1. Balancing software and training requirements for information securityDamjan Fujs, Simon Vrhovec, Damjan Vavpotič, 2023, izvirni znanstveni članek Opis: Information security is one of the key areas of consideration to assure reliable and dependable information systems (IS). Achieving an appropriate level of IS security requires concurrent consideration of the technical aspects of IS and the human aspects related to the end users of IS. These aspects can be described in the form of information security requirements. We propose an approach that helps select and balance information security software requirements (iSSR) and information security training requirements (iSTR) according to the information security performance of end users. The approach was tested in an experiment involving 128 IS professionals. The results showed that using the proposed approach helps IS professionals with limited experience in information security make significantly better decisions regarding iSSR and iSTR.
Ključne besede: kibernetska varnost, eksperiment, informacijsko varnostni standardi, inženirstvo zahtev, usposabljanje končnih uporabnikov, informacijska varnost, cyber security, experiment, information security standard, requirements engineering, end user training, information security
Objavljeno v DKUM: 13.11.2024; Ogledov: 0; Prenosov: 4
 Povezava na celotno besedilo |
2. |
3. Cyber (in)security of personal data and information in times of digitizationMiha Dvojmoč, Mojca Tancer Verboten, 2022, izvirni znanstveni članek Opis: In an employment relationship, work and pay are no longer the only important aspects, as importance is increasingly shifting toward obligations concerning the protection of personal data and privacy arising from the prohibition of causing harm to the employer and the duty of loyalty to the employer. The article deals with the constitutionally protected right to privacy and the protection of personal data from the point of view of ensuring cyber security at the employer. The employer is obligated to protect the right to privacy by legal provisions, whereas from the point of view of ensuring the protection of privacy and information, the employer must protect, first and foremost, the personal data of employees. The main purpose of the legal protection of personal data is the lawful and fair processing of the personal data of individuals. Employers are thus facing an increasing number of risks related to the safety of employees and the security of business processes, and it is therefore important to establish comprehensive corporate security to ensure adequate security across all levels.
Ključne besede: cyber security, protection of personal data, protection of privacy, cyber threats, protection of business secrets
Objavljeno v DKUM: 11.06.2024; Ogledov: 150; Prenosov: 23
 Celotno besedilo (375,13 KB)
Gradivo ima več datotek! Več... |
4. Identifying key activities, artifacts and roles in agile engineering of secure software with hierarchical clusteringAnže Mihelič, Tomaž Hovelja, Simon Vrhovec, 2023, izvirni znanstveni članek Opis: Different activities, artifacts, and roles can be found in the literature on the agile engineering of secure software (AESS). The purpose of this paper is to consolidate them and thus identify key activities, artifacts, and roles that can be employed in AESS. To gain initial sets of activities, artifacts, and roles, the literature was first extensively reviewed. Activities, artifacts, and roles were then cross-evaluated with similarity matrices. Finally, similarity matrices were converted into distance matrices, enabling the use of Ward’s hierarchical clustering method for consolidating activities, artifacts, and roles into clusters. Clusters of activities, artifacts, and roles were then named as key activities, artifacts, and roles. We identified seven key activities (i.e., security auditing, security analysis and testing, security training, security prioritization and monitoring, risk management, security planning and threat modeling; and security requirements engineering), five key artifacts (i.e., security requirement artifacts, security repositories, security reports, security tags, and security policies), and four key roles (i.e., security guru, security developer, penetration tester, and security team) in AESS. The identified key activities, artifacts, and roles can be used by software development teams to improve their software engineering processes in terms of software security.
Ključne besede: secure software development, security engineering, agile methods, agile development, software development, software engineering, software security, application security, cybersecurity, cyber resilience
Objavljeno v DKUM: 29.11.2023; Ogledov: 417; Prenosov: 12
Celotno besedilo (557,17 KB)
Gradivo ima več datotek! Več... |
5. Cyber Security- Training Students and Scholars for the Challenges of Information and Communication Technologies in Research and Studies for Internationalisation : handbook2023 Opis: This handbook is a product of the Erasmus+ Strategic Partnership between the partners Université Polytéchnique Hauts-de-France, Politechnika Poznanska, Brandenburgische Technische Universität Cottbus-Senftenberg and the coordinator University of Maribor. Contentuous contribution were made by staff of University of Maribor and Politechnika Poznanska, evaluations by staff of the other two partners. The handbooks handles virtual learning environments in the international education and research area and exposure of the systems to cybercrime. Besides introductory contributions on legal aspects of challenges in the fields of human rights, European regulations of data security, civil law and criminal law aspects of caber security of virtual learning environments and methodologies of their introduction w8ithin organisations, the handbook also gives useful instructions for elaboration of virtual courses within virtual learning environments relevant for the internationalised research and education not only since the Covid-19 pandemic. The handbook is dedicated to use on the internet within the Moodle system.
Ključne besede: cyber security, virtual learning environment, data security, cyber crime, systems
Objavljeno v DKUM: 13.04.2023; Ogledov: 554; Prenosov: 41
Celotno besedilo (5,72 MB)
Gradivo ima več datotek! Več... |
6. Advances in cybersecurity 20172017, znanstvena monografija Opis: Understanding the cyberspace and awareness of its effects impacts the lives of all individuals. Thus, the knowledge of cybersecurity in both organizations and private operations is essential. Research on various aspects of cybersecurity is crucial for achieving adequate levels of cybersecurity. The content of this scientific monograph provides answers to various topical questions from the organizational, individual, sociological, technical and legal aspects of security in the cyberspace. The papers in the monograph combine the findings of researchers from different subareas of cybersecurity, show the effects of adequate levels of cybersecurity on the operations of organizations and individuals, and present the latest methods to defend against threats in the cyberspace from technical, organizational and security aspects.
Ključne besede: cybersecurity, cyber resilience, mobile security, digital privacy, IoT security
Objavljeno v DKUM: 08.12.2017; Ogledov: 1933; Prenosov: 370
Celotno besedilo (3,56 MB)
Gradivo ima več datotek! Več... |
