Information security failures identified and measured – ISO/IEC 27001:2013 controls ranked based on GDPR penalty case analysis

This paper identifies the failures and impacts of information security, as well as the most effective controls to mitigate information security risks in organizations.Root cause analysis was conducted on all year 2020 GDPR penalty cases (n = 81) based on misconduct as defined in GDPR article 32: “security of processing.” ISO/IEC 27,001 controls were used as failure identifiers in the analysis. As a result, this study presents both the most frequent and most expensive information security failures and correspondingly ranks and presents the correlation of the controls observed in the analysis. From a theoretical perspective, our study contributes by bridging the gap between regulation and information security and introduces a statistical method to analyze the GDPR penalty cases, and provides previously unreported findings about information security failures and their respective solutions. From a practical perspective, the results of our study are useful for organizations which aspire to manage information security more effectively in order to prevent the most typical and expensive information security failures. Organizations, as well as auditors implementing and assuring the ISO 27001, may use our results as a guideline whereby controls should be applied and verified first in sequential order based on their impact and interdependence.© 2023 The Author(s). Published with license by Taylor & Francis Group, LLC. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. The terms on which this article has been published allow the posting of the Accepted Manuscript in a repository by the author(s) or with their consent.fi=vertaisarvioitu|en=peerReviewed

Information Security Failures Measured and ISO/IEC 27001:2022 Controls Ranked by General Data Protection Regulation Penalty Analysis

Selecting the most important information security controls is a critical and difficult process. Therefore, the decision-making on how to manage risks and threats has to be supported with data-driven performance measurement metrics. This paper identifies and explores the failures and impacts of information security, as well as the most effective controls to mitigate information security risks in organizations. The method of the study was root cause analysis. All year 2020 GDPR penalty cases (n=81) based on misconduct, as defined in GDPR Article 32: “Security of processing” were matched with ISO/IEC 27001:2022 controls, which were used as failure identifiers in the analysis. As a result, the study presents both, the top 10 most frequent and the top 10 most expensive information security failures corresponding to ISO/IEC 27001:2022 controls. Furthermore, the study also illustrates the correlation of these controls.©2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.fi=vertaisarvioitu|en=peerReviewed

Island selection on mammalian life-histories: genetic differentiation in offspring size

BACKGROUND: Since Darwin's pioneering work, evolutionary changes in isolated island populations of vertebrates have continued to provide the strongest evidence for the theory of natural selection. Besides macro-evolutionary changes, micro-evolutionary changes and the relative importance of natural selection vs. genetic drift are under intense investigation. Our study focuses on the genetic differentiation in morphological and life-history traits in insular populations of a small mammal the bank vole Myodes glareolus. RESULTS: Our results do not support the earlier findings for larger adult size or lower reproductive effort in insular populations of small mammals. However, the individuals living on islands produced larger offspring than individuals living on the mainland. Genetic differentiation in offspring size was further confirmed by the analyses of quantitative genetics in lab. In insular populations, genetic differentiation in offspring size simultaneously decreases the additive genetic variation (VA) for that trait. Furthermore, our analyses of differentiation in neutral marker loci (Fst) indicate that VA is less than expected on the basis of genetic drift alone, and thus, a lower VA in insular populations could be caused by natural selection. CONCLUSION: We believe that different selection pressures (e.g. higher intraspecific competition) in an insular environment might favour larger offspring size in small mammals. Island selection for larger offspring could be the preliminary mechanism in a process which could eventually lead to a smaller litter size and lower reproductive effort frequently found in insular vertebrates.peerReviewe

Contemporary mature forest cover does not explain the persistence of Capercaillie (Tetrao urogallus) lekking areas in Finland

Capercaillie (Tetrao urogallus) has traditionally been considered an old forest-dependent species. The lekking sites especially,were thought to be located in older forests. We studied the persistence of Capercaillie lekking areas in relation tomature forest cover at three study areas in Finland (southwestern, SW; central, CE; and northern, NO). Atotal of 381 leks were inspected twice at intervals of 10-30 years and were classified as either persisting or vacated. We defined mature forest as forest with > 152 m 3ha -1 of timber (SW and CE Finland) or > 68 m 3ha -1 of timber (NO Finland). We measured mature-forest cover within two radii around the leks (1,000 and 3,000m) using satellite image-based forest inventories, and performed logistic regression analyses on these data. We did not find significant trends between mature-forest cover and lekking-area persistence in any of the study areas. However, the proportion of mature forestsmay have already been too low to detect the significance of this factor. The only significant factor affecting the lekking-site persistence was time lag between surveys. The positive relationship between the time lag and lekking-site persistence in CE and NO Finland may be due to the partial recovery of the landscapes in terms of forest regrowth, from extensive clear-cut harvesting in the 1950s and 1960s. In SWFinland, the relationship was negative, possibly indicatingmore permanent changes in the landscape that is currently characterized by human settlements and agricultural areas. We conclude that in present-day Finland, the area covered by mature forest ismost likely too scarce to explain the lekking-area persistence ofCapercaillie. An alternative explanation is that some important structural characteristics are missing from the current mature forests

Persistence of Capercaillie (Tetrao urogallus) lekking areas depends on forest cover and fine-grain fragmentation of boreal forest landscapes

Peer reviewe

PHYSIOLOGICAL ECOLOGY -ORIGINAL RESEARCH

Abstract Recent studies of long-distance migratory birds show that behavioural and physiological changes associated with predictable or unpredictable challenges during the annual cycle are distinctively regulated by hormones. Corticosterone is the primary energy regulating hormone in birds. Corticosterone levels are elevated during stresses but they are also modulated seasonally according to environmental conditions and life-history demands. We measured the baseline and stress-induced levels of corticosterone in the barn swallow (Hirundo rustica L.) just before spring and autumn migrations in South Africa and Finland, respectively. Barn swallows completing their pre-breeding moult had low body condition (residual body mass) and high baseline corticosterone levels in the wintering grounds. In contrast, baseline corticosterone levels in Finland were low and not related to residual mass. These data contradict the first prediction of the migration modulation hypothesis (MMH) by showing no association with baseline corticosterone levels and pre-migratory fuelling. Yet, the adrenocortical response to the capture and handling stress was notably blunted in South Africa compared to a strong response in Finland. Further, individuals that had started fuelling in Finland showed a reduced response to the handling stress. Taken together, elevated baseline corticosterone levels and high residual mass may blunt the adrenocortical response in long-distance migrants and aerial feeders such as the barn swallow. This observation lends support to the second prediction of the MMH

Effects of forest patch size on physiological stress and immunocompetence in an area-sensitive passerine, the Eurasian treecreeper (Certhia familiaris): an experiment.

We manipulated the primary brood size of Eurasian treecreepers (Certhia familiaris) breeding in different sized forest patches (0.5-12.8 ha) in moderately fragmented landscapes. We examined the effects of brood size manipulation (reduced, control, enlarged) and forest patch size on physiological stress (heterophil-lymphocyte ratios; H/L), body condition and cell-mediated immunocompetence (phytohaemagglutinin test). Nestlings' H/L ratios were negatively related to forest patch area in control and enlarged broods, whereas no effects were found in reduced broods. The effects of forest patch area were strongest in enlarged broods, which had, in general, twofold higher H/L ratios than control and reduced broods. The elevated H/L ratios were positively related to nestling mortality and negatively correlated with body-condition indices suggesting that the origin of stress in nestlings was mainly nutritional. Cell-mediated immunity of nestlings was not related to brood manipulation or to forest patch size. Also, the H/L ratios of adults were not related to brood manipulation or forest patch size. In addition, parental H/L ratios and body condition were not related to nestling H/L ratios. Our results suggest that during the breeding period the deleterious effects of habitat loss are seen explicitly in growing young

Using change trajectories to study the impacts of multi-annual habitat loss on fledgling production in an old forest specialist bird

The loss and subdivision of habitat into smaller and more spatially isolated units due to human actions has been shown to adversely affect species worldwide. We examined how changes in old forest cover during eight years were associated with the cumulative number of fledged offspring at the end of study period in Eurasian treecreepers (Certhia familiaris) in Central Finland. We were specifically interested in whether the initial level of old forest cover moderated this relation. We applied a flexible and powerful approach, latent growth curve modelling in a structural equation modeling (SEM) framework, to create trajectories describing changes in old forest cover through time, and studied how this change at both the territory core and landscape scales impacted fledging numbers. Our main finding was that at the territory core scale the negative impact of habitat loss on fledging numbers was lessened by the higher levels of initial forest cover, while no association was found at the landscape scale. Our study highlights a powerful, but currently under-utilised methodology among ecologists that can provide important information about biological responses to changes in the environment, providing a mechanistic way to study how land cover dynamics can affect species responses.peerReviewe

From northern Europe to Ethiopia : Long-distance migration of Common Cranes (Grus grus)

The majority of Common Cranes (Grus grus) breeding in northern Europe are short- to medium-distance migrants that overwinter in southern Europe, northern Africa, and the Middle East. However, some individuals migrate longer distances to as far as Ethiopia. Using data from 18 satellite-tracked juvenile Common Cranes, we assessed (1) the length and landscape composition of the migratory routes used and (2) the behaviour of neighbouring Finnish and Estonian (500 km apart in the north-south direction) sub-populations. Our results show that Common Cranes mainly use the East European flyway to reach the wintering grounds in Ethiopia, yet some individual cranes may alternatively use the Baltic-Hungarian migration route. Neither duration nor the number of stopovers used influenced the flight distances of the cranes. Further, 7-19 days of refuelling enabled the cranes to cover long flight distances, from 2,420 to 5,110 km in 6-15 days, without the need for settling down at potential stopovers on the route. Contrary to our expectations, the main refuelling sites of the Finnish breeding population were further south (in southern Ukraine) than those of the Estonian population (in Belarus). Despite the longer flight distances, Finnish cranes used three main migration stages, while cranes breeding at more southern sites generally used mainly four stages. Our findings demonstrate that large-sized social migrants such as the Common Crane may have spatially segregated, flexible migration patterns that involve only a few carefully selected stopovers during long-distance migration