A Review on Security and Privacy Issues in IoT Devices

In our everyday lives, the IoT is everywhere. They are used for the monitoring and documentation of environmental improvements, fire safety and even other useful roles in our homes, hospitals and the outdoors. IoT-enabled devices that are linked to the internet transmit and receive a large amount of essential data over the network. This provides an opportunity for attackers to infiltrate IoT networks and obtain sensitive data. However, the risk of a loss of privacy and security could outweigh any of these benefits. Many tests have been carried out in order to solve these concerns and find a safer way to minimize or remove the effect of IoT technologies on privacy and security practices in order to protect them. The issue with IoT devices is that they have small output modules, making it impossible to adapt current protection methods to them. This constraint necessitates the presentation of lightweight algorithms that enable IoT devices. In this article, investigated the context and identify different safety, protection, and approaches for securing components of IoT-based ecosystems and systems, as well as evolving security solutions. In addition, several proposed algorithms and authentication methods in IoT were discussed in order to avoid various types of attacks while keeping the limitations of the IoT framework in mind. Also discuss some hardware security in IoT devices.

Building a Nuclear Security Regime: Questions to Be Asked

This chapter outlines some of the key questions to be asked by a State when considering a nuclear programme and thus a nuclear security regime. In the context of globalization and the emergence of a world in which States are interdependent, it is recognized that the way one State carries out its mission to protect nuclear materials and nuclear activities concerns other States also. In response to this, and despite the reluctance of States to expose their sovereign security practices, an international framework, composed of legally binding or non-binding tools, has been built up with the idea of promoting greater consistency and thus providing guarantees to all States. It is also important, for this one State, to comprehend the national and international context beyond nuclear security within which it falls. This State has then to question itself, in the light of security issues and the fundamental principle of State sovereignty, on the essential concepts that are found in certain components of the nuclear field, such as the positioning of the competent authority, the protection of information, transparency or the place of the operator.

Information System Security Practices and Implementation Issues and Challenges in Public Universities

The use of information and communication technology has been providing the competitive edge for universities globally while Kenyan universities are not an exception. This has in turn made the universities targets of cyber-attacks and hence exposure to unprecedented security risks. The universities need to implement information security best practices and standards in their technological environments to remain secure and operational. The research sought to investigate the information security practices adopted in Kenyan public universities to protect themselves. Descriptive survey method was employed while the study was based on Operationally Critical Threats, Assets and Vulnerability Evaluation (OCTAVE) framework and other industry security best practices. The study targeted the 31 chartered public universities, which were clustered based on their year of establishment. Simple random and purposive sampling methods were utilized to select two target universities per cluster and determine respondents respectively. The study had a response rate of 61%. Analysis of data was done via descriptive statistics while presentation of results was done using tables and Likert scale. The study revealed that universities had implemented information security policies, with 47.6% of respondents somewhat agreeing to that. Funding for security was provided 57.6% somewhat agreeing, though the funding was deemed low by 51% of respondents. Training for security staff was deemed somewhat available (44%) thus below par, while involvement of university management on policies development was at 48% though university management participation in policies review was below average. 38% of respondents somewhat agreed that policies governing use of mobile devices existed. Frequency of user awareness and training was below the average, while 48% of respondents somewhat agreed that universities usually share their intelligence reports on threats and responses with other government agencies. 49% of respondents were somewhat in agreement universities had put in place incidence response plans. Application of updates and improvements was below average, though evaluation of effectiveness of controls was average. To remain protected universities management should cause a review of their employed information security practices and address identified gaps through instigation of essential remedial actions.

Waiting for IR Godot? In search of transformative encounters between Middle Eastern Studies and International Relations

Within the Special Issue ‘Reaching for allies? The dialectics and overlaps between International Relations and Area Studies in the study of politics, security, and conflicts’, this article investigates the post-2011 changing relationship between International Relations (IR) and Middle Eastern Studies (MES). The article departs from the assumption that the reading and writing of security in, on and from the Middle East and North Africa (MENA) region has historically been trapped between the projection of security from abroad and endogenous security narratives. We argue that within the post-Arab uprisings renewed scholarly attention, with studies on security in, on and from the MENA region expressing an all-time methodological pluralism and the increasing and original application of bottom-up and non-military security understandings to regional security, societal and human security are among the most promising notions for transformative dialogue between IR and MES. In broader theoretical terms, we show how the ongoing debate on post-Weberian notions of statehood and post-Westphalian sovereignty point to an already transformative dialogue between IR and MES. The article illustrates this trend with two case studies – on Tunisia and on Iraq – pointing to changing security concepts reflecting changing security practices.

Telehealth Cybersecurity

Clinical information systems are becoming increasingly complex, and telehealth is no exception. Threats to information systems are far and wide including phishing, malware, ransomware and even advanced persistent threats. Maintaining good security practices is necessary in order to secure telehealth and other clinical information systems. Compliance with the HIPAA Security Rule is mandatory, while providing a practical framework for good security practices and self-guidance that ensure basic compliance to all covered entities regardless of their level of IT support. Good security practices are essential to build trust in the telehealth system for both providers, and clinicians, as well as patients.

Believe It or Not ─ Employees Intend to Comply with Information Security Policy because of the Desire for Trade-offs

Most theories of information security policy (ISP), except a few focused on the insider-centric view, are grounded in the control-centric perspective, and most ISP compliance models stem from Western countries. Regulatory focus theory (RFT) proposes two modes of motivational regulation, promotion and prevention focused that are supposed to motivate employee compliance in a trade-off. Culture is crucial to the study of ISP that puts control over human connections. Chinese guanxi, a specific dimension of Chinese culture, is better understood underlying the trust-distrust frame. To bridge the theoretical gap between the control-centric and the insider-centric perspectives, we develop an ISP behavioral model by taking an integrated approach from RFT and the trust-distrust frame. We employed scenario-based events about information security misconduct in the workplace to examine employees’ compliance intention and non-violation choice of ISP upon counterfactual thinking. Our empirical results improve the theoretical and practical implications of security practices.