Information security threat assessment using social engineering in the organizational context: literature review

Trabalho apresentado em WorldCist'22 - 10th World Conference on Information Systems and Technologies, 12-14 abril 2022, Budva, MontenegroDue to the value and diversity of data that organizations use and pro duce in their activity, it is extremely important to protect this asset. Security flaws can arise due to several factors and whenever it is difficult to access the desired information because of technological barriers. In this case, attacks are redirected to the exploitation of human beings vulnerabilities through various techniques. The objective of this work focuses on literature review, studying the underlying theme of Social Engineering, as it uses human trust, convincing someone of something fake, using various interactions and different vectors to gain access to private information. Design Science Research will support the research work due to the possibility of construction, evaluation, and subsequent validation of the artefact. The contribution of a framework proposal for preventing social engi neering attacks in organizations and providing the best recommendations, guid ing, and supporting the stakeholders in the selection and definition of controls that guarantee the security of organizational information and avoid possible at tacks by Social Engineering. It is expected that the practical effects of the future work will result in a reduction in the number of attacks using Social Engineering, greater individual and collective preparation to deal with this problem and, over time, the incentive to the continued expansion of the adoption of these artefacts at the organizational level.N/

Analysis of web3 solution development principles

In the master's thesis, we researched the principles of Web3 solution development. We studied the blockchain and blockchain-related technology, development of the Web including all versions of the Web and the differences between them. We presented the popular technologies for Web3 development and the most common Web3 solutions with examples. With help of systematic literature review we explored the state-of-art technologies for Web3 solution development and proposed a full-stack for Web3. In the final part we implemented a proof-of-concept Ethereum decentralized application and compared it with equivalent concept of Web2 application. We proposed future work of researching other popular blockchain protocols like Solana or Polygon

CREATe 2012-2016: Impact on society, industry and policy through research excellence and knowledge exchange

On the eve of the CREATe Festival May 2016, the Centre published this legacy report (edited by Kerry Patterson & Sukhpreet Singh with contributions from consortium researchers)

Web Engineering Security (WES) Methodology

The impact of the World Wide Web on basic operational economical components in global information-rich civilizations is significant. The repercussions force organizations to provide justification for security from a business-case perspective and to focus on security from a Web application development environment standpoint. The need for clarity promoted an investigation through the acquisition of empirical evidence from a high level Web survey and a more detailed industry survey to analyze security in the Web application development environment ultimately contributing to the proposal of the Essential Elements (EE) and the Security Criteria for Web Application Development (SCWAD). The synthesis of information provided was used to develop the Web Engineering Security (WES) methodology. WES is a proactive, flexible, process neutral security methodology with customizable components that is based on empirical evidence and used to explicitly integrate security throughout an organization’s chosen application development process

The Trilogy of Science: Filling the Knowledge Management Gap with Knowledge Science and Theory

The international knowledge management field has different ways of investigating, developing, believing, and studying knowledge management. Knowledge management (KM) is distinguished deductively by know-how, and its intangible nature establishes different approaches to KM concepts, practices, and developments. Exploratory research and theoretical principles have formed functional intelligences from 1896 to 2013, leading to a knowledge management knowledge science (KMKS) concept that derived a grounded theory of knowledge activity (KAT). This study addressed the impact of knowledge production problems on KM practice. The purpose of this qualitative meta-analysis study was to fit KM practice within the framework of knowledge science (KS) study. Themed questions and research variables focused on field mechanisms, operative functions, principle theory, and relationships of KMKS. The action research used by American practitioners has not established a formal structure for KS. The meta-data-analysis examined 385 transdisciplinary peer-reviewed articles using social science, service science, and systems science databases, with a selection of interdisciplinary studies that had a practice-research-theory framework. Key attributes utilizing Boolean limiters, words, phrases and publication dates, along with triangulation, language analysis and coding through analytic software identified commonalities of the data under study. Findings reflect that KM has not become a theoretically saturated field. KS as the forensic science of KM creates a paradigm shift, causes social change that averts rapid shifts in management direction and uncertainty, and connects KM philosophy and science of knowledge. These findings have social change implications by informing the work of managers and academics to generate a methodical applied science

Enhancing trustability in MMOGs environments

Massively Multiplayer Online Games (MMOGs; e.g., World of Warcraft), virtual worlds (VW; e.g., Second Life), social networks (e.g., Facebook) strongly demand for more autonomic, security, and trust mechanisms in a way similar to humans do in the real life world. As known, this is a difficult matter because trusting in humans and organizations depends on the perception and experience of each individual, which is difficult to quantify or measure. In fact, these societal environments lack trust mechanisms similar to those involved in humans-to-human interactions. Besides, interactions mediated by compute devices are constantly evolving, requiring trust mechanisms that keep the pace with the developments and assess risk situations. In VW/MMOGs, it is widely recognized that users develop trust relationships from their in-world interactions with others. However, these trust relationships end up not being represented in the data structures (or databases) of such virtual worlds, though they sometimes appear associated to reputation and recommendation systems. In addition, as far as we know, the user is not provided with a personal trust tool to sustain his/her decision making while he/she interacts with other users in the virtual or game world. In order to solve this problem, as well as those mentioned above, we propose herein a formal representation of these personal trust relationships, which are based on avataravatar interactions. The leading idea is to provide each avatar-impersonated player with a personal trust tool that follows a distributed trust model, i.e., the trust data is distributed over the societal network of a given VW/MMOG. Representing, manipulating, and inferring trust from the user/player point of view certainly is a grand challenge. When someone meets an unknown individual, the question is “Can I trust him/her or not?”. It is clear that this requires the user to have access to a representation of trust about others, but, unless we are using an open source VW/MMOG, it is difficult —not to say unfeasible— to get access to such data. Even, in an open source system, a number of users may refuse to pass information about its friends, acquaintances, or others. Putting together its own data and gathered data obtained from others, the avatar-impersonated player should be able to come across a trust result about its current trustee. For the trust assessment method used in this thesis, we use subjective logic operators and graph search algorithms to undertake such trust inference about the trustee. The proposed trust inference system has been validated using a number of OpenSimulator (opensimulator.org) scenarios, which showed an accuracy increase in evaluating trustability of avatars. Summing up, our proposal aims thus to introduce a trust theory for virtual worlds, its trust assessment metrics (e.g., subjective logic) and trust discovery methods (e.g., graph search methods), on an individual basis, rather than based on usual centralized reputation systems. In particular, and unlike other trust discovery methods, our methods run at interactive rates.MMOGs (Massively Multiplayer Online Games, como por exemplo, World of Warcraft), mundos virtuais (VW, como por exemplo, o Second Life) e redes sociais (como por exemplo, Facebook) necessitam de mecanismos de confiança mais autónomos, capazes de assegurar a segurança e a confiança de uma forma semelhante à que os seres humanos utilizam na vida real. Como se sabe, esta não é uma questão fácil. Porque confiar em seres humanos e ou organizações depende da percepção e da experiência de cada indivíduo, o que é difícil de quantificar ou medir à partida. Na verdade, esses ambientes sociais carecem dos mecanismos de confiança presentes em interacções humanas presenciais. Além disso, as interacções mediadas por dispositivos computacionais estão em constante evolução, necessitando de mecanismos de confiança adequados ao ritmo da evolução para avaliar situações de risco. Em VW/MMOGs, é amplamente reconhecido que os utilizadores desenvolvem relações de confiança a partir das suas interacções no mundo com outros. No entanto, essas relações de confiança acabam por não ser representadas nas estruturas de dados (ou bases de dados) do VW/MMOG específico, embora às vezes apareçam associados à reputação e a sistemas de reputação. Além disso, tanto quanto sabemos, ao utilizador não lhe é facultado nenhum mecanismo que suporte uma ferramenta de confiança individual para sustentar o seu processo de tomada de decisão, enquanto ele interage com outros utilizadores no mundo virtual ou jogo. A fim de resolver este problema, bem como os mencionados acima, propomos nesta tese uma representação formal para essas relações de confiança pessoal, baseada em interacções avatar-avatar. A ideia principal é fornecer a cada jogador representado por um avatar uma ferramenta de confiança pessoal que segue um modelo de confiança distribuída, ou seja, os dados de confiança são distribuídos através da rede social de um determinado VW/MMOG. Representar, manipular e inferir a confiança do ponto de utilizador/jogador, é certamente um grande desafio. Quando alguém encontra um indivíduo desconhecido, a pergunta é “Posso confiar ou não nele?”. É claro que isto requer que o utilizador tenha acesso a uma representação de confiança sobre os outros, mas, a menos que possamos usar uma plataforma VW/MMOG de código aberto, é difícil — para não dizer impossível — obter acesso aos dados gerados pelos utilizadores. Mesmo em sistemas de código aberto, um número de utilizadores pode recusar partilhar informações sobre seus amigos, conhecidos, ou sobre outros. Ao juntar seus próprios dados com os dados obtidos de outros, o utilizador/jogador representado por um avatar deve ser capaz de produzir uma avaliação de confiança sobre o utilizador/jogador com o qual se encontra a interagir. Relativamente ao método de avaliação de confiança empregue nesta tese, utilizamos lógica subjectiva para a representação da confiança, e também operadores lógicos da lógica subjectiva juntamente com algoritmos de procura em grafos para empreender o processo de inferência da confiança relativamente a outro utilizador. O sistema de inferência de confiança proposto foi validado através de um número de cenários Open-Simulator (opensimulator.org), que mostrou um aumento na precisão na avaliação da confiança de avatares. Resumindo, a nossa proposta visa, assim, introduzir uma teoria de confiança para mundos virtuais, conjuntamente com métricas de avaliação de confiança (por exemplo, a lógica subjectiva) e em métodos de procura de caminhos de confiança (com por exemplo, através de métodos de pesquisa em grafos), partindo de uma base individual, em vez de se basear em sistemas habituais de reputação centralizados. Em particular, e ao contrário de outros métodos de determinação do grau de confiança, os nossos métodos são executados em tempo real

THaW publications

In 2013, the National Science Foundation\u27s Secure and Trustworthy Cyberspace program awarded a Frontier grant to a consortium of four institutions, led by Dartmouth College, to enable trustworthy cybersystems for health and wellness. As of this writing, the Trustworthy Health and Wellness (THaW) project\u27s bibliography includes more than 130 significant publications produced with support from the THaW grant; these publications document the progress made on many fronts by the THaW research team. The collection includes dissertations, theses, journal papers, conference papers, workshop contributions and more. The bibliography is organized as a Zotero library, which provides ready access to citation materials and abstracts and associates each work with a URL where it may be found, cluster (category), several content tags, and a brief annotation summarizing the work\u27s contribution. For more information about THaW, visit thaw.org

The Lumberjack, October 12, 2011

The student newspaper of Humboldt State Universityhttps://digitalcommons.humboldt.edu/studentnewspaper2011/1003/thumbnail.jp

Transforming Business Using Digital Innovations: The Application of AI, Blockchain, Cloud and Data Analytics

This study explores digital business transformation through the lens of four emerging technology fields: artificial intelligence, blockchain, cloud and data analytics (i.e., ABCD). Specifically, the study investigates the operations and value propositions of these distinct but increasingly converging technologies. Due to the dynamic nature of innovation, the potential of this ABCD hybridization, integration, recombination and convergence has yet to be considered. Using a multidisciplinary approach, the findings of the study show wide-reaching and diverse applications among a variety of vertical sectors, presenting exploratory research avenues for future investigation. The study also highlights the practical implications of these new technologies

Seafloor characterization using airborne hyperspectral co-registration procedures independent from attitude and positioning sensors

The advance of remote-sensing technology and data-storage capabilities has progressed in the last decade to commercial multi-sensor data collection. There is a constant need to characterize, quantify and monitor the coastal areas for habitat research and coastal management. In this paper, we present work on seafloor characterization that uses hyperspectral imagery (HSI). The HSI data allows the operator to extend seafloor characterization from multibeam backscatter towards land and thus creates a seamless ocean-to-land characterization of the littoral zone