Network and Data Transfer Security Management in Higher Educational Institutions

This chapter explored communications security through the use of an empirical survey to assess the extent of network and data transfer security management in Ghanaian higher educational institutions. Network security management controls consist of monitoring of networks, posture checking, network segmentation, and defense-in-depth. Data transfer security management includes encryption, media access control, and protection of data from public networks. Data were collected from information technology (IT) personnel. The ISO/IEC 21827 maturity model for assessing IT security posture was used to measure the controls. Overall, the result showed that the institutions were at the planned stage of communications security management. In particular, network monitoring, defense-in-depth, and the protection of data from public networks were the most applied controls. Conversely, posture checking was the least applied control. Higher educational institutions need to review their communications security plans and better manage network and data transfer security controls to mitigate data breaches.

CS Measures for Nuclear Power Plant Protection: A Systematic Literature Review

As digital instrumentation in Nuclear Power Plants (NPPs) is becoming increasingly complex, both attack vectors and defensive strategies are evolving based on new technologies and vulnerabilities. Continued efforts have been made to develop a variety of measures for the cyber defense of these infrastructures, which often consist in adapting security measures previously developed for other critical infrastructure sectors according to the requirements of NPPs. That being said, due to the very recent development of these solutions, there is a lack of agreement or standardization when it comes to their adoption at an industrial level. To better understand the state of the art in NPP Cyber-Security (CS) measures, in this work, we conduct a Systematic Literature Review (SLR) to identify scientific papers discussing CS frameworks, standards, guidelines, best practices, and any additional CS protection measures for NPPs. From our literature analysis, it was evidenced that protecting the digital space in NPPs involves three main steps: (i) identification of critical digital assets; (ii) risk assessment and threat analysis; (iii) establishment of measures for NPP protection based on the defense-in-depth model. To ensure the CS protection of these infrastructures, a holistic defense-in-depth approach is suggested in order to avoid excessive granularity and lack of compatibility between different layers of protection. Additional research is needed to ensure that such a model is developed effectively and that it is based on the interdependencies of all security requirements of NPPs.

The Dynamics of Social Engineering and Cybercrime in the Digital Age

Social engineering attacks have emerged to become one of the most problematic tactics used against businesses today. Social engineers employ both human-based and computer-based tactics to successfully compromise their targeted networks. This chapter will discuss the basics of social engineering and what it means today. It will explain some common attack methods like baiting, phishing, pretexting, quid pro quo, tailgating, and dumpster diving. It will then highlight the impact social engineering has had on the rise in cybercrime and why threat actors have grown more innovative. Finally, this chapter will discuss what multi-layer defense or defense in depth is and offer countermeasures that can be enforced to defend against social engineering attacks.

The Age of Ransomware

This chapter focuses on the world's most frightening cybersecurity threat known as ransomware. Experts popularly describe ransomware as scareware that makes data and resources on a victims' computers inaccessible and forces the victims to pay a ransom with bitcoins or through other means by frightening and intimidating them. Ransomware these days needs no introduction. The perpetrators behind ransomware have done more than enough damage to critical infrastructures and collected billions of dollars from victims across the world and are still collecting. As such, this research aims at uncovering the underlying mysteries behind the sudden growth and popularity of ransomware through the in-depth study of literature and efforts made by experts globally in understanding ransomware and how to fight and stop it. Moreover, the research seeks to bring together the collective professionals' views and recommendations on how to set up strategic defense in-depth for fighting against ransomware.

A review on the defense-in-depth concept and the flex strategies in different countries after Fukushima accident

In order to enhance the defense in depth for nuclear safety after the Fukushima nuclear accident, U.S. Nuclear Energy Institute put forward the concept of Diverse and Flexible Coping Strategies and the corresponding FLEX support guidelines for the special scenarios of Extended Loss of Alternating current Power and Loss of Ultimate Heat Sink caused by Beyond-Design-Basis External Event. Subsequently, the idea of the FLEX strategy was widely accepted and spread widely. The introduction of the concept of FLEX strategy into the defense in depth was the biggest improvement for nuclear safety in the recent decade. This paper has reviewed the concept of traditional defense in depth and its weakness that led to the Fukushima nuclear accident, which led to the development motivation for the FLEX strategy. The research progress of the FLEX strategy in different countries in the past ten years has been reviewed. Based on the literature, and the above-mentioned review, some recommended future work has been given.