|
|
|
 |
Search published articles |
 |
|
Showing 3 results for Type of Study: Technical Paper
Ahmad Rahdari, Mohammad Hesam Tadayon,
Volume 12, Issue 2 (2-2024)
Abstract
Cyber security education in Iran is not aligned with global standards and approaches, and three factors, the educational sector, training applicants and stakeholders, and companies do not have proper knowledge of the required specializations and work roles. Different specializations in cyber security work fields in Iran do not match the international standard puzzles and this has created security holes in the country's cyber ecosystem. People working in cyberspace need a combination of domain-specific knowledge, skills, abilities, and other expertise to be as reliable and resilient as the technologies they work with.
At the international level, several frameworks have been designed and implemented for the training and employment of cybersecurity professionals. The most important of which are the US National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, the European Cybersecurity Skills Framework (ECSF), and the Australian Signals Directorate (ASD) Cyber Skills Framework. In this paper, each of these frameworks is briefly introduced and their key features, including purpose, structure, and components, are reviewed and analyzed. In addition, their effectiveness in handling global organizations' challenges in creating and developing cybersecurity expert human resources is evaluated and analyzed critically. This review highlights the strengths and weaknesses of each framework, shows the propinquity of one of the frameworks to Iran's educational and labor markets, and provides recommendations for designing a national framework for training and employing cybersecurity professionals, which can be a great lesson for the country to ensure that the necessary measures are taken as soon as possible by those in charge.
Morteza Asadi, Mohammad Reza Zamani, Kasra Tawakoli,
Volume 13, Issue 1 (8-2024)
Abstract
Passwords have been utilized as the primary means of authentication since the inception of the World Wide Web and the introduction of online services. The security risks associated with the use of passwords and their vulnerabilities to various types of cyberattacks have rendered this method no longer secure. In recent years, online service providers have sought to protect their users and data from cyber threats by implementing various multi-factor authentication methods. Although these methods have been successful in reducing the incidence of security breaches, they have generally resulted in increased complexity for users. The FIDO standard employs asymmetric encryption, mandates the storage of the private key on the user’s device, and combines it with biometric factors, thereby enabling the most secure authentication method for systems while simplifying the process for users [1-4]. This standard monitors the entire authentication process and prevents potential risks by establishing regulations within operating systems, browsers, and authentication tools. Rahavard Samanehaye Amn Company has implemented this standard locally, offering FIDO authentication under the product name ”Neshane” for smart phones. This article discusses the applications, specifications, and capabilities of this standard and the developed product.
Babak Siabi, Parvin Rastegari,
Volume 13, Issue 1 (8-2024)
Abstract
Due to the increasing amount of data collection and processing in today’s digital world, preserving individual and organizational privacy has become an undeniable necessity. In this regard, alongside the efforts of scientific and research centers to address privacy issues, several laws have been established in different countries. Among these, the General Data Protection Regulation (GDPR) at the European level is widely regarded by researchers as the most significant change in the field of privacy laws in recent decades and serves as a strong model for managing personal data. Based on this, in this article, to explore the multifaceted nature of privacy, we first review the history of privacy protection, then focus on the GDPR law. Some of the most important points and considerations regarding the nature and structure of this law, as well as the necessity and challenges of compliance with it, are presented. Additionally, the extensive measures outlined in this law for the implementation and enforcement of privacy protection mechanisms are discussed. Finally, by mapping the discussed content to the current state of privacy in Iran, some key points for the practical implementation of privacy laws in Iran are highlighted.
|
|
