جستجوی مقالات مرتبط با کلیدواژه « information security » در نشریات گروه « پدافند غیرعامل »

Cyber networks are considered to be a type of complex and free-scale networks due to the structure and mode of communication within the network. Identifying communities is one of the most important methods of network analysis in order to understand the structure and relationships between network members. With the development of cyber networks, new challenges have been created for users in terms of information securityOne of the goals of identifying the communities in cyber networks is to prevent the spread of malware and cyber attacks. For this purpose, in order to prevent and deal with network attacks and intrusions, the communities in the network should be identified in order to significantly reduce the damage and attacks by attackers by securing and reviving the communities as well as implementing defense policies appropriate to each community. In this article, a method for detecting cyber communities by spectral clustering algorithm is presented. Also, by using the property of the normalized Laplace matrix in this algorithm, it is possible to predict the number of suitable cyber communities. In order to evaluate the detection process, two criteria Silhouette Value and Jaccard index are used. The results obtained from the evaluation criteria confirm the effectiveness of the proposed method.

The spread of attacks and various threats in the cyber space in data-oriented and knowledge-based organizations has caused attention to the issue of cyber security and defense in knowledge-based organizations as very important and strategic issue. This issue requires the explanation of comprehensive roadmap to achieve the goals through the optimal performance of the organization's main processes. The present research deals with the structured analysis of the safety index in security and cyber defense of knowledge-based organizations.After determining the sub-indicators and main influencing factors using scientific methods (Delphi method),their importance was determined by experts. Effective components are combination of security and cyber defense components.The existence of various threats and conditions in the country caused three knowledge-based organizations, "Islamic Azad University,South Tehran Branch, University Research Sciences Unit,and University of Tehran, which they are important in terms of strategic and cyber issues, to be studied. The importance of the influencing factors With the opinions of determined experts, the geometric mean was obtained, and after weighting the components, all values were normalized, using the evolutionary algorithm of Prometheus as one of the new decision-making methods,intra-group comparison of the components was carried out, and then the priority It was done based on the type of intergroup security and cyber defense components. The organizations were ranked based on priority and the amount of points and it was decided to increase the level of security and cyber defense within the organization in accordance with the strategic principles to achieve maximum security and efficiency of the system.

Regarding the general acceptance of the web, analyzing its weaknesses and vulnerabilities in order to find and face security attacks has become more urgent. In case there is a communication contrary to the system security policies, a covert channel has been created. The attacker can easily disclose information from the victim’s system with just one public access permission. Covert timing channels, unlike covert storage channels, do not have memory storage and draw less attention. Different methods have been proposed for their identification, which generally benefit from the shape of traffic and the channel’s regularity. The applicative nature of HTTP protocol allows the creation of a covert timing channel based on different features (or different levels) of this protocol, which has not been  addressed in previous researches. In this article, the entropy-based detection method was designed and implemented. The attacker can adjust the amount of channel entropy by controlling measures such as changing the channel’s level or creating noise on the channel to hide from the analyst’s detection. As a result, the entropy threshold is not always constant for detection. By comparing the entropy from different levels of the channel and the analyst, we concluded that the analyst must investigate the traffic at all possible levels. We also illustrated that by making noise on the covert channel, although its capacity would decrease, but as the entropy has increased, the attacker would have more difficulty in its detection.

Information is considered as the main and vital vein in organizations, advanced institutions and scientific communities. Accessing information and its proper and quick dissemination, has always been marked by organizations in which information has the pivotal role.On the other hand, Controlling access And How to use this information is a major challenge in this field. In in this regard, It is necessary for any organization to be committed to A specific strategy To protect its valuable information and secure it, And accordingly, Implement and run its Security system. Today, due to the increasing importance of information And the willingness of individuals and organizations for more security Especially in computers, old tools like Using password is not responsible and reliable on its own. Therefore the experts seek Ways that are more reliable and one of the most successful ways found is Using Biometrics science and technology. In this paper, considering the main objective of the research in Addition to the introduction of biometric technology and the usual methods, requirements of using this technology In order to improve information security From the perspective of passive defense Extraction and has been stressed.

The use of modern control technologies such as RFID in the field of protection of critical and important assets requires serious attention to physical and non-physical vulnerabilities (Cyber, communication, etc.) associated with the use of such technologies. The purpose of this paper is to reckon the requirements for using such a technology in improving the security of classified information in Ministry of Defense. In this regard, this question was raised "what the requirements for using RFID technology in improving the security of MoD classified information with an emphasis on passive defense are." To answer the research hypotheses (the requirements of enhancing the security of classified information in MoD with the use of this technology) it was cleared that they are the requirements of information cycle security, the requirements of the technology user staff and the requirements of the technology infrastructure security. In order to achieve the objectives of the research while we performed some interviews we also used a 35-item questionnaire designed in Likert spectrum and by using a descriptive analysis method the collected data was analyzed through descriptive and inferential statistic methods. At the end of the study, regarding the confirm of the original hypothesis, some practical proposals for improving information technology security relevant to the requirements of information cycle security, the requirements of the technology user staff and the requirements of the technology infrastructure security were offered.

Availability and continuity of information and key processes that support the core IT services by hardening the computer systems against the attacks as a passive defence principle، has been one of the most important issues facing companies in electeronic passive defences and cyber defence that are generally managed by implementing the relevant security standards. In this research، 36 critical success factors for implementing business continuity management were extracted from the comprehensive study of literature. These indicators were sent to 83 experts، among which 64 were collected and analyzed which after exploratory factorial analysis categorized them in 9 factors and also they were all approved by binomial test. Harmonic mean was used to calculate the weight of factors and components and finally a model including the effective factors and weight of their importance for organizational gap analysis to implement business continuity management system، was proposed. The proposed model was implemented and tested in two IT service provider companies.