Legal and Regulatory Responses Adopted by Kenya to Combat Terrorism in the Aviation Industry

Terrorist acts against the civil aviation industry have remained sustained since the first recorded aircraft hijack in February 1931. The devastating effects of a successful terror attack in the aviation industry transcend the jurisdictions of many states, threatening their national and human security. This study sought to analyse the responses to combat terrorism within the aviation industry in Kenya. It employed the exploratory research design. This design is appropriate for a research problem in cases where there are few documented studies for reference. Secondary data was collected from government publications, websites, internal records and reports, conference proceedings, research articles, and books, among others. The data collected was analysed thematically. The findings show that due to the many devastating terrorist attacks in Kenya, a number of legal measures have been progressively initiated to strengthen the security of all aspects of Kenya’s commercial civil aviation against terror attacks. These include the protection of Aircraft Act, 1970 (revised in 2012). Article 2(6) of the Constitution of Kenya provides that any treaty or convention ratified by Kenya shall form part of the law of Kenya. Another Act put in place is The Civil Aviation Act, 2002 (revised 2013), which established the KCAA to regulate and oversee aviation safety and security as guided by the provisions of the Convention on the International Civil Aviation. There is also the Kenya Security Laws Amendment Act, 2014 (Section 75) which provided for the establishment of a mechanism for coordinating counter-terrorism measures in all entry and exit ports in the country. There are also numerous regulatory strategies adopted to combat terrorism in Kenya’s aviation industry. The country has also put in place elaborate regulations on Preventive Security Measures contained in Part IV of the Civil Aviation (Security) Regulations, 2019. Further, the country has instituted the training program with aims to ensure that personnel of all entities involved with or responsible for the implementation of various aspects of aviation security are properly trained on the appropriate standards for tasks in accordance with the national civil aviation security program. The country also undertakes Aviation Security Audits and Reviews. It can thus be concluded that Kenya has adopted elaborate legal and regulatory responses to combat terrorism in the aviation industry. These have been largely successful in combating aviation terrorism in Kenya. Based on the study findings, there is a need for regular reviews of the various legal and regulatory responses to combatting terrorism in Kenya to enhance their efficacy and responsiveness to the dynamism of international terrorism. Furthermore, the training strategies should be strengthened through increased funding to enhance the domestication of the various legal and regulatory responses in the various aviation security agencies in Kenya. KCAA should also increase the frequency of aviation security audits, inspections, system tests, investigations, and surveys on airports, airlines, cargo agents, and inflight catering operators among others in response to increased sophistication of international terrorism.

Digital security vulnerabilities and threats implications for financial institutions deploying digital technology platforms and application: FMEA and FTOPSIS analysis

Digital disruptions have led to the integration of applications, platforms, and infrastructure. They assist in business operations, promoting open digital collaborations, and perhaps even the integration of the Internet of Things (IoTs), Big Data Analytics, and Cloud Computing to support data sourcing, data analytics, and storage synchronously on a single platform. Notwithstanding the benefits derived from digital technology integration (including IoTs, Big Data Analytics, and Cloud Computing), digital vulnerabilities and threats have become a more significant concern for users. We addressed these challenges from an information systems perspective and have noted that more research is needed identifying potential vulnerabilities and threats affecting the integration of IoTs, BDA and CC for data management. We conducted a step-by-step analysis of the potential vulnerabilities and threats affecting the integration of IoTs, Big Data Analytics, and Cloud Computing for data management. We combined multi-dimensional analysis, Failure Mode Effect Analysis, and Fuzzy Technique for Order of Preference by Similarity for Ideal Solution to evaluate and rank the potential vulnerabilities and threats. We surveyed 234 security experts from the banking industry with adequate knowledge in IoTs, Big Data Analytics, and Cloud Computing. Based on the closeness of the coefficients, we determined that insufficient use of backup electric generators, firewall protection failures, and no information security audits are high-ranking vulnerabilities and threats affecting integration. This study is an extension of discussions on the integration of digital applications and platforms for data management and the pervasive vulnerabilities and threats arising from that. A detailed review and classification of these threats and vulnerabilities are vital for sustaining businesses’ digital integration.

Security culture and behavioral security audits

In the era of new technologies and complex production systems, enterprises face new challenges in creating and maintaining healthy and safe working conditions. Maintaining a high level of development of the safety system of employees in the course of their work is the key to the efficiency of the enterprise, and in this they are helped by the development of the security culture. Anatoliy Komarov, head of HSE Practice, consulting director of Industry Consulting Ecopsy, explains what the security culture and behavioral safety audits are.

MODERN TOOLS FOR SECURITY TESTING FROM OWASP

With the development of information technology, humanity is increasingly delving into the world of gadgets, cloud technology, virtual reality, and artificial intelligence. Through web applications, we receive and distribute information, including confidential. During the pandemic, most people switched to online work and study. As a result, most of the data stored on personal computers, company servers, and cloud storage needs protection from cyberattacks. The problem of cybersecurity at the moment is incredibly relevant due to the hacking of cryptocurrencies, websites of ministries, bitcoin wallets or social network accounts. It is necessary to conduct high-quality testing of developed applications to detect cyber threats, to ensure reliable protection of different information. The article states that when testing applications, it checks for vulnerabilities that could arise as a result of incorrect system setup or due to shortcomings in software products. The use of innovation is necessary to improve quality. Modern realities have become a challenge for the development of cybersecurity products. Improvement of technology requires modern companies to update their IT systems and conduct regular security audits. The research is devoted to the analysis of modern OWASP testing tools that contribute to data security, with a view to their further use. The Open Web Application Security Project is an open security project. The research revealed a list of the most dangerous vectors of attacks on Web-applications, in particular, OWASP ZAP performs analyzes the sent and received data system security scanning at the primary level, MSTG performs security testing of mobile applications iOS and Android mobile devices. The practical result of the work is to test a specially developed web-application and identify vulnerabilities of different levels of criticality.

Security Information Sharing in Smart Grids: Persisting Security Audits to the Blockchain

With the transformation in smart grids, power grid companies are becoming increasingly dependent on data networks. Data networks are used to transport information and commands for optimizing power grid operations: Planning, generation, transportation, and distribution. Performing periodic security audits is one of the required tasks for securing networks, and we proposed in a previous work autoauditor, a system to achieve automatic auditing. It was designed according to the specific requirements of power grid companies, such as scaling with the huge number of heterogeneous equipment in power grid companies. Though pentesting and security audits are required for continuous monitoring, collaboration is of utmost importance to fight cyber threats. In this paper we work on the accountability of audit results and explore how the list of audit result records can be included in a blockchain, since blockchains are by design resistant to data modification. Moreover, blockchains endowed with smart contracts functionality boost the automation of both digital evidence gathering, audit, and controlled information exchange. To our knowledge, no such system exists. We perform throughput evaluation to assess the feasibility of the system and show that the system is viable for adaptation to the inventory systems of electrical companies.

ANALISIS AUDIT TATA KELOLA KEAMANAN TEKNOLOGI INFORMASI MENGGUNAKAN FRAMEWORK COBIT 5 PADA INSTANSI X

<p><em>Information technology governance has an important role in regulating the use and utilization of information technology at the X Institusions. Problems in the X Institusions, especially in the management of information technology security. In this research, the process design on COBIT 5 is the DSS05 and APO13 domains that focuses on ensuring the management of information technology security. Based on the capability level assessment for the DSS05 and APO13 domains, the results are still at level 1. Level 1 means that the IT security governance process has been implemented but the documentation process is incomplete. Therefore, IT security audits are needed in managing, directing and evaluating IT resources to create optimization of IT utilization. The target set is level 2, where management carries out processes that have been planned, monitored, and adjusted, as well as the exact products set, controlled and maintained.</em></p><p><em><strong>Keywords</strong></em><em>: COBIT 5, IT Governance, Security, Capability</em> </p><p><em>Tata kelola teknologi informasi memiliki peranan penting dalam mengatur penggunaan dan pemanfaatan teknologi informasi di Instansi X. Permasalahan yang muncul pada Instansi X, terutama pada bagian pengelolaan keamanan teknolgi informasi. Pada penelitian dilakukan perancangan proses pada COBIT 5 yaitu domain DSS05 dan APO13 yang berfokus dalam memastikan pengelolaan keamanan teknologi informasi. Berdasarkan penilaian tingkat kapabilitas untuk domain DSS05 dan APO13, hasilnya masih berada di level 1. Level 1 memiliki arti bahwa proses tata kelola keamanan TI telah dilaksanakan namun proses dokumentasi belum lengkap. Oleh karena itu, perlu adanya audit tata kelola keamanan TI dalam mengelola mengarahkan, dan mengevaluasi sumber daya TI untuk menciptakan optimalisasi pemanfaatan TI. Target yang ditetapkan adalah level 2, dimana manajemen melaksanakan proses yang telah direncanakan, dimonitor, dan disesuaikan, serta produk yang tepat ditetapkan, dikontrol dan dipelihara.</em></p><p><em><strong>Kata kunci</strong></em><em>: COBIT 5, Tata Kelola TI, Keamanan, Kapabilitas</em></p>

Academic Information System Security Audits Using COBIT 5 Framework Domains APO12, APO13 AND DSS05

Academic information system in an institution is very important for the administration of lectures. The fore need for a system security audit so that the administration runs without obstacles. This audit can be carried out using the COBIT 5 framework, in this research an information security audit was carried out on academic information security. by focusing on the APO12 (Manage Risk), APO13 (Manage Risk), and DSS05 (Manage Security Service) domains. The stages in this research are initiation, planning the assessment, data collection, data validation, process attribute level and reporting the result. The results of this research note that the ability level of APO12 is at level 1, APO13 at level 2 and DSS05 at level 2, which means that the institution has carried out and implemented the information technology process and achieved its objectives. To reach level 3 some recommendations are given to cover the gaps that have been determined in the APO12, APO13 and DSS05 processes.

Digital Auditing: A Technique to Ensure Security

Security is one of the ever-rising provinces in about every field of society and computers are no freak. The system on the network can be attacked if it is easy to break its security or it is vulnerable. Security issues that exist in connection to a machine on network are system security and application security. For ensuring security of personal computer regular security audits of the system needs to be done. One main objective of auditing is to ensure that systems are safe or not. Digital auditing can be manual or automated. Systems audit leads to check that the vulnerability of system to different attacks that can be done on it. Similarly, a website running on the system can also be exploited for any vulnerability in it. This work investigates the methods of system and application auditing to identify the weakness at system and application level.