473 research outputs found
A Socio-Technical and Co-Evolutionary Framework for Reducing Human-Related Risks in Cyber Security and Cybercrime Ecosystems
The focus on cyber security as an interaction between technical elements and humans has typically confined consideration of the latter to practical issues of implementation, conventionally those of `human performance factors' of vigilance etc., 'raising awareness' and/or 'incentivization' of people and organizations to participate and adapt their behavior. But this is far too narrow a view that seriously constrains the ability of cyber security as a whole to adapt and evolve to keep up with adaptive, innovative attackers in a rapidly-changing technological, business and social landscape, in which personal preferences of users are also dynamically evolving. While there is isolated research across different research areas, we noticed the lack of a \emph{holistic} framework combining a range of applicable theoretical concepts (e.g., cultural co-evolution such as technological arms races, opportunity management, behavioral and business models) and technological solutions on reducing human-related risks in the cyber security and cybercrime ecosystems, which involve multiple groups of human actors including offenders, victims, preventers and promoters. This paper reports our ongoing work in developing such a socio-technical framework 1) to allow a more comprehensive understanding of human-related risks within cyber security and cybercrime ecosystems and 2) to support the design of more effective approaches to engaging individuals and organizations in the reduction of such risks. We are in the process of instantiating this framework to encourage behavioral changes in two use cases that capture diverse and complicated socio-technical interactions in cyber-physical systems
Refining the Blunt Instruments of Cybersecurity: A Framework to Coordinate Prevention and Preservation of Behaviours
Background. Cybersecurity controls are deployed to manage risks posed by malicious behaviours or systems. What is not often considered or articulated is how cybersecurity controls may impact legitimate users (often those whose use of a managed system needs to be protected, and preserved). This characterises the ‘blunt’ nature of many cybersecurity controls. Aim. Here we present a synthesis of methods from cybercrime opportunity reduction and behaviour change. Method. We illustrate the method and principles with a range of examples and a case study focusing on online abuse and social media controls,relating in turn to issues inherent in cyberbullying and tech-abuse. Results. The framework describes a capacity to improve the precision of cybersecurity controls, identifying opportunities for risk owners to better protect legitimate users while simultaneously acting to prevent malicious activity in a managed system. Conclusions. We describe capabilities for a novel approach to managing sociotechnical cyber-risk, which can be integrated into typical risk management processes, to allow for side-by-side consideration of efforts to prevent and preserve different behaviours in a system, by examining their shared determinants
Editing Team: Markus Fiedler
and contributions of the FIA community on the important research topics that should be addressed for the Framework Programme 8 research programmes broadly grouped around three main concerns; economic and business interests; societal interests and challenges; technical disruptions and capabilities. The contents of this roadmap originate with the community of researchers working on all aspects of the Future Internet and meet to share and discuss ideas through the Future Internet Assembly through an open consultation of research projects who participate in FIA. This roadmap is primarily concerned with identifying research that can be carried out in the second half of this decade and which will have an impact in 2020 and beyond. By ‘impact ’ we mean will result in products, services, systems, capabilities, that come to market and are available and deployed in that timeframe The approach adopted in this report is to integrate contributions across the entire space of future Internet research with the aim of bringing out the vision for how and where the Internet will make a significant difference in the future and identifying the broad challenges and gaps, and identifying the solutions and research needs in the future. In this report we have summarised and grouped ideas with the aim of identifying the strong themes and consistent challenges that emerge looking acros
Measuring and Disrupting Malware Distribution Networks: An Interdisciplinary Approach
Malware Delivery Networks (MDNs) are networks of webpages, servers, computers, and computer files that are used by cybercriminals to proliferate malicious software (or malware) onto victim machines. The business of malware delivery is a complex and multifaceted one that has become increasingly profitable over the last few years. Due to the ongoing arms race between cybercriminals and the security community, cybercriminals are constantly evolving and streamlining their techniques to beat security countermeasures and avoid disruption to their operations, such as by security researchers infiltrating their botnet operations, or law enforcement taking down their infrastructures and arresting those involved. So far, the research community has conducted insightful but isolated studies into the different facets of malicious file distribution. Hence, only a limited picture of the malicious file delivery ecosystem has been provided thus far, leaving many questions unanswered. Using a data-driven and interdisciplinary approach, the purpose of this research is twofold. One, to study and measure the malicious file delivery ecosystem, bringing prior research into context, and to understand precisely how these malware operations respond to security and law enforcement intervention. And two, taking into account the overlapping research efforts of the information security and crime science communities towards preventing cybercrime, this research aims to identify mitigation strategies and intervention points to disrupt this criminal economy more effectively
RISCS Annual Report 2018
The Research Institute in Science of Cyber Security (RISCS) takes an evidence-based and interdisciplinary approach to addressing cyber security challenges. By providing a platform for the exchange of ideas, problems and research solutions between academia, industry, and both the UK and international policy communities, RISCS promotes and supports the development of scientific
approaches to cyber security. Central to the RISCS agenda is the application of bodies of knowledge to stimulate a transition from ‘common practice’ to ‘evidence-based best practice’ in cyber security. Recognising that cyber security is a contested concept, RISCS operates within a national and international cyber security framework to establish a coherent set of research principles. These
principles focus on the deployment of scientific methods and the gathering of evidence to produce sound interventions and responses to cyber security challenges.
We actively seek to maximise collaboration amongst our diverse community through a culture of open publication, sharing and expanding our network. Through this collaboration, RISCS develops techniques that enable communities to anticipate emergent cyber security issues from public policy, social practice and technological perspectives. Our end goal is to deliver a world-class portfolio of activity and research findings that maximises the value of social, political and economic research into cyber security and which results in a set of scientifically based options that individuals, institutions and nation states can use to respond to imminent and long term cyber security challenges
Bridging Information Security and Environmental Criminology Research to Better Mitigate Cybercrime
Cybercrime is a complex phenomenon that spans both technical and human
aspects. As such, two disjoint areas have been studying the problem from
separate angles: the information security community and the environmental
criminology one. Despite the large body of work produced by these communities
in the past years, the two research efforts have largely remained disjoint,
with researchers on one side not benefitting from the advancements proposed by
the other. In this paper, we argue that it would be beneficial for the
information security community to look at the theories and systematic
frameworks developed in environmental criminology to develop better mitigations
against cybercrime. To this end, we provide an overview of the research from
environmental criminology and how it has been applied to cybercrime. We then
survey some of the research proposed in the information security domain,
drawing explicit parallels between the proposed mitigations and environmental
criminology theories, and presenting some examples of new mitigations against
cybercrime. Finally, we discuss the concept of cyberplaces and propose a
framework in order to define them. We discuss this as a potential research
direction, taking into account both fields of research, in the hope of
broadening interdisciplinary efforts in cybercrime researc
Social and legal aspects of the development of civil society institutions. Part II
This collective monograph offers the description and analysis of the formation and development of civil society institutions at various levels of government in the field of politics, economics, education and culture. The authors of individual chapters have chosen such point of view for the topic which they considered as the most important and specific for their field of study. Theoretical and applied problems and the existing legal base of practical activities of civil society institutions in the context of growing interdependence of economic, cultural, demographic, political, environmental processes are investigated. The prospects for the further development of civil society and its institutions, their relations with the state, as well as the promotion of the participation of civil society organizations in socio-economic development
Society, Environment and Human Security in the Arctic Barents Region
This title is published in Open Access with the support of the University of Helsinki.The Arctic-Barents Region is facing numerous pressures from a variety of sources, including the effect of environmental changes and extractive industrial developments. The threats arising out of these pressures result in human security challenges.
This book analyses the formation, and promotion, of societal security within the context of the Arctic-Barents Region. It applies the human security framework, which has increasingly gained currency at the UN level since 1994 (UNDP), as a tool to provide answers to many questions that face the Barents population today. The study explores human security dimensions such as environmental security, economic security, health, food, water, energy, communities, political security and digital security in order to assess the current challenges that the Barents population experiences today or may encounter in the future. In doing so, the book develops a comprehensive analysis of vulnerabilities, challenges and needs in the Barents Region and provides recommendations for new strategies to tackle insecurity and improve the wellbeing of both indigenous and local communities.
This book will be a valuable tool for academics, policy-makers and students interested in environmental and human security, sustainable development, environmental studies and the Arctic and Barents Region in particular
South American Expert Roundtable : increasing adaptive governance capacity for coping with unintended side effects of digital transformation
This paper presents the main messages of a South American expert roundtable (ERT) on the unintended side effects (unseens) of digital transformation. The input of the ERT comprised 39 propositions from 20 experts representing 11 different perspectives. The two-day ERT discussed the main drivers and challenges as well as vulnerabilities or unseens and provided suggestions for: (i) the mechanisms underlying major unseens; (ii) understanding possible ways in which rebound effects of digital transformation may become the subject of overarching research in three main categories of impact: development factors, society, and individuals; and (iii) a set of potential action domains for transdisciplinary follow-up processes, including a case study in Brazil. A content analysis of the propositions and related mechanisms provided insights in the genesis of unseens by identifying 15 interrelated causal mechanisms related to critical issues/concerns. Additionally, a cluster analysis (CLA) was applied to structure the challenges and critical developments in South America. The discussion elaborated the genesis, dynamics, and impacts of (groups of) unseens such as the digital divide (that affects most countries that are not included in the development of digital business, management, production, etc. tools) or the challenge of restructuring small- and medium-sized enterprises (whose service is digitally substituted by digital devices). We identify specific issues and effects (for most South American countries) such as lack of governmental structure, challenging geographical structures (e.g., inclusion in high-performance transmission power), or the digital readiness of (wide parts) of society. One scientific contribution of the paper is related to the presented methodology that provides insights into the phenomena, the causal chains underlying “wanted/positive” and “unwanted/negative” effects, and the processes and mechanisms of societal changes caused by digitalization
- …