MANAGING UNKNOWN-UNKNOWNS IN CYBER-SECURITY

Techniques are described herein for managing unknown-unknowns in cyber-security. Trust degradation is a precursor index to failure. The use cases of scoring the trust degradation in a system span to almost every aspect in networking, edge and cloud included. A well devised Trust Evaluation Function (TEF) will cover many use cases: for example (1) better and adaptive private key management (e.g., re-keying); (2) better and adaptive end user experience password management and its fine grain monitoring in a data center; (3) better and adaptive digital asset certifications; (4) troubleshooting; and (5) real-time scalability and risk assessment for extremely large network, for example in federated cloud environment. The features of a digital trust scoring will start to reflect the likelihood of erosion of trust created on day 0. Platform independency is achieved when the score is a degradation of the trust and not the trust value alone. A trust value may start erroneously, but the rate of change may lead to continuous evaluation. Therefore, the originating trust is set as a prior. Erosion will thus work with time against the assumed original trust. In the example of an expiration date or a combinatorial complexity erosion of a private key, the realization of a trust erosion is not a Boolean fail pass type, but a relative factor number. On a comprehensive integrated analytical dashboard, the trust factor produces the percent life left of given a digital secret

Cyber-threats against the Norwegian financial sector

Technological development affects most of the industries in the world, and the Norwegian financial sector is no exception. We use our digital tools every day, and these tools make footsteps of personal information. Norway is one of the most digitalized countries, and digitalization has brought new ways of thinking and made the sector more effective. However, this also brings new challenges with new vulnerabilities and risks. All this has made a need for understanding and managing cyber-risk. This thesis investigates how the Norwegian financial sector handles the risk of losing personal information when drawing on cyber-attacks by performing a content analysis based on relevant documents and articles. Discussion and analysis of the dominant documents and articles contribute to achieving the thesis goal of answering the research question. We do this intending to generate awareness of the cyber-risk in the sector when it comes to handling personal information. Additionally, we aim to create an understanding and knowledge base of the topic to understand the development better and be capable of being resilient to this type of risk. The content analysis of cyber-risk and cyber-threat in this thesis reveals that the risk of losing personal information is in constant flux. The reason is compound, but the analysis shows that our main findings can summarize it; Implementation and enactment of complexity in existing material, Speedy development and an arduous environment, and Endorsement of robustness, relicense, and redundancy. We were especially boggled over the neglection of integrating complexity as a risk in both the current NIST-framework and the ISO27001 standard. Also, the rapid development of technology and different types of actors may force the sector to take measures, but the long value chains increase the complexity

Cyber-threats against the Norwegian financial sector

Technological development affects most of the industries in the world, and the Norwegian financial sector is no exception. We use our digital tools every day, and these tools make footsteps of personal information. Norway is one of the most digitalized countries, and digitalization has brought new ways of thinking and made the sector more effective. However, this also brings new challenges with new vulnerabilities and risks. All this has made a need for understanding and managing cyber-risk. This thesis investigates how the Norwegian financial sector handles the risk of losing personal information when drawing on cyber-attacks by performing a content analysis based on relevant documents and articles. Discussion and analysis of the dominant documents and articles contribute to achieving the thesis goal of answering the research question. We do this intending to generate awareness of the cyber-risk in the sector when it comes to handling personal information. Additionally, we aim to create an understanding and knowledge base of the topic to understand the development better and be capable of being resilient to this type of risk. The content analysis of cyber-risk and cyber-threat in this thesis reveals that the risk of losing personal information is in constant flux. The reason is compound, but the analysis shows that our main findings can summarize it; Implementation and enactment of complexity in existing material, Speedy development and an arduous environment, and Endorsement of robustness, relicense, and redundancy. We were especially boggled over the neglection of integrating complexity as a risk in both the current NIST-framework and the ISO27001 standard. Also, the rapid development of technology and different types of actors may force the sector to take measures, but the long value chains increase the complexity

Current Advancements of and Future Developments for Fourth Party Logistics in a Digital Future

This paper aims to analyze the potential future of the 4PL concept based on expert opinions with special regard to the influence of digitalization coming with a disruptive trans-formation of supply chains. Service arrangements, provider capabilities and benefits resulting from a 4PL partnership are compared in current and future configurations. The research follows an explorative mixed methods approach with semi structured interviews followed by an expert panel. This builds a basis for an online survey questionnaire to inquire on important future aspects for the 4PL concept by a sample of respondents from multinational companies. Our results show a clear trend away from simply organizing transportation and logistics activities towards the provision of an IT platform as well as further value-added service activities such as planning, analytics and monitoring. Along with this, IT capabilities appear to be an important differentiator for 4PL providers in the future. Moreover, relationships between 4PL providers and their clients become closer and more strategic, which leads to a customer valuing not only direct cost reductions but rather improvements resulting from optimized operations through superior analysis and planning functions

Striking a Balance Between Physical and Digital Resources

In various configurations—be they academic, archival, county, juvenile, monastic, national, personal, public, reference, or research, the library has been a fixture in human affairs for a long time. Digital — meaning, content or communication that is delivered through the internet, is 20 years old (but younger in parts). Basically, both approaches to organizing serve to structure information for access. However, digital is multiplying very fast and libraries all-round contemplate an existential crisis; the more hopeful librarians fret about physical and digital space. Yet, the crux of the matter is not about physical vs. digital: without doubt, the digital space of content or communication transmogrifies all walks of life and cannot be wished away; but, the physical space of libraries is time-tested, extremely valuable, and can surely offer more than currently meets the eye. Except for entirely virtual libraries, the symbiotic relationship between the physical and the digital is innately powerful: for superior outcomes, it must be recognized, nurtured, and leveraged; striking a balance between physical and digital resources can be accomplished. This paper examines the subject of delivering digital from macro, meso, and micro perspectives: it looks into complexity theory, digital strategy, and digitization

A strategic approach to making sense of the “wicked” problem of ERM

Purpose – The purpose of this paper is to provide an approach to viewing the “wicked” problem of electronic records management (ERM), using the Cynefin framework, a sense-making tool. It re-conceptualises the ERM challenge by understanding the nature of the people issues. This supports decision making about the most appropriate tactics to adopt to effect positive change. Design/methodology/approach – Cynefin was used to synthesise qualitative data from an empirical research project that investigated strategies and tactics for improving ERM. Findings – ERM may be thought of as a dynamic, complex challenge but, viewed through the Cynefin framework, many issues are not complex; they are simple or complicated and can be addressed using best or good practice. The truly complex issues need a different approach, described as emergent practice. Cynefin provides a different lens through which to view, make sense of and re-perceive the ERM challenge and offers a strategic approach to accelerating change. Research limitations/implications – Since Cynefin has been applied to one data set, the findings are transferrable not generalisable. They, and/or the approach, can be used to further test the propositions. Practical implications – The resultant ERM framework provides a practical example for information and records managers to exploit or use as a starting point to explore the situation in particular organisational contexts. It could also be used in other practical, teaching and/or research-related records contexts. Originality/value – This paper provides a new strategic approach to addressing the wicked problem of ERM, which is applicable for any organisational context

Knowledge Collaboration: Working with Data and Web Specialists

When resources are finite, people strive to manage resources jointly (if they do not rudely take possession of them). Organizing helps achieve—and even amplify—common purpose but often succumbs in time to organizational silos, teaming for the sake of teaming, and the obstacle course of organizational learning. The result is that organizations, be they in the form of hierarchies, markets, or networks (or, gradually more, hybrids of these), fail to create the right value for the right people at the right time. In the 21st century, most organizations are in any event lopsided and should be redesigned to serve a harmonious mix of economic, human, and social functions. In libraries as elsewhere, the three Ss of Strategy—Structure—Systems must give way to the three Ps of Purpose—Processes—People. Thence, with entrepreneurship and knowledge behaviors, data and web specialists can synergize in mutually supportive relationships of shared destiny

Is There an App for That? Electronic Health Records (EHRs) and a New Environment of Conflict Prevention and Resolution

Katsh discusses the new problems that are a consequence of a new technological environment in healthcare, one that has an array of elements that makes the emergence of disputes likely. Novel uses of technology have already addressed both the problem and its source in other contexts, such as e-commerce, where large numbers of transactions have generated large numbers of disputes. If technology-supported healthcare is to improve the field of medicine, a similar effort at dispute prevention and resolution will be necessary