Mitigating risk in computerized bureaucracy

This paper presents an important aspect of the pragmatic dimensions of mitigating the risks that stem from computerized bureaucracy, and thereby, preserving the organizational integrity of a firm. A case study is used to provide valuable insights into the mechanics of such mitigation. The case refers to the problematic implementation and use of a computerized reservation system in a large budget hotel in London, United Kingdom. Following the empirical findings, Ciborra’s notions of bricolage, improvisation and tinkering are examined as practical and useful ways of addressing the downsides of computerized bureaucracy

Building a Theory of Socio-technical Fraud

In the last decade, there has been an unprecedented global adoption of information and communication technologies. While developed countries are more attractive targets and suffer significantly higher losses to cyber-crime as a percentage of their Gross Domestic Product, developing and least-developed countries countries are more vulnerable. Phone-based scams such as phreaking and caller identity spoofing are instances of cyber-fraud, theft and forgery that are very widespread in these countries. Interestingly, deception is at the heart of these cyber-crimes. This paper acknowledges the extant literature on deception detection and the contribution of the related theories of deception, but proposes the development of a theory that treats cyber-deception and fraud as fundamentally socio-technical phenomena. Drawing on Humanities and the socio-anthropological concept of ‘cunning intelligence’, we aim to develop an explanatory lens of fraud that can be applied to different types of cyber-crime

Mismatched Understanding of IS Security Policy: A RepGrid Analysis

Professional and academic literature indicates that organizational stakeholders may hold different perceptions of security rules and policies. This discrepancy of perceptions may be rooted into a conflict between the compliance of stakeholders to organizational norms on the one hand, and security rules on the other. The paper argues that a mismatched understanding of security policy can have a devastating effect on the security of organizations, and should therefore be treated as a key reason for non-compliance to security policy. Using Personal Construct Theory and Repertory Grids we explore how different stakeholder groups within an organization can hold divergent views on the same security policies. Our findings have implications for the design of security policy training and awareness programs, as well as for the institution and internalization of good IS governance practices

A Holistic Systems Security Approach Featuring Thin Secure Elements for Resilient IoT Deployments

© 2020 by the authors. This is an open access article distributed under the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.IoT systems differ from traditional Internet systems in that they are different in scale, footprint, power requirements, cost and security concerns that are often overlooked. IoT systems inherently present different fail-safe capabilities than traditional computing environments while their threat landscapes constantly evolve. Further, IoT devices have limited collective security measures in place. Therefore, there is a need for different approaches in threat assessments to incorporate the interdependencies between different IoT devices. In this paper, we run through the design cycle to provide a security-focused approach to the design of IoT systems using a use case, namely, an intelligent solar-panel project called Daedalus. We utilise STRIDE/DREAD approaches to identify vulnerabilities using a thin secure element that is an embedded, tamper proof microprocessor chip that allows the storage and processing of sensitive data. It benefits from low power demand and small footprint as a crypto processor as well as is compatible with IoT 29 requirements. Subsequently, a key agreement based on an asymmetric cryptographic scheme, namely B-SPEKE was used to validate and authenticate the source. We find that end-to-end and independent stand-alone procedures used for validation and encryption of the source data originating from the solar panel are cost-effective in that the validation is carried out once and not several times in the chain as is often the case. The threat model proved useful not so much as a panacea for all threats but provided the framework for the consideration of known threats, and therefore appropriate mitigation plans to be deployed.Peer reviewe

Insider fraud and routine activity theory

This paper examines three scenarios of insider fraud based on empirical data from an upper-tier budget hotel in London, as part of a thought experiment on insider fraud. The scenarios are presented in the form of crime scripts and are reviewed under the theoretical framework of the Routine Activity Approach, which is widely used in crime science. The discussion that follows reflects on the theoretical underpinnings of the Routine Activity Approach and raises wider issues and concerns relating to information security, such as the adoption and implementation of controls against the insider threat

Pre-processing of magnetoencephalographic signals

SIGLEAvailable from British Library Document Supply Centre-DSC:DXN008573 / BLDSC - British Library Document Supply CentreGBUnited Kingdo

Pre-processing of magnetoencephalographic signals.

This thesis is concerned with the processing of MagnetoEncephaloGraphic (MEG) signals before their further analysis for clinical purposes. An overview of recent methods that have been applied to brain signals is first presented. The area of interference elimination is covered then, as the MEG signals suffer from the heart interfering magnetic field which in the majority of the experimental situations outweighs the signal of interest. The framework of a two step algorithm which first identifies the interference and then eliminates it by orthogonal projecting it to the contaminated signal is proposed. Next, the restoration of an MEG-like signal of interest buried in coloured noise is attempted by adopting a multi-model representation of the mixed signals. The noise is modelled an a autoregressive process and the deterministic signal of interest as a Markov Random process assuming piecewise linearity. The Simulated Annealing method is adopted for the restoration procedure. Furthermore, multi-resolution is used in order to accelerate the algorithm. Finally, a solution to the inverse solution is attempted by using the Singular Value Decomposition technique to decompose the measurement signal space to two subspaces, one dominated by the heart and another one dominated by the brain. Throughout the thesis results are presented with both synthetic and real data in order to illustrate the validity and usefulness of the proposed algorithms