Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions

How does intellectual capital align with cyber security?

Purpose – To position the preservation and protection of intellectual capital as a cyber security concern. We outline the security requirements of intellectual capital to help Boards of Directors and executive management teams to understand their responsibilities and accountabilities in this respect.Design/Methodology/Approach – The research methodology is desk research. In other words, we gathered facts and existing research publications that helped us to define key terms, to formulate arguments to convince BoDs of the need to secure their intellectual capital, and to outline actions to be taken by BoDs to do so.Findings – Intellectual capital, as a valuable business resource, is related to information, knowledge and cyber security. Hence, preservation thereof is also related to cyber security governance, and merits attention from boards of directors.Implications – This paper clarifies boards of directors’ intellectual capital governance responsibilities, which encompass information, knowledge and cyber security governance.Social Implications – If boards of directors know how to embrace their intellectual capital governance responsibilities, this will help to ensure that such intellectual capital is preserved and secured.Practical Implications – We hope that boards of directors will benefit from our clarifications, and especially from the positioning of intellectual capital in cyber space.Originality/Value – This paper extends a previous paper published by Von Solms and Von Solms (2018), which clarified the key terms of information and cyber security, and the governance thereof. The originality and value is the focus on the securing of intellectual capital, a topic that has not yet received a great deal of attention from cyber security researchers

Assessing the cyber-security status of the metropolitan municipalities in South Africa.

Doctoral Degree. University of KwaZulu-Natal, Durban.The intention of this enquiry was to assess the status of cyber-security in the metropolitan municipalities in South Africa. The focus on this level of local government was driven by the fact that metropolitan municipalities are the economic hubs with a variety of industrial facilities and are the places with high population densities. The metropolitan municipalities have adopted information infrastructures to support the daily administrative processes and, equally important, to support the delivery of essential services such as the distribution of electricity and clean water to the local citizens and communities. Entrenched in the adoption of information infrastructures are the cyber ills which if left unattended could have devastating consequences on people and industrial facilities. Failures or interruptions to information infrastructures have cascading effects due to interconnectedness of these infrastructures. The study used the Constructivist Grounded Theory Methodology to explore the activities that are performed by the metropolitan municipalities with the intention to determine what needs to be in place to safeguard their information infrastructures from cyber ills. Cyber-security is a serious concern in all types of businesses that are largely supported by information infrastructures in pursuit of the business objectives. Information infrastructures are susceptible to cyber-security threats, which if left unattended can shut the municipality operations down with disastrous consequences. A substantive theory of integrated development cyber-security emerged from the Constructivist Grounded Theory Methodology processes of data collecting through comprehensive interviews, initial coding, focused coding, memoing, and theoretical coding. A municipal cyber-security conceptual framework was developed from the integrated development cyber-security theory constructs of integrated development cyber-security which are the core category, cyber-security governance category, cyber-security technical operations category, and human issues in cyber-security category. The conceptual framework was used to formulate the cyber-security status assessment survey questionnaire that was adopted as an instrument to assess the cyber-security status in the metropolitan municipalities. The cyber-security status assessment instrument was deployed in metropolitan municipalities, wherein data was collected and statistically analysed to test and confirm its validity. The assessment results were analysed and showed the as is posture of cyber-security, the gaps in the current implemented cyber-security controls were identified together with the risks associated with those gaps, corrective actions to address the identified deficiencies were identified and recommended/communicated to the management of relevant municipalities

Latest Trends and Future Directions of Cyber Security Information Systems

The significance of the information system security is critical issue for the organizations since it leads to big financial losses. The understanding of cyber security threats is not only an innovative requirement but also it is a conservative task. The rapid changes in technologies and services are major driving and leading concerns to the cyber security, requiring reassessment and renewal of standardized policies for counter measures to the resistant vulnerabilities. The main aim of this paper is to improve the understanding and perception of latest security threats, security counter measures, and the future trends of cyberspace security. Therefore, we look forward proposing a new classification model of security threats in order to generalize the impact of threats into classes rather than the impact of every individual threat. The importance of this study comes from the neediness to forecast the future trends of information system cyber security on the long basis, as well as the identification of future security measures that would be reliable. Cyber security models need to improve according to the situational awareness over all situations and at all levels in order to avoid conflicting interests and priorities. Keywords: security, cyber security, cyber-attacks, information system security

cyber security management model for critical infrastructure

Cyber security is the most critical aspect nowadays of our technologically based lives. Government institutions, banking sectors, public and private services, nuclear power plants, power grid operators, water suppliers or waste water treatment companies use information technologies in their day-to-day operations. Everything that uses technologies are based on communication and information systems and that means that it depends on cyber security. The public and private sector each year spend millions of dollars on technologies, security software and hardware devices that will increase the cyber security inside their companies, but they are still vulnerable. The main problem of this situation is that cyber security is still usually treated as a technical aspect or technology which can be easily implemented inside the organization and this implementation will guarantee cyber security. This attitude must change, because cyber security nowadays is something more than just the technology. This article presents the taxonomy of the critical infrastructure attacks, analyzes attack vectors and attack methods used to damage critical infrastructure as well as the most common cyber security mistakes which organizations make in the cyber security field when trying to make themselves safer from vulnerabilities. The main aim of this article is to provide theoretical aspects of the cyber security management model which can be used to ensure security of critical infrastructure in an organization or company. The cyber security management model that is presented in this article is analyzed from management perspectives and is not concerned with technological aspects and products that are used to protect critical infrastructure from cyber security attacks and vulnerabilities

A proposed framework that enhances the quality of cyber security audits

The need to protect information systems or assets remains crucial today. Innovations in technology have led to rapid developments and as technology continues to advance, so is the need to protect information systems. Amongst numerous effects of cyber-attacks on organizations, huge financial losses which in turn affect the economy have since been reported. Cyber security audits need to be strengthened to tighten the protection of information systems. The importance of cybersecurity audits is widely endorsed in literature. Nonetheless, frameworks used to audit cybersecurity are viewed as‘sometimes' weak links to cybersecurity due to their drawbacks in auditing cyber security. A review of literature indicated that cyber-attacks are more rampant in the African continent with the financial sector being the most targeted. Literature also highlighted that the use of relevant frameworks for auditing cyber security improves the quality and effectiveness of audits thereby enhancing cyber security. Studies in information systems have mostly looked at the adoption of frameworks, types of cyber threats and tools needed to audit. Nonetheless, it is important to note that few scholars have examined the applicability and effectiveness of the existing frameworks in auditing cyber security. Furthermore, previous studies emphasize on enhancing cyber security without a particular focus on auditing cyber security including assessing the role of the auditor during the process. As a result, this study looked at cyber security from an auditing perspective with a particular focus on the strengths and weaknesses of the current frameworks that are being used to audit cyber security including. The study also looked at the factors that enhance the effectiveness of cyber security audits. The study draws from different theories, literature and from the strengths and drawbacks of existing frameworks to create an explanatory model. To statistically test and evaluate the model, a quantitative research approach was employed to collect, analyze, and interpret data from South Africa. Data was collected using a questionnaire which was distributed to IT auditors and cyber security professionals from the Information Systems Audit and Control Association (ISACA) South African chapter members. The National Institute of Standards and Technology (NIST) cyber security framework was found to be the widely adopted framework followed by the International Organization for Standardization (ISO) standards, with the Control Objectives for Information Technologies (COBIT) being the least employed framework. The COBIT framework was found to be more aligned to Information Technology governance rather than cyber security. Furthermore, results of this study indicate that effectiveness of cyber security audits is dependent upon competencies of auditors including their ethics and integrity. Results further indicate that frameworks used for auditing are effective to some extent if properly implemented. A proper alignment of an auditor's competencies which include ethics and integrity, and an adoption of a relevant framework will result in effective cyber security audits that reduce the risks of cyber-attacks. Concerning the contribution to practice, results from this study can help organizations to determine and review focus areas of cyber security auditing that they need to emphasize and develop on. Furthermore, the developed model can be used by auditors to develop an audit plan and conduct audits that are effective in identifying, protecting, detecting, preventing, and recovering information systems or assets. The methodological, theoretical, and practical contributions are further discussed in this thesis along with limitations, recommendations, and areas for future research

Impact of Implementation of Information Security Risk Management and Security Controls on Cyber Security Maturity (A Case Study at Data Management Applications of XYZ Institute)

Information security is an important concern for governments and industry due to the increase in cyber attacks during Covid-19. The government is obliged to maintain information security in implementing an Electronic-Based Government System following Presidential Regulation of the Republic of Indonesia Number 95 of 2018. To overcome this problem, the XYZ Institute needs an approach to implementing information security risk management and information security controls. This study aims to risk identification, risk analysis, risk evaluation, risk treatment, risk acceptance, risk control, and analysis of cyber security maturity gaps in the domain of governance, identification, protection, detection, and response. ISO/IEC 27005:2018 as guidance for conducting risk assessments. The code of practice for information security control uses the ISO/IEC 27002:2013 standard and assessing maturity using the cyber security maturity model version 1.10 developed by the National Cyber and Crypto Agency of the Republic of Indonesia. The results show that the cyber maturity value increased from 3.19 to 4.06 after implementing 12 new security controls

Measuring Cyber Security Awareness within Groups of Medical Professionals in Poland

The goal of this study is to measure the cyber security awareness of medical professionals in Poland, i.e. to verify whether healthcare specialists have knowledge and understanding of basic cyber security threats. This survey was based on the cyber security recommendations from the European Union Agency for Network and Information Security and the U.S. Department of Health and Human Services. The survey consisted of 23 single and multiple-choice questions divided into four parts. The results categorized the respondents and measured the level of cyber security awareness. Among the 620 persons invited to participate in the survey, 300 (48.39%) responded and answered all of the questions. The results show a an unsatisfactory level of knowledge regarding information security in Poland. The main conclusion drawn from the survey is that the quality of cyber security training among medical professionals should be improved and frequency of the trainings should be increased