scholarly journals The Role of User Behaviour in Improving Cyber Security Management

2021 ◽  
Vol 12 ◽  
Author(s):  
Ahmed A. Moustafa ◽  
Abubakar Bello ◽  
Alana Maurushat
Keyword(s):  
Information Security ◽  
Computer Science ◽  
Computer System ◽  
Cyber Security ◽  
Science Studies ◽  
Social Engineering ◽  
Psychological Traits ◽  
User Behaviour ◽  
Long Time ◽  
The Impact

Information security has for long time been a field of study in computer science, software engineering, and information communications technology. The term ‘information security’ has recently been replaced with the more generic term cybersecurity. The goal of this paper is to show that, in addition to computer science studies, behavioural sciences focused on user behaviour can provide key techniques to help increase cyber security and mitigate the impact of attackers’ social engineering and cognitive hacking methods (i.e., spreading false information). Accordingly, in this paper, we identify current research on psychological traits and individual differences among computer system users that explain vulnerabilities to cyber security attacks and crimes. Our review shows that computer system users possess different cognitive capabilities which determine their ability to counter information security threats. We identify gaps in the existing research and provide possible psychological methods to help computer system users comply with security policies and thus increase network and information security.

scholarly journals Cyber operational risk scenarios for insurance companies

2019 ◽  
Vol 24 ◽  
Author(s):  
R. Egan ◽  
S. Cartagena ◽  
R. Mohamed ◽  
V. Gosrani ◽  
J. Grewal ◽  
...  
Keyword(s):  
Cyber Security ◽  
Operational Risk ◽  
Social Engineering ◽  
Insurance Companies ◽  
List Type ◽  
Operational Risks ◽  
Life Insurer ◽  
Cyber Risk ◽  
The Impact ◽  
Over Time

AbstractCyber Operational Risk: Cyber risk is routinely cited as one of the most important sources of operational risks facing organisations today, in various publications and surveys. Further, in recent years, cyber risk has entered the public conscience through highly publicised events involving affected UK organisations such as TalkTalk, Morrisons and the NHS. Regulators and legislators are increasing their focus on this topic, with General Data Protection Regulation (“GDPR”) a notable example of this. Risk actuaries and other risk management professionals at insurance companies therefore need to have a robust assessment of the potential losses stemming from cyber risk that their organisations may face. They should be able to do this as part of an overall risk management framework and be able to demonstrate this to stakeholders such as regulators and shareholders. Given that cyber risks are still very much new territory for insurers and there is no commonly accepted practice, this paper describes a proposed framework in which to perform such an assessment. As part of this, we leverage two existing frameworks – the Chief Risk Officer (“CRO”) Forum cyber incident taxonomy, and the National Institute of Standards and Technology (“NIST”) framework – to describe the taxonomy of a cyber incident, and the relevant cyber security and risk mitigation items for the incident in question, respectively.Summary of Results: Three detailed scenarios have been investigated by the working party:∙Employee leaks data at a general (non-life) insurer: Internal attack through social engineering, causing large compensation costs and regulatory fines, driving a 1 in 200 loss of £210.5m (c. 2% of annual revenue).∙Cyber extortion at a life insurer: External attack through social engineering, causing large business interruption and reputational damage, driving a 1 in 200 loss of £179.5m (c. 6% of annual revenue).∙Motor insurer telematics device hack: External attack through software vulnerabilities, causing large remediation / device replacement costs, driving a 1 in 200 loss of £70.0m (c. 18% of annual revenue).Limitations: The following sets out key limitations of the work set out in this paper:∙While the presented scenarios are deemed material at this point in time, the threat landscape moves fast and could render specific narratives and calibrations obsolete within a short-time frame.∙There is a lack of historical data to base certain scenarios on and therefore a high level of subjectivity is used to calibrate them.∙No attempt has been made to make an allowance for seasonality of renewals (a cyber event coinciding with peak renewal season could exacerbate cost impacts)∙No consideration has been given to the impact of the event on the share price of the company.∙Correlation with other risk types has not been explicitly considered.Conclusions: Cyber risk is a very real threat and should not be ignored or treated lightly in operational risk frameworks, as it has the potential to threaten the ongoing viability of an organisation. Risk managers and capital actuaries should be aware of the various sources of cyber risk and the potential impacts to ensure that the business is sufficiently prepared for such an event. When it comes to quantifying the impact of cyber risk on the operations of an insurer there are significant challenges. Not least that the threat landscape is ever changing and there is a lack of historical experience to base assumptions off. Given this uncertainty, this paper sets out a framework upon which readers can bring consistency to the way scenarios are developed over time. It provides a common taxonomy to ensure that key aspects of cyber risk are considered and sets out examples of how to implement the framework. It is critical that insurers endeavour to understand cyber risk better and look to refine assumptions over time as new information is received. In addition to ensuring that sufficient capital is being held for key operational risks, the investment in understanding cyber risk now will help to educate senior management and could have benefits through influencing internal cyber security capabilities.

scholarly journals Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security

Symmetry ◽  
2020 ◽  
Vol 12 (4) ◽  
pp. 664 ◽  
Author(s):  
Rajeev Kumar ◽  
Abhishek Kumar Pandey ◽  
Abdullah Baz ◽  
Hosam Alhakami ◽  
Wajdi Alhakami ◽  
...  
Keyword(s):  
Decision Making ◽  
Information Security ◽  
Information Management ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Multi Criteria Decision Making ◽  
Local Hospital ◽  
Healthcare Information ◽  
Security Breaches ◽  
The Impact

Growing concern about healthcare information security in the wake of alarmingly rising cyber-attacks is being given symmetrical priority by current researchers and cyber security experts. Intruders are penetrating symmetrical mechanisms of healthcare information security continuously. In the same league, the paper presents an overview on the current situation of healthcare information and presents a layered model of healthcare information management in organizations. The paper also evaluates the various factors that have a key contribution in healthcare information security breaches through a hybrid fuzzy-based symmetrical methodology of AHP-TOPSIS. Furthermore, for assessing the effect of the calculated results, the authors have tested the results on local hospital software of Varanasi. Tested results of the factors are validated through the comparison and sensitivity analysis in this study. Tabulated results of the proposed study propose a symmetrical mechanism as the most conversant technique which can be employed by the experts and researchers for preparing security guidelines and strategies.

scholarly journals INFLUENCE OF THE COUNTRY ECONOMIC DEVELOPMENT ON THE DEPENDENCE OF THE USE OF PERSONAL INFORMATION SECURITY AND THE CONSEQUENCES OF CYBERCRIME

2020 ◽  
pp. 188-198
Author(s):  
H. Yarovenko
Keyword(s):  
Cluster Analysis ◽  
Economic Development ◽  
Information Security ◽  
Personal Information ◽  
Practical Importance ◽  
Social Engineering ◽  
The State ◽  
Security Measures ◽  
Personal Security ◽  
The Impact

Over the past decade, there has been an increase in the volume of cybercrime in various spheres of life at the level of the state, economic agents, and individuals. Therefore, the issues of studying the processes of forming information security and identifying the impact on its effectiveness are becoming topical. The aim of this study is to prove the hypothesis that the behaviour of the population associated with the use of personal security measures and the formation of the corresponding consequences of incidents occurs under the influence of the level of economic development of the country. This was done using k-means cluster analysis via the Deductor Academic analytical platform and based on data from a survey conducted among respondents from EU countries. Analysis of the responses showed that there is a growing trend in the use of online banking and e-commerce services; there is an increase in the number of respondents who have become victims of cybercrimes, especially social engineering; the trend towards the use of reliable personal security equipment is declining. The results of the cluster analysis, for which data on the number of respondents who are victims of cybercrimes and the number of respondents using various personal security tools were used, made it possible to form 7 clusters of countries. Analysis of GDP per capita for the obtained clusters and visualization of the map of countries allowed us to confirm the hypothesis, but it was also determined that the dependence of the use of personal security measures and the consequences of cybercrimes is also influenced by the mental characteristics of countries formed due to the close territorial location of neighboring countries. The results obtained will be of practical importance for the development of the concept of information security and economic development of the state. They can be used to determine which sets of protection are appropriate for the income level of the population. Priority areas for further research are to determine the influence of other factors on the formation of the country's information security and the formation of a barycentric model of their measurements to ensure sustainable economic development of the state.

Insight: Cybersecurity

ITNOW ◽  
2021 ◽  
Vol 63 (2) ◽  
pp. 41-41
Author(s):  
Deepthi Ratnayake
Keyword(s):  
Computer Science ◽  
Cyber Security ◽  
Senior Lecturer ◽  
The University ◽  
The Impact

Abstract Deepthi Ratnayake MBCS, Senior Lecturer in Computer Science (Cyber Security & Networks) at the University of Hertfordshire, discusses the impact of the SolarWinds hack.

scholarly journals A Review of Cyber-security Measuring and Assessment Methods for Modern Enterprises

2019 ◽  
Vol 3 (3) ◽  
Author(s):  
Said Fathi Ahmed ◽  
Noha A. Hikal
Keyword(s):  
Information Security ◽  
Cyber Security ◽  
Decision Makers ◽  
Security Requirements ◽  
Comprehensive Description ◽  
Electronic Communications ◽  
New Methods ◽  
Modern Enterprise ◽  
Potential Impact ◽  
The Impact

Regarding the huge spread of technology among individuals and enterprises, technologies and electronic communications  become one of the most important pillars of the operation of small and large enterprises alike, and the source of education and entertainment for individuals, this led to thinking about the risks of reliance on this technology and the impact on the economic index of enterprises market, reputation and the safety of individuals and enterprises, these fears forced the  experts and decision-makers to think about information security and develop new methods to measure and assess the level of protection of information and data in enterprises and privacy of individuals. This paper introducing a review of recent cyber-security measuring and assessment methodologies and tools based on industry best practices for the measure and assesses of network security and protection of a modern enterprise data network. The analysis is based on a study the methods for the measurement and assessment of information security at the physical and technical level, penetration testing and identification of weaknesses in the cyber-security system followed and policies used in modern enterprises. A comprehensive description of the strengths, weaknesses, and licensing conditions for tools is presented. Moreover, major security requirements associated with modern enterprises is discussed and analyzed to discover vulnerability in the existing systems and explain the potential impact of this vulnerability.

THE IMPACT OF THE ENVIRONMENT ON THE INTEREST IN COMPUTER SCIENCE STUDIES

2018 ◽  
Author(s):  
Tomasz Zientarski ◽  
Grzegorz Koziel ◽  
Marta Zientarska
Keyword(s):  
Computer Science ◽  
Science Studies ◽  
The Impact

scholarly journals Reducing Flood Risk using Computer System for Monitoring River Embankments

2017 ◽  
Vol 28 (3) ◽  
pp. 11-16 ◽  
Author(s):  
Monika Chuchro ◽  
Anna Franczyk ◽  
Barbara Bukowska-Belniak ◽  
Andrzej Leśniak
Keyword(s):  
Numerical Modelling ◽  
Computer Science ◽  
Water Level ◽  
Computer System ◽  
Sensor Data ◽  
Reservoir Water ◽  
Reservoir Water Level ◽  
The Real ◽  
Vertical Displacements ◽  
The Impact

AbstractIn order to learn about the phenomena occurring in flood embankment under the influence of external factors, including the increasing water level in the river during floods, a Computer System for Monitoring River Embankment (ISMOP) was developed using an experimental flood embankment. The project was carried out by a consortium consisting of AGH University of Science and Technology departments (Computer Science, Hydrogeology and Engineering Geology, Geoinformatics and Applied Computer Science and two companies (NEOSENTIO and SWECO Hydroprojekt Kraków) in co-operation with the Czernichów Community Council.An experimental flood embankment was built with two parallel sections with a length of 150 m and a height of 4.5 m, connected by a meandering, creating a reservoir that can be filled with water. For the construction of the embankment, different types of soils were used in all the five sections. Inside the flood embankment 1300 sensors are placed, including sensors for temperature, pore pressure, vertical displacements, as well as inclinometers. Also fiber optic strands, capable of measuring the temperature of the flood embankment on the upstream side, are located inside the experimental embankment [ismop.pl].Together with the real experiments, numerical modelling using the Itasca Flac 2D 7.0 was performed in order to describe the impact of water pressing on the flood embankment and the impact of increasing and decreasing reservoir water level on the phenomena that occur within the embankment.The results of modelling compared with the real sensor data allowed the evaluation of the current and future state of the embankment. Based on the data measured by the sensors and data received during the numerical modelling, a group of algorithms that allowed detection of anomaly phenomena was developed.

scholarly journals Individual awareness of cyber-security vulnerability - Citizen and public servant

2018 ◽  
Vol 325 ◽  
pp. 411-422
Author(s):  
Krisztina Győrffy ◽  
Ferenc Leitold ◽  
Anthony Arrott
Keyword(s):  
Cyber Security ◽  
Social Engineering ◽  
Well Being ◽  
Security Awareness ◽  
User Behaviour ◽  
Individual User ◽  
Cyber Threats ◽  
Individual Vulnerability ◽  
Public Servant ◽  
Monitoring Tools

Cyber-security is not concerned so much with average or median vulnerability in an organization. Rather more important is identifying the weakest links. Individual user susceptibility and user behaviour risk assessment are key to measuring the effectiveness of cyber-security awareness programs and policies. Increasingly, it has been demonstrated that managing individual user susceptibility is as critical to organization well-being as maintaining patched IT infrastructure or responding to specific immediate cyber-threat alerts. Despite IT systems audits, human factor studies, training courses, user policies, and user documentation, managing user cyber-security awareness remains one of the weakest links in protecting organizations from cyber-threats. Most employees are not aware of the cyber-threats they are most likely to encounter while performing their work. They are susceptible to malicious manipulation (social engineering threats) and they tend not to follow standard procedures (either through ignorance or in attempting to circumvent security procedures to achieve more productivity). Typically, employees only recognize the importance of cyber-security policies and practices after an incident has happened to themselves. With the increasing availability and utility of IT network traffic analysis tools and active user behaviour probes (e.g., fake-phishing), employees can be given direct and individual feedback to increase their cyber-security awareness and improve their cyber-security practices. Beyond an organization’s employees, the same holds for a country’s citizens, or a government’s public servants. At their best, these user behaviour monitoring tools can be used in an open and transparent way to increase awareness of individual vulnerability before actual incidents occur. In addition to presenting results from the application of user behaviour monitoring tools to cybersecurity, this paper examines the efficacy of the privacy protection safeguards that they incorporate. These results are applied to public sector approaches to: (a) public awareness of citizen cyber-health; (b) securing online pubic services; and (c) public servant awareness of their own vulnerability to cyber-threats.

scholarly journals THE IMPACT OF THE COVID'19 PANDEMIC ON STUDENTS STUDENTS AT THE NATIONAL UNIVERSITY "LVIV POLYTECHNIC"

2021 ◽  
Vol 1 (13) ◽  
pp. 102-112
Author(s):  
Volodymyr Hrytsyk ◽  
Mariia Nazarkevych
Keyword(s):  
Information Technology ◽  
Distance Learning ◽  
Computer Science ◽  
Student Satisfaction ◽  
Learning Process ◽  
Cyber Security ◽  
Internet Security ◽  
Subjective Feeling ◽  
Science Students ◽  
The Impact

Today, in the era of the Covid’19 pandemic, people need to plan their future taking into account the specifics of new relationships - the new specifics of communications, work organization, and so on. Each industry has both common problems and its own specifics. This paper examines the specifics of the education sector (higher education in Ukraine) in the field of information technology. In particular, the influence of distance learning on job search and possible change of priorities that may have arisen during distance learning and distance communication with classmates is studied. The research is based on a survey of 3rd year computer science students at NU LP. The survey contains 15 questions, grouped into three subgroups: subjective feeling of the learning process, subjective feeling of choosing a profession, subjective feeling of Internet security. The survey was conducted in the target group of the most active part of society. The answers in the study group show the level of student satisfaction with the learning process and confidence in the quality of learning. Answers in the group: employment indicates the level of how the market sees the prospects of studying in the specialty of computer science. Answers in the group cyber security The attitude of young people (computer science students) to the provision of cyber communication at the state level. No research has been conducted on the provision of the Internet at the university level. The results of the work are visualized and presented both in graphs and in absolute and relative values. The study can assess the level of resilience of computer science specialties to the problems caused by the pandemic, including distance learning and distance work in IT firms. To enhance the results, the dynamics of recruitment of applicants over several years was analyzed. In the report for 2021, we see that the number of freshmen has increased in ICNI, this year received 1,130 students. 100% of the surveyed students who worked during the pandemic in the private IT sector of information technology worked remotely and received a full salary, which also shows the resistance of the specialty to the challenges of the pandemic (this mode reduces risks and the spread of risks).

Risk Management on Information Security in ABC Company

2017 ◽  
Vol 4 (1) ◽  
pp. 62-66
Author(s):  
Luyen Ha Nam
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Data Management ◽  
Management System ◽  
Risk Mitigation ◽  
Data Management System ◽  
Data Centre ◽  
Long Time ◽  
Mitigation Action ◽  
Better Than

From long, long time ago until nowadays information still takes a serious position for all aspect of life, fromindividual to organization. In ABC company information is somewhat very sensitive, very important. But how wekeep our information safe, well we have many ways to do that: in hard drive, removable disc etc. with otherorganizations they even have data centre to save their information. The objective of information security is to keep information safe from unwanted access. We applied Risk Mitigation Action framework on our data management system and after several months we have a result far better than before we use it: information more secure, quickly detect incidents, improve internal and external collaboration etc.

Sign in / Sign up

Export Citation Format

Share Document