Information Security

KaaShiv InfoTech, Number 1 Inplant Training Experts in Chennai.


Information Security" as the protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats. Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.

kaashiv infotech


  • Information dispersal algorithms
  • Cryptographic Algorithms
  • Knuth Morris Pratt algorithm
  • Advance cryptography algorithm
  • Data Encryption Standard
  • Performance analysis of encryption algorithms
  • Genetic Algorithm
  • RSA Algorithm
  • Asymmetric algorithm
  • Symmetric Key Cryptography Algorithm
  • Effective Substitution Cipher Algorithm
  • Encryption Algorithm

  • 1.Data sanitization


    XML, the universal language for communication allows semi structured and interoperable data format for exchange between applications.XML inferring should be allowed for other applications in such a way that the client should never be able to obtain any information that would violate the confidentiality requirements .The existing inference control system focuses only on relational databases to bring into control, the inference problems.Our proposed system defines inference-proof view for a XML document by making sure that an alternate XML is created that doesn’t contain any confidential info. Client queries are then executed on inference-proof view to check its security potential. The above process is performed with single and multiple clients to ensure its robustness.There is a probability that the schema can be trapped to identify secure xml data. Hence when the inference-view algorithm is generated, new schema for the updated XML structure is created.This inference-proof concept follows a weakening concept that is suitable for incomplete XML information. Also along with the new schema, new DTD is generated for the alternate XML. The above methodologies ensures that the inference proof view is generated efficiently.

    IEEE Title:

    On Inference-Proof ViewProcessing of XML Documents


    This work aims at treating the inference problem in XML documents that are assumed to represent potentially incomplete information. The inference problem consists in providing a control mechanism for enforcing inference-usability confinement of XML documents. More formally, an inference-proof view of an XML document is required to be both indistinguishable from the actual XML document to the clients under their inference capabilities, and to neither contain nor imply any confidential information. We present an algorithm for generating an inference-proof view by weakening the actual XML document, i.e., eliminating confidential information and other information that could be used to infer confidential information. In order to avoid inferences based on the schema of the XML documents, the DTD of the actual XML document is modified according to the weakening operations as well, such that the modified DTD conforms with the generated inference-proof view.





    Related URLs for reference:

    [1] Performance analysis of encryption algorithms for Information Security 

    Information Security has become an important issue in data communication. Encryption algorithms have come up as a solution and play an important role in information security system. On other side, those algorithms consume a significant amount of computing resources such as CPU time, memory and battery power. Therefore it is essential to measure the performance of encryption algorithms. In this work, three encryption algorithms namely DES, AES and Blowfish are analyzed by considering certain performance metrics such as execution time, memory required for implementation and throughput. Based on the experiments, it has been concluded that the Blowfish is the best performing algorithm among the algorithms chosen for implementation.

    [2] Education in information security 

    The last four years have seen an explosion in the concern for information security. People are becoming aware of how much information is publicly available, as stories in the national news media discuss the ease with which hackers steal identities. On a less personal note, compromises of information involving authorized access show that organizations have information security problems. With this awareness has grown an understanding of our dependence on accurate, confidential information, and of the fragility of the infrastructure we use to secure that information. Of all the questions emerging, the fundamental one is this: how can we secure information? This essay discusses different forms of education that are relevant to this problem.

    [3] Information security framework 

    This paper focuses on the holistic framework proposed includes the following clusters of ideas: purpose and role of information security, societal trends, human elements, changing technologies, information security management, and complexity and interactions. These multiple views of information security provide a more complete framework in which to embed much of the global research in information security. Future directions and possible research projects are considered that would apply this holistic framework to what is considered to be a `difficult' problem to solve.

    [4] Data collection for information security system 

    The security of information systems is generally related to the deployed tools to protect the network infrastructure from attacks. These latter are based on detection components that analyze the information transmitted through the network. The existing systems do not provide a full protection and present a high rate of false positives that could result from a lack in the analysis of the collected information (events). Thus, useful information should be determined to perform accurate detection and hence perform good protection. In this paper, a new approach to collect useful data from the network is proposed. It is based on new components called: observers. The system architecture is presented and the different components are described in details. Furthermore, the functioning of the different parts of the system is discussed.

    [5] Information Security Management 

    Today data behind building and hardware equipment are very important investment of enterprise and organization and play main role in it. Different enterprise and organization have different security requirements and in order to their requirement must be apply different control security. In order to data protection from integrity and security aspects, many authors have many tries. Information security management guidelines have extent scope and most of them are common and don't attention to enterprise or organization difference. Because of these reasons we need to information security management standards. In this paper ISOIEC 27000 series and ISOIEC 15408 describes and from scope and application aspect compared with together. The results can be provide better information security management.

    [6] A Proposed Preventive Information Security System 

    Managing computer and network security programs has become an increasingly difficult and challenging job. Dramatic advances in computing and communications technology during the past few years have redirected the focus of data processing from the computing center to the terminals in individual offices and homes. The result is that managers must now monitor security on a more widely dispersed level. These changes are continuing to accelerate, making the security manager's job increasingly difficult. In this paper a better solution for Information Security management has been proposed by designing PrISM (Preventive Information Security Management). PrISM aims to develop and deploy an indigenous Information Security Management System (ISMS) with intrusion prevention capabilities. The objective is to develop an ISMS with appropriate security assurance controls and risk handling processes. This will provide best protection of critical assets against information warfare attacks. The task has been planned by performing reverse engineering of Open Source Security Information Management (OSSIM) system. A detailed discussion on OSSIM and commercially available software Event Horizon has also been presented.

    [7] Information security governance and how to accomplish it 

    The risks and costs of information security, numerous external and internal requirements and obligations to customers, are the reason for the interest of security at the highest level in companies. A set of activities which describes the involvement of the management board, executive management, specialized committees, ad-hoc groups and security managers is referred as Security Governance. While the principles of information security governance are relatively defined, the universally accepted methodology for its introduction in business environment is missing. This raises the question whether there is a connection between other concepts of good practices in the field of security and IT management with Security Governance. Outlining the process of corporate security and its reference to other concepts of security and IT management, are the aims of this work

    [8] Information security management - a practical approach 

    Information security is an important issue in today's business. Information security management can no more be done by merely a set of hardware and software. Rather, it requires a complete end-to-end system. Such a system is called Information Security Management System (ISMS). It requires special focus and participation from all levels of employees with full commitments and responsibilities in establishing such a system and implementing it within the organization. ISO security standards and government compliance regulations guide and enforce organizations about certain requirements and norms. Organizations need to build an ISMS by combining all the bits and pieces as per their business needs. This paper illustrates a practical approach, as a ready reference, to build an ISMS in a business organization.

    [9] Why information security is hard - an economic perspective  

    According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. The author puts forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons.

    [10] Information security awareness in UAE: A survey paper 

    Security awareness is an often-overlooked factor in an information security program. While organizations expand their use of advanced security technology and continuously train their security professionals, very little is used to increase the security awareness among the normal users, making them the weakest link in any organization. As a result, today, organized cyber criminals are putting significant efforts to research and develop advanced hacking methods that can be used to steal money and information from the general public. Furthermore, the high internet penetration growth rate in the Middle East and the limited security awareness among users is making it an attractive target for cyber criminals. In this paper, we will show the need for security education, training, and awareness programs in schools, universities, governments, and private organizations in the Middle East by presenting results of several security awareness studies conducted among students and professionals in UAE in 2010. This includes a comprehensive wireless security survey in which thousands of access points were detected in Dubai and Sharjah most of which are either unprotected or employ weak types of protection. Another study focuses on studying the chances of general users to fall victims to phishing attacks which can be used to steal bank and personal information.

    [11] Owned policies for information security  

    In many systems, items of information have owners associated with them. An owner of an item of information may want the system to enforce a policy that restricts use of that information; we call such a policy an owned policy. Owned policies can be used in many contexts, including information flow, access control, and software licensing. In this paper, we introduce and study a general framework for owned policies. Relationships between security policies for a given system may be dependent on system aspects that change between or during system execution. As a result, there may be only partial knowledge of the structure of security policies available when analyzing a system statically. We demonstrate that our framework permits static reasoning about owned policies under partial knowledge, and we also exhibit tractability results for the problem of inferring security policies.

    [12] Research on Development of Android Applications: 

    The purpose of this paper is to resolve information security problem in the mobile electronic commerce industry chain. We analyze information security based on evolutionary game theory. In this paper, we set up the information security game model with penalty parameter, calculate replicator dynamics, and analyze the evolutionary stable strategy of the game model. The result reveals that reducing the investment cost is the key factor to promote information security investment. If this condition can not be satisfied, the regulation of penalty parameter will help to promote the investment. The research method in this paper provides a new thought for the solution of information security in the mobile electronic commerce chain.

    [13] A New Mobile Information Security Solution Based on External Electronic Key  

    Mobile service raises a number of security and privacy challenges. To address this, we present an approach in which the mobile information security is enhanced by using external security key and specified policies. An electronic security key (eKey) is connected to the mobile device by adaptable interface for enhancing the security ability and storing private data. Front end administration module (FAM) located on mobile device which is responded for command initiation connects to backend administration module (BAM) on server by means of identification and mutual authentication which generating different session key with time stamp every time. Furthermore, the software design and hardware design of eKey is given. Software design put emphasis on the security architecture providing security services, based on current relatively mature security framework for wireless mobile terminals of the 3rd Generation Partnership Project (3GPP). Hardware design put emphasis on the hardware security solution and the communication mechanism between main controller and security module. In this way, the mobile information security problem is solved to a certain extent. In the end, we point the new adapted interface that supports data exchange between mobile terminals and external device will give a large chance to the development and application of eKey in the future.

    [14] Information security management in e-learning  

    E-learning is a new method of learning and it depends on the Internet in its execution. Internet has become the venue for a new set of illegal activities and e-learning environment is now exposed to the threats. In this paper the benefit and growth of e-learning is elaborated. This paper discusses the security elements needed in e-learning. In addition, explains the situation and existing research on security in e-learning. Information security management is suggested to contribute in preparing the secured e-learning environment.

    [15] Mobile security from an information warfare perspective 

    With the increasing prevalence of mobile devices, there is an increasing risk that the mobile networks may be targeted by information warfare attacks. An investigation of mobile security issues from an information warfare perspective, with emphasis on computer network warfare and electronic warfare, is presented. The paper focuses on analysing prior cases of mobile security breaches from an information warfare perspective, however previous research is also discussed. The validity of the various potential and perceived threats to mobile security is discussed. Preliminary results from current research into mobile security and information warfare are reported; initial simulation results assessing the practicality of jamming and eavesdropping on 3G signals and the responses from first round of research interviews are discussed.

    [16] Interactive Teaching Methods in Information Security Course 

    Information security course for undergraduate students is a growing activity in many universities and colleges. One of the primary questions that all instructors face is how to draw student into active learning process. In this paper, we share our experiences on the practice of interactive teaching in an information security course. The three major methods, seminar-style teaching in classroom, topic presentations and discussions, and course projects for promoting hands-on learning are described. The positive results in terms of successful learning have been witnessed on the course evaluation and the feedback from the students. Furthermore, some concerns in using these methods are also discussed in the paper.

    [17] Information security competence test with regards to password management 

    It is widely acknowledged that when it comes to IT security the human factor is usually the weakest link. In an effort to strengthen this link, most CIO's are embracing the deployment of security awareness programmes. It is accepted that these programmes can create an information security-aware culture where security risks can be reduced. Even though work has been done in ensuring that these programmes include mechanisms for changing behaviour and reinforcing good security practices, there is a lack of work on measuring the effectiveness of such programmes. Competence based questions have long been used in HR to select employees with the skills that are necessary to perform effectively in a job. Competence based tests focus mainly on the behaviours and traits critical for success on the job and how they have been demonstrated in the past. This current paper presents the description of an approach that uses competency based behavioural questions to measure security competence levels at a university with regards to password management. A sample of 140 students participated in the study. The findings revealed that even though students were aware of the procedures, many failed to implement them. For example, 48.6% of students would share their passwords even though they know it was wrong. It was also found that there is a positive relationship between the year of study and the creation of strong passwords (n=140; r=+0.268; p=0.007).

    [18] Information Security Integral engineering Technique and its Application in ISMS Design 

    This paper proposes a technique for the design and implementation of the information security management system (ISMS) for small and medium enterprises (SMEs). The technique is based on ISO 27001 standard ISMS requirements object model. The model was designed using methods and tools of the information security integral engineering (ISIE) framework, so the first part of the paper also briefly describes some features, components and engineering methods within the ISIE framework, which are important in practical applications but were presented insufficiently or were not presented at all in the previous papers. Along with the description of a general ISMS design and implementation method, the paper provides an example of the application of this method to design ISMS for city medium telecommunication SME. The paper also gives the evaluation of the technique's efficiency

    [19] A web-based Information Security Management Toolbox for small-to-medium enterprises in Southern Africa 

    Many small-to-medium sized enterprises are finding it extremely difficult to implement proper information security governance due to cost implications. Due to this lack of resources, small enterprises are experiencing challenges in drafting information security policies as well as monitoring their implementation and compliance levels. This problem can be alleviated by means of a cost effective ”dashboard system” and automated policy generation tool. This paper will critically evaluate an existing policy generation tool, known as the Information Security Management Toolbox, and will propose improvements to this existing system based on changes in both information security standards and business needs, since the development of the original system.

    [20] Security threats in cloud computing 

    Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centers located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. General example of cloud services is Google apps, provided by Google and Microsoft SharePoint. The rapid growth in field of “cloud computing” also increases severe security concerns. Security has remained a constant issue for Open Systems and internet, when we are talking about security cloud really suffers. Lack of security is the only hurdle in wide adoption of cloud computing. Cloud computing is surrounded by many security issues like securing data, and examining the utilization of cloud by the cloud computing vendors. The wide acceptance www has raised security risks along with the uncountable benefits, so is the case with cloud computing. The boom in cloud computing has brought lots of security challenges for the consumers and service providers. How the end users of cloud computing know that their information is not having any availability and security issues? Every one poses, Is their information secure? This study aims to identify the most vulnerable security threats in cloud computing, which will enable both end users and vendors to know about the key security threats associated with cloud computing. Our work will enable researchers and security professionals to know about users and vendors concerns and critical analysis about the different security models and tools proposed.

    [21] Information Security Management is Not Only Risk Management 

    The paper considers and discusses two closely related concepts and process, namely risk management and security management. Practically, there is a tendency to consider risk management as a plenty process capable to protect information assets. Based on the literature and international standards, the paper gives an overview of all the aspects and activities related to both processes. risk management and security management are analyzed in order to point out their particularities and similitudes. The paper aims to clarify both concepts focusing on an operational, organizational and conceptual point of view by explaining which are the differences and why these two process can not been conceived or operated separately

    [22] Information security in the Islamic perspective: The principles and practices 

    This paper examines the extent to which Islamic principles and practices (in this respect, as found mainly in the Prophet Muhammad's traditions) reinforce the notion of information security as a measure to protect information assets. This paper is historical and doctrinal in nature, attempting to discover the Islamic formulation that corresponds to the theories and practices of information security as adopted by various industries today. The aim of this paper is to ultimately portray that Islam is indeed a universal and modern religion caring no less about the issues of information security. To achieve this goal, this paper examines how the principles and the practices of information security were recognised and implemented in the early Islamic civilisation. Those practices are further analysed so as to get a more comprehensive view of the criticality of information security to the Muslim society. It restricts its scope to mainly the two fundamental sources of knowledge and laws in Islam, embodied in the holy Qur'anic injunctions and the Prophetic traditions (Hadith) that are of particular relevance.

    [23] Utilizing a Service Oriented Architecture for Information Security Evaluation and Quantification  

    The service oriented architecture provides an abstraction utility that is characterized to be autonomous, well defined, and self-contained. In this research we define the basic building blocks of a security reference model composed out of processes domain view, security requirements view, infrastructure management view, security assurance view, and survivability management view. We build a security attributes organizational model based on security processes states and security attributes requirements. We continue to dissect our proposed architecture based on the service oriented architecture reference model, and map the SOA dimensions into security requirements attributes

    [24] ISEDS: An Information Security engineering Database System Based on ISO Standards 

    Security facilities of information systems with high security requirements should be consistently and continuously developed, used, and maintained based on some common standards of information security. However, there is no engineering environment that can support all tasks in security engineering consistently and continuously. To construct a security engineering environment, a database that can manage all data concerning all tasks in security engineering is indispensable. This paper presents an Information Security engineering Database System, named "ISEDS," that we are developing based on ISO standards, and shows its some possible applications. ISEDS manages data of ISO standards of information security and various cases of system development and maintenance. We adopted the international standard ISO/IEC 15408 (Common Criteria) for information security evaluation as one of ISO standards to underlie ISEDS, and implemented major functions of ISEDS and its application tools to manage and use data oflSO/IEC 15408. Developers, users, and maintainers can create, correct, and verify specification documents of security facilities with the application tools.

    [25] Commercial Aircraft Information Security-an Overview of ARINC Report 811  

    This paper provides an overview of ARINC Report 811, Commercial Aircraft Information Security Concepts of Operation and Process Framework. ARINC Report 811 was developed by airline and industry participants of the Airlines Electronic engineering Committee (AEEC) Aircraft Information Security (SEC) Subcommittee, and it was adopted by the airline members of the AEEC in October 2005. ARINC Report 811 describes a three-step risk-based information security process framework, that considers existing airline operations and the organizational impact associated with the introduction of new aircraft information security procedures, particularly with respect to the management of mobile, global aircraft assets

    [26] The design of information security protection framework to support Smart Grid :  

    With the unified and strong smart grid construction by State Grid Corporation of China, informationsecurity protection architecture is facing new challenges. The characteristics of smart grid such as informationization, automation, and interaction, have enhanced the two-way interaction between grid and consumers. The design method of information security protection architecture in U.S. Smart Grid and new information security protection requirements of China Smart Gird and new information security risks were proposed and analyzed. An information security protection model and overall information security protection strategy were proposed considering the characteristics of China Smart Grid and the new information security protection requirements. Based on this model, the information security protection framework was designed to support the information security protection in smart grid. The proposed framework consists offourparts: security governance, security management, securitymaintenance, security technology. Finally, a methodology for the implementation of information securityprotection framework was given, which guides the business systems in every aspect of smart grid to implement information security protection works from the points of technology, management, and operation

    [27] Valuation of Information security concept methods 

    Information security concept methods are popular and attract much attention because they're foundation for realizing the Information security Semantic Web. a redundant concept of information security methods can be listed, such as inference engines, annotation tools, information security -based crawlers, and information mining tools, not to mention concepts themselves. Information security concept' key benefit is interoperability, so it should be fairly easy, for example, to create an information security concept with one editor, store it, and upload it again to another editor for further work. computer scientists defend the lack of experimentation with a wide range of arguments. The field is wide open for information security concept experiments. We will find statements from different perspectives. A common distinction exists between evaluating information security concept tools and information security concept content.In the end, ordinary users will decide if they're happy using information security concept methods (at all) and whether the information security Semantic Web will become a truly global success. This will occur only if information security concept methods really work.

    [28] Information security knowledge and behavior: An adapted model of technology acceptance 

    Information security risks have become a significant concern for users of computer information technology. However, users' behavior of acceptance and actual use of available information security solutions has not been commensurate with the level of their information security concerns. Traditional technology acceptance theory (TAM) emphasizes the factors of perceived usefulness and perceived ease of use in acceptance of technology. There has been little research focus and consensus on the role of knowledge in user adoptions of information security solutions. This paper proposes a new and adapted model of technology acceptance that focuses on the relationship between users' knowledge ofinformation security and their behavioral intention to use information security solutions. This study employs a survey method that measures users' knowledge of information security and their attitude and intention toward using information security solutions. Statistical analysis of the results indicates a positive correlation between user knowledge of information security and user intention to adopt and useinformation security solutions.

    [29]Information security of power corporations and its reinforcement measures :  

    Information system security of power corporations is mainly exposed to physics security risk, networksecurity risk, application security risk and management security risk. The success of informationsecurity normally relies on 30% technology support but 70% management investment. Therefore, rigid management plays a crucial role in threat prevention. After a critical summery of the current research on power information system security technology and security management home and abroad, the paper points out a necessary emphasis on information security of production control system and Internet power information system and security management in the future, based on the features and requirements of power information system. First of all, the paper reviews information security and its classification. Then it puts forwards corresponding strategies based on the analysis of various risks, such as network equipment security reinforcement, service security reinforcement, and application security reinforcement. Meanwhile, it gives an introduction of physics security, data security prevention and management regulations.

    [30] An assessment model of information security implementation levels 

    Information security is very important as it serves to protect an organisation from any threats and risks by ensuring the information is always safe to be accessed, reliable and confidentially protected. In order to ensure information security, organisations normally introduce policies and guidelines which are made available to all members. Despite this effort however, security threats on organisations' information still occur. One of the reasons is because organisations are not aware of the information security levels that they practise. This paper discusses a measurement model for assessing information security implementation levels in organisations. The model consists of three maturity levels that determine the degrees of which information security is addressed in an organisation. The levels contain several factors that are necessary for ensuring information security. The study used Systematic Literature Review (SLR) as the instruments to determine the appropriate measurement parameters. The identified parameters were combined with general models and measurement standards of information security. The model can be used by organisations to determine their levels of maturity in ensuring the security of their information. This enables them to improve their current information security practices. .

    [31] Implementation of an Android based teleportation application for controlling a KUKA-KR6 robot by using sensor fusion: 

    The use of computerised information systems has become an integral part of South African secondary schools, bringing about a host of information security challenges that schools have to deal with in addition to their core business of teaching and learning. Schools handle large volumes of sensitiveinformation pertaining to educators, learners, creditors and financial records, which they are obliged to secure. Unfortunately, school management and users are not aware of the risks to their informationassets and the repercussions of a compromise thereof. Computerised information systems are susceptible to both internal and external threats but ease of access is likely to manifest in securitybreaches, thereby undermining information security. One way of enlightening schools about the risks to their computerised information systems is through a risk management programme. Schools may not have the full capacity to perform information security risk management exercises due to the unavailability of risk management experts and scarce financial resources. Therefore, the objective of this paper is to educate secondary schools' management and users on how to perform a risk management exercise for their computerised information systems in order to reduce or mitigate information security risks within their information systems and protect vital information assets. This study uses the Operationally Critical Threat, Asset, and Vulnerability Evaluation for small organisations (OCTAVE-Small) risk management methodology to address these information security risks in two selected secondary schools.

    [32] A software gateway to affordable and effective Information Security Governance in SMMEs 

    It has been found that many small, medium and micro enterprises (SMMEs) do not comply with sound information security governance principles, specifically those principles involved in drafting information security policies and monitoring compliance, mainly as a result of restricted resources and expertise. Research suggests that this problem occurs worldwide and that the impact it has on SMMEs is great. In previous research an information security governance model was established to assist SMMEs in addressing information security governance issues and concerns. In order to provide SMMEs with a practical approach for applying this model, further research was conducted to establish a software program that demonstrates the model's practical feasibility. The aim of this paper is to introduce this software program, called The Information Security Governance Toolbox (ISGT), by means of its various components, workings and benefits. Furthermore, a focus-group study's evaluation results are offered that suggest that the program is useful to SMMEs in addressing their information security governance implementation challenges and offer value for industry

    [33] Analysis on the Information Security Education for the Public Security Active Forces Academy 

    With the rapid development of information technology, the society is rapidly moving toward aninformation-based. The public security active forces' information construction greatly improves the work efficiency of the troops, while this challenges the public security active forces on the information security. Information security of the public security active forces is the basic construction project for the information construction of public security active forces. By comprehending the conception of information security and analyzing necessity and feasibility of the information security education, this paper proposes some strategies that should be needed on information security education for publicsecurity forces academy, at the same time, it also discusses the development trend of the informationsecurity education.

    [34] Smart grid information security - a research on standards 

    Smart Grid has received tremendous development momentum over the last years. Information and cyber security of smart grid faces severe challenges and has gained considerable importance. First, the characters of smart grid are analyzed and discussed. Then a hierarchical information and communication model is abstracted. Based on the proposed model, the information security risks and information security protection demands of smart grid are studied and summarized. According to the model and security risks, this paper surveys, collects,and studys different smart grid and common information and cyber security standards and guidelines from three dimensions. The dimensions are different domains of smart grid, different hierarchies of the proposed information and communication model, different stages of the information system life cycle. Also, a comparison of these standards is made. After discussed, studied and analyzed, a information security standard architecture is designed and described to guide the electric power utilities in their smart grid information security efforts.

    [35] Information security professional perceptions of knowledge-sharing intention in virtual communities under social cognitive theory 

    Knowledge sharing is an important component of knowledge management systems. Security knowledge sharing substantially reduces risk and investment in information security. Despite the importance of information security, little research based on knowledge sharing has focused on thesecurity profession. Therefore, this study analyses key factors, containing attitude, self-efficacy, personal outcome expectation, and facilitating condition, in respect of the information security workersintentiontoshareknowledge. Information security professionalsinvirtualcommunities,including the Information Security ProfessionalAssociation(ISPA), Information Systems Security Association (ISSA), Society of Information Risk Analysts (SIRA), and LinkedIn security groups, were surveyed to test the proposed research model. Confirmatory factor analysis (CFA) and the structural equation modelling (SEM) technique were used to analyse the data and evaluate the research model. The results showed that the research model fit the data well and the structural model suggests a strong relationship between attitude and knowledge sharing intention. Hypotheses regarding the influence of self-efficacy and personal outcome expectation, to knowledge sharing attitude were upheld. Facilitating condition showed significant influences on moderating between attitude and intention.

    [36] Improving Organisational Information Security Management: The Impact of Training and Awareness  

    Security breaches that affect personal data and organisational systems have become increasingly significant in the global technology (IT) industry. There is scope for research on the factors that influence user behaviour and attitudes toward this aspect of information security and their impact on organisation's network integrity. This research aims to study the critical success factors (CSF) for employees in order to comply with the organisational information security policy with a view to mitigatingsecurity breaches. Information security can be managed through three separate mechanisms: organisational factors, behavioural factors and training. Each of these elements impact differently oninformation security and comprehensive solutions include combinations of all three. The findings provide empirically evaluated information regarding the obstacles and the effective factors in employees' compliance with the implementation of the information security policy. The identified categories of factors are followed differently by employees working in Health, Business and Education. Questionnaire analysis as part of this study suggests that employees in the health sector comply the most in adhering with information security policy as compared to other sectors. One of the reasons for this is that health sector employees have better awareness, robust communication and effective training programmes with reinforcement and satisfaction. Moreover, employees in the health sector believe in the norms ofsecurity policies and have a positive attitude, as they recognise the significance of security policies, unlike the business and education sectors.

    [37] Information Security Governance control through comprehensive policy architectures  

    Information Security Governance has become one of the key focus areas of strategic management due to its importance in the overall protection of the organization's information assets.Aproperlyimplemented Information Security Governance framework should ideally facilitate the implementation of (directing), and compliance to (control), Strategic level management directives. These Strategic level management directives are normally interpreted, disseminated and implemented by means of a series of information security related policies. These policies should ideally be disseminated and implemented from the Strategic management level, through the Tactical level to the Operational level where eventual execution takes place. Control is normally exercised by capturing data at the lowest levels of execution and measuring compliance against the Operational level policies. Through statistical and summarized analyses of the Operational level data into higher levels of extraction, compliance at the Tactical and Strategic levels can be facilitated. This scenario of directing and controlling defines the basis ofsoundInformation Security Governance.Unfortunately, information security policies are normally not disseminated onto the Operational level. As a result, proper controlling is difficult and therefore compliance measurement against all information security policies might be problematic. The objective of this paper is to argue towards a more complete information security policy architecture that will facilitate complete control, and therefore compliance, to ensure sound Information SecurityGovernance.

    [38] Information Security Awareness: Comparing perceptions and training preferences  

    Use of the Internet has become our second nature. With each passing day computers and mobile devices are becoming ubiquitous in our society. In this backdrop the confidentiality of information is now a question of paramount importance. It is understood fact now that merely technical security solutions cannot guarantee security. End users are required to have solid understanding of the security issues. This study is carried out to compare and understand the perceived Information Technology (IT) and Information Security knowledge level of Information and Communication Technologies (ICT) users of two countries, Pakistan and Finland. The respondents are university students belonging to different age groups and with different educational background. Perception of respondents regarding Information Security Awareness (ISA) has been compared and no significant difference has been found. There is visible difference among information sharing habits in both groups of respondents. In both cases, respondents turn to similar sources for information security knowledge, however, there is difference in order of preference. Preferences toward Information Security related trainings are also same but with difference in order.

    [39] Towards an information security framework for service-oriented architecture  

    Service-oriented architectures support distributed heterogeneous environments where business transactions occur among loosely connected services. Ensuring a secure infrastructure for this environment is challenging. There are currently various approaches to addressing information security, each with its own set of benefits and difficulties. Additionally, organisations can adopt vendor-based information security frameworks to assist them in implementing adequate information security controls. Unfortunately, there is no standard information security framework that has been adopted for service-oriented architectures. This paper analyses the information security challenges faced by service-oriented architectures. Information security components for a service-oriented architecture environment are proposed. These components were developed collectively from service-oriented architecture design principles, the ISO/IEC 27002:2005 standard, and other service-oriented architecture governance frameworks. The information security framework can assist organisations in determining information security controls for service-oriented architectures, aligned to current ISO/IEC 27002:2005 standards.

    [40] Towards a Holistic Information Security Governance Framework for SOA  

    Service Oriented Architecture (SOA) is a design paradigm that enables applications to be built from business processes to support enterprise architecture. This architecture introduces informationsecurity challenges that are not comprehensively addressed by current best-practices. This paper evaluates if an Information Security Management System (ISMS), defined by the international standard ISO/IEC 27001 and 27002 can be used to comprehensively support Information Security governance for SOA. As SOA governance, a separate and distinct governance framework, also addresses informationsecurity to a certain extent, managers are faced the difficult task of deciding whether their SOA sufficiently protected by the different frameworks. The conclusion is that information security for SOA needs to be addressed more holistically, following an Enterprise Information Security Architecture (EISA) approach where Enterprise Architecture (EA) is concerned with the design of the overall architectural vision of an organization. The framework chosen for this purpose is SABSA, a well-known enterprise security architecture. Using the example of access control to highlight challenges, it becomes clear that Information Security governance for SOA can benefit from an approach such as SABSA.

    [41] The Importance of Corporate Forensic Readiness in the Information Security Framework 
    Corporate forensics is rapidly becoming an essential component of modern business. Having no a priori knowledge on whether a security related event or corporate policy violation will lead to litigation, it is argued in this paper that digital forensics principles need to be applied to all corporate investigatory, monitoring and auditing activities. Corporate forensics are also necessary in modern organizations in order to credibly investigate what and how it happened, what part of the security policy was breached, whether existing corporate security mechanisms are sufficient and responding promptly, help investigate the impact and costs of a security incident, help management take well documented actions, and so forth. Forensic practices are therefore departing fast from the niche of law enforcement and becoming a business function and infrastructural component. This migration poses new challenges to security professionals that must be resolved. Furthermore, protecting information and information assets solely through technical means and security procedures is also no longer sufficient in modern corporate environments, as accountability from management is also needed. Forensic readiness helps enhance the security strategy of an organization, reduce the impact of a security incident and provide management with the means to demonstrate that reasonable care has been taken to protect information resources. Forensic readiness is becoming important for modern corporate environments and a significant component of the Information Security Good Practice. In this paper we also advocate that the scope of forensics needs to be expanded in order to encompass the whole information security domain and we address a number of related issues that need further attention or must be resolved in order to take full advantage of forensic readiness in a corporate environment. The expanded scope of information security due to the inclusion of forensic readiness is expected to disturb establi- - shed information security good practices. As such we challenge the concept of a generic good practice, its applicability to a specific organizational context and we investigate alternatives for adapting information security good practices to accommodate digital forensics processes.

    [42] A new method for the identification of proactive information security management system metrics 

    Information security is topic of everyday interest, with mainstream media reports revealing informationsecurity incidents in many different areas. These reports demonstrate the importance to any organization of having an information security management system (ISMS). Foreseeing potentialsecurity risks is usually key to successful risk management. Available information security standards such as the ISO 27000 set of standards give a formal framework for successful information security management in any size of organisation or company. In this paper we draw on experience gained during a project leading to successful ISO 27001 certification at the Central Bank of Bosnia and Herzegovina in 2009. We review recent work on proactive damage prevention, and we propose methodology based on the GQM (Goal, Question, Metrics) paradigm for determining proactive steps for detection and resolution of different information security control violations. For creating proactive measurement metrics we use the well recognised standards ISO 27004:2009, and NIST 800-55. We present several examples of proactive metrics.

    [43] Information Security Education and Foundational Research  

    The mini-track on Information Security Education and Foundational Research is a forum for the discussion of advances in two important areas of information security:educationandbasicresearch.The information security educationarea is concerned information security curriculum design at the national and institutional levels, innovative approaches to teaching information security, evaluationsofexistingapproaches,emergingneedsfor information security curriculum, innovative approaches to faculty development and capacity building, challenges faced by institutions and programs, and other topics relevant to information security education. The fundamental research area is concerned with advances in the theory and foundations of information security such as new analytic results, mathematical developments and proofs. Topics covered in this category include cryptography and cryptographic protocols, mathematical analyses of secure computing systems, foundations of network ksecurity, ethical and legal issuesin information securitythetheoreticalfoundationsof informationsecurity, information security management policy and response, and other foundational topics

    [44] A Proposed Preventive Information Security System


    Managing computer and network security programs has become an increasingly difficult and challenging job. Dramatic advances in computing and communications technology during the past few years have redirected the focus of data processing from the computing center to the terminals in individual offices and homes. The result is that managers must now monitor security on a more widely dispersed level. These changes are continuing to accelerate, making the security manager's job increasingly difficult. In this paper a better solution for Information Security management has been proposed by designing PrISM (Preventive Information Security Management). PrISM aims to develop and deploy an indigenous Information Security Management System (ISMS) with intrusion prevention capabilities. The objective is to develop an ISMS with appropriate security assurance controls and risk handling processes. This will provide best protection of critical assets against information warfare attacks. The task has been planned by performing reverse engineering of Open Source Security Information Management (OSSIM) system. A detailed discussion on OSSIM and commercially available software Event Horizon has also been presented.

    [45] ISEDS: An Information Security engineering Database System Based on ISO Standards  

    Security facilities of information systems with high security requirements should be consistently and continuously developed, used, and maintained based on some common standards of information security. However, there is no engineering environment that can support all tasks in security engineering consistently and continuously. To construct a security engineering environment, a database that can manage all data concerning all tasks in security engineering is indispensable. This paper presents an Information Security engineering Database System, named "ISEDS," that we are developing based on ISO standards, and shows its some possible applications. ISEDS manages data of ISO standards of information security and various cases of system development and maintenance. We adopted the international standard ISO/IEC 15408 (Common Criteria) for information security evaluation as one of ISO standards to underlie ISEDS, and implemented major functions of ISEDS and its application tools to manage and use data oflSO/IEC 15408. Developers, users, and maintainers can create, correct, and verify specification documents of security facilities with the application tools.

    [46] Examining the effects of knowledge, attitude and behaviour on information security awareness: A case on SME  

    The role and importance of information security policy is gaining its popularity in many large organisations. However, this is not the case for SMEs as developing and adopting information security policy requires a lot of time and resources. Lack of awareness, thus, exposes organisation to significant risk in ensuring security and protection of organisational assets. This paper reports awareness of information security at a SME in Malaysia. The research aims to establish the relationship between knowledge, attitude and behaviour and information security awareness. A survey questionnaire was used to collect data about information security awareness. Partial-least square was used for data analysis. The findings present information security awareness of employees indicating attitude and behaviour found to be significantly influence confidentiality, integrity, and availability (CIA) of business information.

    [47] On Several Major Issues of the Construction of Chinese E-government Information Security System  

    The protection of e-government information security and the construction of its operational safety system have become very important research topics in the e-government field. Since egovernmentinformation security involves many factors, the construction of the system is a systematic project. The analysis of e-government information security's requirements and internal, together with external factors that may threaten e-government information security is the fundamental premise of studying how to establish the e-government information security system.Anegovernment information security system suited to China's realities should be established according to the design principles of balance, integrity, dynamic characteristic and so on, by the design strategies of dividing the level of security, perfecting thesecurity mechanism, improving price versus performance ratio and so on, and by the frame of three dimensions: technology, management, law, etc. The construction of e-government information securitysystem is not once and for all. That is to say, this is a project that can not be completely finished.

    [48] Research on information security cost based on game-theory 

    This paper analyzed the interdependence of information security issues, based on the expected benefit of cost and security loss of the interdependence of information security agents in a network, a model which simulates the information security cost analysis has been built. An information security cost game model is set up based on payoff matrix, the main strategy are divided into "investment securitycosts" and "do not input the security cost", which using Nash equilibrium and thus support the decision of the agents' security cost..

    [49] A fuzzy logic-based information security control assessment for organizations 

    For organizations, security of information is eminent as threats of information security incidents that could impact the information continue to increase. Alarming facts within the literature support the current lack of adequate information security practices and prompt for identifying additional methods to help organizations in protecting their sensitive and critical information. Research efforts shows inadequacies within traditional ISC assessment methodologies that do not promote an effective assessment, prioritization, and, therefore, implementation of ISC in organizations. This research-in-progress relates to the development of a tool that can accurately prioritize ISC in organizations. The tool uses fuzzy set theory to allow for a more accurate assessment of imprecise parameters than traditional methodologies. We argue that evaluating information security controls using fuzzy set theory leads to a more detailed and precise assessment and, therefore, supports an effective selection of informationsecurity controls in organizations.

    [50] Multidimensional Management of Information Security – A Metrics Based Approach Merging Business and Information Security Topics 

    Currently as even more in the future, enterprises of whatever size and structure highly dependent oninformation and information processing technologies. A lot effort has been made for securing these assets, focusing on technical and selected organizational solutions mainly. As the rising dependability on information security comes along with an even stronger increase in the necessity to manageinformation security also by using a business pair of glasses, activities like communication to securitystakeholders or to justify resources needed substantiate the development of models and methods to support information security management entities. A multidimensional approach able to cope with these challenges by integrating business and security topics is presented in the current paper.

    More About Information Security:

    Information assurance: The act of ensuring that data is not lost when critical issues arise. These issues include but are not limited to: natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost. Since most information is stored on computers in our modern era, information assurance is typically dealt with by IT security specialists. One of the most common methods of providing information assurance is to have an off-site backup of the data in case one of the mentioned issues arise. Governments, military, corporations, financial institutions, hospitals and private businesses amass a great deal of confidential information about their employees, customers, products, research and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a business' customers or finances or new product line fall into the hands of a competitor or a black hat hacker, a business and its customers could suffer widespread, irreparable financial loss, not to mention damage to the company's reputation. Protecting confidential information is a business requirement and in many cases also an ethical and legal requirement. A key concern for organizations is the derivation of the optimal amount to invest, from an economics perspective, on information security. TheGordon-Loeb Model provides a mathematical economic approach for addressing this latter concern. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures. The field of information security has grown and evolved significantly in recent years. There are many ways of gaining entry into the field as a career. It offers many areas for specialization including securing network(s) and allied infrastructure, securing applicationsand databases, security testing, information systems auditing, business continuity planning and digital forensics, etc. This article presents a general overview of information security and its core concepts. 1. "Preservation of confidentiality, integrity and availability of information. Note: In addition, other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved." (ISO/IEC 27000:2009) 2. "The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability." (CNSS, 2010) 3. "Ensures that only authorized users (confidentiality) have access to accurate and complete information (integrity) when required (availability)." (ISACA, 2008) 4. "Information Security is the process of protecting the intellectual property of an organisation." (Pipkin, 2000) 5. "...information security is a risk management discipline, whose job is to manage the cost of information risk to the business." (McDermott and Geer, 2001) 6. "A well-informed sense of assurance that information risks and controls are in balance." (Anderson, J., 2003) 7. "Information security is the protection of information and minimises the risk of exposing information to unauthorised parties." (Venter and Eloff, 2003) 8. "Information Security is a multidisciplinary area of study and professional activity which is concerned with the development and implementation of security mechanisms of all available types (technical, organisational, human-oriented and legal) in order to keep information in all its locations (within and outside the organisation’s perimeter) and, consequently, information systems, where information is created, processed, stored, transmitted and destroyed, free from threats. Threats to information and information systems may be categorised and a corresponding security goal may be defined for each category of threats. A set of security goals, identified as a result of a threat analysis, should be revised periodically to ensure its adequacy and conformance with the evolving environment. The currently relevant set of security goals may include: confidentiality, integrity, availability, privacy, authenticity & trustworthiness, non-repudiation, accountability and auditability Information security must protect information throughout the life span of the information, from the initial creation of the information on through to the final disposal of the information. The information must be protected while in motion and while at rest. During its lifetime, information may pass through many different information processing systems and through many different parts of information processing systems. There are many different ways the information and information systems can be threatened. To fully protect the information during its lifetime, each component of the information processing system must have its own protection mechanisms. The building up, layering on and overlapping of security measures is called defense in depth. The strength of any system is no greater than its weakest link. Using a defense in depth strategy, should one defensive measure fail there are other defensive measures in place that continue to provide protection. Recall the earlier discussion about administrative controls, logical controls, and physical controls. The three types of controls can be used to form the basis upon which to build a defense-in-depth strategy. With this approach, defense-in-depth can be conceptualized as three distinct layers or planes laid one on top of the other. Additional insight into defense-in- depth can be gained by thinking of it as forming the layers of an onion, with data at the core of the onion, people the next outer layer of the onion, and network security, host-based security and application security forming the outermost layers of the onion. Both perspectives are equally valid and each provides valuable insight into the implementation of a good defense-in-depth strategy. • In the business sector, labels such as: Public, Sensitive, Private, Confidential. • In the government sector, labels such as: Unclassified, Sensitive But Unclassified, Restricted, Confidential, Secret, Top Secret and their non-English equivalents. • In cross-sectoral formations, the Traffic Light Protocol, which consists of: White, Green, Amber, and Red.


    • Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called encryption. Information that has been encrypted (rendered unusable) can be transformed back into its original usable form by an authorized user, who possesses the cryptographic key, through the process of decryption. Cryptography is used in information security to protect information from unauthorized or accidental disclosure while the information is in transit (either electronically or physically) and while information is in storage. • Cryptography provides information security with other useful applications as well including improved authentication methods, message digests, digital signatures, non-repudiation, and encrypted network communications. Older less secure applications such as telnet and ftp are slowly being replaced with more secure applications such as ssh that use encrypted network communications. Wireless communications can be encrypted using protocols such as WPA/WPA2 or the older (and less secure) WEP. Wired communications (such as ITU T are secured using AES for encryption and X.1035 for authentication and key exchange. Software applications such as GnuPG or PGP can be used to encrypt data files and Email. • Cryptography can introduce security problems when it is not implemented correctly. Cryptographic solutions need to be implemented using industry accepted solutions that have undergone rigorous peer review by independent experts in cryptography. The length and strength of the encryption key is also an important consideration. A key that is weak or too short will produce weak encryption. The keys used for encryption and decryption must be protected with the same degree of rigor as any other confidential information. They must be protected from unauthorized disclosure and destruction and they must be available when needed. Public key infrastructure (PKI) solutions address many of the problems that surround key management.

    KaaShiv InfoTech offers world class Final Year Project for BE, ME, MCA ,MTech, Software engineering and other students in Anna Nagar, Chennai.

    internship in chennai

    Website Details:

    Inplant Training: