RISK MANAGEMENT IN THE DIGITAL ERA ADDRESSING CYBERSECURITY CHALLENGES IN BUSINESS

In the rapidly evolving digital landscape, businesses face unprecedented cybersecurity challenges that pose significant risks to their operations and data integrity. This study aims to explore effective risk management strategies tailored to the unique demands of the digital era, focusing on mitigating cybersecurity threats in the business sector. Through a comprehensive analysis of current cybersecurity trends, threats, and the efficacy of various risk management frameworks, this research offers insights into developing robust defense mechanisms against cyber threats. The methodology encompasses a mixed approach, combining qualitative and quantitative data from industry case studies, expert interviews, and cybersecurity incident reports. The findings reveal a pressing need for adaptive risk management strategies that are proactive, resilient, and aligned with the evolving nature of cyber threats. The study concludes with actionable recommendations for businesses to enhance their cybersecurity posture, emphasizing the integration of advanced technological solutions, employee training, and a culture of security awareness. This research contributes to the field by providing a nuanced understanding of cybersecurity challenges in the business context and proposing a comprehensive framework for effective risk management in the digital era

Impact and Mitigation of Cyberattacks on IoT devices: A Lens on Smart Home

This Master's thesis, undertaken at the University of Turku in conjunction with an internship at Alten France, delves into the escalating issue of cyberattacks on IoT devices. This burgeoning area has begun to permeate various sectors of society, most notably through consumer products in smart homes. The primary motivations behind this chosen topic are the increased prevalence of IoT devices in our everyday lives and the corresponding surge in cyber threats, alongside the topic's real-world applicability to my work at Alten France, which is heavily invested in digital technology and innovation. The thesis begins with a comprehensive exploration of the current landscape of IoT cyber threats, including various attack vectors and their impact on different types of IoT devices. The challenges of securing IoT devices are then examined, highlighting the limitations and vulnerabilities of the IoT infrastructure. The research analyzes the impacts of cyberattacks on individual users, organizations, and society at large. It covers a wide range of consequences, such as privacy violations, financial losses, disruptions to critical infrastructure, and effects such as eroded trust in digital systems. The latter segment of the thesis addresses potential solutions and preventive measures to mitigate these impacts. The research does not aim to propose new strategies but seeks to inform future mitigation efforts based on its thorough analysis. On the whole, this thesis presents a meticulous and extensive examination of the impacts of cyberattacks on IoT devices, with an emphasis on smart homes. It underscores the urgent requirement for bolstered cybersecurity measures in our increasingly interconnected world, highlighting the severe repercussions of neglecting this need. By deepening the understanding of the extensive impacts of these cyberattacks, this research contributes valuable insights to academic discussions and supplies essential information for policymakers and industry professionals to develop more secure and resilient IoT systems

National Security Space Launch

The United States Space Force’s National Security Space Launch (NSSL) program, formerly known as the Evolved Expendable Launch Vehicle (EELV) program, was first established in 1994 by President William J. Clinton’s National Space Transportation Policy. The policy assigned the responsibility for expendable launch vehicles to the Department of Defense (DoD), with the goals of lowering launch costs and ensuring national security access to space. As such, the United States Air Force Space and Missile Systems Center (SMC) started the EELV program to acquire more affordable and reliable launch capability for valuable U.S. military satellites, such as national reconnaissance satellites that cost billions per satellite. In March 2019, the program name was changed from EELV to NSSL, which reflected several important features: 1.) The emphasis on “assured access to space,” 2.) transition from the Russian-made RD-180 rocket engine used on the Atlas V to a US-sourced engine (now scheduled to be complete by 2022), 3.) adaptation to manifest changes (such as enabling satellite swaps and return of manifest to normal operations both within 12 months of a need or an anomaly), and 4.) potential use of reusable launch vehicles. As of August 2019, Blue Origin, Northrop Grumman Innovation Systems, SpaceX, and United Launch Alliance (ULA) have all submitted proposals. From these, the U.S. Air Force will be selecting two companies to fulfill approximately 34 launches over a period of five years, beginning in 2022. This paper will therefore first examine the objectives for the NSSL as presented in the 2017 National Security Strategy, Fiscal Year 2019, Fiscal Year 2020, and Fiscal Year 2021 National Defense Authorization Acts (NDAA), and National Presidential Directive No. 40. The paper will then identify areas of potential weakness and gaps that exist in space launch programs as a whole and explore the security implications that impact the NSSL specifically. Finally, the paper will examine how the trajectory of the NSSL program could be adjusted in order to facilitate a smooth transition into new launch vehicles, while maintaining mission success, minimizing national security vulnerabilities, and clarifying the defense acquisition process.No embargoAcademic Major: EnglishAcademic Major: International Studie

Revisiting Cybersecurity Awareness in the Midst of Disruptions

The awareness of cybersecurity and knowledge about risks from a variety of threats, which present harm or steal private information in internetworking could help in mitigation of vulnerabilities to risks of threats in safeguarding information from malware and bots. Revisiting cybersecurity awareness of every member and evaluation of organization’s posture might help to protect sensitive or private information from a network of computers, working together and forming into botnets. The purpose of the qualitative case study narrative was to explore prospects for integrating cybersecurity education into elementary school children’s curriculum through interviews of elementary schoolteachers, IT experts, and parents to gain feedback about perceptions on cybersecurity knowledge and awareness. The analysis of schools’ organizational security postures related to all levels of education, recommending in raising awareness of the underlying and unprecedented security vulnerabilities. One area of greatest need is in protecting the wellbeing of people in securing private or protected assets and sensitive information, most valuable and vulnerable amid disruption. The possible lack of cybersecurity awareness in online settings could increase an organizational vulnerability to risks of threats and outsider attempts to install malware during a variety of cyber-attacks. Organizations with online ambiguity face a threat from botnets to infect networks. This qualitative exploratory single case-study into perceptions of teachers and leaders, information technology (IT) experts, and parents of elementary school children about cybersecurity awareness level of children in elementary schools helped to reinforce the important role of education in building foundational cyber-safety practices

Enhancing cyber assets visibility for effective attack surface management : Cyber Asset Attack Surface Management based on Knowledge Graph

The contemporary digital landscape is filled with challenges, chief among them being the management and security of cyber assets, including the ever-growing shadow IT. The evolving nature of the technology landscape has resulted in an expansive system of solutions, making it challenging to select and deploy compatible solutions in a structured manner. This thesis explores the critical role of Cyber Asset Attack Surface Management (CAASM) technologies in managing cyber attack surfaces, focusing on the open-source CAASM tool, Starbase, by JupiterOne. It starts by underlining the importance of comprehending the cyber assets that need defending. It acknowledges the Cyber Defense Matrix as a methodical and flexible approach to understanding and addressing cyber security challenges. A comprehensive analysis of market trends and business needs validated the necessity of asset security management tools as fundamental components in firms' security journeys. CAASM has been selected as a promising solution among various tools due to its capabilities, ease of use, and seamless integration with cloud environments using APIs, addressing shadow IT challenges. A practical use case involving the integration of Starbase with GitHub was developed to demonstrate the CAASM's usability and flexibility in managing cyber assets in organizations of varying sizes. The use case enhanced the knowledge graph's aesthetics and usability using Neo4j Desktop and Neo4j Bloom, making it accessible and insightful even for non-technical users. The thesis concludes with practical guidelines in the appendices and on GitHub for reproducing the use case

Securing the Skies: Cybersecurity Strategies for Smart City Cloud using Various Algorithams

As smart cities continue to evolve, their reliance on cloud computing technologies becomes increasingly apparent, enabling the seamless integration of data-driven services and urban functionalities. However, this transformation also raises concerns about the security of the vast and interconnected cloud infrastructures that underpin these cities' operations. This paper explores the critical intersection of cloud computing and cybersecurity within the context of smart cities. This research is dealing with challenges posed by the rapid expansion of smart city initiatives and their reliance on cloud-based solutions. It investigates the vulnerabilities that emerge from this technological convergence, emphasizing the potential risks to data privacy, urban services, and citizen well-being. The abstract presents a comprehensive overview of the evolving threat landscape that smart cities face in the realm of cloud computing. To address these challenges, the abstract highlights the importance of proactive cybersecurity strategies tailored specifically to the unique needs of smart cities. It underscores the significance of adopting a multi-layered approach that encompasses robust encryption protocols, intrusion detection systems, threat intelligence sharing, and collaborative efforts among stakeholders. Drawing insights from existing research and real-world case studies, the abstract showcases innovative solutions that leverage advanced technologies like artificial intelligence and blockchain to fortify the security posture of smart city cloud infrastructures. It explores the role of data governance, user authentication, and anomaly detection in creating a resilient cybersecurity framework that safeguards critical urban systems

Strengthening Privacy and Data Security in Biomedical Microelectromechanical Systems by IoT Communication Security and Protection in Smart Healthcare.

Biomedical Microelectromechanical Systems (BioMEMS) serve as a crucial catalyst in enhancing IoT communication security and safeguarding smart healthcare systems. Situated at the nexus of advanced technology and healthcare, BioMEMS are instrumental in pioneering personalized diagnostics, monitoring, and therapeutic applications. Nonetheless, this integration brings forth a complex array of security and privacy challenges intrinsic to IoT communications within smart healthcare ecosystems, demanding comprehensive scrutiny. In this manuscript, we embark on an extensive analysis of the intricate security terrain associated with IoT communications in the realm of BioMEMS, addressing a spectrum of vulnerabilities that spans cyber threats, data manipulation, and interception of communications. The integration of real-world case studies serves to illuminate the direct repercussions of security breaches within smart healthcare systems, highlighting the imperative to safeguard both patient safety and the integrity of medical data. We delve into a suite of security solutions, encompassing rigorous authentication processes, data encryption, designs resistant to attacks, and continuous monitoring mechanisms, all tailored to fortify BioMEMS in the face of ever-evolving threats within smart healthcare environments. Furthermore, the paper underscores the vital role of ethical and regulatory considerations, emphasizing the need to uphold patient autonomy, ensure the confidentiality of data, and maintain equitable access to healthcare in the context of IoT communication security. Looking forward, we explore the impending landscape of BioMEMS security as it intertwines with emerging technologies such as AI-driven diagnostics, quantum computing, and genomic integration, anticipating potential challenges and strategizing for the future. In doing so, this paper highlights the paramount importance of adopting an integrated approach that seamlessly blends technological innovation, ethical foresight, and collaborative ingenuity, thereby steering BioMEMS towards a secure and resilient future within smart healthcare systems, in the ambit of IoT communication security and protection

Think twice before you click! : exploring the role of human factors in cybersecurity and privacy within healthcare organizations

The urgent need to protect sensitive patient data and preserve the integrity of healthcare services has propelled the exploration of cybersecurity and privacy within healthcare organizations [1]. Recognizing that advanced technology and robust security measures alone are insufficient [2], our research focuses on the often-overlooked human element that significantly influences the efficacy of these safeguards. Our motivation stems from the realization that individual behaviors, decision-making processes, and organizational culture can be both the weakest link and the most potent tool in achieving a secure environment. Understanding these human dimensions is paramount as even the most sophisticated protocols can be undone by a single lapse in judgment. This research explores the impact of human behavior on cybersecurity and privacy within healthcare organizations and presents a new methodological approach for measuring and raising awareness among healthcare employees. Understanding the human influence in cybersecurity and privacy is critical for mitigating risks and strengthening overall security posture. Moreover, the thesis aims to place emphasis on the human aspects focusing more on the often-overlooked factors that can shape the effectiveness of cybersecurity and privacy measures within healthcare organizations. We have highlighted factors such as employee awareness, knowledge, and behavior that play a pivotal role in preventing security incidents and data breaches [1]. By focusing on how social engineering attacks exploit human vulnerabilities, we underline the necessity to address these human influenced aspects. The existing literature highlights the crucial role that human factors and awareness training play in strengthening cyber resilience, especially within the healthcare sector [1]. Developing well-customized training programs, along with fostering a robust organizational culture, is vital for encouraging a secure and protected digital healthcare setting [3]. Building on the recognized significance of human influence in cybersecurity within healthcare organizations, a systematic literature review became indispensable. The existing body of research might not have fully captured all ways in which human factors, such as psychology, behavior, and organizational culture, intertwined with technological aspects. A systematic literature review served as a robust foundation to collate, analyze, and synthesize existing knowledge, and to identify gaps where further research was needed. In complement to our systematic literature review and investigation of human factors, our research introduced a new methodological approach through a concept study based on an exploratory survey [4]. Recognizing the need to uncover intricate human behavior and psychology in the context of cybersecurity, we designed this survey to probe the multifaceted dimensions of cybersecurity awareness. The exploratory nature of the survey allowed us to explore cognitive, emotional, and behavioral aspects, capturing information that is often overlooked in conventional analyses. By employing this tailored survey, we were able to collect insights that provided a more textured understanding of how individuals within healthcare organizations perceive and engage with cybersecurity measures

Cybersecurity Vulnerabilities in Smart Grids with Solar Photovoltaic: A Threat Modelling and Risk Assessment Approach

Cybersecurity is a growing concern for smart grids, especially with the integration of solar photovoltaics (PVs). With the installation of more solar and the advancement of inverters, utilities are provided with real-time solar power generation and other information through various tools. However, these tools must be properly secured to prevent the grid from becoming more vulnerable to cyber-attacks. This study proposes a threat modeling and risk assessment approach tailored to smart grids incorporating solar PV systems. The approach involves identifying, assessing, and mitigating risks through threat modeling and risk assessment. A threat model is designed by adapting and applying general threat modeling steps to the context of smart grids with solar PV. The process involves the identification of device assets and access points within the smart grid infrastructure. Subsequently, the threats to these devices were classified utilizing the STRIDE model. To further prioritize the identified threat, the DREAD threat-risk ranking model is employed. The threat modeling stage reveals several high-risk threats to the smart grid infrastructure, including Information Disclosure, Elevation of Privilege, and Tampering. Targeted recommendations in the form of mitigation controls are formulated to secure the smart grid’s posture against these identified threats. The risk ratings provided in this study offer valuable insights into the cybersecurity risks associated with smart grids incorporating solar PV systems, while also providing practical guidance for risk mitigation. Tailored mitigation strategies are proposed to address these vulnerabilities. By taking proactive measures, energy sector stakeholders may strengthen the security of their smart grid infrastructure and protect critical operations from potential cyber threats