An exploratory study in to the money laundering threats, vulnerabilities, and controls within the UK bookmaker sector, with a specific focus on Fixed-Odds Betting Terminals

The purpose of this exploratory study was to generate an understanding in to the money laundering threats, vulnerabilities and controls found within UK betting shops, with a direct focus on the exponential growth of Fixed-Odd Betting Terminals. Qualitative research methods facilitated eight semi-structured interviews with key stakeholders linked to the gambling and/or money laundering sphere. This included the Gambling Commission, Campaign for Fairer Gambling, an ex-Head of Security and Safety at a major bookmaker, and five regular Fixed-Odd Betting Terminal users. The interviews were recorded, transcribed and coded for thematic analysis, subsequently resulting in the emergence of four interesting and meaningful themes. These were (1) Ineffective CDD enforcement facilitating anonymity (2) Weak anti-money laundering safeguards unable to mitigate known threats (3) A lack of anti-money laundering training, awareness, and resources (4) The Gambling Commission’s attempt for increased anti-money laundering regulation unsuccessful. By allowing a phenomenological framework to guide the data collection process, the interpreted subjective views and experiences of the participants involved, although somewhat limited, indicate that money laundering threats within the bookmaker sector are inherently high, with a lack of effective safeguards in place to mitigate the identified vulnerabilities

Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

Most of the actions that fall under the trilogy of cyber crime, terrorism,and war exploit pre-existing weaknesses in the underlying technology.Because these vulnerabilities that exist in the network are not themselvesillegal, they tend to be overlooked in the debate on cyber security. A UKreport on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cyber crime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal day-to-day expenditures for the Government, businesses, and individuals. This article contends if these costs had been quantified and integrated into the cost of cyber crime, then the analysis would have revealed that what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to exploit them. By downplaying the vulnerabilities, the threats represented by cyber war, cyber terrorism, and cyber crime are conversely inflated. Therefore, reassessing risk as a strategy for security in cyberspace must include acknowledgment of understated vulnerabilities, as well as a better distributed knowledge about the nature and character of the overhyped threats of cyber crime, cyber terrorism, and cyber war

Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

The Space Object Ontology

Achieving space domain awareness requires the identification, characterization, and tracking of space objects. Storing and leveraging associated space object data for purposes such as hostile threat assessment, object identification, and collision prediction and avoidance present further challenges. Space objects are characterized according to a variety of parameters including their identifiers, design specifications, components, subsystems, capabilities, vulnerabilities, origins, missions, orbital elements, patterns of life, processes, operational statuses, and associated persons, organizations, or nations. The Space Object Ontology provides a consensus-based realist framework for formulating such characterizations in a computable fashion. Space object data are aligned with classes and relations in the Space Object Ontology and stored in a dynamically updated Resource Description Framework triple store, which can be queried to support space domain awareness and the needs of spacecraft operators. This paper presents the core of the Space Object Ontology, discusses its advantages over other approaches to space object classification, and demonstrates its ability to combine diverse sets of data from multiple sources within an expandable framework. Finally, we show how the ontology provides benefits for enhancing and maintaining longterm space domain awareness

Web development evolution: the assimilation of web engineering security

In today’s e-commerce environment, information is an incredibly valuable asset. Surveys indicate that companies are suffering staggering financial losses due to web security issues. Analyzing the underlying causes of these security breaches shows that a significant proportion of them are caused by straightforward design errors in systems and not by failures in security mechanisms. There is significant research into security mechanisms but there is little research into the integration of these into software design processes, even those processes specifically designed for Web Engineering. Security should be designed into the application development process upfront through an independent flexible methodology that contains customizable components

Web development evolution: the assimilation of web engineering security

In today’s e-commerce environment, information is an incredibly valuable asset. Surveys indicate that companies are suffering staggering financial losses due to web security issues. Analyzing the underlying causes of these security breaches shows that a significant proportion of them are caused by straightforward design errors in systems and not by failures in security mechanisms. There is significant research into security mechanisms but there is little research into the integration of these into software design processes, even those processes specifically designed for Web Engineering. Security should be designed into the application development process upfront through an independent flexible methodology that contains customizable components

Risks associated with Logistics 4.0 and their minimization using Blockchain

Currently we are saying that we are at the dawn of the fourth revolution, which is marked by using cyber-physical systems and the Internet of Things. This is marked as Industry 4.0 (I4.0). With Industry 4.0 is also closely linked concept Logistics 4.0. The highly dynamic and uncertain logistic markets and huge logistic networks require new methods, products and services. The concept of the Internet of Things and Services (IoT&S), Big Data/Data Mining (DM), cloud computing, 3D printing, Blockchain and cyber physical system (CPS) etc. seem to be the probable technical solution for that. However, associated risks hamper its implementation and lack a comprehensive overview. In response, the paper proposes a framework of risks in the context of Logistics 4.0. They are here economic risks, that are associated e.g. with high or false investments. From a social perspective, risks the job losses, are considered too. Additionally, risks can be associated with technical risks, e.g. technical integration, information technology (IT)-related risks such as data security, and legal and political risks, such as for instance unsolved legal clarity in terms of data possession. It is therefore necessary to know the potential risks in the implementation process.Web of Science101857

Exact Inference Techniques for the Analysis of Bayesian Attack Graphs

Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise network resources. The uncertainty about the attacker's behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic analysis. Previous approaches have focused on the formalization of attack graphs into a Bayesian model rather than proposing mechanisms for their analysis. In this paper we propose to use efficient algorithms to make exact inference in Bayesian attack graphs, enabling the static and dynamic network risk assessments. To support the validity of our approach we have performed an extensive experimental evaluation on synthetic Bayesian attack graphs with different topologies, showing the computational advantages in terms of time and memory use of the proposed techniques when compared to existing approaches.Comment: 14 pages, 15 figure