Fear and perceived likelihood of victimization in the traditional and cyber settings

This study considers the influence of perceived likelihood, demographics (gender and education) and personality on fear of victimization and cyber-victimization using a survey design (N=159). The results suggest that perceived likelihood of victimization predicts fear of victimization in traditional contexts. Women tend to be more fearful of victimization in traditional and cyber contexts, confirming previous research. No group differences emerged in relation to education. Self-esteem and self-efficacy were not significant predictors of fear or perceived likelihood of victimization. However, perceived likelihood was a significant predictor of fear of victimization in traditional settings. This may suggest that different variables (such as awareness of vulnerability) may play a role in fear of victimization in cyber settings. Further group comparisons revealed that fear of victimization and cybervictimization depended on whether or not participants reported high or low perceived likelihood of victimization and internet use. Higher internet use was associated with greater fear of victimization, especially in combination with greater perceived likelihood of victimization. This may suggest an exposure effect, in that being online more frequently may also increase awareness of cyber incidents

Why We Cannot (Yet) Ensure the Cybersecurity of Safety-Critical Systems

There is a growing threat to the cyber-security of safety-critical systems. The introduction of Commercial Off The Shelf (COTS) software, including Linux, specialist VOIP applications and Satellite Based Augmentation Systems across the aviation, maritime, rail and power-generation infrastructures has created common, vulnerabilities. In consequence, more people now possess the technical skills required to identify and exploit vulnerabilities in safety-critical systems. Arguably for the first time there is the potential for cross-modal attacks leading to future ‘cyber storms’. This situation is compounded by the failure of public-private partnerships to establish the cyber-security of safety critical applications. The fiscal crisis has prevented governments from attracting and retaining competent regulators at the intersection of safety and cyber-security. In particular, we argue that superficial similarities between safety and security have led to security policies that cannot be implemented in safety-critical systems. Existing office-based security standards, such as the ISO27k series, cannot easily be integrated with standards such as IEC61508 or ISO26262. Hybrid standards such as IEC 62443 lack credible validation. There is an urgent need to move beyond high-level policies and address the more detailed engineering challenges that threaten the cyber-security of safety-critical systems. In particular, we consider the ways in which cyber-security concerns undermine traditional forms of safety engineering, for example by invalidating conventional forms of risk assessment. We also summarise the ways in which safety concerns frustrate the deployment of conventional mechanisms for cyber-security, including intrusion detection systems

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions

Two theoretical dimensions of the cyber hate crime

The impact and relationship between technologies and society establish the development of certain adaptive models, based on coexistence (Human-information-Machine), as well as several behavioral and cognitive changes of the human being, and new models of influence and social control through ubiquitous communication. which is the basis of a new social units called "virtual communities". The rupture of social norms that accompanies rapid social change, and subsequently the appearance of sub-cultural values establishes gaining status of participation in criminal activities, the components of social unites in general conform to social norms by social ties. the individuals or groups see themselves unfairly disadvantaged compared to other similar individuals, within physical-cybernetic ecosystem environment, which supports the interconnection and transformation of social phenomenon of digital dimension, with several implications in cyber hate crime. Thereby establishing the theoretical basis for further research looking which social vulnerability, identify the trajectory of the massive vector of impact "Information", which is a component of social cybernetics from the following three dimensions: (P) Propagation - (R) Replica - (C) Control called the "Cyber Hate Crime Pathway" that links hate crimes within the cyber-physical ecosystem, and where different types of social vulnerability are established. This study incorporates an epistemology approach of the relation between social and cybernetic theories, that will allow establishing a scientific base for future research in the field of new phenomena that will continue to appear within the Physical-Cybernetic ecosystem. It will also allow the contributions and implications to science derived from the product of this research establish a global holistic field applied to criminal justice system, academic and the new entities of social cybernetic

Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

Most of the actions that fall under the trilogy of cyber crime, terrorism,and war exploit pre-existing weaknesses in the underlying technology.Because these vulnerabilities that exist in the network are not themselvesillegal, they tend to be overlooked in the debate on cyber security. A UKreport on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cyber crime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal day-to-day expenditures for the Government, businesses, and individuals. This article contends if these costs had been quantified and integrated into the cost of cyber crime, then the analysis would have revealed that what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to exploit them. By downplaying the vulnerabilities, the threats represented by cyber war, cyber terrorism, and cyber crime are conversely inflated. Therefore, reassessing risk as a strategy for security in cyberspace must include acknowledgment of understated vulnerabilities, as well as a better distributed knowledge about the nature and character of the overhyped threats of cyber crime, cyber terrorism, and cyber war

Is the responsibilization of the cyber security risk reasonable and judicious?

Cyber criminals appear to be plying their trade without much hindrance. Home computer users are particularly vulnerable to attack by an increasingly sophisticated and globally dispersed hacker group. The smartphone era has exacerbated the situation, offering hackers even more attack surfaces to exploit. It might not be entirely coincidental that cyber crime has mushroomed in parallel with governments pursuing a neoliberalist agenda. This agenda has a strong drive towards individualizing risk i.e. advising citizens how to take care of themselves, and then leaving them to face the consequences if they choose not to follow the advice. In effect, citizens are “responsibilized .” Whereas responsibilization is effective for some risks, the responsibilization of cyber security is, we believe, contributing to the global success of cyber attacks. There is, consequently, a case to be made for governments taking a more active role than the mere provision of advice, which is the case in many countries. We conclude with a concrete proposal for a risk regulation regime that would more effectively mitigate and ameliorate cyber risk

Hackers as terrorists? Why it doesn't compute

The bulk of this article is concerned with showing why computer hackers and terrorists are unlikely to form an unholy alliance to engage in so-called cyberterrorism. The remainder of the paper examines why neither hacktivists nor crackers fall easily into the cyberterrorist category eithe

Usability and Trust in Information Systems

The need for people to protect themselves and their assets is as old as humankind. People's physical safety and their possessions have always been at risk from deliberate attack or accidental damage. The advance of information technology means that many individuals, as well as corporations, have an additional range of physical (equipment) and electronic (data) assets that are at risk. Furthermore, the increased number and types of interactions in cyberspace has enabled new forms of attack on people and their possessions. Consider grooming of minors in chat-rooms, or Nigerian email cons: minors were targeted by paedophiles before the creation of chat-rooms, and Nigerian criminals sent the same letters by physical mail or fax before there was email. But the technology has decreased the cost of many types of attacks, or the degree of risk for the attackers. At the same time, cyberspace is still new to many people, which means they do not understand risks, or recognise the signs of an attack, as readily as they might in the physical world. The IT industry has developed a plethora of security mechanisms, which could be used to mitigate risks or make attacks significantly more difficult. Currently, many people are either not aware of these mechanisms, or are unable or unwilling or to use them. Security experts have taken to portraying people as "the weakest link" in their efforts to deploy effective security [e.g. Schneier, 2000]. However, recent research has revealed at least some of the problem may be that security mechanisms are hard to use, or be ineffective. The review summarises current research on the usability of security mechanisms, and discusses options for increasing their usability and effectiveness