26,755 research outputs found
Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset
Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system
Terrorism and religious fundamentalism: Prospects for a predictive paradigm
Although fundamentalism is neither new nor limited to one culture, globalized communications and recent political events have highlighted Christian and Muslim forms. Since links are often perceived between fundamentalism, extremism and terrorism, most commonly with respect to Islamic fundamentalism, it is desirable to delineate a model of fundamentalism which permits some degree of prediction as to its possible extension into political action. The term âreligious fundamentalismâ, it is argued here, can denote a type of worldview that can in fact be found in various religions of the world of today. Specifically, it may denote a shift in mentality from the relative harmlessness of an otherwise quaint, ultra-religious belief system to the readiness to pursue aggressively impositional, and in some cases terrorist activity. The article seeks to work out the details of these potential connections paradigmatically
Conceptualizing human resilience in the face of the global epidemiology of cyber attacks
Computer security is a complex global phenomenon where different populations interact, and the infection of one person creates risk for another. Given the dynamics and scope of cyber campaigns, studies of local resilience without reference to global populations are inadequate. In this paper we describe a set of minimal requirements for implementing a global epidemiological infrastructure to understand and respond to large-scale computer security outbreaks. We enumerate the relevant dimensions, the applicable measurement tools, and define a systematic approach to evaluate cyber security resilience. From the experience in conceptualizing and designing a cross-national coordinated phishing resilience evaluation we describe the cultural, logistic, and regulatory challenges to this proposed public health approach to global computer assault resilience. We conclude that mechanisms for systematic evaluations of global attacks and the resilience against those attacks exist. Coordinated global science is needed to address organised global ecrime
Democracy, the academic field and the (New Zealand) journalistic habitus
The relationship between journalism and the academy is historically fraught. Any mention of the word âtheoryâ is only likely to exacerbate these tensions, since it perhaps signifies, most clearly, the division
between both identities. Drawing on the social theory of Pierre Bourdieu, this paper considers, with particular empirical reference to the New Zealand context, the often antagonistic relationship between
the âjournalistic fieldâ and the âacademic fieldâ. I examine how academic identities are sometimes represented âfantasmaticallyâ (Glynos and Howarth, 2007) in journalistic discourse and explore the contradictions between journalismâs official commitment to democratic values and the desire of at
least some journalists to silence or lampoon academic voices, or insist that theoretical reflection is somehow incompatible with good journalism. The articulation of particular journalistic identities is contextualised with reference to the more âobjectiveâ logic of the New Zealand journalistic field and, in
particular, the structuring of its concrete relationship with the academic field through journalism education programmes. Although the culturally sedimented practices precluding the possibility of a different inter-field dynamic are considerable, I conclude by âvisualisingâ an alternative relationship, one constituted, on all sides, by what Williams Connolly (2005) characterises as a properly democratic
ethos of âagonistic respectâ across difference
Integrating security and usability into the requirements and design process
According to Ross Anderson, 'Many systems fail because their designers protect the wrong things or protect the right things in the wrong way'. Surveys also show that security incidents in industry are rising, which highlights the difficulty of designing good security. Some recent approaches have targeted security from the technological perspective, others from the humanâcomputer interaction angle, offering better User Interfaces (UIs) for improved usability of security mechanisms. However, usability issues also extend beyond the user interface and should be considered during system requirements and design. In this paper, we describe Appropriate and Effective Guidance for Information Security (AEGIS), a methodology for the development of secure and usable systems. AEGIS defines a development process and a UML meta-model of the definition and the reasoning over the system's assets. AEGIS has been applied to case studies in the area of Grid computing and we report on one of these
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
Post-Westgate SWAT : C4ISTAR Architectural Framework for Autonomous Network Integrated Multifaceted Warfighting Solutions Version 1.0 : A Peer-Reviewed Monograph
Police SWAT teams and Military Special Forces face mounting pressure and
challenges from adversaries that can only be resolved by way of ever more
sophisticated inputs into tactical operations. Lethal Autonomy provides
constrained military/security forces with a viable option, but only if
implementation has got proper empirically supported foundations. Autonomous
weapon systems can be designed and developed to conduct ground, air and naval
operations. This monograph offers some insights into the challenges of
developing legal, reliable and ethical forms of autonomous weapons, that
address the gap between Police or Law Enforcement and Military operations that
is growing exponentially small. National adversaries are today in many
instances hybrid threats, that manifest criminal and military traits, these
often require deployment of hybrid-capability autonomous weapons imbued with
the capability to taken on both Military and/or Security objectives. The
Westgate Terrorist Attack of 21st September 2013 in the Westlands suburb of
Nairobi, Kenya is a very clear manifestation of the hybrid combat scenario that
required military response and police investigations against a fighting cell of
the Somalia based globally networked Al Shabaab terrorist group.Comment: 52 pages, 6 Figures, over 40 references, reviewed by a reade
- âŠ