5,119 research outputs found
Cyber-crime Science = Crime Science + Information Security
Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions
Bridging Information Security and Environmental Criminology Research to Better Mitigate Cybercrime
Cybercrime is a complex phenomenon that spans both technical and human
aspects. As such, two disjoint areas have been studying the problem from
separate angles: the information security community and the environmental
criminology one. Despite the large body of work produced by these communities
in the past years, the two research efforts have largely remained disjoint,
with researchers on one side not benefitting from the advancements proposed by
the other. In this paper, we argue that it would be beneficial for the
information security community to look at the theories and systematic
frameworks developed in environmental criminology to develop better mitigations
against cybercrime. To this end, we provide an overview of the research from
environmental criminology and how it has been applied to cybercrime. We then
survey some of the research proposed in the information security domain,
drawing explicit parallels between the proposed mitigations and environmental
criminology theories, and presenting some examples of new mitigations against
cybercrime. Finally, we discuss the concept of cyberplaces and propose a
framework in order to define them. We discuss this as a potential research
direction, taking into account both fields of research, in the hope of
broadening interdisciplinary efforts in cybercrime researc
The effects of security protocols on cybercrime at Ahmadu Bello University, Zaria, Nigeria.
Masters Degree. University of KwaZulu-Natal, Durban.The use of Information Communication Technology (ICT) within the educational
sector is increasing rapidly. University systems are becoming increasingly
dependent on computerized information systems (CIS) in order to carry out their
daily routine. Moreover, CIS no longer process staff records and financial data
only, as they once did. Nowadays, universities use CIS to assist in automating
the overall system. This automation includes the use of multiple databases, data
detail periodicity (i.e. gender, race/ethnicity, enrollment, degrees granted, and
program major), record identification (e.g. social security number ‘SSN’), linking
to other databases (i.e. linking unit record data with external databases such as
university and employment data).
The increasing demand and exposure to Internet resources and infrastructure by
individuals and universities have made IT infrastructure easy targets for
cybercriminals who employ sophisticated attacks such as Advanced Persistent
Threats, Distributed Denial of Service attacks and Botnets in order to steal
confidential data, identities of individuals and money. Hence, in order to stay in
business, universities realise that it is imperative to secure vital Information
Systems from easily being exploited by emerging and existing forms of
cybercrimes. This study was conducted to determine and evaluate the various
forms of cybercrimes and their consequences on the university network at
Ahmadu Bello University, Zaria. The study was also aimed at proposing means
of mitigating cybercrimes and their effects on the university network. Hence, an
exploratory research design supported by qualitative research approach was
used in this study. Staff of the Institute of Computing, Information and
Communication technology (ICICT) were interviewed. The findings of the study
present different security measures, and security tools that can be used to
effectively mitigate cybercrimes. It was found that social engineering, denial of
service attacks, website defacement were among the types of cybercrimes
occurring on the university network. It is therefore recommended that behavioural
approach in a form of motivation of staff behaviour, salary increases, and cash
incentive to reduce cybercrime perpetrated by these staff
Strategies for Implementing Successful IT Security Systems in Small Businesses
Owners of small businesses who do not adequately protect business data are at high risk for a cyber attack. As data breaches against small businesses have increased, it has become a growing source of concern for consumers who rely on owners of small businesses to protect their data from data breaches. Grounded in general systems theory and routine activity approach, the focus of this qualitative multiple case study was to explore strategies used by owners of small businesses to protect confidential company data from cyber attacks. The process used for collecting data involved semistructured face-to-face interviews with 5 owners of small businesses in Florida, as well as a review of company documents that were relevant to strategies used by owners of small businesses to protect confidential company data from cyber attacks. The thematic analysis of the interview transcripts revealed 4 themes for protecting business data against cyber attacks, which are security information management strategy, organizational strategy, consistent security policy, and cybersecurity risk management strategy. A key finding is that owners of small businesses could develop an organizational strategy by incorporating procedures used to protect from and respond to cyber attacks. The implications for positive social change include the potential to increase customers’ confidence and businesses’ economic growth, as well as stimulate the socioeconomic lifecycle, resulting in potential employment gains for residents within the communities
Fighting Cybercrime After \u3cem\u3eUnited States v. Jones\u3c/em\u3e
In a landmark non-decision last term, five Justices of the United States Supreme Court would have held that citizens possess a Fourth Amendment right to expect that certain quantities of information about them will remain private, even if they have no such expectations with respect to any of the information or data constituting that whole. This quantitative approach to evaluating and protecting Fourth Amendment rights is certainly novel and raises serious conceptual, doctrinal, and practical challenges. In other works, we have met these challenges by engaging in a careful analysis of this “mosaic theory” and by proposing that courts focus on the technologies that make collecting and aggregating large quantities of information possible. In those efforts, we focused on reasonable expectations held by “the people” that they will not be subjected to broad and indiscriminate surveillance. These expectations are anchored in Founding-era concerns about the capacity for unfettered search powers to promote an authoritarian surveillance state. Although we also readily acknowledged that there are legitimate and competing governmental and law enforcement interests at stake in the deployment and use of surveillance technologies that implicate reasonable interests in quantitative privacy, we did little more. In this Article, we begin to address that omission by focusing on the legitimate governmental and law enforcement interests at stake in preventing, detecting, and prosecuting cyber-harassment and healthcare fraud
Improving Information Alignment and Distributed Coordination for Secure Information Supply Chains
Industries are constantly striving to incorporate the latest technology systems into their operations so that they can maintain a competitive edge in their respective markets. However, even when they are able to stay up to speed with technological advancement, there continues to be a gap between the workforce skill set and available technologies. Organizations may acquire advanced systems, yet end up spending extended periods of time in the implementation and deployment phases, resulting in lost resources and productivity. The primary focus of this research is on streamlining the implementation and integration of new information technology systems to avoid the dire consequences of the process being prolonged or inefficient. Specifically, the goal of this research is to mitigate business challenges in information sharing and availability for employees and managers interacting with business tools and each other. This was accomplished by first interviewing work professionals in order to identify gap parameters. Based on the interview findings, recommendations were made in order to enhance the usability of existing tools. At this point, the research setting was shifted from network operations to supply chain operations due to the restrictive nature of network operations. The research team succeeded in developing a user-centered methodology to implement and deploy new business systems to mitigate risk during integration of new systems as the transition is made from the classic way of performing tasks. While this methodology was studied in supply chain operations, it enabled the identification of a common trend of challenges in operations work settings, regardless of the business application. Hence the findings of this research can be extrapolated to any business setting, besides the ones actually studied by the team. In addition, this research ensures that operational teams are able to maximize their benefit out of the technology available, thus enabling them to keep up with the rapidly evolving world of technology while minimizing sacrifices in resources or productivity in the process
A Storm in an IoT Cup: The Emergence of Cyber-Physical Social Machines
The concept of social machines is increasingly being used to characterise
various socio-cognitive spaces on the Web. Social machines are human
collectives using networked digital technology which initiate real-world
processes and activities including human communication, interactions and
knowledge creation. As such, they continuously emerge and fade on the Web. The
relationship between humans and machines is made more complex by the adoption
of Internet of Things (IoT) sensors and devices. The scale, automation,
continuous sensing, and actuation capabilities of these devices add an extra
dimension to the relationship between humans and machines making it difficult
to understand their evolution at either the systemic or the conceptual level.
This article describes these new socio-technical systems, which we term
Cyber-Physical Social Machines, through different exemplars, and considers the
associated challenges of security and privacy.Comment: 14 pages, 4 figure
Adversarial behaviours knowledge area
The technological advancements witnessed by our society in recent decades have brought
improvements in our quality of life, but they have also created a number of opportunities for
attackers to cause harm. Before the Internet revolution, most crime and malicious activity
generally required a victim and a perpetrator to come into physical contact, and this limited
the reach that malicious parties had. Technology has removed the need for physical contact
to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attacker’s motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio
- …