A comparative study of teaching forensics at a university degree level

Computer forensics is a relatively young University discipline which has developed strongly in the United States and the United Kingdom but is still in its infancy in continental Europe. The national programmes and courses offered therefore differ in many ways. We report on two recently established degree programmes from two European countries: Great Britain and Germany. We present and compare the design of both programmes and conclude that they cover two complementary and orthogonal aspects of computer forensics education: (a) rigorous practical skills and (b) competence for fundamental research discoveries

Combined automotive safety and security pattern engineering approach

Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.EC/H2020/692474/EU/Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems/AMASSEC/H2020/737422/EU/Secure COnnected Trustable Things/SCOTTEC/H2020/732242/EU/Dependability Engineering Innovation for CPS - DEIS/DEISBMBF, 01IS16043, Collaborative Embedded Systems (CrESt

Incremental scoping study and implementation plan

This report is one of the first deliverables from the Incremental project, which seeks to investigate and improve the research data management infrastructure at the universities of Glasgow and Cambridge and to learn lessons and develop resources of value to other institutions. Coming at the end of the project’s scoping study, this report identifies the key themes and issues that emerged and proposes a set of activities to address those needs. As its name suggests, Incremental deliberately adopts a stepped, pragmatic approach to supporting research data management. It recognises that solutions will vary across different departmental and institutional contexts; and that top-down, policy-driven or centralised solutions are unlikely to prove as effective as practical support delivered in a clear and timely manner where the benefits can be clearly understood and will justify any effort or resources required. The findings of the scoping study have confirmed the value of this approach and the main recommendations of this report are concerned with the development and delivery of suitable resources. Although some differences were observed between disciplines, these seemed to be as much a feature of different organisational cultures as the nature of the research being undertaken. Our study found that there were many common issues across the groups and that the responses to these issues need not be highly technical or expensive to implement. What is required is that these resources employ jargon-free language and use examples of relevance to researchers and that they can be accessed easily at the point of need. There are resources already available (institutionally and externally) that can address researchers’ data management needs but these are not being fully exploited. So in many cases Incremental will be enabling efficient and contextualised access, or tailoring resources to specific environments, rather than developing resources from scratch. While Incremental will concentrate on developing, repurposing and leveraging practical resources to support researchers in their management of data, it recognises that this will be best achieved within a supportive institutional context (both in terms of policy and provision). The need for institutional support is especially evident when long-term preservation and data sharing are considered – these activities are clearly more effective and sustainable if addressed at more aggregated levels (e.g. repositories) rather than left to individual researchers or groups. So in addition to its work in developing resources, the Incremental project will seek to inform the development of a more comprehensive data management infrastructure at each institution. In Cambridge, this will be connected with the library’s CUPID project (Cambridge University Preservation Development) and at Glasgow in conjunction with the Digital Preservation Advisory Board

Complexity in the Context of Information Systems Project Management

Complexity is an inherent attribute of any project. The purpose of defining and documenting complexity is to enable a project team to foresee resulting challenges in a timely manner, and take steps to alleviate them.The main contribution of this article is to present a systematic view of complexity in project management by identifying its key attributes and classifying complexity by these attributes. A “complexity taxonomy” is developed and discussed within three levels: the product, the project and the external environment.Complexity types are described through simple real-life examples. Then a framework (tool) is developed for applying the notion of complexity as an early warning tool.The article is intended for researchers in complexity, project management, information systems, technology solutions and business management, and also for information specialists, project managers, program managers, financial staff and technology directors

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies

Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing website attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing website attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed