Criminal Futures

This book explores how predictive policing transforms police work. Police departments around the world have started to use data-driven applications to produce crime forecasts and intervene into the future through targeted prevention measures. Based on three years of field research in Germany and Switzerland, this book provides a theoretically sophisticated and empirically detailed account of how the police produce and act upon criminal futures as part of their everyday work practices. The authors argue that predictive policing must not be analyzed as an isolated technological artifact, but as part of a larger sociotechnical system that is embedded in organizational structures and occupational cultures. The book highlights how, for crime prediction software to come to matter and play a role in more efficient and targeted police work, several translation processes are needed to align human and nonhuman actors across different divisions of police work. Police work is a key function for the production and maintenance of public order, but it can also discriminate, exclude, and violate civil liberties and human rights. When criminal futures come into being in the form of algorithmically produced risk estimates, this can have wide-ranging consequences. Building on empirical findings, the book presents a number of practical recommendations for the prudent use of algorithmic analysis tools in police work that will speak to the protection of civil liberties and human rights as much as they will speak to the professional needs of police organizations. An accessible and compelling read, this book will appeal to students and scholars of criminology, sociology, and cultural studies as well as to police practitioners and civil liberties advocates, in addition to all those who are interested in how to implement reasonable forms of data-driven policing

CAESAR8: an agile enterprise architecture approach to managing information security risks in business change projects

Implementing an Enterprise Architecture (EA) should enable organizations to increase the accuracy of information security risk assessments. Studies show that EAs provide an holistic perspective that improves information security risk management (ISRM). However, many organizations have been unable or unwilling to fully implement EA frameworks. The requirements for implementation of an EA can be unclear, the full benefits of many commercial frameworks is uncertain and the overheads of creating and maintaining EA artifacts considered unacceptable, especially for organizations following agile business change programs or having limited resource. Following the Design Science Research methodology, this thesis describes a comprehensive and multidisciplinary approach to design a new model that can be used for the dynamic and holistic reviews of information security risks in business change projects. The model incorporates five novel design principles that are independent of any existing EA framework, security standard or maturity model. This new model is called CAESAR8 - Continuous Agile Enterprise Security Architecture Review in 8 domains. CAESAR8 incorporates key ISRM success factors that have been determined from root cause analysis of information security failures. Combining systems thinking with agile values and lean concepts into the design has ensured that the impact of a change is considered holistically and continuously, prioritizing the EA process over the creation of EA artifacts. Inclusion of human behavioral-science has allowed the capture of diverse and often tacit knowledge held by different stakeholders impacted by a business change, whilst avoiding the dangers of groupthink. CAESAR8’s presentation of the results provides an impactive and easy-to-interpret metric that is designed to be shared with senior business executives to improve intervention decisions. This thesis demonstrates how CAESAR8 has been developed into a working prototype and presents case studies that describe the model in operation. A diverse group of experts were given access to a working IT prototype for a hands-on evaluation of CAESAR8. An analysis of their findings confirms the model’s novel scientific contribution to ISRM

B-GOOD: Giving Beekeeping Guidance by cOmputatiOnal-assisted Decision making

A key to healthy beekeeping is the Health Status Index (HIS) inspired by EFSA’s Healthy-B toolbox which we will make fully operational, with the active collaboration of beekeepers, by facilitating the coordinated and harmonised flow of data from various sources and by testing and validating each component thoroughly. We envisage a step-by-step expansion of participating apiaries, and will eventually cover all EU biogeographic regions. The key to a sustainable beekeeping is a better understanding of its socio-economics, particularly within local value chains, its relationship with bee health and the human-ecosystem equilibrium of the beekeeping sector and to implement these insights into the data processing and decision making. We will fully integrate socio-economic analyses, identify viable business models tailored to different contexts for European beekeeping and determine the carrying capacity of the landscape. In close cooperation with the EU Bee Partnership, an EU-wide bee health and management data platform and affiliated project website will be created to enable sharing of knowledge and learning between scientists and stakeholders within and outside the consortium. We will utilise and further expand the classification of the open source IT-application for digital beekeeping, BEEP, to streamline the flow of data related to beekeeping management, the beehive and its environment (landscape, agricultural practices, weather and climate) from various sources. The dynamic bee health and management data platform will allow us to identify correlative relationships among factors impacting the HSI, assess the risk of emerging pests and predators, and enable beekeepers to develop adaptive management strategies that account for local and EU-wide issues. Reinforcing and establishing, where necessary, new multi-actor networks of collaboration will engender a lasting learning and innovation system to ensure social-ecological resilient and sustainable beekeeping

Exploring the cybercrime capacity and capability of local law enforcement agencies in the United States

2021 Fall.Includes bibliographical references.The relentless pace of technological innovation has changed how people communicate, interact, and conduct business, creating new pathways and opportunities for people to commit crimes or engage in harmful behavior via the internet or digitally networked devices. Cybercrime is rapidly scaling up, leading many to predict that it will become the next significant global crisis (Krebs, 2021; Viswanathan & Volz, 2021; Zakaria, 2021). In the United States, local law enforcement agencies and their personnel stand at the frontlines of the cybercrime problem (Police Executive Research Forum, 2014). This dissertation project was inspired by several calls to action to explore and evaluate how law enforcement agencies are responding to the cybercrime problem (Holt & Bossler, 2014; Ngo & Jaishankar, 2017). The research conducted in this project aligns with and extends a small body of exploratory and evaluative research focusing on local law enforcement agencies and cybercrime (for example Harkin et al., 2018; Monaghan, 2020; Nowacki & Willits, 2016). By utilizing a mixed methods research design consisting of a survey and series of qualitative interviews this project helped address the research question: What is the current cybercrime capacity and capability of local law enforcement agencies in the United States? Findings from this project advance our knowledge about the cybercrime capacity and capability of local law enforcement agencies and contribute to strengthening law enforcement practice, policy, and future research. In total, 925 county and municipal agencies participated in this research project through a survey instrument called the Cybercrime Capacity and Capability Questionnaire (CCCQ©), with 855 agencies providing data usable for analysis. Additionally, 23 individuals representing 23 distinct agencies, who previously participated in the CCCQ, also participated in a series of semi-structured qualitative interviews. Multiple findings and recommendations were derived as a result of the participation by these agencies and individuals in this project. Several findings from this project aligned with or validated findings and recommendations from other recent studies (for example Harkin et al., 2018). Among the key findings from this project are that the cybercrime capacity and capability of local law enforcement agencies is deficient, despite trends at the local law enforcement agency level to allocate more resources to the cybercrime problem. This deficiency is noted both by response patterns on the CCCQ© and through comments supplied during the qualitative interviews. Lack of financial and personnel resources, especially technologically skilled and competent personnel, limited and/or outdated technological infrastructure, and problems leveraging partnerships and obtaining cooperation from private sector organizations are just a few of the challenges hampering the development of a more robust local law enforcement cybercrime capacity and capability. Results and insights from this research also illuminate the dynamic process of developing cybercrime capacity and capability. Result from this project indicate that caution should be exercised before assuming that cybercrime capacity and capability are solely a function of agency size. While this project substantiates other research that shows larger agencies are more likely to have cybercrime units, and also tend to have more resources, personnel, and equipment for cybercrime investigations, they do not necessarily have greater cybercrime capacity or capability. Cybercrime case volume appears to impact cybercrime capacity and capability such that large local law enforcement agencies, despite specialized cybercrime units and more resources allocated to cybercrime, may not be better off in managing cybercrime incidents or responding to cybercrime related issues than midsize and smaller local agencies. Personnel at larger agencies, despite having dedicated cybercrime units, more resources, and better equipment, may be at higher risk of burnout and other issues as a result. In short, extremely high cybercrime case volumes may undermine the capacity and capability of even the most robustly developed specialized cybercrime units, as well as the best equipped and resourced agencies. Given the pace at which the cybercrime problem is growing, this is a troubling finding. This project also highlights that cybercrime capacity and capability cannot be understood without accounting for the critical differences that external forces and contextual factors produce on local law enforcement agencies that, in turn, impact how those agencies function and adapt to new issues and challenges. For example, qualitative data from this project help us to understand the connections between the defund the police movement and the COVID-19 pandemic, both of which appear to be undermining the capacity and capability of local law enforcement agencies, and thus negatively impacting their cybercrime capacity and capability. As a result, cybercrime administrators and personnel at local law enforcement agencies in the U.S. may be experiencing similar challenges to their peers abroad (see Harkin et al. 2018). A number of directions for future research, improvement of the CCCQ©, and recommendations for improving police practice and policy such as developing uniform, and operationalizable cybercrime best practices and strengthening private sector compliance with law enforcement agency requests for data are also provided

Framework for Security Transparency in Cloud Computing

The migration of sensitive data and applications from the on-premise data centre to a cloud environment increases cyber risks to users, mainly because the cloud environment is managed and maintained by a third-party. In particular, the partial surrender of sensitive data and application to a cloud environment creates numerous concerns that are related to a lack of security transparency. Security transparency involves the disclosure of information by cloud service providers about the security measures being put in place to protect assets and meet the expectations of customers. It establishes trust in service relationship between cloud service providers and customers, and without evidence of continuous transparency, trust and confidence are affected and are likely to hinder extensive usage of cloud services. Also, insufficient security transparency is considered as an added level of risk and increases the difficulty of demonstrating conformance to customer requirements and ensuring that the cloud service providers adequately implement security obligations. The research community have acknowledged the pressing need to address security transparency concerns, and although technical aspects for ensuring security and privacy have been researched widely, the focus on security transparency is still scarce. The relatively few literature mostly approach the issue of security transparency from cloud providers’ perspective, while other works have contributed feasible techniques for comparison and selection of cloud service providers using metrics such as transparency and trustworthiness. However, there is still a shortage of research that focuses on improving security transparency from cloud users’ point of view. In particular, there is still a gap in the literature that (i) dissects security transparency from the lens of conceptual knowledge up to implementation from organizational and technical perspectives and; (ii) support continuous transparency by enabling the vetting and probing of cloud service providers’ conformity to specific customer requirements. The significant growth in moving business to the cloud – due to its scalability and perceived effectiveness – underlines the dire need for research in this area. This thesis presents a framework that comprises the core conceptual elements that constitute security transparency in cloud computing. It contributes to the knowledge domain of security transparency in cloud computing by proposing the following. Firstly, the research analyses the basics of cloud security transparency by exploring the notion and foundational concepts that constitute security transparency. Secondly, it proposes a framework which integrates various concepts from requirement engineering domain and an accompanying process that could be followed to implement the framework. The framework and its process provide an essential set of conceptual ideas, activities and steps that can be followed at an organizational level to attain security transparency, which are based on the principles of industry standards and best practices. Thirdly, for ensuring continuous transparency, the thesis proposes an essential tool that supports the collection and assessment of evidence from cloud providers, including the establishment of remedial actions for redressing deficiencies in cloud provider practices. The tool serves as a supplementary component of the proposed framework that enables continuous inspection of how predefined customer requirements are being satisfied. The thesis also validates the proposed security transparency framework and tool in terms of validity, applicability, adaptability, and acceptability using two different case studies. Feedbacks are collected from stakeholders and analysed using essential criteria such as ease of use, relevance, usability, etc. The result of the analysis illustrates the validity and acceptability of both the framework and tool in enhancing security transparency in a real-world environment

A resilience glossary shaped by context: Reviewing resilience-related terms for critical infrastructures

We present a comprehensive resilience glossary, comprising a set of 93 definitions of resilience-related terms used in the context of critical infrastructures. The definition and use of many of these terms, as well as the term resilience itself, shows an enormous variability in the literature. Therefore, we draw from the diverse pool of published definitions, integrate multiple contrasting views, compare the individual terms, and provide references to adjoining or contesting views, to create a clear resilience terminology. This terminology outlines a specific understanding of resilience which supports the effective assessment and management of the resilience of critical infrastructures. The two central elements of this understanding are that (1) resilience is the ability of a system to deal with the impacts of unspecific and possibly unforeseen disruptive events, and that (2) this ability comprises three pillar capacities whose quality can be extracted from performance curves

Exploring the challenges and opportunities of image processing and sensor fusion in autonomous vehicles: A comprehensive review

Autonomous vehicles are at the forefront of future transportation solutions, but their success hinges on reliable perception. This review paper surveys image processing and sensor fusion techniques vital for ensuring vehicle safety and efficiency. The paper focuses on object detection, recognition, tracking, and scene comprehension via computer vision and machine learning methodologies. In addition, the paper explores challenges within the field, such as robustness in adverse weather conditions, the demand for real-time processing, and the integration of complex sensor data. Furthermore, we examine localization techniques specific to autonomous vehicles. The results show that while substantial progress has been made in each subfield, there are persistent limitations. These include a shortage of comprehensive large-scale testing, the absence of diverse and robust datasets, and occasional inaccuracies in certain studies. These issues impede the seamless deployment of this technology in real-world scenarios. This comprehensive literature review contributes to a deeper understanding of the current state and future directions of image processing and sensor fusion in autonomous vehicles, aiding researchers and practitioners in advancing the development of reliable autonomous driving systems

Mission-Critical Communications from LMR to 5G: a Technology Assessment approach for Smart City scenarios

Radiocommunication networks are one of the main support tools of agencies that carry out actions in Public Protection & Disaster Relief (PPDR), and it is necessary to update these communications technologies from narrowband to broadband and integrated to information technologies to have an effective action before society. Understanding that this problem includes, besides the technical aspects, issues related to the social context to which these systems are inserted, this study aims to construct scenarios, using several sources of information, that helps the managers of the PPDR agencies in the technological decisionmaking process of the Digital Transformation of Mission-Critical Communication considering Smart City scenarios, guided by the methods and approaches of Technological Assessment (TA).As redes de radiocomunicações são uma das principais ferramentas de apoio dos órgãos que realizam ações de Proteção Pública e Socorro em desastres, sendo necessário atualizar essas tecnologias de comunicação de banda estreita para banda larga, e integra- las às tecnologias de informação, para se ter uma atuação efetiva perante a sociedade . Entendendo que esse problema inclui, além dos aspectos técnicos, questões relacionadas ao contexto social ao qual esses sistemas estão inseridos, este estudo tem por objetivo a construção de cenários, utilizando diversas fontes de informação que auxiliem os gestores destas agências na tomada de decisão tecnológica que envolve a transformação digital da Comunicação de Missão Crítica considerando cenários de Cidades Inteligentes, guiado pelos métodos e abordagens de Avaliação Tecnológica (TA)

Connecting the Dots in Trustworthy Artificial Intelligence: From AI Principles, Ethics, and Key Requirements to Responsible AI Systems and Regulation

Trustworthy Artificial Intelligence (AI) is based on seven technical requirements sustained over three main pillars that should be met throughout the system's entire life cycle: it should be (1) lawful, (2) ethical, and (3) robust, both from a technical and a social perspective. However, attaining truly trustworthy AI concerns a wider vision that comprises the trustworthiness of all processes and actors that are part of the system's life cycle, and considers previous aspects from different lenses. A more holistic vision contemplates four essential axes: the global principles for ethical use and development of AI-based systems, a philosophical take on AI ethics, a risk-based approach to AI regulation, and the mentioned pillars and requirements. The seven requirements (human agency and oversight; robustness and safety; privacy and data governance; transparency; diversity, non-discrimination and fairness; societal and environmental wellbeing; and accountability) are analyzed from a triple perspective: What each requirement for trustworthy AI is, Why it is needed, and How each requirement can be implemented in practice. On the other hand, a practical approach to implement trustworthy AI systems allows defining the concept of responsibility of AI-based systems facing the law, through a given auditing process. Therefore, a responsible AI system is the resulting notion we introduce in this work, and a concept of utmost necessity that can be realized through auditing processes, subject to the challenges posed by the use of regulatory sandboxes. Our multidisciplinary vision of trustworthy AI culminates in a debate on the diverging views published lately about the future of AI. Our reflections in this matter conclude that regulation is a key for reaching a consensus among these views, and that trustworthy and responsible AI systems will be crucial for the present and future of our society.Comment: 30 pages, 5 figures, under second revie

Proposal of a set of Key Performance Indicators for the environmental assessment of Higher Education Institutions

Tesis por compendioHigher Education Institutions (HEIs) should be lighthouses for society. Therefore, they must have an exemplary behavior in all sustainability areas: economy, social and environment. The environmental awareness of the educational community - student, professors, researchers, staff and managers - has increased considerably in the first decades of this century. The Environmental Management Systems (EMS), either ISO certified or EMAS verified, have gained popularity in HEIs seeking for a better disclosure of their environmental behavior and the improvement of their environmental performance. Due to the structure of HEIs, the EMS has difficulties when being incorporated into the overall management system. To respond in real time to the changes that occur as a result of the environmental performance of the HEI, a better integration of the environmental assessment in the overall management system is needed. In this research, several methodologies and tools have been tested trying to improve the interaction between the environmental behavior and the general management system of the HEI. Reporting tools like the Global Reporting Initiative (GRI) and the Sustainability Tracking, Assessment & Rating System¿ (STARS®) have proven to be useful to report sustainable behavior to specialize stakeholder. However, their intricacy make them difficult to used directly in the everyday management or as a disclosure tool. The aggregated indicators like the ecological footprint have proven to be useful to communicate the environmental performance on a comprehensive way although with restrictions in the assessment. The Life Cycle Assessment (LCA) and its recently launched adaptation of the LCA for Organizations (O-LCA) also allows to describe and evaluate the environmental impact of these institutions. However, the complexity of performing this type of assessment and the high requirements of quality data not always available have become a handicap. This research analyzes the complexity of HEIs and the particularities of these tools and methodologies to propose a set of Key Performance Indicators (KPIs) for the environmental assessment of these organizations. The Universitat Politècnica de València (UPV), specially one of its environmental units (EPSA), is used as a case study. As a result, a methodology to define the most suitable environmental KPIs for a HEI is presented. The methodology considers a life cycle approach with an operational control as a consolidation method. The environmental management system is used as the main data provider. The information managed by the accounting system has been explored and a classification method has been proposed to use the accounting system as a complementary source of quality data. The methodology has been applied to the case study defining 7 environmental KPIs that assess the most significant environmental impacts of EPSA UPV and can be easily integrated in the current general management system of a HEI.Las instituciones de educación superior (IES) deben ser faros para la sociedad. Deben tener un comportamiento ejemplar en todas las áreas de sostenibilidad: economía, sociedad y medio ambiente. La conciencia ambiental de la comunidad educativa - estudiantes, profesores, investigadores, personal y gestores - ha aumentado considerablemente en las primeras décadas de este siglo. Los sistemas de gestión ambiental (SGA), ya sea certificados por ISO o por EMAS, han ganado popularidad en las IES buscando la divulgación de su comportamiento y la mejora de su rendimiento medioambiental. Debido a la estructura de las IES, el SGA tiene dificultades para incorporarse en su sistema de gestión general. Para responder en tiempo real a los cambios que se produzcan como resultado del desempeño ambiental de la IES, se necesita una mejor integración de la evaluación ambiental en el sistema de gestión general. En esta investigación se han evaluado varías metodologías y herramientas buscando la mejora de la interacción entre el desempeño ambiental, la sociedad y el sistema de gestión de la IES. Las herramientas de información como la Iniciativa de Informes Globales (GRI, Global Reporting Initiatives) y el Sistema de Seguimiento, Evaluación y Calificación de Sostenibilidad (STARS®) han demostrado ser útiles para reportar un comportamiento sostenible a los actores e interesados especializados. Sin embargo, su complejidad hace que sea difícil de utilizar directamente en la gestión cotidiana y como herramienta de divulgación. Los indicadores agregados, como la huella ecológica, han demostrado ser útiles para comunicar el desempeño ambiental, aunque presentan restricciones. El Análisis de Ciclo de Vida (ACV) y su adaptación recientemente lanzada del ACV para Organizaciones también permite describir y evaluar el impacto ambiental de estas instituciones salvando las restricciones. Sin embargo, la complejidad de realizar este tipo de estudios se ha convertido en una desventaja. Los Indicadores Clave de Desempeño (KPI, Key Performance Indicators) surgen como alternativa aunando precisión con flexibilidad para informar sobre la situación ambiental de la organización y servir como herramienta en la toma de decisiones. El objetivo de este trabajo es definir un conjunto de Indicadores Clave de Desempeño (KPI) que permitan optimizar el desempeño ambiental de las IES. Esta tesis analiza la complejidad de las IES y las particularidades de los indicadores, las herramientas y las metodologías aplicadas en IES. La Universitat Politècnica de València (UPV), en particular una de sus unidades medioambientales, la Escuela Politècnica Superior de Alcoy (EPSA), ha sido utiliza como caso de estudio. Como resultado, se propone una metodología para definir los KPI ambientales más adecuados para una IES. La metodología considera un enfoque de ciclo de vida con un control operativo como método de consolidación o agregación de la información. El SGA se utiliza como principal proveedor de datos. Se explora también la información gestionada por el sistema contable. Se propone una clasificación y un método para utilizar el sistema contable como fuente complementaria de datos de calidad para la evaluación del comportamiento ambiental. La metodología propuesta se ha aplicado al caso de estudio proporcionando siete KPI ambientales que evalúan los impactos ambientales más significativos de la EPSA UPV y que pueden integrarse fácilmente en el actual sistema de gestión general de una IES.Les institucions d'educació superior (IES) han de ser fars per a la societat. Han de tindre un comportament exemplar en totes les àrees de sostenibilitat: economia, societat i medi ambient. La consciència ambiental de la comunitat educativa -estudiants, professors, investigadors, personal i gestors- han augmentat considerablement en les primeres dècades d'aquest segle. Els sistemes de gestió ambiental (SGA), ja siguen certificats per ISO o per EMAS, han guanyat popularitat en les IES buscant la divulgació del seu comportament i la millora del seu rendiment mediambiental. A causa de l'estructura de les IES, el SGA té dificultats per a incorporar-se al seu sistema de gestió general. Per tal de respondre en temps real als canvis que es produïsquen com a resultat de l'acompliment ambiental de l'IES, es necessita una millor integració de l'avaluació ambiental en el sistema de gestió general. En aquesta recerca s'han avaluat diverses metodologies i eines cercant la millora de la interacció entre l'acompliment ambiental, la societat i el sistema de gestió de l'IES. Les eines d'informació, com ara la Iniciativa d'Informes Globals (GRI, Global Reporting Initiatives) i el Sistema de Seguiment, Avaluació i Qualificació de la sostenibilitat (STARS®) han demostrat ser útils per a reportar un comportament sostenible als actors i interessats especialitzats. No obstant això, la seua complexitat fa que siga difícil d'utilitzar directament en la gestió quotidiana i com a eina de divulgació. Els indicadors agregats, com l'empremta ecològica, han demostrat ser útils per a comunicar l'acompliment ambiental, encara que presenten restriccions. L'Anàlisi de Cicle de Vida (ACV) i la seua adaptació llançada recentment de l'ACV per a Organitzacions també permet descriure i avaluar l'impacte ambiental d'aquestes institucions salvant les restriccions. No obstant això, la complexitat de realitzar aquesta mena d'estudis s'ha convertit en un desavantatge. Els indicadors clau d'acompliment (KPI, Key Performance Indicators) sorgeixen com a alternativa conjuminant precisió amb flexibilitat per a informar sobre la situació ambiental de l'organització i servir com a eina en la presa de decisions. L'objectiu d'aquest treball és definir un conjunt d'indicadors clau d'acompliment (KPI) que possibiliten optimitzar l'acompliment ambiental de les IES. Aquesta tesi analitza la complexitat de les IES i les particularitats dels indicadors, les eines i les metodologies aplicades en IES. La Universitat Politècnica de València (UPV), particularment una de les seues unitats mediambientals, l'Escola Politècnica Superior d'Alcoi (EPSA), ha estat utilitzada com a cas d'estudi. Com a resultat, es proposa una metodologia per a de definir els KPI ambientals més adequats per a una IES. La metodologia considera un enfocament de cicle de vida amb un control operatiu com a mètode de consolidació o agregació de la informació. El SGA s'utilitza com a principal proveïdor de dades. S'explora també la informació gestionada pel sistema comptable. Es proposa una classificació i un mètode per a utilitzar el sistema comptable com a font complementària de dades de qualitat per a l'avaluació del comportament ambiental. La metodologia proposada s'ha aplicat al cas d'estudi proporcionant set KPI ambientals que avaluen els impactes ambientals més significatius de l'EPSA UPV i que poden integrar-se fàcilment en l'actual sistema de gestió general d'una IES.Lo Iacono Ferreira, VG. (2017). Proposal of a set of Key Performance Indicators for the environmental assessment of Higher Education Institutions [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/88907TESISCompendi