Sherif Elhennawy - Profile on Academia.edu (original) (raw)
Uploads
Papers by Sherif Elhennawy
Computer-Assisted Audit Tools for IS Auditing
Internet of Things—Applications and Future
Security Management Techniques and Tools for IS Auditing
2019 First International Conference of Intelligent Computing and Engineering (ICOICE)
Every organization needs to constitute a strong information system (IS) and security management i... more Every organization needs to constitute a strong information system (IS) and security management in order to improve its business processes with the best practices. Information system processes must be reviewed and audited by IS auditors. IS auditors use a set of tools and techniques to perform the auditing process on the organizations. In this paper, we evaluate a set of tools and techniques which perform the security management of the organizations. Also, we classify the security management into five domains such as processes of auditing, governance and management, IS acquisitions and development, IS operations and support, and protection of information assets. Each domain has a set of auditing tasks. These tasks need inputs from various knowledge sources such as planning, risk assessment, evidence collection, laws and regulations, etc. Moreover, these tasks are performed through a number of tools and techniques in order to automate the security management process for IS auditors. The evaluation of tools and techniques target the security areas such as management, risk management and internal auditing controls with auditing tasks. Our main contribution is to determine the processes, tasks, and the suitable tools/techniques for each information system area from cybersecurity perspective. Moreover, each organization can analyze the security gaps in order to find a suitable solution for bridging these gaps.
Adopting security maturity model to the organizations’ capability model
Egyptian Informatics Journal
Cybersecurity Tools for IS Auditing
2018 Sixth International Conference on Enterprise Systems (ES), 2018
In a time of growing threats and advancing circumstances, receiving and keeping up a strong cyber... more In a time of growing threats and advancing circumstances, receiving and keeping up a strong cybersecurity profile in the enterprises are crucial. Important data and resources must be protected. Nowadays, cybersecurity became a predominant issue facing most organizations. It is recognized by organizations as an enterprise-wide issue requiring protection and detection from possible and malicious attacks to protect enterprise information assets. Hence, enterprises are obligated to use multiple tools for covering most of the cybersecurity aspects through different operations and for supporting different levels of users. Information systems auditing is becoming more difficult due to the rapidly developing technological threats. Hence, having these audits and reviews performed by independent functions increase the likelihood of detecting control weaknesses and provides further checks. These control issues are typically not due to the failure of the technology. However, they are mostly the result of individuals not executing the process, or using a process that is poorly defended. The main purpose of this research is to make a comparative study of the capabilities of most of the available automated cybersecurity auditing tools for frontend cloud computing. The results of this comparative study lead to knowing how to secure the enterprise's assets by using automated tools and techniques. Also, it uses clear steps to gather the information to provide the evidence required in the final report of IS auditing.
Security Management Techniques and Tools for IS Auditing
2019 First International Conference of Intelligent Computing and Engineering (ICOICE), 2019
Every organization needs to constitute a strong information system (IS) and security management i... more Every organization needs to constitute a strong information system (IS) and security management in order to improve its business processes with the best practices. Information system processes must be reviewed and audited by IS auditors. IS auditors use a set of tools and techniques to perform the auditing process on the organizations. In this paper, we evaluate a set of tools and techniques which perform the security management of the organizations. Also, we classify the security management into five domains such as processes of auditing, governance and management, IS acquisitions and development, IS operations and support, and protection of information assets. Each domain has a set of auditing tasks. These tasks need inputs from various knowledge sources such as planning, risk assessment, evidence collection, laws and regulations, etc. Moreover, these tasks are performed through a number of tools and techniques in order to automate the security management process for IS auditors. The evaluation of tools and techniques target the security areas such as management, risk management and internal auditing controls with auditing tasks. Our main contribution is to determine the processes, tasks, and the suitable tools/techniques for each information system area from cybersecurity perspective. Moreover, each organization can analyze the security gaps in order to find a suitable solution for bridging these gaps.
Computer-Assisted Audit Tools for IS Auditing
Internet of Things—Applications and Future, 2020
Adopting security maturity model to the organizations’ capability model
Egyptian Informatics Journal, 2020
Abstract Each organization faces threats and risks in daily operations. One of the main risks is ... more Abstract Each organization faces threats and risks in daily operations. One of the main risks is how to assess the security level to protect from the increasing risks associated with technology evolution. So, organizations can specify the required approaches and skills. In this paper, we propose a security maturity model that classifies the organizations into five levels. Each level determines the technologies and process capability used by the organizations. There is a set of factors that can help in determining the security maturity level, such as technology, people, and infrastructure. This paper adopts an Information Security Management model to assess organization’s security level. The authors make a correspondence between maturity levels and security levels in an organization. Also, the proposed process capability controls influence both levels. The proposed model helps the organizations bridging the cybersecurity gaps. These gaps relate to talent, technology, organizational units, financial, management and operations gaps. Thus, the model helps the cybersecurity auditors to create a comprehensive plan for measuring the security level of the organization. This plan can manage and develop the organization’s automated countermeasures. Also, it can help in applying the suitable standard and framework based on the organization’s daily operation. Cybersecurity auditors use cybersecurity techniques and tools to assess the organization’s postures. Finally, the authors applied the security maturity controls in two case studies: retirement organization and public telecommunication corporation in the Republic of Yemen.
Information Security Journal: A Global Perspective, 2020
In cases of injuries in the oral cavity, the mouthwash comes in contact with the underlying gingi... more In cases of injuries in the oral cavity, the mouthwash comes in contact with the underlying gingival connective tissue and should have its cytotoxicity assessed. However, there is no available evidence if cells of elderly donors react differently during in vitro assessments of mouthwashes. This study aimed to compare the cytotoxicity evaluation of two different mouthwash types when assessed with primary gingival fibroblasts from either young and older donors. Primary cells were collected from two elderly patients (mean age 66.5 years old) and two young patients (mean age 27.5 years old). The primary cell culture was produced from gingival fragments and exposed for 24h in Perioxidin ® and Oral B ® . A control group was exposed to unconditioned culture media, representing 100% of cell survival (negative control), and 200mg/mL solution of latex fragments was used as a positive control due to its well-known toxicity. Both products presented similar dose-dependent cytotoxicity. In the toxic range, from 0.035% to 0.00035% for Perioxidin ® and 0.06 to 0.0006% for Oral B ® . The calculated IC50 values were very similar, with the exception of Oral B ® tested with young cells, which presented a slightly higher toxic concentration (0.0523 mM). The statistical analysis shows no significant difference between tests with cells from young our elderly donors (p >0.05). These mouthwashes should should be used sparingly to prevent the spread of SARS-CoV-2. However, the use of agematched cells during in vitro tests may not be necessary to predict differences in the biological response of the elderly to these products.
Computer-Assisted Audit Tools for IS Auditing
Internet of Things—Applications and Future
Security Management Techniques and Tools for IS Auditing
2019 First International Conference of Intelligent Computing and Engineering (ICOICE)
Every organization needs to constitute a strong information system (IS) and security management i... more Every organization needs to constitute a strong information system (IS) and security management in order to improve its business processes with the best practices. Information system processes must be reviewed and audited by IS auditors. IS auditors use a set of tools and techniques to perform the auditing process on the organizations. In this paper, we evaluate a set of tools and techniques which perform the security management of the organizations. Also, we classify the security management into five domains such as processes of auditing, governance and management, IS acquisitions and development, IS operations and support, and protection of information assets. Each domain has a set of auditing tasks. These tasks need inputs from various knowledge sources such as planning, risk assessment, evidence collection, laws and regulations, etc. Moreover, these tasks are performed through a number of tools and techniques in order to automate the security management process for IS auditors. The evaluation of tools and techniques target the security areas such as management, risk management and internal auditing controls with auditing tasks. Our main contribution is to determine the processes, tasks, and the suitable tools/techniques for each information system area from cybersecurity perspective. Moreover, each organization can analyze the security gaps in order to find a suitable solution for bridging these gaps.
Adopting security maturity model to the organizations’ capability model
Egyptian Informatics Journal
Cybersecurity Tools for IS Auditing
2018 Sixth International Conference on Enterprise Systems (ES), 2018
In a time of growing threats and advancing circumstances, receiving and keeping up a strong cyber... more In a time of growing threats and advancing circumstances, receiving and keeping up a strong cybersecurity profile in the enterprises are crucial. Important data and resources must be protected. Nowadays, cybersecurity became a predominant issue facing most organizations. It is recognized by organizations as an enterprise-wide issue requiring protection and detection from possible and malicious attacks to protect enterprise information assets. Hence, enterprises are obligated to use multiple tools for covering most of the cybersecurity aspects through different operations and for supporting different levels of users. Information systems auditing is becoming more difficult due to the rapidly developing technological threats. Hence, having these audits and reviews performed by independent functions increase the likelihood of detecting control weaknesses and provides further checks. These control issues are typically not due to the failure of the technology. However, they are mostly the result of individuals not executing the process, or using a process that is poorly defended. The main purpose of this research is to make a comparative study of the capabilities of most of the available automated cybersecurity auditing tools for frontend cloud computing. The results of this comparative study lead to knowing how to secure the enterprise's assets by using automated tools and techniques. Also, it uses clear steps to gather the information to provide the evidence required in the final report of IS auditing.
Security Management Techniques and Tools for IS Auditing
2019 First International Conference of Intelligent Computing and Engineering (ICOICE), 2019
Every organization needs to constitute a strong information system (IS) and security management i... more Every organization needs to constitute a strong information system (IS) and security management in order to improve its business processes with the best practices. Information system processes must be reviewed and audited by IS auditors. IS auditors use a set of tools and techniques to perform the auditing process on the organizations. In this paper, we evaluate a set of tools and techniques which perform the security management of the organizations. Also, we classify the security management into five domains such as processes of auditing, governance and management, IS acquisitions and development, IS operations and support, and protection of information assets. Each domain has a set of auditing tasks. These tasks need inputs from various knowledge sources such as planning, risk assessment, evidence collection, laws and regulations, etc. Moreover, these tasks are performed through a number of tools and techniques in order to automate the security management process for IS auditors. The evaluation of tools and techniques target the security areas such as management, risk management and internal auditing controls with auditing tasks. Our main contribution is to determine the processes, tasks, and the suitable tools/techniques for each information system area from cybersecurity perspective. Moreover, each organization can analyze the security gaps in order to find a suitable solution for bridging these gaps.
Computer-Assisted Audit Tools for IS Auditing
Internet of Things—Applications and Future, 2020
Adopting security maturity model to the organizations’ capability model
Egyptian Informatics Journal, 2020
Abstract Each organization faces threats and risks in daily operations. One of the main risks is ... more Abstract Each organization faces threats and risks in daily operations. One of the main risks is how to assess the security level to protect from the increasing risks associated with technology evolution. So, organizations can specify the required approaches and skills. In this paper, we propose a security maturity model that classifies the organizations into five levels. Each level determines the technologies and process capability used by the organizations. There is a set of factors that can help in determining the security maturity level, such as technology, people, and infrastructure. This paper adopts an Information Security Management model to assess organization’s security level. The authors make a correspondence between maturity levels and security levels in an organization. Also, the proposed process capability controls influence both levels. The proposed model helps the organizations bridging the cybersecurity gaps. These gaps relate to talent, technology, organizational units, financial, management and operations gaps. Thus, the model helps the cybersecurity auditors to create a comprehensive plan for measuring the security level of the organization. This plan can manage and develop the organization’s automated countermeasures. Also, it can help in applying the suitable standard and framework based on the organization’s daily operation. Cybersecurity auditors use cybersecurity techniques and tools to assess the organization’s postures. Finally, the authors applied the security maturity controls in two case studies: retirement organization and public telecommunication corporation in the Republic of Yemen.
Information Security Journal: A Global Perspective, 2020
In cases of injuries in the oral cavity, the mouthwash comes in contact with the underlying gingi... more In cases of injuries in the oral cavity, the mouthwash comes in contact with the underlying gingival connective tissue and should have its cytotoxicity assessed. However, there is no available evidence if cells of elderly donors react differently during in vitro assessments of mouthwashes. This study aimed to compare the cytotoxicity evaluation of two different mouthwash types when assessed with primary gingival fibroblasts from either young and older donors. Primary cells were collected from two elderly patients (mean age 66.5 years old) and two young patients (mean age 27.5 years old). The primary cell culture was produced from gingival fragments and exposed for 24h in Perioxidin ® and Oral B ® . A control group was exposed to unconditioned culture media, representing 100% of cell survival (negative control), and 200mg/mL solution of latex fragments was used as a positive control due to its well-known toxicity. Both products presented similar dose-dependent cytotoxicity. In the toxic range, from 0.035% to 0.00035% for Perioxidin ® and 0.06 to 0.0006% for Oral B ® . The calculated IC50 values were very similar, with the exception of Oral B ® tested with young cells, which presented a slightly higher toxic concentration (0.0523 mM). The statistical analysis shows no significant difference between tests with cells from young our elderly donors (p >0.05). These mouthwashes should should be used sparingly to prevent the spread of SARS-CoV-2. However, the use of agematched cells during in vitro tests may not be necessary to predict differences in the biological response of the elderly to these products.