COMPETENCE-BASED MODEL FOR SECURING THE IN-TERNET OF THINGS IN ORGANIZATIONS

The next generation in computing transcends the paradigm of traditional desktop and client-server ar-chitectures. IT products and solutions of the third platform, specifically in the scope of the Internet of Things (IoT) raise new security threats and vulnerabilities, suggesting that a set of competences is needed for any IoT product or service, regarding information security. The knowledge of that set of skills allows top managers to properly assess current organizational competences against future re-quirements, allowing proper business realignment. The paper at hand aims to contribute to the topic state of the art both at academic and practical level by developing a Competence-based Model for Securing the Internet of Things. The construction of the Model aims to define and develop organizational competence, specifically in the context of organiza-tions that are IoT service providers. The model, to be developed and empirically tested using the Design Science Paradigm, will be based on an existing model that defines competence from a strategic management perspective using Resource Based View theory, strategic management theory and the concept of collective mind as heedful interre-lating

Risks associated with Logistics 4.0 and their minimization using Blockchain

Currently we are saying that we are at the dawn of the fourth revolution, which is marked by using cyber-physical systems and the Internet of Things. This is marked as Industry 4.0 (I4.0). With Industry 4.0 is also closely linked concept Logistics 4.0. The highly dynamic and uncertain logistic markets and huge logistic networks require new methods, products and services. The concept of the Internet of Things and Services (IoT&S), Big Data/Data Mining (DM), cloud computing, 3D printing, Blockchain and cyber physical system (CPS) etc. seem to be the probable technical solution for that. However, associated risks hamper its implementation and lack a comprehensive overview. In response, the paper proposes a framework of risks in the context of Logistics 4.0. They are here economic risks, that are associated e.g. with high or false investments. From a social perspective, risks the job losses, are considered too. Additionally, risks can be associated with technical risks, e.g. technical integration, information technology (IT)-related risks such as data security, and legal and political risks, such as for instance unsolved legal clarity in terms of data possession. It is therefore necessary to know the potential risks in the implementation process.Web of Science101857

ONLINE KUPNJA I (NE)MOGUĆNOSTI ZAŠTITE PRIVATNOSTI U INTERNET BANKARSKOM POSLOVANJU

We live in the society of World Wide Web, smart mobile devices and social networking, where an individual can be monitored and his current location can be identified. Each of those new-developed technologies are associated with a set of privacy issues. Firstly, those technologies enable people to be monitored and tracked, so various information about specific technology users can be collected. Secondly, collected information about users can be stored, merged and analyzed at any time. Finally, they enable further dissemination and publication in endlessly varied forms. If those technologies are misused many privacy violations can occur. Privacy can be seen as an individual right. Since individuals differ, the definition of privacy as well as the invasion of privacy will mean different things to different people. The aim of empirical research described in this paper was to investigate individual’s attitude toward privacy issues when shopping online and/or when using Internet banking services. Furthermore, we wanted to investigate the relationships between different factors that can influence user’s online privacy perception. The research results have shown that there is a connection between respondents’ privacy perception and their concerns about information that are collected during their online activity. There is also a connection between respondents’ privacy perception and their concerns about how government and current regulations protect their privacy.Živimo u društvu koje karakterizira upotreba World Wide Weba, pametnih mobilnih uređaja i društvenih mreža, gdje pojedinac može biti nadziran te može biti određena njegova trenutna lokacija. Svaku od ovih novorazvijenih tehnogija prate različiti problemi vezani uz privatnost. Prvo, ove tehnologije omogućavaju da pojedinci budu nadzirani i praćeni pa se na taj način može prikupiti puno informacija o korisnicima određene tehnologije. Drugo, tako prikupljene informacije mogu biti pohranjene, kombinirane te analizirane u bilo koje vrijeme. Na kraju, ove tehnologije omogućavaju daljnje širenje i publikaciju informacija u raznim oblicima. Ukoliko se navedene tehnologije zlobupotrijebe može doći do različitih oblika povrede privatnosti korisnika. Privatnost se može definirati kao osnovno ljudsko pravo. Pošto se pojedinci međusobno razlikuju tako se i shvaćanje pojma privatnosti, ali i povrede privatnosti može razlikovati od pojedinca do pojedinca. Cilj empirijskog istraživanja prezentiranog u ovom radu bio je ispitati stavove ispitanika vezano uz pitanja o njihovoj zabrinutosti za privatnost prilikom korištenja usluga kupovanja/plaćanja robe putem Interneta (online kupnje) i/ili Internet bankarstva. Nadalje, željeli smo ispitati odnose između različitih činitelja koji mogu imati utjecaj na korisnikovu percepciju online privatnosti. Rezultati istraživanja pokazuju da postoji veza između percepcije ispitanika vezano za njegovu online privatnost i njegove zabrinutosti za količinu informacija koje se prikupljaju o njemu prilikom njegove online aktivnosti. Također postoji pozitivna veza ispitanikove percepcije online privatnosti i njegove percepcije postojećih pravnih okvira vezanih uz zaštitu privatnosti osobnih podataka

Systematically assessing the competence level of digital evidence handling

Norway is among the most digitalized countries in the world. For ex-ample, more than 91% of the citizens use mobile phones, and even more than 98% have access to the Internet. Hence, almost all kinds of criminal cases inves-tigated by the Norwegian police include digital evidence. Within the police or-ganization, various roles and responsibilities exist, ranging from first responders arriving and securing crime scenes, to police investigators, analysts, forensic sci-entists, and prosecutors. They will all need to handle digital evidence according to their work tasks. Available skilled personnel with education in digital forensics accounted for only 2% of the available personnel in 2018. To assess the skill level of first responders in securing digital evidence at crime scenes, derive knowledge needs and recommend adequate training, we conducted a large-scale field study. This paper presents our methodology in detail, comprising i) a theoretical com-petency assessment and ii) a practical test. Our findings indicate deficiencies in the examination phase of digital evidence, and there are indications that a digital evidence verification system is missing before the evidence is presented in court. Further findings are discussed in this paper before we propose several activities for decision makers to implement and to improve digital competence and digital understanding for personnel in law enforcement agencies

Agile Software Development: The Straight and Narrow Path to Secure Software?

In this article, we contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken care of in an agile context. The interviews indicate that small and medium-sized agile software development organizations do not use any particular methodology to achieve security goals, even when their software is web-facing and potential targets of attack, and our case study confirms that even in cases where security is an articulated requirement, and where security design is fed as input to the implementation team, there is no guarantee that the end result meets the security objectives. We contend that security must be built as an intrinsic software property and emphasize the need for security awareness throughout the whole software development lifecycle. We suggest two extensions to agile methodologies that may contribute to ensuring focus on security during the complete lifecycleacceptedVersionpublishedVersio

Cyber Infrastructure Protection: Vol. III

Despite leaps in technological advancements made in computing system hardware and software areas, we still hear about massive cyberattacks that result in enormous data losses. Cyberattacks in 2015 included: sophisticated attacks that targeted Ashley Madison, the U.S. Office of Personnel Management (OPM), the White House, and Anthem; and in 2014, cyberattacks were directed at Sony Pictures Entertainment, Home Depot, J.P. Morgan Chase, a German steel factory, a South Korean nuclear plant, eBay, and others. These attacks and many others highlight the continued vulnerability of various cyber infrastructures and the critical need for strong cyber infrastructure protection (CIP). This book addresses critical issues in cybersecurity. Topics discussed include: a cooperative international deterrence capability as an essential tool in cybersecurity; an estimation of the costs of cybercrime; the impact of prosecuting spammers on fraud and malware contained in email spam; cybersecurity and privacy in smart cities; smart cities demand smart security; and, a smart grid vulnerability assessment using national testbed networks.https://press.armywarcollege.edu/monographs/1412/thumbnail.jp

Litigating Data Sovereignty

Because the internet is so thoroughly global, nearly every aspect of internet governance has an extraterritorial effect. This is evident in a number of high-profile cases that cover a wide range of subjects, including law enforcement access to digital evidence; speech disputes, such as requests to remove offensive or hateful web content; intellectual property disputes; and much more. Although substantively distinct, these issues present courts with the same jurisdictional challenge: how to ensure one state’s sovereign interest in regulating the internet’s local effects without infringing on other states’ interests

ONLINE KUPNJA I (NE)MOGUĆNOSTI ZAŠTITE PRIVATNOSTI U INTERNET BANKARSKOM POSLOVANJU

We live in the society of World Wide Web, smart mobile devices and social networking, where an individual can be monitored and his current location can be identified. Each of those new-developed technologies are associated with a set of privacy issues. Firstly, those technologies enable people to be monitored and tracked, so various information about specific technology users can be collected. Secondly, collected information about users can be stored, merged and analyzed at any time. Finally, they enable further dissemination and publication in endlessly varied forms. If those technologies are misused many privacy violations can occur. Privacy can be seen as an individual right. Since individuals differ, the definition of privacy as well as the invasion of privacy will mean different things to different people. The aim of empirical research described in this paper was to investigate individual’s attitude toward privacy issues when shopping online and/or when using Internet banking services. Furthermore, we wanted to investigate the relationships between different factors that can influence user’s online privacy perception. The research results have shown that there is a connection between respondents’ privacy perception and their concerns about information that are collected during their online activity. There is also a connection between respondents’ privacy perception and their concerns about how government and current regulations protect their privacy.Živimo u društvu koje karakterizira upotreba World Wide Weba, pametnih mobilnih uređaja i društvenih mreža, gdje pojedinac može biti nadziran te može biti određena njegova trenutna lokacija. Svaku od ovih novorazvijenih tehnogija prate različiti problemi vezani uz privatnost. Prvo, ove tehnologije omogućavaju da pojedinci budu nadzirani i praćeni pa se na taj način može prikupiti puno informacija o korisnicima određene tehnologije. Drugo, tako prikupljene informacije mogu biti pohranjene, kombinirane te analizirane u bilo koje vrijeme. Na kraju, ove tehnologije omogućavaju daljnje širenje i publikaciju informacija u raznim oblicima. Ukoliko se navedene tehnologije zlobupotrijebe može doći do različitih oblika povrede privatnosti korisnika. Privatnost se može definirati kao osnovno ljudsko pravo. Pošto se pojedinci međusobno razlikuju tako se i shvaćanje pojma privatnosti, ali i povrede privatnosti može razlikovati od pojedinca do pojedinca. Cilj empirijskog istraživanja prezentiranog u ovom radu bio je ispitati stavove ispitanika vezano uz pitanja o njihovoj zabrinutosti za privatnost prilikom korištenja usluga kupovanja/plaćanja robe putem Interneta (online kupnje) i/ili Internet bankarstva. Nadalje, željeli smo ispitati odnose između različitih činitelja koji mogu imati utjecaj na korisnikovu percepciju online privatnosti. Rezultati istraživanja pokazuju da postoji veza između percepcije ispitanika vezano za njegovu online privatnost i njegove zabrinutosti za količinu informacija koje se prikupljaju o njemu prilikom njegove online aktivnosti. Također postoji pozitivna veza ispitanikove percepcije online privatnosti i njegove percepcije postojećih pravnih okvira vezanih uz zaštitu privatnosti osobnih podataka

On Security and Privacy for Networked Information Society : Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes

Our society has developed into a networked information society, in which all aspects of human life are interconnected via the Internet — the backbone through which a significant part of communications traffic is routed. This makes the Internet arguably the most important piece of critical infrastructure in the world. Securing Internet communications for everyone using it is extremely important, as the continuing growth of the networked information society relies upon fast, reliable and secure communications. A prominent threat to the security and privacy of Internet users is mass surveillance of Internet communications. The methods and tools used to implement mass surveillance capabilities on the Internet pose a danger to the security of all communications, not just the intended targets. When we continue to further build the networked information upon the unreliable foundation of the Internet we encounter increasingly complex problems,which are the main focus of this dissertation. As the reliance on communication technology grows in a society, so does the importance of information security. At this stage, information security issues become separated from the purely technological domain and begin to affect everyone in society. The approach taken in this thesis is therefore both technical and socio-technical. The research presented in this PhD thesis builds security in to the networked information society and provides parameters for further development of a safe and secure networked information society. This is achieved by proposing improvements on a multitude of layers. In the technical domain we present an efficient design flow for secure embedded devices that use cryptographic primitives in a resource-constrained environment, examine and analyze threats to biometric passport and electronic voting systems, observe techniques used to conduct mass Internet surveillance, and analyze the security of Finnish web user passwords. In the socio-technical domain we examine surveillance and how it affects the citizens of a networked information society, study methods for delivering efficient security education, examine what is essential security knowledge for citizens, advocate mastery over surveillance data by the targeted citizens in the networked information society, and examine the concept of forced trust that permeates all topics examined in this work.Yhteiskunta, jossa elämme, on muovautunut teknologian kehityksen myötä todelliseksi tietoyhteiskunnaksi. Monet verkottuneen tietoyhteiskunnan osa-alueet ovat kokeneet muutoksen tämän kehityksen seurauksena. Tämän muutoksen keskiössä on Internet: maailmanlaajuinen tietoverkko, joka mahdollistaa verkottuneiden laitteiden keskenäisen viestinnän ennennäkemättömässä mittakaavassa. Internet on muovautunut ehkä keskeisimmäksi osaksi globaalia viestintäinfrastruktuuria, ja siksi myös globaalin viestinnän turvaaminen korostuu tulevaisuudessa yhä enemmän. Verkottuneen tietoyhteiskunnan kasvu ja kehitys edellyttävät vakaan, turvallisen ja nopean viestintäjärjestelmän olemassaoloa. Laajamittainen tietoverkkojen joukkovalvonta muodostaa merkittävän uhan tämän järjestelmän vakaudelle ja turvallisuudelle. Verkkovalvonnan toteuttamiseen käytetyt menetelmät ja työkalut eivät vain anna mahdollisuutta tarkastella valvonnan kohteena olevaa viestiliikennettä, vaan myös vaarantavat kaiken Internet-liikenteen ja siitä riippuvaisen toiminnan turvallisuuden. Kun verkottunutta tietoyhteiskuntaa rakennetaan tämän kaltaisia valuvikoja ja haavoittuvuuksia sisältävän järjestelmän varaan, keskeinen uhkatekijä on, että yhteiskunnan ydintoiminnot ovat alttiina ulkopuoliselle vaikuttamiselle. Näiden uhkatekijöiden ja niiden taustalla vaikuttavien mekanismien tarkastelu on tämän väitöskirjatyön keskiössä. Koska työssä on teknisen sisällön lisäksi vahva yhteiskunnallinen elementti, tarkastellaan tiukan teknisen tarkastelun sijaan aihepiirä laajemmin myös yhteiskunnallisesta näkökulmasta. Tässä väitöskirjassa pyritään rakentamaan kokonaiskuvaa verkottuneen tietoyhteiskunnan turvallisuuteen, toimintaan ja vakauteen vaikuttavista tekijöistä, sekä tuomaan esiin uusia ratkaisuja ja avauksia eri näkökulmista. Työn tavoitteena on osaltaan mahdollistaa entistä turvallisemman verkottuneen tietoyhteiskunnan rakentaminen tulevaisuudessa. Teknisestä näkökulmasta työssä esitetään suunnitteluvuo kryptografisia primitiivejä tehokkaasti hyödyntäville rajallisen laskentatehon sulautetuviiille järjestelmille, analysoidaan biometrisiin passeihin, kansainväliseen passijärjestelmään, sekä sähköiseen äänestykseen kohdistuvia uhkia, tarkastellaan joukkovalvontaan käytettyjen tekniikoiden toimintaperiaatteita ja niiden aiheuttamia uhkia, sekä tutkitaan suomalaisten Internet-käyttäjien salasanatottumuksia verkkosovelluksissa. Teknis-yhteiskunnallisesta näkökulmasta työssä tarkastellaan valvonnan teoriaa ja perehdytään siihen, miten valvonta vaikuttaa verkottuneen tietoyhteiskunnan kansalaisiin. Lisäksi kehitetään menetelmiä parempaan tietoturvaopetukseen kaikilla koulutusasteilla, määritellään keskeiset tietoturvatietouden käsitteet, tarkastellaan mahdollisuutta soveltaa tiedon herruuden periaatetta verkottuneen tietoyhteiskunnan kansalaisistaan keräämän tiedon hallintaan ja käyttöön, sekä tutkitaan luottamuksen merkitystä yhteiskunnan ydintoimintojen turvallisuudelle ja toiminnalle, keskittyen erityisesti pakotetun luottamuksen vaikutuksiin