Статті в журналах з теми "Human aspects of cyber security"
Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: Human aspects of cyber security.
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-50 статей у журналах для дослідження на тему "Human aspects of cyber security".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте статті в журналах для різних дисциплін та оформлюйте правильно вашу бібліографію.
1
Begishev, I. R. "Cyber-Security Culture: Psychological and Legal Aspects." Psychology and Law 11, no. 4 (2021): 207–20. http://dx.doi.org/10.17759/psylaw.2021110415.
Повний текст джерелаАнотація:
Digitalization has become part and parcel of the modern-day human activities. Nowadays it is going into every field of business and personal life. To develop and prosper, most organizations need IT systems, and hence to take the safeguarding of their informational assets seriously. Many of the processes which are essential for securing their IT assets, largely depend on human interaction. This study has attempted to address the culture of cyber-security in the light of psychology and law. The results of the research showed that from the psychological standpoint, the culture of cyber-security involves the willingness on the part of a modern human to overcome the digital expansion by mastering the tools for countering the negative IT factors. In its turn, from the legal standpoint, the culture of cyber-security is based on the legislative framework which regulates the legal relations in the field of cyber-security.
2
R., Moinescu. "Aspects of human weaknesses in cyber security." Scientific Bulletin of Naval Academy XXII, no. 1 (July 15, 2019): 163–70. http://dx.doi.org/10.21279/1454-864x-19-i1-022.
Повний текст джерелаАнотація:
Along with the development of information technology in recent years, awareness about the security of computer systems is also increasing. Because the human factor is often guilty of the vulnerabilities to which an information system is exposed, this paper will research and evaluate disparate attack vectors which are being utilized today to successfully exploit human weaknesses. We will also try to create a mechanism to mitigate against these attack vectors.
3
Nel, Frans, and Lynette Drevin. "Key elements of an information security culture in organisations." Information & Computer Security 27, no. 2 (June 12, 2019): 146–64. http://dx.doi.org/10.1108/ics-12-2016-0095.
Повний текст джерелаАнотація:
Purpose The purpose of this paper is to report on a study that investigated the information security culture in organisations in South Africa, with the aim of identifying key aspects of the culture. The unique aspects for building an information security culture were examined and presented in the form of an initial framework. These efforts are necessary to address the critical human aspect of information security in organisations where risky cyber behaviour is still experienced. Design/methodology/approach Literature was investigated with the focus on the main keywords security culture and information security. The information security culture aspects of different studies were compared and analysed to identify key elements of information security culture after which an initial framework was constructed. An online survey was then conducted in which respondents were asked to assess the importance of the elements and to record possible missing elements/aspects regarding their organisation’s information security culture to construct an enhanced framework. Findings A list of 21 unique security culture elements was identified from the literature. These elements/aspects were divided into three groups based on the frequency each was mentioned or discussed in studies. The number of times an element was found was interpreted as an indication of how important that element/aspect is. A further four aspects were added to the enhanced framework based on the results that emerged from the survey. Originality/value The value of this research is that an initial framework of information security culture aspects was constructed that can be used to ensure that an organisation incorporates all key aspects in its own information security culture. This framework was further enhanced from the results of the survey. The framework can also assist further studies related to the information security culture in organisations for improved security awareness and safer cyber behaviour of employees.
4
Pattinson, Malcolm, Marcus Butavicius, Meredith Lillie, Beau Ciccarello, Kathryn Parsons, Dragana Calic, and Agata McCormac. "Matching training to individual learning styles improves information security awareness." Information & Computer Security 28, no. 1 (November 11, 2019): 1–14. http://dx.doi.org/10.1108/ics-01-2019-0022.
Повний текст джерелаАнотація:
Purpose This paper aims to introduce the concept of a framework of cyber-security controls that are adaptable to different types of organisations and different types of employees. One of these adaptive controls, namely, the mode of training provided, is then empirically tested for its effectiveness. Design/methodology/approach In total, 1,048 working Australian adults completed the human aspects of the information security questionnaire (HAIS-Q) to determine their individual information security awareness (ISA). This included questions relating to the various modes of cyber-security training they had received and how often it was provided. Also, a set of questions called the cyber-security learning-styles inventory was used to identify their preferred learning styles for training. Findings The extent to which the training that an individual received matched their learning preferences was positively associated with their information security awareness (ISA) level. However, the frequency of such training did not directly predict ISA levels. Research limitations/implications Further research should examine the influence of matching cyber-security learning styles to training packages more directly by conducting a controlled trial where the training packages provided differ only in the mode of learning. Further research should also investigate how individual tailoring of aspects of an adaptive control framework (ACF), other than training, may improve ISA. Practical implications If cyber-security training is adapted to the preferred learning styles of individuals, their level of ISA will improve, and therefore, their non-malicious behaviour, whilst using a digital device to do their work, will be safer. Originality/value A review of the literature confirmed that ACFs for cyber-security does exist, but only in terms of hardware and software controls. There is no evidence of any literature on frameworks that include controls that are adaptable to human factors within the context of information security. In addition, this is the first study to show that ISA is improved when cyber-security training is provided in line with an individual’s preferred learning style. Similar improvement was not evident when the training frequency was increased suggesting real-world improvements in ISA may be possible without increasing training budgets but by simply matching individuals to their desired mode of training.
5
Quader, Faisal, and Vandana P. Janeja. "Insights into Organizational Security Readiness: Lessons Learned from Cyber-Attack Case Studies." Journal of Cybersecurity and Privacy 1, no. 4 (November 11, 2021): 638–59. http://dx.doi.org/10.3390/jcp1040032.
Повний текст джерелаАнотація:
This paper focuses on understanding the characteristics of multiple types of cyber-attacks through a comprehensive evaluation of case studies of real-world cyber-attacks. For each type of attack, we identify and link the attack type to the characteristics of that attack and the factors leading up to the attack, as observed from the review of case studies for that type of attack. We explored both the quantitative and qualitative characteristics for the types of attacks, including the type of industry, the financial intensity of the attack, non-financial intensity impacts, the number of impacted customers, and the impact on users’ trust and loyalty. In addition, we investigated the key factors leading up to an attack, including the human behavioral aspects; the organizational–cultural factors at play; the security policies adapted; the technology adoption and investment by the business; the training and awareness of all stakeholders, including users, customers and employees; and the investments in cybersecurity. In our study, we also analyzed how these factors are related to each other by evaluating the co-occurrence and linkage of factors to form graphs of connected frequent rules seen across the case studies. This study aims to help organizations take a proactive approach to the study of relevant cyber threats and aims to educate organizations to become more knowledgeable through lessons learned from other organizations experiencing cyber-attacks. Our findings indicate that the human behavioral aspects leading up to attacks are the weakest link in the successful prevention of cyber threats. We focus on human factors and discuss mitigation strategies.
6
Vieane, Alex, Gregory Funke, Robert Gutzwiller, Vincent Mancuso, Ben Sawyer, and Christopher Wickens. "Addressing Human Factors Gaps in Cyber Defense." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 60, no. 1 (September 2016): 770–73. http://dx.doi.org/10.1177/1541931213601176.
Повний текст джерелаАнотація:
Cyber security is a high-ranking national priority that is only likely to grow as we become more dependent on cyber systems. From a research perspective, currently available work often focuses solely on technological aspects of cyber, acknowledging the human in passing, if at all. In recent years, the Human Factors community has begun to address human-centered issues in cyber operations, but in comparison to technological communities, we have only begun to scratch the surface. Even with publications on cyber human factors gaining momentum, there still exists a major gap in the field between understanding of the domain and currently available research meant to address relevant issues. The purpose for this panel is to continue to expand the role of human factors in cyber research by introducing the community to current work being done, and to facilitate collaborations to drive future research. We have assembled a panel of scientists across multiple specializations in the human factors community to have an open discussion regarding how to leverage previous human factors research and current work in cyber operations to continue to push the bounds of the field.
7
Balaganesh, Duraisamy. "Future of Secure Remote Workforce Perspective - What’s Next?" IRO Journal on Sustainable Wireless Systems 4, no. 3 (September 5, 2022): 149–61. http://dx.doi.org/10.36548/jsws.2022.3.002.
Повний текст джерелаАнотація:
Recently, finding a connection between changes in work habits and the controls put in place to handle cyber security threats is an innovative area of study. Surveys and conversations with subject matter experts are utilized to gather data. Since many employees struggle with the psychological and emotional aspects of working remotely, employers and information security managers are expected to continue to devote more resources to mitigating human-factor threats, which have multiplied during the COVID-19 epidemic. Consequently, the research has focused on approaches to manage or enhance security in the light of the COVID-19 pandemic's impact on present cyber threats and issues. Moreover, this article consists of various perspectives such as remote work environment, privacy authentication procedure and future security procedure.
8
Sebestyen, Gheorghe, and Anca Hangan. "Anomaly detection techniques in cyber-physical systems." Acta Universitatis Sapientiae, Informatica 9, no. 2 (December 20, 2017): 101–18. http://dx.doi.org/10.1515/ausi-2017-0007.
Повний текст джерелаАнотація:
AbstractNowadays, when multiple aspects of our life depend on complex cyber-physical systems, automated anomaly detection, prevention and handling is a critical issue that inuence our security and quality of life. Recent catastrophic events showed that manual (human-based) handling of anomalies in complex systems is not recommended, automatic and intelligent handling being the proper approach. This paper presents, through a number of case studies, the challenges and possible solutions for implementing computer-based anomaly detection systems.
9
Horbachenko, S. "Cyber security as a component of economic security of Ukraine." Galic'kij ekonomičnij visnik 66, no. 5 (2020): 180–86. http://dx.doi.org/10.33108/galicianvisnyk_tntu2020.05.180.
Повний текст джерелаАнотація:
The main essential aspects of the country economic security as a foundation for structural change and sustainable development of the national economy, strengthening its competitiveness, improvement of the economic entities efficiency are formulated in this paper. The processes affecting the economic security at the state, regions and individual enterprises levels are identified. Taking into account the available classifications of the economic security components, the role of information and cybersecurity is highlighted. It is determined that almost in all classifications of information security in one form or another is considered as an opportunity for information support and protection of confidential information of the socio-economic system. It is proved that «cybersecurity» category is gradually shifting from micro to macro level, from the problems of information protection on individual devices in local networks to the creation of a single cybersecurity system as a full component of national security at the state level. The assessment of cyberspace as the environment for potential criminal actions in the field of unauthorized access to the confidential information, software failures, automated systems functional breakdowns is carried out. It is identified how such characteristics of economic security as countermeasures resistance to internal and external threats, economic independence, self-reproduction and self-development, national interests, can be supported and protected in cyberspace Proposals for creating an effective system of cybersecurity state regulation and conditions for online information exchange within «public authorities – private sector – civil society», triangle, optimization of staffing cyber protection, development of the system of economic indicators of cyberspace functioning are introduced. Emphasis is placed on the research prospects concerning the stimulation of innovative activity aimed at the creation of effective organizational and technological model of the national cybersecurity system, the implementation of human resources, optimization of domestic legislation.
10
Fausett, Crystal M., and Joseph R. Keebler. "Shift Happens: Human Factors Considerations for Handoffs in Cyber-Security Operations Centers." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 66, no. 1 (September 2022): 110–14. http://dx.doi.org/10.1177/1071181322661131.
Повний текст джерелаАнотація:
Cybersecurity breaches have consequences not only at a technical level, but also at economic, legal, individual levels. Organizations depend heavily on the internet to conduct daily operations and activities. As cyber threats increase with frequency and severity, organizations and the cybersecurity experts they employ are facing an uphill battle. To our knowledge, very little research has been done to investigate the handoff processes that exist in Security Operations Centers (SOCs). Researchers and practitioners within the cybersecurity community would benefit from a better understanding of how handoff mechanisms influence SOC team processes and performance. To help attain this goal, this paper aims to explore handoff processes within other domains and illuminate what aspects of handoffs may be extended to SOCs and in what ways handoffs performed in SOCs may need special consideration.
11
Ramadhan, Iqbal. "STRATEGI KEAMANAN CYBER SECURITY DI KAWASAN ASIA TENGGARA." Jurnal Asia Pacific Studies 3, no. 2 (January 16, 2020): 181–92. http://dx.doi.org/10.33541/japs.v3i1.1081.
Повний текст джерелаАнотація:
Cyber security is a new kind of topic in security studies. This issue came as prominent discourse when all the human aspect range from politics, military, economics and societal are connected to the cyber space. Cyber terrorism, cyber crime and cyber war are the most potential threat who come from the cyber world. As the strategic region in the world, South East Asia who has promising economic growth cannot escape from those threats. The aim of this research is to explain what kind of strategy that can be implemented in protecting the cyber security of South East Asia. To answer the research question, the author used mainstream approach such neorealism and neoliberalism. From the author’s perspective, ASEAN countries need to develop their technological power without ignoring the weightiness of interstate cooperation.
Keywords: cyber security, neorealism, neoliberalism, security studies, South East Asia
Abstrak
Keamanan cyber pada hakikatnya merupakan isu dalam studi keamanan yang terbilang masih sangat baru. Isu ini muncul ketika semua aspek kehidupan politik, militer, ekonomi, sosial dan budaya terhubung ke dunia maya. Ancaman cyber yang berpotensi sebagai ancaman adalah cyber terrorism, cyber crime dan cyber war. Asia Tenggara sebagai salah satu kawasan penting di dunia dengan tingkat pertumbuhan ekonomi yang cukup tinggi tidak terlepas dari ancaman tersebut. Penelitian ini bertujuan untuk membahas strategi seperti apakah yang paling tepat dalam menjaga keamanan cyber di kawasan Asia Tenggara. Dalam menjawab research question, peneliti menggunakan pendekatan mainstream seperti neorealism dan neoliberal. Pada intinya, negara yang tergabung sebagai anggota ASEAN perlu mengembangkan kemampuan power teknologinya tanpa mengesampingkan pentingnya kerja sama antar negara.
Kata Kunci: keamanan cyber, neorealis, neoliberalis, studi keamanan, Asia Tenggara
12
Nikel, Fosoh Holiness, and Austin Oguejiofor Amaechi. "An Assessment of Employee Knowledge, Awareness, Attitude towards Organizational Cybersecurity in Cameroon." Network and Communication Technologies 7, no. 1 (February 21, 2022): 1. http://dx.doi.org/10.5539/nct.v7n1p1.
Повний текст джерелаАнотація:
In our increasingly digitized and interconnected society, people are poorly protected against cyberthreats, with the main reason being user behavior. Human behavior and actions are unpredictable in nature and this make human an important element and enabler of cybersecurity. The objective of the study is promotion of adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organizations in Cameroon. We conducted a subjective study to measure the level of employees’ knowledge and general awareness, risky behavior they engage in, and attitude toward various aspects of cybersecurity and cyberthreats to show the need for user education, training, and awareness. For the study described in this paper, a self-report questionnaire was developed and data were collected from 214 participants. The results of a descriptive statistic percentage indicated that less than 50% of respondents have completed or has regular training program. We find that over 61% of the participants do not have sufficient knowledge of their organization cyber security policies. Among other findings, the over 60% of employees’ mistakes or violations of security policy are not disciplined or penalized is a demonstration of lack of legal status of cyber-attacks. Cyber resilience in any organization is a responsibility shared by both management and employees. Proactive human management element that can actively hunt for malicious activity and indicators of compromise is recommended.
13
TESAŘ, Aleš, Fabian BAXA, and Dalibor PROCHÁZKA. "M.A.D. AGAIN? Shift of the Term M.A.D. to the Cyber Domain." Obrana a strategie (Defence and Strategy) 22, no. 2 (December 16, 2022): 036–50. http://dx.doi.org/10.3849/1802-7199.22.2022.02.036-050.
Повний текст джерелаАнотація:
The article introduces a new meaning of the acronym M.A.D. (Mutually Assured Destruction) in the field of security. From the original connection with nuclear issues, its use is moving to the area of cyberspace. The text introduces the basic division of domains important for human activities. It explains their importance in terms of undeniable usability and availability for mankind, at the same time, it draws attention to their vulnerability and the need to ensure their protection. It deals in more details with the new fifth domain – cyberspace. In this context, security threats are mentioned and some legal aspects are indicated.
14
Salminen, Mirva. "Refocusing and Redefining Cybersecurity: Individual Security in the Digitalising European High North." Yearbook of Polar Law Online 10, no. 1 (2019): 321–56. http://dx.doi.org/10.1163/22116427_010010015.
Повний текст джерелаАнотація:
This article introduces cybersecurity in the discussion on security in the European High North in a redefined and refocused form. Instead of scrutinising the technical measures taken to protect the confidentiality, integrity and availability of information in systems and networks (information security) or the criticality of a number of digitally operated infrastructures to the functioning of society (national cybersecurity), it concentrates on the human being. It examines cybersecurity from an individual’s perspective by asking what kind of personal security concerns people may have with regard to digitalisation and how those are or are not present in the discussion on health and social security re-organisation in the Finnish Lapland. The theoretical foundation of this article rests within the human security framework. Individuals living their everyday lives in particular cyber-physical environments are taken as the referent object of security. In the digitalising European High North, multiple aspects of everyday security depend upon cybersecurity, including economic, environmental, and food securities. This article concentrates on health and social security. It examines linkages between the re-organisation of health and social security in Finland and personal security concerns with a particular focus on the case of Länsi-Pohja area in south-western Lapland. The overall aim is to create room for bottom-up influence on the primarily top-down processes of security production in the cyber-physical environment.
15
Neizvestny, Sergey. "Social Aspects of the Consequences of Artificial Intelligence Decision Making in a Digital Society." Sociological Journal 27, no. 2 (June 29, 2021): 90–108. http://dx.doi.org/10.19181/socjour.2021.27.2.8088.
Повний текст джерелаАнотація:
In recent decades, almost all areas of human activity are undergoing rapid digitalization and the introduction of artificial intelligence, which fundamentally affect social relations within society. In addition to the obvious benefits of using human-like intelligence in the modern digital world, there may also be negative consequences associated, first of all, with the processes of making important, large-scale management decisions by the cyber-management of a digital society. The problem of the impact on social security of decision-making by artificial intelligence in a digital society has not been sufficiently studied. The article considers the main social aspects of the problems related to the consequences of artificial intelligence making decisions. The main focus is the impact of decisions made by cyber managers on the social stability of a digital society. Some features of the emerging social relations “human – artificial intelligence”, “Manager – Cyber-manager” are considered. Based on analyzing the impact of the consequences of decision-making by artificial intelligence on social relations, a number of changes in the training system for digitalization processes are proposed, and requirements for the competence of specialists in developing and operating human-like intelligence are formulated. Based on the practical requirements of the modern IT sphere, the author has developed and introduced into the educational process a number of cycles of interdisciplinary lectures and practical seminars for future IT specialists in a digital society. A number of solutions to pedagogical problems related to the development of the analytical and creative abilities of future specialists, of architects and developers of cyber-systems and of managerial decision-making are proposed.
16
Herlambang, Penggalih Mahardika, Sylvia Anjani, Hendro Wijayanto, and Murni Murni. "CYBER SECURITY BEHAVIOR MODEL ON HEALTH INFORMATION SYSTEM USERS DURING COVID-19 PANDEMIC." Cyber Security dan Forensik Digital 3, no. 2 (December 11, 2020): 27–33. http://dx.doi.org/10.14421/csecurity.2020.3.2.2152.
Повний текст джерелаАнотація:
The use of the Health Information System raises the risk of data leakage which is mostly caused by internal health facilities. For this reason, an instrument is needed that can measure the behavior of users who are at risk for the health information system used to minimize the potential for these leaks. Develop and test the validity and reliability of the questionnaire based Human Aspect of Information Security Questionaire (HAIS-Q), Risky Security Behavior Scale (RScB), and the tendency of Internet users in Indonesia. Based on the research 4 aspects that affect the security of Health Information System, namely the use of electronic devices, access to healthinformation systems, internet behavior, and unusual events in health facilities. The questionnaire developed consisted of 27 question items was valid (r count> r table) and reliable (Alfa Chronbach value of 0.777). The developed questionnaire design can be applied to assess the risk of cyber attacks on Health Information Systemsin health facilities. Further research is needed to implement the design of the questionnaire.
17
Olivares Rojas, Juan Carlos, ENRIQUE REYES ARCHUNDIA, JOSE ANTONIO GUTIERREZ GNECCHI, ARTURO MENDEZ PATIÑO, JAIME CERDA JACOBO, and ISMAEL MOLINA MORENO. "A METHODOLOGY FOR CYBER HYGIENE IN SMART GRIDS." DYNA 97, no. 1 (January 1, 2022): 92–97. http://dx.doi.org/10.6036/10085.
Повний текст джерелаАнотація:
Although smart grids offer multiple advantages over traditional grids, there are still challenges to overcome to ensure the quality of service and grid security. In particular, cybersecurity plays an essential role in ensuring grid operation reliability and resilience to external threats. The traditional approach to address cybersecurity issues generally does not consider the human factor as the main component. Recently, the concept of cyber hygiene has emerged, where social and human aspects are fundamental to reduce vulnerabilities and the risk of attacks and breaches. In a similar manner to personal hygiene, which greatly influences people’s health, considering the human factor (i.e., human behaviour, awareness, and training) as a critical cybersecurity component, can significantly improve human operator cybersecurity practices that in turn can result in improved cybersecurity performance. In this paper, the authors propose and test a methodology for implementing cyber hygiene practices in the context of Smart Grid systems, focused on smart metering systems. The results suggest that implementing cyber hygiene practices can improve smart meter cybersecurity and be suitable for implementing other sensitive Smart Grid components. Key Words: Cybersecurity, Cyber Hygiene, Internet of Things, Smart Grid, Smart Meters.
18
Emake, Erhovwosere Donald, Ibrahim Adepoju Adeyanju, and Godwin Obruozie Uzedhe. "Industrial Control Systems (ICS): Cyber-attacks & Security Optimization." International Journal of Computer Engineering and Information Technology 12, no. 5 (May 31, 2020): 31–41. http://dx.doi.org/10.47277/ijceit/12(5)1.
Повний текст джерелаАнотація:
Cyber-security of digital industrial control system in reality is complex and challenging research area, due to various interconnections of electro-mechanical related components driving national critical infrastructures. These networked system components performs monitoring and controlling tasks in several industries and organization through the access of Internet connectivity across the world. More recently, there are myriad of security threats and attacks by malicious elements on ICS which now presents a priority to organizations and researchers for optimal security solutions. Development of the Internet and communication systems has also exacerbated such security concerns. Activities of cyber-attacks malicious elements on ICS may result in serious disaster in industrial environments, human casualties and loss. This paper critically looks at the SCADA/industrial control systems, architecture, cyber-attacks. Other aspect of the paper examines current ICS security technologies including a computational secured algorithm for PLC
19
Cser, Orsolya. "The Role and Security of Money from the Aspect of Cyber Warfare." Academic and Applied Research in Military and Public Management Science 14, no. 3 (September 30, 2015): 331–42. http://dx.doi.org/10.32565/aarms.2015.3.7.
Повний текст джерелаАнотація:
Security is one of the most basic human needs, which never appears alone, but always in response to an emergency situation. Internal security of a state means the protection of the political, social and economic order, and the elimination of hazards, such as the instrument of economic terrorism, cyber attack.Cyberspace is a major arena of modern warfare. Attacks against it have made it important for banking systems that IT systems be developed in the most secure manner both inside and outside the organisation.
20
Pawlak, Patryk. "The EUs Role in Shaping the Cyber Regime Complex." European Foreign Affairs Review 24, Issue 2 (May 1, 2019): 167–86. http://dx.doi.org/10.54648/eerr2019011.
Повний текст джерелаАнотація:
As various aspects of cyber-related policies become a priority for national and international stability, an increasing number of actors attempt to shape this policy area. With the EU expanding its international role in foreign and security policy globally – and gradually becoming a target of malicious cyber operations – it becomes critical to consider whether the European Union can play a more active role in shaping global cyber-related policies to effectively protect its citizens in the digital domain. As this article argues, the answer to this question depends on the concurrence of two major elements: the rapid evolution of the international digital environment and associated modes of global governance; and the institutional and policy processes within the European Union that help to deal with the complexity. This article aims to better understand factors influencing the EU’s position within the existing cyber-related regimes and mechanisms deployed by the EU and its member states to shape the policy debates in those venues. It concludes that the EU’s role as a global cyber-player is better understood through the prism of the global cyber regime complex and the strategies that the EU pursues within this complex, rather than by merely examining the effectiveness of its actions within individual regimes (e.g. cybercrime, stability, human rights).
21
Lehto, Martti, Aki-Mauri Huhtinen, and Saara Jantunen. "The Open Definition of Cyber." International Journal of Cyber Warfare and Terrorism 1, no. 2 (April 2011): 1–9. http://dx.doi.org/10.4018/ijcwt.2011040101.
Повний текст джерелаАнотація:
Security strategy work requires a definition for ’cyberspace’. This article discusses national definitions and analyses their contents. Defining what cyberspace is equals the exercise of political power. Therefore, it is important to discuss what the definitions mean in practice - whether cyberspace is seen as a restricted mathematical-technological domain or a social construction. Government publications highlight the technological aspect of cyberspace, whereas threats stem from human behaviour. For some, cyberspace is a primary operational environment for national security that must be protected with defensive and offensive military means. For others, cyberspace is primarily a digital civil society in which the free flow and usability of information and the identity and anonymity of citizens must be secured. Cyberspace can also be seen as a place for business, where material and immaterial products and services can be offered. The authors argue for the broad definition of cyberspace, incorporating both technological and social concepts. But cyberspace may never be comprehensively defined. If only a strictly technology-oriented approach is used to define cyberspace, many of its risks and problems cannot be addressed. Cyberspace allows the exercise of power; therefore, its definition should not be reduced to pure technology.
22
Hnatienko, Hryhoriy, and Natalia Tmenova. "DETERMINING THE PRIORITY OF CYBER SECURITY MEASURES FOR INCOMPLETE EXPERT RANKING." Information systems and technologies security, no. 1 (2) (2020): 9–15. http://dx.doi.org/10.17721/ists.2020.1.9-15.
Повний текст джерелаАнотація:
High-quality functioning of the information security system and solving problems that arise in the information protection, is currently a topical trend in various areas of human life. Successful cyber protection consist in creating and implementing a multi-level system of measures that cover various aspects with complex interact and complement each other. These measures have a different nature, and their priorities may differ significantly in terms of different services of the organization, so it is logical to formalize the sequence of cybersecurity implementation in a class of group choice tasks. The paper proposes a flexible mathematical apparatus for modeling information security problems and adequate application of the opinion analysis of experts’ team in practice. The approach to finding the resultant ranking of measures priority is described as a solution to the problem of multicriteria optimization, where the sequence of measures implementation may involve the interaction of performers and require regulation of the actions sequence of all elements and subsystems of the organizational system. This approach allows to combine different information security measures proposed by the experts of various departments; to find a compromise solution for a diverse group of experts; not to violate any expert's preferences under calculating the compromise ranking of cyber security measures. The proposed approach can be useful in developing appropriate cybersecurity measures and favorable in developing and implementing of rapid response procedures to threats, as well as it can be indispensable in the overall building or improving organization security system and it can contain elements of training, coordination, and complexity of expert team members, who are the heads of units of a single organizational system.
23
Gay, Chris, Barry Horowitz, John Elshaw, Philip Bobko, and Inki Kim. "Operator Suspicion and Decision Responses to Cyber-Attacks on Unmanned Ground Vehicle Systems." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 61, no. 1 (September 2017): 226–30. http://dx.doi.org/10.1177/1541931213601540.
Повний текст джерелаАнотація:
Cyber-attacks against cyber-physical systems (CPS), such as unmanned vehicles, are emergent threats with potentially catastrophic impacts, and this issue has drawn considerable interest by military agencies. Abundant body of research has attempted to address the physical security aspects of CPS; however, research addressing the human dimensions of cyber-attack detection and responses from an operator and operational perspective is sparse. This research has provided a novel probe into the human factors affecting operator resilience in responding to cyber-attacks, which are situations characterized by uncertainty and malicious intent. The variability of individual operators makes it improbable to grasp the full range of factors contributing to operator performance; however, the application of Suspicion Theory as proposed by Bobko et al. (2013), provides a starting point to aid in understanding operator performance in situations involving malicious intent (e.g. a cyber-attack). According to the theory, malicious intent is a critical component of operator suspicion, which is a key factor in operator response to cyber-attacks. The current research explored this human dimension through scenario-based, human-in-the-loop simulation experiments with Air Force personnel. It included both abstract and empirical assessments of the application of Suspicion Theory to operator detection and responses to cyber-attacks against an unmanned vehicle system, and it took a systems-oriented approach to the problem by considering the interaction of a Human-Machine Team (HMT) in the response. The HMT here refers to an operator and a Sentinel, which is an automated cyber-attack detection aid. The study evaluated the effects of suspicion, as well as the effects of perceived consequence, on the operator, and the resulting HMT quality of performance in responding to alerts, including both false alarms and properly detected cyber-attack scenarios. The findings show that Sentinel alerts alone do not create operator suspicion. Instead, alerts can serve as a catalyst for a wider information search by the operator, which, on a situational basis can lead to formation of increased operator suspicion. The analysis of experimental results pointed to a negative correlation between operator suspicion and performance score that measured the quality of a response to the given scenario. In addition, a strong correlation between HMT performance score and task response time was noted.
24
Ryczyński, Jacek. "Human Factor as a Determinant of Reliability and Safety of Technical Systems." Journal of KONBiN 49, no. 3 (October 1, 2019): 195–220. http://dx.doi.org/10.2478/jok-2019-0056.
Повний текст джерелаАнотація:
Abstract The article presents the analysis of the state of knowledge about the impact of the human factor on selected aspects of reliability of technical systems based on selected papers delivered at the ESREL 2018 conference, which took place on June 17-22, 2018 in Trondheim, Norway. In the first part, statistical analysis was carried out in the area of thematic and methodological conference papers. Next, the impact of the human factor on the correct functioning of selected technical systems was discussed, using conference papers on the role of man in ensuring an appropriate level of cyber security, the role of expert knowledge in risk assessment, and innovative risk management methods. In summary, challenges for scientists were identified and further research directions in the analysed area.
25
Ganzhur, Marina, Nikita Dyachenko, Andrey Gazizov, Arthur Otakulov, and Dmitry Romanov. "Modeling of storage processes using Petri nets." E3S Web of Conferences 175 (2020): 05038. http://dx.doi.org/10.1051/e3sconf/202017505038.
Повний текст джерелаАнотація:
Cyber-physical systems are actively explored in the global and domestic scientific community. It is expected that cyber-physical systems will minimize human participation in the production process, as well as in many other areas of society. At the same time, the information security aspect of the interaction of elements remains insufficiently studied. The classical approach to ensuring security is aimed at counteracting a clear destructive information impact - when information security breaches have obvious signs. The risk of failure of one object of the system can lead to critical conditions. Safety modeling of managerial structures is reduced to considering the operability of the functions of the intermediate link and the interaction between objects that make decisions on the management and generating teams. By analyzing these transitions in limiting cases, it allows the use of analysis and synthesis approaches based on structural schemes and logical relationships.
26
Khurana, Mehak. "Secure Coding and Software Vulnerabilities in Implementation Phase of Software Development." ECS Transactions 107, no. 1 (April 24, 2022): 7037–45. http://dx.doi.org/10.1149/10701.7037ecst.
Повний текст джерелаАнотація:
The methodology in software development has shifted from waterfall to agile, which has earned appreciation as cost-effective development due to its speedy software delivery, under limited time constraints. At the same time, cyber attacks have become more surreptitious that are pretending threats to software. Security elements and practices in software development phases eliminate software vulnerabilities. Vulnerabilities happen in the software due to the unavailability of security practices during the levels of software enhancement. Software development using secure coding practices can resist the software from exploitation. Thus, the paper focuses on the detailed view of security weaknesses in the implementation stage of the software development life cycle (SDLC). The paper explains the non-compliant codes which expose vulnerabilities that can benefit the attackers to gain unauthorized access, therefore providing the mitigation to furnish a complaint code resistant to exposure. Both secure and vulnerable features can be curved from the source code. This paper concentrates on the human aspects of software security, including human actions and motivation. This paper enables us to learn about and promote secure coding standards for frequently used programming languages, regardless of the device used for programming.
27
Shi, Lei. "Analysis of the Security of 5G Technology from the Network Level." SHS Web of Conferences 144 (2022): 02007. http://dx.doi.org/10.1051/shsconf/202214402007.
Повний текст джерелаАнотація:
In today’s society, 5G network technology has gradually entered everyone’s life, from the simplest communication to smart cars, artificial intelligence, traffic signals to the medical field, military industry and so on. All aspects of 5G network technology can be used to greatly improve the convenience of people’s lives and the technological transformation of human society. However, there are many countries, companies and people who are not so sure about 5G technology, and who may even abandon its use because of concerns about its security. As a result, this thesis focuses on the benefits and drawbacks of 5G technology’s security in networks, as well as its application in everyday life and potential security threats, as well as whether its security will escalate from a cyber-level attack to physical harm to humans or facilities when combined with the Internet of Things. The analysis of current articles, data, and expert opinion will help to produce findings that will address the concerns of those who are sceptical about the security of 5G. In this regard, it is concluded that the safety of 5G network technology requires a warning, but at this stage, its convenience and safety are within human control and can be used with confidence.
28
Basmadjian, Robert. "Communication Vulnerabilities in Electric Mobility HCP Systems: A Semi-Quantitative Analysis." Smart Cities 4, no. 1 (March 20, 2021): 405–28. http://dx.doi.org/10.3390/smartcities4010023.
Повний текст джерелаАнотація:
An electric mobility ecosystem, which resembles a human-centred cyber physical (HCP) system, consists of several interacting sub-systems that constantly communicate with each other. Cyber-security of such systems is an important aspect as vulnerability of one sub-system propagates to the entire system, thus putting it into risk. Risk assessment requires modelling of threats and their impacts on the system. Due to lack of available information on all possible threats of a given system, it is generally more convenient to assess the level of vulnerabilities either qualitatively or semi-quantitatively. In this paper, we adopt the common vulnerability scoring system (CVSS) methodology in order to assess semi-quantitatively the vulnerabilities of the communication in electric mobility human-centred cyber physical systems. To this end, we present the most relevant sub-systems, their roles as well as exchanged information. Furthermore, we give the considered threats and corresponding security requirements. Using the CVSS methodology, we then conduct an analysis of vulnerabilities for every pair of communicating sub-systems. Among them, we show that the sub-systems between charging station operator (CSO) and electric vehicle supply equipment (charging box) as well as CSO and electric mobility service provider are the most vulnerable in the end-to-end chain of electric mobility. These results pave the way to system designers to assess the operational security risks, and hence to take the most adequate decisions, when implementing such electric mobility HCP systems.
29
Kumar, Sumit, and Prof Dr Preeti Rai. "A STUDY ON SECURITY SERVICES AND THREATS IN CLOUD COMPUTING." International Journal of Engineering Applied Sciences and Technology 6, no. 9 (January 1, 2022): 249–55. http://dx.doi.org/10.33564/ijeast.2022.v06i09.036.
Повний текст джерелаАнотація:
Digitalization has infiltrated all sides of modern culture today. One of the most important aspects of making this procedure secure is authentication. Cyber criminals are putting in a lot of effort to break into existing network channels and launch destructive assaults. When it comes to businesses, information is a valuable resource. The question here is how to safeguard crucial information. This takes into account a variety of features of a society that is commonly referred to as hyper connected, such as online communication, purchasing, access rights control, and so on. We shall cover the ideas of MFA and KBA, or Multi-Factor Authentication and Knowledge Based Authentication, in this study article. The goal of MFA and KBA is to be utilised for human-to-machine interactions, providing an easy-to-use and secure validation mechanism while gaining access to the service. We will also look into the existing and evolving factor suppliers (sensors) that are used to authenticate a user in this study. This is a critical tool for safeguarding data against malicious insiders and outsiders. The basic purpose of access management is to give authorised users access to a service while simultaneously preventing unauthorised users from accessing it. To ensure access management, a variety of strategies can be used. In this paper, we will cover various strategies for ensuring enterprise-ready access management, with a particular emphasis on multifactor authentication. We'll also discuss how knowledge-based authentication fits into multi-factor authentication and how it may help businesses protect their data from cyber-attacks. Finally, we'll talk about the future of MFA and KBA.
30
Hajda, Janusz, Ryszard Jakuszewski, and Szymon Ogonowski. "Security Challenges in Industry 4.0 PLC Systems." Applied Sciences 11, no. 21 (October 20, 2021): 9785. http://dx.doi.org/10.3390/app11219785.
Повний текст джерелаАнотація:
The concept of the fourth industrial revolution assumes the integration of people and digitally controlled machines with the Internet and information technologies. At the end of 2015, more than 20 billion machines and devices were connected to the Internet, with an expected growth to half a trillion by 2030. The most important raw material for this digital revolution is data, which when properly stored, analyzed and secured, constitute the basis for the development of any business. In times of rapid industrial development, automation of production processes and systems integration via networks, the effective protection of the cyber-physical systems of a plant is particularly important. To minimize the risks associated with Internet access, one must define all the possible threats and determine their sources in the plant and block or minimize the possibility of sabotage or data loss. This article analyzes the security measures used in industrial systems. In particular, risk management and the study of the risk sources in terms of human, hardware and software aspects in networked PLC and SCADA systems are discussed. Methods of improving the architecture of industrial networks and their management are proposed in order to increase the level of security. Additionally, the safety of the communication protocols with PLCs in industrial control systems is discussed.
31
Raveendran, Reshna, and Kheira Tabet Aoul. "A Meta-Integrative Qualitative Study on the Hidden Threats of Smart Buildings/Cities and Their Associated Impacts on Humans and the Environment." Buildings 11, no. 6 (June 10, 2021): 251. http://dx.doi.org/10.3390/buildings11060251.
Повний текст джерелаАнотація:
Smart buildings deploying 5G and the Internet of Things (IoT) are viewed as the next sustainable solution that can be seamlessly integrated in all sectors of the built environment. The benefits are well advertised and range from inducing wellness and monitoring health, amplifying productivity, to energy savings. Comparatively, potential negative risks are less known and mostly relate to cyber-security threats and radiation effects. This meta-integrative qualitative synthesis research sought to determine the possible underlying demerits from developing smart buildings, and whether they outweigh the possible benefits. The study identified five master themes as threats of smart buildings: a surfeit of data centers, the proliferation of undersea cables, the consternation of cyber-security threats, electromagnetic pollution, and E-waste accumulation. Further, the paper discusses the rebound impacts on humans and the environment as smart buildings’ actualization becomes a reality. The study reveals that, although some aspects of smart buildings do have their tangible benefits, the potential repercussions from these not-so-discussed threats could undermine the former when all perspectives and interactions are analyzed collectively rather than in isolation.
32
Vilic, Vida. "Phishing as a form of fraud identity theft in healthcare: Victimization during COVID-19 pandemic." Temida 25, no. 1 (2022): 53–78. http://dx.doi.org/10.2298/tem2201053v.
Повний текст джерелаАнотація:
The coronavirus pandemic affects all segments of human life around the world. Due to the risk to people's health, personal communication has been completely changed and most professional activities and contacts must take place in a cyber environment, with the help of computers and mobile telephony. On-line communication and the use of social networks undoubtedly represent a conditio sine qua non in a situation when compliance with numerous preventive measures are required, including the work from home, online teaching in schools, a ban on gatherings etc. The positive aspects of this kind of communication are undoubtedly obvious and necessary, but they also created new forms of victimization due to insecure protocols for sending e-mails, inadequate level of privacy protection, insufficient information security, the existence of so-called security holes and the use of the same devices and digital services for professional and private purposes. Hacking phishing activities during the pandemic mostly endangered the security of confidential data collected within medical information systems, educational institutions, and in the field of banking, when the user is expected to compromise his/her digital identity and publish his/her data. The subject of this paper is the presentation of some of the most common phishing activities and identity theft in the field of health care, provision of health services, procurement of medicines and vaccines against coronavirus, which have been recorded in the world since the beginning of the pandemic. The phishing activities that will be presented in this paper significantly contribute to the further spread of panic from the misuse of medical data of infected persons and their contacts. The paper aims to point out the most common forms of victimization that have appeared around the world, as a consequence of cyber security violations due to hacker attacks during the COVID- 19 pandemic. Special emphasis in the paper is on these ?pandemic? cyber dangers, as well as on the mechanisms for avoiding this type of victimization.
33
Burov, Oleksandr. "The impact of cybercrime on the digital economy." Theory and Practice of Intellectual Property, no. 5 (November 17, 2021): 69–78. http://dx.doi.org/10.33731/52021.244519.
Повний текст джерелаАнотація:
Keywords: human capital, remote work, cybersecurity, hybrid workforce, digitaleconomics
The article considersfactors of cyber hazards for the world economic system that appeared during the pandemicCOVID-19, as well as transition of the economy to the «new normal», in the contextof digitalization in the following aspects: digitalization and new working conditions,use of hybrid work, biological pandemic and cyber-pandemic and their influence onchanges in the economy, factors of cyber threats to business. It is highlighted that thepandemic and the abrupt transition to the use of remote forms of work have become extraordinaryevents in the world over the past two years. The objective precondition forsuch a change in the socio-economic and military features was the reorientation of theworld's leading economies (primarily the United States and China) to the powerful digitalizationof all spheres of human life and, above all, the creation of new technologies. Itis noted that China invests more than other countries (including the United States) inadvanced technology and training of highly qualified specialists, especially with a doctordegree that requires a high level of digital technology and appropriate literacy, and provideseffective adaptation to any working conditions including hybrid.The emergence of a hybrid working ecosystem and hybrid workforce is analysed, aswell as their advantages and disadvantages are substantiated. It is noted that the digitaleconomy has several new aspects compared to the traditional one. The emergence of hybridwork, the corresponding changes in the emergence of hybrid workforce and in the organizationof production management are the most dynamic components of change.However, even faster changes are taking place in the security of business, more precisely— in the growth of its vulnerability due to the rapid development of cyber threats inthe digital environment, which the economy has only begun to actively master, but hasnot yet created the necessary system of self-defence. Remote form of work has given riseto new forms of business — the creation and use of cyber threats. The emergence of acyber-pandemic as a result of rapid digitization due to the COVID-19 pandemic and thetransition of labour to remote form is analysed. The most important factors of cybersecurityfor the successful operation of companies are highlighted.
34
Maraj, Arianit, and William Butler. "Taxonomy of Social Engineering Attacks: A Survey of Trends and Future Directions." International Conference on Cyber Warfare and Security 17, no. 1 (March 2, 2022): 185–93. http://dx.doi.org/10.34190/iccws.17.1.40.
Повний текст джерелаАнотація:
Hackers have many techniques available for breaching the security flaws of organizations. The human approach, called Social Engineering (SE), is probably the most difficult one to be dealt with. Social engineering is considered one of the most creative methods for gaining unauthorized access to information systems. This type of cyber threat does not require advanced technical knowledge because it relies mainly on human nature. Social engineers use different techniques, such as phishing, to manipulate people and cause significant damage to the organizations where they work. Therefore, organizations must raise the awareness of their users about social engineering attacks. Most organizations are putting all defense efforts into advanced technologies to prevent various threats. This is considered a wrong approach because employees of an organization use email, social networks, or other online sites as part of their work activities. Therefore, the prevention of attacks cannot be accomplished through advanced technologies alone, but the human aspect must also be studied. This paper comprehensively analyzes the existing literature in the taxonomy of social engineering attacks focusing on human aspects. It provides an overview of research opportunities that should be addressed and elaborated in future investigations.
35
Mazaraki, Nataliia, and Yulia Goncharova. "CYBER DIMENSION OF HYBRID WARS: ESCAPING A ‘GREY ZONE’ OF INTERNATIONAL LAW TO ADRESS ECONOMIC DAMAGES." Baltic Journal of Economic Studies 8, no. 2 (March 25, 2022): 115–20. http://dx.doi.org/10.30525/2256-0742/2022-8-2-115-120.
Повний текст джерелаАнотація:
The subject of the article is the international and national legal aspects of compensation for economic damages caused by cyber attacks. The purpose of the article is to contribute to the ongoing debate on attribution and liability for malicious and destructive cyber activity. Cyber attacks have become a global problem facing the international community, posing enormous risks to the stability of international security, economic and social development, and the safety and well-being of individuals. Cyber attacks have proven to be numerous problems for domestic and international law – international humanitarian law, human rights law, the law of armed conflict – how to counter the actions of hybrid warfare by legal means, what are the remedies for losses due to cyber attacks. This article examines cyber attacks to show how the international community is moving toward responsible behavior by states in cyberspace, protecting civilians and critical infrastructure. The article's methodology is based on doctrinal legal research in this area, as well as international legal instruments, in order to examine how economic damages should be paid to victims of malicious acts in cyberspace. The difficulty of attributing cyber attacks has been analyzed to show that perpetrators evade responsibility, a separate problem for international law. It is concluded that international law, as it currently stands, provides little legal basis for substantive guidance on responsible state behavior in cyberspace, the necessary levels of attribution to establish state or non-state responsibility for cyber attacks. Economic losses from cyber attacks can be covered by insurance schemes, although analysis has shown that they do not work because insurers argue that cyber attacks exclude military risk insurance clauses that exclude coverage, which is reasonable, although it leaves victims of cyber attacks without the ability to recover damages. The paper supplements current research with a comprehensive analysis of legal and economic issues and calls for the development of an appropriate strategic environment, legal and infrastructural framework. The need for a joint international framework is emphasized, as civil liability under national law is hardly possible because cyber attacks are predominantly transnational in nature. A joint structure is also needed to prevent, deter and respond to state-sponsored cyber attacks.
36
Garcia, Denise. "Future arms, technologies, and international law: Preventive security governance." European Journal of International Security 1, no. 1 (January 27, 2016): 94–111. http://dx.doi.org/10.1017/eis.2015.7.
Повний текст джерелаАнотація:
AbstractThis article presents an initial discussion of the political and legal challenges associated with weaponised technologies in three interconnected areas that may impinge upon the ability to protect civilian populations during peace and war and imperil international security: armed unmanned combat aerial vehicles (commonly known as drones); autonomous weapons systems (known as ‘killer robots’); and the potential militarisation of cyberspace, or its use as a weapon, and the operation of drones and killer robots in the cyber domain. Supporting the argument that the world is ‘facing new methods of warfare’ and that international security governance and law are not keeping up, the article provides an overview and interpretation of three technologies in connection with aspects of five branches of law: state responsibility, use of force, international humanitarian law, human rights law, and law of the commons. I argue therefore that ‘preventive security governance’ could be a strategy to curtail uncertainty in the preservation of stability and international order. I define ‘preventive security governance’ as the codification of specific or new global norms, arising from existing international law that will clarify expectations and universally agreed behaviour on a given issue-area. This is essential for a peaceful future for humanity and for international order and stability.
37
Johri, Amar, and Shailendra Kumar. "Exploring Customer Awareness towards Their Cyber Security in the Kingdom of Saudi Arabia: A Study in the Era of Banking Digital Transformation." Human Behavior and Emerging Technologies 2023 (January 12, 2023): 1–10. http://dx.doi.org/10.1155/2023/2103442.
Повний текст джерелаАнотація:
The annual rate of cybersecurity breaches has risen in the last few years, exposing millions of records in some cases. The average data breach cost in 2021 was a massive $4.24 million. This study examines customer awareness and satisfaction with cybersecurity in the context of the digital transformation of banking in Saudi Arabia. The study is empirical and based on the data collected from 355 banking customers in Saudi Arabia. Three significant aspects of cybersecurity, including cyberattacks, phishing, and hacking, have been analyzed through various dimensions. Customer satisfaction with bank cybersecurity assistance and their expectations of technical support and services on cybersecurity has also been studied. ANOVA and bivariate regression analysis are used to study the impact of cyberattack, phishing, hacking, cybersecurity assistance, and expectations on cybersecurity’s technical awareness on customer satisfaction. The results show that digital transformation has boosted the banking sector, and users benefit from online services. However, an increase in the awareness level of customers on cyberattack, phishing, and hacking activities will influence customers’ satisfaction with digital transactions. The results also revealed that customers need more satisfaction on security level aspects from the bank’s side, and banks should provide regular training programs to safeguard customers from cyberattacks. If banks prepare more secure cybersecurity management, their long-term sustainability goals could be easily achieved.
38
Pant, Sambid Bilas. "Non-Traditional Security Challenges for Nepal: A Case of Covid-19." Unity Journal 3, no. 01 (March 6, 2022): 278–91. http://dx.doi.org/10.3126/unityj.v3i01.43332.
Повний текст джерелаАнотація:
The security landscape has undergone profound changes since the start of the twenty-first century. Non-Traditional Security (NTS) threats other than military, political and diplomatic conflicts have greatly impacted the lives of people. Over the years, the nature of threats and security discourses have drastically changed and countries like Nepal with low human development index have been severely affected. The coronavirus COVID-19 pandemic has brought an additional dimension to security challenges. The pandemic’s impact can be felt in all aspects of life in Nepal since it is located between two South-Asian nations: China, where the outbreak was first reported and India, the second-most affected country across the world. In Nepal, COVID-19 has had an adverse impact on health, education, economy, tourism, food security, cyber security and overall development. This paper aims at critically examining the NTS approach taken by the government of Nepal and the role played by the Nepali Army (NA) to address the pandemic to ensure fundamental human rights and development. This study also aims to shed light on lessons learned from the outbreak and the future steps needed to strengthen the Global Health Diplomacy (GHD). The study is divided into four sections namely effects of covid-19, response to covid-19, overall impact at national level, suggestions and recommendations. A descriptive-analytical review of research papers, government reports, policy statements and issues papers was conducted. The paper analyzes and interprets the pandemic preparedness and response by the government and provides recommendations for strengthening health diplomacy to combat Covid-19 pandemic in Nepal.
39
Mitra, Poojarini, Kaustuv Bhattacharjee, Anirban Das, Susmita Das, Papiya Ghosh, Priya Gorai, and Sayani Maity. "REVIEW ON VULNERABILITIES AND CHALLENGES ON IOT SECURITY FRAMEWORKS IN DIVERSIFIED FIELDS OF APPLICATIONS." American Journal of Electronics & Communication 2, no. 1 (July 5, 2021): 1–3. http://dx.doi.org/10.15864/ajec.2101.
Повний текст джерелаАнотація:
Abstract - Internet of Things (loT) is emerging as a revolutionary technology since the last double decade. Internet of things has changed many aspects of the human. loT has changed living styles and health care with the help of intelligent health care technologies like wearable devices. loT makes use of lightweight communication with the motive of the reduction of extra overhead generated in regular internet communication. The number of multiple devices are connected and the amount of data interchanged between them is surprising and hence becoming a goal for attack and misuse of information. Other than the obvious vulnerability of wireless connections, security in loT is difficult to earn because of the universal way of data collection, complication of cryptographic solutions for the resource-tractable equipment, characteristics of the cyber world with the physical world, complex wideness topologies and insufficient organizational capabilities. The Internet of Things (loT) devices are becoming more popular, vulnerability counteragents are inadequate and many things have occurred. It is because there is inadequate preservation against vulnerabilities specific to loT equipment.
40
Kjamilji, Artrim, Arben Idrizi, Shkurte Luma-Osmani, and Ferihane Zenuni-Kjamilji. "Secure Naïve Bayes Classification without Loss of Accuracy with Application to Breast Cancer Prediction." Proceeding International Conference on Science and Engineering 3 (April 30, 2020): 397–403. http://dx.doi.org/10.14421/icse.v3.536.
Повний текст джерелаАнотація:
The classification and prediction accuracy of Machine Learning (ML) algorithms, which often outperform human experts of the related field, have enabled them to be used in areas such as health and disease prediction, image and speech recognition, cyber-security threats and credit-card fraud detection and others. However, laws, ethics and privacy concerns prevent ML algorithms to be used in many real-case scenarios. In order to overcome this problem, we introduce a few flexible and secure building blocks which can be used to build different privacy preserving classifications schemes based on already trained ML models. Then, as a use-case scenario, we utilize and practically use those blocks to enable a privacy preserving Naïve Bayes classifier in the semi-honest model with application to breast cancer detection. Our theoretical analysis and experimental results show that the proposed scheme in many aspects is more efficient in terms of computation and communication cost, as well as in terms of security properties than several state of the art schemes. Furthermore, our privacy preserving scheme shows no loss of accuracy compared to the plain classifier.
41
Taheri, Shayan, and Navid Asadizanjani. "An Overview of Medical Electronic Hardware Security and Emerging Solutions." Electronics 11, no. 4 (February 16, 2022): 610. http://dx.doi.org/10.3390/electronics11040610.
Повний текст джерелаАнотація:
Electronic healthcare technology is widespread around the world and creates massive potential to improve clinical outcomes and transform care delivery. However, there are increasing concerns with respect to the cyber vulnerabilities of medical tools, malicious medical errors, and security attacks on healthcare data and devices. Increased connectivity to existing computer networks has exposed the medical devices/systems and their communicating data to new cybersecurity vulnerabilities. Adversaries leverage the state-of-the-art technologies, in particular artificial intelligence and computer vision-based techniques, in order to launch stronger and more detrimental attacks on the medical targets. The medical domain is an attractive area for cybercrimes for two fundamental reasons: (a) it is rich resource of valuable and sensitive data; and (b) its protection and defensive mechanisms are weak and ineffective. The attacks aim to steal health information from the patients, manipulate the medical information and queries, maliciously change the medical diagnosis, decisions, and prescriptions, etc. A successful attack in the medical domain causes serious damage to the patient’s health and even death. Therefore, cybersecurity is critical to patient safety and every aspect of the medical domain, while it has not been studied sufficiently. To tackle this problem, new human- and computer-based countermeasures are researched and proposed for medical attacks using the most effective software and hardware technologies, such as artificial intelligence and computer vision. This review provides insights to the novel and existing solutions in the literature that mitigate cyber risks, errors, damage, and threats in the medical domain. We have performed a scoping review analyzing the four major elements in this area (in order from a medical perspective): (1) medical errors; (2) security weaknesses of medical devices at software- and hardware-level; (3) artificial intelligence and/or computer vision in medical applications; and (4) cyber attacks and defenses in the medical domain. Meanwhile, artificial intelligence and computer vision are key topics in this review and their usage in all these four elements are discussed. The review outcome delivers the solutions through building and evaluating the connections among these elements in order to serve as a beneficial guideline for medical electronic hardware security.
42
Angelopoulos, Angelos, Emmanouel T. Michailidis, Nikolaos Nomikos, Panagiotis Trakadas, Antonis Hatziefremidis, Stamatis Voliotis, and Theodore Zahariadis. "Tackling Faults in the Industry 4.0 Era—A Survey of Machine-Learning Solutions and Key Aspects." Sensors 20, no. 1 (December 23, 2019): 109. http://dx.doi.org/10.3390/s20010109.
Повний текст джерелаАнотація:
The recent advancements in the fields of artificial intelligence (AI) and machine learning (ML) have affected several research fields, leading to improvements that could not have been possible with conventional optimization techniques. Among the sectors where AI/ML enables a plethora of opportunities, industrial manufacturing can expect significant gains from the increased process automation. At the same time, the introduction of the Industrial Internet of Things (IIoT), providing improved wireless connectivity for real-time manufacturing data collection and processing, has resulted in the culmination of the fourth industrial revolution, also known as Industry 4.0. In this survey, we focus on the vital processes of fault detection, prediction and prevention in Industry 4.0 and present recent developments in ML-based solutions. We start by examining various proposed cloud/fog/edge architectures, highlighting their importance for acquiring manufacturing data in order to train the ML algorithms. In addition, as faults might also occur from sources beyond machine degradation, the potential of ML in safeguarding cyber-security is thoroughly discussed. Moreover, a major concern in the Industry 4.0 ecosystem is the role of human operators and workers. Towards this end, a detailed overview of ML-based human–machine interaction techniques is provided, allowing humans to be in-the-loop of the manufacturing processes in a symbiotic manner with minimal errors. Finally, open issues in these relevant fields are given, stimulating further research.
43
Blaga, Nataliya, and Volodymyr Hobela. "IMPROVEMENT OF INFORMATION SECURITY OF THE COMMUNICATION PROCESS AT THE ENTERPRISE." Social & Legal Studios 13, no. 3 (September 29, 2021): 156–62. http://dx.doi.org/10.32518/2617-4162-2021-3-156-162.
Повний текст джерелаАнотація:
The mechanism of communication process and information security at an enterprise is considered. The theoretical aspects of the communications at the enterprise are based on the variety of its form and the relation of organizational and information structures: most activities have underlying links via information processes. Thus information security of communication process has a significant impact on the information security of the enterprise as a whole. In modern conditions and circumstances, the information security of the enterprise is largely reduced to cybersecurity and suffers from most threats of the latter. However, the human factor is responsible for most of the real facts of inflicting harm due to information security breaches. Thus, traditional mechanisms of privacy and confidentiality ensuring need to be adapted to new realities. New opportunities also set new requirements for understanding the very concept of information security: information must not only be protected but also timely and accurate as far as it is possible to be provided with modern telecommunication systems and information technologies: information security is a system of information protection of the enterprise – protection against theft, delayed and inaccurate providing of essential information to the recipient inside the enterprise or outside it. There are proposed and justified four principles necessary but not sufficient to ensure efficient mechanism of information security regarding communication process at small to medium enterprises. These include information awareness of staff even if they are not advanced with information technologies, traditional methods of protection against cyber threats such as passwords and encryption, control over information flows and the infrastructure that provides them, reliable cooperation and protection of remote access. These principles should be followed by managers at all levels.
44
Ahmed, Warmn, and Noor Ghazi M. Jameel. "Malicious URL Detection Using Decision Tree-based Lexical Features Selection and Multilayer Perceptron Model." UHD Journal of Science and Technology 6, no. 2 (November 13, 2022): 105–16. http://dx.doi.org/10.21928/uhdjst.v6n2y2022.pp105-116.
Повний текст джерелаАнотація:
Network information security risks multiply and become more dangerous. Hackers today generally target end-to-end technology and take advantage of human weaknesses. Furthermore, hackers take advantage of technology weaknesses by applying various methods to attack. Nowadays, one of the greatest dangers to the modern digital world is malicious URLs, and stopping them is one of the biggest challenges in the field of cyber security. Detecting harmful URLs using machine learning and deep learning algorithms have been the subject of various academic papers. However, time and accuracy are the two biggest challenges of these tools. This paper proposes a multilayer perceptron (MLP) model that utilizes two significant aspects to make it more practical, lightweight, and fast: Using only lexical features and a decision tree (DT) algorithm to select the best relevant subset of features. The effectiveness of the experimental outcomes is evaluated in terms of time, accuracy, and error reduction. The results show that a MLP model using 35 features could achieve an accuracy of 94.51% utilizing only URL lexical features. Furthermore, the model is improved in time after applying the DT as feature selection with a slight improvement in accuracy and loss.
45
Soderstrom, Naomi. "Putting some “sense” into our research." Meditari Accountancy Research 27, no. 6 (February 12, 2019): 883–92. http://dx.doi.org/10.1108/medar-11-2018-0396.
Повний текст джерелаАнотація:
Purpose This paper aims to propose using human senses as a means of thinking about the contributions of this research. Design/methodology/approach Based upon the metaphor of human senses, the model describes different aspects of research, such as topic selection, theory and method, providing suggestions for enhancing relevance and expanding the audience for the research. The model is applied to a current working paper on cyber security and then more broadly to provide suggestions for researchers who are interested in conducting research on risk. Findings The model can be used to frame different types of research projects in a way that helps to increase the interest in and impact of this research. Research limitations/implications The model in the paper is ad hoc but provides a fresh way to view this research. Social implications Increasing interest in accounting research can result in a broader audience for this work. Originality/value The paper provides a means for researchers to step back from their research and think about what makes their research original and interesting.
46
Chyzhov, Denys. "GENESIS OF THE FORMATION AND DEVELOPMENT OF HUMAN RIGHTS IN THE FIELD OF NATIONAL SECURITY." Administrative law and process, no. 1(34) (2022): 62–71. http://dx.doi.org/10.17721/2227-796x.2022.1.05.
Повний текст джерелаАнотація:
The article is devoted to the study of the genesis of the formation and development of the human rights in the field of national security and to clarify the future legal model of national security in the term of human rights. The purpose of the article is to elucidate historical background and genesis of human rights in the field of national security. The research methodology is based on the general scientific dialectical method of scientific cognition. In addition, for the more comprehensive research of the genesis of human rights in the field of national security special scientific methods were used, in particular, historicallegal, formal-legalistic, formal-logical, contextual method of prediction. In article argues that the degree of protection of human and civil rights and freedoms from their violation is determined by the level of guarantee of each of these rights and freedoms. In accordance with principle of guarantee of the human rights and civil rights and freedoms, their strengthening is carried out both directly in the Constitution of Ukraine and in the current legislation. Position according to which state can choose to select a course that ensure national security in order to create a favorable condition for social development and provide the protection of the vital interest of the individuals, society and the state itself from internal or external threat can be called a policy of a national security. It is emphasized that the current stage of the development of the human rights in the national security began with adopting of the Association Agreement between Ukraine, on the one hand, and European union, the European Atomic Energy Community and their Member States, on the other. It is stated that among the fundamental human rights in the context of ensuring the right of national security to its subjectivity is a right to security, which has a feature of absolute right and at the same time is a subjective right in a specific legal relation in the field of national security. The right to security in the concept of human subjectivity has axiomatic significance as the initial formula of human-centered legal reality. It is concluded, that legal norms that constitute the core of the institution of national security law should be the norms of human rights in the field of national security, and the principle of ethnocentrism should be the basis of the national security law. In Ukraine the process of reforming human rights legislation in the aspect of national security is ongoing and needs further improvement. In particular, in terms of development and adoption of the Cyber Security Strategy of Ukraine, a longterm planning document, which determines the priorities of national interests of Ukraine in the field of cybersecurity.
47
Lin, Qingyuan, Rui Ming, Kailing Zhang, and Haibo Luo. "Privacy-Enhanced Intrusion Detection and Defense for Cyber-Physical Systems: A Deep Reinforcement Learning Approach." Security and Communication Networks 2022 (October 10, 2022): 1–9. http://dx.doi.org/10.1155/2022/4996427.
Повний текст джерелаАнотація:
Cyber-physical systems (CPSs) will play an important role in future real-world applications through the deep integration of computing, communication, and control technologies. CPSs are increasingly deployed in critical infrastructure, industry, and homes to achieve a smart grid, smart transportation, and smart healthcare and to bring many benefits to citizens, businesses, and governments. However, the openness and complexity brought by network and wireless communication technology, as well as the intelligence and dynamic of network intrusions make CPS more vulnerable to network intrusions and bring more serious threats to human life, enterprise productivity, and national security. Therefore, intrusion detection and defense in CPS have attracted considerable attention and have become a fundamental aspect of CPS security. However, a new challenging problem arises: how to improve the efficiency and accuracy of intrusion detection while protecting user privacy during the intrusion detection process. To address this challenge, we propose a deep reinforcement learning-based privacy-enhanced intrusion detection and defense mechanism (PIDD) for CPS. The PIDD is composed of three modules: privacy-enhanced topology graphs generation module, graph convolutional networks-based user evaluation module, and the deep reinforcement learning-based intruder identification and handling module. The experimental results show that the proposed PIDD achieves excellent performance in intrusion detection accuracy, intrusion defense percentage, and privacy protection.
48
Naidoo, Rennie, and Nicolaas Möller. "Building Software Applications Securely with DevSecOps: A Socio-Technical Perspective." European Conference on Cyber Warfare and Security 21, no. 1 (June 8, 2022): 198–205. http://dx.doi.org/10.34190/eccws.21.1.295.
Повний текст джерелаАнотація:
While continuous real-time software delivery practices induced by agile software development approaches create new business opportunities for organizations, these practices also present new security challenges in the DevOps environment. DevSecOps attempts to incorporate advanced automated security practices for agility in the DevOps environment. Mainstream perspectives of DevSecOps tend to overlook the collaborative role played by social actors and their relations with technologies in securing software applications in organizations. The first perspective emphasises the use of technologies such as containers, microservices, cryptographic protocols and origin authentication to secure the continuous deployment pipeline. The other dominant perspective focuses almost exclusively on the social aspects such as organizational silos, culture, and team collaboration. Such one-sided perspectives neglect the socio-technical argument that secure software applications from continuous deployment emerges when developers, quality assurers, operators and security experts combine their collective expertise together with DevSecOps technologies. The article presents a socio-technical framework of DevSecOps based on a systematic literature review. The review focused primarily, but not exclusively, on the computing and information systems literature and identified 26 peer reviewed articles from 2016 to 2020 which met the quality criteria and contributed to the analysis. The authors used a critical appraisal checklist and member checking to assess the quality of the articles. The authors then used thematic analysis to develop a comprehensive framework for DevSecOps based on the insights from these articles and a socio-technical lens. The socio-technical framework can be used by practitioners to perform a more holistic analysis of their DevSecOps practices. It highlights the key social and technical themes that underpin the effectiveness of DevSecOps and how insights about these themes can be used by practitioners to improve the instrumental and humanistic goals of DevSecOps. An interdisciplinary approach is proposed to adequately address challenging socio-technical relationships in DevSecOps. Future research can empirically test the importance of the interplay between technology and human activities to improve the overall performance of DevSecOps and other domains in cyber warfare and security.
49
Stevanović, Miroslav, and Dragan Đurđević. "The role of computer forensics in the fight against terrorism." Megatrend revija 17, no. 1 (2020): 129–42. http://dx.doi.org/10.5937/megrev2001129s.
Повний текст джерелаАнотація:
In this paper, the authors examine the adequacy of the counter-terrorism concept, which does not envisage institutional responsibility for collecting, processing, and fixing traces of cyber-related terrorist activities. The starting point is the fact that today numerous human activities and communication take place in the cyberspace. Firstly, the focus is on the aspects of terrorism that present a generator of challenges to social stability and, in this context, the elements of the approach adopted by the current National Security Strategy of the Republic of Serbia. In this analysis, adequacy is evaluated from the point of view of functionality. In this sense, it is an attempt to present elements that influence the effectiveness of counter-terrorism in the information age. Related to this is the specification of the role that digital forensics can play in this area. The conclusion is that an effective counter-terrorism strategy must necessarily encompass the institutional incorporation of digital forensics since it alone can contribute to the timely detection or assertion of responsibility for terrorism in a networked computing environment.
50
Archibald, Jacqueline M., and Karen Renaud. "Refining the PoinTER “human firewall” pentesting framework." Information & Computer Security 27, no. 4 (September 25, 2019): 575–600. http://dx.doi.org/10.1108/ics-01-2019-0019.
Повний текст джерелаАнотація:
Purpose Penetration tests have become a valuable tool in the cyber security defence strategy in terms of detecting vulnerabilities. Although penetration testing has traditionally focussed on technical aspects, the field has started to realise the importance of the human in the organisation, and the need to ensure that humans are resistant to cyberattacks. To achieve this, some organisations “pentest” their employees, testing their resilience and ability to detect and repel human-targeted attacks. In a previous paper, the authors reported on PoinTER (Prepare TEst Remediate), a human pentesting framework, tailored to the needs of SMEs. This paper aims to propose improvements to refine the framework. The improvements are based on a derived set of ethical principles that have been subjected to ethical scrutiny Design/methodology/approach The authors conducted a systematic literature review of academic research, a review of actual hacker techniques, industry recommendations and official body advice related to social engineering techniques. To meet the requirements to have an ethical human pentesting framework, the authors compiled a list of ethical principles from the research literature which they used to filter out techniques deemed unethical. Findings Drawing on social engineering techniques from academic research, reported by the hacker community, industry recommendations and official body advice and subjecting each technique to ethical inspection, using a comprehensive list of ethical principles, the authors propose the refined GDPR-compliant and privacy respecting PoinTER framework. The list of ethical principles, as suggested, could also inform ethical technical pentests. Originality/value Previous work has considered penetration testing humans, but few have produced a comprehensive framework such as PoinTER. PoinTER has been rigorously derived from multiple sources and ethically scrutinised through inspection, using a comprehensive list of ethical principles derived from the research literature.