scholarly journals APPLIED RISK ASSESSMENT IN THE SYSTEM OF SOCIO-ECONOMIC PROCESSES IN CYBERSPACE

2020 ◽  
Vol 4 (2) ◽  
pp. 94-105
Author(s):  
O. Shandrivska ◽  
◽  
N. Shynkarenko ◽  
Keyword(s):  
Data Protection ◽  
Cyber Security ◽  
Task Force ◽  
Risk Identification ◽  
Virtual Space ◽  
Protection System ◽  
Mitigation Measures ◽  
Risk Level ◽  
Financial Flows ◽  
Data Manipulation

In the paper investigated safety of socio-economic processes in the virtual space. Studied the main trends influence on formation of preventive and adaptive mechanisms for ensuring information and cyber security enterprises. Key trends of the modern business and social environment include: globalization, informatization and individualization of consumer needs; mediatization, territorialization and universalization of social phenomena. Presented an original ensuring security model for the virtual information sphere. In this model was invented a conceptual scheme for identifying the information security system: given the identification sequence and risks assessment in cyberspace by stages; risk identification; a description of the threats it poses; identification of vulnerable market segments; analysis and assessment of the risk occurrence probability level; analysis and assessment of the risk manifestation consequences level; score determination of the general rick level; proposal to eliminate the development environment risks of the study object; net risk identification; risks in cyberspace have been identified and assessed in terms of security and financial flows. Among the dominant risks of the external and internal security environment in the information virtual Ukrainian space the following are highlighted: insufficient system security, processes and technologies, disinformation and information asymmetry; high sensitivity of financial flows to the processes of the implementation of shock macroeconomic phenomena (including almost unsignificant currencies devaluation against the pandemic background) in terms of the safety of financial flows; technical, technological and personal vulnerability growth in the information sphere, due to the increasing cybercrime in terms of the information flow security. Among the mitigation measures and neutralization of the general risk level, was proposed the creation of a single protection system. The single data protection system should be based on: data protection progressive principles, tasks to ensure security from information influences, information infrastructure security, information rights, open access to information, publicity of open information, etc.; organizational and right mechanism of data protection. This mechanism is based on the need to streamline the responsibilities of information marked actors; state control over data manipulation; data manipulation standards development; information systems certification for their processing. Construction of database registers, as well as registration of owners and/or data administrators, third parties to whom the data was transferred for further manipulation; an independent coordination center formation for the state policy implementation in terms of monitoring compliance with data protection requirements, etc.; increasing the financial flow transparency, namely risk-oriented monitoring in digital currency exchanges and licensing of transactions in virtual currencies requires support from the Financial Action Task Force on Money Laundering and the Financial Intelligence Unit.

scholarly journals Reconciliation of anti-money laundering instruments and European data protection requirements in permissionless blockchain spaces

2021 ◽  
Vol 7 (1) ◽  
Author(s):  
Iwona Karasek-Wojciechowicz
Keyword(s):  
Data Processing ◽  
Money Laundering ◽  
Data Protection ◽  
Task Force ◽  
Policy Instruments ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Terrorist Financing ◽  
The Government ◽  
High Level

AbstractThis article is an attempt to reconcile the requirements of the EU General Data Protection Regulation (GDPR) and anti-money laundering and combat terrorist financing (AML/CFT) instruments used in permissionless ecosystems based on distributed ledger technology (DLT). Usually, analysis is focused only on one of these regulations. Covering by this research the interplay between both regulations reveals their incoherencies in relation to permissionless DLT. The GDPR requirements force permissionless blockchain communities to use anonymization or, at the very least, strong pseudonymization technologies to ensure compliance of data processing with the GDPR. At the same time, instruments of global AML/CFT policy that are presently being implemented in many countries following the recommendations of the Financial Action Task Force, counteract the anonymity-enhanced technologies built into blockchain protocols. Solutions suggested in this article aim to induce the shaping of permissionless DLT-based networks in ways that at the same time would secure the protection of personal data according to the GDPR rules, while also addressing the money laundering and terrorist financing risks created by transactions in anonymous blockchain spaces or those with strong pseudonyms. Searching for new policy instruments is necessary to ensure that governments do not combat the development of all privacy-blockchains so as to enable a high level of privacy protection and GDPR-compliant data processing. This article indicates two AML/CFT tools which may be helpful for shaping privacy-blockchains that can enable the feasibility of such tools. The first tool is exceptional government access to transactional data written on non-transparent ledgers, obfuscated by advanced anonymization cryptography. The tool should be optional for networks as long as another effective AML/CFT measures are accessible for the intermediaries or for the government in relation to a given network. If these other measures are not available and the network does not grant exceptional access, the regulations should allow governments to combat the development of those networks. Effective tools in that scope should target the value of privacy-cryptocurrency, not its users. Such tools could include, as a tool of last resort, state attacks which would undermine the trust of the community in a specific network.

Cyber security in industrial control system

2021 ◽  
pp. 481-493
Author(s):  
Sarika Singh ◽  
Gargi Phadke
Keyword(s):  
Control System ◽  
Control Systems ◽  
Communication Networks ◽  
Cyber Security ◽  
Denial Of Service ◽  
Mitigation Measures ◽  
Security Assessment ◽  
Industrial Control System ◽  
Industrial Control ◽  
Smart Grid Communication

For any system to secure them industrial control system plays an important role in it. It helps to design the isolated procure system, specialized communication mechanisms is used to help for the setup. And with the help of this setup the flexibility, safety, threats, and vulnerabilities are the most important things to make. To secure them from risk assessment and other protection measurement need to specify with good instruments and security. The paper describes technical aspects on Denial of Service (Dos) attack. We also identify how smart grid communication networks works in security technical implementation guides of the different countries as a defense information systems agency. A brief chronicle of cyber storm on ICS; common challenges, some mitigation of those challenge, all levels of the multi-layered ICS architecture. This paper demonstrates railway control systems (RCS) compliance estimation of immovable control system design, operational scenarios that can be used for mitigation measures and security assessment.

scholarly journals Study of Credit Risk Identification Techniques Followed by Commercial Banks in Nepal

2017 ◽  
Vol 2 (2) ◽  
pp. 1-17
Author(s):  
Indra Kumar Kattel
Keyword(s):  
Credit Risk ◽  
Commercial Banks ◽  
Joint Venture ◽  
Swot Analysis ◽  
Risk Identification ◽  
Risk Level ◽  
Private Bank ◽  
Significant Difference ◽  
Identification Techniques ◽  
Tools And Techniques

 The main purpose of this study is to explore the current credit risk identification techniques used by Nepalese commercial banks. A questionnaire was developed and surveyed to 9 commercial banks operating in Nepal. This paper attempts to ascertain the perceptions of Nepalese bankers about the importance of credit identification techniques and the practice of various tools to identify the risk related with the borrowers. The result of the study indicates that the Nepalese bankers are aware of the importance of various techniques to effectively identify the risk level. Furthermore, the Nepalese commercial banks have used various techniques like interview, root cause effect, check list analysis, Strength, Weakness, Opportunity and Threat (SWOT) analysis, scenario analysis, expert judgment, simulation, stress testing etc. In addition, there was significant difference between all three categories of bank, namely State-Owned bank with Private Bank, State-Owned bank with Joint Venture Bank, and Joint Venture Bank with Private Bank in terms of tools and techniques used for credit risk identification.

scholarly journals USE OF INFORMATION TECHNOLOGIES IN SUPERVISION REMOTE PRACTICE: DATA SECURITY

2021 ◽  
Vol 5 ◽  
pp. 318-329
Author(s):  
Kirils Dubinins ◽  
Kristīne Mārtinsone
Keyword(s):  
Information Technology ◽  
Data Protection ◽  
Cyber Security ◽  
Technology Use ◽  
Information Technologies ◽  
Best Practice ◽  
Panel Discussion ◽  
Personal Data ◽  
Security Risk ◽  
Personal Data Protection

Provision of remote services became relevant all over the world, during the 2020 COVID-19 pandemic. Latvian supervisors were also forced to transfer their practice to the digital space as well. COVID-19 pandemic challenges opened a wider range of opportunities for improvement remote practice. Pandemic also highlighted the risks associated with lack of relevant competences. At the global level over the last decade, risks associated with remote counselling summarized in guidelines, providing professionals with examples of best practice. In Latvia, on other hand, such guidelines have not adopted yet.This study developed with the aim to find out the awareness of Latvian supervisors about the risks (cyber security) of using information technology and the protection of personal data in the conditions created by the COVID-19 pandemic.To find out how Latvian supervisors are aware about the risks of using information technology (cyber security) and personal data protection, a survey conducted among Latvian supervisors and organizing an expert panel discussion, scientific strength of the study ensured by data triangulation.The obtained results allowed to conclude that the COVID-19 pandemic highlighted the need for supervision remote practice, at the same time the research data show that the awareness of Latvian supervisors about the risks of information technology use (cyber security) and personal data protection is medium to low.The results of the research show that in the education of Latvian supervisors it is necessary to allocate place for the acquisition of information technology (cyber security) risk and personal data protection regulation.This research emphasizes the importance of several supervisors’ competences such as digital knowledge and personal data protection, however further research is needed to find the most effective methods how to improve these competences.  

scholarly journals Industry Best Practice Risk based design for LPG Facility: Gap in Bangladesh practice

2017 ◽  
Vol 30 (1) ◽  
pp. 8-11
Author(s):  
Kamrul Islam ◽  
Sharmin Sultana
Keyword(s):  
Best Practice ◽  
Chemical Engineering ◽  
International Standards ◽  
Mitigation Measures ◽  
Risk Level ◽  
Ambient Conditions ◽  
Design Standards ◽  
Safety Issues ◽  
Safety Distance ◽  
Safety Regulations

Bangladesh safety regulations and practice is at nascent stage. Safety distance regulation for LPG installation does not match with prescriptive standard API 2510 or other international standards. No detail technical basis is available publicly for such decision making by authority. The present study focuses on risk based design best practice in industries and gap in Bangladesh safety regulations. World LPG industry faces major accidents with fatalities and huge damages. Setting up bigger safety distance with conventional firefighting equipment is not the only mitigation measures to solve complex safety issues of LPG facilities. These two parameters do not ensure whether facility risk is tolerable and ALARP. Apart from this, safety distance and protection system design varies with facility layout, wind flows, systems reliability and site ambient conditions. For accident cases, hazards consequence modeling is carried out to calculate safety distances. Industry best practice is to apply risk based design that quantify complex risk level of a facility, propose mitigation measures and thereby risk acceptance criteria in the early phase of the project for authority approval. Many countries follow such detail regulation. Regulations of API, ISO, HSE UK and NORSOK, petroleum authority Norway have been utilized as basic standards in this paper. Gap in Bangladesh safety regulations are identified. This need to be further assessed based on industry best practice risk based design standards and practices. Without appropriate regulation, Bangladesh LPG industry and society remains in enormous intolerable personnel, environmental and economic risk.Journal of Chemical Engineering, Vol. 30, No. 1, 2017: 8-11

National Cyber Governance Awareness Policy and Framework

2019 ◽  
Vol 47 (02) ◽  
pp. 70-89
Author(s):  
Hala Bou Alwan
Keyword(s):  
United Arab Emirates ◽  
Cyber Security ◽  
Risk Mitigation ◽  
The United States ◽  
Cyber Attacks ◽  
Mitigation Measures ◽  
Governmental Agencies ◽  
Academic Level ◽  
The World ◽  
Cyber Education

AbstractDespite an ongoing drive by governments and law enforcers around the world to improve the sophistication of their risk mitigation measures, cyber-attacks are continually increasing. A study from Computer Crime and Intellectual Property Section (CCIPS) shows more than 4,000 ransomware attacks occurred daily in 2016. That's a 300 percent increase over 2015, where 1,000 ransomware attacks were seen per day. Cyber criminals are successfully penetrating even the most high-profile companies and governmental agencies. The breach at the NSA was truly alarming and just one recent example of the dire situation the country, and world, face as cybercrime intensifies and the cyber security talent shortage becomes more serious.Accordingly, the purpose of this research is to focus on cyber education at the national, government, and law enforcement level examining the methodology to set the tone from the top ensuring alignment between governments, law enforcers, private sector, and academic level. It also examines the gaps in cyber laws and educational governance initiatives and their impact on efficient execution of cyber policies for various regions of the world with a focus on the United Arab Emirates and the United States of America.Finally, this article recommends policy guidelines and a compliance manual framework for governments and law enforcers to consider ensuring that cyber risks are properly addressed and mitigated in a structured and coherent way.

Sign in / Sign up

Export Citation Format

Share Document