Vulnerability to social engineering in social networks : a proposed user-centric framework

Social networking sites have billions of users who communicate and share their personal information every day. Social engineering is considered one of the biggest threats to information security nowadays. Social engineering is an attacker technique to manipulate and deceive users in order to access or gain privileged information. Such attacks are continuously developed to deceive a high number of potential victims. The number of social engineering attacks has risen dramatically in the past few years, causing unpleasant damage both to organizations and individuals. Yet little research has discussed social engineering in the virtual environments of social networks. One approach to counter these exploits is through research that aims to understand why people fall victim to such attacks. Previous social engineering and deception research have not satisfactory identified the factors that influence the users' ability to detect attacks Characteristics that influence users' vulnerability must be investigated to address this issue and help to build a profile for vulnerable users in order to focus on increasing the training programs and education for those users. In this context, the present study proposes a user-centric framework to understand the user's susceptibility, relevant factors and dimensions

Towards internet voting in the state of Qatar

Qatar is a small country in the Middle East which has used its oil wealth to invest in the country's infrastructure and education. The technology for Internet voting now exists or can be developed, but are the people of Qatar willing to take part in Internet voting for national elections?. This research identifies the willingness of government and citizens to introduce and participate in Internet voting (I-voting) in Qatar and the barriers that may be encountered when doing so. A secure I voting model for the Qatar government is then proposed that address issues of I-voting which might arise due to the introduction of such new technology. Recommendations are made for the Qatar government to assist in the introduction of I-voting. The research identifies the feasibility of I-voting and the government s readiness and willingness to introduce it. Multiple factors are examined: the voting experience, educational development, telecommunication development, the large number of Internet users, Qatar law which does not bar the use of I-voting and Qatar culture which supports I-voting introduction. It is shown that there is a willingness amongst both the people and the government to introduce I-voting, and there is appropriate accessibility, availability of IT infrastructure, availability of Internet law to protect online consumers and the existence of the e government project. However, many Qataris have concerns of security, privacy, usability, transparency and other issues that would need to be addressed before any voting system could be considered to be a quality system in the eyes of the voters. Also, the need to consider the security threat associated on client-side machines is identified where a lack of user awareness on information security is an important factor. The proposed model attempts to satisfy voting principles, introducing a secure platform for I-voting using best practices and solutions such as the smart card, Public Key Infrastructure (PKI) and digital certificates. The model was reviewed by a number of experts on Information Technology, and the Qatari culture and law who found that the system would, generally, satisfy voting principles, but pointed out the need to consider the scalability of the model, the possible cyber-attacks and the risks associated with voters computers. which could be reduced by enhancing user awareness on security and using secure operating systems or Internet browsers. From these findings, a set of recommendations were proposed to encourage the government to introduce I-voting which consider different aspects of I-voting, including the digital divide, e-literacy, I voting infrastructure, legal aspects, transparency, security and privacy. These recommendations were also reviewed by experts who found them to be both valuable and effective. Since literature on Internet voting in Qatar is sparse, empirical and non-empirical studies were carried out in a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government

Electronic democracy strategy for Bahrain

This thesis attempts to answer the question ‘What e-democracy strategy, if any, is most suitable for Bahrain?’. Based on a qualitative case study for the country, an e-Democracy strategy is synthesised and presented in this thesis. The literature review includes the forms, ideals and values of democracy. The researcher supports and argues for the assertion that any attempt to implement e-Democracy must not undermine the basic values and ideals of democracy. In the review on Islam and democracy, the author argues that Islam is not against democracy. However it is asserted that e-Democracy implementation must consider the cultural and religious context of Bahrain. The process of democratisation and how it is taking place in Bahrain and Gulf countries are also discussed. A strategy formulation framework is adopted after reviewing literature on how to formulate a strategy. E-Government strategies of reading players in the e-Government are reviewed with an objective of learning lessons prior to formulating e-Democracy strategy. The literature review on e-democracy helped to understand the theory and practice of e-Democracy elsewhere in the world and identify issues that required further investigation. The issues identified from the literature were investigated using empirical data. Data from multiple sources were collected and analysed. The methods included interviews, focus groups and analysis of documents. The results confirm that most of the issues identified as part of the literature review are relevant to the case under investigation. However, there were issues that were not present in the literature. This includes the need to consider democracy’s human, social and cultural aspects as well as factors pertaining to the political divide in Bahrain. This, if not tackled properly, may pose some challenges to the implementation of e-Democracy. The results also disprove the assumption held by the government of Bahrain, as well as by the researcher at the beginning of the study, that e-voting is a more plausible type of e-democracy than other forms. The author adapts and presents an e-Democracy model for Bahrain based on Chadwick and May (2003) along with the e-Democracy strategy for Bahrain. The author also argues that the model and the strategy can be tailored to use in other GCC countries. The study fills a gap in the literature, namely the lack of e-democracy studies pertaining to the Middle East. It also provides a framework and lessons for other countries in the region for the creation of an e-democracy strategy

Reducing the risk of e-mail phishing in the state of Qatar through an effective awareness framework

In recent years, cyber crime has focused intensely on people to bypass existing sophisticated security controls; phishing is one of the most common forms of such attack. This research highlights the problem of e-mail phishing. A lot of previous research demonstrated the danger of phishing and its considerable consequences. Since users behaviour is unpredictable, there is no reliable technological protective solution (e.g. spam filters, anti-viruses) to diminish the risk arising from inappropriate user decisions. Therefore, this research attempts to reduce the risk of e-mail phishing through awareness and education. It underlines the problem of e-mail phishing in the State of Qatar, one of world s fastest developing countries and seeks to provide a solution to enhance people s awareness of e-mail phishing by developing an effective awareness and educational framework. The framework consists of valuable recommendations for the Qatar government, citizens and organisations responsible for ensuring information security along with an educational agenda to train them how to identify and avoid phishing attempts. The educational agenda supports users in making better trust decisions to avoid phishing that could complement any technical solutions. It comprises a collection of training methods: conceptual, embedded, e-learning and learning programmes which include a television show and a learning session with a variety of teaching components such as a game, quizzes, posters, cartoons and a presentation. The components were tested by trial in two Qatari schools and evaluated by experts and a representative sample of Qatari citizens. Furthermore, the research proves the existence and extent of the e-mail phishing problem in Qatar in comparison with the UK where people were found to be less vulnerable and more aware. It was discovered that Qatar is an attractive place for phishers and that a lack of awareness and e-law made Qatar more vulnerable to the phishing. The research identifies the factors which make Qatari citizens susceptible to e-mail phishing attacks such as cultural, country-specific factors, interests and beliefs, religion effect and personal characteristics and this identified the need for enhancing Qatari s level of awareness on phishing threat. Since literature on phishing in Qatar is sparse, empirical and non-empirical studies involved a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government

Social Media, Surveillance and Social Control in the Bahrain Uprising

ArticleMarc Owen Jones began his PhD at the University of Durham in 2011 after securing a studentship from the North East Doctoral Training Centre. He worked briefly as a graduate research assistant at Leicester University following the completion of an MSc in Arab World Studies from Durham University in 2010. This two-year MSc was funded by the Centre for the Advanced Study of the Arab World and involved a year of intense Arabic tuition at both the Universities of Edinburgh and Damascus. He received his BA in Journalism, Film and Broadcasting from Cardiff University in 2006 before spending a year in Sudan teaching English. He tweets and blogs regularly on Bahrain and his research interests include critical security surveillance, cultural geography, public space, social justice, systemic control, policing and social media. This is a study of how the Bahraini regime and its supporters utilized Facebook, Twitter and other social media as a tool of surveillance and social control during the Bahrain uprising. Using a virtual ethnography conducted between February 2011 and December 2011, it establishes a typology of methods that describe how hegemonic forces and institutions employed social media to suppress both online and offline dissent. These methods are trolling, naming and shaming, offline factors, intelligence gathering and passive observation. It also discusses how these methods of control limit the ability of activists to use online places as spaces of representation and anti-hegemonic identity formation. While there is considerable research on the positive role social media plays in activism, this article addresses the relative paucity of literature on how hegemonic forces use social media to resist political change

A framework for e-government implementation at a national level

This study attempts to explore and investigate empirically how an e-government system can be implemented at a national level; the key issues that might restrict its implementation; and how these issues could be treated in practice. Following a comprehensive review of the relevant literature, an initial conceptual framework for e-government implementation is formulated The framework is then applied in a real world case study to support further data collection and to establish an exhaustive view of the e-government implementation process at a national level. The case study examines the development of an e-government implementation in Qatar and involved 26 semi-structured interviews, 10 observations, 10 electronic reports, analysis of around 50 documents, and numerous newspaper articles and press releases. The interviewees included senior officials from the e-government steering committee, the e-government project team and various government ministries. The documentations included all the key documents relating the e-government project. Based on the data collected the initial framework is then revised by using the interpretive case study approach, which depends on an iterative research cycle where triangulated data are extracted The study then combined the evidence from the literature with the case study data to narrow the gap between e-government implementation theory and practice. As a result, a comprehensive framework including detailed measurements to differentiate four development stages is created. This framework classifies the key issues that might restrict e-government implementation into two main categories, organisational and technological issues, and uses other issues as the development measurements. The framework can be used as a tool to determine the road ahead for implementing an e-government system at a national level and to identify the main practices, processes, possible goals, progress indicators and key conditions to move from one stage to another. It can be claimed that this study has made a novel contribution to the area of e-government and has expanded the boundaries of knowledge, especially for governments that are seeking to implement an egovernment system at a national level

Global Risks 2014, Ninth Edition.

The Global Risks 2014 report highlights how global risks are not only interconnected but also have systemic impacts. To manage global risks effectively and build resilience to their impacts, better efforts are needed to understand, measure and foresee the evolution of interdependencies between risks, supplementing traditional risk-management tools with new concepts designed for uncertain environments. If global risks are not effectively addressed, their social, economic and political fallouts could be far-reaching, as exemplified by the continuing impacts of the financial crisis of 2007-2008