VCU Media Lab

We propose the establishment of a VCU Media Lab – a professional creative media technology unit whose mission is to support the development, design, production and delivery of innovative media, multimedia, computer-based instruction, publications and tools in support of VCU education, research and marketing initiatives. This centrally administered, budgeted and resourced facility will acknowledge, refine, focus and expand media services that are currently being provided at VCU in a decentralized manner

An examination into the role of knowledge management and computer security in organizations

Organisations develop their computer security procedures based on external guidelines such as ISO 17799 with very little provision to incorporate organisational knowledge in their security procedures. While these external guidelines make recommendations as to how an organisation should develop and implement best practices in computer security they often fail to provide a mechanism that links the security process to the organisational knowledge. The result is that often, security policies, procedures and controls are implemented that are neither strong nor consistent with the organisation's objectives. This study has examined the role of Knowledge Management in organisational Computer Security in 19 Australian SMEs. The study has determined that although the role of knowledge management in organisational computer security is currently limited, there appears to be evidence to argue that the application of knowledge management systems to organisational computer security development and management processes will considerably enhance performance and reduce costs. The study supports that future research is warranted to focus on how existing computer security standards and practices can be improved to allow for a stronger integration with organisational knowledge through the application of knowledge management systems

Overcoming the insider: reducing employee crime through Situational Crime Prevention

Information security has become increasingly important for organizations, given their dependence on ICT. Not surprisingly, therefore, the external threats posed by hackers and viruses have received extensive coverage in the mass media. Yet numerous security surveys also point to the 'insider' threat of employee computer crime. In 2006, for example, the Global Security Survey by Deloitte reports that 28% of respondent organizations encountered considerable internal computer fraud. This figure may not appear high, but the impact of crime perpetrated by insiders can be profound. Donn Parker argues that 'cyber-criminals' should be considered in terms of their criminal attributes, which include skills, knowledge, resources, access and motives (SKRAM). It is as a consequence of such attributes, acquired within the organization, that employers can pose a major threat. Hence, employees use skills gained through their legitimate work duties for illegitimate gain. A knowledge of security vulnerabilities can be exploited, utilising resources and access are provided by companies. It may even be the case that the motive is created by the organization in the form of employee disgruntlement. These criminal attributes aid offenders in the pursuit of their criminal acts, which in the extreme can bring down an organization. In the main, companies have addressed the insider threat through a workforce, which is made aware of its information security responsibilities and acts accordingly. Thus, security policies and complementary education and awareness programmes are now commonplace for organizations. That said, little progress has been made in understanding the insider threat from an offender's perspective. As organizations attempt to grapple with the behavior of dishonest employees, criminology potentially offers a body of knowledge for addressing this problem. It is suggested that Situational Crime Prevention (SCP), a relative newcomer to criminology, can help enhance initiatives aimed at addressing the insider threat. In this article, we discuss how recent criminological developments that focus on the criminal act, represent a departure from traditional criminology, which examines the causes of criminality. As part of these recent developments we discuss SCP. After defining this approach, we illustrate how it can inform and enhance information security practices. In recent years, a number of criminologists have criticised their discipline for assuming that the task of explaining the causes of criminality is the same as explaining the criminal act. Simply to explain how people develop a criminal disposition is only half the equation. What is also required is an explanation of how crimes are perpetrated. Criminological approaches, which focus on the criminal act, would appear to offer more to information security practitioners than their dispositional counterparts. Accordingly, the SCP approach can offer additional tools for practitioners in their fight against insider computer crime

Commercial critical systems and critical infrastructure protection : a future research agenda

Secure management of Australia&rsquo;s commercial critical infrastructure presents ongoing challenges to owners and the government. Although it is currently managed through high-level information sharing via collaboration, but does this suit the commercial sector. One of the issues facing Australia is that the majority of critical infrastructure resides under the control of the business sector and certain aspects such of the critical infrastructure such as Supply Chain Management (SCM) systems are distributed entities and not a single entity. The paper focuses upon the security issues associated with SCM systems and critical infrastructure protection.<br /

Workplace Violence Against Government Employees, 1994-2011

[Excerpt] The higher rates of workplace violence in the government were partly due to the high rates of workplace violence attributed to law enforcement and security employees (figure 2). The rate of workplace violence for law enforcement and security employees was a high of 672.3 per 1,000 in 1994, declining to 109.3 in 2011. These law enforcement and security occupations accounted for over half of the violence committed against government workers and were concentrated most heavily in state, county, and local government. The estimates of nonfatal violent victimization in the workplace against government employees are based on data from the Bureau of Justice Statistics’ (BJS) National Crime Victimization Survey (NCVS), which collects information on nonfatal crimes against persons age 12 or older, reported and not reported to the police, from a nationally representative sample of U.S. households. In this report, nonfatal workplace violence includes rape or sexual assault, robbery, aggravated assault (serious violent offenses), and simple assault against employed persons age 16 or older that occurred while at work or on duty. Information on workplace homicide in this report was obtained from the Bureau of Labor Statistics’ (BLS) Census of Fatal Occupational Injuries (CFOI) (see Methodology). Workplace homicide includes the homicide of employed victims age 16 or older who were killed while at work or on duty and excludes death by accident. Trend estimates of nonfatal workplace violence are based on 2-year rolling averages centered on the most recent year. For example, estimates reported for 2011 represent the average estimates for 2010 and 2011. For some tables in this report, the focus is on the single 10-year aggregate period from 2002 through 2011. These approaches increase the reliability and stability of estimates, which facilitates comparisons over time and between subgroups. Trend estimates of workplace homicide are based on a single most recent year estimates. For example, estimates of workplace homicide for 2011 represent the estimate for 2011 only

Social engineering and crime prevention in cyberspace

This paper highlights methods of syntactic and semantic social engineering attacks (human-based and computer-based) that are currently prevalent in the cyber community. It will also present the emerging trends in high-tech crime; and, the likely future direction cyber-crime will take with respect to social engineering

Is the responsibilization of the cyber security risk reasonable and judicious?

Cyber criminals appear to be plying their trade without much hindrance. Home computer users are particularly vulnerable to attack by an increasingly sophisticated and globally dispersed hacker group. The smartphone era has exacerbated the situation, offering hackers even more attack surfaces to exploit. It might not be entirely coincidental that cyber crime has mushroomed in parallel with governments pursuing a neoliberalist agenda. This agenda has a strong drive towards individualizing risk i.e. advising citizens how to take care of themselves, and then leaving them to face the consequences if they choose not to follow the advice. In effect, citizens are “responsibilized .” Whereas responsibilization is effective for some risks, the responsibilization of cyber security is, we believe, contributing to the global success of cyber attacks. There is, consequently, a case to be made for governments taking a more active role than the mere provision of advice, which is the case in many countries. We conclude with a concrete proposal for a risk regulation regime that would more effectively mitigate and ameliorate cyber risk

Designing and Operating Safe and Secure Transit Systems: Assessing Current Practices in the United States and Abroad, MTI Report 04-05

Public transit systems around the world have for decades served as a principal venue for terrorist acts. Today, transit security is widely viewed as an important public policy issue and is a high priority at most large transit systems and at smaller systems operating in large metropolitan areas. Research on transit security in the United States has mushroomed since 9/11; this study is part of that new wave of research. This study contributes to our understanding of transit security by (1) reviewing and synthesizing nearly all previously published research on transit terrorism; (2) conducting detailed case studies of transit systems in London, Madrid, New York, Paris, Tokyo, and Washington, D.C.; (3) interviewing federal officials here in the United States responsible for overseeing transit security and transit industry representatives both here and abroad to learn about efforts to coordinate and finance transit security planning; and (4) surveying 113 of the largest transit operators in the United States. Our major findings include: (1) the threat of transit terrorism is probably not universal—most major attacks in the developed world have been on the largest systems in the largest cities; (2) this asymmetry of risk does not square with fiscal politics that seek to spread security funding among many jurisdictions; (3) transit managers are struggling to balance the costs and (uncertain) benefits of increased security against the costs and (certain) benefits of attracting passengers; (4) coordination and cooperation between security and transit agencies is improving, but far from complete; (5) enlisting passengers in surveillance has benefits, but fearful passengers may stop using public transit; (6) the role of crime prevention through environmental design in security planning is waxing; and (7) given the uncertain effectiveness of antitransit terrorism efforts, the most tangible benefits of increased attention to and spending on transit security may be a reduction in transit-related person and property crimes