از نرم افزار winrar برای باز کردن فایل های فشرده استفاده می شود. برای دانلود آن بر روی لینک زیر کلیک کنید
System Integration and Security of Information Systems
سیستم ادغام و امنیت سیستم های اطلاعاتی-2017
The frequency of unauthorized actions to information systems (IS) in the process of their integration is steadily increasing, which inevitably leads to huge financial and material losses. According to statistics, internal users of IS, commit more than half of all violations. All of this forms "a dangerous group of risk ". Existing approaches for IS security are mainly provided by specialized tools of differentiation of user access to information resources. At the same time each user is assigned certain rights, in accordance with which it is permitted/prohibited local access to information is stored in PC, or remote access via communication links to information available on other PC.After analyzing we identified 2 major vulnerabilities: tools of differentiation of local access are not able to provide protection against the actions of offenders are not directly related to obtaining unauthorized access to IS resources and tools of differentiation of remote access does not provide protection from network by internal users of the system.The results of this research will lead to an improvement of the process of ensuring effective protection against threats to information security in the IS.© 2016 The Authors. Published by Elsevier B.V.Peer-review under responsibility of organizing committee of the scientific committee of the international conference; ICTE 2016.© 2017 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).Peer-review under responsibility of organizing committee of the scientific committee of the international conference; ICTE 2016
Keywords: Information system | Intrusion detection system | Behavioral method | Signature method | Security of information systems
سیستم های اطلاعاتی و مدیریت زنجیره تامین پایدار به سوی یک جامعه پایدارتر: کجا هستیم و کجا خواهیم رفت
سال انتشار: 2017 - تعداد صفحات فایل pdf انگلیسی: 9 - تعداد صفحات فایل doc فارسی: 28
اهداف این مطالعه شناسایی و ساماندهی مقالات علمی در مورد استفاده از سیستم های اطلاعاتی برای حمایت از مدیریت زنجیره تامین پایدار و اشاره به فرصت های پژوهشی در آینده است. بنابراین، بررسی مقالات ساختار یافته انجام شد.مرتبط ترین مطالعات شناسایی شده به هفت بعد طبقه بندی و ساماندهی شده است.زمینه پژوهش،تمرکز پژوهش،روش پژوهش،بخش آنالیز شده،کاربردهای سیستم اطلاعاتی(IS) ،ارتباط بین IS و شیوه های زنجیره تامین سبز، و مزایای عملکرد. نویسندگان و مقالات اصلی در این موضوع خاص شناسایی شدند. علاوه بر این، IS یک ابزار پشتیبانی مهم برای مدیریت زنجیره تامین است چرا که مزایایی را برای سازمان، تامین کنندگان و مشتریان به ارمغان می آورد. علاوه بر این،IS به طورمثبتی بر عملکرد موثر، مالی و محیطی سازمان تاثیر می گذارد.با این حال، هنوز پیشرفت های بیشتری در مقاله مورد نیاز است. سهم عمده این پژوهش مربوط به نظریه هایی است که فرصت های پژوهش در آینده را فراهم می کنند.
کلمات کلیدی: سیستم های اطلاعاتی برای توسعه پایدار | مدیریت زنجیره تامین پایدار | مدیریت زنجیره تامین سبز | توسعه پایدار،سیستم های اطلاعات سبز | فناوری اطلاعات پایدار
|مقاله ترجمه شده|
A collaborative cyber incident management system for European interconnected critical infrastructures
سیستم مدیریت حادثه سایبری مشترک برای زیرساخت های بحرانی مرتبط با اروپا-2017
Article history:Available online 2 June 2016Keywords:Cyber security Information sharing Cyber incident reporting Security operation center Cyber incident handlingToday’s Industrial Control Systems (ICSs) operating in critical infrastructures (CIs) are becoming increas- ingly complex; moreover, they are extensively interconnected with corporate information systems for cost-eﬃcient monitoring, management and maintenance. This exposes ICSs to modern advanced cyber threats. Existing security solutions try to prevent, detect, and react to cyber threats by employing secu- rity measures that typically do not cross the organization’s boundaries. However, novel targeted multi- stage attacks such as Advanced Persistent Threats (APTs) take advantage of the interdependency between organizations. By exploiting vulnerabilities of various systems, APT campaigns intrude several organiza- tions using them as stepping stones to reach the target infrastructure. A coordinated effort to timely reveal such attacks, and promptly deploy mitigation measures is therefore required. Organizations need to cooperatively exchange security-relevant information to obtain a broader knowledge on the current cyber threat landscape and subsequently obtain new insight into their infrastructures and timely react if necessary. Cyber security operation centers (SOCs), as proposed by the European NIS directive, are be- ing established worldwide to achieve this goal. CI providers are asked to report to the responsible SOCs about security issues revealed in their networks. National SOCs correlate all the gathered data, analyze it and eventually provide support and mitigation strategies to the aﬃliated organizations. Although many of these tasks can be automated, human involvement is still necessary to enable SOCs to adequately take decisions on occurring incidents and quickly implement counteractions. In this paper we present a collaborative approach to cyber incident information management for gaining situational awareness on interconnected European CIs. We provide a scenario and an illustrative use-case for our approach; we propose a system architecture for a National SOC, deﬁning the functional components and interfaces it comprises. We further describe the functionalities provided by the different system components to sup- port SOC operators in performing incident management tasks.© 2016 Elsevier Ltd. All rights reserved.
Keywords: Cyber security | Information sharing | Cyber incident reporting | Security operation center | Cyber incident handling
Supply chain forecasting when information is not shared
پیش بینی زنجیره تامین زمانی که اطلاعات به اشتراک گذاشته نمی شود-2017
The operations management literature is abundant in discussions on the benefits of information sharing in supply chains. However, there are many supply chains where information may not be shared due to constraints such as compatibility of information systems, information quality, trust and confidentiality. Furthermore, a steady stream of papers has explored a phenomenon known as Downstream Demand Inference (DDI) where the upstream member in a supply chain can infer the downstream demand without the need for a formal information sharing mechanism. Recent research has shown that, under more realistic circumstances, DDI is not possible with optimal forecasting methods or Single Exponential Smoothing but is possible when supply chains use a Simple Moving Average (SMA) method. In this paper, we evaluate a simple DDI strategy based on SMA for supply chains where information cannot be shared. This strategy allows the upstream member in the supply chain to infer the consumer demand mathematically rather than it being shared. We compare the DDI strategy with the No Information Sharing (NIS) strategy and an optimal Forecast Information Sharing (FIS) strategy in the supply chain. The comparison is made analytically and by experimentation on real sales data from a major European supermarket located in Germany. We show that using the DDI strategy improves on NIS by reducing the Mean Square Error(MSE) of the forecasts, and cutting inventory costs in the supply chain.
Keywords: Supply chain management | Information sharing | Simple moving average | ARIMA | Downstream demand inference
Security towards the edge: Sticky policy enforcement for networked smart objects
امنیت به سمت لبه: اجرای سیاست های مهم برای اشیاء هوشمند شبکه-2017
Article history:Received 13 June 2017Revised 24 July 2017Accepted 25 July 2017Available online 25 July 2017Keywords: Internet of Things SecuritySticky policy Enforcement Middleware PrototypeOne of the hottest topics in the Internet of Things (IoT) domain relates to the ability of enabling com- putation and storage at the edges of the network. This is becoming a key feature in order to ensure the ability of managing in a scalable way service requests with low response times. This means being able to acquire, store, and process IoT-generated data closer to the data producers and data consumers. In this scenario, also security and privacy solutions must be applied in a capillary way at the edges of the network. In particular, a control on access to data generated by IoT devices is necessary for guaranteeing proper levels of security and privacy as well as for preventing violation attempts, while allowing data owners to monitor and control their information. In this paper, a sticky policy approach is proposed as a strategy for eﬃciently managing the access to IoT resources within an existing distributed middleware architecture. As demonstrated in the experimental evaluation, sticky policies represent a promising and eﬃcient technique to increase the robustness (in a security perspective) of the IoT system.© 2017 Elsevier Ltd. All rights reserved.
Keywords: Internet of Things | Security | Sticky policy | Enforcement | Middleware Prototype
The Social Relation Key: A new paradigm for security
کلید ارتباط اجتماعی: یک نمونه جدید برای امنیت-2017
Article history:Received 23 June 2017Revised 7 July 2017Accepted 7 July 2017Available online 18 July 2017Keywords:Online social network Security keySMSTwitter SpamAuthenticationFor the last decade, online social networking services have consistently shown explosive annual growth, and have become some of the most widely used applications and services. Large amounts of social re- lation information accumulate on these platforms, and advanced services, such as targeted advertising and viral marketing, have been introduced to exploit this social information. Although many prior social relation-based services have been commerce oriented, we propose employing social relations to improve online security. Speciﬁcally, we propose that real social networks possess unique characteristics that are diﬃcult to imitate through random or artiﬁcial networks. Also, the social relations of each individual are unique, like a ﬁngerprint or an iris. These observations thus lead to the development of the Social Rela- tion Key (SRK) concept. We applied the SRK concept in different use cases in the real world, including in the detection of spam SMSes, and another in pinpointing fraud in Twitter followers. Since spammers multicast the same SMS to multiple, randomly-selected receivers and normal users multicast an SMS to friends or acquaintances who know each other, we devise a detection scheme that makes use of a clustering coeﬃcient. We conducted a large scale experiment using an SMS log obtained from a major cellular network operator in Korea, and observed that the proposed scheme performs signiﬁcantly better than the conventional content-based Naive Bayesian Filtering (NBF). To detect fraud in Twitter followers, we use different social network signatures, namely isomorphic triadic counts, and the property of social status. The experiment based on a Twitter dataset again conﬁrmed the feasibility of the SRK. Our codes are available on a website1 .© 2017 Published by Elsevier Ltd.
Keywords: Online social network | Security key | SMS | Twitter | Spam | Authentication
Integrating GIS with optimization method for a biofuel feedstock supply chain
ادغام GIS با روش بهینه سازی زنجیره تامین مواد زیستی سوخت زیستی-2017
Taking forest biomass, defined here as roundwood pulpwood, as feedstock, this study focused on locating bioethanol facilities and designing the bioethanol feedstock supply chain to minimize the total system cost. For this purpose an integrated approach combining Geographic Information System based analysis with optimization modeling method was developed. Nine candidate bioethanol facilities were pre selected based on the GIS method and served as input for the optimization modeling followed. The total system cost and the delivered feedstock cost were calculated under demand and supply uncertainties. Both cost values increase significantly as the annual bioethanol demand grows or the biomass availability decreases. This is because more feedstocks are required to be hauled from longer distances to support a larger scale bioethanol facility or several smaller ones. It is also found that Gaylord shows up as one of the optimized candidate no matter what the demand or supply is. The optimization model and identified locations provides decision makers an integrated decision support system to determine optimized cost, energy use, and GHG emissions for candidate locations.
Keywords:GIS|Optimization|Feedstock supply chain|Bioethanol facility|Spring breakup
Why employees share information security advice? Exploring the contributing factors and structural patterns of security advice sharing in the workplace
چرا کارکنان مشاوره امنیت اطلاعات را به اشتراک می گذارند؟ بررسی عوامل مشارکتی و الگوهای سازمانی مشارکت مشاوره امنیتی در محل کار-2017
As modern organisations are dealing with a growing amount of data and strategic information systems, the need to protect these vital assets becomes paramount. An emerging topic in behavioural security ﬁeld is security advice sharing, which plays a crucial role in helping organisations develop people-centric security workplaces whereby the employees information security awareness and personal account- ability for security are fostered. This research employs social network analysis methods to explore why the employees are willing to share information security advice, as well as examines the structural pat- terns of this sharing network. We found favourable security attitude and engagement in daily activities have positive impacts on security advice sharing, whereas perceiving too much social pressure makes the employees deliberately refuse to share security advice. We also found security advice sharing is transitive and non-reciprocal, and there are a few dominant employees who control the ﬂow of security advice. Practical recommendations about strategies to increase security advice sharing within the workplace are discussed, and by conducting this research we demonstrate the empirical adoption of social network analysis techniques in the behavioural security ﬁeld.© 2016 Elsevier Ltd. All rights reserved.
Keywords:Information security behaviour | Information security management | Knowledge sharing | Social network analysis | Exponential random graph modeling
The performance implications of leveraging internal innovation through social media networks: An empirical verification of the smart fashion industry
پیامدهای عملکرد اعمال نفوذ نوآوری داخلی از طریق شبکه های رسانه های اجتماعی: یک اثبات تجربی از صنعت مد های هوشمند-2017
Despite rigorous empirical research exploring the changes in innovation dynamics triggered by Social Media Net works (SMNs), the benefits coming from the use of these digital platforms for knowledge search in innovative activities for small to medium enterprises (SMEs) are still unexplored. Customers become the new trailblazers. Thus, by adopting a customer led innovation perspective, this paper seeks to measure the effect on return on in vestment (ROI) of the use of SMNs as external drivers for supporting internal innovation search processes. On the basis of the extant literature on information system and social network analysis, the research describes and eval uates the multidimensional activities interwoven into the open innovation process, driven by integrating the five constructs of structural dimension, relational behaviour, cognitive dimension, knowledge transfer, and legitimi zation into our hypothesised conceptual model. Empirical research was conducted via the Classification Regression Tree (CART) on a sample of 2548 SMEs be longing to the fashion industry and based in Italy and in the United Kingdom. This study is of importance to ac ademics and practitioners due to the increasing significance taken on by the adoption of social media networks in the fashion industry to improve innovation search. Recommendations are made to fashion managers and social media experts to support the planning and development of new products and services. New contributions are of fered to the innovation and knowledge management literature. In addition, theoretical implications and avenues for future research are also considered.
Keywords: SMEs | Fashion industry | Social media networks | Return on investment | Knowledge search | Innovation
Big Data Management: New Frontiers, New Paradigms
مدیریت داده های بزرگ: مرزهای جدید، پارادایم های جدید-2017
This special issue on “Big Data Management: New Frontiers, New Paradigms” of Information Systems presents a rigorous selection of the best papers of the 17th ACM International Workshop on Data Warehousing and OLAP (DOLAP 2014), held in conjunction with the 23rd ACM International Conference on Conference on Information and Knowledge Management (CIKM 2014), in Shanghai, China, during November 3–7, 2014.