A Secure and Strategic Approach to Keep IoT Devices Safe from Malware Attack

Through the advances in technology, businesses can now utilize the Internet of Things (IoT) devices to improve workflow and provide better services to customers. However, without a strategy to secure these devices, Information Technology (IT) security professionals are left with vulnerable equipment. Grounded in routine activities theory, the purpose of this qualitative multiple case study was to determine strategies IT security professionals used to protect IoT devices in their environment. The participants were 6 IT professionals from 2 medium to large size healthcare facilities based in the Buffalo, New York, and the Washington D.C. area, who possessed strategies to protect IoT devices. The data collection included semi-structured interviews and analysis of 7 industry standardization documents and 12 business documents. Data were analyzed using cluster analysis; four themes that emerged included user education to promote security, protect the environment through security layers, a policy that supports security, and threats that the technical gaps present. A key recommendation is that IT security professionals develop a security strategy that uses multiple layers to protect IoT devices from malware attacks. The implications for positive social change include the potential for IT security professionals to implement multi-layered IoT security strategies, which can help decrease attacks on vulnerable IoT devices and assure citizens of protecting their data

ICT aspects of power systems and their security

This report provides a deep description of four complex Attack Scenarios that have as final goal to produce damage to the Electric Power Transmission System. The details about protocols used, vulnerabilities, devices etc. have been for obvious reasons hidden, and the ones presented have to be understood as mere (even if realistic) simplified versions of possible power systems.JRC.DG.G.6-Security technology assessmen

A Solution for the Third-Party Doctrine in a Time of Data Sharing, Contact Tracing, and Mass Surveillance

Today, information is shared almost constantly. People share their DNA to track their ancestry or for individualized health information; they instruct Alexa to purchase products or provide directions; and, now more than ever, they use videoconferencing technology in their homes. According to the third-party doctrine, the government can access all such information without a warrant or without infringing on Fourth Amendment privacy protections. This exposure of vast amounts of highly personal data to government intrusion is permissible because the Supreme Court has interpreted the third-party doctrine as a per se rule. However, that interpretation rests on an improper understanding of the reasonable expectation of privacy standard developed in Katz v. United States. There is a solution. A close reading of Katz’s logic can reorient third-party analysis from a per se rule to a tailored test of the knowledge of the sharer and the nature of the recipient, asking whether the sharer (1) knowingly exposed information (2) to the public. This interpretation allows the Fourth Amendment to better evolve with changing technology, such that the exception no longer risks swallowing the rule

A Solution for the Third-Party Doctrine in a Time of Data Sharing, Contact Tracing, and Mass Surveillance

Today, information is shared almost constantly. People share their DNA to track their ancestry or for individualized health information; they instruct Alexa to purchase products or provide directions; and, now more than ever, they use videoconferencing technology in their homes. According to the third-party doctrine, the government can access all such information without a warrant or without infringing on Fourth Amendment privacy protections. This exposure of vast amounts of highly personal data to government intrusion is permissible because the Supreme Court has interpreted the third-party doctrine as a per se rule. However, that interpretation rests on an improper understanding of the reasonable expectation of privacy standard developed in Katz v. United States. There is a solution. A close reading of Katz’s logic can reorient third-party analysis from a per se rule to a tailored test of the knowledge of the sharer and the nature of the recipient, asking whether the sharer (1) knowingly exposed information (2) to the public. This interpretation allows the Fourth Amendment to better evolve with changing technology, such that the exception no longer risks swallowing the rule

Managing Risk: A Hermeneutic Phenomenology on the Experiences of Corporate Instructors When Planning and Developing Disaster Driven Training Content

This phenomenological study aimed to understand and interpret corporate trainers\u27 perspectives when developing disaster or pandemic-driven training content for remote situations and suggest a baseline response to identified deficits. Using the disaster risk management theory by Kim and Sohn (2018), with specific emphasis on Petak\u27s (1985) and McLoughlin\u27s (1985) framework, data from the participants was collected using semi-structured individual interviews, document analysis, and observations. While corporate trainers have used years of experience and seasoned pedagogy to enhance learning for their participants to achieve corporate objectives, almost no content exists regarding the process. Due to increased remote learning resulting from the pandemic following the coronavirus outbreak, it was essential to understand corporate trainers\u27 perspectives when creating content for novel situations. The central question for this study sought to understand the experiences corporate instructors had with developing disaster or pandemic-driven training content in their industry under remote learning conditions. This study investigated corporate readiness and training related to data/information security, culture preservation, and risk management in remote environments through interviews, observations, and document analysis, allowing insightful interpretation of the participants\u27 lived experiences. Findings showed that although reflective, corporate trainers did utilize elements of the DRM framework specifically as it relates to risk preparation, mitigation, and response to develop disaster driven training content and see the benefit of an integrated and proactive approach to developing risk and disaster driven training content

A HOLISTIC APPROACH TO PROTECTING NATIONAL SECURITY: INTEGRATING INTELLIGENCE AND RISK MANAGEMENT TO REDUCE INSIDER THREATS

Reviewed by Thomas Stanton and Anthony Lang, this thesis explores the important question of how a combination of security intelligence and risk management could be used to address insider threats and their impact on national security. As the thesis documents, insiders threaten not only the wellbeing of employees and facilities, but also the confidentiality and integrity of sensitive information, which could be used by foreign adversaries of the United States. The first chapter recommends more systematic integration of intelligence information into security programs. The second chapter explores the role of risk management, and especially Enterprise Risk Management, in improving the effectiveness of federal security programs and organizations. The third chapter focuses directly on the problem of insider threats. It highlights the remarkable number of ways that insiders such as Edward Snowden displayed warning signs of the danger they posed to national security, long before the damage they caused occurred. It was discovered that analyzing current threat information, which makes it intelligence, enables security programs to allocate resources and deploy countermeasures more appropriately. The intelligence findings enable risk management, which is the ongoing process federal organizations use to determine how they will respond to threats. Organizations that fail to understand their threat, and subsequently impose risk-driven countermeasures, are likely to suffer consequences from attacks – many of which come from insider threats. Insiders acting against federal organizations stand to damage national security by harming people they work with, revealing defense secrets, and/or weakening international relations. The potential damage to national security can be mitigated using the holistic approach outlined throughout this thesis

Emerging Threats of Synthetic Biology and Biotechnology

Synthetic biology is a field of biotechnology that is rapidly growing in various applications, such as in medicine, environmental sustainability, and energy production. However these technologies also have unforeseen risks and applications to humans and the environment. This open access book presents discussions on risks and mitigation strategies for these technologies including biosecurity, or the potential of synthetic biology technologies and processes to be deliberately misused for nefarious purposes. The book presents strategies to prevent, mitigate, and recover from ‘dual-use concern’ biosecurity challenges that may be raised by individuals, rogue states, or non-state actors. Several key topics are explored including opportunities to develop more coherent and scalable approaches to govern biosecurity from a laboratory perspective up to the international scale and strategies to prevent potential health and environmental hazards posed by deliberate misuse of synthetic biology without stifling innovation. The book brings together the expertise of top scholars in synthetic biology and biotechnology risk assessment, management, and communication to discuss potential biosecurity governing strategies and offer perspectives for collaboration in oversight and future regulatory guidance

Understanding Malicious Attacks Against Infrastructures - Overview on the Assessment and Management of Threats and Attacks to Industrial Control Systems

This report describes approaches to the assessment and management of malicious threats and attacks relating to critical infrastructures in general, and electric power infrastructures in particular. Securing infrastructures implies taking into account both the natural and man-made (intentional) events. While protecting against the natural disruptive events is a feasible (yet not trivial) task, benefiting by well-established practices, dealing with intentional attacks comes up across many difficulties, especially due to the unpredictability of such events. The report outlines the state-of-the-art in dealing with threats and malicious attacks, considering both physical and cyber actions. Several approaches taken at national and international levels towards securing the critical infrastructures are also provided.JRC.G.6-Sensors, radar technologies and cybersecurit

Cyber Ethics 4.0 : Serving Humanity with Values

Cyber space influences all sectors of life and society: Artificial Intelligence, Robots, Blockchain, Self-Driving Cars and Autonomous Weapons, Cyberbullying, telemedicine and cyber health, new methods in food production, destruction and conservation of the environment, Big Data as a new religion, the role of education and citizens’ rights, the need for legal regulations and international conventions. The 25 articles in this book cover the wide range of hot topics. Authors from many countries and positions of international (UN) organisations look for solutions from an ethical perspective. Cyber Ethics aims to provide orientation on what is right and wrong, good and bad, related to the cyber space. The authors apply and modify fundamental values and virtues to specific, new challenges arising from cyber technology and cyber society. The book serves as reading material for teachers, students, policy makers, politicians, businesses, hospitals, NGOs and religious organisations alike. It is an invitation for dialogue, debate and solution