Abstract: The paper studies the role of food labeling in order to promote healthy eating issue in Georgia. The main focus of the research is directed to consumer attitudes regarding food labeling. The methodology of the paper is based on the focus group work, as well as online and face to face surveys. The data analysis has been provided through ANOVA. The study proves that the impact of variables such as the interest, awareness, reliability, assurance and satisfaction of consumers' on buying decision, is statistically important. The study reveals that consumers’ perception regarding to food labeling is positive, but their level of knowledge and ability is rather low. It is urgent to strengthen marketing promotions strategies in the process of implementations of food security policy in Georgia.
Abstract: Bhutan is becoming increasingly dependent on Information and Communications Technologies (ICTs), especially the Internet for performing the daily activities of governments, businesses, and individuals. Consequently, information systems and networks are becoming more exposed and vulnerable to cybersecurity threats. This paper highlights the findings of the survey study carried out to understand the perceptions of cybersecurity implementation among government organizations in Bhutan. About 280 ICT personnel were surveyed about the effectiveness of cybersecurity implementation in their organizations. A questionnaire based on a 5 point Likert scale was used to assess the perceptions of respondents. The questions were asked on cybersecurity practices such as cybersecurity policies, awareness and training, and risk management. The survey results show that less than 50% of respondents believe that the cybersecurity implementation is effective: cybersecurity policy (40%), risk management (23%), training and awareness (28%), system development life cycle (34%); incident management (26%), and communications and operational management (40%). The findings suggest that many of the cybersecurity practices are inadequately implemented and therefore, there exist a gap in achieving a required cybersecurity posture. This study recommends government organizations to establish a comprehensive cybersecurity program with emphasis on cybersecurity policy, risk management, and awareness and training. In addition, the research study has practical implications to both government and private organizations for implementing and managing cybersecurity.
Abstract: IPsec has now become a standard information security
technology throughout the Internet society. It provides a well-defined
architecture that takes into account confidentiality, authentication,
integrity, secure key exchange and protection mechanism against
replay attack also. For the connectionless security services on packet
basis, IETF IPsec Working Group has standardized two extension
headers (AH&ESP), key exchange and authentication protocols. It is
also working on lightweight key exchange protocol and MIB's for
security management. IPsec technology has been implemented on
various platforms in IPv4 and IPv6, gradually replacing old
application-specific security mechanisms. IPv4 and IPv6 are not
directly compatible, so programs and systems designed to one
standard can not communicate with those designed to the other. We
propose the design and implementation of controlled Internet security
system, which is IPsec-based Internet information security system in
IPv4/IPv6 network and also we show the data of performance
measurement. With the features like improved scalability and
routing, security, ease-of-configuration, and higher performance of
IPv6, the controlled Internet security system provides consistent
security policy and integrated security management on IPsec-based
Internet security system.
Abstract: Network security attacks are the violation of
information security policy that received much attention to the
computational intelligence society in the last decades. Data mining
has become a very useful technique for detecting network intrusions
by extracting useful knowledge from large number of network data
or logs. Naïve Bayesian classifier is one of the most popular data
mining algorithm for classification, which provides an optimal way
to predict the class of an unknown example. It has been tested that
one set of probability derived from data is not good enough to have
good classification rate. In this paper, we proposed a new learning
algorithm for mining network logs to detect network intrusions
through naïve Bayesian classifier, which first clusters the network
logs into several groups based on similarity of logs, and then
calculates the prior and conditional probabilities for each group of
logs. For classifying a new log, the algorithm checks in which cluster
the log belongs and then use that cluster-s probability set to classify
the new log. We tested the performance of our proposed algorithm by
employing KDD99 benchmark network intrusion detection dataset,
and the experimental results proved that it improves detection rates
as well as reduces false positives for different types of network
intrusions.
Abstract: Security management has changed from the
management of security equipments and useful interface to manager.
It analyzes the whole security conditions of network and preserves the
network services from attacks. Secure router technology has security
functions, such as intrusion detection, IPsec(IP Security) and access
control, are applied to legacy router for secure networking. It controls
an unauthorized router access and detects an illegal network intrusion.
This paper relates to a security engine management of router based on
a security policy, which is the definition of security function against a
network intrusion. This paper explains the security policy and designs
the structure of security engine management framework.
Abstract: In this paper, the authors examine whether or not there Institute for Information and Communications Policy shows are differences of Japanese Internet users awareness to information security based on individual attributes by using analysis of variance based on non-parametric method. As a result, generally speaking, it is found that Japanese Internet users' awareness to information security is different by individual attributes. Especially, the authors verify that the users who received the information security education would have rather higher recognition concerning countermeasures than other users including self-educated users. It is suggested that the information security education should be enhanced so that the users may appropriately take the information security countermeasures. In addition, the information security policy such as carrying out "e- net caravan" and "information security seminars" are effective in improving the users' awareness on the information security in Japan.
Abstract: Web services provide significant new benefits for SOAbased
applications, but they also expose significant new security
risks. There are huge number of WS security standards and
processes. At present, there is still a lack of a comprehensive
approach which offers a methodical development in the construction
of secure WS-based SOA. Thus, the main objective of this paper is
to address this needs, presenting a comprehensive method for Web
Services Security guaranty in SOA. The proposed method defines
three stages, Initial Security Analysis, Architectural Security
Guaranty and WS Security Standards Identification. These facilitate,
respectively, the definition and analysis of WS-specific security
requirements, the development of a WS-based security architecture
and the identification of the related WS security standards that the
security architecture must articulate in order to implement the
security services.
Abstract: This paper introduces a tool that is being developed for the expression of information security policy controls that govern electronic healthcare records. By reference to published findings, the paper introduces the theory behind the use of knowledge management for automatic and consistent security policy assertion using the formalism called the Secutype; the development of the tool and functionality is discussed; some examples of Secutypes generated by the tool are provided; proposed integration with existing medical record systems is described. The paper is concluded with a section on further work and critique of the work achieved to date.
Abstract: This paper discusses a curriculum approach that will
give emphasis on practical portions of teaching network security
subjects in information and communication technology courses. As
we are well aware, the need to use a practice and application oriented
approach in education is paramount. Research on active learning and
cooperative groups have shown that students grasps more and have
more tendency towards obtaining and realizing soft skills like
leadership, communication and team work as opposed to the more
traditional theory and exam based teaching and learning. While this
teaching and learning paradigm is relatively new in Malaysia, it has
been practiced widely in the West. This paper examines a certain
approach whereby students learning wireless security are divided into
and work in small and manageable groups where there will be 2
teams which consist of black hat and white hat teams. The former
will try to find and expose vulnerabilities in a wireless network while
the latter will try their best to prevent such attacks on their wireless
networks using hardware, software, design and enforcement of
security policy and etc. This paper will try to show that the approach
taken plus the use of relevant and up to date software and hardware
and with suitable environment setting will hopefully expose students
to a more fruitful outcome in terms of understanding of concepts,
theories and their motivation to learn.