Nader Sohrabi Safa finished his postdoctoral at the Centre for Research in Information and Cyber Security, School of ICT, Nelson Mandela Metropolitan University, Port Elizabeth, South Africa. He finished his PhD successfully at the Faculty of Computer Science and Information Technology, Information System Department, University of Malaya in 2014. He is member of IFIP TC 11 Working Group 12. His research focuses on Human Aspects of Information Security in Organizations in postdoctoral study. The findings of his studies have been published in prominent journals in this domain. Supervisors: Rossouw Von Solms
Advanced driver assistance systems (ADAS) have gained widespread adoption in the automotive indus... more Advanced driver assistance systems (ADAS) have gained widespread adoption in the automotive industry in recent years. Automatic parking assist (APA) is an important part of ADAS as it offers numerous benefits, such as safety improvements, space and time savings and fuel efficiency. However, it also introduces novel vulnerabilities, threats and risks that require attention. Vulnerabilities in the APA system may emerge as a result of its intricate design and the use of various communication protocols that adversaries could exploit to gain unauthorised systems access and undermine vehicle safety. Threats to the APA system may arise from diverse origins, including malicious actors, software defects and system malfunctions, which may lead to different types of attacks compromising the system's integrity and availability. The associated risks with the APA system can be considerable, potentially impacting the safety and confidentiality of the vehicle's occupants and other road user...
2018 IEEE Sciences and Humanities International Research Conference (SHIRCON), 2018
In this paper, we propose a risk management model of information security for Peruvian SMEs, taki... more In this paper, we propose a risk management model of information security for Peruvian SMEs, taking as reference the OCTAVE-S methodology and the ISO / IEC 27005 standard. The model consists of the 3 phases of OCTAVE-S (Construction of the threats profile, Identification of infrastructure vulnerabilities, and Strategies and security plans). This model contains the contemplated lists of ISO / IEC 27005, it also contains the calculation and the risk treatment of this standard. Likewise, the model adopts a quantitative approach that allows calculating the residual risk, for example, the most critical asset identified obtained 216 of risk value and the residual risk obtained was 109 of risk value, this is obtained on the basis of the effectiveness of the controls that are part of the proposed model, for example, formalize procedures and policies and their occasional review. This model provides guidelines for information security risks for companies. It was implemented in the sales process of a Peruvian SME of the ceramic sector, proving to be easy to use and it was possible to identify the necessary controls to reduce the risk, whose implementation reduces the risk by 53%.
ABSTRACT Companies lose their online customers due to the competitive business environment. Custo... more ABSTRACT Companies lose their online customers due to the competitive business environment. Customer loyalty is one of the important topics in the Electronic Commerce (E-commerce) domain. Gaining new loyal customers requires extensive expenditure of time and money. In addition, loyal customers are an important asset for a company, which brings long-term benefits. In this research, a comprehensive conceptual framework is presented that shows E-loyalty based on E-trust and E-satisfaction. The critical factors which influence E-trust and E-satisfaction are classified in organizational, customer and technological groups. Statistical analysis is applied for validity and reliability of the model. Another important method for estimation of uncertain measures is Artificial Neural Fuzzy Network System (ANFNS). E-trust and E-satisfaction data were used as inputs of the ANFIS and the output utilized E-loyalty. The result demonstrated, there is no difference between the aforementioned and the ANFIS model can be used for estimation of E-loyalty in E-commerce.
Abstract Blockchain-based platforms, particularly those based on permissioned blockchain, are inc... more Abstract Blockchain-based platforms, particularly those based on permissioned blockchain, are increasingly popular in a broad range of settings. In addition to security and privacy concerns, organizations seeking to implement such platforms also need to consider performance, especially in latency- or delay-sensitive applications. Performance is generally less studied in comparison to security and privacy, and therefore in this paper we survey existing empirical performance evaluations of different permissioned blockchain platforms published between 2015 and 2019, using a comparative framework. The framework comprises ten criteria. We then conclude the paper with a number of potential future research directions.
The global usage of more sophisticated web-based application systems is obviously growing very ra... more The global usage of more sophisticated web-based application systems is obviously growing very rapidly. Major usage includes the storing and transporting of sensitive data over the Internet. The growth has consequently opened up a serious need for more secured network and application security protection devices. Security experts normally equip their databases with a large number of signatures to help in the detection of known web-based threats. In reality, it is almost impossible to keep updating the database with the newly identified web vulnerabilities. As such, new attacks are invisible. This research presents a novel approach of Intrusion Detection System (IDS) in detecting unknown attacks on web servers using the Unified Intrusion Anomaly Detection (UIAD) approach. The unified approach consists of three components (preprocessing, statistical analysis, and classification). Initially, the process starts with the removal of irrelevant and redundant features using a novel hybrid fe...
Advanced driver assistance systems (ADAS) have gained widespread adoption in the automotive indus... more Advanced driver assistance systems (ADAS) have gained widespread adoption in the automotive industry in recent years. Automatic parking assist (APA) is an important part of ADAS as it offers numerous benefits, such as safety improvements, space and time savings and fuel efficiency. However, it also introduces novel vulnerabilities, threats and risks that require attention. Vulnerabilities in the APA system may emerge as a result of its intricate design and the use of various communication protocols that adversaries could exploit to gain unauthorised systems access and undermine vehicle safety. Threats to the APA system may arise from diverse origins, including malicious actors, software defects and system malfunctions, which may lead to different types of attacks compromising the system's integrity and availability. The associated risks with the APA system can be considerable, potentially impacting the safety and confidentiality of the vehicle's occupants and other road user...
2018 IEEE Sciences and Humanities International Research Conference (SHIRCON), 2018
In this paper, we propose a risk management model of information security for Peruvian SMEs, taki... more In this paper, we propose a risk management model of information security for Peruvian SMEs, taking as reference the OCTAVE-S methodology and the ISO / IEC 27005 standard. The model consists of the 3 phases of OCTAVE-S (Construction of the threats profile, Identification of infrastructure vulnerabilities, and Strategies and security plans). This model contains the contemplated lists of ISO / IEC 27005, it also contains the calculation and the risk treatment of this standard. Likewise, the model adopts a quantitative approach that allows calculating the residual risk, for example, the most critical asset identified obtained 216 of risk value and the residual risk obtained was 109 of risk value, this is obtained on the basis of the effectiveness of the controls that are part of the proposed model, for example, formalize procedures and policies and their occasional review. This model provides guidelines for information security risks for companies. It was implemented in the sales process of a Peruvian SME of the ceramic sector, proving to be easy to use and it was possible to identify the necessary controls to reduce the risk, whose implementation reduces the risk by 53%.
ABSTRACT Companies lose their online customers due to the competitive business environment. Custo... more ABSTRACT Companies lose their online customers due to the competitive business environment. Customer loyalty is one of the important topics in the Electronic Commerce (E-commerce) domain. Gaining new loyal customers requires extensive expenditure of time and money. In addition, loyal customers are an important asset for a company, which brings long-term benefits. In this research, a comprehensive conceptual framework is presented that shows E-loyalty based on E-trust and E-satisfaction. The critical factors which influence E-trust and E-satisfaction are classified in organizational, customer and technological groups. Statistical analysis is applied for validity and reliability of the model. Another important method for estimation of uncertain measures is Artificial Neural Fuzzy Network System (ANFNS). E-trust and E-satisfaction data were used as inputs of the ANFIS and the output utilized E-loyalty. The result demonstrated, there is no difference between the aforementioned and the ANFIS model can be used for estimation of E-loyalty in E-commerce.
Abstract Blockchain-based platforms, particularly those based on permissioned blockchain, are inc... more Abstract Blockchain-based platforms, particularly those based on permissioned blockchain, are increasingly popular in a broad range of settings. In addition to security and privacy concerns, organizations seeking to implement such platforms also need to consider performance, especially in latency- or delay-sensitive applications. Performance is generally less studied in comparison to security and privacy, and therefore in this paper we survey existing empirical performance evaluations of different permissioned blockchain platforms published between 2015 and 2019, using a comparative framework. The framework comprises ten criteria. We then conclude the paper with a number of potential future research directions.
The global usage of more sophisticated web-based application systems is obviously growing very ra... more The global usage of more sophisticated web-based application systems is obviously growing very rapidly. Major usage includes the storing and transporting of sensitive data over the Internet. The growth has consequently opened up a serious need for more secured network and application security protection devices. Security experts normally equip their databases with a large number of signatures to help in the detection of known web-based threats. In reality, it is almost impossible to keep updating the database with the newly identified web vulnerabilities. As such, new attacks are invisible. This research presents a novel approach of Intrusion Detection System (IDS) in detecting unknown attacks on web servers using the Unified Intrusion Anomaly Detection (UIAD) approach. The unified approach consists of three components (preprocessing, statistical analysis, and classification). Initially, the process starts with the removal of irrelevant and redundant features using a novel hybrid fe...
Uploads
Papers by Nader Sohrabi Safa