252 research outputs found
Overcoming Data Breaches and Human Factors in Minimizing Threats to Cyber-Security Ecosystems
This mixed-methods study focused on the internal human factors responsible for data breaches that could cause adverse impacts on organizations. Based on the Swiss cheese theory, the study was designed to examine preventative measures that managers could implement to minimize potential data breaches resulting from internal employees\u27 behaviors. The purpose of this study was to provide insight to managers about developing strategies that could prevent data breaches from cyber-threats by focusing on the specific internal human factors responsible for data breaches, the root causes, and the preventive measures that could minimize threats from internal employees. Data were collected from 10 managers and 12 employees from the business sector, and 5 government managers in Ivory Coast, Africa. The mixed methodology focused on the why and who using the phenomenological approach, consisting of a survey, face-to-face interviews using open-ended questions, and a questionnaire to extract the experiences and perceptions of the participants about preventing the adverse consequences from cyber-threats. The results indicated the importance of top managers to be committed to a coordinated, continuous effort throughout the organization to ensure cyber security awareness, training, and compliance of security policies and procedures, as well as implementing and upgrading software designed to detect and prevent data breaches both internally and externally. The findings of this study could contribute to social change by educating managers about preventing data breaches who in turn may implement information accessibility without retribution. Protecting confidential data is a major concern because one data breach could impact many people as well as jeopardize the viability of the entire organization
U.S. strategic cyber deterrence options
The U.S. government appears incapable of creating an adequate strategy to alter the
behavior of the wide variety of malicious actors seeking to inflict harm or damage through
cyberspace. This thesis provides a systematic analysis of contemporary deterrence
strategies and offers the U.S. the strategic option of active cyber defense designed for
continuous cybered conflict. It examines the methods and motivations of the wide array of
malicious actors operating in the cyber domain. The thesis explores how the theories of
strategy and deterrence underpin the creation of strategic deterrence options and what role
deterrence plays with respect to strategies, as a subset, a backup, an element of one or another
strategic choice. It looks at what the government and industry are doing to convince
malicious actors that their attacks will fail and that risk of consequences exists. The thesis
finds that contemporary deterrence strategies of retaliation, denial and entanglement lack
the conditions of capability, credibility, and communications that are necessary to change
the behavior of malicious actors in cyberspace. This research offers a midrange theory of
active cyber defense as a way to compensate for these failings through internal systemic
resilience and tailored disruption capacities that both frustrate and punish the wide range of
malicious actors regardless of origin or intentions. The thesis shows how active cyber defense
is technically capable and legally viable as an alternative strategy in the U.S. to strengthen
the deterrence of cyber attacks
The effects of security protocols on cybercrime at Ahmadu Bello University, Zaria, Nigeria.
Masters Degree. University of KwaZulu-Natal, Durban.The use of Information Communication Technology (ICT) within the educational
sector is increasing rapidly. University systems are becoming increasingly
dependent on computerized information systems (CIS) in order to carry out their
daily routine. Moreover, CIS no longer process staff records and financial data
only, as they once did. Nowadays, universities use CIS to assist in automating
the overall system. This automation includes the use of multiple databases, data
detail periodicity (i.e. gender, race/ethnicity, enrollment, degrees granted, and
program major), record identification (e.g. social security number ‘SSN’), linking
to other databases (i.e. linking unit record data with external databases such as
university and employment data).
The increasing demand and exposure to Internet resources and infrastructure by
individuals and universities have made IT infrastructure easy targets for
cybercriminals who employ sophisticated attacks such as Advanced Persistent
Threats, Distributed Denial of Service attacks and Botnets in order to steal
confidential data, identities of individuals and money. Hence, in order to stay in
business, universities realise that it is imperative to secure vital Information
Systems from easily being exploited by emerging and existing forms of
cybercrimes. This study was conducted to determine and evaluate the various
forms of cybercrimes and their consequences on the university network at
Ahmadu Bello University, Zaria. The study was also aimed at proposing means
of mitigating cybercrimes and their effects on the university network. Hence, an
exploratory research design supported by qualitative research approach was
used in this study. Staff of the Institute of Computing, Information and
Communication technology (ICICT) were interviewed. The findings of the study
present different security measures, and security tools that can be used to
effectively mitigate cybercrimes. It was found that social engineering, denial of
service attacks, website defacement were among the types of cybercrimes
occurring on the university network. It is therefore recommended that behavioural
approach in a form of motivation of staff behaviour, salary increases, and cash
incentive to reduce cybercrime perpetrated by these staff
A model for security incident response in the South African National Research and Education network
This dissertation addresses the problem of a lack of a formal incident response capability in the South African National Research and Education Network (SA NREN). While investigating alternatives it was found that no clear method exists to solve this problem. Therefore, a second problem is identified: the lack of a definitive method for establishing a Computer Security Incident Response Team (CSIRT) or Computer Emergency Response Team (CERT) in general. Solving the second problem is important as we then have a means of knowing how to start when building a CSIRT. This will set the basis for addressing the initial problem, resulting in a prepared, improved and coordinated response to IT security incidents affecting the SANREN. To commence, the requirements for establishing a CSIRT are identified via a comprehensive literature review. These requirements are categorized into five areas, namely, the basic business requirements followed by the four Ps of the IT Infrastructure Library (ITIL). That is, People, Processes, Product and Partners, adapted to suit the CSIRT context. Through the use of argumentation, the relationships between the areas are uncovered and explored. Thereafter, a Design Science Research-based process is utilised to develop a generic model for establishing a CSIRT. The model is based on the interactions uncovered between the business requirements and the adapted four Ps. These are summarised through two views -- strategic and tactical -- together forming an holistic model for establishing a CSIRT. The model highlights the decisions required for the business requirements, services, team model and staff, policies and processes, tools and technologies, and partners of a CSIRT respectively. Finally, to address the primary objective, the generic model is applied to the SANREN environment. Thus, the second artefact is an instantiation, a specific model, which can be implemented to create a CSIRT for the SA NREN. To produce the specific model, insight into the nature of the SANREN environment was required. The status quo was revealed through the use of a survey and argumentative analysis of the results. The specific decisions in each area required to establish an SA NREN CSIRT are explored throughout the development of the model. The result is a comprehensive framework for implementing a CSIRT in the SA NREN, detailing the decisions required in each of the areas. This model additionally acts as a demonstration of the utility of the generic model. The implications of this research are twofold. Firstly, the generic model is useful as a basis for anyone wanting to establish a CSIRT. It helps to ensure that all factors are considered and that no important decisions are neglected, thereby enabling an holistic view. Secondly, the specific model for the SA NREN CSIRT serves as a foundation for implementing the CSIRT going forward. It accelerates the process by addressing the important considerations and highlighting the concerns that must be addressed while establishing the CSIRT
SPARC 2018 Internationalisation and collaboration : Salford postgraduate annual research conference book of abstracts
Welcome to the Book of Abstracts for the 2018 SPARC conference. This year we not only celebrate the work of our PGRs but also the launch of our Doctoral School, which makes this year’s conference extra special. Once again we have received a tremendous contribution from our postgraduate research community; with over 100 presenters, the conference truly showcases a vibrant PGR community at Salford. These abstracts provide a taster of the research strengths of their works, and provide delegates with a reference point for networking and initiating critical debate. With such wide-ranging topics being showcased, we encourage you to take up this great opportunity to engage with researchers working in different subject areas from your own. To meet global challenges, high impact research inevitably requires interdisciplinary collaboration. This is recognised by all major research funders. Therefore engaging with the work of others and forging collaborations across subject areas is an essential skill for the next generation of researchers
- …