Community Self Help

This paper advocates controlling crime through a greater emphasis on precautions taken not by individuals, but by communities. The dominant battles in the literature today posit two central competing models of crime control. In one, the standard policing model, the government is responsible for the variety of acts that are necessary to deter and prosecute criminal acts. In the other, private self-help, public law enforcement is largely supplanted by providing incentives to individuals to self-protect against crime. There are any number of nuances and complications in each of these competing stories, but the literature buys into this binary matrix

Electronic security - risk mitigation in financial transactions : public policy issues

This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators

Privacy and Security Concerns Associated with mHealth Technologies: A Computational Social Science Approach

mHealth technologies seek to improve personal wellness; however, there are still significant privacy and security challenges. The purpose of this study is to analyze tweets through social media mining to understand user-reported concerns associated with mHealth devices. Triangulation was conducted on a representative sample to confirm the results of the topic modeling using manual coding. The results of the emotion analysis showed 67% of the posts were largely associated with anger and fear, while 71% revealed an overall negative sentiment. The findings demonstrate the viability of leveraging computational techniques to understand the social phenomenon in question and confirm concerns such as accessibility of data, lack of data protection, surveillance, misuse of data, and unclear policies. Further, the results extend existing findings by highlighting critical concerns such as users’ distrust of these mHealth hosting companies and the inherent lack of data control

A Separate Phone to Work and Play: Protection Motivation Theory and Smartphone Security Behaviour

Smartphone security is a growing concern. In this study, we use of the Protection Motivation Theory (PMT) to explore users’ attitudes, perceptions and behaviours towards the security of their work provided and personal smartphones. Australian employees from an insurance company participated in in-depth semi-structured interviews focussed on their behaviours. Data was analysed using deductive and inductive thematic analysis, guided by PMT to explore the comparisons between personal and work devices. The main overarching theme was that people behave more safely on their work smartphones compared to on their personal smartphones. Results suggest that perceived vulnerability, perceived reward, response cost, self-efficacy and social influence largely contributed to a lack of protective behaviour displayed when using personal smartphones. Despite the safe behaviour reported for work smartphones, these behaviours appear to be motivated by organisational controls, rather than intrinsically. This research has applied implications for education, relevant to both personal and workplace contexts

Security and Privacy in RFID Applications

Concerns about privacy and security may limit the deployment of RFID technology and its benefits, therefore it is important they are identified and adequately addressed. System developers and other market actors are aware of the threats and are developing a number of counter measures. RFID systems can never be absolutely secure but effort needs to be made to ensure a proper balance between the risks and the costs of counter measures. The approach taken to privacy and security should depend on the application area and the context of a specific application. In this chapter, we selected and discussed four application areas, but there are many others where privacy and security issues are relevant.JRC.J.4-Information Societ

Computer Crime and Identity theft

The problem at hand is the increased amount of vulnerabilities and security hazards for individuals engaging in e-commerce, business transactions over the World Wide Web. Since the majority of people aren\u27t paying their bills by mailing in their payment to the vendor, they pay for the items they purchase online, which makes them open to hackers and social engineering attacks. They place their credit card/debit card numbers, their phone number and home address, and even their birth date information on company websites. All these security vulnerabilities make the risk of identity theft increasingly high. Identity theft is when an individual\u27s personal (confidential) information, such as social security or account numbers, is stolen and used against them

Using the Computer Fraud and Abuse Act to Secure Public Data Exclusivity

In August, 2015, hackers exposed approximately 33 million user records associated with the extra-marital affair website Ashley Madison. The hackers made this data available to the public through torrents and other file sharing protocols. This data became instantly irresistible to the media and suspicious spouses everywhere. However, is accessing the user records illegal under the Computer Fraud and Abuse Act? While many legal scholars agree that accessing or publishing this data is not likely a violation of the Computer Fraud and Abuse Act, the United States Attorney’s office does not necessarily see it that way. “Once you download or distribute hacked information without specific permission or a fair use license, you\u27ve exposed yourself to potential criminal liability under the Computer Fraud and Abuse Act,” says a representative of the Chicago U.S. Attorney’s office. “An individual who retweets or forwards a link to a website containing hacked information could potentially be viewed as an accessory to the hack after the fact.” A “hack after the fact” not only leads to criminal penalties but a civil cause of action under the Act, which is quickly becoming a leading statute in U.S. cybersecurity law. This Article describes problems inherent in the Act when compared with modern web-based applications and how savvy civil litigators are “hacking” the Computer Fraud and Abuse Act for their own purposes, namely as a para-copyright tool. This “hack” is accomplished by exposing two vulnerabilities: (1) the literal application of the term “access controls” encompassing token controls; and (2) the mere facial review of loss declarations. For example, by taking advantage of these two vulnerabilities, attorneys for Craigslist were able to secure exclusivity to the publicly-available advertisements on its website. This Article’s solution to the vulnerabilities is to build in reference to data security standards and define the type of data protectable under the Act, specifically private and confidential data