Abstracted and indexed in:
Future:
Cloud Security Maturity Index to Measure the Cybersecurity Maturity Level of Cloud Service Providers in Indonesia
Raden Budiarto Hadiprakoso, Hermawan Setiawan, I Komang Setia Buana, Herman Kabetta, Rahmat Purwoko, and Amiruddin
Cyberspace has an impact on every aspect of our lives. Cloud computing is a innovative cyberspace technology that has established itself as one of the essential resource-sharing platforms for forthcoming on-demand infrastructures and services that enable the internet of things, big data, and software-defined systems/services. Security is more important than ever in a cloud environment. Numerous cloud security models and standards are in place to deal with emerging cloud security concerns. However, these models are primarily reactive rather than initiative-taking and do not give suitable measures to analyze a cloud system's overall security posture. Capability maturity models, which many companies have utilized, provide a practical method to address these issues through management by security domains and security evaluation based on maturity levels. The paper has two goals: first, it provides a review of cyber security, cloud security models and standards, cyber security capability maturity models, and security metrics; second, we propose a cloud security maturity index (CSMI) that extends existing information security models (KAMI index) with a security metric framework. CSMI seeks to provide senior management with a reliable overall security evaluation of a cloud system and to enable security professionals to foresee and identify essential security solutions.
Evidence-Based Critical Infrastructure Intelligence and Resilience Actions Against Cyber Cybersecurity Inequities
Ernest Tambo, Kennedy Okorie, Ngo Tappa Tappa, Narcisse Ngouamo, Hoberlin Fotsing Sadeu, and Patience N Njinyah
There is an emerging trend of cyber inequity between countries, corporates and organizations, evolving technological transition, current cyber-skills and workforce shortage that calls for an urgent needs and importance of building a better local and global cybersecurity ecosystem. The scale and sophistication of cyberattacks/threats and cybercrimes landscape continue to fuel the lucrative nature of ransomware, automation disruption, theft of intellectual property and data business concerns. There is urgent need to enhance cyber resilience and defense systems by prioritizing and investing in improving cyberdefence and cyber-resilience postures of governments and critical firms, as variety of complex systems and technologies are becoming increasingly vulnerable to attacks, incidents and threats/crimes. The article assesses critical infrastructure and population data vulnerabilities in shaping cyberdefence and cyber-wellness in targets domains against cyberthreats, attacks and cybercrime globally and in Africa particularly. We documented that increasing ransomware, extortion and ubiquitous phishing supply chain attacks are now all commonplaces. Our findings showed that financial services, mining and healthcare, travel and personal information and identity are the most affected domains. The most vulnerable African countries were namely Ethiopia, Nigeria, South Africa, Algeria, Rwanda and Kenya. Phishing was by far the most prevalent crime with growing prevalence of others. Scaling up cybersecurity and compliance solutions requires a coordinated and dedicated commitment and investment to cyberdefence in Africa. Proactive multisectorial partnership and data sharing collaboration is a potential game changer and resiliency to keep cyber-threats on surveillance check, priorities settings and aligned national actions plans. Sharping shared focus and bringing parties and stakeholders together is essential in building crucial evidence-based cyberdefence and cybersecurity, vulnerability monitoring and compliance solutions. Our results are discussed in improving data-driven or evidence-based cybersecurity intelligence, cyberdefence data sharing protection and improved public–private partnership those are essential building blocks in increased regulatory enforcement, legislative reforms actions and protection measures including digital trust, cyber-inclusive future and resiliency against cyberattacks vulnerabilities, losses and damages. Timely and continuous cyber information triage, analysis and shared cybersecurity and cyberdefence intelligence such as artificial intelligence and deep machine learning potential applications from multisource have immense potential to enrich more contextual and actionable defensive capacities including threat detection and mitigation intelligence, cyber information equitable sharing, early waning and response systems.
Study on Ransomware Threat and Anti-Ransomware
Zhiqiang Lou
Ransomware has become a major global cyber threat. Six trends in ransomware attacks are noticed in the industry. After listing the ransomware damages, countermeasures and three attack phases, the article analyzes five key technologies of anti-ransomware. Efforts are called to enhance security awareness and management and build a multi-layer defense system for ransomware protection.
Comparative Analysis of eKYC and 2FA in Implementing PADU Database System to Strengthen Digital Identity Security
Nor Izham Subri, Abdul Ghafur Hanafi, Mohd Affendi Ahmad Pozin
As digital transactions and online interactions become integral components of modern society, ensuring robust digital identity security is paramount. This study addresses this imperative by investigating the effectiveness of two authentication methods, electronic Know Your Customer (eKYC) and Two-Factor Authentication (2FA), within the context of the PADU (Pangkalan Data Utama) Database System. The study employs a retrospective and exploratory research design, relying on secondary data sources for analysis. Through a non-experimental approach, existing information is examined from primary secondary data sources such as scholarly articles, government reports, and industry publications. Additionally, datasets from reputable repositories are accessed to gather statistical information aligned with the objectives. The comparative analysis method evaluates the efficacy of eKYC and 2FA, focusing on criteria such as scalability, user-friendliness, and regulatory compliance. The findings aim to provide policymakers, database administrators, and digital service providers with actionable recommendations to enhance digital identity security within the PADU Database System.
Unveiling Vulnerabilities: Development IoT-Enabled Health Bracelets Without Security Measures
Mohamad Adrian Mohd Fuaad, Qairel Qayyum Muhamad Ridhuan, Wan Muhammad Alif Firdaus Wan Hanapi, Shelena Soosay Nathan
The integration of Internet of Things (IoT) technology to strengthen the health bracelets intended for senior citizens is the subject of this study. It seeks to thoroughly evaluate the efficiency of these wristbands in tracking physical activity and vital signs, evaluating their influence on health outcomes, and pointing out any potential drawbacks. The project uses an agile methodology to construct a unique Arduino device that uses sensors and IoT to monitor vital signs. It also integrates data analysis to identify the capacity of the device to response to user health issues. The device, named LifeGuardian, detects temperature and heart rate, giving important information about a person's general health. However, in the IoT, security and privacy for wearable devices are largely disregarded. It is essential to apply a systematic approach for security and privacy safeguards in the context of healthcare and remote health monitoring. This study adds knowledge on security and privacy of wearable smart health device of these IoT-enabled health bracelets for the elderly besides offers solutions for security and privacy.
Enhancing An Iris Detection Using Integration of Semantic Segmentation Architecture and Data Augmentation
Warusia Yassin, Mohd Faizal Abdollah, Sasikumar Gurumoorthy, Kumar Raja and Izzatul Nizar
An iris recognition is a biometric way of identifying people in the ring-shaped portion of the eyeball surrounding the pupil. An iris recognition is used in biometrics because each iris is unique to an individual. Unfortunately, even though researchers have considered various approaches to improve the detection of iris recognition, obtaining higher accuracy remains a challenging task. More specifically, the major drawbacks contributed by the poor quality of images such as blur, lighting infection, and data scarcity. Therefore, in this work, we proposed the utilization of semantic segmentation and data augmentation approach to enhance the iris detection capability in terms of accuracy. The semantic segmentation (SS), a part of Mask R-CNN, is applied to overcome the image quality limitation. This approach partitions an image into multiple image segments known as image regions to differentiate dissimilar objects in an image using pixel level. Subsequently, using the data augmentation (DA) approach, new data is derived artificially from existing data that has been effective in improving the model generalization and precisely solving issues of data scarcity. The proposed model namely SS+DA has been evaluated using benchmark datasets known as CASIA and IITD. The experiment result shows that the proposed method is able to obtain an above 99% accuracy rate for both the CASIA and IITD datasets.
Zero-Day Attacks Detection in Smart Community through Interoperability and Explainable AI
Tawhidur Rahman, and Mohammad Sayduzzaman
Snort is one of the well-known signature-based network intrusion detection system (NIDS). In the Abstract—Systems, technologies, protocols, and infrastructures all face interoperability challenges. It is among the most crucial parameters to give real-world effectiveness. Organizations that achieve interoperability will be able to identify, prevent, and provide appropriate protection on an international scale, which can be relied upon. This paper aims to explain how future technologies such as 6G mobile communication, Internet of Everything (IoE), Artificial Intelligence (AI), and Smart Contract embedded WPA3 protocol-based WiFi-8 can work together to prevent known attack vectors and provide protection against zero-day attacks, thus offering intelligent solutions for smart cities. The phrase “zero-day” refers to an attack that occurs on the “day zero” of the vulnerability’s disclosure to the public or vendor. Existing systems require an extra layer of security. In the security world, interoperability enables disparate security solutions and systems to collaborate seamlessly. AI improves cybersecurity by enabling improved capabilities for detecting, responding, and preventing zero-day attacks. When interoperability and Explainable Artificial Intelligence (XAI) are integrated into cybersecurity, they form a strong protection against zero-day assaults. Additionally, we evaluate a couple of parameters based on the accuracy and time required for efficiently analyzing attack patterns and anomalies.
POWERED BY
PARTNERS
