Cyber Security Model of Artificial Social System Man-Machine

Cyber Security Model of Artificial Social System Man-Machine takes advantage of an important chapter of artificial intelligence, discrete event systems applied for modelling and simulation of control, logistic supply, chart positioning, and optimum trajectory planning of artificial social systems. “An artificial social system is a set of restrictions on agents` behaviours in a multi-agent environment. Its role is to allow agents to coexist in a shared environment and pursue their respective goals in the presence of other agents” (Moses & Tennenholtz, n.d.). Despite conventional approaches, Cyber Security Model of Artificial Social System Man-Machine is not guided by rigid control algorithms but by flexible, event-adaptable ones that makes them more lively and available. All these allow a new design of artificial social systems dotted with intelligence, autonomous decision-making capabilities, and self-diagnosing properties. Heuristics techniques, data mining planning activities, scheduling algorithms, automatic data identification, processing, and control represent as many trumps for these new systems analyzing formalism. The authors challenge these frameworks to model and simulate the interaction of man-machine in order to have a better look at the human, social, and organizational privacy and information protection.

A Routine Activity Theory-Based Framework for Combating Cybercrime

Since the government began tackling the problems of cybercrime, many laws have been enacted. A lack of a comprehensive definition and taxonomy of cybercrime makes it difficult to accurately identify report and monitor cybercrime trends. There is not just a lack of international agreement on what cybercrime is; there are different laws in every state within the United States, reflecting the inconsistency of dealing with cybercrime. There is also concern that many times lawyers and information technology professions are unable to understand each other well. The deficiency of cyber laws is an obvious problem and development of effective laws is emerging as an important issue to deal with cybercrime. This research uses the routine activity theory to develop a unified framework by including the motivation of the offender to use a computer as a tool/target, suitability of the target, and the presence (or absence) of guardian. It could help states that want to update their existing laws and cover areas that were previously uncovered.

Network Situational Awareness

This chapter treats computer networks as a cyber warfighting domain in which the maintenance of situational awareness is impaired by increasing traffic volumes and the lack of immediate sensory perception. Sonification (the use of non-speech audio for communicating information) is proposed as a viable means of monitoring a network in real time and a research agenda employing the sonification of a network's self-organized criticality within a context-aware affective computing scenario is given. The chapter views a computer network as a cyber battlespace with a particular operations spectrum and dynamics. Increasing network traffic volumes are interfering with the ability to present real-time intelligence about a network and so suggestions are made for how the context of a network might be used to help construct intelligent information infrastructures. Such a system would use affective computing principles to sonify emergent properties (such as self-organized criticality) of network traffic and behaviour to provide effective real-time situational awareness.

Privacy Compliance Requirements in Workflow Environments

Workflow management systems are used to run day-to-day applications in numerous domains, often including exchange and processing of sensitive data. Their native “leakage-proneness,” being the consequence of their distributed and collaborative nature, calls for sophisticated mechanisms able to guarantee proper enforcement of the necessary privacy protection measures. Motivated by the principles of Privacy by Design and its potential for workflow environments, this chapter investigates the associated issues, challenges, and requirements. With the legal and regulatory provisions regarding privacy in information systems as a baseline, the chapter elaborates on the challenges and derived requirements in the context of workflow environments, taking into account the particular needs and implications of the latter. Further, it highlights important aspects that need to be considered regarding, on the one hand, the incorporation of privacy-enhancing features in the workflow models themselves and, on the other, the evaluation of the latter against privacy provisions.

Development and Mitigation of Android Malware

As mobile applications are being developed at a faster pace, the security aspect of user information is being neglected. A compromised smartphone can inflict severe damage to both users and the cellular service provider. Malware on a smartphone can make the phone partially or fully unusable, cause unwanted billing, steal private information, or infect every name in a user's phonebook. A solid understanding of the characteristics of malware is the beginning step to prevent much of the unwanted consequences. This chapter is intended to provide an overview of security threats posed by Android malware. In particular, the authors focus on the characteristics commonly found in malware applications and understand the code level features that allow us to detect the malicious signatures. The authors also discuss some common defense techniques to mitigate the impact of malware applications.

Cyber Attacks on Critical Infrastructure

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Sticks and Stones Will Break My Euros

“Sticks and Stones” is a well-known adage that means that whatever nasty things people say, they will not physically harm one. This is not often the case, as bullying, especially via the Internet, can be quite harmful. There are few anti-bullying laws emanating from the European Union, which is a trading block of 28 member states that have pooled their sovereignty in order to have common laws and practices to boost trade and peace. However, the common legal rules that exist in the EU have implications for those who run websites, including relating to cyber-bullying. These people, known as systems operators, or sysops, can be limited in the powers they have and rules they make through “sysop prerogative.” Sysop prerogative means that a systems operator can do anything which has been permitted or not taken away by statute, or which they have not given away by contract. This chapter reviews how the different legal systems in Europe impact on sysops and change the way in which sysop prerogative can be exercised. This includes not just from the EU legal structure, but equally the European Convention on Human Rights (ECHR), which also has implications for sysops in the way they conduct their activities.

Indirect Attribution in Cyberspace

We are now in an era of cyberconflict, where nation states, in addition to private entities and individual actors, are attacking each other through Internet-based mechanisms. This incorporates cyberespionage, cybercrime, and malware attacks, with the end goal being intellectual property, state secrets, identity information, and monetary gain. Methods of deterring cybercrime ultimately require effective attribution; otherwise, the threat of consequences for malicious online behaviour will be diminished. This chapter reviews the state of the art in attribution in cyberspace, arguing that due to increases in the technical capability of the most recent advances in cyberconflict, models of attribution using network traceback and explicit identifiers (i.e. direct models) are insufficient build trustworthy models. The main cause of this is the ability of adversaries to obfuscate information and anonymise their attacks from direct attribution. Indirect models, in which models of attacks are built based on feature types and not explicit features, are more difficult to obfuscate and can lead to more reliable methods. There are some issues to overcome with indirect models, such as the complexity of models and the variations in effectiveness, which present an interesting and active field of research.

Fighting Cybercrime and Protecting Privacy

This chapter is about the use of large-scale databases that has increased considerably in the last two years. It is a powerful tool to predict future situations that may affect society. The use of an environmental scanner to fight cybercrime—as an organized crime—is the project for using this technique of large-scale databases to try to guarantee the security against the risk of new, developing forms of criminal activities. On the other hand, the use of large-scale databases utilizes a great amount of personal data to try to predict where and how organized crime or new forms of criminality will develop. This means that we have to evaluate the interests of security of society and the privacy of the person, and we have to find the way to balance both in a democratic society. There are important ethical issues to be considered in the employment of this new and unregulated instrument.

Composition of the Top Management Team and Information Security Breaches

Given the multifaceted problems and complexities of information security, the manner in which top management teams make investment and management decisions regarding security technologies, policy initiatives, and employee education could have a significant impact on the likelihood of information security breaches in organizations. In the context of information security management, it is not clear from management literature regarding how the characteristics of the top management team are associated with the possibility of information security breaches. The results demonstrate that the average length and heterogeneity of tenure could increase the possibility of breaches. However, age heterogeneity and the size of the top management team are negatively related to such a possibility. In addition, the findings suggest a nonlinear association between average age and tenure and the possibility of security breaches. The authors conclude the chapter with theoretical and practical implications on the organizational and managerial aspects of information security management.