Künstliche Intelligenz im Rahmen unternehmerischer Entscheidungen des Vorstands der AG

The use of Artificial Intelligence (AI) in the context of business decisions of the AG's board of directors brings the company not only opportunities but also major challenges. The first question that arises is whether it is legally permissible to delegate business decisions to AI systems. It is then necessary to consider what skills and knowledge the board of directors should possess to fulfill the new AI-related tasks, and which obligations they should obey to ensure that AI systems will properly and successfully perform the tasks assigned to them. Last but not least, the board of directors must ensure the company’s IT-security when using AI.

IT Security Training and Awareness in the Multigenerational Workplace

For many organizations, increased cybersecurity training and employee aware-ness building have already played an increasingly significant role in their cyber-security strategies as a means of ensuring their policies are being followed, yet such organizations tend to offer generic, “one size fits all” training and awareness packages that do not sufficiently recognize important differences among employees. Among these are differences in attitude and outlook associated with generational cohorts. Through an examination of how these cohorts view various fac-tors that influence cybersecurity awareness, as well as the cohorts’ receptivity to different training methodologies, organizations can exploit generational characteristics to maximize the effectiveness of cybersecurity training for Baby Boomers, Generation X, Millennials, and imminently, Generation Z. A clear understanding of the intrinsic relationship between end-users and cybersecurity technology can help cybersecurity professionals act effectively to protect organizations’ critical IT infrastructure. Such effectiveness is more important than ever now, as sudden, massive increase in teleworking brought on by the COVID-19 pandemic, as well as the security challenges associated with this shift, will undoubtedly outlast it.

Information Technology (IT) Users in Tertiary Education Institutions in Bulawayo, Zimbabwe: Case of Security Awareness

Information Technology (IT) expansion exposes organisations in developing countries to IT security risks. Zimbabwe’s tertiary education institutions (TEIs) are not spared. Every year, cyber-attacks increase and become more sophisticated, resulting in losses of personal and financial data for individuals, organisations and governments. As the world is interconnected, small and big organisations share the same internet platform. Therefore, IT security risks that affect one, affect all. When IT users are unaware of the risks and uninformed of ways to protect their IT systems, they remain vulnerable. Like other organisations in Zimbabwe, TEIs are vulnerable to cyber-attacks. The study that directed this article employed a quantitative methodological approach in the collection of the data and its analysis. A sample of 261 respondents was selected from the population of IT users in TEIs in Bulawayo. The results indicated that IT security awareness of IT users in TEIs in Bulawayo is low. This is evidenced by the low IT drivers’ contribution towards building IT users’ security awareness, and inadequate implementation and utilisation of IT security awareness tools. The prevailing phenomenon exposes TEIs in Bulawayo to a high risk of cyber-attacks. The results indicated a positive and significant correlation between IT security drivers’ contribution and IT security awareness tools utilisation in TEIs in Bulawayo. The implication is that an increase in IT security drivers’ contribution and IT security awareness tools utilisation will lead to increased IT security awareness. The study recommends that IT drivers double their contribution towards building IT security awareness through adequate implementation and utilisation of IT security awareness tools. This will safeguard the information that tertiary education institutions generate.

Perancangan Spesifikasi Keamanan untuk Pengembangan Aplikasi Secure Chat Berdasarkan Common Criteria For It Security Evaluation

<p class="Abstrak">Spesifikasi keamanan sangat penting bagi pengembangan aplikasi <em>chatting</em> karena dapat menentukan tingkat keamanan aplikasi yang tentunya akan berdampak pada kepercayaan pengguna. Namun, pengembangan fitur keamanan pada aplikasi yang beredar belum semua didasarkan pada suatu spesifikasi kebutuhan keamanan yang jelas. Misanya, aplikasi Mxit dan QQ Mobile tidak memenuhi satu pun dari tujuh kategori keamanan untuk <em>secure chat</em> yang dikeluarkan oleh Electronic Frontiers Foundtaion (EFF). Bahkan, Yahoo! Messenger belum menerapkan disain keamanan yang baik, misalnya kita tidak dapat memverifikasi identitas kontak kita. Selain itu, Yahoo! Messenger tidak menerapkan <em>perfect forward secrecy</em>. Artinya, fitur keamanan pada beberapa aplikasi<em> chat</em> dikembangkan tidak berdasarkan pada rancangan spesifikasi keamanan. Pada penelitian ini, dilakukan perancangan spesifikasi keamanan untuk pengembangan aplikasi <em>secure chat</em> dengan mengacu pada <em>Common Criteria for IT Security Evaluation Version 3.1:2017</em>. Pada hasil rancangan tersebut, telah ditentukan 28 famili dari 7 kelas <em>Secure Functional Requirement</em> (SFR) yang harus dipenuhi dalam pengembangan aplikasi secure chat. Hasil rancangan telah divalidasi dengan metode <em>expert judgment</em>.</p><p class="Abstrak"><em><strong>Abstract</strong></em></p><p class="Abstrak"><em>Security specifications are very important for chat application development because they can determine the level of its security which, of course, will have an impact on user trust. However, the development of outstanding application security features is not all based on a clear security requirement specification. For example, the Mxit and QQ Mobile applications do not meet any of the seven security categories for secure chat issued by the Electronic Frontier Foundation (EFF). In fact, Yahoo! Messenger has not implemented a good security design, for example, we cannot verify the identity of our contacts and do not apply perfect forward secrecy. This means that security features in some chat applications are developed not based on security specification designs. In this study, the design of security specifications for secure chat application development was carried out by referring to the Common Criteria for IT Security Evaluation Version 3.1: 2017. In the design results, 28 families of 7 classes of Secure Functional Requirements (SFR) have been determined that must be met in the development of secure chat applications. The design result has been validated using expert judgment method.</em></p>

IT security in SMEs – Threats and Chances for Supply Chains

SMEs contribute to 95% of the volume in global manufacturing. While supply chains are usually dragged by the big players, SMEs have a large share in value-creation through all levels of the chains. Due to their nature, SMEs are struggling with resource constraints and the balancing of priorities.

ICT security in tax administration - Rapid7 Nexpose vulnerability analysis

The article focuses on the subject of IT security in tax administration. This study presents the research on the security level of endpoints, servers, printing devices, network switches and other ICT devices using the Rapid Nexpose vulnerability scanner. We discuss the specifics of security research in public administration resulting from the laws in force in these institutions.

RT-RCT: an online tool for real-time retrieval of connected things

In recent years, internet of things (IoT) represents a giant and a promoter area in innovation and engineering fields. IoT devices are spread in various fields and offer advanced services which assist their users to monitor and control objects remotely. IoT has a set of special characteristics such as dynamic, variety of data and huge scale which introduces a great challenge in the field of retrieval technologies, more precisely real-time retrieval. This paper addresses the issue of real-time retrieval of connected things and tries to propose an innovative solution which allows the retrieval of these things and their descriptive data. The paper proposes an on-line tool for real-time retrieval of connected things and their descriptive data based on network port scanning technique. The performance of this tool proves to be powerful under normal conditions, however more tests must be implemented in the aim to improve the proposed solution. The tool resulted from this work appears to be promising and can be used as a reference by network administrators and IT security managers for the development of new security mechanisms and security reinforcement.