Debiasing Cyber Incidents – Correcting for Reporting Delays and Under-reporting

This research addresses two key problems in the cyber insurance industry – reporting delays and under-reporting of cyber incidents. Both problems are important to understand the true picture of cyber incident rates. While reporting delays addresses the problem of delays in reporting due to delays in timely detection, under-reporting addresses the problem of cyber incidents frequently under-reported due to brand damage, reputation risk and eventual financial impacts. The problem of reporting delays in cyber incidents is resolved by generating the distribution of reporting delays and fitting modeled parametric distributions on the given domain. The reporting delay distribution was found to be non-stationary and bimodal. While non-stationarity was handled by generating the monthly reporting delay distribution over the rolling two-year moving window, the bimodal aspect required an optimization algorithm to compute the parameters. The modeled parametric distribution is further extended to infinite domain to obtain the complete overview of the incidents occurred but not yet reported. The complete modeled parametric distribution provides the correction factors showing an increasing trend in recent months rather than a decline as observed from reported incidents. The correction of reporting delays is computed for the US market. The study is further extended to highlight how reporting delays vary from industry to industry. Four different industries of US companies were compared within US market: Finance and Insurance, Educational Services, Health Care and Social Assistance, and Public Administration. The comparative study showed the corrections for reporting delays in the overall US market and by industry, with specific emphasis on the four distinct industries. The problem of under-reporting in cyber incidents is addressed in context of population characteristics. The proposed solution computes the large variations in under-reporting as a function of the three variables - revenue, incident type, and industry. Three different incident types–hacking, social engineering, and ransomware-- and five industries– Retail Trade, Manufacturing, Finance and Insurance, Professional Scientific Technical Services, and Wholesale Trade– were studied. The research highlighted that there is a need to address under-reporting by incident types and by industry

Indicators of School Crime and Safety: 2013

A joint effort by the Bureau of Justice Statistics and National Center for Education Statistics, this annual report examines crime occurring in schools and colleges. This report presents data on crime at school from the perspectives of students, teachers, principals, and the general population from an array of sources--the National Crime Victimization Survey, the School Crime Supplement to the National Crime Victimization Survey, the Youth Risk Behavior Survey, the School Survey on Crime and Safety, the School and Staffing Survey and the Campus Safety and Security Survey

Is Public Private Partnership a suitable way to cope with security issues?

This report investigates whether Public Private Partnership (PPP) is a suitable approach to tackle global security issues, with special reference to sensitive information sharing in the context of critical infrastructures protection. To this aim, it outlines the PPP concept starting from its introduction in the early nineties, and provides a critical view on the questions that arise in many application areas of PPP. An overview of the current EU guidelines concerning PPP is provided. Concerning security information sharing, early and current attempts to apply PPP are summarised, and the open issues involved highlighted.JRC.DG.G.6-Security technology assessmen

IoT for 5G/B5G applications in smart homes, smart cities, wearables and connected cars

Internet of things (IoT) is referred to as smart devices connected to the internet. A smart device is an electronic device, which may connect to other devices or are part of a network such as Wi-Fi. The increase of IoT devices has helped with advancing technology in many areas of society. Application of IoT in 5G/B5G devices has provided many benefits such as providing new ideas that can become projects for tech companies, generating big data (large volume of data which can be used to reveal trends, patterns and associations) and providing various ways of communicating. This has also had an impact on how companies improve their business with the use of advanced technology. However, the rapid growth of IoT has introduced a new platform for cybercriminals to attack. There has been published security measures on IoT to help deal with such risks and vulnerabilities. This survey paper will explore IoT in relation to smart homes, smart cities, wearables and connected cars. The benefits, risks and vulnerabilities will be discussed that comes along with using such devices connected to the internet

Internal Security and Economic Cost of Violence: An Analysis

South Asia is one of the most unstable and volatile regions of the world and stands second least peaceful region out of nine regions that were evaluated by the Institute for Economics and Peace (IEP). The ranking of the peacefulness of most of the South Asian countries is also rather low. In a developing country like India, the economic cost of violence at 5 percent of its GDP is too high. The causes of internal conflicts can be attributed to factors like ineffectiveness of the governance systems, sub-nationalism, deprivations, discrimination, social injustice, ethnic, sectarian, and religious polarisation, socio-economic exclusion, identity crisis, and competition for fast depleting crucial resources. These conflicts manifest in the form of insurgencies, terrorism, low-intensity armed conflicts, civil wars, and related political violence. There is a definite relationship between terrorism and internal armed conflicts, as both generally follow near similar contours. The terrorists have tried to destroy the very idea of India – democratic, secular, growth-oriented economy, excellence in IT and industry. Almost all elements of national power have a role - direct or indirect - on matters of national security, to suppress internal armedconflicts, and finally to resolve them. The legitimate aspirations and grievances of the people must be identified region-wise and addressed with a sense of urgency. The Government needs to formulate a comprehensive National Security Strategy (CNSS), to give a definite direction to the role of each element of national power in the short and long term, and minimize its economic cost of violence

The Story of Safe2Tell

This publication highlights the Safe2Tell program, including the far-reaching impact of providing students in all Colorado schools an increased ability to both prevent and report violence by making anonymous calls to 1-877-542-SAFE. It also illustrates through stories and interviews the value of Safe2Tell among families and communities, necessary steps and resources to implement the program, and the hotline's long-term sustainability achieved through legislation

Internal Security and Economic Cost of Violence: An Analysis

South Asia is one of the most unstable and volatile regions of the world and stands second least peaceful region out of nine regions that were evaluated by the Institute for Economics and Peace (IEP). The ranking of the peacefulness of most of the South Asian countries is also rather low. In a developing country like India, the economic cost of violence at 5 percent of its GDP is too high. The causes of internal conflicts can be attributed to factors like ineffectiveness of the governance systems, sub-nationalism, deprivations, discrimination, social injustice, ethnic, sectarian, and religious polarisation, socio-economic exclusion, identity crisis, and competition for fast depleting crucial resources. These conflicts manifest in the form of insurgencies, terrorism, low-intensity armed conflicts, civil wars, and related political violence. There is a definite relationship between terrorism and internal armed conflicts, as both generally follow near similar contours. The terrorists have tried to destroy the very idea of India - democratic, secular, growth-oriented economy, excellence in IT and industry. Almost all elements of national power have a role - direct or indirect - on matters of national security, to suppress internal armed conflicts, and finally to resolve them. The legitimate aspirations and grievances of the people must be identified region-wise and addressed with a sense of urgency. The Government needs to formulate a comprehensive National Security Strategy (CNSS), to give a definite direction to the role of each element of national power in the short and long term, and minimize its economic cost of violence

Incident Handling for Healthcare Organizations and Supply-Chains

Healthcare ecosystems form a critical type of infrastructures that provide valuable services in today societies. However, the underlying sensitive information is also of interest of malicious entities around the globe, with the attack volume being continuously increasing. Safeguarding this complex computerized setting constitutes a major challenge for the involved organizations. This paper presents an incident handling system for healthcare organizations and their supply-chain. The proposed approach utilizes swarm intelligence in order to assess the current security posture in a continuous basis and respond to attacks in real-time. The overall solution is based on the related NIST 800.61 standard and implements the operations of i) preparation, ii) detection and analysis, iii) containment, eradication, and recovery, and iv) post-incident activity. The system is developed under the EU funded project AI4HEALTHSEC and is applied in the relevant healthcare pilots