CLASSIFICATION OF SOCIAL ENGINEERING METHODS AND TYPES OF SOCIAL ENGINEERING ATTACKS

Background: Social engineering is an acute threat to modern enterprises. In large companies, dynamic information flows and changes in management processes increase the number of attack points for social engineers, which entails possible unwanted information outflows. Objective: The study aims to analyze social engineering attacks, identify their complexity, and compare them with the types of attacks. The primary objective is to determine the key mechanisms to counter social engineering. Methods: The paper analyzes the current body of scientific literature concerning the legal regulation of social engineering methods and the study of criminalized social engineering. The methodological foundation of the study is a combination of scientific research methods, including the abstract-logical approach, correlation analysis, and the comparative method. Results: The existing research testifies to the dynamic spread and development of social engineering technologies, which necessitates the development of an effective system to counter social engineering attacks. The most promising approach appears to be the one based on the technical component and simultaneously involving the training of employees of enterprises and organizations in counteracting unauthorized access to information. This approach will reduce the risk of information leakage and strengthen the information security of modern companies

Terrorism affected regions : the impact of different supply chain risk management strategies on financial performance

Purpose: Current geo-political events, such as terrorism and climatologic adversities, have highlighted the potential risks to supply chains (SCs), and their disastrous financial impacts on supply chains. Within supply chains, risk management plays a major role in successfully managing business processes in a proactive manner and ensuring the business continuity and financial performance (FP). The purpose of this study is to explore the supply chain risks and strategies in a terrorism-affected region (TAR), and to examine supply chain risk management (SCRM) strategies and their impacts on FP, including the war on terror (WoT) and its impacts on the local logistics industry. In addition, this study investigates the knowledge gaps in the published research on terrorism-related risk in supply chains, and develops a framework of strategies and effective decision-making to enable practitioners to address terrorism-related risks for SCRM.Methodology: The study initially adopts a novel combination of triangulated methods comprising a systematic literature review, text mining, and network analysis. Additionally, risk identification, risk analysis and strategies scrutiny are conducted by using semi-structured interviews and Qualitative Content Analysis in a TAR. A model of strategies was developed from a review of existing studies and interviews. The model is empirically tested with survey data of 80 firms using fuzzy-set Qualitative Comparative Analysis (fsQCA).Findings: This study reveals a number of key themes in the field of SCRM linked with terrorism. It identifies relevant mitigation strategies and practices for effective strategic decision-making. This subsequently leads to development of a strategic framework, consisting of strategies and effective-decision making practices to address terrorism-related risks that affect SCRM. It also identifies key the knowledge gaps in the literature and explores the main contributions by disciplines (e.g., business schools, engineering, and maritime institutions) and countries.Further, it identifies the SC risks in a TAR, which consist of value streams: disruption risks, operational risks and financial risks. Among these, the emerging risks emcompass terrorist groups’ demand for protection money, smog, paedophilia and the use of containers to block protesters. To mitigate these risks, firms frequently implemented the following strategies: information sharing, SC coordination, risk sharing, SC finance, SC security and facilitation payment. Five strategies out of the six (except facilitation payment) are able to lead to FP, confirmed quantitatively as well. There are various equifinal configurations of SCRM strategies leading to FP. In addition, information sharing acts as a moderator in the relationship between SC security and FP. SC coordination has a mediating role in the relationship between information sharing and SC security capabilities and FP.Research limitations/Contribution: The sample size a limitation of the study, meaning that the findings should be generalized with caution. The most valuable implications is the identification of configurations of strategies that can help managers and policymakers in implementing those findings.Originality/value: No empirical study was found in the SCRM literature that specifically investigates the relationships between the identified strategies and FP with fsQCA, in particular in a TAR context; this study thus fills an important gap in the SCRM literature and contributes empirically

Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems, cyber risk at the edge

The Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture

Indicators and methods for assessing the quality of logistic activity processes

Purpose: This article is aimed at identifying and evaluating the quality and safety indicators of processes in the logistics system and solving the problems of product control in the goods’ distribution process. Design/Methodology/Approach: In order to assess the risks and quality of control methods in the goods’ distribution processes, studies were carried out in the process of grain supply, on which the risk assessment was tested using the fault tree using a qualitative approach with a deductive logic, which allowed to identify events at the lower levels of the system. To evaluate the results when comparing various methods of monitoring the characteristics of products in the product distribution process certain statistical tools were used. The evaluation with comparative tests is required in order to determine the way of measuring products in the goods distribution logistics system. The study uses the methods of formalization, analysis, measurement, experimental and comparison. Findings: The considered risk assessment method and the given example allow us to recommend its use for the product distribution processes for various purposes. A technique is proposed for comparing various control methods based on statistical tools that can be recommended for various goods’ distribution operations. Practical implications: The results of the study can be applied in practice to improve the quality of goods’ distribution processes and reduce risks in the various supply chains. Originality/value: The main contribution of this study is to shift the emphasis on the assessment of processes in goods’ distribution to the positions of a risk-based approach and the use of various statistical tools in logistics’ activities.peer-reviewe

Theorizing and Generalizing About Risk Assessment and Regulation Through Comparative Nested Analysis of Representative Cases

This article provides a framework and offers strategies for theorizing and generalizing about risk assessment and regulation developed in the context of an on-going comparative study of regulatory behavior. Construction of a universe of nearly 3,000 risks and study of a random sample of 100 of these risks allowed us to estimate relative U.S. and European regulatory precaution over a thirty-five-year period. Comparative nested analysis of cases selected from this universe of ecological, health, safety, and other risks or its eighteen categories or ninety-two subcategories of risk sources or causes will allow theory-testing and -building and many further descriptive and causal comparative generalizations

Creation of public use files: lessons learned from the comparative effectiveness research public use files data pilot project

In this paper we describe lessons learned from the creation of Basic Stand Alone (BSA) Public Use Files (PUFs) for the Comparative Effectiveness Research Public Use Files Data Pilot Project (CER-PUF). CER-PUF is aimed at increasing access to the Centers for Medicare and Medicaid Services (CMS) Medicare claims datasets through PUFs that: do not require user fees and data use agreements, have been de-identified to assure the confidentiality of the beneficiaries and providers, and still provide substantial analytic utility to researchers. For this paper we define PUFs as datasets characterized by free and unrestricted access to any user. We derive lessons learned from five major project activities: (i) a review of the statistical and computer science literature on best practices in PUF creation, (ii) interviews with comparative effectiveness researchers to assess their data needs, (iii) case studies of PUF initiatives in the United States, (iv) interviews with stakeholders to identify the most salient issues regarding making microdata publicly available, and (v) the actual process of creating the Medicare claims data BSA PUFs