جستجوی مقالات مرتبط با کلیدواژه « Information Security » در نشریات گروه « فنی و مهندسی »

iThe purpose of this article is to identify and analyze the key drivers of digital signature implementation in Iran with a fuzzy Delphi approach. In terms of practical purpose and in terms of information gathering, the research has benefited from a hybrid approach. The statistical community consists of all experts and specialists in the field of information technology and digital signature and articles in this field. The sample size of the statistical community of experts is 13 people who were selected by the purposeful sampling method. 30 articles were selected based on their availability and downloadable, non-technical nature, and relevance to the topic. The method of data analysis was done according to the fuzzy Delphi approach. Validity and reliability were calculated and confirmed using the CVR index and Cohen's kappa test with coefficients of 0.83 and 0.93, respectively. The results prove that the key drivers of digital signature implementation in Iran include 5 main dimensions and 30 concepts, which are 1) security (information confidentiality, information security, sender authentication, document authentication, privacy protection, trust between parties), 2) business (digital business models, communication needs, staff management, organization size, organizational structure, organization resources, organizational culture, top managers, competition ecosystem, e-governance), 3) user (perceived convenience, perceived benefit, consumer behavior, consumer literacy, consumer lifestyle), 4) technical (development of technical infrastructure, systems integration, system complexity, system tanks, design quality, technical speed of certificate production and verification, impermeability of hackers) and 5) Legal (legal licenses, penal laws, legislative body, e-commerce laws).

In this article first the use of computer security models and its benefits are discussed in a novel way. Then, while briefly introducing the space of computer security encounters in the form of ontology, for the first time, three perspectives in the study of patterns in this field have been identified and distinguished from each other. These three perspectives include the view of secure models, the view of security models, and the view of the framework and system to security models. The first and third perspectives are briefly explained and the second perspective is studied in detail from the perspective of the organization of patterns, including the five types of organization. The five types mentioned include software-based lifecycle organization, logical-level organization-based organization, threat-based classification-based organization, attack-based classification-based organization, and application-based organization. In this type of introduction of patterns, the audience acquires a comprehensive view of the discourse of computer security patterns and acquires the necessary knowledge to make better use of these patterns. Finally, the analysis and idea of this research is presented in the form of introducing a new type of organization in order to facilitate the proper use and addressing of patterns.
In this idea, it is stated that the existing categories are mostly static and forward-looking and do not have the necessary dynamism and backwardness, and the idea of covering all stakeholders and security ontology can have this feature and, in addition, include agile patterns as well. .

Cyber networks are considered to be a type of complex and free-scale networks due to the structure and mode of communication within the network. Identifying communities is one of the most important methods of network analysis in order to understand the structure and relationships between network members. With the development of cyber networks, new challenges have been created for users in terms of information securityOne of the goals of identifying the communities in cyber networks is to prevent the spread of malware and cyber attacks. For this purpose, in order to prevent and deal with network attacks and intrusions, the communities in the network should be identified in order to significantly reduce the damage and attacks by attackers by securing and reviving the communities as well as implementing defense policies appropriate to each community. In this article, a method for detecting cyber communities by spectral clustering algorithm is presented. Also, by using the property of the normalized Laplace matrix in this algorithm, it is possible to predict the number of suitable cyber communities. In order to evaluate the detection process, two criteria Silhouette Value and Jaccard index are used. The results obtained from the evaluation criteria confirm the effectiveness of the proposed method.

The spread of attacks and various threats in the cyber space in data-oriented and knowledge-based organizations has caused attention to the issue of cyber security and defense in knowledge-based organizations as very important and strategic issue. This issue requires the explanation of comprehensive roadmap to achieve the goals through the optimal performance of the organization's main processes. The present research deals with the structured analysis of the safety index in security and cyber defense of knowledge-based organizations.After determining the sub-indicators and main influencing factors using scientific methods (Delphi method),their importance was determined by experts. Effective components are combination of security and cyber defense components.The existence of various threats and conditions in the country caused three knowledge-based organizations, "Islamic Azad University,South Tehran Branch, University Research Sciences Unit,and University of Tehran, which they are important in terms of strategic and cyber issues, to be studied. The importance of the influencing factors With the opinions of determined experts, the geometric mean was obtained, and after weighting the components, all values were normalized, using the evolutionary algorithm of Prometheus as one of the new decision-making methods,intra-group comparison of the components was carried out, and then the priority It was done based on the type of intergroup security and cyber defense components. The organizations were ranked based on priority and the amount of points and it was decided to increase the level of security and cyber defense within the organization in accordance with the strategic principles to achieve maximum security and efficiency of the system.

With the advancement of technology and the remarkable growth of the Internet of Things (IoT), the need for secure computing in this domain has increased. The Internet of Everything enables the connection and communication among objects, data, processes, and individuals, including systems, smart devices, industrial systems, and many others. With the immense number of connected objects, information security, and privacy have become significant challenges in IoT computing. This article explores the concept of secure computing in the Internet of Everything. It investigates the impact of the Internet of Things on the concept of security and its related needs. Furthermore, the methods and technologies used to establish secure computing in the Internet of Everything are discussed, including topics such as data encryption, identification and authentication, access management, privacy protection, and threat detection. Additionally, the challenges and drawbacks of secure computing in the Internet of Everything are examined, addressing issues such as the complexity of the connected environment, dynamic security threats, the need for standards and security-related concerns, and the influence of technological changes on secure computing. Finally, solutions and recommendations are provided to enhance secure computing in the Internet of Everything, including the use of strong encryption, centralized access management, user education and awareness, and advanced threat detection and monitoring systems. This article aims to provide a better understanding of secure computing in the Internet of Everything and to develop suitable security solutions for this domain.

Encryption is one of the most powerful tools that ensures information security in the field of communication and information technology. Image encryption is different from other encryptions. This difference is due to the inherent characteristics of the images. Recent attempts to encrypt images have been based on chaos. In this paper, a new chaos-based encryption algorithm for image encryption is presented. In the proposed method, instead of encryption one image in each step, four images are encrypted simultaneously. In this way, four standard images are combined and a single image of their combination is created. Simultaneous encoding of four images will cause to complicate the proposed encryption algorithm, increase security, and extend the amount of gray area per pixel. Finally, the resulting image is XORed with encryption key and the encrypted image is generated. Considering the combination of four images and their simultaneous encoding, as well as examining a large number of image evaluation criteria, specifically the information entropy, that has achieved a value equal to 7/9994 in our proposed algorithm, which is really close to the ideal value of 8, shows that the proposed algorithm performs appropriately.

In recent decades, information security has been a great importance for all organizations. However, to enhance information security in an organization, many projects have been failed due to lack of knowledge of risks and effective factors on information security. This paper aims to study effective factors on security of information systems. Data is collected through extensive literature review and open interview by 12 experts, which is chosen as the judgment of researchers purposefully. Causal model of studied risks was designed based on experts’ opinions, after identifying dimensions and risk factors. Subsequently, Dynamic model was plotted by VENSIM software using system dynamics approach. System dynamics modelling creates a better understanding of the system behavior and allows for the development of new structures and policies. In order to test the validation of research dynamic model, boundary condition was used. results indicate that presented model is validated. Moreover, to simulate by studied model, the data is collected from OFOGH consulting engineering company and run for a period of 12 months. As a result, among identified risks, the most important one relates to technical risk. Data risk, human risk and physical risk are in the next ranks respectively. In addition, environmental risk has the lowest importance. At the end, using security software, determining staff access levels, using uninterrupted Power Supply systems, Closed Camera Television (CCTV), and staff training courses are identified as four solutions to improve information systems security behavior.

Regarding the general acceptance of the web, analyzing its weaknesses and vulnerabilities in order to find and face security attacks has become more urgent. In case there is a communication contrary to the system security policies, a covert channel has been created. The attacker can easily disclose information from the victim’s system with just one public access permission. Covert timing channels, unlike covert storage channels, do not have memory storage and draw less attention. Different methods have been proposed for their identification, which generally benefit from the shape of traffic and the channel’s regularity. The applicative nature of HTTP protocol allows the creation of a covert timing channel based on different features (or different levels) of this protocol, which has not been  addressed in previous researches. In this article, the entropy-based detection method was designed and implemented. The attacker can adjust the amount of channel entropy by controlling measures such as changing the channel’s level or creating noise on the channel to hide from the analyst’s detection. As a result, the entropy threshold is not always constant for detection. By comparing the entropy from different levels of the channel and the analyst, we concluded that the analyst must investigate the traffic at all possible levels. We also illustrated that by making noise on the covert channel, although its capacity would decrease, but as the entropy has increased, the attacker would have more difficulty in its detection.

The business approach and risk management framework of the company through the establishment and maintenance of the information security management system (ISMS) is a framework for identifying, assessing, controlling and managing the risks associated with information security in the company. It is based on privacy standards, integrity and availability of information assets. In the present report, not only a model for evaluating the information security maturity in the headquarters of one of the oil industry companies is developed, but also the defect analysis and implementation of the existing organization are initially carried out in accordance with the requirements of ISO 27000. By defining the indicators of evaluation and measurement of these indicators in the organization, its maturity is estimated in this security standard. Different models are presented to identify the weaknesses and security powers of a particular organization. The goal is to identify a gap between theory and practice that can be approximated by the process-oriented approach. The puberty model introduced and used in this project, provides a starting point for implementing security, a public view of security, and a framework for prioritizing operations. This model of information security maturity has 5 phases. (The maturity model is information security as a tool for assessing the ability of organizations to meet security goals, that is, confidentiality, integrity and availability, and prevent attacks and access to the mission of the organization in spite of attacks and accidents)??. This model defines a process that has all aspects of security management, measurement, and control. The results of the evaluation show that the organizations which have security investments ahead of time have to understand the needs for high-level management of information security in the organization, and in addition to the actions taken in the field of physical environment, network and personal computers, controls access and encryption have been made to identify the necessary training and culture.

Intrusion detection systems are responsible for diagnosing and detecting any unauthorized use of the system, exploitation or destruction, which is able to prevent cyber-attacks using the network package analysis. one of the major challenges in the use of these tools is lack of educational patterns of attacks on the part of the engine analysis; engine failure that caused the complete training,  the result is in production of high volumes of false warnings. On the other hand, the high level of intrusion detection training time will cause a significant delay in the training system. Therefore, in the analysis section of the intrusion detection system, we need to use an algorithm that shows significant performance with the least educational data, hidden Markov model is one of these successful algorithms in this field. This Research also is trying to provide a misuse based intrusion detection solution with the focus of the evolutionary Hidden Markov model, the EHMM, which is designed to overcome the challenges posed. The most important part of hidden Markov model is to adjust the values of the parameters, the more adjusted values, optimal values would be more effective. The hidden Markov model is more likely to predict the probability of future values.  Therefore, it has been trying to end the mail based on the causative analysis of NSL data sets-KDD using evolutionary programming algorithm for hidden Markov model for the optimal parameters and sort of teach it. Then, using it, the types of attacks in the dataset were identified. To evaluate the success rate in improving the accuracy percentage EHMM proposal intrusion detection, MATLAB System simulation environment has been implemented. The results of the investigation show fitted, EHMM plan, the percentage of the average is 87% of intrusion detection (if hidden Markov model is used normal) to over 92% (in the case of the hidden Markov model using evolutionary) increases. Also after training the training data in both methods based on conventional and evolutionary Markov model, the time of the target system for a training data set is approximately two hundred thousand record from  low average of 489 minutes to more than 400 minutes has been dropped in the proposed method. This outcome achievement and making it operational on intrusion detection for the native system, can cause a defensive improvement which can be fitted in front of the other country for hostile cyber.

The purpose of this study is to identify and prioritize the effective technical and technical stress factors of information security by IT experts identified in Aghajari oil and gas Exploitation Company. The statistical population of the study consisted of 100 ICT managers and experts in Aghajari Oil and Gas Co. which directly related to the security of information in the company, 80 of them were selected as samples. In this research, the first questionnaire was designed with the aim of identifying the factors and half-openness. The second questionnaire was designed with the aim of screening the identified factors as closed and based on Likertchr('39')s five-choice spectrum. Finally, a third questionnaire was designed with the aim of determining the weights and rank of each one of the factors and in a pair comparison. The necessary analysis was carried out through the software SSS, Excel, ExpressChevis and MATLAB. The results of the research led to the identification of two main factors (occupational stressors and technical stressful factors influencing information security by IT experts in Aghajari oil and gas Exploitation Company) and 14 sub factors and then their rank were determined.

Information security is becoming an important proposition for most organizations due to the current process of transferring information through a world without borders and vulnerabilities. This has raised concerns and awareness of the use of ISRM to develop effective economic control strategies. Although there are several types of information security risk management tools that are readily available, most of the methods do the same, which results in the creation of a range of evaluation, information collection and intermediary information generation. the success of ISRM planning depends strongly on the quality of the input information, however, with the amount, variety and variety of information available to professionals, can easily be controlled with enhanced information. This article helps determine which dimensions of IQ contribute to the quality of information during the process of collecting information during the ISRM. To properly define, IQ dimensions are evaluated in terms of its production. To identify possible dimensions of information security risk management, Likert Online Structural Questionnaire was distributed among a group of senior and Ph.D. students at Gorgan University of Azad University who were engaged in accounting and auditing work (47 people). Partial least squares analysis (PLS) showed that the dimensions of accuracy, data rate, access to information, reliability of information, conciseness of data, completeness of information and reliability of information, relevance of information, reliability of information, timeliness of information, comprehensibility and Information uniformity significantly affects the quality of data collection on information security risk management

ISMS is not a standalone concept. It has its derivatives from various different international bodies and standards, Included ISO 17799/BS17799 - ISO17799 which are for the IT security industry, and ISO 9000 which is for the TQM industry. Effective factors on ISIM are classifiable as two general categories of soft and hard. Analyzing the current security conditions of information and a detailed overall view of it is essential to practically stabilize a successful ISMS. Thus, the project’s main goal is to identify and prioritize the effective parameters to reach a better stage of planning and focus.The Statistical society of this study is academic experts, managers, and employees of IT department. In this study, the social security organization (SSO) branches in the province of Guilan is case study, and FAHP is used for analyzing the data. The results showed that soft factors, i.e., management, cultural & social factors, are more important than hard factors, i.e., technical, technological & financial factors, in ISMS, and management factors are also most important than the two other factors, ie cultural & social factors.

Standards in the field of IT security, due to the youthfulness of this area, it is relatively new, but the long history of standard processes, leading to a mature and efficient development of standards in this area. Several researches have been done in the field of information security that shows the breadth and complexity of information security, as well as, several standards has been developed in this field. Ignoring the information security is as open embrace risky on a variety of issues that may be faced in doing anything with it. Information security plays an important role in protecting the assets of the organization. As regards that no formula cannot guarantee complete security, however, need to a series of criteria and standards to achieve the appropriate level of information security resources to be used effectively and the best way to adopt security. Each of them has covered a specific aspect of security, and sometimes a set of standards to cover only one aspect of security. The adoption of information security standards, it must first be emphasized to match the original standard and note that proportionality is localized or they may create problems. The present research introduces the world deal with information security standards. It will be discussed that how to change views of information security in detail, and introduced a variety of tools and solutions.

Information is considered as the main and vital vein in organizations, advanced institutions and scientific communities. Accessing information and its proper and quick dissemination, has always been marked by organizations in which information has the pivotal role.On the other hand, Controlling access And How to use this information is a major challenge in this field. In in this regard, It is necessary for any organization to be committed to A specific strategy To protect its valuable information and secure it, And accordingly, Implement and run its Security system. Today, due to the increasing importance of information And the willingness of individuals and organizations for more security Especially in computers, old tools like Using password is not responsible and reliable on its own. Therefore the experts seek Ways that are more reliable and one of the most successful ways found is Using Biometrics science and technology. In this paper, considering the main objective of the research in Addition to the introduction of biometric technology and the usual methods, requirements of using this technology In order to improve information security From the perspective of passive defense Extraction and has been stressed.

The use of modern control technologies such as RFID in the field of protection of critical and important assets requires serious attention to physical and non-physical vulnerabilities (Cyber, communication, etc.) associated with the use of such technologies. The purpose of this paper is to reckon the requirements for using such a technology in improving the security of classified information in Ministry of Defense. In this regard, this question was raised "what the requirements for using RFID technology in improving the security of MoD classified information with an emphasis on passive defense are." To answer the research hypotheses (the requirements of enhancing the security of classified information in MoD with the use of this technology) it was cleared that they are the requirements of information cycle security, the requirements of the technology user staff and the requirements of the technology infrastructure security. In order to achieve the objectives of the research while we performed some interviews we also used a 35-item questionnaire designed in Likert spectrum and by using a descriptive analysis method the collected data was analyzed through descriptive and inferential statistic methods. At the end of the study, regarding the confirm of the original hypothesis, some practical proposals for improving information technology security relevant to the requirements of information cycle security, the requirements of the technology user staff and the requirements of the technology infrastructure security were offered.

One of the most important capabilities of information security management systems, which must be implemented in all organizations according to their requirements, is information security risk management. The application of information security risk management is so important that it can be named as the heart of information security management systems. Information security risk rating is considered as the key part of the risk assessment phase in the process of this management. This article presents an applied method by combining two MADM methods of AHP and TOPSIS in a fuzzy environment in order to improve information security risk rating. The results of comparison between the implementation of the combined FAHP-TOPSIS and the FAHP indicated that the weights presented by the proposed FAHP-TOPSIS model have lower variation coefficients and higher mean compared to the FAHP model. As a result, it provides more accurate results with less percentage error.

Availability and continuity of information and key processes that support the core IT services by hardening the computer systems against the attacks as a passive defence principle، has been one of the most important issues facing companies in electeronic passive defences and cyber defence that are generally managed by implementing the relevant security standards. In this research، 36 critical success factors for implementing business continuity management were extracted from the comprehensive study of literature. These indicators were sent to 83 experts، among which 64 were collected and analyzed which after exploratory factorial analysis categorized them in 9 factors and also they were all approved by binomial test. Harmonic mean was used to calculate the weight of factors and components and finally a model including the effective factors and weight of their importance for organizational gap analysis to implement business continuity management system، was proposed. The proposed model was implemented and tested in two IT service provider companies.

In this paper, for secure transmission of speech signal in wireless sensor, a new method based on wavelet transform has been proposed. In this methodology, speech signal is compressed and encrypted simultaneously using characteristics of wavelet transform. The output speech which is in form of an obscure bit stream is required to be inserted in carrier signal. For insertion, fivestage wavelet transform is applied on speech signal and the optimum sub-bands are selected. The simulation results show that the proposed method provides higher security, lower complexity and lower consuming energy in comparison with popular methods in wireless sensor networks.