Search results for "Cybersecurity"
showing 10 items of 43 documents
Information Security Risk Assessments following Cybersecurity Breaches : The Mediating Role of Top Management Attention to Cybersecurity
2023
Information Systems (IS) research on managerial response to cybersecurity breaches has largely focused on externally oriented actions such as customer redressal and crisis response. Within the firm itself, a breach may be a symptom of systematic problems, and a narrow, siloed focus on only fixing immediate issues through technical fixes and controls might preclude other managerial actions to ensure future cybersecurity. Towards this end, Information Security Risk Assessments (ISRA) can help surface other vulnerabilities following a breach. While the role of governance in such exercises is emphasized in standards, it is undertheorized in IS research and lacks empirical evidence. We draw on t…
Cybersecurity Attacks on Software Logic and Error Handling Within AIS Implementations: A Systematic Testing of Resilience
2022
To increase situational awareness of maritime vessels and other entities and to enable their exchange of various information, the International Maritime Organization mandated the use of the Automatic Identification System (AIS) in 2004. The AIS is a self-reporting system that uses the VHF radio link. However, any radio-based self-reporting system is prone to forgery, especially in situations where authentication of the message is not designed into the architecture. As AIS was designed in the 1990s when cyberattacks were in their infancy, it does not implement authentication or encryption; thus, it can be seen as fundamentally vulnerable against modern-day cyberattacks. This paper demonstrat…
Desired cybersecurity skills and skills acquisition methods in the organizations
2022
Abstract:Key personnel and their competences play important roles in continuity management and improving resilience of cybersecurity in organizations. Researchers have addressed many topics and studies in the cybersecurity domain. However, relevant cybersecurity skills and acquisition of them in expertise development, have only been partially touched. If designed systematically and properly, cybersecurity training can improve cybersecurity expertise to ensure better performance in complex cybersecurity situations. More through study on the acquisition of cybersecurity skills, and work-life needs are needed. The research three questions of this study are: How do work-life representatives see…
Online expression and spending on personal cybersecurity
2019
The Internet is used increasingly as a platform both for free expression and e-commerce. Internet users have a variety of attitudes towards the security and privacy risks involved with using the Internet; and distinct concerns and behaviors with regard to expressing themselves online. Users may have controversial viewpoints that they may express online in various ways. Controversial viewpoints or artwork by their nature may not be as well received as positive or polite expressions. In the online environment, users with controversial viewpoints may be reluctant to express the viewpoints due to concern about possible consequences resulting from the expressions. Consequences may be imposed by …
Emerging Cyber risk Challenges in Maritime Transportation
2022
Maritime security and surveillance have become one of the main areas in managing overall situational awareness. For example, the growing importance of maritime traffic in cross-border trade has created new pressures to develop new technologies for accident prevention, especially in the ports. Maritime safety is also a matter of concern for continuity management. Automatic ship alarm systems, coastal radars and coastal cameras are not alone sufficient equipment to build maritime awareness. The Universal Shipborne Automatic Identification System (AIS) is a ship transponder system that is a globally used tracking system, but highly vulnerable to hacking. A major maritime traffic problem arises…
Insecure Firmware and Wireless Technologies as “Achilles’ Heel” in Cybersecurity of Cyber-Physical Systems
2022
In this chapter, we analyze cybersecurity weaknesses in three use-cases of real-world cyber-physical systems: transportation (aviation), remote explosives and robotic weapons (fireworks pyrotechnics), and physical security (CCTV). The digitalization, interconnection, and IoT-nature of cyber-physical systems make them attractive targets. It is crucial to ensure that such systems are protected from cyber attacks, and therefore it is equally important to study and understand their major weaknesses. peerReviewed
A Novel Model for Cybersecurity Economics and Analysis
2017
In recent times, major cybersecurity breaches and cyber fraud had huge negative impact on victim organisations. The biggest impact made on major areas of business activities. Majority of organisations facing cybersecurity adversity and advanced threats suffers from huge financial and reputation loss. The current security technologies, policies and processes are providing necessary capabilities and cybersecurity mechanism to solve cyber threats and risks. However, current solutions are not providing required mechanism for decision making on impact of cybersecurity breaches and fraud. In this paper, we are reporting initial findings and proposing conceptual solution. The paper is aiming to pr…
Reducing the Time to Detect Cyber Attacks : Combining Attack Simulation With Detection Logic
2021
Cyber attacks have become harder to detect, causing the average detection time of a successful data breach to be over six months and typically costing the target organization nearly four million dollars. The attacks are becoming more sophisticated and targeted, leaving unprepared environments easy prey for the attackers. Organizations with working antivirus systems and firewalls may be surprised when they discover their network has been encrypted by a ransomware operator. This raises a serious question, how did the attacks go undetected? The conducted research focuses on the most common pitfalls regarding late or even non-existent detection by defining the root cause behind the failed detec…
Enhancing the European Cyber Threat Prevention Mechanism
2021
This research will determine how it is possible to implement the national cyber threat prevention system into the EU level Early Warning System. Decision makers have recognized that the lack of cooperation between EU member countries affects public safety at the international level. Separate operational functions and procedures between national cyber situation centers create challenges. One main problem is that the European Union does not have a common cyber ecosystem concerning intrusion detection systems for cyber threats. Also, privacy and citizens’ security as topics are set against each other. The research will comprise a new database for the ECHO Early Warning System concept.
How to Enhance the Sharing of Cyber Incident Information via Fine-Grained Access Control
2022
Industry 4.0 and the ongoing digital transformation along with a large number interconnected machines anddevices increase the role of cybersecurity, cyber incident handling and incident response in the factories of the future (FoF). Cyber incident information sharing plays a major role when we need to formulate situational pictures about FoF operations and environment, and respond to cybersecurity threats related to e.g. the implementation of novel technologies. Sharing of incident information has a major drawback since it may reveal too much about the attack target, e.g. in the case of legacy systems and therefore restrictions may apply. We have developed a proof-of-concept service that co…