Skip to main content
main-content

Über dieses Buch

This book provides an opportunity for investigators, government officials, systems scientists, strategists, assurance researchers, owners, operators and maintainers of large, complex and advanced systems and infrastructures to update their knowledge with the state of best practice in the challenging domains whilst networking with the leading representatives, researchers and solution providers.

Drawing on 12 years of successful events on information security, digital forensics and cyber-crime, the 13th ICGS3-20 conference aims to provide attendees with an information-packed agenda with representatives from across the industry and the globe. The challenges of complexity, rapid pace of change and risk/opportunity issues associated with modern products, systems, special events and infrastructures. In an era of unprecedented volatile, political and economic environment across the world, computer-based systems face ever more increasing challenges, disputes and responsibilities, and whilst the Internet has created a global platform for the exchange of ideas, goods and services, it has also created boundless opportunities for cyber-crime.

As an increasing number of large organizations and individuals use the Internet and its satellite mobile technologies, they are increasingly vulnerable to cyber-crime threats. It is therefore paramount that the security industry raises its game to combat these threats. Whilst there is a huge adoption of technology and smart home devices, comparably, there is a rise of threat vector in the abuse of the technology in domestic violence inflicted through IoT too. All these are an issue of global importance as law enforcement agencies all over the world are struggling to cope.

Inhaltsverzeichnis

Frontmatter

Artificial Intelligence and the International Information and Psychological Security

Abstract
The paper considers the problem of malicious use of technologies that are based on artificial intelligence (AI). The authors presume that the need to develop advanced technologies is seen by states as essential to ensuring their global leadership and technological sovereignty. Particular focus is on AI-based technologies whose capabilities are growing at unprecedented rates. AI has already become part and parcel of intelligent machine translation and transport systems. AI-based technologies are widely used in medical diagnostics, e-Commerce, online training and even in the production of news and information. Meanwhile, world’s top search engines have offered their users voice assistants that significantly simplify and accelerate search for relevant information. Yet, evidently most technological innovations that are meant to make our lives easier could potentially be used for malicious purposes. Therefore, the rapid growth of our dependency on hybrid computer intelligent systems renders national critical infrastructure extremely vulnerable to attacks by those who would like to use AI-based technologies to cause significant harm to a nation, which in turn poses a serious challenge to psychological and information security of people around the world. The paper discusses ways of malicious use of AI and offers possible instruments of mitigating the threat that advanced technologies are posing.
Konstantin A. Pantserev, Konstantin A. Golubev

Blockchain Medicine Administration Records (BMAR): Reflections and Modelling Blockchain with UML

Abstract
Modelling blockchain should be easy? There are many figures and diagrams that are intuitive, however they are often unorthodox and do not comply with standard modelling techniques, e.g., UML. The enterprise blockchain system designed is for Medicines Administration Records (MARs) and requires audits for accreditation, that exposes vulnerabilities to unauthorised access and alteration. These alterations are made in order to pass inspection of the auditors and often completed to correct human errors unforeseen until the audit. The design stage has five stages and includes four stages from UML. The initial stage looks at how effective blockchain is as a solution for the problem domain, and then followed by Use Case, Sequence, State Machine and Deployment. The final design was implemented and the overall approach is evaluated.
Ian Mitchell

An Investigation into an Approach to Updating the Governance of Satellite Communications to Enhance Cyber Security

Abstract
The UK is keen to be part of the Global Space market that has seen the recent activities of Virgin Galactic and SpaceX. This research will take into consideration the UKs operability parameters in relation to International Space agreements to investigate whether the Governance surrounding Satellite communications prepares for the new Spaceports that are being developed and the impact on UK Government departments. The research aim for A Qualitative Approach to Updating the Governance of Satellite Communications to Enhance Cyber Security is to produce a set of guidelines to be used for the Governance of Satellite communications through researching the level of Governance that exists for Satellite communications. The research includes which techniques and technology that satellites use, the impact of Governance on Satellite communications within Government departments, COBIT 2019 in Satellites, a review of literature to pinpoint current research of legislation, a critical review of current Government frameworks for satellite communications and what public organisations will be taken into consideration.
Lesley-Anne Turner, Hamid Jahankhani

Enhancing Smart Home Threat Detection with Artificial Intelligence

Abstract
The chapter focuses on building a theoretical network, which supports the protection of home networks from critical cyberattacks. A framework is proposed which aims to augment a home router with machine learning techniques to identify threats. During the current pandemic, employees have been working from home. So it is reasonable to expect that cyberattacks on households will become more common to leverage access into corporate networks. The model described in this chapter is for a single network; however, the network would be segmented into regions to avoid a wider compromise. Since the deployment of 5G, mobile threats are rising steadily. Therefore, the UK requires a robust plan to identify and mitigate all forms of threats including nation-state, terrorism, hacktivism. Additionally, the model dynamically analyses traffic to identify trends and patterns; therefore, supporting on the building of a resilient cyber defence. The emphasis in this model is to bridge the gap of trust between the government and the public, so that trust and transparency is established by a regulatory framework with security recommendations. At present, there is no authorisation to collect this data at national level, nor is there trust between the public and government regarding data and storage. It is hoped that this model would change human perception on the collection of data and contribute to a safer UK.
Jaime Ibarra, Usman Javed Butt, Ahmed Bouridane, Neil Eliot, Hamid Jahankhani

Cybercrime Predicting in the Light of Police Statistics

Abstract
Cybercrime is widely felt to be a huge and growing threat to individuals, companies and organizations and even entire countries. In view of the number of such incidents and their potential danger and the need to counteract them adequately, the development of cybercrime should be predict. The paper presents attempts to predict of different categories of cybercrimes in Poland in 2020 and checks whether the predicting of cybercrime gives satisfactory results, as well as to what extent the results of the predicting will indicate a trend and cyclicality in the light of random factors. For this purpose, police statistical data on cybercrime in Poland in the years 2000–2019 were used and the concept of cybercrime and its interpretation in the Polish Penal Code have been described. It also seems to be an important practical issue to determine the time horizon of predicting, based on statistical data obtained from police data, by various exploration methods, as well as the magnitude of predicting error resulting from accidental and cyclical factors. Linear trend and the Holt’s method were used for predicting.
Jerzy Kosiński, Grzegorz Krasnodębski

Prediction of Cyber Attacks During Coronavirus Pandemic by Classification Techniques and Open Source Intelligence

Abstract
Over the years, technology has grown rapidly and become a major part of everyday life. Due to the increased presence of technology, cybercrime is on the rise and the number of cyber-attacks has increased significantly, this has made data mining techniques an important factor in detecting security threats. This research proposes that Classification techniques can be used to reliably classify and predict cyber-attacks. This paper proposes a classification framework using data collected from Hackmagedon, a blog which contains timelines and statistics for cyber-attacks. The dataset includes cyber-attacks which occurred between 2017 and 2019 within countries in Europe. The purpose of this research is to investigate how Classification techniques can be used to better understand and predict future cyber-attacks. Different Classification techniques will be applied to the dataset to determine which technique produces the most accurate results. The model will be validated using a dataset containing COVID-19 cyber-attacks from Hackmagedon.
Shannon Wass, Sina Pournouri, Gregg Ibbotson

Missed Opportunities in Digital Investigation

Abstract
A recent strategic review of policing published by the Police Foundation (Barber in The first report of the strategic review on policing in England and Wales. Police Foundation (2020) [7]) claimed that the police service in England and Wales is not equipped to meet the scale and complexity of the various challenges it faces, one of which involves the digital elements within crime investigation. Drawing upon data gathered for an MSc dissertation evaluating practices across investigators in the South of England, monthly samples from two years of serious crime investigations established that 50% of enquiries missed all digital investigative opportunities. Where a digital opportunity was identified, potential subsequent digital enquiries were missed 47% of the time. Whilst consistent with the Her Majesty’s Inspectorate of Constabulary and Fire and Rescue Services (HMICFRS) (State of Policing—The Annual Assessment of Policing in England and Wales (2018) [44]) and the Information Commissioners Office (ICO) (Mobile phone data extraction by police forces in England and Wales (2018) [55]) reports which highlight that policing capability is lagging behind modern technology and affecting public confidence; these matters will be developed and discussed leading to the conclusion that, consistent with the police foundation report, loss of public confidence will undoubtedly damage police legitimacy.
Pat Thompson, Mark Manning

Cyber-Disability Hate Cases in the UK: The Documentation by the Police and Potential Barriers to Reporting

Abstract
Disability hate crime is under-reported in the UK with perceived limited support given to the victims. The use of online communication resulted in cyber-disability hate cases, recognised by the Police with the addition of an ‘online-flag’ in the documentation. However, the cases remain under-reported, with potential individual, societal and organisational barriers to reporting especially during a pandemic. This paper aims to contextualise the reporting of cyber-disability hate cases, identify potential barriers, and provide recommendations to improve support to victims by the Police. The retrospective examination was carried out on disability-related cyber incidents documented by a police force in the UK for 19 months. Among 3,349 cyber-crimes, 23 cases were included. The analysis covered descriptive statistics and qualitative document analysis (QDA). Only 0.7% of cyber incidents or 6.7% of cyber-hate incidents were disability related. The age of victims ranged between 15 and 61 years, with a mean of 25.8 years. Most of the victims (78%) were from White ethnic background, and the majority were females (61.5%). Three overarching themes emerged from the qualitative data as influencers of reporting or documentation, these were: psychological impact, fear for safety, and the type of disability. Cyber-offences resulted in a serious impact on wellbeing, however, cases that included people with visible disabilities were more documented. Further awareness-raising targeting the police and public is needed to understand the impact of cyber-offences and recognise the different types of disabilities, which might encourage both reporting and documentation.
Zhraa A. Alhaboby, Haider M. Al-Khateeb, James Barnes, Hamid Jahankhani, Melanie Pitchford, Liesl Conradie, Emma Short

Smart Secure USB SSU-256

Abstract
USBs are the most common devices for data sharing and transferring either for personal day to day use or at the organizational level. Its usage is increasing exponentially despite the data breaches occurring due to the noncompliance of security measurements. Consumers are at risk when sensitive data is stored on unsecured USBs. The consequences of losing drives (or when picked up by unauthorized persons) loaded with sensitive information can be significant, including the loss of customer data, financial information, business plans and other confidential/sensitive information, risk of reputation damage. Apropos, this problem of keeping the data confidential from unauthorized users need to be addressed immediately. Therefore, in this paper we present an indigenous solution for this problem which can easily be used by general users and sensitive organizations (strategic, banks, academia, law enforcement, armed forces, telco’s and many others) to overcome the above stated confidentiality problem. Our proposed Smart Secure USB (SSU-256), will serve as secure channel for both data storage and transfer.
Muhammad Ehsan ul Haq, Zeeshan Ali, Muhammad Taimoor Ali, Ruqiya Fazal, Waseem Iqbal, Mehreen Afzal

The Application of Technology in Combating Human Trafficking

Abstract
Human trafficking is a complex, burgeoning crime with a global foothold that impacts an estimated 40.3 million people worldwide. Currently, the number and the scale of innovation and technology tools do not correspond with the magnitude of the problem. There is little awareness about existing digital innovations and technology initiatives within the field of anti-trafficking. This adds to the danger of fragmented and disjoined development and the application of technology-based tools. Therefore, considering its importance, this paper aims to provide an analysis of the current landscape of technology tools used to combat HT. The multi-pronged contributions of this study is: (1) to enable antitrafficking stakeholders to engage with technology more effectively and (2) to raise awareness about tools to assist their work.
Reza Montasari, Hamid Jahankhani

Countering Adversarial Inference Evasion Attacks Towards ML-Based Smart Lock in Cyber-Physical System Context

Abstract
Machine Learning (ML) has been taking significant evolutionary steps and provided sophisticated means in developing novel and smart, up-to-date applications. However, the development has also brought new types of hazards into the daylight that can have even destructive consequences required to be addressed. Evasion attacks are among the most utilized attacks that can be generated in adversarial settings during the system operation. In assumption, ML environment is benign, but in reality, perpetrators may exploit vulnerabilities to conduct these gradient-free or gradient-based malicious adversarial inference attacks towards cyber-physical systems (CPS), such as smart buildings. Evasion attacks provide a utility for perpetrators to modify, for example, a testing dataset of a victim ML-model. In this article, we conduct a literature review concerning evasion attacks and countermeasures and discuss how these attacks can be utilized in order to deceive the, i.e., CPS smart lock system’s ML-classifier to gain access to the smart building.
Petri Vähäkainu, Martti Lehto, Antti Kariluoto

Software License Audit and Security Implications

Abstract
The typical purpose of software auditing is to assess the conformant of the developed software with the original plans, procedures, relevant regulations. Every audit involves several people with various roles in the auditing processes. The audit itself entails a number of preferable characteristics. In any audit engagement, the perceptions of the audit quality are directly related to the perceived reputation, credibility and objectivity of the auditor. This paper highlights and critically reviews the research works related to quality in audit, in particular, software license audit from the perspective of internal control and security. The paper examines existing studies in the field with a view to identifying future research opportunities in relation to software license auditing. Moreover, security implications and challenges in the context of software auditing, and a set of recommendations are provided.
Wee Kiat Yang, Amin Hosseinian-Far, Luai Jraisat, Easwaramoorthy Rangaswamy

The Deployment of Autonomous Drones During the COVID-19 Pandemic

Abstract
Drones are being utilised in diverse domains all over the world. The latest employment is the utilisation of drones during the global pandemic for crowd dispersal, infection monitoring, facial recognition, and logistical roles. Drones with artificial intelligence are unique devices that enhance the economy and  are capable of completing tasks that humans cannot. The issue is that companies have disregarded the security of these machines,  making them vulnerable to cyberattacks. Furthermore, a compromised drone can be used as a malicious offensive weapon system for tasks such as illegal imagery, videography, and as a functioning autonomous weapon system. This paper critically analyses the amalgamation of drones and artificial intelligence, reviews the current threat landscape, and studies drone vulnerabilities in regard to attack methods. Finally, a robust framework with secure countermeasures is proposed and therefore recommended for the drone industry to adopt and implement.
Usman Javed Butt, William Richardson, Maysam Abbod, Haiiel-Marie Agbo, Caleb Eghan

Effective Splicing Localization Based on Image Local Statistics

Abstract
In the digital era, people freely share pictures with their loved ones and others using smartphones or social networking sites. The news industry and the court of law use the pictures as evidence for their investigation. Simultaneously, user-friendly photo editing tools make the validity of pictures on the internet are questionable to trust. Intense research work is going on in image forensics over the last two decades to bring out such a picture’s trustworthiness. In this paper, an efficient statistical method based on Block Artificial Grids in double compressed JPEG images is proposed to identify areas attacked by image manipulation. In contrast to existing approaches, the proposed approach extracts the local characteristics from individual objects of the manipulated image instead of the entire image, and pair-wise dissimilarity is obtained between those objects and exploits the manipulated region, which has the highest variance among other objects. The experimental results reveal the proposed method’s superiority over other current methods.
P. N. R. L. Chandra Sekhar, T. N. Shankar

Applying Big Data Analytics in DDos Forensics: Challenges and Opportunities

Abstract
DDoS (Distributed Denial-of-Service) attacks greatly affect the internet users, but mostly it’s a catastrophe for the organization in terms of business productivity and financial cost. During the DDoS attack, the network log file rapidly increases and using forensics traditional framework make it almost impossible for DDoS forensics investigation to succeed. This paper mainly focuses on finding the most suitable techniques, tools, and frameworks in big data analytics that help forensics investigation to successfully identify DDoS attacks. This paper reviewed numbers of previous research that related to the topic to find and understand general terms, challenges and opportunities of using big data in forensics investigation. The data mining tools used in this paper for simulation was RapidMiner because of its ability to prepare the data before the analysis and optimizes it for quicker subsequent processing, and the dataset used was taken from University of New Brunswick’s website. Algorithms that were used to evaluate the DDoS attack training dataset are Naïve Bayes, Decision Tree, Gradient Boost and Random Forest. The evaluation results projected that the majority of algorithms has above 90% of accuracy, precision and recall respectively. Using the data mining tools and recommended algorithms will help reduce processing time associated with data analysis, reduce cost and improve the quality of information. Future research is recommended to install in an actual network environment for different DDoS detection models and compare the efficiency and accuracy in real attacks.
Augusto Gonzaga Sarmento, Kheng Cher Yeo, Sami Azam, Asif Karim, Abdullah Al Mamun, Bharanidharan Shanmugam

Cyber Security in the Global Village and Challenges for Bangladesh: An Overview on Legal Context

Abstract
With the rapid penetration of the Internet and other information and communication technology worldwide, cyber-crime is emerging as a threat to personal data stored in computers and likely to affect the entire data systems. Even the United States, one of the most technologically advanced countries, is also subjected to such crimes. Bangladesh, being a less developed country, is also  at the risk of cyber-crimes that might jeopardize the country’s national security. As the incumbent government eyes to ensure internet connectivity at all government institutions by 2021 upholding the motto of ‘Digital Bangladesh’, more and more national and multinational companies are offering online services to their services through the internet following the government’s agenda. From shopping to Banking, all are just a click away with the higher rate of internet penetration. However, criminals are also using the online platform where they are committing various sorts of criminal activities including phishing, hacking, and stealing personal data. Hence, the state-owned, as well as private organizations, might fall prey to cyber-attacks which might affect the lives of the entire population. Moreover, the country’s 90% of software is unlicensed that also intensifies the risk of cybercrimes thanks to their compromised security issue. In addition, the recent tug of wars between Bangladeshi and Indian hackers impacted the diplomatic relations between the two nations. More importantly, there have been scores of media reports saying that terror groups use online platforms for financing and maintaining intra-group communications. In this context, the existing laws and government moves against cyber-crimes are apparently very scanty to combat the burgeoning threat. The study attempts to shed light upon the threat posed by cyber-crimes in the context of the global village with an emphasis on the perspective of Bangladesh.
Kudrat-E-Khuda (Babu)

Reasons Behind Poor Cybersecurity Readiness of Singapore’s Small Organizations: Reveal by Case Studies

Abstract
Digitalization and cybersecurity are two important trends that are affecting the business world tremendously. Digitalization, which drives data analytics, provides opportunities for organizations to create new models to beat competition. On the other hand, cybersecurity is a threat to organizations’ financials, operations, and reputation. COVID-19 has accelerated the adoption of digitalization, which has opened up more opportunities for hackers for cyberattacks. In another word, digitalization underlines the importance of cybersecurity. With the foresight of the government, Singapore has promoted cybersecurity as one of the pillars for the nation’s total defence to signal the government’s attention and resources committed to fighting against cyberattacks. Notwithstanding the effort from the government, losses due to cyberattacks continue to rise. Furthermore, the network of the biggest healthcare provider in the country was compromised and its data, including that of the Prime Minister, was stolen. For small organizations where resources may be limited, the risks are even higher, pointing to the urgent need to address the situations. Therefore, this article uses two small organizations in Singapore as case study, to draw insights on the obstacles to implement digitalization and cybersecurity. With the insights, actions that can be taken by the government, businesses, and academies, are proposed to improve the digitalization and cybersecurity of small organizations, in Singapore and elsewhere.
Nam Chie Sia, Amin Hosseinian-Far, Teoh Teik Toe

Cloud and Its Security Impacts on Managing a Workforce Remotely: A Reflection to Cover Remote Working Challenges

Abstract
Attacks against remote workers who are working from home due to the global pandemic has significantly increased. Cyber criminals have realised this and are exploiting users for financial gain and for espionage motives. Criminals are aiming to exploit vulnerable smart homes through Internet of Things and leverage access into corporate networks. This means that home users need to be extra vigilant against this contemporary technique. This paper will address these challenges with robust protocols for organisations to absorb, train, and implement. Additionally, this paper will align organisations expectations with user vulnerabilities to increase organisation resilience.
Usman Javed Butt, William Richardson, Athar Nouman, Haiiel-Marie Agbo, Caleb Eghan, Faisal Hashmi

The Magic Quadrant: Assessing Ethical Maturity for Artificial Intelligence

Abstract
This paper discusses the need for measuring ethics for organisations that use and develop artificially intelligent software. The primary objective for this paper is to bridge the gap between artificial intelligence and ethics through the development of an ethical maturity framework that can be globally adopted and implemented through the design stages of AI that considers ethics through the lifecycle of the technology to support ethical evolution. This is a discussion that’s missing in the realm of AI and is much needed in the rapidly evolving world of AI to regain control and confidence in the technologies we use.
Andi Zhobe, Hamid Jahankhani, Rose Fong, Paul Elevique, Hassan Baajour

A Systematic Literature Review of the Role of Ethics in Big Data

Abstract
The aim of this research is to identify the ethical standards and practice that exists for big data and what the gaps are, through reviewing academic literature about various industries such as health, research, and social media. The aim is to provide a roadmap for future research on this topic within academia, policy makers and law makers. Big data is a relatively new concept and has been used by many different types of organisations on a large scale over the last decade, which has impacted individuals as consumers, citizens, and employees. Big data has provided insights into consumers and the public, at an unprecedented scale but standards of managing this data have not been implemented at the same speed. Through a Systematic Literature Review (SLR), an analysis of existing academic research into big data and ethics, and how it has been applied within industries will be critically analysed. By utilising academic databases and applying an exclusion and inclusion criteria, this will locate relevant good quality papers for the SLR. The SLR was narrowed down to 14 papers, which focused on different industries and elements of big data ethics. By using this broad approach, reoccurring themes that exist universally when managing big data and ethical issues appear, such as privacy concerns, accountability, and definitions regardless of data type and purpose. Big data has proved controversial with how it has been used by some organisations, while simultaneously positive in other areas. The topic of using big data ethically has arisen socially, politically, and academically, and the purpose of this SLR is to determine how far this conversation has progressed and what existing practice is. Areas for further research include the impact of new technologies and concepts such as IoT, Smart Cities and their relationship to big data and ethics. Law makers should lead the way of progressing this topic and introducing frameworks and best practice and soon policy makers will follow.
Jade Roche, Arshad Jamal

Transforming Higher Education Systems Architectures Through Adoption of Secure Overlay Blockchain Technologies

Abstract
The adoption of Distributed Ledger Technology (DLT) has been growing tremendously in recent years following the introduction of Bitcoin in 2009. However, the usefulness of DLT is not limited to the financial sector, and this paper investigates the viability of DLT architectures for use in Higher Education (HE). This sector faces challenging financial constraints, and one way to address this problem is to adopt emerging DLT technologies as architectures for HE systems. This article presents the ASTER Open Source system, a hybrid DLT integration within the context of a student submission system for assignment grading purposes. ASTER addresses many concerns of traditional system architectures such as centralisation, system downtime, and decoupling; all of which are mitigated through the use of blockchain technology. The advantages and drawbacks of such a new approach are discussed, including the aspect of security concerns relating to student work being submitted to a public ledger.
Foysal Miah, Samuel Onalo, Eckhard Pfluegel

Centralised IT Structure and Cyber Risk Management

Abstract
Against the backdrop of organisational needs to derive value from IT Organisations through agility, efficiencies and cost effectiveness, many organisations have adopted a decentralised IT organisational structure, enabling individual business units the autonomy to implement, operate and govern technology. The increase risk that poses organisations through cyber-attacks, raises the question of how IT security could effectively provide the level of organisations governance to counter cyber threats in a decentralised organisational model. In exploring the challenges in the decentralization of IT security, we highlighted that the accountability of such activities would become diluted, with each business unit managing security in their own methods and practices or lack of, while unable to take full accountability due to the complex independencies of modern system architectures, often resulting in a lack of ownership, accountability and reporting of security at an organisational group level. This ultimately increases the overall security risk to the organization. We further highlighted that while centralization of IT security at a group level would be more effective, a hybrid model of IT security at two-levels with strategy and policy at the central governance level and a degree of autonomy and decision at the IT Operational level could also be considered.
Kamran Abbasi, Nick Petford, Amin Hosseinian-Far

Blockchain and Artificial Intelligence Managing a Secure and Sustainable Supply Chain

Abstract
Supply chain management is often the most challenging part of any business that manufactures, sells goods, or provides services nowadays. Regardless of whether the operations are mostly physical or online, managing supply chains relies entirely on being able to manage shared information securely, efficiently and effectively. Managing the information within the context of a closely-knit supply chain offers the benefits of extra resilience and ability to recover quickly from major disturbances. The authors propose here the development of a blockchain enabled and Intelligent Agent supported supply chain community that will provide a secure, intelligent, responsive and sustainable operational partnership.
Elias Pimenidis, John Patsavellas, Michael Tonkin

Does the GDPR Protect UK Consumers from Third Parties Processing Their Personal Data for Secondary Purposes? A Systematic Literature Review

Abstract
Consumers control over their personal data is something the GDPR is meant to protect but there seems to be a gap in that protection when secondary processing is undertaken by data brokers. An assessment of this protection was undertaken using a systematic review of the available literature. a systematic review of 20 scholarly papers was conducted using the established guidelines and steps including undertaking a CIMO-Logic exercise, developing research objectives, undertaking a literature search, selecting study materials and undertaking a quality assessment. Consumers are being manipulated by primary collectors to provide personal data that is sold to brokers for secondary processing. This results in them losing control over that data, which the GDPR should protect. There appears therefore to be a gap in the protection afforded to consumers by the GDPR, which requires further research. This review is to the best of my knowledge the first on this specific topic and in identifying further areas for research it is hoped that this study will add value to academic knowledge. There were significant limitations in undertaking the study due to extenuating technical issues and the results of this study should be treated with caution and if possible, re-run at a later date. The study makes five recommendations for further research.
David Sinclair, Arshad Jamal

Identification of Critical Business Processes: A Proposed Novel Approach

Abstract
Critical Business Processes (CBPs) are processes that are crucial to the financial stability and operations of an organisation. This paper focuses on surveying the literature, while presenting a critical synthesis of the findings of previous studies on CBPs. The paper seeks to extensively and critically review the current literature to understand state-of-the-art methods and key research gap for CBP identification. While this paper targets the process of identifying the gap in literature, it helps in finding out what is needed for mitigating it, motivating the future researches in this area, and pushing the boundary between human and machine interaction in key strategic decisions for organisations along with security implications.
Yousuf Alblooshi, Amin Hosseinian-Far, Dilshad Sarwar

A Critical Overview of Food Supply Chain Risk Management

Abstract
Due to the increasing occurrence of disruptive events caused by both human and also natural disasters, supply chain risk management has become an emerging research field in recent years, aiming to protect supply chains from various disruptions and deliver sustainable and long-term benefits to stakeholders across the value chain. Implementing optimum designed risk-oriented supply chain management can provide a privileged position for various businesses to extend their global reach. In addition, using a proactive supply chain risk management system, enterprises can predict their potential risk factors in their supply chains, and achieve the best early warning time, which leads to higher firms’ performance. However, relatively little is known about sustainable risks in food supply chains. In order to manage the ever-growing challenges of food supply chains effectively, a deeper insight regarding the complex food systems is required. Supply chain risk management embraces broad strategies to address, identify, evaluate, monitor, and control unpredictable risks or events with direct and indirect effect, mostly negative, on food supply chain processes. To fill this gap, in this paper we have critically discussed the related supply chain risk management literature. Finally, we propose a number of significant directions for future research.
Maryam Azizsafaei, Dilshad Sarwar, Liam Fassam, Rasoul Khandan, Amin Hosseinian-Far

Knowledge Sharing and Internal Social Marketing in Improving Cyber Security Practice

Abstract
This paper presents two new ways to establish effective cyber security practice among employee users. Peer knowledge sharing has been used widely in organizations to promote innovation and efficiency, hence its applicability to encourage safe cyber security practice can be fruitful. Internal social marketing is a marketing technique that aims to promote social responsibility to achieve social objectives such as sharing responsibility in ensuring cyber security effectiveness. Using in-depth interviews with employees in organizations located in Ho Chi Minh City, Vietnam, our study explores effective methods of promoting knowledge sharing among users and how it impacts security practice. Similarly, 7Ps in a mixed social marketing approach are evaluated to capture comprehensive security social space that users normally interact with in their quest for cyber security compliant practice. Initial findings of our studies provide practical implications to security professionals to create more supporting and enabling communication infrastructure that serves sustained behavioral changes in complying and co-creating cyber security practice among users.
Hiep Cong Pham, Mathews Nkhoma, Minh Nhat Nguyen

Transformation of Cybersecurity Posture in IT Telecommunication: A Case Study of a Telecom Operator

Abstract
Organisations are facing sophisticated and advanced persistent threats (APT) that are targeting sensitive information assets. Any form of cyber-presence can be typically attacked by adversaries, and the motives of such attacks are context dependent. Besides, users and organisations are prone to software vulnerabilities, misconfigurations, outdated systems and several other systemic deficiencies which can be leveraged to compromise enterprise assets and gain an initial foothold within an organisation network. The aim of the paper is to develop a flexible and generally comprehensive organisational strategy to defend against the massive increase in cyberattacks, in order to protect the strategic business objectives of an organisation and keep an alignment between business objectives and security. Moreover, this paper reflects on the work undertaken by multiple teams within the chosen case study organisation to enhance the cybersecurity.
Ahmed Adel, Dilshad Sarwar, Amin Hosseinian-Far

Cloud Computing Security Challenges: A Review

Abstract
Over the last two decades, cloud computing has gained tremendous popularity because of ever growing requirements. Organizations that are heading towards cloud-based data storage options have several benefits. These include streamlined IT infrastructure and management, remote access with a secure internet link from all over the globe, and the cost-effectiveness that cloud computing can offer. The related cloud protection and privacy issues need to be further clarified. This paper aims to discuss all possible issues that are under research and are resisting consumers to migrate from traditional IT environment to new trend of cloud computing which offers flexible and scalable environment at low-cost.
Iqra Kanwal, Hina Shafi, Shahzad Memon, Mahmood Hussain Shah
Weitere Informationen

Premium Partner