Information Security and Cryptography-Encryption in Journalism

The purpose of this review paper is to garner knowledge about the information security and cryptography encryption practices implementation for journalistic work and its effectiveness in thwarting software security breaches in the wake of ‘Journalism After Snowden’. Systematic literature review for the ‘information security and cryptography encryption in journalism’ employed with an eye to synthesize existing practices in this field. For this, at first the existing approachable research article databases and search engines employed to download or get the abstract of relevant scientific articles which are then used for citation and summarization works in a systematic rigorous anatomization. Contingent upon them their analysis and synthesis employed to arrive at the findings. Research papers collated for the purpose of writing this review paper lighted up the vital issues related to investigative journalists’ safety practices promulgation inadequacies even after the UNESCO 2017 and 2022 guidelines for urgent instrumentalization needs of journalists on the part of its’ member States.Lattice Science Publication (LSP) © Copyright: All rights reserved

Challenges of digital privacy in banking organizations

As the information and technology age becomes more advanced, digital privacy flaws have become more challenging. Information technology (IT) security managers, chief information security officers, and other stakeholders in banks are concerned with identity-based authentication attacks because identity-theft attacks cause data breaches. Grounded in the protection motivation theory, the purpose of this qualitative pragmatic study was to examine strategies IT security professionals working on internet banking platforms use to mitigate identity-based authentication attacks. The study participants comprised five IT security professionals currently working in the online banking industry from the northeastern United States with at least 5 years of experience handling digital banking platforms. Data were collected from interviews with five IT security professionals and publicly accessible documents such as NIST documents and industry standards. Data were analyzed using thematic analysis. Five major themes emerged from the analysis: comprehensive user authentication, importance of data encryption, system audits, intrusion detection systems, and comprehensive user policies. A key recommendation is to train all users on secure usage of the bank’s digital transaction platform by providing mandatory privacy protection training and security awareness to users before they successfully create or access financial accounts. The implications for positive social change include the potential to increase the number of users to effectively use cybersecurity policies, techniques, tools, and training designed to protect their online banking accounts from identity-based authentication attacks

Data-centric security : towards a utopian model for protecting corporate data on mobile devices

Data-centric security is significant in understanding, assessing and mitigating the various risks and impacts of sharing information outside corporate boundaries. Information generally leaves corporate boundaries through mobile devices. Mobile devices continue to evolve as multi-functional tools for everyday life, surpassing their initial intended use. This added capability and increasingly extensive use of mobile devices does not come without a degree of risk - hence the need to guard and protect information as it exists beyond the corporate boundaries and throughout its lifecycle. Literature on existing models crafted to protect data, rather than infrastructure in which the data resides, is reviewed. Technologies that organisations have implemented to adopt the data-centric model are studied. A utopian model that takes into account the shortcomings of existing technologies and deficiencies of common theories is proposed. Two sets of qualitative studies are reported; the first is a preliminary online survey to assess the ubiquity of mobile devices and extent of technology adoption towards implementation of data-centric model; and the second comprises of a focus survey and expert interviews pertaining on technologies that organisations have implemented to adopt the data-centric model. The latter study revealed insufficient data at the time of writing for the results to be statistically significant; however; indicative trends supported the assertions documented in the literature review. The question that this research answers is whether or not current technology implementations designed to mitigate risks from mobile devices, actually address business requirements. This research question, answered through these two sets qualitative studies, discovered inconsistencies between the technology implementations and business requirements. The thesis concludes by proposing a realistic model, based on the outcome of the qualitative study, which bridges the gap between the technology implementations and business requirements. Future work which could perhaps be conducted in light of the findings and the comments from this research is also considered

Networked world: Risks and opportunities in the Internet of Things

The Internet of Things (IoT) – devices that are connected to the Internet and collect and use data to operate – is about to transform society. Everything from smart fridges and lightbulbs to remote sensors and cities will collect data that can be analysed and used to provide a wealth of bespoke products and services. The impacts will be huge - by 2020, some 25 billion devices will be connected to the Internet with some studies estimating this number will rise to 125 billion in 2030. These will include many things that have never been connected to the Internet before. Like all new technologies, IoT offers substantial new opportunities which must be considered in parallel with the new risks that come with it. To make sense of this new world, Lloyd’s worked with University College London’s (UCL) Department of Science, Technology, Engineering and Public Policy (STEaPP) and the PETRAS IoT Research Hub to publish this report. ‘Networked world’ analyses IoT’s opportunities, risks and regulatory landscape. It aims to help insurers understand potential exposures across marine, smart homes, water infrastructure and agriculture while highlighting the implications for insurance operations and product development. The report also helps risk managers assess how this technology could impact their businesses and consider how they can mitigate associated risks

Information security concerns around enterprise bring your own device adoption in South African higher education institutions

The research carried out in this thesis is an investigation into the information security concerns around the use of personally-owned mobile devices within South African universities. This concept, which is more commonly known as Bring Your Own Device or BYOD has raised many data loss concerns for organizational IT Departments across various industries worldwide. Universities as institutions are designed to facilitate research and learning and as such, have a strong culture toward the sharing of information which complicates management of these data loss concerns even further. As such, the objectives of the research were to determine the acceptance levels of BYOD within South African universities in relation to the perceived security risks. Thereafter, an investigation into which security practices, if any, that South African universities are using to minimize the information security concerns was carried out by means of a targeted online questionnaire. An extensive literature review was first carried out to evaluate the motivation for the research and to assess advantages of using Smartphone and Tablet PC’s for work related purposes. Thereafter, to determine security concerns, other surveys and related work was consulted to determine the relevant questions needed by the online questionnaire. The quantity of comprehensive academic studies concerning the security aspects of BYOD within organizations was very limited and because of this reason, the research took on a highly exploratory design. Finally, the research deliberated on the results of the online questionnaire and concluded with a strategy for the implementation of a mobile device security strategy for using personally-owned devices in a work-related environment

Cyber Counterintelligence: Assets, Audiences, and the Rise of Disinformation

In April 2021, Facebook suffered yet another data breach that affected hundreds of millions of accounts. The private information of over 500 million people had been stolen by hackers - names, phone numbers, email addresses, locations and more. The cache is potentially valuable to a host of malicious actors, from criminals motivated by financial gain to hostile foreign actors microtargeting voters through information operations. It follows an evolution of threats in cyberspace targeting government agencies, utilities, businesses, and electoral systems. With a focus on state-based actors, this thesis considers how state threat perception of cyberspace has developed, and if that perception is influencing the evolution of cyber counterintelligence (CCI) as a response to cyber-enabled threats such as disinformation. Specifically, this thesis traces the threat elevation of cyberspace through the evolution of the published national security documentation of the United Kingdom, asking how threat elevation corresponds to the development of CCI, if at all, and what sort of responses these processes generate to combat the rising threat of disinformation campaigns conducted against liberal democracies. Democratic audiences are a target of influence and information operations, and, as such, are an intelligence and security vulnerability for the state. More so than in previous decades, to increase national resilience and security in cyberspace, the individual, as part of the democratic audience, is required to contribute to personal counterintelligence and security practices. This research shows that while assets and infrastructure have undergone successful threat elevation processes, democratic audiences have been insufficiently recognised as security vulnerabilities and are susceptible to cyber-enabled disinformation

Guidelines for cybersecurity education campaigns

In our technology- and information-infused world, cyberspace is an integral part of modern-day society. As the number of active cyberspace users increases, so too does the chances of a cyber threat finding a vulnerable target increase. All cyber users who are exposed to cyber risks need to be educated about cyber security. Human beings play a key role in the implementation and governing of an entire cybersecurity and cybersafety solution. The effectiveness of any cybersecurity and cybersafety solutions in a societal or individual context is dependent on the human beings involved in the process. If these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in these cybersecurity solutions. It is essential that all users be educated to combat any threats. Children are a particularly vulnerable subgroup within society. They are digital natives and make use of ICT, and online services with increasing frequency, but this does not mean they are knowledgeable about or behaving securely in their cyber activities. Children will be exposed to cyberspace throughout their lifetimes. Therefore, cybersecurity and cybersafety should be taught to children as a life-skill. There is a lack of well-known, comprehensive cybersecurity and cybersafety educational campaigns which target school children. Most existing information security and cybersecurity education campaigns limit their scope. Literature reports mainly on education campaigns focused on primary businesses, government agencies and tertiary education institutions. Additionally, most guidance for the design and implementation of security and safety campaigns: are for an organisational context, only target organisational users, and mostly provide high-level design recommendations. This thesis addressed the lack of guidance for designing and implementing cybersecurity and cybersafety educational campaigns suited to school learners as a target audience. The thesis aimed to offer guidance for designing and implementing education campaigns that educate school learners about cybersecurity and cybersafety. This was done through the implementation of an action research process over a five-year period. The action research process involved cybersecurity and cybersafety educational interventions at multiple schools. A total of 18 actionable guidelines were derived from this research to guide the design and implementation of cybersecurity and cybersafety education campaigns which aim to educate school children