Search results
1 – 10 of 221Jialiang Xie, Shanli Zhang, Honghui Wang and Mingzhi Chen
With the rapid development of Internet technology, cybersecurity threats such as security loopholes, data leaks, network fraud, and ransomware have become increasingly prominent…
Abstract
Purpose
With the rapid development of Internet technology, cybersecurity threats such as security loopholes, data leaks, network fraud, and ransomware have become increasingly prominent, and organized and purposeful cyberattacks have increased, posing more challenges to cybersecurity protection. Therefore, reliable network risk assessment methods and effective network security protection schemes are urgently needed.
Design/methodology/approach
Based on the dynamic behavior patterns of attackers and defenders, a Bayesian network attack graph is constructed, and a multitarget risk dynamic assessment model is proposed based on network availability, network utilization impact and vulnerability attack possibility. Then, the self-organizing multiobjective evolutionary algorithm based on grey wolf optimization is proposed. And the authors use this algorithm to solve the multiobjective risk assessment model, and a variety of different attack strategies are obtained.
Findings
The experimental results demonstrate that the method yields 29 distinct attack strategies, and then attacker's preferences can be obtained according to these attack strategies. Furthermore, the method efficiently addresses the security assessment problem involving multiple decision variables, thereby providing constructive guidance for the construction of security network, security reinforcement and active defense.
Originality/value
A method for network risk assessment methods is given. And this study proposed a multiobjective risk dynamic assessment model based on network availability, network utilization impact and the possibility of vulnerability attacks. The example demonstrates the effectiveness of the method in addressing network security risks.
Details
Keywords
Derrick Boakye, David Sarpong, Dirk Meissner and George Ofosu
Cyber-attacks that generate technical disruptions in organisational operations and damage the reputation of organisations have become all too common in the contemporary…
Abstract
Purpose
Cyber-attacks that generate technical disruptions in organisational operations and damage the reputation of organisations have become all too common in the contemporary organisation. This paper explores the reputation repair strategies undertaken by organisations in the event of becoming victims of cyber-attacks.
Design/methodology/approach
For developing the authors’ contribution in the context of the Internet service providers' industry, the authors draw on a qualitative case study of TalkTalk, a British telecommunications company providing business to business (B2B) and business to customer (B2C) Internet services, which was a victim of a “significant and sustained” cyber-attack in October 2015. Data for the enquiry is sourced from publicly available archival documents such as newspaper articles, press releases, podcasts and parliamentary hearings on the TalkTalk cyber-attack.
Findings
The findings suggest a dynamic interplay of technical and rhetorical responses in dealing with cyber-attacks. This plays out in the form of marshalling communication and mortification techniques, bolstering image and riding on leader reputation, which serially combine to strategically orchestrate reputational repair and stigma erasure in the event of a cyber-attack.
Originality/value
Analysing a prototypical case of an organisation in dire straits following a cyber-attack, the paper provides a systematic characterisation of the setting-in-motion of strategic responses to manage, revamp and ameliorate damaged reputation during cyber-attacks, which tend to negatively shape the evaluative perceptions of the organisation's salient audience.
Details
Keywords
Utkarsh Shrivastava, Bernard Han, Ying Zhou and Muhammad Razi
Sharing patient health information (PHI) among hospitals has been much slower than the adoption of health record systems. This paper aims to investigate if privacy regulation (PR…
Abstract
Purpose
Sharing patient health information (PHI) among hospitals has been much slower than the adoption of health record systems. This paper aims to investigate if privacy regulation (PR) or security measures (SMs) influence hospitals’ use of health information exchange (HIE) to share PHI with other providers (e.g. physicians, labs, hospitals). The study specifically focuses on how multiple PRs can impede and a strong national security infrastructure (NSI) can support HIE.
Design/methodology/approach
The study uses secondary data from a multi-national and multi-hospital survey administered by the European Union. The multi-level structure of the cross-sectional panel data is used to test the influence of both hospital-level (e.g. PR) and national-level variables (e.g. NSI) on HIE. A total of nine types of HIE, three types of PRs, nine SMs and other relevant control variables are considered. This study uses a two-level random intercept generalized linear model to test the hypothesis proposed in the study.
Findings
The study finds that national-level PRs (NLPR) have the strongest positive influence on HIE in comparison to regional (RLPR) and hospital-level (HLPR) PRs. Moreover, the study finds evidence that the presence of RLPR and HLPR, on average, decreases the positive impact of NLPR by 264%. The SMs also have a significant and positive impact on HIE. Adoption of an additional SM can increase the odds of engaging in a certain type of HIE between 21% and 61%. On the other hand, a strong NSI can also amplify the positive impact of SM on certain types of HIE.
Originality/value
This study extends prior research on the role of PRs in enabling HIE by considering the complexities brought up by adopting multiple PRs. NLPRs have the strongest impact on HIE in comparison to RLPRs or HLPRs. Moreover, public infrastructure initiatives such as those related to secure communications can also complement SMs adopted by the providers by encouraging HIE.
Details
Keywords
Eylem Thron, Shamal Faily, Huseyin Dogan and Martin Freer
Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at…
Abstract
Purpose
Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.
Design/methodology/approach
Overall, 26 interviews were conducted with 21 participants from industry and academia.
Findings
The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.
Originality/value
The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.
Details
Keywords
Lida Haghnegahdar, Sameehan S. Joshi, Rohith Yanambaka Venkata, Daniel A. Riley and Narendra B. Dahotre
Additive manufacturing also known as 3D printing is an evolving advanced manufacturing technology critical for the new era of complex machinery and operating systems…
Abstract
Purpose
Additive manufacturing also known as 3D printing is an evolving advanced manufacturing technology critical for the new era of complex machinery and operating systems. Manufacturing systems are increasingly faced with risk of attacks not only by traditional malicious actors such as hackers and cyber-criminals but also by some competitors and organizations engaged in corporate espionage. This paper aims to elaborate a plausible risk practice of designing and demonstrate a case study for the compromised-based malicious for polymer 3D printing system.
Design/methodology/approach
This study assumes conditions when a machine was compromised and evaluates the effect of post compromised attack by studying its effects on tensile dog bone specimens as the printed object. The designed algorithm removed predetermined specific number of layers from the tensile samples. The samples were visually identical in terms of external physical dimensions even after removal of the layers. Samples were examined nondestructively for density. Additionally, destructive uniaxial tensile tests were carried out on the modified samples and compared to the unmodified sample as a control for various mechanical properties. It is worth noting that the current approach was adapted for illustrating the impact of cyber altercations on properties of additively produced parts in a quantitative manner. It concurrently pointed towards the vulnerabilities of advanced manufacturing systems and a need for designing robust mitigation/defense mechanism against the cyber altercations.
Findings
Density, Young’s modulus and maximum strength steadily decreased with an increase in the number of missing layers, whereas a no clear trend was observed in the case of % elongation. Post tensile test observations of the sample cross-sections confirmed the successful removal of the layers from the samples by the designed method. As a result, the current work presented a cyber-attack model and its quantitative implications on the mechanical properties of 3D printed objects.
Originality/value
To the best of the authors’ knowledge, this is the original work from the team. It is currently not under consideration for publication in any other avenue. The paper provides quantitative approach of realizing impact of cyber intrusions on deteriorated performance of additively manufactured products. It also enlists important intrusion mechanisms relevant to additive manufacturing.
Details
Keywords
Hedaia-t-Allah Nabil Abd Al Ghaffar
The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.
Abstract
Purpose
The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.
Design/methodology/approach
The paper adopts the analytical approach to first lay foundations of the relation between national security, cybersecurity and cloud computing, then it moves to analyze the main vulnerabilities that could affect national security in cases of government cloud computing usage.
Findings
The paper reached several findings such as the relation between cybersecurity and national security as well as a group of factors that may affect national security when governments shift to cloud computing mainly pertaining to storing data over the internet, the involvement of a third party, the lack of clear regulatory frameworks inside and between countries.
Practical implications
Governments are continuously working on developing their digital capacities to meet citizens’ demands. One of the most trending technologies adopted by governments is “cloud computing”, because of the tremendous advantages that the technology provides; such as huge cost-cutting, huge storage and computing capabilities. However, shifting to cloud computing raises a lot of security concerns.
Originality/value
The value of the paper resides in the novelty of the topic, which is a new contribution to the theoretical literature on relations between new technologies and national security. It is empirically important as well to help governments stay safe while enjoying the advantages of cloud computing.
Details
Keywords
Hamid Reza Nikkhah, Varun Grover and Rajiv Sabherwal
This study aims to argue that user’s continued use behavior is contingent upon two perceptions (i.e. the app and the provider). This study examines the moderating effects of…
Abstract
Purpose
This study aims to argue that user’s continued use behavior is contingent upon two perceptions (i.e. the app and the provider). This study examines the moderating effects of user’s perceptions of apps and providers on the effects of security and privacy concerns and investigate whether assurance mechanisms decrease such concerns.
Design/methodology/approach
This study conducts a scenario-based survey with 694 mobile cloud computing (MCC) app users to understand their perceptions and behaviors.
Findings
This study finds that while perceived value of data transfer to the cloud moderates the effects of security and privacy concerns on continued use behavior, trust only moderates the effect of privacy concerns. This study also finds that perceived effectiveness of security and privacy intervention impacts privacy concerns but does not decrease security concerns.
Originality/value
Prior mobile app studies mainly focused on mobile apps and did not investigate the perceptions of app providers along with app features in the same study. Furthermore, International Organization for Standardization 27018 certification and privacy policy notification are the interventions that exhibit data assurance mechanisms. However, it is unknown whether these interventions are able to decrease users’ security and privacy concerns after using MCC apps.
Details
Keywords
Shreya Sangal, Gaurav Duggal and Achint Nigam
The purpose of this research paper is to review and synthesize the role of blockchain technology (BCT) in various types of illegal activities, including but not limited to fraud…
Abstract
Purpose
The purpose of this research paper is to review and synthesize the role of blockchain technology (BCT) in various types of illegal activities, including but not limited to fraud, money laundering, ransomware attacks, firearms, drug tracking, cyberattacks, identity theft and scams.
Design/methodology/approach
The authors conducted a review of studies related to illegal activities using blockchain from 2015 to 2023. Next, a thematic review of the literature was performed to see how these illegal activities were conducted using BCT.
Findings
Through this study, the authors identify the relevant themes that highlight the major illegal activities performed using BCT, its possible steps for prevention and the opportunities for future developments. Finally, the authors provide suggestions for future research using the theory, context and method framework.
Originality/value
No other research has synthesized the illegal activities using BCT through a thematic approach to the best of the authors’ knowledge. Hence, this study will act as a starting point for future research for academic and technical practitioners in this area.
Details
Keywords
Mohammed-Alamine El Houssaini, Abdellah Nabou, Abdelali Hadir, Souad El Houssaini and Jamal El Kafi
Ad hoc mobile networks are commonplace in every aspect of our everyday life. They become essential in many industries and have uses in logistics, science and the military…
Abstract
Purpose
Ad hoc mobile networks are commonplace in every aspect of our everyday life. They become essential in many industries and have uses in logistics, science and the military. However, because they operate mostly in open spaces, they are exposed to a variety of dangers. The purpose of this study is to introduce a novel method for detecting the MAC layer misbehavior.
Design/methodology/approach
The proposed novel approach is based on exponential smoothing for throughput prediction to address this MAC layer misbehavior. The real and expected throughput are processed using an exponential smoothing algorithm to identify this attack, and if these metrics exhibit a trending pattern, an alarm is then sent.
Findings
The effect of the IEEE 802.11 MAC layer misbehavior on throughput was examined using the NS-2 network simulator, as well as the approval of our novel strategy. The authors have found that a smoothing factor value that is near to 0 provides a very accurate throughput forecast that takes into consideration the recent history of the updated values of the real value. As for the smoothing factor values that are near to 1, they are used to identify MAC layer misbehavior.
Originality/value
According to the authors’ modest knowledge, this new scheme has not been proposed in the state of the art for the detection of greedy behavior in mobile ad hoc networks.
Details
Keywords
Abstract
Purpose
N/A
Design/methodology/approach
N/A
Findings
N/A
Research limitations/implications
N/A
Practical implications
N/A
Social implications
N/A
Originality/value
N/A
Contribution to Impact
N/A
Details