Towards a cyberterrorism life-cycle (CLC) model

Cyberterrorism has emerged as a new threat in the Information and Communication Technology (ICT) landscape. The ease of use, affordability, remote capabilities and access to critical targets makes cyberterrorism a potential threat to cause wide-scale damage. Cyberterrorism is often incorrectly perceived as encompassing all cybercrimes. However, cyberterrorism differs from cybercrime in various ways including motivation, attack goals, techniques and effects. Motivations for cyberterrorism, which is similar to terrorism in general, stem from religious, social and political views. Cyberterrorists generally would seek to have high impact in order to gain publicity for their cause, whereas cybercriminals often prefer to have their acts undetected in order to hide their financial theft, fraud or espionage. Therefore, there are various factors that drive the development of a cyberterrorist. This paper proposes a model for the development of cyberterrorism in order to show the various influential forces. The Cyberterrorism Life-Cycle (CLC) model presented in this paper is composed of five phases: Prepare, Acquaint, Choose, Execute, and Deter (PACED). In addition the paper looks at various factors, including social, practices, objectives, targets and countermeasures, which are mapped onto the PACED phases in order to show the interaction and dynamic nature during the life-cycle development

Optimal IS Security Investment: Cyber Terrorism vs. Common Hacking

Proper investment in information systems security can protect national critical information systems. This research compares the optimal investment decision for organizations to protect themselves from common hackers and from cyber terrorists. A two-stage stochastic game model is proposed to model cyber terrorism activities as well as common hacking activities. The results of our specific simulation indicate that an optimal investment exists for games such as cyber crimes, and that the potential maximum loss to organizations from cyber terrorism is about fifty times more than from common hackers. This research can also be generalized to other practical fields such as financial fraud prevention. To the best of our knowledge, our approach is a novel approach that combines economic theory, deterrence theory, and IS security to explore the cyber terrorism problem

Penilaian tahap kesedaran, keberkesanan dan pematuhan terhadap peraturan penggunaan komputer: kajian kes di Universiti Utara Malaysia / Nor Aziah Abdul Rahman and Abdul Manaf Bohari

Penggunaan teknologi komputer pada masa kini telah menjadi keperluan utama sekaligus menjadi asas penting dalam menggerakan kemajuan sosial ekonomi masyarakat. Dalam konteks pendidikan tinggi khususnya universiti, penggunaan teknologi komputer akan mempertingkatkan nilai tambah kepada proses pembelajaran dan pengajaran termasuklah kualiti pendidikan itu sendiri. Secara khususnya, penggunaan komputer di kalangan pelajar akan membantu dalam menyelesaikan masalah pembelajaran. Dalam pada itu, perkembangan dan kemajuan teknologi berkaitan komputer seperti Internet, perisian, rangkaian, dan sebagainya telah mempertingkatkan kepentingan komputer sebagai medium utama pembelajaran peringkat universiti. Sunggupun demikian, penggunaan komputer disebaliknya berupaya mewujudkan kesan negatif, misalnya penyalahgunaan teknologi Internet akan menyebabkan penyebaran virus, penyebaran maklumat palsu, pornografi, pemalsuan dokumen, pencerobohan dan sebagainya. Untuk itu, kajian ini adalah bertujuan (i) mengenalpasti tahap kesedaran pelajar terhadap kandungan garis panduan penggunaan komputer; (ii) mengenalpasti tahap keberkesanan garis panduan penggunaan komputer terhadap aktiviti penggunaan komputer; dan (iii) menilai tahap pematuhan pelajar terhadap etika penggunaan komputer. Kajian ini dilaksanakan di kalangan pelajar Universiti Utara Malaysia dengan reka bentuk kajian dengan sejumlah 100 responden dipilih di kalangan pelajar melalui kaedah persampelan mudah. Tiga hipotesis akan dibentuk dan diuji. Secara umumnya, hasil kajian menunjukkan bahawa terdapat hubungan yang signifikan antara tahap kesedaran terhadap garis panduan komputer dengan tahap pematuhan terhadap etika penggunaan komputer. Kolerasi yang kuat telah dikenalpasti di antara tahap kesedaran garis panduan penggunaan komputer dengan tahap keberkesanan garis panduan penggunaan komputer. Akhir sekali, cadangan dikemukakan bagi mempertingkatkan amalan baik penggunaan komputer dalam konteks universiti khususnya dalam membantu proses penyelesaian masalah pembelajaran di kalangan para pelajar

Cyber-terrorism and the Counter-Terrorism Act

Partindo de uma análise da doutrina internacional em torno da conceptualização do ciberterrorismo, pretende-se com este artigo aferir se a Lei n.º 52/2003 prevê e pune também esta forma de aparecimento de terrorismo. As inúmeras aceções de ciberterrorismo podem ser reconduzidas a ciberterrorismo em sentido estrito ou ciberterrorismo em sentido amplo. A lei portuguesa, ainda que não tomando uma posição evidente sobre esta distinção, consagra a previsão e punição de ambas as modalidades.Starting from an analysis of the international doctrine on the conceptualization of cyber-terrorism, the aim of this article is to assess whether Law no. 52/2003 also foresees and punishes this form of terrorism. The countless meanings of cyberterrorism may be reconducted to cyberterrorism in a strict sense or cyberterrorism in a broad sense. The Portuguese law, although not taking a clear position on this distinction, foresees and punishes both modalities.info:eu-repo/semantics/publishedVersio

Company policy for electronical business - credit cards

Předložená disertační práce se zabývá problematikou firmy v elektronickém obchodování, která představuje krátkodobé nebo dlouhodobé záměry v oblasti řízení finančních vztahů k vnějšímu okolí, ale i rovněž uvnitř podniku. Je zde rozebrána problematika možného zneužívání platebních karet. Podnětem pro výběr tématu bylo stále častěji se vyskytující padělání a zneužívání platebních karet. Při podrobnějším zkoumání dané problematiky se zákonitě narazí na problém související s nedostatkem informací o tomto druhu specifické kriminality. Rovněž tak klienti jednotlivých peněžních ústavů často nemají základní informace o možnostech zneužití jejich karet. Proto vyvstává v úvahu i otázka jisté, alespoň minimální základní osvěty ze strany ústavů, jež mají chránit finanční prostředky svých klientů. Připravovaná disertační práce si klade za cíl vytvoření metodiky zkoumání padělání platebních karet, a to nejenom v rámci České republiky, ale i ve stále se rozšiřujícím systému zemí Schengenské dohody a Evropské unie. Přínos disertační práce lze spatřovat v rovině teoretické i praktické. V teoretické části disertační práce je provedena analýza současného stavu vědeckého poznání v oblasti informační a komunikační technologie firem, která je implementována do informačních systémů. Dále jsou zde posouzeny výhody a nevýhody, které jsou s touto formou elektronického obchodu spojeny. Jsou zde rovněž charakterizovány specifické možnosti zneužívání platebních prostředků. Tuto problematiku vidím především ve zpracování odborné publikace, jež se bude komplexně zabývat problematikou zneužívání a padělání platebních karet a její možné využití při výuce na policejní akademii. Její stěžejní částí bude charakteristika jednotlivých forem padělání karet a rovněž možná identifikace těchto padělků. Tato publikace by také mohla posloužit i k prevenci a informovat tak klienty peněžních ústavů o možnostech zneužívání platebních karet. V praktické části práce, která je zaměřena na český a zahraniční trh, jsou určeny základní předpoklady pro realizaci a bezpečné obchodování firem a její postup. Dále je provedena analýza příčin zneužití elektronického obchodování v České republice a jsou zde představeny též výsledky kvantitativního výzkumu, který byl zaměřen na zjištění příčin nízkého zájmu informací mezi veřejností. V závěru je shrnuta zkoumaná problematika a jsou zde nastíněny perspektivy a možnosti dalšího vývoje.This dissertation work deals with the subject of a company in the area of e-commerce, which represents short-term or long-term plans in controlling the financial relationship toward the outer environment but also inside the company. The problem of possible abuse of credit cards is briefly analysed as well. The impulse for choosing this topic was increasing number of falsification and abusing of credit cards. When this subject is analysed in detail, the problem connected with lack of information on this particular area of crime inevitably appears. Clients of individual banking institutions often do not have even the basic knowledge about the ways their cards could be abused or misused. This is why the question of certain, at least minimal, basic information campaign done by the banks, which are supposed to protect the financial means of their clients. This dissertation work sets its goal in creating the methods of investigation of credit cards abuse not only in the Czech Republic but in the growing system of countries of Schengen Treaty and European Union. The benefit of the work can be seen in the level of theory as well of practice. The theoretical part of the work contains the analysis of the current situation of scientific knowledge in the area of information and communication technology of companies, which is implemented into information systems. Then the advantages and disadvantages connected with this kind of e-commerce are assessed and the specific opportunities for abuse of these media of payment are characterised. The problem sees mainly in writing a specialised publication, which would deal with the problem of abuse and falsification of credit cards and its possible use would be at police academies. Its main part should be the characteristics of particular forms of cards forging and also possible identification of these forgeries. This book could also help in prevention and inform clients of financial institutions about the ways of credit cards abuse. In the practical part, which concentrates on the Czech and foreign market, the author sets the basic premises for realisation of safe business of companies in the Czech Republic and its procedures. Furthermore the reasons of e-commerce abuse in the Czech Republic are analysed and results of quantification research presented. This was concentrated on ascertainment of reason of low interest in information among the public. In the conclusive part of the work the whole problem is summarised and there are also outlined perspectives and possibilities of further development

Taking “Fun and Games” Seriously: Proposing the Hedonic-Motivation System Adoption Model (HMSAM)

Hedonic-motivation systems (HMS)—systems used primarily to fulfill users’ intrinsic motivations—are the elephant in the room for IS research. Growth in HMS sales has outperformed utilitarian-motivation systems (UMS) sales for more than a decade, generating billions in revenue annually; yet IS research focuses mostly on UMS. In this study, we explain the role of intrinsic motivations in systems use and propose the hedonic-motivation system adoption model (HMSAM) to improve the understanding of HMS adoption. Instead of a minor, general TAM extension, HMSAM is an HMS-specific system acceptance model based on an alternative theoretical perspective, which is in turn grounded in flow-based cognitive absorption (CA). The HMSAM extends van der Heijden’s (2004) model of hedonic system adoption by including CA as a key mediator of perceived ease of use (PEOU) and of behavioral intentions to use (BIU) hedonic-motivation systems. Results from experiments involving 665 participants confirm that, in a hedonic context, CA is a more powerful and appropriate predictor of BIU than PEOU or joy, and that the effect of PEOU on BIU is fully mediated by CA sub-constructs. This study lays a foundation, provides guidance, and opens up avenues for future HMS, UMS, and mixed-motivation system research

Proposing the Multimotive Information Systems Continuance Model (MISC) to Better Explain End-User System Evaluations and Continuance Intentions

To ensure that users want to continue using a system, information system designers must consider the influence of users’ intrinsic motivations in addition to commonly studied extrinsic motivations. In an attempt to address this need, several studies have extended models of extrinsic motivation to include intrinsic variables. However, these studies largely downplay the role of users’ intrinsic motivations in predicting system use and how this role differs from that of extrinsic motivation. The role of met and unmet expectations related to system use is often excluded from extant models, and their function as cocreators in user evaluations has not been sufficiently explained. Even though expectations are a firmly established consequence of motivations and an antecedent of interaction evaluations, this area remains understudied. Our paper addresses these gaps by developing and testing a comprehensive model—the multimotive information systems continuance model (MISC)—that (1) explains more accurately and thoroughly the roles of intrinsic and extrinsic motivations, (2) explains how the fulfillment of intrinsic and extrinsic motivations affects systems-use outcome variables differently through met expectations, and (3) accounts for the effects of key design constructs

Novel Alert Visualization: The Development of a Visual Analytics Prototype for Mitigation of Malicious Insider Cyber Threats

Cyber insider threat is one of the most difficult risks to mitigate in organizations. However, innovative validated visualizations for cyber analysts to better decipher and react to detected anomalies has not been reported in literature or in industry. Attacks caused by malicious insiders can cause millions of dollars in losses to an organization. Though there have been advances in Intrusion Detection Systems (IDSs) over the last three decades, traditional IDSs do not specialize in anomaly identification caused by insiders. There is also a profuse amount of data being presented to cyber analysts when deciphering big data and reacting to data breach incidents using complex information systems. Information visualization is pertinent to the identification and mitigation of malicious cyber insider threats. The main goal of this study was to develop and validate, using Subject Matter Experts (SME), an executive insider threat dashboard visualization prototype. Using the developed prototype, an experimental study was conducted, which aimed to assess the perceived effectiveness in enhancing the analysts’ interface when complex data correlations are presented to mitigate malicious insiders cyber threats. Dashboard-based visualization techniques could be used to give full visibility of network progress and problems in real-time, especially within complex and stressful environments. For instance, in an Emergency Room (ER), there are four main vital signs used for urgent patient triage. Cybersecurity vital signs can give cyber analysts clear focal points during high severity issues. Pilots must expeditiously reference the Heads Up Display (HUD), which presents only key indicators to make critical decisions during unwarranted deviations or an immediate threat. Current dashboard-based visualization techniques have yet to be fully validated within the field of cybersecurity. This study developed a visualization prototype based on SME input utilizing the Delphi method. SMEs validated the perceived effectiveness of several different types of the developed visualization dashboard. Quantitative analysis of SME’s perceived effectiveness via self-reported value and satisfaction data as well as qualitative analysis of feedback provided during the experiments using the prototype developed were performed. This study identified critical cyber visualization variables and identified visualization techniques. The identifications were then used to develop QUICK.v™ a prototype to be used when mitigating potentially malicious cyber insider threats. The perceived effectiveness of QUICK.v™ was then validated. Insights from this study can aid organizations in enhancing cybersecurity dashboard visualizations by depicting only critical cybersecurity vital signs

Assessing the Role of User Computer Self-Efficacy, Cybersecurity Countermeasures Awareness, and Cybersecurity Skills toward Computer Misuse Intention at Government Agencies

Cybersecurity threats and vulnerabilities are causing substantial financial losses for governments and organizations all over the world. Cybersecurity criminals are stealing more than one billion dollars from banks every year by exploiting vulnerabilities caused by bank users\u27 computer misuse. Cybersecurity breaches are threatening the common welfare of citizens since more and more terrorists are using cyberterrorism to target critical infrastructures (e.g., transportation, telecommunications, power, nuclear plants, water supply, banking) to coerce the targeted government and its people to accomplish their political objectives. Cyberwar is another major concern that nations around the world are struggling to get ready to fight. It has been found that intentional and unintentional users\u27 misuse of information systems (IS) resources represents about 50% to 75% of cybersecurity threats and vulnerabilities to organizations. Computer Crime and Security Survey revealed that nearly 60% of security breaches occurred from inside the organization by users. Computer users are one of the weakest links in the information systems security chain, because users seem to have very limited or no knowledge of user computer self-efficacy (CSE), cybersecurity countermeasures awareness (CCA), and cybersecurity skills (CS). Users\u27 CSE, CCA, and CS play an important role in users\u27 computer misuse intention (CMI). CMI can be categorized as unauthorized access, use, disruption, modification, disclosure, inspection, recording, or destruction of information system data. This dissertation used a survey to empirically assess users\u27 CSE, CCA, CS, and computer misuse intention (CMI) at government agencies. This study used Partial Least Square (PLS) technique to measure the fit of a theoretical model that includes seven independent latent variables (CSE, UAS-P, UAS-T, UAC-M, CCS, CIS, & CAS) and their influences on the dependent variable CMI. Also, PLS was used to examine if the six control variables (age, gender, job function, education level, length of working in the organization, & military status such as veteran) had any significant impact on CMI. This study included data collected from 185 employees of a local and state transportation agency from a large metropolitan in the northeastern United States. Participants received an email invitation to take the Web-based survey. PLS was used to test the four research hypotheses. The results of the PLS model showed that UAC-M and CIS were significant contributors (

The Legal Aspects of Cybercrime in Nigeria: An Analysis with the UK Provisions

Cybercrime offences know no limits to physical geographic boundaries and have continued to create unprecedented issues regarding to the feasibility and legitimacy of applying traditional legislations based on geographic boundaries. These offences also come with procedural issues of enforcement of the existing legislations and continue to subject nations with problems unprecedented to its sovereignty and jurisdictions. This research is a critical study on the legal aspects of cybercrime in Nigeria, which examines how laws and regulations are made and applied in a well-established system to effectively answer questions raised by shortcomings on the implementation of cybercrime legislations, and critically reviews various laws in Nigeria relating or closely related to cybercrime. This research will provide insight into current global cybercrime legislations and the shortfalls to their procedural enforcement; and further bares the cybercrime issues in Nigeria while analysing and proffering a critique to the provisions as provided in the recently enacted Nigerian Cybercrime (Prohibition and Prevention) Act 2015, in contradistinction to the existing legal framework in the United Kingdom and the other regional enactments like the Council of Europe Convention on Cybercrime, African Union Convention on Cybersecurity and Personal Data Protection 2014, and the ECOWAS Directive on Cybercrime 2011