Wyniki wyszukiwania - BazTech

1

Information Management in Humanitarian Aid on the Example of the Humanitarian Emergency Telecommunications Cluster (ETC)

Landmann Tomasz, Zamiar Zenon

Systemy Logistyczne Wojsk

|

2023

|

Vol. 59, no. 2

21--36

EN

The topic of the article is information management in humanitarian aid on the example of the humanitarian Emergency Telecommunications Cluster (ETC). The research niche described in the article is the analysis of the principles, relationships and procedures of communications in the humanitarian cluster, taking into account the organizations cooperating in the Emergency Telecommunications Cluster (ETC). The aim of the considerations is to establish and explain the basic principles and solutions of information management that were adopted at the level of the humanitarian Emergency Telecommunications Cluster (ETC). The authors sadopted the thesis that information management in ETC plays a key role in the perspective of improving humanitarian aid and strengthening coordination of humanitarian organizations. The research material consisted of source documents developed by partners cooperating at the ETC level, supplemented with statistical data and information from scientific literature. For the purposes of the article, research methods were used in the form of analysis of existing data (desk research), analysis of documents published on the activities of ETC, and, in auxiliary scope, logical inference based on the collected material. The analysis of the presented material allows us to conclude that various guidelines, principles, procedures and solutions in information management are used for the needs of ETC. They are adapted to carry out humanitarian tasks as part of preparation for threats (Preparedness) and response to crises (Emergency). ETC serves as a solution provider and service provider in the field of emergency telecommunications. The operation of the ETC is one of the ways to maintain information security when providing international humanitarian aid.

PL

Tematem artykułu jest zarządzanie informacją w pomocy humanitarnej na przykładzie humanitarnego klastra Emergency Telecommunications Cluster (ETC). Niszę badawczą opisaną w artykule stanowi analiza zasad, relacji i procedur łączności w klastrze humanitarnym z uwzględnieniem organizacji tworzących system telekomunikacji kryzysowej na poziomie Emergency Telecommunications Cluster (ETC). Celem rozważań jest ustalenie i wyjaśnienie podstawowych zasad i rozwiązań w zakresie zarządzania informacją, które zostały przyjęte na poziomie humanitarnego klastra ETC. Autorzy stawiają tezę, że zarządzanie informacją w klastrze ETC odgrywa kluczową rolę w perspektywie usprawnienia pomocy humanitarnej i poprawy koordynacji działań organizacji humanitarnych. Materiał badawczy stanowiły dokumenty źródłowe opracowane przez partnerów współpracujących na poziomie ETC, uzupełnione o dane statystyczne, a także informacje z literatury naukowej. Na potrzeby artykułu wykorzystano metody badawcze w postaci analizy danych zastanych (desk research), analizy dokumentów publikowanych na temat działalności ETC oraz, w zakresie pomocniczym, wnioskowania logicznego na podstawie zebranego materiału. Analiza przedstawionego materiału pozwala stwierdzić, że na potrzeby ETC wykorzystywane są różne wytyczne, zasady, procedury i rozwiązania z zakresu zarządzania informacją. Są one dostosowane do realizacji zadań humanitarnych w ramach przygotowania do zagrożeń (Preparedness) oraz reagowania na sytuacje kryzysowe (Emergency). ETC pełni rolę dostawcy rozwiązań i usług w zakresie telekomunikacji kryzysowej. Funkcjonowanie klastra jest jednym ze sposobów utrzymania bezpieczeństwa informacji podczas świadczenia międzynarodowej pomocy humanitarnej.

2

Polskie podejście do bezpieczeństwa informacyjnego

Mikusek Karolina

Problemy Techniki Uzbrojenia

|

2023

|

R. 52, z. 167

149--159

PL

W obecnie funkcjonującym środowisku bezpieczeństwa istnieje coraz większa potrzeba zwrócenia uwagi na aspekt informacyjny. Wraz z rozwojem nowych technologii oraz przestrzeni internetowej, przepływ informacji stanowi ważny proces wymagający odpowiedniej ochrony na każdym etapie jego trwania. Nie ulega wątpliwości, że w zależności od posiadanego potencjału naukowego oraz technologicznego każde z państw podchodzi do wspomnianej tematyki w indywidulany sposób. Niektóre kwestie pozostają ze sobą spójne ze względu na aspekt unifikacji norm i standardów, podczas gdy inne opierają się na unikalnych doświadczeniach i wypracowanych praktykach. W związku z tym przedmiotem niniejszych rozważań jest polskie podejście do bezpieczeństwa informacyjnego, ze szczególnym uwzględnieniem podstaw prawnych oraz założeń strategicznych dotyczących bezpieczeństwa informacyjnego. Odniesiono się również do kwestii podmiotów odpowiedzialnych za zapewnienie ochrony potencjału informacyjnego oraz rozwiązań umożliwiających podjęcie działań związanych z omawianą tematyką.

3

Steganography in Audio Files: COTS Software Analysis

Marszałek Piotr, Bilski Piotr

International Journal of Electronics and Telecommunications

|

2023

|

Vol. 69, No. 1

121--126

EN

The paper presents the analysis of the Commercial Off-The-Shelf (COTS) software regarding the ability to be used in audio steganography techniques. Such methods are a relatively new tool for hiding and transmitting crucial information, also being used by hackers. In the following work, the publicly available software dedicated to audio steganography is examined. The aim was to provide the general operating model of the information processing in the steganographic effort. The embedding method was analyzed for each application, providing interesting insights and allowing classifying the methods. The results prove that it is possible to detect the hidden message within the specific audio file and identify the technique that was used to create it. This may be exploited further during the hacking attack detection and prevention.

4

Development of an Information Security System Based on Modeling Distributed Computer Network Vulnerability Indicators of an Informatization Object

Lakhno Valerii, Alimseitova Zhuldyz, Kalaman Yerbolat, Kryvoruchko Olena, Desiatko Alona, Kaminskyi Serhii

International Journal of Electronics and Telecommunications

|

2023

|

Vol. 69, No. 3

475--483

EN

A methodology for development for distributed computer network (DCN) information security system (IS) for an informatization object (OBI) was proposed. It was proposed to use mathematical modeling at the first stage of the methodology. In particular, a mathematical model was presented based on the use of the apparatus of probability theory to calculate the vulnerability coefficient. This coefficient allows one to assess the level of information security of the OBI network. Criteria for assessing the acceptable and critical level of risks for information security were proposed as well. At the second stage of the methodology development of the IS DCN system, methods of simulation and virtualization of the components of the IS DCN were used. In the course of experimental studies, a model of a protected DCN has been built. In the experimental model, network devices and DCN IS components were emulated on virtual machines (VMs). The DCN resources were reproduced using the Proxmox VE virtualization system. IPS Suricata was deployed on RCS hosts running PVE. Splunk was used as SIEM. It has been shown that the proposed methodology for the formation of the IS system for DCN and the model of the vulnerability coefficient makes it possible to obtain a quantitative assessment of the levels of vulnerability of DCN OBI.

5

Cognitive Modeling and Formation of the Knowledge Base of the Information System for Assessing the Rating of Enterprises

Kryvoruchko Olena, Desiatko Alona, Karpunin Igor, Hnatchenko Dmytro, Lakhno Myroslav, Malikova Feruza, Turdaliev Ayezhan

International Journal of Electronics and Telecommunications

|

2023

|

Vol. 69, No. 4

697--705

EN

A mathematical model is proposed that makes it possible to describe in a conceptual and functional aspect the formation and application of a knowledge base (KB) for an intelligent information system (IIS). This IIS is developed to assess the financial condition (FC) of the company. Moreover, for circumstances related to the identification of individual weakly structured factors (signs). The proposed model makes it possible to increase the understanding of the analyzed economic processes related to the company's financial system. An iterative algorithm for IIS has been developed that implements a model of cognitive modeling. The scientific novelty of the proposed approach lies in the fact that, unlike existing solutions, it is possible to adjust the structure of the algorithm depending on the characteristics of a particular company, as well as form the information basis for the process of assessing the company's FC and the parameters of the cognitive model.

6

Adaptive Monitoring of Companies' Information Security

Lakhno Valerii, Adilzhanova Saltanat, Ydyryshbayeva Moldir, Turgynbayeva Aliza, Kryvoruchko Olena, Chubaievskyi Vitalyi, Desiatko Alona

International Journal of Electronics and Telecommunications

|

2023

|

Vol. 69, No. 1

75--82

EN

Additions were proposed to the method of organizing the information security (IS) event management process of companies. Unlike existing solutions, the algorithm of the "Event handling" subprocess was detailed. This detailing is a complex, which includes the IS event processing substage. In addition, the proposed detailing of the "Event Handling" subprocess allows for covering the entire life cycle of an IS event. The performed research allows in practice to fill in potential gaps in information when creating a company's ISMS. An additional advantage of the proposed solution is the possibility of using this sub-process as an independent one. The proposed approach makes it possible to simplify the procedure for managing the information security of a company as a whole, as well as potentially reduce the costs of its construction for small companies and enterprises. Also, this subprocess can be considered as an independent information security management process, for example, for a company's CIS. The proposed solutions and additions, in contrast to similar studies, are characterized by invariance with respect to the methods of implementing the company's IS infrastructure solutions, and in particular its CIS. This ultimately allows, without changing the methodological tools, to scale this approach and adapt it to the ISMS of various companies.

7

Improving security performance of healthcare data in the Internet of medical things using a hybrid metaheuristic model

Ashok Kanneboina, Gopikrishnan Sundaram

International Journal of Applied Mathematics and Computer Science

|

2023

|

Vol. 33, no. 4

623--636

EN

Internet of medical things (IoMT) network design integrates multiple healthcare devices to improve patient monitoring and real-time care operations. These networks use a wide range of devices to make critical patient care decisions. Thus, researchers have deployed multiple high-security frameworks with encryption, hashing, privacy preservation, attribute based access control, and more to secure these devices and networks. However, real-time monitoring security models are either complex or unreconfigurable. The existing models’ security depends on their internal configuration, which is rarely extensible for new attacks. This paper introduces a hybrid metaheuristic model to improve healthcare IoT security performance. The blockchain based model can be dynamically reconfigured by changing its encryption and hashing standards. The proposed model then continuously optimizes blockchain based IoMT deployment security and QoS performance using elephant herding optimization (EHO) and grey wolf optimization (GWO). Dual fitness functions improve security and QoS for multiple attack types in the proposed model. These fitness functions help reconfigure encryption and hashing parameters to improve performance under different attack configurations. The hybrid integration of EH and GW optimization models can tune blockchain based deployment for dynamic attack scenarios, making it scalable and useful for real-time scenarios. The model is tested under masquerading, Sybil, man-in-the-middle, and DDoS attacks and is compared with state-of-the-art models. The proposed model has 8.3% faster attack detection and mitigation, 5.9% better throughput, a 6.5% higher packet delivery ratio, and 10.3% better network consistency under attack scenarios. This performance enables real-time healthcare use cases for the proposed model.

8

The state of the cyber environment and national cybersecurity strategy in developed countries

Tanriverdiyev Elshan

Studia Bezpieczeństwa Narodowego

|

2022

|

R. 12, Nr 23

19--26

EN

The article analyzes the state of cybersecurity in developed countries, the strategies available in this area, and identifies their common and distinctive features in order to study advanced practices in developing and improving a national cybersecurity strategy. The aim of the article is to analyze and compare the national cybersecurity strategies of developed countries. The methods of examining source documents and statistical analysis were used.

PL

W artykule przeprowadzono analizę stanu cyberbezpieczeństwa w krajach rozwiniętych, przedstawiono strategie dostępne w tym obszarze oraz ich wspólne i wyróżniające cechy w celu zbadania zaawansowanych praktyk w zakresie opracowywania i doskonalenia krajowej strategii cyberbezpieczeństwa. Celem artykułu jest analiza i porównanie narodowych strategii cyberbezpieczeństwa krajów rozwiniętych. Zastosowano metody: badania dokumentów źródłowych oraz analizy statystycznej.

9

The applicability of the GDPR to artificial intelligence and the resulting threats to national information security

Guta Tomasz

Studia Bezpieczeństwa Narodowego

|

2022

|

R. 12, Nr 24

25--46

EN

Both national security and information security are closely associated with and connected to the emerging field of artificial intelligence. In this regard, following the presumed axioms of the anticipated proliferation of AI systems within modern society and its expected widespread implementation in vital public and private institutions and furthermore the extensive application of AI systems within personal data processing, possible threats to national and information security within the European Union - with an emphasis on Poland and the Polish legal system - are explored. On the basis of an overview of the theoretical basis of the concepts of national and information security and artificial intelligence, the emergence of AI within personal data processing in the context of the GDPR legal framework is discussed. At least one potential conflict between the implications of the hypothetical scenario of the emergence of the so-called strong form of artificial intelligence and both the Polish data privacy legal framework (based, interalia, on the GDPR) and the Polish information security is being identified in this context. The academic article draws the conclusion that the emergence of so-called “strong AI” may lead to a number of real and probable threats to the system of personal data protection and information security in Poland (and possibly in the other EU Member States as well). The paper finally concludes by outlining and discussing the negative impact of the identified conflict, in particular on Polish information security, and calls for efforts to address these issues in future studies in the academic literature.

PL

Zarówno bezpieczeństwo narodowe, jak i bezpieczeństwo informacji są ściśle związane z rozwijającą się współcześnie dziedziną sztucznej inteligencji (SI). W związku z tym, kierując się założonym w pracy aksjomatem oczekiwanego rozprzestrzeniania się systemów SI we współczesnym społeczeństwie oraz ich spodziewanego szerokiego wdrożenia w istotnych instytucjach publicznych i prywatnych, a także szerokiego zastosowania systemów SI w ramach przetwarzania danych osobowych, przeanalizowano w tejże pracy niektóre możliwe zagrożenia dla bezpieczeństwa narodowego i informacyjnego w Unii Europejskiej z naciskiem na Polskę i na podstawie Polski i polskiego systemu prawnego. Na podstawie przeglądu teoretycznych podstaw koncepcji bezpieczeństwa narodowego i informacyjnego oraz koncepcji sztucznej inteligencji omówiono w tejże pracy pojawienie się SI w ramach procesów przetwarzania danych osobowych w kontekście ram prawnych RODO. W tym kontekście zidentyfikowany zostanie przynajmniej jeden potencjalny konflikt między implikacjami (hipotetycznego) scenariusza pojawienia się tzw. silnej odmiany sztucznej inteligencji a polskim porządkiem prawnym dotyczącym ochrony danych osobowych (opartym m.in. na RODO) oraz polskim bezpieczeństwem informacji. W tym artykule naukowym sformułowano wniosek, iż pojawienie się tzw. silnej odmiany SI może prowadzić do szeregu prawdopodobnych zagrożeń dla systemu ochrony danych osobowych i bezpieczeństwa informacji w Polsce (a potencjalnie także w innych państwach członkowskich UE). We wnioskach artykułu przedstawiono i omówiono negatywny wpływ wcześniej w nim zidentyfikowanego konfliktu, w szczególności na bezpieczeństwo informacji w Polsce, a także postulowano podjęcie wysiłków w celu rozwiązania tych kwestii w przyszłych rozważaniach i opracowaniach w literaturze naukowej przedmiotu.

10

Information security as part of Poland's security

Marczyk Maciej, Błachut Marek

Scientific Journal of the Military University of Land Forces

|

2022

|

Vol. 54, No. 4(206)

609--623

EN

Dynamic advances in technology as well as information and communication entail many new threats to the functioning of the Polish state, its citizens, as well as to the international community. These are mainly the dangers of using information networks and information systems. For this reason, particular importance is given to ensuring information security which combines procedures and tools for the protection of classified information, data and network systems. Information security has now become one of the most sensitive trans-sectoral areas of national security, having an impact on the efficiency of Poland’s entire security system. This is about information security, ICT security and cybersecurity. The paper aims to analyse the issue of information security as part of the security area of the Republic of Poland. The issue was raised because of its importance and topicality, as recently there has been an increase in cyber-terrorist activity and a growing number of media reports on attacks on information systems, targeting the critical infrastructure of states. Information security risks pose a real threat and loss of information can lead to a violation of the vital interests of various entities and a compromise of people’s safety and fundamental values of social life.

PL

Dynamiczny postęp technologiczny i informacyjno-komunikacyjny niesie wiele nowych zagrożeń dla funkcjonowania państwa polskiego, jego obywateli, a także dla społeczności międzynarodowej. Są to głównie niebezpieczeństwa związane z użytkowaniem sieci informatycznych oraz systemów informacyjnych. Z tego powodu wyjątkowego znaczenia nabiera zapewnianie bezpieczeństwa informacyjnego, które łączy w sobie procedury i narzędzia służące ochronie informacji niejawnych, danych oraz systemów sieciowych. Bezpieczeństwo informacyjne stało się obecnie jednym z najbardziej wrażliwych obszarów bezpieczeństwa narodowego o charakterze transsektorowym, wywierającym wpływ na efektywność funkcjonowania całego systemu bezpieczeństwa Polski. Chodzi o bezpieczeństwo informacji, bezpieczeństwo teleinformatyczne i cyberbezpieczeństwo. Celem niniejszego artykułu jest próba analizy zagadnienia bezpieczeństwa informacyjnego jako elementu obszaru bezpieczeństwa Rzeczypospolitej Polskiej. Temat podjęto z powodu jego ważności i aktualności, albowiem w ostatnim czasie nasilają się działania cyberterrorystów, coraz częściej media donoszą o atakach na systemy informatyczne, wymierzone w infrastrukturę krytyczną państw. Zagrożenia bezpieczeństwa informacyjnego stają się realne, zaś utrata informacji może prowadzić do naruszenia żywotnych interesów różnych podmiotów, narażenia bezpieczeństwa ludzi oraz podstawowych wartości życia społecznego.

11

Oszacowania ryzyka IT : studium przypadków

Liderman Krzysztof

Przegląd Teleinformatyczny

|

2022

|

T. 10, Nr 1-4 (28)

35--56

PL

W artykule przedstawiono na trzech przykładach sposób oszacowania ryzyka IT. Ryzykiem IT nazywa się ryzyko związane z realizacją zagrożeń powodujących szkody w systemach teleinformatycznych i przetwarzanych w nich zasobach informacyjnych. Prezentowane w przykładach oszacowanie ryzyka jest wykonane metodą jakościową, z użyciem czterech ocen opisowych „przekładanych” na wartości liczbowe zgodnie z wytycznymi zawartymi w normie PN-ISO/IEC 27005:2014-01.

EN

The paper presents, through three examples, an IT risk evaluation method. IT risk is associated with the realization of threats that cause damage to teleinformatics systems and processed information resources. The quality risk evaluation method, demonstrated through these examples, involves four descriptive scores translated into numerical values in accordance with the PN-ISO/IEC 27005:2014-01 recommendation.

12

Analiza ryzyka na potrzeby bezpieczeństwa informacyjnego według zaleceń normy PN-ISO/IEC 27005

Liderman Krzysztof

Przegląd Teleinformatyczny

|

2022

|

T. 10, Nr 1-4 (28)

19--34

PL

W artykule przedstawiono podstawy formalne oszacowania ryzyka IT metodą jakościową zgodną z wytycznymi zawartymi w normie PN-ISO/IEC 27005:2014-01. Ryzykiem IT nazywa się ryzyko związane z realizacją zagrożeń powodujących szkody w systemach teleinformatycznych i przetwarzanych w nich zasobach informacyjnych.

EN

The paper considers the problem of IT risk evaluation with the use of a quality method based on the PN-ISO/IEC 27005:2014-01 recommendation. It addresses risks associated with the realization of threats that result in damages to telecommunications systems and processed information resources.

13

Digital Information Security: Coronavirus Crisis Impact on the Accountants, Business Analysts and Auditors Training

Nazarova Karina, Nezhyva Mariia, Metil Tetіana, Hordopolov Volodymyr, Prystupa Liudmyla, Moyseyenko Olesya

Problemy Ekorozwoju

|

2022

|

Vol. 17, nr 2

80--90

EN

The article considers the impact of transformation processes on business in the context of digitalization. Equally important is the study of the impact of these processes on the training of professionals whose work has had a direct impact on these transformations – accountants, business analysts and auditors. These specialists are faced with the task of analyzing the impact of the facts and determining the change in business development strategy in the context of global digitalization. The field of audit both in the world was able to adapt extremely flexibly to the new realities of functioning in the digitalized world. In this article, the authors reveal the main trends of digitalization of audit in the conditions of economic transformation and limited business practices caused by this global pandemic of 2019-2020. At the same time, the processes of digital transformation are the driving forces of the economy. Computer technology is becoming increasingly involved in reforming the audit institution and changing the trajectory of the auditor’s role in such a society.

14

Automation of Information Security Risk Assessment

Akhmetov Berik, Lakhno Valerii, Chubaievskyi Vitalyi, Kaminskyi Serhii, Adilzhanova Saltanat, Ydyryshbayeva Moldir

International Journal of Electronics and Telecommunications

|

2022

|

Vol. 68. No. 3

549--555

EN

An information security audit method (ISA) for a distributed computer network (DCN) of an informatization object (OBI) has been developed. Proposed method is based on the ISA procedures automation by using Bayesian networks (BN) and artificial neural networks (ANN) to assess the risks. It was shown that such a combination of BN and ANN makes it possible to quickly determine the actual risks for OBI information security (IS). At the same time, data from sensors of various hardware and software information security means (ISM) in the OBI DCS segments are used as the initial information. It was shown that the automation of ISA procedures based on the use of BN and ANN allows the DCN IS administrator to respond dynamically to threats in a real time manner, to promptly select effective countermeasures to protect the DCS.

15

Risk in GIS systems

Stanik Jerzy, Kiedrowicz Maciej

GIS Odyssey Journal

|

2022

|

Vol. 2, no. 1

39--56

EN

The development of information technologies, widespread access to the Internet, globalisation and the development of measurement technologies in geodesy, on the one hand, result in wide access to geographical, cartographic or geodetic data, and on the other hand, increase the level of risk of losing basic security attributes of these data. Risk management in GIS should be implemented at every stage of the GIS life cycle, which starts with the organising phase of a GIS and is expected to continue until the end of its life - decommissioning. It is important to remember that it is not enough to have a good analysis and assessment of adverse events and their consequences without precise, pre-developed methods of measuring and responding to risks in the form of various response plans. This article is an attempt to answer the questions: what should be understood by risk in GIS systems, how to measure it and how to proceed to manage it effectively and efficiently. The models and instruments presented, which have been developed on the basis of available literature and own research, point the way to effective risk management in GIS class systems.

16

Informacyjny wymiar bezpieczeństwa jednostki w trakcie czynności procesowych

Bętkowska Violetta

Security Review

|

2021

|

nr 2 (19)

3--12

EN

Information security is an important component of personal security and civil rights and freedoms. The essence of the state's activities for the security of an individual in the information area is to create protective systems which not only identify risks and threats to this area, but also contain effective measures to ensure it. The state bodies and entities that carry out activities related to the processing of personal data are obliged to observe the legal regulations that are in force in this area. The procedural activities and their nature related to the collection, processing, disclosure and transfer of personal data and other information about persons are closely related to the citizens' information rights. Therefore, the information aspect of these activities has been defined in national laws and international legal acts.

17

The Importance of Military Information Security

Sługocki Wojciech, Walkowiak Marzena

Safety & Defense

|

2021

|

1

1--13

EN

The main goal of the research is to identify the key problems related to information security in the armed forces and to classify the most important factors and aspects necessary to increase security. The implemented research methods include a critical analysis of legal acts, organizational and competence documents, literature on the subject. Synthesis and inference were employed to achieve the formulated goals. The main findings indicate that the armed forces' information security system will play an increasingly important role in shaping the security of modern states and should be treated as a priority. The results of the analyzes indicate that in the coming years, the main challenge of modern armies will be to strengthen the offensive and defensive information capabilities of the state. The general findings of this article present the view that information security is a key task for the armed forces to ensure national security. Therefore, it is necessary to revise, clarify and tighten up the procedures in force for the protection of key information processed in the state -especially in the armed forces – which should have adequate capabilities to conduct complex operations in cyberspace. Moreover, the need for a thorough and comprehensive analysis of this topic is confirmed.

18

Disinformation and Polarization in the Online Debate During the 2020 Presidential Election in Poland

Domalewska Dorota

Safety & Defense

|

2021

|

1

14--24

EN

The deliberate manipulation of public opinion, the spread of disinformation, and polarization are key social media threats that jeopardize national security. The purpose of this study is to analyze the impact of the content published by social bots and the polarization of the public debate on social media (Twitter, Facebook) during the presidential election campaign in Poland in 2020. This investigation takes the form of a quantitative study for which data was collected from the public domains of Facebook and Twitter (the corpus consisted of over three million posts, tweets and comments). The analysis was carried out using a decision algorithm developed in C# that operated on the basis of criteria that identified social bots. The level of polarization was investigated through sentiment analysis. During the analysis, we could not identify automated accounts that would generate traffic. This is a result of an integrated action addressing disinformation and the proliferation of bots that mobilized governments, cybersecurity and strategic communication communities, and media companies. The level of disinformation distributed via social media dropped and an increasing number of automated accounts were removed. Finally, the study shows that public discourse is not characterized by polarization and antagonistic political preferences. Neutral posts, tweets and comments dominate over extreme positive or negative opinions. Moreover, positive posts and tweets are more popular across social networking sites than neutral or negative ones. Finally, the implications of the study for information security are discussed.

19

Impact of the human factor on the security of information resources of enterprises during the Covid-19 pandemic

Kobis Paweł, Karyy Oleh

Polish Journal of Management Studies

|

2021

|

Vol. 24, No. 2

210--227

EN

This article aims to determine the impact of the human factor on the security of information resources of enterprises during the Covid-19 pandemic. The theoretical section of the article describes the phenomenon of the human factor in the security of intangible resources, and isolates the most important mistakes noted in the literature made by employees, clients, and business partners, affecting the level of security of the information system of business entities. The empirical section of the article contains an analysis of selected, current research by recognised business intelligence companies around the world, providing for the impact of the human factor on information security, along with comparing them to data from before the Covid-19 pandemic. The presented research was conducted both among the IT staff as well as persons who on a daily basis manage information resources in enterprises. The data was acquired with the use of electronic questionnaires and through an analysis of data coming from particular security software produced or distributed by the authors of reports. The research results contain an applicable, critical analysis. It has been proven that the current Covid-19 pandemic affects the security of information resources, and that remote work practiced in modern enterprises carries an increased risk of errors in information management. The purpose of the article is to present how changing the way of working during the pandemic affects information security, and to show the problems which modern enterprises are facing.

PL

Celem artykułu jest określenie wpływu czynnika ludzkiego na bezpieczeństwo zasobów informacyjnych przedsiębiorstw podczas pandemii Covid-19. W części teoretycznej artykułu opisano zjawisko czynnika ludzkiego w bezpieczeństwie zasobów niematerialnych oraz wyodrębniono najważniejsze błędy odnotowane w literaturze przez pracowników, klientów i partnerów biznesowych, wpływające na poziom bezpieczeństwa systemu informatycznego podmioty gospodarcze. Część empiryczna artykułu zawiera analizę wybranych, aktualnych badań uznanych wywiadowni gospodarczych na całym świecie, dotyczących wpływu czynnika ludzkiego na bezpieczeństwo informacji, wraz z porównaniem ich z danymi sprzed pandemii Covid-19. Prezentowane badanie zostało przeprowadzone zarówno wśród pracowników IT, jak i osób na co dzień zarządzających zasobami informacyjnymi w przedsiębiorstwach. Dane pozyskano za pomocą ankiet elektronicznych oraz poprzez analizę danych pochodzących z określonego oprogramowania zabezpieczającego produkowanego lub dystrybuowanego przez autorów raportów. Wyniki badań zawierają stosowną, krytyczną analizę. Udowodniono, że pandemia Covid-19 wpływa na bezpieczeństwo zasobów informacyjnych, a praca zdalna praktykowana w nowoczesnych przedsiębiorstwach niesie ze sobą zwiększone ryzyko błędów w zarządzaniu informacją. Celem artykułu jest przedstawienie, jak zmienia się sposób pracy w czasie pandemii wpływa na bezpieczeństwo informacji, a także pokazuje problemy, z jakimi borykają się współczesne przedsiębiorstwa.

20

Human factor aspects in information security management in the traditional IT and cloud computing models

Kobis Paweł

Operations Research and Decisions

|

2021

|

Vol. 31, No. 1

61--76

EN

This paper attempts to classify the main areas of threats occurring in enterprises in the information management processes. Particular attention was paid to the effect of the human factor which is present in virtually every area of information security management. The author specifies the threats due to the IT techniques and technologies used and the models of information systems present in business entities. The empirical part of the paper presents and describes the research conducted by the author on information security in business organisations using the traditional IT model and the cloud computing model. The results obtained for both IT models are compared.