Refining the PoinTER “human firewall” pentesting framework

PurposePenetration tests have become a valuable tool in the cyber security defence strategy, in terms of detecting vulnerabilities. Although penetration testing has traditionally focused on technical aspects, the field has started to realise the importance of the human in the organisation, and the need to ensure that humans are resistant to cyber-attacks. To achieve this, some organisations “pentest” their employees, testing their resilience and ability to detect and repel human-targeted attacks. In a previous paper we reported on PoinTER (Prepare TEst Remediate), a human pentesting framework, tailored to the needs of SMEs. In this paper, we propose improvements to refine our framework. The improvements are based on a derived set of ethical principles that have been subjected to ethical scrutiny.MethodologyWe conducted a systematic literature review of academic research, a review of actual hacker techniques, industry recommendations and official body advice related to social engineering techniques. To meet our requirements to have an ethical human pentesting framework, we compiled a list of ethical principles from the research literature which we used to filter out techniques deemed unethical.FindingsDrawing on social engineering techniques from academic research, reported by the hacker community, industry recommendations and official body advice and subjecting each technique to ethical inspection, using a comprehensive list of ethical principles, we propose the refined GDPR compliant and privacy respecting PoinTER Framework. The list of ethical principles, we suggest, could also inform ethical technical pentests.OriginalityPrevious work has considered penetration testing humans, but few have produced a comprehensive framework such as PoinTER. PoinTER has been rigorously derived from multiple sources and ethically scrutinised through inspection, using a comprehensive list of ethical principles derived from the research literature

Sub-Versions: Investigating Videogame Hacking Practices and Subcultures

“Hacking” is an evocative term — one that is mired in tropes that reduce a diverse range of practices into a few stereotypically malicious activities. This thesis aims to explore one hacking practice, videogame hacking, whose practitioners make unauthorized alterations to videogames after their release. Through interviews, game analysis, and reflective writing, this thesis investigates videogame hacking subcultures of production — communities of creative labour that exist in the margins of mediamaking and the fringes of the law. This thesis begins by reviewing popular media and existing accounts of computer hacker culture, primarily Steven Levy’s Hackers: Heroes of the Computer Revolution and Gabriella Coleman’s Coding Freedom, in order to contextualize videogame hacking in broader histories of computer culture. Using this analysis as a starting point, the author then proposes a reflexive methodological framework for studying videogame hacking subcultures, designed to accommodate the ephemerality of virtual communities and the apprehensions of participants. The following two chapters refer to participant interviews to pursue two avenues of research. First, drawing upon Michel de Certeau’s writing on strategies versus tactics and Henry Jenkins chronicling of prohibitionist and collaborationist models, this study explores how intellectual property law serves as a site of tension between media companies and videogame fans. Second, the author explores the diverse motivations of videogame hackers who create works that are undistributable through commercial markets and may face the risk of legal action

Sony, Cyber Security, and Free Speech: Preserving the First Amendment in the Modern World

Reprinted from 16 U.C. Davis Bus. L.J. 309 (2016). This paper explores the Sony hack in 2014 allegedly launched by the North Korean government in retaliation over Sony’s production of The Interview and considers the hack’s chilling impact on speech in technology. One of the most devastating cyber attacks in history, the hack exposed approximately thirty- eight million files of sensitive data, including over 170,000 employee emails, thousands of employee social security numbers and unreleased footage of upcoming movies. The hack caused Sony to censor the film and prompted members of the entertainment industry at large to tailor their communication and conform storylines to societal standards. Such censorship cuts the First Amendment at its core and exemplifies the danger cyber terror poses to freedom of speech by compromising Americans’ privacy in digital mediums. This paper critiques the current methods for combatting cyber terror, which consist of unwieldy federal criminal laws and controversial information sharing policies, while proposing more promising solutions that unleash the competitive power of the free market with limited government regulation. It also recommends legal, affordable and user-friendly tools anyone can use to secure their technology, recapture their privacy and exercise their freedom of speech online without fear of surreptitious surveillance or retaliatory exposure

Data Scientists as Game Changers in Big Data Environments

The potential power of big data to generate insights and create new forms of value in the ways which transform organizations and society has been observed by big data-driven organizations and big data experts. Despite the recent sensational declaration of a data scientist as “the sexiest job of the 21st century”, however, there has been the lack of rigorous studies of what a data scientist is, and what job skill requirements this hottest job title may need. In order to address this gap, we systematically examine relevant source material to extract definitions and categorize them with a classification scheme developed to understand emergent roles and skills of data scientists. We conclude that the current lack of clear understanding and the growing skills shortage are key issues in realizing the potential benefits of big data in organizations through data scientists’ game changer roles, indicating important educational implications for our IS field

The Off-line and On-line Impact of Information and Communications Technology on ASEAN Security – a Perspective

Modern information and communication technologies have brought immense changes to peoples’ lives in the developed and developing countries. It has been a revolutionising game changer impacting on the manner people communicate, do business, partake in crime and even harm others physically and psychologically. This is increasing as the rate of technologies, especially the Internet, penetrate deeper into populous countries in Asia and Africa. Its role has been so immense and pervasive that it has led to all-round changes in the manner societies organise themselves, including in the security arena. The benefits of these technologies have been massive, changing exponentially the manner governments and people connect with each other within and without the territorial state.

Anthropology and Open Access

While still largely ignored by many anthropologists, open access (OA) has been a confusing and volatile center around which a wide range of contentious debates and vexing leadership dilemmas orbit. Despite widespread misunderstandings and honest differences of perspective on how and why to move forward, OA frameworks for scholarly communication are now part of the publishing ecology in which all active anthropologists work. Cultural Anthropology is unambiguously a leading journal in the field. The move to transition it toward a gold OA model represents a milestone for the iterative transformation of how cultural anthropologists, along with diverse fellow travelers, communicate more ethically and sustainably with global and diverse publics. On the occasion of this significant shift, we build on the history of OA debates, position statements, and experiments taking place during the past decade to do three things. Using an interview format, we will offer a primer on OA practices in general and in cultural anthropology in particular. In doing so, we aim to highlight some of the special considerations that have animated arguments for OA in cultural anthropology and in neighboring fields built around ethnographic methods and representations. We then argue briefly for a critical anthropology of scholarly communication (including scholarly publishing), one that brings the kinds of engaged analysis for which Cultural Anthropology is particularly well known to bear on this vital aspect of knowledge production, circulation, and valuation. Our field’s distinctive knowledge of social, cultural, political, and economic phenomena should also—but often has not—inform our choices as both global actors and publishing scholars

SOK:young children’s cybersecurity knowledge, skills & practice: a systematic literature review

The rise in children’s use of digital technology highlights the need for them to learn to act securely online. Cybersecurity skills require mature cognitive abilities which children only acquire after they start using technology. As such, this paper explores the guidance and current curriculum expectations on cybersecurity aspects in Scotland. Additionally, a systematic review was undertaken of the literature pertaining to cybersecurity education for children on a wider scale including papers from around the world, with 27 peer reviewed papers included in the final review. We discovered that most research focused on assessing children’s knowledge or investigating the efficacy of interventions to improve cybersecurity knowledge and practice. Very few investigated the skills required to carry out the expected cybersecurity actions. For example, high levels of literacy, mature short- and long-term memory, attention, and established meta cognition are all pre-requisites to be able to carry out cybersecurity activities. Our main finding is that empirical research is required to explore the ages at which children have developed essential cognitive abilities and thereby the potential to master cybersecurity skills

Cybercrime and Cyber-security Issues Associated with China: Some Economic and Institutional Considerations

China is linked to cybercrimes of diverse types, scales, motivations and objectives. The Chinese cyberspace thus provides an interesting setting for the study of cybercrimes. In this paper, we first develop typology, classification and characterization of cybercrimes associated with China, which would help us understand modus operandi, structures, profiles and personal characteristics of cybercrime organizations and potential perpetrators, the signature aspects and goals of cybercrimes, the nature and backgrounds of the criminal groups involved, characteristics of potential targets for criminal activities, the nature and extent of the damage inflicted on the victims and the implications to and responses elicited from various actors. We then examine this issue from developmental and international political economy angles. Specifically, we delineate salient features of China’s politics, culture, human capital and technological issues from the standpoint of cyber-security and analyze emerging international relations and international trade issues associated with this phenomenon. Our analysis indicates that China’s global ambition, the shift in the base of regime legitimacy from MarxLeninism to economic growth, the strong state and weak civil society explain the distinctive pattern of the country’s cyber-attack and cyber-security landscapes