Special Issue JITA on Cybersecurity

Cybersecurity is the practice of defending computers, servers, mobile devices, electronic

systems, networks, and data from malicious attacks. The term applies in a variety of
contexts, from business to mobile computing, and can be divided into a few common
categories.
 Network security is the practice of securing a computer network from intruders,
whether targeted attackers or opportunistic malware.
 Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data its designed to protect.
Successful security begins in the design stage, well before a program or device is
deployed.
 Information security protects the integrity and privacy of data, both in storage and in
transit.
 Operational security includes the processes and decisions for handling and
protecting data assets. The permissions users have when accessing a network and the
procedures that determine how and where data may be stored or shared all fall
under this umbrella.
 Disaster recovery and business continuity define how an organization responds to a
cybersecurity incident or any other event that causes the loss of operations or data.
Disaster recovery policies dictate how the organization restores its operations and
information to return to the same operating capacity as before the event. Business
continuity is the plan the organization falls back on while trying to operate without
certain resources.
 End-user education addresses the most unpredictable cyber-security factor: people.
Anyone can accidentally introduce a virus to an otherwise secure system by failing to
follow good security practices. Teaching users to delete suspicious email
attachments, not plug in unidentified USB drives, and various other important lessons
is vital for the security of any organization.

Cybersecurity is important because government, military, corporate, financial, and medical

organizations collect, process, and store unprecedented amounts of data on computers and
other devices. A significant portion of that data can be sensitive information, whether that
be intellectual property, financial data, personal information, or other types of data for
which unauthorized access or exposure could have negative consequences. Organizations
transmit sensitive data across networks and to other devices in the course of doing
businesses, and Cybersecurity describes the discipline dedicated to protecting that
information and the systems used to process or store it. As the volume and sophistication of
cyber attacks grow, companies and organizations, especially those that are tasked with
safeguarding information relating to national security, health, or financial records, need to
take steps to protect their sensitive business and personnel information. For an effective
Cybersecurity, an organization needs to coordinate its efforts throughout its entire
information system.
The most difficult challenge in Cybersecurity is the ever-evolving nature of security risks
themselves. Traditionally, organizations and the government have focused most of their
Cybersecurity resources on perimeter security to protect only their most crucial system
components and defend against known treats. Today, this approach is insufficient, as the
threats advance and change more quickly than organizations can keep up with. As a result,
advisory organizations promote more proactive and adaptive approaches to Cybersecurity.
Similarly, nation-wide institutions responsible for Cybersecurity (e.g. NIST) issued guidelines
in its risk assessment framework that recommend a shift toward continuous monitoring and
real-time assessments, a data-focused approach to security as opposed to the traditional
perimeter-based model. One of the ways is to adopt a Cybersecurity framework which is a
set of policies and procedures meant to improve your organization's Cybersecurity
strategies. These frameworks are created by various Cybersecurity orgs (including some
government agencies) to serve as guidelines for organizations to improve their
Cybersecurity.

Any Cybersecurity framework will provide detailed direction on how to implement a five-
step Cybersecurity process:
 Identifying vulnerable assets within the organization
 Protecting assets and data, and taking care of necessary maintenance
 Detecting breaches or intrusions
 Responding to any such breaches
 Recovering from any damage to systems, data, and corporate finance and
reputation that result from the attack

Having in mind everything we mentioned above, it is perfectly clear why we decided to

dedicate a first edition of this year’s JITA journal to the field of Cybersecurity. This Special
Issue aspires to bring together contributions from researchers and practitioners working in
the broad area of Cybersecurity. We seek highquality articles presenting state-of-the-art
(and beyond) Cybersecurity mechanisms, frameworks, protocols, algorithms, policies, user
studies, as well as Cybersecurity risk and threat models.

Potential topics include but are not limited to the following:

 Cybersecurity advanced threats and vulnerabilities
 Cybersecurity attacks and possible defenses
 Cybersecurity risk management
 Cybersecurity standard frameworks (ISO 27xxx, NIST, etc.)
 Cryptographic algorithms (symmetric, asymmetric, hash functions)
 Cryptanalysis
 Cryptographic protocols
 Cryptographic applications in information security
 Design of cryptographic systems
 Key Management
 Post-quantum cryptography
  Cyberphysical Security
 Data and Application Security
 Authentication algorithms and protocols
 Federated identity management
 Anonymity & Pseudonymity
 Identity and access management in IoT, IIoT, Industry 4.0 and digital manufacturing
scenarios
 Biometrics
 Authorization (RBAC, etc.)
 Access control models in the Industry 4.0
 Cybersecurity measures (IAM, EPS, SIEM, BCM, NAC, MDM, DLP, etc.)
 Email and web security
 Network Security
 Security and Privacy for Big Data
 Security and Privacy in the Cloud
 Security in the Internet of Things
 Wireless and Mobile computing security and privacy
 Database security
 Security Architectures
 Security Metrics
 Artificial Intelligence and Machine Learning in Cybersecurity
 Smart cards and HSMs
 Digital signature and digital certificates
 Trust services in particular for electronic signatures, electronic seals, electronic time
stamps, electronic registered delivery and website authentication
 Cybersecurity in Critical infrastructures
 Cybersecurity legislation (eIDAS, NIS, PSD2, GDPR, etc.)
 PKI systems and protocols
 DLT and Blockchain technologies
 Cryptocurrencies
 Smart contracts
 Self-Sovereign identity and decentralized identity management

Paper Submission Deadline: April, 30th, 2020

Acceptance Notification: May, 15th, 2020

Submission of revised paper:        May, 30th, 2020

Publication date:                              mid July, 2020

The JITA Journal is an international scientific journal published in English language with both
electronic and printed versions.
The aim and scope of the Journal of Informational Technology and Applications (JITA) is:
1. to provide international dissemination of contributions in field of Information Technology,
2. to promote exchange of information and knowledge in research work and 3. to explore
the new developments and inventions related to the use of Information Technology towards
the structuring of an Information Society.
JITA provides a medium for exchanging research results and achievements accomplished by
the scientific community from academia and industry.