Designing Extended Zero Trust Maturity Model – From Technical to Socio-Technical

Recent successful cybersecurity attacks have exploited trust to compromise organizational information systems. Scholars and practitioners agree that the issue originates from the organizational perimeter security approach, within which perimeter trust is assumed. To improve the situation, building security principles on the idea that trust is not inherent but earned has been proposed, coined as Zero Trust. However, the current discussions spearheaded by technology-minded practitioners have focused mostly on trust at the network security and architecture levels, largely omitting the organizational aspects of security. To address this gap, we build on socio-technical approach and maturity models to develop a novel artifact with security experts, addressing the need for organizational Zero Trust through the Extended Zero Trust Maturity Model. Our research contributes to discussions on holistic information security management by extending the principles of Zero Trust from technical into socio-technical approach and responds to calls to reconsider foundational assumptions of IS security

NOTRINO: a NOvel hybrid TRust management scheme for INternet-Of-vehicles

Internet-of-Vehicles (IoV) is a novel technology to ensure safe and secure transportation by enabling smart vehicles to communicate and share sensitive information with each other. However, the realization of IoV in real-life depends on several factors, including the assurance of security from attackers and propagation of authentic, accurate and trusted information within the network. Further, the dissemination of compromised information must be detected and vehicle disseminating such malicious messages must be revoked from the network. To this end, trust can be integrated within the network to detect the trustworthiness of the received information. However, most of the trust models in the literature relies on evaluating node or data at the application layer. In this study, we propose a novel hybrid trust management scheme, namely, NOTRINO, which evaluates trustworthiness on the received information in two steps. First step evaluates trust on the node itself at transport layer, while second step computes trustworthiness of the data at application layer. This mechanism enables the vehicles to efficiently model and evaluate the trustworthiness on the received information. The performance and accuracy of NOTRINO is rigorously evaluated under various realistic trust evaluation criteria (including precision, recall, F-measure and trust). Furthermore, the efficiency of NOTRINO is evaluated in presence of malicious nodes and its performance is benchmarked against three hybrid trust models. Extensive simulations indicate that NOTRINO achieve over 75% trust level as compared to benchmarked trust models where trust level falls below 60% for a network with 35% malicious nodes. Similarly, 92% precision and 87% recall are achieved simultaneously with NOTRINO for the same network, comparing to benchmark trust models where precision and recall falls below 87% and 85% respectively.N/

A Layered Behaviour Model For Electronic Information Sharing In Iraq Intelligence Networks

The weakness of information sharing has appeared clearly with the events of 11th of Sep 2001 that did not prevent the terrorist attacks. Recently, a prevalent relationship between information sharing and intelligence in the context of counter-terrorism. A few studies have been conducted in this domain by Western countries whilst, none studies done with countries which have effected directly with terrorist attacks especially the Middle East. Issues with information sharing in intelligence domain are still significant challenges. Nevertheless, literature showed there is no single model combined with the technology, information sharing and human factors with an empirical gap in this field, to determine what the intelligence need to develop non-failure intelligence product. This study aims to analysis the technology gap that focuses on fully supporting the common requirements of information sharing in Iraqi intelligence through propose an electronic information sharing model adopted based on Layered Behavioral Model. The fourteen factors are employed in five layers included, Policies and Political Constraints as an Environmental Layer, Compatibility, Information Quality, and Common Data Repository as an Organisation Layer, Cost, Expected Benefits, and Expected Risk as an Information Fusion Center Layer, Technology Capability, Top Management Support, and Coordination as a Readiness Layer, and the last factor in Individual Layer are Trust, Information Stewardship, and Information Security. A quantitative method employed to achieve a broader background of the phenomenon under investigation and to address a broader range of attitude and behavioural issues. This method was a statistical approach in testing the proposed research hypotheses for the factors. From the empirical testing point, found that Policies, Compatibility, Common Data Repository, Cost, Expected Benefits, Expected Risk, Technology Capability, Top Management Support, Trust, Information Stewardship, and Information Security had a significant influence on the degree of electronic information sharing. Whereas, Political Constraints, Information Quality, and Coordination had no significant influence on the degree of electronic information sharing. Several contributions of this study are, create a new theoretical model for the electronic information sharing within intelligence domain. Enhances existing literature by expanding upon layers and factors that are affecting in two dimensions are, electronic information sharing and intelligence. Add new vision to develop information fusion center in the context of electronic information sharing. Reduce the gap of the empirical study in intelligence sectors. And provide a formal strategy and creation a series of the guidelines for Iraqi intelligence authorities to govern E-information sharing activities

Investigating The Key Factors Effecting The Use Of Telemedicine In Iraqi Hospitals

The weakness of information sharing has appeared clearly with the events of 11th of Sep 2001 that caused cannot stop and prevent the attacks of terrorist. Recently, a prevalent relationship between information sharing and intelligence in the context of counter-terrorism. A few studies have been conducted in this domain by Western countries whilst, none studies done with countries which have effected directly with terrorist attacks especially the Middle East. Issues with information sharing in intelligence domain are still significant challenges to cover. Nevertheless, literature showed there is no single model combined with the technology, information sharing and human factors with an empirical gap in this field, to determine what the intelligence need to develop non-failure intelligence product. This study aims to analysis the technology gap that focuses on fully supporting the common requirements of information sharing in Iraqi intelligence through propose an electronic information sharing model adopted based on Layered Behavioral Model. The fourteen factors are employed in five layers included, Policies and Political Constraints as an Environmental Layer, Compatibility, Information Quality, and Common Data Repository as an Organisation Layer, Cost, Expected Benefits, and Expected Risk as an Information Fusion Center Layer, Technology Capability, Top Management Support, and Coordination as a Readiness Layer, and the last factor in Individual Layer are Trust, Information Stewardship, and Information Security. A quantitative method employed to achieve a broader background of the phenomenon under investigation and to address a broader range of attitude and behavioural issues. This method was a statistical approach in testing the proposed research hypotheses for the factors. From the empirical testing point, found that Policies, Compatibility, Common Data Repository, Cost, Expected Benefits, Expected Risk, Technology Capability, Top Management Support, Trust, Information Stewardship, and Information Security had a significant influence on the degree of electronic information sharing. Whereas, Political Constraints, Information Quality, and Coordination had no significant influence on the degree of electronic information sharing. Several contributions of this study are, create a new theoretical model for the electronic information sharing within intelligence domain. Enhances existing literature by expanding upon layers and factors that are affecting in two dimensions are, electronic information sharing and intelligence. Add new vision to develop information fusion center in the context of electronic information sharing. Reduce the gap of the empirical study in intelligence sectors. And provide a formal strategy and creation a series of the guidelines for Iraqi intelligence authorities to govern E-information sharing activities

An investigation into trust and its effect on teams

University of Technology, Sydney. Faculty of Engineering and Information Technology.Project failures have become a major concern for researchers and practitioners. According to the literature, organisations very often give attention to teamwork as there is a view that it is essential for the smooth operation of a project (Thamhain 2004; Bubshait et al 1999).Therefore, teamwork is one of the important factors for the success or failure of a project. In addition to the importance of teamwork, team issues affecting its performance also need attention. Among these team issues, people issues are least discussed in the literature (Dirks & Ferrin 2001). One such team issue is trust. Trust is believed to be influenced by individual personality, individual behaviours and interpersonal relationships (Hassanein & Head 2004; cited by Lumsden & McKay 2006). When it comes to the individual’s behaviour, much of the psychology literature believes it to be influenced by various sources. One example is David (2007) who produced a model showing human nature, personality and culture among the sources that influence an individual’s behaviour. Moreover, trust is deeply rooted in an individual’s personality (Akhter 2004; Sutherland & Tan 2004). As the importance of teams has been stressed it is quite evident that the most important attribute that makes up teams, i.e. humans, has a strong impact on a team’s trust and performance. Unfortunately, due to limited empirical studies on trust in Information Technology (IT) literature, the aspects of individuals’ behaviour are missing and the studies from the psychology literature are not reflected in IT or project management literature. The research presented in this thesis is an exploratory study and it introduces a framework to help understand how trust influences IT project teams. It also includes the role of project managers and team leaders in improving trust within teams. The framework encompasses the role of project managers and team leaders in building trust within a team highlighting loyalty, communication management, motivation, etc. It also includes aspects of individuals’ behaviour which affect trust within a team. A qualitative study was carried out to achieve the objectives of this study. The analysis of responses was done from six semi-structured interviews of IT project managers and team leaders from two Australian organisations, gathered based on their experience in managing team projects. The individual behaviours found in this study that can affect trust, and consequently projects, were frustration, compassion, deception, transparency, idleness, talk (gossiping), inappropriate behaviours, inappropriate work attire, unnecessary disturbance, bad odour, playing practical jokes and an immature attitude. The role of managers and team leaders in improving trust within teams and the team members found in this study were to: operate with transparency, earn respect, maintain the flow of communication, promote team building activities, share team/project success, motivate team members, and keep the team united. The results showed that trust is a central element and without trust, teamwork will be negatively affected resulting in project failure and poor team performance

A socio-cognitive and computational model for decision making and user modelling in social phishing

Systems software quality, and system security in particular, is often compromised by phishing attacks. The latter were relatively easy to detect through phishing content filters, in the past. However, it has been increasingly difficult to stop more recent and sophisticated social phishing attacks. To protect the citizens from new types of phishing attacks, software quality engineers need to provide equally sophisticating preventive technology that models people’s reactions. The authors considered the behaviour of people on the Internet from a socio-cognitive perspective and deduced who could be more prone to be spoofed by social phishing techniques. The authors herein propose a computational and interdisciplinary metamodelling methodology, which can assist in capturing and understanding people’s interactive behaviour when they are online. Online behaviour can reveal Internet users’ knowledge, information, and beliefs in a given social context; these could also constitute significant factors for trust in social phishing circumstances which, in turn, can provide valuable insights and decision making meta-knowledge for recognition of potential victims of phishers. The proposed modelling approach is illustrated and explained using real-life phishing cases. This meta-model can i) help social computing and phishing researchers to understand users’ trust decisions from a socio-cognitive perspective, and ii) open ways to integrate artificial intelligence design techniques within software quality management practices in order to protect citizens from being spoofed by social phishing attacks. Thus, this software design quality approach will increase system security as a proactive maintenance strategy

The Necessity of Digital Technology in the Supply Chain Finance Network Based on Digital Integration

Modern enterprise information consultancy and management firms are evolving with a fresh paradigm. This model emphasizes primary businesses and oversees the capital, data, and logistical operations of small to medium-sized entities. It aims to transform unpredictable risks into manageable supply chain enterprise risks, ensuring the most minimal financial service risks. Additionally, supply chain finance offers a broad spectrum of financial solutions for businesses throughout the supply chain. As technology advances, this has given rise to a novel supply chain financial ecosystem. This network can effectively execute supply chain finance operations. Notably, supply chain finance is inherently a credit-based financing system. Conventional techniques fall short in addressing the trust issues within the financial network of supply chain finance. This study introduces a digital methodology for financial network scrutiny. Initially, computer systems are employed to probe the trustworthiness challenges of the financial network, segmenting indices based on the network's demands to mitigate interfering elements. Subsequently, these systems evaluate the financial trust impacts on the supply chain, establish a financial network blueprint, and undertake a holistic examination of the financial network outcomes. Simulations in MATLAB indicate that, when assessed under specific criteria, the digital technology's financial network trust in supply chain finance surpasses traditional approaches in network reliability

Realising a vision - a partnership approach to education capturing the enterprising spirit of the young people of North Tyneside

This paper describes and explains how three separate initiatives, for linking education with business and industry, were integrated to give a model for action in widely different types of school. Each author worked on one initiative, and this model was then the outcome of combining their expertise and experience. The rationale and philosophy behind the following three initiatives was explored. Provision of training days for advisory staff on the potential use of the Banking Information Service multi-media resource "Financial Planning and Management of Design Technology Projects". An interdisciplinary enquiry by the Advisory Team for Technology of North Tyneside Education Authority into the delivery of the National Curriculum within the context of a local initiative entitled "Schools Mean Business". Commissions undertaken by student teachers in connection with the TVEI/Initial Teacher Training Programme of Newcastle Polytechnic. The outcome was the provision of a model for action, to be described fully in the paper, within five local authority schools; a first school, a middle school, two special schools and a comprehensive school. Each school established its own partnerships between one another, with higher education via student commissions, with local industry, with initiatives led by local councils, and in a number of other ways. Schools set up programmes of study using the process of technology, exploring the implementation of the National Curriculum beyond subject boundaries - programmes requiring trust, flexibility, and a vision of education as a whole. The work done in the schools will also be illustrated in our poster presentations at the conference

New delivery model for non-profit organisations: shared computing services

Abstract: The current economic climate of funding stringency has intensified the need for non-profit organisations (NPOs) to find new delivery models of their services as a way of creating greater efficiencies and reducing costs. Consideration of improvement to their back-office operations is one way of addressing overheads associated with delivery functions of NPOs so that they can continue to focus on their core business activities. The overheads for back-office functions are much larger for smaller NPOs (by about 10-15 percent) than the larger ones and interest in sharing services could appeal to that sector. One approach to reduce overhead costs is for two or more NPOs to collaborate in sharing office space and office equipment and, in some instances, outsourcing some functions, for example, human resources and information technology. Currently, in New Zealand, there is very little engagement by NPOs in sharing services, particularly back office computing services. It was against this background that meetings with representatives of eight NPOs in Wellington, New Zealand, identified the challenges they were facing. These included funding, client management, compliance with reporting (financial and non-financial), financial management and control, governance, marketing and promotion and retention and management of staff and volunteers. Wellington City Council, as a significant funding agent of some local NPOs, commissioned an online survey with the aim of understanding the interest and readiness of NPOs in adopting shared computing services. The survey was developed collaboratively with the council, a computing charitable trust and a local university. The objectives of the survey were: to provide a snapshot of computing usage within the organisations, identify significant issues challenging the sector and understand their perceptions of shared computing services. The perceptions of the Wellington region NPO representatives (147 valid surveys) regarding shared services are reported in this paper. Results reveal the factors that drive the uptake of shared services within the non-profit sector, the benefits, barriers and priorities of sharing computing services and respondents’ views on their willingness to pay for a shared services arrangement. NPOs were positive regarding potential benefits of a shared services arrangement but recognised potential barriers of privacy and security, a need for contractual relationships, shared vision and compliance and standardisation. Priorities for a proposed shared services model were identified as finance and management of data and knowledge. The majority of respondents indicated they were willing to pay up to five percent of their budget for a shared services arrangement. These results provide a basis for further study as to the type of shared services model that organisations would find acceptable and render efficiencies and cost savings.Authors: Barbara Crump, Raja Peter Massey University, Wellington, New Zealand.Paper to be presented at the 7th European Conference on Information Management and Evaluation, Gdansk, 23-24 September 2013

A CRM technology model for the telecommunication industry

University of Technology, Sydney. Faculty of Information Technology.Planning and implementing a Customer Relationship Management (CRM) System affecting the attention of senior management within the majority of organizations. A CRM is no longer a fancy word but a necessity enforced by the impact of e-Business and the increased competition. Current interest in CRM is not limited to a specific industry or to a certain company size. This study is a comprehensive analysis of the CRM process. It starts by exploring the components of the CRM process with a special focus on the role of Knowledge within such process. Then the study highlights how CRM is currently implemented, how it is related to the customer life cycle and to all possible customer interaction points. Moreover, methodologies used in designing CRM systems were investigated and CRM services were identified. Finally, the study concludes by determining how we can measure the performance of implementing a CRM system, and then identify the challenges facing existing CRM systems. I backed up my study with a CRM model for a hypothetical telecommunication company. The model presented was used to highlight how capturing and managing information about customers across all contact channels will affect the CRM process of the company. The model was used as a basis for presenting technology tools used in implementing a CRM system. Models presented for the system were based on the rich picture technique. My study goes beyond highlighting the importance of knowledge, to the discussion of how the customer explicit knowledge could be captured, and what Knowledge Management tools can be embedded within the day to day business process. Such tools will work on tacit as well as explicit knowledge. CRM is not a common process among all industries. The Banking and Finance, Telecommunications, Health Care and Airline industries have new operational challenges issues that are discussed thoroughly. Additionally different design methodologies for CRM process do exist and were presented within the body of the study. The ideal CRM design methodology relies on the size and the nature of the business and should always consider the knowledge element. CRM is not an isolated process that could be implemented separately from other processes within the business. As a matter of fact, there are two essential elements that come into play here; total integration within all areas, and firm support from senior management. Further research areas required are highlighted. Such areas are required to resolve obstacles and limitations, not only with the design I proposed through this study, but also within the existing commercially available CRM systems. Research areas proposed are not limited to personalization, trust and the measurement of the CRM process