Catch-up in the IT Service Sector and the Role of the Government in China

Chapter 7 analyzes the market and technological catch-up of indigenous Chinese firms in two information technology service sectors, namely, games and business software (enterprise resource planning (ERP) and security software) and focuses on two aspects. The first aspect is about how latecomer firms have been able to access and learn from foreign knowledge bases and acquire their innovation capabilities. The second aspect is the role of the government and regulation in the catch-up process. Indigenous firms in China have selected different learning and catch-up strategies in different technological regimes. For the online game sector, where imitation is easier and incremental innovation is more important than radical innovation, Chinese firms started with handling the publishing (or distribution) of games developed by foreign incumbents and later secured in-house game development capabilities by imitating the products of global leaders. In the business software sector, where imitation and creative innovation are difficult, Chinese firms acquired third-party technologies through mergers and acquisitions and then differentiated their products by taking advantage of local specificities. In general, intellectual property rights (IPRs) are critical in the business of these two segments. Despite the entry barrier effect of IPR protection by the foreign incumbents, the latecomer firms discussed in this chapter seem to have circumvented the barrier to entry and learning and to acquire their innovation capabilities. However, such learning and acquisition would not have led to commercial success without government regulation against foreign companies, such as business restrictions in online gaming and exclusive procurement of indigenous products in applied software (ERP and security software). Such restrictions against foreign companies were a critical constraining factor against their market share expansion in the Chinese market.

Continuidad de negocio, análisis de la exposición al riesgo de ataques cibernéticos en empresas micro y pequeñas de la región Atlautla, Ozumba y Amecameca

El estudio cuantitativo de diseño descriptivo-correlacional se realizó a partir de datos recolectados en la investigación anual 2020 de la Red de Estudios Latinoamericanos en Administración y Negocios (Relayn) de una muestra de 401 directivos de micro y pequeñas empresas de los municipios de Atlautla, Ozumba y Amecameca Estado México, con el objetivo de ponderar su exposición al riesgo de ataques cibernéticos medido a través de la relación entre la incorporación tecnológica y la implementación de software de seguridad informática con la intención de inferir su impacto en la continuidad de negocio. Se encontró una relación directa entre las variables de estudio, con r = 0.725. AbstractThis quantitative research of descriptive-correlational design was performed with data recollected during the annual investigation of Latin American Studies Network in Business and Administration (Relayn) in 2020 from a sample consisting of 401 micro and small business directors from the municipality of Atlautla, Ozumba and Amecameca, Mexico State with the objective of weighing vulnerability of cybernetic attacks measured by the relationship between incorporation of technology and implementation of computer security software with the intention of inferring the impact it has on a businesses continuity. A direct relationship was found among study variables, with r = 0.725.

SDN-Empowered Reliable and Dynamic Scheduling Scheme for Security Resources

By endowing network with the ability of reliable scheduling of security resources, it can realize the dynamic deployment of security resources as well as the efficient configuration of protection resources, and further can quickly respond to network security threats and emergencies timely. Furthermore, due to the network is increasingly complex, it is of great importance to make it reliable by invoking appropriate security resources. However, the security mechanism and response speed of traditional network based on security domain division, network boundary protection are hard to meet the requirements of the virtual network. In this paper, we propose the SDN-empowered reliable and dynamic scheduling scheme for security resources. In the scheme, we use network security resource virtualization technology to virtualize and modularize network security software and hardware resources; at the SDN control layer, we propose meta-security function combination technology to provide on-demand customization for various security applications’ security service; by using role-based conflict detection and conflict resolution technology, we can detect and handle security rule conflicts. The experiments show that the scheme is reliable and efficient with low latency and great throughput.

Internet of Things Vulnerabilities in Military Environments

IoT devices (sensors, drones, cameras) are gaining more and more emphasis on military operations. The application of IoT elements in the military environment increases situational awareness and supports the acquisition and maintenance of information superiority. The information they provide about the enemy, the area of operations, and the location and status of our soldiers and assets can contribute to the successful execution of operations at the tactical, operational and strategic levels. However, they can also pose serious threats if their vulnerabilities allow the data they collected to leak or they provide access to the info-communication networks used for the enemy. In this article, the author examined the vulnerabilities of these IoT devices using keyword analysis. After drawing conclusions from the analysis of the relevant literature, he compared the results with the general-purpose IoT threats and attacks typical of today, like distributed denial of service attacks, security, software, security and privacy issues.

Editorial For Vol.28, No.2

The second issue of CIT's Vol. 28 (Vol. 28, No. 2, June 2020) brings five papers from the regular section, which focus on topics from the areas of computer networks and network security, software, and robotics.

Stegarmory: Offensive Cyber Security Software for Embedding Shellcode in Images

The paper introduces StegArmory, a new open source software package with practical applications for offensive cyber security operators. StegArmory uses steganography techniques to embed machine code, or shellcode, in images. Shellcode is typically flagged as malicious by antivirus software due to the payloads they often contain, but detection becomes more difficult when shellcode is embedded in a common image file. Using steganography to embed shellcode within portable network graphic (PNG) images, StegArmory provides a new way to avoid detection of potentially malicious payloads while ensuring reliable transmission. In this paper, the StegArmory software development process is described, performance benchmarks are established and detection metrics are measured using sample cover images. Two image-based steganography techniques are utilized, least significant bit (LSB) and pixel value differencing (PVD). Test results indicate the software effectively produces PNG image files, using both LSBand PVD approaches, with embedded shellcode capable of avoiding malicious payload detection. The LSB method is faster but the PVD method handles larger payloads and image modifications are more difficult to detect.

Cyber Crime, Cyber Space and Effects of Cyber Crime

Cyberspace is a domain that uses the electronic and electromagnetic spectrum to store, modify, and exchange data through network and system-related physical infrastructures. Cyberspace is an endless space known as the Internet. Computer transactions, especially transactions between different computers, can be viewed as a space. Images and text on the Internet exist in cyberspace. The term is used in conjunction with virtual reality, giving the name of the imaginary place where a virtual object exists. If a computer creates a picture of a building that allows the architect to "walk in" and see what the nature of a design is, the building is said to be in cyberspace.Cybercrime is a series of organized criminal attack cyberspace and cyber security. Cybercrime such as Hacking into computer,this can be through a network system and clicking on unfamiliar links connecting to unrecognized Wi-Fi, downloading software and files to unsafe sites, consuming energy, electromagnetic radiation waves, and more. Cyber security is a serious problem and must be taken seriously as it has become a national concern. Currently, most electronic devices such as computers, laptops and cell phones come with built-in firewall security software, but even so, computers are not 100 percent accurate and reliable in protecting our data.

Demystifying Global Cybersecurity Threats in Financial Services

The financial sector across the globe ensures sustainable growth in the economy by mobilizing investments, funds, and savings. This chapter attempts to comprehend the current state of cybersecurity within the financial services industry worldwide. The chapter explores the different aspects of global cyber-attacks in financial sectors to elucidate the salient problems, issues, threats, safeguards, and solutions. As technology is progressing, highly technology-savvy criminals are becoming a new threat in the cybercrime space. The entire industry needs an intense transformation to create innovative, state-of-the-art information, and an up-to-date architecture of cybersecurity that is capable of confronting the continuous tides of cyber-attacks and data breaches on an everyday basis. The use of security tools like proxy servers, firewalls, multi-layered email strategy, virus security software, and effective governance strategies are necessary to protect financial sectors from cyber threats and attacks.

Practical Aspects of Vulnerability Detection During Certification Tests of Information Security Software

Purpose: analysis of various techniques and techniques for identifying defects and vulnerabilities during certification tests. Research method: comparative analysis. Result: the conclusion is made about the relevance and priority of the study of open-source web applications. The study is given and the shortcomings of directive methods for identifying vulnerabilities and undeclared capabilities in software products are shown. The author’s statistics of the identified vulnerabilities are given with detailing by classes of computer attacks, manufacturers of information security tools, programming environments and methods for identifying vulnerabilities. A comparative analysis of author’s methods with known directive testing methods is given. The relevance of the implementation of the concept of developing secure software is shown. Recommendations on improving the security of software tools for information protection are given.