ОСОБЛИВОСТІ СПІВІСНУВАННЯ ЛЮДИНИ ТА ДЕРЖАВИ У СФЕРІ КІБЕРБЕЗПЕКИ: ЄДНІСТЬ ЧИ ПРОТИЛЕЖНІСТЬ?

Публікацію присвячено з’ясуванню питання місця держави та громадянина-користувача у кіберпросторі. Розглядаються два протилежних підходи, кожний з яких базується на позиціях первинності держави або людини у питання кібербезпеки. Наводяться аргументи прихильників обох підходів і робиться висновок про ефективність їхньої діалектичної взаємодії з метою покращення ефективності кібербезпекових заходів

АНАЛІЗ ЧИННИКІВ, ЯКІ ВПЛИВАЮТЬ НА КІБЕРБЕЗПЕКУ ВИЩОГО ВІЙСЬКОВОГО НАВЧАЛЬНОГО ЗАКЛАДУ

The impact of the development and dissemination of information and communication technologies (ICT) in higher military educational institutions (HMEI) is considered in the article, as on the one hand, it increases its efficiency and promotes the training of highly qualified personnel (tactical, operational and strategic level of military education) for the Security Sector and defense of Ukraine, which is extremely necessary in the case of armed aggression by the Russian Federation, and on the other hand, it makes its information space vulnerable to cyberattacks, which the issue of cybersecurity of HMEI raises. At the same time, the author focuses on the analysis of cyber-attacks on educational institutions in recent years, which are due to the development of methods (means) of their implementation and wide access to them by various users, including attackers. In addition, Distributed Denial of Service (DDoS) cyber-attack is the most common cyber threat to international educational institutions, according to an analytical report by Netscout (a developer of ICT solutions to combat DDoS cyberattacks in the United States). It has been analyzed that criminals have recently used DDoS cyberattacks to extort money. Moreover, DDoS cyberattacks were aimed at banks, stock exchanges, travel agencies, currency exchanges and educational institutions. Therefore, the cybersecurity of HMEI needs constant attention from the participants of its provision. In addition, the analysis shows that the cybersecurity of any university is influenced by external and internal factors, which confirm the relevance of the chosen area of research. Therefore, the cybersecurity of HMEI requires an analysis of the factors that affect it, in order to choose the best option for its implementation. Accordingly, the essence and main features of the impact of factors on the cybersecurity of HMEI are identified and their characteristics are presented. The influence of factors on the cybersecurity of HMEI has been decomposed, in particular on the interdependence and criticality of their impact. The necessity of taking into account and constant monitoring of the influence of external and internal factors on the cybersecurity of HMEI is substantiated, which allows to get situational awareness of the current state of cybersecurity and to make appropriate decisions to the management.У статті розглянуто вплив розвитку та поширення інформаційно-комунікаційних технологій (ІКТ) у вищому військовому навчальному закладі (ВВНЗ), оскільки з одного боку – підвищує ефективність його функціонування та сприяє підготовці висококваліфікованих кадрів (тактичного, оперативного та стратегічного рівня військової освіти) для Сектору безпеки і оборони України, що є вкрай необхідним в умовах протистояння збройній агресії Російської Федерації, а з іншого – робить вразливим його інформаційний простір до кібератак, що актуалізує проблемне питання забезпечення кібербезпеки ВВНЗ. При цьому, автор зосереджує увагу на аналізі кібератак на заклади освіти останніх років, які обумовлені розвитком методів (засобів) їх виконання та широким доступом до них різних користувачів, зокрема зловмисників. До того ж визначено, що розподілена кібератака на відмову в обслуговуванні (Distributed Denial of Service – DDoS) є найпоширенішою кіберзагрозою міжнародних освітніх закладів, що відображено в аналітичному звіті компанії Netscout (компанія розробник ІКТ рішень для протидії DDoS кібератакам – США). Проаналізовано, що останнім часом зловмисники використовують DDoS кібератаки з метою вимагання грошей. При чому DDoS кібератаки були спрямовані, як на банки, фондові біржі, туристичні агентства, валютні біржі, так і на заклади освіти. Тому, кібербезпека ВВНЗ потребує постійної уваги з боку учасників її забезпечення. Окрім того, проведений аналіз свідчить, що на кібербезпеку будь-якого ВВНЗ впливають зовнішні та внутрішні чинники, що підтверджує актуальність обраного напряму дослідження. У зв’язку з цим кібербезпека ВВНЗ вимагає аналізу чинників, які на неї впливають, з метою вибору кращого варіанту її реалізації. Відповідно у статті визначено сутність та основні особливості впливу чинників на кібербезпеку ВВНЗ та наведено їх характеристику. Зроблено декомпозицію впливу чинників на кібербезпеку ВВНЗ, зокрема за взаємозалежністю та критичністю їх впливу. Обґрунтовано необхідність врахування та постійного моніторингу впливу зовнішніх та внутрішніх чинників на кібербезпеку ВВНЗ, що дає змогу отримати ситуаційну обізнаність сучасного стану кібербезпеки та прийняти керівництву відповідні рішення

Gender Differences in Information Security Perceptions and Behaviour

Information security is of universal concern to computer users from all walks of life. Though gender differences in technology adoption are well researched, scant attention has been devoted to the study of gender differences in information security. We address this research gap by investigating how information security perceptions and behaviours vary between genders in a study involving 624 home users. The results reveal that females exhibit significantly lower overall levels of security behaviour than males. Furthermore, individual perceptions and behaviours in many cases also vary by gender. Our work provides evidence that gender effects should be considered when formulating information security education, training, and awareness initiatives. It also provides a foundation for future work to explore information security gender differences more deeply

Risk and Demographics’ Influence on Security Behavior Intentions

Behavioral information security has become an important aspect of information security. In this study, we extend previous works on developing a comprehensive tool to measure security behaviors (i.e. Security Behavior Intentions scale - SeBIS(Egelman & Peer, 2015)). We extend the work on SeBIS by 1) proposing the use of security domain-specific risk as opposed to a generic risk measure, 2) investigating differences in SeBIS across age, gender, education and experience, and 3) providing suggestions for improving SeBIS measures. Survey results from our study provide support for security risk - device securement relationship, a previously unsupported link. We also uncover the role of demographics in influencing SeBIS. Overall, our study contributes to, and further establishes SeBIS as a predictive tool for measuring security behaviors. doi:10.17705/3JSIS.0001

Evidence of personality traits on phishing attack menace among selected university undergraduates in Nigerian

Access ease, mobility, portability, and improved speed have continued to ease the adoption of computing devices; while, consequently proliferating phishing attacks. These, in turn, have created mixed feelings in increased adoption and nosedived users’ trust level of devices. The study recruited 480-students, who were exposed to socially-engineered attack directives. Attacks were designed toretrieve personal dataand entice participants to access compromised links. Wesought to determine the risks of cybercrimes among the undergraduates in selected Nigerian universities, observe students’ responses and explore their attitudes before/after each attack. Participants were primed to remain vigilant to all forms of scams as WE sought to investigate attacks’ influence on gender, students’ status, and age to perceived safety on susceptibility to phishing. Results show that contrary to public beliefs, age, status, and gender were not among the factors associated with scam susceptibility and vulnerability rates of the participants. However, the study reports decreased user trust levels in the adoption of these new, mobile computing devices

The impact of a Canadian financial cybercrime prevention campaign on clients’ sense of security

The purpose of this study was to evaluate the impact of a cybercrime prevention campaign that was run by a Canadian financial institution. More specifically, we examined how participants/clients perceived the financial institution’s initiative to inform them about cybercrimes. The study also explored whether or not the campaign had the desired effect, which was to reinforce the clients’ sense of security. This campaign took place on October 2018 and 1452 adults (831 males and 621 females) participated in the online web survey. The results indicated that the prevention campaign had been positively perceived by most of the respondents (93.2%). However, only a low percentage of individuals (18%) had seen the poster/campaign prior to the completion of the survey while the majority (82%) accessed the prevention campaign’s components during the survey. Further analysis has shown no gender differences in participants’ responses. In general, participants felt that the campaign has increased their sense of security, especially among older individuals (55 years old and over). Most participants have expressed an interest in receiving more information on cybercrime and how to take actions on protecting one’s self. Results suggest that it would be advisable to conduct targeted prevention campaigns in order to reach out to as many people as possible. Discussion also includes practical recommendations based on the results and the review of the literature

How to increase ethical awareness in cybersecurity decision-making

Cybersecurity technologies offer secure channels to enable the confidentiality, integrity, and availability of data and services. Human factors; e.g. demographics, personality traits, and human values, which are linked with greater cybersecurity vulnerabilities, have drawn less attention. It is important to understand how to increase ethical awareness for cybersecurity professionals via training. This ethical awareness helps professionals make better moral judgments prior to final decisions and reduces the risk of unexpected human implications. To sensitise players to five cybersecurity ethical principles (beneficence, non-maleficence, justice, autonomy, and explicability), we created a serious game. This game allows players to explore multiple cybersecurity scenarios based on these five cybersecurity ethical principles. Although the analysis does not support the claim that the game increased ethical awareness in general, it did help promote better ethical understanding in some cases where players advanced from providing non-ethical to ethical justifications in a cybersecurity scenario after playing the game

Biztonságtudatosság a kibertérben – a 2020-as országos lakossági felmérés eredményei

Aim: The goal of this study is to present the importance of cybersecurity in the present-day Hungarian society and to show how social demographic factors and certain aspects of security awareness influence this. This goal is achieved by presenting the results of the national survey conducted in 2020 by the National Cyber Security Center.Methodology: This paper presents the findings of the Hungarian survey conducted among the population. By processing, analysing and comparing the results of the survey with the relevant literature, it presents a summary regarding security awareness and safety habits.Findings: After evaluating the completed questionnaires, among many things, it can be stated that regarding gender distribution males are more likely to read the latest IT news and update their password regularly. These habits are also considerably more favourable for those having a higher education. Because of security reasons the members of the older generation are the ones who are among the first to do updates, and to utilize systems and applications that do this automatically. According to this survey females share less personal information about themselves which could be used to create a fake profile.Value: The evaluation and analysis of the survey conducted by the National Cyber Security Center can be considered a true value, and is an essential basis for similar surveys in the future, for improving the national cybersecurity strategy, and for developing interventions and action plans for achieving the specified goals of this strategy.Cél: A tanulmány célja, hogy a Nemzeti Kibervédelmi Intézet által 2020- ban országosan végzett lakossági kérdőív eredményein keresztül bemutassa, milyen jelentőséggel bír a kiberbiztonság a mai magyar társadalomban, miként befolyásolják azt szociodemográfiai tényezők és a biztonságtudatosság egyes elemei.Módszertan: A dolgozat a Magyarországon végzett lakossági felmérés eredményeinek, a témában megjelent szakirodalomnak a feldolgozásával, elemzésével, összevetésével összegzi a vizsgálat célját képező biztonságtudatosságot, biztonsági szokásokat.Megállapítások: A kitöltött kérdőívek feldolgozását követően többek között megállapítható, hogy a nemek eloszlása tekintetében inkább a férfiakra jellemző a legfrissebb IT-hírek olvasása, a jelszavak rendszeres frissítése, amely szokást a magasabb iskolai végzettség is jelentősen befolyásolt. Az idősebb generáció képviselői biztonsági okokból elsők között végeznek frissítéseket, veszik igénybe az ezirányú automatikus rendszereket, alkalmazásokat. A női felhasználók pedig – jelen felmérés tükrében – kevesebb olyan információt osztanak meg magukról, amelyek révén hamis profilt lehetne róluk készíteni.Érték: A Nemzeti Kibervédelmi Intézet által kivitelezett felmérés kiértékelése, elemzése valódi érték, nélkülözhetetlen alapja a jövőbeni hasonló témájú felméréseknek és a nemzeti kiberbiztonsági stratégia fejlesztésének, illetve annak céljaihoz illeszkedő beavatkozások és akciótervek kidolgozásának

Differences in IT Security Behavior and Knowledge of Private Users in Germany

The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) offers advice and recommendations for private users on how to behave securely. Based on these recommendations we investigate the IT security knowledge and behavior of private users with a representative study of the German population (N = 1.219). Additionally, we analyze the role of socio-demographic factors (gender, age, education, political orientation) for security knowledge and behavior. Results show that German private users have only moderate IT security knowledge and behavior, with aspects as gender, age, education and political orientation partly having an influence. Men, higher educated and politically moderately oriented participants show higher security knowledge, whereas young people and those less knowledgeable about security behave less security-conscious. Additionally, security knowledge and behavior correlate moderately. Therefore, to increase private users’ IT security we suggest to increase education and training especially for users being young, politically right-wing or female