Auditor Evaluation and Reporting on Cybersecurity Risks

Tremendous improvements in information networking capabilities have brought with them increased security risks resulting from the deterioration of the ability of a physical layer of computer security to protect an organization's information system. As a result, audit committees have had to deal with new security issues as well as the need to understand the cyber perpetrator and ensure the proper training of employees to consider cybersecurity risks. Standard setters including the Institute of Internal Auditors and the American Institute of Certified Public Accountants have issued guidance about lines of defense and reporting on an entity's cybersecurity risk management program and controls, respectively. Each of these topics is considered along with how cybersecurity guidance from COBIT, the National Institute of Standards and Technology, and the Center for Internet Security can be mapped into five cyber infrastructure domains to provide an approach to evaluate a system of cybersecurity.

The risk assessment on the security of industrial internet infrastructure under intelligent convergence with the case of G.E.'s intellectual transformation

<abstract> <p>The industrial internet depends on the development of cloud computing, artificial intelligence, and big data analysis. Intelligent fusion is dependent on the architecture and security features of the industrial internet. Firstly, the paper studies the infrastructure mode that needs to be solved urgently in the industrial internet and provides a possible infrastructure mode and related security evaluation system. Secondly, it analyses the digital transformation process with the case of G.E.os industrial nternet development practice. It clarifies that G.E. is forming a new value closed-loop through digital and strategy mixed channels. Thirdly, industrial internet security research is described within multiple viewpoints based on industrial internet applications, the security service and security assurance defense systemos architecture, and the non-user entrance probability model. Finally, the paper illustrates the changes in knowledge workflow and social collaboration caused by the industrial internet under intelligent manufacture.</p> </abstract>

SECURING IOT WITH BLOCKCHAIN

IoT is becoming ubiquitous in industry, homes, cities, literally in every aspect of our daily lives. Securing IoT-based systems is difficult because of deficiencies in the very nature of IoT devices such as limited battery power, processing, and storage, etc. Blockchain is a new approach used to securely record transactions and offers potential solutions to computer and internet security issues such as confidentiality, integrity, availability, authentication, authorization, and accountability. Blockchain, as a decentralized ledger consisting of interconnected blocks, can remedy most of the security deficiencies of heavily IoT based systems. The Hyperledger Fabric blockchain network used in this study provides confidentiality, data integrity, authentication, and data security for data obtained from IoT devices. Widely used IoT data transfer MQTT protocol is included in the proposed approach. The approach is demonstrated in a simple demo Hyperledger network with simulated IoT devices. The proposed approach is discussed in terms of network security dimensions. Based on the features of the Hyperledger Blockchain network, it is displayed that the IoT security deficiencies can largely be remedied with the proposed approach.

Can Formal Security Verification Really Be Optional? Scrutinizing the Security of IMD Authentication Protocols

The need for continuous monitoring of physiological information of critical organs of the human body, combined with the ever-growing field of electronics and sensor technologies and the vast opportunities brought by 5G connectivity, have made implantable medical devices (IMDs) the most necessitated devices in the health arena. IMDs are very sensitive since they are implanted in the human body, and the patients depend on them for the proper functioning of their vital organs. Simultaneously, they are intrinsically vulnerable to several attacks mainly due to their resource limitations and the wireless channel utilized for data transmission. Hence, failing to secure them would put the patient’s life in jeopardy and damage the reputations of the manufacturers. To date, various researchers have proposed different countermeasures to keep the confidentiality, integrity, and availability of IMD systems with privacy and safety specifications. Despite the appreciated efforts made by the research community, there are issues with these proposed solutions. Principally, there are at least three critical problems. (1) Inadequate essential capabilities (such as emergency authentication, key update mechanism, anonymity, and adaptability); (2) heavy computational and communication overheads; and (3) lack of rigorous formal security verification. Motivated by this, we have thoroughly analyzed the current IMD authentication protocols by utilizing two formal approaches: the Burrows–Abadi–Needham logic (BAN logic) and the Automated Validation of Internet Security Protocols and Applications (AVISPA). In addition, we compared these schemes against their security strengths, computational overheads, latency, and other vital features, such as emergency authentications, key update mechanisms, and adaptabilities.

Explaining Online Fraud Victimization of Older Adults via Cyber Routines and Lifestyles

The paper compares victim group characteristics: the differences between individuals under 55 and 55 and older, victimized by online fraud committed by a stranger. We test Cyber-Routine Activities Theory (cyber-RAT; Choi, 2008). In addition to active online lifestyle and computer familiarity, we include in the analysis independent variables such as living arrangements, occupation, and the willingness to report and ask for help. A representative sample of US citizens 18 or older was collected using a Dynata research panel in October 2020. We utilized one-way ANOVA on ranks for testing whether older and younger victims’ characteristics can be derived from the same independent variables. We find that older victims differ in characteristics from younger victims. Those who live alone or in a marriage with no children, and retired are significantly less victimized by online fraud than those who live with a partner and children and having full-time jobs. Besides, they are less likely to report their victimization, and their online activities and computer familiarity make them more vulnerable to online fraud than younger adults. Our findings suggest that older victims need prevention and intervention solutions designed especially for them. In an aging society, individuals will be increasingly active online and in the job market. Employers must provide internet security training for employees on manipulative online scams. Crime prevention programs must include awareness-raising on the role of reporting and how to ask for help. Relatives, friends, and caretakers need to be trained in preventing and early recognizing online fraud impacting older adults.

Cost-Effective Proxy Signcryption Scheme for Internet of Things

The Internet of things (IoT) has emerged into a revolutionary technology that enables a wide range of features and applications given the proliferation of sensors and actuators embedded in everyday objects, as well as the ubiquitous availability of high-speed Internet. When nearly everything is connected to the Internet, security and privacy concerns will become more significant. Furthermore, owing to the resource-constrained nature of IoT devices, they are unable to perform standard cryptographic computations. As a result, there is a critical need for efficient and secure lightweight cryptographic scheme that can meet the demands of resource-constrained IoT devices. In this study, we propose a lightweight proxy in which a person/party can delegate its signing authority to a proxy agent. Existing proxy signcryption security approaches are computationally costly and rely on RSA, bilinear pairing, and elliptic curves cryptography (ECC). The hyperelliptic curve cryptosystem (HECC), on the other hand, employs a smaller key size while maintaining the same level of security. When assessed using the random oracle model (ROM), the proposed scheme provides resilience against indistinguishable under adaptive chosen ciphertext attacks (IND-CCA) and unforgeable under adaptive chosen message attacks (UU-ACMA). To demonstrate the viability of the proposed scheme, security analyses and comparisons with existing schemes are performed. The findings show that the proposed scheme provides high security while reducing computational and communication costs.

THE COVID-19 PANDEMIC AND THE CHANGES IN CONSUMER HABITS AND BEHAVIOR

In a short time, the COVID-19 pandemic transformed people’s behavior, undermining firms and businesses and changing the global economy. In this context, the study aimed to understand the impacts the COVID-19 pandemic caused on consumer behavior. The research method adopted was the literature review, investigating the Scopus and Web of Science databases, two of the main scientific databases. A total of 205 articles published in 2020 were identified, and, based on the proposed criteria, 30 studies showed high adherence to the topic and contributed to the understanding of changes in consumer habits and behavior. The main themes identified were: e-commerce growth, panic buying, repressed demand and stricken sectors, do-it-yourself, increased apps usage, machine learning methods, data internet security, and online marketing and shopping platforms.

An Exploration of the Factors Influencing Home Users' Cybersecurity Behaviours

<p>Cybersecurity has been a concern for businesses and governments since their initial uptake of the Internet in the 1970s. As more and more people started using the internet for personal use, cybersecurity has become an important concern for home users as well. However, most research on cybersecurity has been undertaken at an organisational rather than at the individual level. Individual behaviours online have became increasingly important as the line between home and business use has blurred and users’ actions on their home computers has begun to have more wide ranging implications. There appears to be a lack of agreement on how to approach the topic of internet security outside of an organisational perspective. This research focuses on the individual home user perspective and seeks to (1) identify factors relate to users’ cybersecurity behaviours, and (2) examine how the identified factors relate to users' cybersecurity behaviours. A conceptual framework was developed based on the literature to guide the data collection. To identify the relevant factors relating to home users’ security behaviours, a qualitative study comprised of three focus groups and 20 individual interviews was carried out. From the data, a revised model was developed. In the revised model, awareness threats was identified as a necessary first cybersecurity step before users can form opinions about the danger of threats. Awareness of threats was influenced by users' characteristics, opinions, and experiences as well as by factors in their external environments. The combination of internal factors, external factors, and awareness led to users’ perceptions about the danger of threats online. This perception of danger led to users’ intentions to engage in protective behaviours. However, these intentions were strengthened or weakened based on users’ perceptions about the barriers to and enablers of security. By applying the revised model, it was possible to identify different types of security users. Through the identification of these user types, eight factors emerged as being particularly important in influencing users' perceptions of threats and dangers: knowledge, perceived self-efficacy, trust, threat awareness, safeguard awareness, prior experience, reliance, and security orientation. These factors from the model are used as a starting point to understanding how users make decisions about what they will do to protect themselves online. Further, through the identification of these user types suggestions are made about how to promote security for different types of individuals.</p>

An Exploration of the Factors Influencing Home Users' Cybersecurity Behaviours

<p>Cybersecurity has been a concern for businesses and governments since their initial uptake of the Internet in the 1970s. As more and more people started using the internet for personal use, cybersecurity has become an important concern for home users as well. However, most research on cybersecurity has been undertaken at an organisational rather than at the individual level. Individual behaviours online have became increasingly important as the line between home and business use has blurred and users’ actions on their home computers has begun to have more wide ranging implications. There appears to be a lack of agreement on how to approach the topic of internet security outside of an organisational perspective. This research focuses on the individual home user perspective and seeks to (1) identify factors relate to users’ cybersecurity behaviours, and (2) examine how the identified factors relate to users' cybersecurity behaviours. A conceptual framework was developed based on the literature to guide the data collection. To identify the relevant factors relating to home users’ security behaviours, a qualitative study comprised of three focus groups and 20 individual interviews was carried out. From the data, a revised model was developed. In the revised model, awareness threats was identified as a necessary first cybersecurity step before users can form opinions about the danger of threats. Awareness of threats was influenced by users' characteristics, opinions, and experiences as well as by factors in their external environments. The combination of internal factors, external factors, and awareness led to users’ perceptions about the danger of threats online. This perception of danger led to users’ intentions to engage in protective behaviours. However, these intentions were strengthened or weakened based on users’ perceptions about the barriers to and enablers of security. By applying the revised model, it was possible to identify different types of security users. Through the identification of these user types, eight factors emerged as being particularly important in influencing users' perceptions of threats and dangers: knowledge, perceived self-efficacy, trust, threat awareness, safeguard awareness, prior experience, reliance, and security orientation. These factors from the model are used as a starting point to understanding how users make decisions about what they will do to protect themselves online. Further, through the identification of these user types suggestions are made about how to promote security for different types of individuals.</p>

Parameter estimation of a susceptible–infected–recovered–dead computer worm model

Computer worms are serious threats to Internet security and have caused billions of dollars of economic losses during the past decades. In this study, we implemented a susceptible–infected–recovered–dead (SIRD) model of computer worms and analyzed the characteristics and mechanisms of worm transmission. We applied the ordinary differential equation model to simulate the transmission process of computer worms and estimated the unknown parameters of the SIRD model through the methods of least squares, Markov chain Monte Carlo, and ensemble Kalman filtering (ENKF). The results reveal that the proposed SIRD model is more accurate than the susceptible–exposed–infected–recovered–susceptible model with respect to parameter estimation.