2020 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS)
The IEEE Russia North West Section and the European Centre for Quality (Moscow) are pleased to present the Proceedings of the 2020 International Conference "Quality Management, Transport and Information Security, Information Technologies" (IT&QM&IS). The Conference was held in Sochy, Russia on September 06–11, 2020. The Organizing Committee believes and trusts that we have been true to the spirit of collegiality that members of IEEE value whilst also maintaining a high standard as we reviewed papers, provided feedback and now present a strong body of published work in this collection of proceedings. The themes for this year's conference were chosen as a means of bringing together academics and industrialists, engineering and management research, manufacturing and teaching, and providing a basis for discussion of issues arising across the engineering and business community in relation to Quality Management, Information Technologies, Transport and Information Security aimed at developing engineers and managers for the future. The goal of these proceedings has been to present high quality work in an accessible medium, for use in a wide community of academics, engineers, managers, and industrialists, the community united by the key words Science, Education, Quality, Innovations in engineering. To achieve this aim, all abstracts were blind reviewed, and full papers submitted for publication in this journal of proceedings were subjected to a rigorous reviewing process.
Widespread acceptance and adoption of cloud computing calls for adaptation and development of existing risk assessment models of information systems. The approach suggested in this article can be used for risk assessment of information systems functioning on the basis of cloud computing technology, and assess the effectiveness of security measures.
The article deals with the problems associated with the widespread introduction of digital and information technologies in various sectors of the economy of the Russian Federation, including in the transport and logistics sector. Digitalization and informatization of the transport complex, logistics processes that were perceived not so long ago as something far from reality, today are the basis of modern transport business processes prove their necessity and efficiency. The paper analyzes various informational technical transport systems (ITS) of transport and transport infrastructure management, and shows that the implementation process is not quite systematic on Russian roads. It is shown that the lack of common standards and technological platforms leads to the emergence of a number of problems, such as electromagnetic and information incompatibility, unacceptable threats and risks, cyber security, organizational disunity, inconsistency and chaos of ITS management. It is shown that to create and ITS transport industry, it is necessary to promote a unified set of standards, a single technological platform, use the principles of system engineering and build an IT architecture and infrastructure. Not timely adoption of integration measures may further lead to a traffic collapse, or Russia's lag in the development of intelligent transport and transport infrastructure.
Some provisions of SWOT analysis and assessment of its productivity in business are criticized.
The use of hardware virtualization for ensuring information security is discussed. A review of various approaches to improving the security of software systems based on virtualization is given. A review of possible scenarios of using virtualization by intruders is also presented. The application domains and limitations of the available solutions and perspectives of future development in the field are discussed.
This paperwork overviews core technologies implemented by comparably new products at information security market - web application firewalls. Web applications are a very wide-used and convenient way of presenting remote users with access to corporate information resources. It can however become single point of failure rendering all the information infrastructure unreachable for legitimate clients. To prevent malicious access attempts to endpoint information resources and, intermediately, to web server, a new class of information security solutions has been created. Web application firewalls function at the highest, seventh layer of ISO/OSI model and serves as a controlling tunnel for all the traffic heading to and from company’s web application server(s). To ensure decent levels of traffic monitoring and intrusion prevention web application firewalls are equipped with various mechanisms of data exchange session “normalness” control. These mechanisms include protocol check routines, machine learning techniques, traffic signature analysis and more dedicated means like denial of service, XSS injection and CRRF attack prevention. Ability to research and add user rules to be processed along with vendor-provided ones is important since every company has its own security policy and, therefore the web application firewall should provide security engineers with ways to tweak its rules to reflect the security policy more precisely. This research is based on wide practice experience integrating web application firewalls into security landscape of various organizations, their administration and customization. We illustrate our research of available filtering mechanisms and their implementations with example product features by market leaders, schemes and screenshots from real web application firewall systems.
The Conference is focused on the actual problems in the field of Quality Management, Transport and Information Security, Information Technologies (Navigation and Information Systems, Information Security Systems and Computer Security, Transport Security Management, Information and Communication Technologies in Education, Scientific Research and Economy, Automation of Business Processes, Automated Systems of Control and Quality Management, Quality Management Systems including Integrated Systems of Quality Management of Information Systems (Implementation, Certification, Auditing), Engineering Management, IT Service Management, Management of Projects and Risks as well as other issues related to the field). Previous Conferences on these topics revealed great interest of both Russian and foreign researchers in this issues. Organizing and hosting the 2016 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS) in Russia is of great value for exchange of research ideas and practical results in this field, for discovering new problems and development trends, for development of new effective practical methods and tools targeted on solving complex practical problems. During the IT&MQ&IS 2016 Conference sessions, it is expected and planned to discuss a wide range of issues, both of theoretical and practical value. One of the key Conference aims is also attracting young researchers and practitioners to discussions and exchange of ideas with the professional community.
The paper provides a number of proposed draft operational guidelines for technology measurement and includes a number of tentative technology definitions to be used for statistical purposes, principles for identification and classification of potentially growing technology areas, suggestions on the survey strategies and indicators. These are the key components of an internationally harmonized framework for collecting and interpreting technology data that would need to be further developed through a broader consultation process. A summary of definitions of technology already available in OECD manuals and the stocktaking results are provided in the Annex section.