Seven C’s of Information Security

The 1991 United States Federal Sentencing Guidelines for Organizations (updated in 2004) describes legal requirements for organizations’ ethical business procedures. We adapt this framework for the purpose of developing a high-level “Seven C’s” framework for ethically-responsible information security (InfoSec) procedures. Informed by the Resource Based View (RBV) of strategic management, we analyze case studies of two organizations to demonstrate the adapted guidelines’ applicability. Each organization has a well-established InfoSec program, yet each requires further development according to guidelines in our Seven C’s model. We discuss implications for InfoSec policies and standards

Exploring Incentives and Challenges for Cybersecurity Intelligence Sharing (CIS) across Organizations: A Systematic Review

Cybersecurity intelligence sharing (CIS) has gained significance as an organizational function to protect critical information assets, manage cybersecurity risks, and improve cybersecurity operations. However, few studies have synthesized accumulated scholarly knowledge on CIS practices across disciplines. Synthesizing the pertinent literature through a structured literature review, we investigated the incentives and challenges that influence organizations around adopting CIS practices. We used the overarching TOE framework to categorize these factors and propose a theoretical framework to establish common ground for future studies. We also developed a holistic and inclusive definition for cybersecurity intelligence that we present in the paper. We found 46 papers on CIS in different disciplines and analyzed them to answer our research questions. We identified 35 factors that we classified according to the TOE framework. With this paper, we facilitate further theory development by overviewing theories that researchers can use as a basis for CIS studies, suggesting future directions, providing a reference source, and developing a reference CIS framework for IS scholars

D:A4.1 Socio-economic impact assessment

The executive summary ends with six concise recommendations for facilitating more accountability for data management in cloud ecosystems: 1. Provide a stronger legal base for and enforcement of data protection and accountable behavior; 2. Facilitate independent auditing of responsible data stewardship; 3. Increase public awareness of the need for accountability; 4. Balance existing information asymmetries via partnerships; 5. Focus on larger enterprises working in the public sector first, as these can serve as an example for other types of businesses; 6. Demonstrate how A4Cloud tools and mechanisms can be turned into a business model in order to encourage greater uptake and use

Remedying Security Concerns at an Internet Scale

The state of security across the Internet is poor, and it has been so since the advent of the modern Internet. While the research community has made tremendous progress over the years in learning how to design and build secure computer systems, network protocols, and algorithms, we are far from a world where we can truly trust the security of deployed Internet systems. In reality, we may never reach such a world. Security concerns continue to be identified at scale through-out the software ecosystem, with thousands of vulnerabilities discovered each year. Meanwhile, attacks have become ever more frequent and consequential.As Internet systems will continue to be inevitably affected by newly found security concerns, the research community must develop more effective ways to remedy these issues. To that end, in this dissertation, we conduct extensive empirical measurements to understand how remediation occurs in practice for Internet systems, and explore methods for spurring improved remediation behavior. This dissertation provides a treatment of the complete remediation life cycle, investigating the creation, dissemination, and deployment of remedies. We start by focusing on security patches that address vulnerabilities, and analyze at scale their creation process, characteristics of the resulting fixes, and how these impact vulnerability remediation. We then investigate and systematize how administrators of Internet systems deploy software updates which patch vulnerabilities across the many machines they manage on behalf of organizations. Finally, we conduct the first systematic exploration of Internet-scale outreach efforts to disseminate information about security concerns and their remedies to system administrators, with an aim of driving their remediation decisions. Our results show that such outreach campaigns can effectively galvanize positive reactions.Improving remediation, particularly at scale, is challenging, as the problem space exhibits many dimensions beyond traditional computer technical considerations, including human, social, organizational, economic, and policy facets. To make meaningful progress, this work uses a diversity of empirical methods, from software data mining to user studies to Internet-wide network measurements, to systematically collect and evaluate large-scale datasets. Ultimately, this dissertation establishes broad empirical grounding on security remediation in practice today, as well as new approaches for improved remediation at an Internet scale

Social Barriers to Entry: Liquefied Natural Gas Import Terminals in the US from 2000 to 2013

Management scholars recognize the uncertainties and challenges during the market entry process that can impede operational startup. However, very little empirical research exists to fully understand these challenges and explain firm responses. Even less attention has been paid to the threats from non-market actors and the countering strategies employed by firms. Hence, this thesis explores firm reactions to community contestation, as a form of social barrier to entry that can prevent the firm from exploiting market opportunities. Specifically, I consider the strategic implications of firms’ rhetorical responses to community contestation during the market entry process. For this thesis, U.S. liquefied natural gas (LNG) industry (2000–2013) is an appropriate context because only 26 out of the 59 proposed LNG import terminals could even get to the regulatory approval stage. Regulatory success, defined as the gain of regulatory approval in a relatively short amount of time compared to other competing proposals, was a necessary precursor for achieving operational startup and implementing the market entry strategy. The regulatory success of many proposals was threatened by extensive negative media attention due to sustained community contestation, forcing the Federal regulatory agencies to carry out an extensive and time-consuming evaluation in order to project an image of fairness. Firms had to employ rhetorical strategies to publicly counter the community contestation but were not equally successful. Using fuzzy-set Qualitative Comparative Analysis (fsQCA), I identify four rhetorical strategies associated with the regulatory success. I find that a demonstrable community need enables an avoidance rhetorical strategy whereby firms try to sail through the regulatory process without catching public attention, especially when the design disadvantages of their proposals risk being exposed. When community need is not demonstrable but contestation levels are high, firms implement counterattack rhetorical strategies to undermine any community contestation, at times directly targeting the firm’s detractors, and not just the issues they raised. By conceiving of community contestation as a social barrier to entry and showing how it can be mitigated using rhetorical strategies, my study contributes to the literatures on rhetoric, firm entry, and non-market strategies at the community level

On Unstable Ground: Issues Involved in Greening Space in the Rocinha Favela of Rio De Janeiro

This paper is based on fieldwork undertaken in conjunction with Green My Favela, a land use restoration project that works with informal and vulnerable income sector residents to reclaim chronically degraded public areas by creating gardens inside the urban favelas of Rio de Janeiro, Brazil. The paper reveals how government intervention policies employed in the lead up to the 2016 Olympics are destabilizing the fragile social fabric of the city’s largest favela, Rocinha, through military occupation and urbanization activities that threaten an already low and unstable human security threshold

On Unstable Ground: Issues Involved in Greening Space in the Rocinha Favela of Rio De Janeiro

This paper is based on fieldwork undertaken in conjunction with Green My Favela, a land use restoration project that works with informal and vulnerable income sector residents to reclaim chronically degraded public areas by creating gardens inside the urban favelas of Rio de Janeiro, Brazil. The paper reveals how government intervention policies employed in the lead up to the 2016 Olympics are destabilizing the fragile social fabric of the city’s largest favela, Rocinha, through military occupation and urbanization activities that threaten an already low and unstable human security threshold

Social networking and dental care: State of the art and analysis of the impact on dentists, dental practices and their patients

Health Social networking sites offering search, reviews and recommendation are gaining popularity. This paper reviews the most popular social networking sites related to dental care. Social networks such as DrOogle and Yelp enable their users to review and rate their dentists and dental practices. Such information is then used to rank and recommend dentists or dental practices to new users/patients. This paper compares the dental care social networking sites in terms of their features and criteria supported for search, reviews and recommendations of dentists or dental practices. Mismatches between features and criteria among different dental care reviews sites are identified, which may cause inconsistency in the recommendations in the dental care. Therefore, this paper proposes a new framework for dynamic dental care recommendation system which takes both local (personalised) and global (crowdsourced) trust into account. It analyses the impact of current social networks on dentists, dental practices and their patients. Finally, it identifies the open issues and challenges that need to be addressed to design a trustworthy recommendation system for both the dental professionals and their patients

Rational Cybersecurity for Business

Use the guidance in this comprehensive field guide to gain the support of your top executives for aligning a rational cybersecurity plan with your business. You will learn how to improve working relationships with stakeholders in complex digital businesses, IT, and development environments. You will know how to prioritize your security program, and motivate and retain your team. Misalignment between security and your business can start at the top at the C-suite or happen at the line of business, IT, development, or user level. It has a corrosive effect on any security project it touches. But it does not have to be like this. Author Dan Blum presents valuable lessons learned from interviews with over 70 security and business leaders. You will discover how to successfully solve issues related to: risk management, operational security, privacy protection, hybrid cloud management, security culture and user awareness, and communication challenges. This open access book presents six priority areas to focus on to maximize the effectiveness of your cybersecurity program: risk management, control baseline, security culture, IT rationalization, access control, and cyber-resilience. Common challenges and good practices are provided for businesses of different types and sizes. And more than 50 specific keys to alignment are included. What You Will Learn Improve your security culture: clarify security-related roles, communicate effectively to businesspeople, and hire, motivate, or retain outstanding security staff by creating a sense of efficacy Develop a consistent accountability model, information risk taxonomy, and risk management framework Adopt a security and risk governance model consistent with your business structure or culture, manage policy, and optimize security budgeting within the larger business unit and CIO organization IT spend Tailor a control baseline to your organization’s maturity level, regulatory requirements, scale, circumstances, and critical assets Help CIOs, Chief Digital Officers, and other executives to develop an IT strategy for curating cloud solutions and reducing shadow IT, building up DevSecOps and Disciplined Agile, and more Balance access control and accountability approaches, leverage modern digital identity standards to improve digital relationships, and provide data governance and privacy-enhancing capabilities Plan for cyber-resilience: work with the SOC, IT, business groups, and external sources to coordinate incident response and to recover from outages and come back stronger Integrate your learnings from this book into a quick-hitting rational cybersecurity success plan Who This Book Is For Chief Information Security Officers (CISOs) and other heads of security, security directors and managers, security architects and project leads, and other team members providing security leadership to your busines