Refining the PoinTER “human firewall” pentesting framework

PurposePenetration tests have become a valuable tool in the cyber security defence strategy, in terms of detecting vulnerabilities. Although penetration testing has traditionally focused on technical aspects, the field has started to realise the importance of the human in the organisation, and the need to ensure that humans are resistant to cyber-attacks. To achieve this, some organisations “pentest” their employees, testing their resilience and ability to detect and repel human-targeted attacks. In a previous paper we reported on PoinTER (Prepare TEst Remediate), a human pentesting framework, tailored to the needs of SMEs. In this paper, we propose improvements to refine our framework. The improvements are based on a derived set of ethical principles that have been subjected to ethical scrutiny.MethodologyWe conducted a systematic literature review of academic research, a review of actual hacker techniques, industry recommendations and official body advice related to social engineering techniques. To meet our requirements to have an ethical human pentesting framework, we compiled a list of ethical principles from the research literature which we used to filter out techniques deemed unethical.FindingsDrawing on social engineering techniques from academic research, reported by the hacker community, industry recommendations and official body advice and subjecting each technique to ethical inspection, using a comprehensive list of ethical principles, we propose the refined GDPR compliant and privacy respecting PoinTER Framework. The list of ethical principles, we suggest, could also inform ethical technical pentests.OriginalityPrevious work has considered penetration testing humans, but few have produced a comprehensive framework such as PoinTER. PoinTER has been rigorously derived from multiple sources and ethically scrutinised through inspection, using a comprehensive list of ethical principles derived from the research literature

Predict Daily Life Stress based on Heart Rate Variability

Department of Human Factors EngineeringThe purpose of this study is to investigate the feasibility of predicting a daily mental stress level from analyzing Heart Rate Variability (HRV) by using a Photoplethysmography (PPG) sensor which is integrated in the wristband-type wearable device. In this experiment, each participant was asked to measure their own PPG signals for 30 seconds, three times a day (at noon, 6 P.M, and 10 minutes before going to sleep) for a week. And 10 minutes before going to sleep, all participants were asked to self-evaluate their own daily mental stress level using Perceived Stress Scale (PSS). The recorded signals were transmitted and stored at each participant???s smartphone via Bluetooth Low Energy (BLE) communication by own-made mobile application. The preprocessing procedure was used to remove PPG signal artifacts in order to make better performance for detecting each pulse peak point at PPG signal. In this preprocessing, three- level-bandpass filtering which consisted three different pass band range bandpass filters was used. In this study, frequency domain HRV analysis feature that the ratio of low-frequency (0.04Hz ~ 0.15Hz) to high-frequency (0.15Hz ~ 0.4Hz) power value was used. In frequency domain analysis, autoregressive (AR) model was used, because this model has higher resolution than that of Fast Fourier Transform (FFT). The accuracy of this prediction was 86.35% on average of all participants. Prediction result was calculated from the leave-one-out validation. The IoT home appliances are arranged according to the result of this prediction algorithm. This arrangement is offering optimized user???s relaxation. Also, this algorithm can help acute stress disorder patients to concentrate on getting treatment.clos

A review of contemporary techniques for measuring ergonomic wear comfort of protective and sport clothing

Protective and sport clothing is governed by protection requirements, performance, and comfort of the user. The comfort and impact performance of protective and sport clothing are typically subjectively measured, and this is a multifactorial and dynamic process. The aim of this review paper is to review the contemporary methodologies and approaches for measuring ergonomic wear comfort, including objective and subjective techniques. Special emphasis is given to the discussion of different methods, such as objective techniques, subjective techniques, and a combination of techniques, as well as a new biomechanical approach called modeling of skin. Literature indicates that there are four main techniques to measure wear comfort: subjective evaluation, objective measurements, a combination of subjective and objective techniques, and computer modeling of human–textile interaction. In objective measurement methods, the repeatability of results is excellent, and quantified results are obtained, but in some cases, such quantified results are quite different from the real perception of human comfort. Studies indicate that subjective analysis of comfort is less reliable than objective analysis because human subjects vary among themselves. Therefore, it can be concluded that a combination of objective and subjective measuring techniques could be the valid approach to model the comfort of textile materials

Review of recent research towards power cable life cycle management

Power cables are integral to modern urban power transmission and distribution systems. For power cable asset managers worldwide, a major challenge is how to manage effectively the expensive and vast network of cables, many of which are approaching, or have past, their design life. This study provides an in-depth review of recent research and development in cable failure analysis, condition monitoring and diagnosis, life assessment methods, fault location, and optimisation of maintenance and replacement strategies. These topics are essential to cable life cycle management (LCM), which aims to maximise the operational value of cable assets and is now being implemented in many power utility companies. The review expands on material presented at the 2015 JiCable conference and incorporates other recent publications. The review concludes that the full potential of cable condition monitoring, condition and life assessment has not fully realised. It is proposed that a combination of physics-based life modelling and statistical approaches, giving consideration to practical condition monitoring results and insulation response to in-service stress factors and short term stresses, such as water ingress, mechanical damage and imperfections left from manufacturing and installation processes, will be key to success in improved LCM of the vast amount of cable assets around the world

Managing the Change of Cultural Resistance

The review of numerous Australian and International Transport and Health Safety cases has highlighted the detrimental effect of cultural resistance when engineers and regulators seek to improve transport safety. This paper will define culture and cultural resistance. It will review a number of cases and provide an overview of the effect of cultural resistance, demonstrating some common characteristics of these cases. A limited number of risk management disciplines will be reviewed as they apply to the problem, and demonstrate how expertise in these fields can be advantageous to the engineer and regulator. The paper will provide the reader with a number of resolution strategies to manage cultural change by reducing resistance using practical methods. This paper has specific relevance to transport safety initiatives in Australia. This paper is an extract of a full research paper "Making the Kingfisher Archipelago a Safer Place", Smith, D.B., 2005, available from the author upon request

From eye to machine: shifting authority in color measurement

Given a subject so imbued with contention and conflicting theoretical stances, it is remarkable that automated instruments ever came to replace the human eye as sensitive arbiters of color specification. Yet, dramatic shifts in assumptions and practice did occur in the first half of the twentieth century. How and why was confidence transferred from careful observers to mechanized devices when the property being measured – color – had become so closely identified with human physiology and psychology? A fertile perspective on the problem is via the history of science and technology, paying particular attention to social groups and disciplinary identity to determine how those factors affected their communities’ cognitive territory. There were both common and discordant threads motivating the various technical groups that took on the problems of measuring light and color from the late nineteenth century onwards, and leading them towards the development of appropriate instruments for themselves. The transition from visual to photoelectric methods <i>could</i> be portrayed as a natural evolution, replacing the eye by an alternative roviding more sensitivity and convenience – indeed, this is the conventional positivist view propounded by technical histories. However, the adoption of new measurement technologies seldom is simple, and frequently has a significant cultural component. Beneath this slide towards automation lay a raft of implicit assumptions about objectivity, the nature of the observer, the role of instruments, and the trade-offs between standardization and descriptive power. While espousing rational arguments for a physical detector of color, its proponents weighted their views with tacit considerations. The reassignment of trust from the eye to automated instruments was influenced as much by the historical context as by intellectual factors. I will argue that several distinct aspects were involved, which include the reductive view of color provided by the trichromatic theory; the impetus provided by its association with photometry; the expanding mood for a quantitative and objective approach to scientific observation; and, the pressures for commercial standardization. As suggested by these factors, there was another shift of authority at play: from one technical specialism to another. The regularization of color involved appropriation of the subject by a particular set of social interests: communities of physicists and engineers espousing a ‘physicalist’ interpretation, rather than psychologists and physiologists for whom color was conceived as a more complex phenomenon. Moreover, the sources for automated color measurement, and instrumentation for measuring color, were primarily from the industrial sphere rather than from academic science. To understand these shifts, then, this chapter explores differing views of the importance of observers, machines and automation