special place in the digital arena. Accordingly, one of the most important challenges of different countries today, which can also harm national security, is cyber-attacks. This study explores to provide a cyber security maturity model for critical infrastructure. This study examines and analyzes five crucial models of cyber security maturity.The research shows that the cybersecurity maturity models are significantly similar to each other. By comparative study and comparison between the analyzed models, 48 indicators were obtained. Examination of these indicators shows that some of them overlap with other indicators. Therefore overlapping indices were classified into 16 groups based on frequency. Then, these groups by clustering analysis method and according to the obtained data, using SPSS software were organized in five levels, based on which the cyber security maturity model for critical infrastructure was presented.

The aim of the present study was the effect of classroom management skills training on organizational performance and behaviors with the mediation of cyber security of elementary school teachers in District 18 of Tehran. This applied research was a field data collection method, and in terms of the descriptive implementation method, it was a survey type. The statistical population included all primary school teachers in the 18th district of Tehran, totaling 320 people, and 175 people were selected as the sample size using the Karjesi and Morgan table and stratified random sampling method. Data collection tools included Wolfgang and Glickman's standard classroom management questionnaires (1986), Hersey and Goldsmith's organizational performance (2002), Luthans et al.'s organizational behavior (2007), and cyber security researcher-made questionnaire. To analyze the data, the descriptive and inferential part was used using structural equation method with Spss and Lisrel software. The results showed that classroom management skills training and its components have an effect on organizational performance and behaviors with the mediation of cyber security of primary school teachers in district 18 of Tehran. that the behavior management component has the greatest impact on organizational behaviors with regard to the mediation of organizational cyber security.

The Internet of Things is a novel and popular technology in which the ability to send data through communication networks, either the Internet or intranet, is provided. Connecting more devices to the Internet will lead to security threats, and providing security in the Internet of Things is recognized as a necessity and can be considered as one of the most important challenges of the Internet of Things. Cyber security has always been one of the concerns of the Internet of Things field. Cyber security of the Internet of Things is a specific part of the technology field that focuses on the protection of devices and networks connected to the Internet of Things and includes various equipment, including mechanical machines and He mentioned digital, computing devices, technologies such as artificial intelligence, etc. Also, security breaches and privacy violations are some of the major challenges in this field that sometimes prevent the widespread use of the Internet of Things. Therefore, according to the necessity of research in this article, we will examine some related attacks and solutions in the field of Internet of Things cyber security.

Today, data plays an essential role in all levels of human life, from personal cell phones to medical, educational, military and government agencies. In such circumstances, the rate of cyber-attacks is also increasing. According to official reports, data breaches exposed 4.1 billion records in the first half of 2019. An information system consists of several components, which one of the most important them is the database. A database in addition to being a repository of data, acts as a common information bus between system components. For this reason, any attack on the database may disrupt the operation of other components of the system. In fact, database security is shared throughout the whole information system. The attack may carried out in various ways, such as data theft, damaging data, and privacy breach. According to the sensitivity of the stored data, database attack could lead to significant human and financial losses even at the national level. Among the different types of threats, since legitimate operator plays a key role in an information system, his/her threat is one of the most dangerous threats to the security and integrity of a database system. This type of cyber-attack occurs when an insider operator abuses his/her legal permissions in order to access unauthorized data. In this paper, a new performance-based authorization framework has been presented which is able to reduce the potential of insider threat in the database system. The proposed method insure that only authenticated operator performs authorized activities on the database objects. In the proposed framework, the access permission of the operator to a database table is determined using his/her performance and the level of sensitivity of the table. The value of the operator performance is updated periodically or when an abuse is detected, in order to protect access to the contents of a database as well as preserve the consistency, integrity, and overall quality of the data. Simulation results, using real dataset from a hospital information system, indicate that the proposed framework has effective performance for mitigating insider threats.

Cybercriminals are targeting more humans than machines these days because they try to exploit users' vulnerabilities to achieve their destructive goals. The main purpose of this study is to identify the factors affecting the culture and awareness of cyber security using theme analysis. The research is applied in terms of purpose, exploratory in terms of method and qualitative in terms of data type. The research data includes all valid articles in the field of culture and cyber security awareness published in 2020 to 2022 inside and outside the country, with 3 keywords (culture, awareness, cyber security) in the valid have been collected and reviewed in the framework of MAXQDA software. The criteria for entering articles in the research was the applicable content for the research question and the criteria for excluding abstracts, book chapters, short reports and lack of access to the full text of the article. Validity was assessed using content validity and data reliability was estimated using Holstie method. Findings showed a review of 392 theme identified the basic themes related to cybersecurity culture and awareness, of which 12 themes were asset organizing, continuity, access and trust, operations, protection, security governance, attitude, behavior, competence, commitment and support, cyber security and they covered the budget. The identified factors can be used as analytical tools in the field of assessing the culture and awareness of cyber security, which is an important factor in the occurrence of cybercrime, in a logical and principled way to reduce cybercrime and solve related problems in the economic field. Educational, security, social and cultural payments.

to identify vulnerabilities and simulate the behavior of information systems in the face of users who intend to commit cyber violations and subsequently to improve the security level of organizations' information systems in order to prevent cyber violations by emphasizing the reduction of threats related to system users through the use of block chain technology.

In this research, a system dynamic model is presented to simulate the cyber security of organizations' systems in order to prevent profiteering by using block chain technology. In this research, using the fuzzy DEMATEL method, important vulnerabilities of information systems were identified and selected. After expert approval, cause and effect diagrams and state-flow diagrams were drawn using the system dynamics method.

Findings :

According to statistics, 34% of system vulnerabilities are due to the activities of organization users. In this research, a diagram of causal relationships and the behavior process of information systems and organizational users was modeled, provided that a user commits a violation intentionally or unintentionally. This model considers the initial conditions in such a way that each transaction is initiated by a specific person and recorded in its blockchain system. Therefore, it reflects the reaction of the system in case of illegal and irrational actions and provides the basis for preventive actions. This research proposes a system dynamic diagram based on the analysis of the cause and effect relationship diagram and describes the components of the model in the form of mathematical equations.

Modeling the dynamic behavior of information systems to compare the effectiveness of block chain technology and traditional information systems helps senior managers and decision makers of organizations in the field of information technology in making decisions. The inherent elements of the block chain are effective on the key elements of the security of the information systems of organizations and enable the detection of cyber violations to a large extent, which indicates the positive impact of the block chain technology on the process of predicting and detecting the offending users of the organization.

Today, with the pervasiveness of social networks, the security of this environment is considered one of the most important issues. One of the security challenges is the creation of fake accounts that harass social media users. The owners of these fake accounts pursue goals such as creating likes and followers or distributing misinformation for political, cultural and economic purposes. In this study, with the aim of improving security in social networks and improving the security of cyberspace, a method for investigating and detecting fake accounts will be presented. The proposed method called "Dena" will use the goals of the social network on the one hand and the combined algorithm method with the decision tree, the nearest neighbor and Bayes on the other hand.. The results of the proposed method with a hybrid algorithm show an accuracy of 95.34%. Stability and lack of overfit are other features of the proposed method that have been proven in the results section. The results of this study can be used to provide solutions to prevent the creation of fake accounts and increase its security and lead to the recognition and use of new data mining techniques in social networks and be used in the field of data analysis and data mining in social networks.

In recent years, the violation of the privacy of information and communication networks, which are more commonly known as cyber attacks, has been increasing exponentially. These network breaches range from direct attacks on government infrastructure to populist activism and theft. This trend has increased the social and political awareness of users. Active cyber defense is a mechanism to protect computer devices, networks and digital devices against cyber attacks and destructive intrusions. The function of active cyber defense is to actively seek to infiltrate or engage with the perpetrators of cyber incidents. The reaction of the defenders has always caused an imbalance between their activities and the attackers. Attackers have always used the network as a platform to strengthen their attacks to increase the intensity of attacks. In this study, we have used Markov model to model and show the inherent difference in the performance of users and network intruders, with the difference that the proposed model was different with the automatic patch and Moran trend and was more similar to the voter model. The proposed dynamic system model is based on the field average approximation, which purposefully determines the performance of active cyber defense. The imbalance between defenders and attackers in this proposed model is eliminated and according to the proposed dynamics and network conditions, we have provided a platform for the interaction of defenders and attackers to examine the performance of power functions in different situations. In the simulation, the performance of attackers and defenders was examined and according to the results obtained in the diagrams mentioned in the final part of the article, it was shown how to use active cyber defense at the right time so that we can use this defensive approach in the right situation.

The individual differences of Information Technology users influence on the selection and maintenance of passwords. To fill this gap, this paper, studies the relationships between gender, personality, education level and field of study in one direction and password security in another direction. The method was descriptive and correlational. A sample selected by Convenience sampling, answered the NEO Five-Factor Model, biographical and password security behavior questionnaires. The data of 529 accepted questionnaires were analyzed using Pearson, T-Test, anova and regression the results showed that male users select stronger passwords compared to female users. The users in mathematical science, computer science, and also accounting, breached password security more often in comparison with users in other majors. Neuroticism has positive relationship, Openness-to-Experience and Agreeableness has negative relationships and Conscientiousness has a dual relationship with password security breach. These findings contribute to cybersecurity, especially in Iran, by considering individual differences in security behaviors and perceptions.

The COVID-19 pandemic was a remarkable and unprecedented event that changed the lives of billions of citizens around the world and resulted in what is known as a new term in terms of social norms and lifestyles. In addition to the tremendous impact on society and business in general, the epidemic created a unique set of cybercrime circumstances that also affected society and business. Increased anxiety due to this epidemic increases the probability of success of cyber attacks by increasing the number and scope of cyber attacks. This article analyzes the COVID-19 epidemic from the perspective of cybercrime and highlights the wide range of cyberattacks experienced worldwide during the epidemic. Cyberattacks are analyzed in the context of major global events to reveal how cyberattacks work. This analysis shows how, following what appears to be a large gap between the outbreak in China and the first COVID-19-related cyberattack, attacks are steadily becoming more prevalent than in some on days, 3 or 4 unique cyber attacks were reported. This analysis uses surveys in the UK as a case study to show how cybercriminals use key events and government announcements to build and design cybercrime campaigns.

 In this paper, a secure unknown input observer is designed in a networked control system environment. For this propose, the Paillier encryption, which is a semi- homomorphic encryption method, is employed. The algebraic calculations required for the estimation can be performed over the encrypted data and the encrypted states estimation are generated. The boundedness condition  of estimation error is obtained by considering the digital processor. This method increases the security of system state estimates and effectively eliminates attacks that disrupt the confidentiality of the data. Simulation on the TE-PCS will be performed to illustrate the results.

The widespread use of information and communication technology in industrial control systems has exposed many cyber attacks to these systems. The first step in providing security solutions is to recognize the threats and vulnerabilities of a system at first. Therefore, in this work, after providing a general overview of the SCADA security, we provide a survey on actual cyber attacks from 2000 up to now. To be able to assess the risk of these attacks, we perform profiling them based on the target systems of the attack, the geographical area of it, the method used in the attack and its impact. This profiling provides a clear view of the most important security incidents in SCADA systems and could be useful in the defining suitable strategies for preventing and defending against the major SCADA security attacks.

With the increase in using cyber space in organizations, cyber-attacks specially DDOS attacks by malware and intruders have increased. According to limits that do not allow the terms of a cyber attack to be created in organizations, in addition to providing information about systems at the time of the attack, using simulation provides the possibility of a wide variety of attacks with different sizes. Agent-based modeling and simulation is a method for simulating systems comprised of different agents. In this article, in addition to describing the concepts and features of the agentbased modeling and simulation and DDOS attack, the necessary conditions to examine the various scenarios of distributed interactive and non-interactive cyber attack and defense and evaluation of its performance is provided. The results show that the Defense Distributed Interactive has a better performance than non-interactive mode and the load at the time of the attack is reduced to an average of 15 percent. This reduction of traffic load is due to interaction of defence agents with each other that subsequently increases the defense capability of agents when the attack occurs.