Multi-lateral Recognition of PKI Certification Authorities in the Asian Region: Transborder Data Flow and Information Privacy Issues

This article examines the feasibility of multi-lateral recognition of PKI certification authorities in the Asia region. It begins with a review of PKI technologies and the role of certification authorities. In the following sections, the notion of legal harmonisation of PKI certification authorities and issues in transborder data flow are explored by way of comparative analysis of Hong Kong, the PRC and Singapore. This examination compares and contrasts the legal recognition of PKI certification authorities in the relevant legislation as well as legislation relating to privacy, that is, the protection of personal data. It is argued throughout that any notion of multilateral legal recognition of PKI certification authorities should only be considered where a certain threshold has been met to harmonise the legal principles of PKI legislation, and where there is sufficient protection of personal data (privacy).published_or_final_versio

Who let the Cat out of the Bag? Internet Data Leakage and its Implications for Privacy Law and Policy in Hong Kong

Commentpublished_or_final_versio

Hong Kong anti-terrorism ordinance and the surveillance society: Privacy and free expression implications

This paper is a critical examination of the privacy and free expression implications of surveillance in the wake of new anti-terrorism law in Hong Kong. Surveillance has increased worldwide since the recent terrorist attacks. New technological modes of surveillance have become indispensable weapons in this ‘war on terrorism’. The extent to which such surveillance technology impacts on privacy and free expression has been explored extensively in the literature both in Europe and North America. The issue, however, has received little attention in Asia. European and North American anti-terrorism laws are set within the framework of legislative safeguards – safeguards as to the permissible boundaries of State surveillance. Where anti-terrorism laws impede civil liberties, the legislation is relatively clear and transparent. The situation in Hong Kong may be differentiated with that in Europe and North America; there do not appear to be any legal safeguards in place to curtail surveillance, while the notion of transparency seems wholly lacking in the larger legal framework of surveillance

The role of user behaviour in improving cyber security management

Information security has for long time been a field of study in computer science, software engineering, and information communications technology. The term ‘information security’ has recently been replaced with the more generic term cybersecurity. The goal of this paper is to show that, in addition to computer science studies, behavioural sciences focused on user behaviour can provide key techniques to help increase cyber security and mitigate the impact of attackers’ social engineering and cognitive hacking methods (i.e., spreading false information). Accordingly, in this paper, we identify current research on psychological traits and individual differences among computer system users that explain vulnerabilities to cyber security attacks and crimes. Our review shows that computer system users possess different cognitive capabilities which determine their ability to counter information security threats. We identify gaps in the existing research and provide possible psychological methods to help computer system users comply with security policies and thus increase network and information security

The Role of User Behaviour in Improving Cyber Security Management

Information security has for long time been a field of study in computer science, software engineering, and information communications technology. The term ‘information security’ has recently been replaced with the more generic term cybersecurity. The goal of this paper is to show that, in addition to computer science studies, behavioural sciences focused on user behaviour can provide key techniques to help increase cyber security and mitigate the impact of attackers’ social engineering and cognitive hacking methods (i.e., spreading false information). Accordingly, in this paper, we identify current research on psychological traits and individual differences among computer system users that explain vulnerabilities to cyber security attacks and crimes. Our review shows that computer system users possess different cognitive capabilities which determine their ability to counter information security threats. We identify gaps in the existing research and provide possible psychological methods to help computer system users comply with security policies and thus increase network and information security

Incorporating psychology into cyber security education: A pedagogical approach

The role of the human in cyber security is well acknowledged. Many cyber security incidents rely upon targets performing specific behavioural actions, such as opening a link within a phishing email. Cyber adversaries themselves are driven by psychological processes such as motivation, group dynamics and social identity. Furthermore, both intentional and unintentional insider threats are associated with a range of psychological factors, including cognitive load, mental wellbeing, trust and interpersonal relations. By incorporating psychology into cyber security education, practitioners will be better equipped with the skills they need to address cyber security issues. However, there are challenges in doing so. Psychology is a broad discipline, and many theories, approaches and methods may have little practical significance to cyber security. There is a need to sift through the literature to identify what can be applied to cyber security. There are also pedagogical differences in how psychology and cyber security are taught and also psychological differences in the types of student that may typically study psychology and cyber security. To engage with cyber security students, it is important that these differences are identified and positively addressed. Essential to this endeavor is the need to discuss and collaborate across the two disciplines. In this paper, we explore these issues and discuss our experiences as psychology and cyber security academics who work across disciplines to deliver psychology education to cyber security students, practitioners and commercial clients