Top Research Papers on Information Security

This report captures the development, lessons learned, and future recommendations from a collaborative research and development activity between the Air Force sponsored Comprehensive Approach to Reusable Defense Software (CARDS) Program, the Department of Defense (DoD), and the Software Engineering Institute (SEI). This activity explored innovative but practical techniques for formalizing and applying (i.e., reusing) models of information security (INFOSEC) concepts to the development of information systems.

This book is intended to educate the average and experienced user of what kinds of different security practices and standards exist and will also cover how to manage security software and updates in order to be as protected as possible from all of the threats that they face.

This book is designed to guide the information technology manager in dealing with the challenges associated with the security aspects of their role, providing concise guidance on assessing and improving an organization's security.

We present InfoSec Cinema, a film-based teaching activity that uses commercial films to teach information security. We analyse ten films to verify their suitability and build a public and editable database of information security events from films. Our findings show that most films embed enough security events to be used as a teaching tool. This could be used to produce information security teaching activities for a very wide range of audiences. Our experience in running two sessions of InfoSec Cinema was positive. Students were able to identify the most relevant events and even designed mitig...

This study illustrates the combination of quantitative and qualitative evaluation methodologies, providing a comprehensive framework for the analysis and design of risk assessment, and advances the understanding of INFOSEC risk assessment.

The Basics of Information Security covers the basic knowledge needed to understand the key concepts of confidentiality, integrity, and availability and dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security.

Abstract : This instruction establishes the minimum standard for the training of information systems security (INFOSEC) professionals in the disciplines of telecommunications and automated information systems (AIS) security.

This activity explored innovative but practical techniques for formalizing and applying models of information security (INFOSEC) concepts to the development of information systems.

This instruction establishes the minimum standard for the training of information systems security (INFOSEC) professionals in the disciplines of telecommunications and automated information systems (AIS) security.

The study identifies the research gap in E-Governance InfoSec domain and substantiates given research gap with relevant literature review and clearly depicts the requirement of research in the field of InfoSec in e-governance domain in a country like India.

This study will investigate the correlation between a user’s InfoSec Literacy, credulousness, and their willingness to divulge information that can be used to compromise company data, to uncover if having technologically and socially competent end users would be beneficial to both IT and the business.

The study concluded the defense in depth policy does grant the Army an advantage over other organizations for providing information assurance, however, the Army would benefit from incorporating some of the common practices of private corporations in their overall information assurance plans.

Key topics such as technologies for database protection, access control, multilevel security, database vulnerabilities and defenses, privacy and legal issues, impact of policies and some well known secure database models are presented.

This online revelation The Basics Of Information Security Understanding The Fundamentals Of Infosec In Theory And Practice Jason Andress can be one of the options to accompany you in imitation of having further time.

The Basics of Information Security gives clear-non-technical explanations of how infosec works and how to apply these principles whether you're in the IT field or want to understand how it affects your career and business.

This paper surveys issues and requirements for future Information Warfare (IW), and introduces the concepts for an area called: “dynamic information defense”, a broader strategy that integrates planning and analysis with a means for situational intelligence to achieve robust in-depth information defense.

The threat from computer crime and other information security breaches continues unabated and the financial toll is mounting, according to the latest joint CSI/FBI Computer Crime and Security Study.

One of the first efforts of developing a software-based secure communication system that bases security on a combination of hardware and software design features is discussed, and the role of the 80486 features in software assurance is discussed.

One of the first efforts of developing a software-based secure communication system that bases security on a combination of hardware and software design features is discussed, and the role of the 80486 features in software assurance is discussed.

The Infosec-tree Model is proposed, a novel methodology with a hierarchical approach to guide that comprehensive assurance process for a computer or network system.

The purpose of this paper is to provide several considerations to be taken into account when institutionalizing the information security(Infosec) pre-assessment, and the seven suggestions are proposed in developing and performing the infosec pre-Assessment scheme.

This report provides a baseline description of the state of multilevel processor/processing to the INFOSEC Research Council and at their discretion to the RD a background review of the highlights of the developments of MLS, issues and unmet R&D challenges surrounding MLS, and a set of recommended research topics.

Based on the construction of infosec architecture in conformity with the classified security protection requirements, the author puts forward some principles for construction.

This C Technical Report, "The Design and Evaluation of INFOSEC Systems: The Computer Security Contribution to the Composition Discussion," is issued by the National Computer Security Center (NCSC) under the authority of and in accordance with Department of Defense Directive 5215.1.

This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements by developing strategy, technique, and architecture.

Far-term concepts of operations are provided, suggesting new SoC tradeoffs and related technology challenges of Cognitive Information Security (INFOSEC), which re-invents software radio as a "trusted" cognitive agent for the consumer or the military.

In the age of digital transformation, artificial intelligence (AI)-enabled platforms have become central to a wide array of industries, driving innovation, efficiency, and personalization. However, the integration of AI technologies introduces significant challenges related to data privacy and security, as sensitive information is increasingly processed and analyzed by autonomous systems. The Chief Information Security Officer (CISO) plays a crucial role in navigating these challenges, ensuring that the privacy of user data is maintained while safeguarding against potential cyber threats. This...

A multi-stage InfoSec Process Action Model (IPAM) that can positively change individual InfoSec behavior will allow InfoSec researchers to focus more directly on the process that leads to action and develop better interventions that address problematic security behaviors.

The focus of this paper will demonstrate the need to clearly define and segregate various user space environments in the enterprise network infrastructure with controls ranging from administrative to technical and still provide the various services needed to facilitate the work space environment and administrative requirements of an enterprise system.

This systematic review enhances existing knowledge by presenting a comprehensive overview of the current state of information security, and provides valuable insights for researchers, practitioners, and policymakers who are committed to safeguarding sensitive information in a society driven by information.

Investigation of the Infosec practices which are applied by nurses who work in Greek hospitals showed that nurses demonstrate average to good knowledge onInfosec policies, good attitude towards Infosee policies,Good to average InfoseC practices and good total InfOSEc awareness.

This discussion encompasses privacy as well as a broader concern with what life could be like in a surveillance-based society, and the challenge that faces the designers of such information systems is to make sure that the resulting systems perform as designed while also meeting security and transparency needs.

Based on the analysis of the threats against information system and the development situation at home and abroad, the guide idea and development thought in the construction of infosec assurance architecture are proposed.

New directions for InfoSec behavioural research based on the adoption of SNA methods to study InfoSec-related perceptions and behaviours are suggested, while findings about the selection and influence mechanisms offer theoretical insights and practical methods to enhance InfoSec in the workplace.

A customizable model of SE-IPs that can be adopted by a wide variety of organizations is proposed and investigated, finding that on average, organizations incorporated just over fifty percent of the identified formal Social Engineering InfoSec Policies.

The Naval Postgraduate School Center for Information Systems Security (INFOSEC) Studies and Research (NPS CISR) is developing a comprehensive program in INFOSEC education and research that can become a resource for DoN/DoD and U.S Government in terms of educational materials and research.

It is concluded that information security risks are serious and inevitable in agriculture or food security and the need for information security risk management is significant in agriculture and food security.

This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements, and helps you develop your own threat intelligence and incident detection strategy.

Investigation of the relationships between nurses' information security policy compliance, information competence, and information security attitudes found factors that influence information security behavior, including different approaches tailored to nurses' job positions and previous information security education.

This paper implements transformer models for two distinct InfoSec data formats in a novel end-to-end approach, and introduces a method for mixed objective optimization, which dynamically balances contributions from both loss terms so that neither one of them dominates.

The European Commission's General Data Protection Regulation offers contextual data security and breach notification standards applicable to organizations located or doing business in the EU that are compared to US and Canadian standards.

This discussion encompasses privacy as well as a broader concern with what life could be like in a surveillance-based society, and the challenge that faces the designers of such information systems is to make sure that the resulting systems perform as designed while also meeting security and transparency needs.

The authors examine the hostages' liberation from an information security perspective, compiling data from several Colombian newspapers and magazines and using the most accepted version of the events.

Experiment indicates that the infosec management and evaluation mechanism could benefit the theoretical system and guide the application implementation of infOSEc management.

Through the basic IoT components of perception layer, network layer and application layer and by implementing horizontal and vertical in-depth defense respectively from computing nodes, network communication and regional boundaries, the level protection of IoT information systems is achieved.

The secure product assessment philosophy, the commercially available products that have been assessed, and the prototypes developed at MITRE are described.

Coucou, La Maison du Libre ouvre dans son local, 214 rue Jean Jaures, a Brest meme, un atelier dedie a la securite informatique : infosec @mdl29. Les ateliers ont lieu le Jeudi soir a partir de 20h, au…

This paper examines an approach to information which is based on providing the customer with “Sufficient INFOSEC” based on needs as determined through a process that includes a business review, risk analysis, engineered solutions, and continuous review.

A case study and steps to form a relationship between an information security program and IT governance and define roles and responsibilities to ensure accountability are included.

A taxonomy of adversarial methods against machine learning models that an insider can exploit is proposed and how these methods can be applied in real-life IoT applications are discussed.