List of Articles Security

• Open Access Article
  • Abstract Page
  • Full-Text
  
  1 - Identification and Prioritization of Parameters Affecting Information Security Management System (Case Study: Social Security Branches of Guilan Province)
  Asadollah Shahbahrami ramin rafizadeh kasani hossein pour yousefi dargah
  20.1001.1.27170411.1397.10.35.2.8
  Information and its protection is one of the most important pillars of survival of today's organizations. Defines and considers many ISMS implementation failures to be rooted in organizational issues and disregard for the organization's readiness prior to implementation More

  Information and its protection is one of the most important pillars of survival of today's organizations. Defines and considers many ISMS implementation failures to be rooted in organizational issues and disregard for the organization's readiness prior to implementation. Therefore, assessing the situation and prioritizing information security risks and creating an overview and hierarchy of it, is important in the successful establishment of the information security system. However, in terms of dimensions, effects and various causes of security risks and considering the multiplicity of indicators and effective parameters of ISMS implementation, it is necessary to use multi-criteria decision-making models in their evaluation and ranking. . In this study, an attempt has been made to classify the factors affecting the information security management system into two groups of soft and hard factors and in order to accurately rank and focus more, especially in conditions of uncertainty that is inherent in human decision making, Fuzzy hierarchical analysis (FAHP) was performed. Based on this and with the help of a questionnaire to quantify the results, the opinions of technical experts including academic experts, managers and employees of the information technology department of social security branches in Guilan province have been used as a case study of this research. The results show that soft factors including managerial and cultural / social factors are more important than hard factors including financial and technical / technological factors in information security management system and management factors are more important than other soft factors as well as technical / technological factors. They are more important than other difficult factors. Manuscript profile
• Open Access Article
  • Abstract Page
  • Full-Text
  
  2 - Classify and implement hardware trojans and provide a new way to detect them
  sadegh hajmohseni mohammadali doustari mohammadbagher ghaznavi
  20.1001.1.27170411.1396.9.31.2.3
  In recent years, a type of hardware attack called hardware trojan has been introduced, which the hostile person prepares to achieve his goal by malicious changes on the chip. The purpose of these attacks is to disable the chip, change specifications, and obtain sensitiv More

  In recent years, a type of hardware attack called hardware trojan has been introduced, which the hostile person prepares to achieve his goal by malicious changes on the chip. The purpose of these attacks is to disable the chip, change specifications, and obtain sensitive information. Manuscript profile
• Open Access Article
  • Abstract Page
  • Full-Text
  
  3 - An access control model for online social networks using user-to-user relationships
  Mohamad Javad Piran mahmud deypir
  20.1001.1.27170411.1399.12.45.1.1
  With the pervasiveness of social networks and the growing information shared on them, users of these networks are exposed to potential threats to data security and privacy. The privacy settings included in these networks do not give users complete control over the manag More

  With the pervasiveness of social networks and the growing information shared on them, users of these networks are exposed to potential threats to data security and privacy. The privacy settings included in these networks do not give users complete control over the management and privatization of access to their shared information by other users. In this article, using the concept of social graph, a new model of user access control was proposed to the user, which allows the expression of privacy policies and more accurate and professional access control in terms of pattern and depth of relationships between users in social networks. In this article, by using the regular index method, indirect relationships among users are examined and analyzed, and more precise policies than previous models are presented. The evaluation of the results showed that for 10 neighbors for each user, the probability accumulation of a qualified path for the first three counter loops is 1, 10.5 and 67.3%, respectively, and finally for the fourth counter it reaches 100%. As the defined counting characteristic increases, the average execution time of the proposed algorithm and previously proposed algorithms increases. However, for the higher limits of the counting characteristic, the proposed algorithm performs better than the previous ones. Manuscript profile
• Open Access Article
  • Abstract Page
  • Full-Text
  
  4 - Proposing a New Framework to Decreasing Delay in the Internet of Things by Using Computing Power of Fog
  Mohammad Taghi Shaykhan kianoosh azadi
  20.1001.1.27170414.1400.13.47.2.8
  As the Internet of Things (IoT) expands and becomes more widespread, we will soon see the dependence of human life on its services. At that time, it would be difficult to imagine the survival without the IoT, and disruption of its services would cause great loss of life More

  As the Internet of Things (IoT) expands and becomes more widespread, we will soon see the dependence of human life on its services. At that time, it would be difficult to imagine the survival without the IoT, and disruption of its services would cause great loss of life and property. Disruption of IoT services can occur for two reasons: network errors due to congestion, collision, interruption and noise, and disruption due to the malicious activities of infiltrator. Also, the destructive activities of infiltrators can lead to various cyber attacks and violation of the privacy of individuals. Therefore, before the interdependence between human life and IoT, it is necessary to consider measures to ensure the quality and security of service and privacy. In this study, a solution to reduce service delay (improve quality) and ensure security and privacy of things by relying on the computing power of nodes available in the Fog Layer has been proposed. The proposed solution simultaneously improves service quality and maintains security and privacy. Other features of presented algorithm in proposed solution of fairness between objects are in terms of the quality of service received and minimizing overhead processing and transfer of expired packages (packages that will certainly experience a consumedly threshold delay). Adherence to fairness ensures that the quality of service of any of the things does not be a subject of the reduction of the delay of the service of the entire network; These aforementioned objects may be subjects of critical applications, such as health. Manuscript profile
• Open Access Article
  • Abstract Page
  • Full-Text
  
  5 - Investigation the role of personality and individual differences on password security breaches: An Empirical Study
  زهرا کریمی manije kaveh rezvan salehi milad moltaji
  20.1001.1.27170411.1400.13.49.9.4
  The individual differences of Information Technology users influence on the selection and maintenance of passwords. To fill this gap, this paper, studies the relationships between gender, personality, education level and field of study in one direction and password secu More

  The individual differences of Information Technology users influence on the selection and maintenance of passwords. To fill this gap, this paper, studies the relationships between gender, personality, education level and field of study in one direction and password security in another direction. The method was descriptive and correlational. A sample selected by Convenience sampling, answered the NEO Five-Factor Model, biographical and password security behavior questionnaires. The data of 529 accepted questionnaires were analyzed using Pearson, T-Test, anova and regression the results showed that male users select stronger passwords compared to female users. The users in mathematical science, computer science, and also accounting, breached password security more often in comparison with users in other majors. Neuroticism has positive relationship, Openness-to-Experience and Agreeableness has negative relationships and Conscientiousness has a dual relationship with password security breach. These findings contribute to cybersecurity, especially in Iran, by considering individual differences in security behaviors and perceptions. Manuscript profile
• Open Access Article
  • Abstract Page
  • Full-Text
  
  6 - computer security models and proposing a new perspective: A review paper
  Hadi sadjadi Reza Kalantari
  In this article first the use of computer security models and its benefits are discussed in a novel way. Then, while briefly introducing the space of computer security encounters in the form of ontology, for the first time, three perspectives in the study of patterns in More

  In this article first the use of computer security models and its benefits are discussed in a novel way. Then, while briefly introducing the space of computer security encounters in the form of ontology, for the first time, three perspectives in the study of patterns in this field have been identified and distinguished from each other. These three perspectives include the view of secure models, the view of security models, and the view of the framework and system to security models. The first and third perspectives are briefly explained and the second perspective is studied in detail from the perspective of the organization of patterns, including the five types of organization. The five types mentioned include software-based lifecycle organization, logical-level organization-based organization, threat-based classification-based organization, attack-based classification-based organization, and application-based organization. In this type of introduction of patterns, the audience acquires a comprehensive view of the discourse of computer security patterns and acquires the necessary knowledge to make better use of these patterns. Finally, the analysis and idea of this research is presented in the form of introducing a new type of organization in order to facilitate the proper use and addressing of patterns. In this idea, it is stated that the existing categories are mostly static and forward-looking and do not have the necessary dynamism and backwardness, and the idea of covering all stakeholders and security ontology can have this feature and, in addition, include agile patterns as well. . Manuscript profile
• Open Access Article
  • Abstract Page
  • Full-Text
  
  7 - Identifying the Key Drivers of Digital Signature Implementation in Iran (using fuzzy Delphi method)
  Ghorbanali Mehrabani Fatemeh Zargaran khouzani
  iThe purpose of this article is to identify and analyze the key drivers of digital signature implementation in Iran with a fuzzy Delphi approach. In terms of practical purpose and in terms of information gathering, the research has benefited from a hybrid approach. The More

  iThe purpose of this article is to identify and analyze the key drivers of digital signature implementation in Iran with a fuzzy Delphi approach. In terms of practical purpose and in terms of information gathering, the research has benefited from a hybrid approach. The statistical community consists of all experts and specialists in the field of information technology and digital signature and articles in this field. The sample size of the statistical community of experts is 13 people who were selected by the purposeful sampling method. 30 articles were selected based on their availability and downloadable, non-technical nature, and relevance to the topic. The method of data analysis was done according to the fuzzy Delphi approach. Validity and reliability were calculated and confirmed using the CVR index and Cohen's kappa test with coefficients of 0.83 and 0.93, respectively. The results prove that the key drivers of digital signature implementation in Iran include 5 main dimensions and 30 concepts, which are 1) security (information confidentiality, information security, sender authentication, document authentication, privacy protection, trust between parties), 2) business (digital business models, communication needs, staff management, organization size, organizational structure, organization resources, organizational culture, top managers, competition ecosystem, e-governance), 3) user (perceived convenience, perceived benefit, consumer behavior, consumer literacy, consumer lifestyle), 4) technical (development of technical infrastructure, systems integration, system complexity, system tanks, design quality, technical speed of certificate production and verification, impermeability of hackers) and 5) Legal (legal licenses, penal laws, legislative body, e-commerce laws). Manuscript profile
• Open Access Article
  • Abstract Page
  • Full-Text
  
  8 - A Survey on Computer Security Patterns and Proposing a New Perspective
  Hadi sadjadi Reza Kalantari
  In this article, at the beginning, the use of computer security models and its benefits are discussed in a new way. Then, while briefly introducing the space of computer security encounters in the form of ontology, three perspectives in the study of patterns in this fie More

  In this article, at the beginning, the use of computer security models and its benefits are discussed in a new way. Then, while briefly introducing the space of computer security encounters in the form of ontology, three perspectives in the study of patterns in this field have been identified and distinguished from each other. These three perspectives are secure models, security models, and the framework and system to security models. The first and last perspectives are briefly explained and the second perspective is studied in detail from the perspective of the organization of patterns, including the five types of organization. The five types mentioned include software-based lifecycle organization, logical-level organization-based organization, threat-based classification-based organization, attack-based classification-based organization, and application-based organization. In this type of introduction of patterns, the audience acquires a comprehensive view of the discourse of computer security patterns and acquires the necessary knowledge to make better use of these patterns. Finally, the analysis and idea of this research are presented in the form of introducing a new type of organization in order to facilitate the proper use and addressing of patterns. It is stated that the existing categories are mostly static and forward-looking and do not have the necessary dynamism and backwardness, and the idea of covering all stakeholders and security ontology can have this feature and, include agile patterns as well. Based on this idea and related analyzes, the atmosphere of future research activities will be revealed to the audience. Manuscript profile
• Open Access Article
  • Abstract Page
  • Full-Text
  
  9 - Identifying the Key Drivers of Digital Signature Implementation in Iran (Using Fuzzy Delphi Method)
  Ghorbanali Mehrabani Fatemeh Zargaran khouzani
  Despite the emphasis of researchers and experts on the need to implement digital signatures and the progress of technology towards the digitization of all affairs and electronic governance, Iran is still facing the challenge of implementing digital signatures. The purpo More

  Despite the emphasis of researchers and experts on the need to implement digital signatures and the progress of technology towards the digitization of all affairs and electronic governance, Iran is still facing the challenge of implementing digital signatures. The purpose of this article is to identify and analyze the key drivers of digital signature implementation in Iran with a fuzzy Delphi approach. In terms of practical purpose and in terms of information gathering, the research has benefited from a hybrid approach. The statistical community consists of all experts and specialists in the field of information technology and digital signature and articles in this field. The sample size of the statistical community of experts is 13 people who were selected by the purposeful sampling method. 31 articles were selected based on their availability and downloadable, non-technical nature, and relevance to the topic. The method of data analysis was done according to the fuzzy Delphi approach. Validity and reliability were calculated and confirmed using the CVR index and Cohen's kappa test with coefficients of 0.83 and 0.93, respectively. The results prove that the key drivers of digital signature implementation in Iran include 5 main dimensions and 30 concepts, which are 1) security (information confidentiality, information security, sender authentication, document authentication, privacy protection, trust between parties), 2) business (digital business models, communication needs, staff management, organization size, organizational structure, organization resources, organizational culture, top managers, competition ecosystem, e-governance), 3) user (perceived convenience, perceived benefit, consumer behavior, consumer literacy, consumer lifestyle), 4) technical (development of technical infrastructure, systems integration, system complexity, system tanks, design quality, technical speed of certificate production and verification, impermeability of hackers) and 5) Legal (legal licenses, penal laws, legislative body, e-commerce laws). It is suggested that in the field of digital signature implementation, special attention should be paid to rewriting rules, training users, creating a security culture, and digital signature policymakers should invite knowledge-based companies to cooperate in developing infrastructure and making relevant software competitive. Manuscript profile