Search results

In 2019, FIU-the Netherlands celebrated its 25th anniversary. This study takes the occasion to reflect on the role of the FIU in financial surveillance and to describe its core practices of collecting, analysing and disseminating financial intelligence.

Because FIU practices are often secret and its transaction data classified as state secrets, the FIU’s daily operational activities remain obscure. Drawing on interviews, public reports and an online training course, this study encircles secrecy and offers a fine-grained analysis of the FIU's core activities.

The article finds that the FIU plays a pivotal role in financial surveillance because it can operate at various intersections. An FIU operates at the intersection of finance and security, in between the public and private sector and at the national and international domain. This pivotal role makes the FIU indispensable in the surveillance of payment systems and spending behavior.

The article poses that the desirability and effectiveness of financial surveillance has to date not received sufficient consideration, while it affects (the privacy of) anyone with a bank account. The article asks: is it ethically justifiable that transaction information is declared suspect, investigated, and shared nationally and internationally, without the individual or entity concerned officially being notified and legally named a suspect?

This case-study is not only relevant for the study of finance/security, AML/CFT and financial surveillance, but also to policy makers and the broader public who merit an understanding of how their financial behaviour is being surveilled.

The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.

The paper adopts the analytical approach to first lay foundations of the relation between national security, cybersecurity and cloud computing, then it moves to analyze the main vulnerabilities that could affect national security in cases of government cloud computing usage.

The paper reached several findings such as the relation between cybersecurity and national security as well as a group of factors that may affect national security when governments shift to cloud computing mainly pertaining to storing data over the internet, the involvement of a third party, the lack of clear regulatory frameworks inside and between countries.

Governments are continuously working on developing their digital capacities to meet citizens’ demands. One of the most trending technologies adopted by governments is “cloud computing”, because of the tremendous advantages that the technology provides; such as huge cost-cutting, huge storage and computing capabilities. However, shifting to cloud computing raises a lot of security concerns.

The value of the paper resides in the novelty of the topic, which is a new contribution to the theoretical literature on relations between new technologies and national security. It is empirically important as well to help governments stay safe while enjoying the advantages of cloud computing.

This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for measuring the quality of keyword use in ISPs.

A qualitative content analysis of 15 ISPs from public agencies in Sweden was conducted with the aid of Orange Data Mining Software. The authors extracted 890 sentences from these ISPs that included one or more of the analyzed keywords. These sentences were analyzed using the new metric – keyword loss of specificity – to assess to what extent the selected keywords were used for pinpointing and guiding actionable advice. Thus, the authors classified the extracted sentences as either actionable advice or other information, depending on the type of information conveyed.

The results show a significant keyword loss of specificity in relation to pieces of actionable advice in ISPs provided by Swedish public agencies. About two-thirds of the sentences in which the analyzed keywords were used focused on information other than actionable advice. Such dual use of keywords reduces the possibility of pinpointing and communicating clear, actionable advice.

The suggested metric provides a means to assess the quality of how keywords are used in ISPs for different purposes. The results show that more research is needed on how keywords are used in ISPs.

The authors recommended that ISP designers exercise caution when using keywords in ISPs and maintain coherency in their use of keywords. ISP designers can use the suggested metrics to assess the quality of actionable advice in their ISPs.

The keyword loss of specificity metric adds to the few quantitative metrics available to assess ISP quality. To the best of the authors’ knowledge, applying this metric is a first attempt to measure the quality of actionable advice in ISPs.

Authorization and access control have been a topic of research for several decades. However, existing definitions are inconsistent and even contradicting each other. Furthermore, there are numerous access control models and even more have recently evolved to conform with the challenging requirements of resource protection. That makes it hard to classify the models and decide for an appropriate one satisfying security needs. Therefore, this study aims to guide through the plenty of access control models in the current state of the art besides this opaque accumulation of terms meaning and how they are related.

This study follows the systematic literature review approach to investigate current research regarding access control models and illustrate the findings of the conducted review. To provide a detailed understanding of the topic, this study identified the need for an additional study on the terms related to the domain of authorization and access control.

The authors’ research results in this paper are the distinction between authorization and access control with respect to definition, strategies, and models in addition to the classification schema. This study provides a comprehensive overview of existing models and an analysis according to the proposed five classes of access control models.

Based on the authors’ definitions of authorization and access control along with their related terms, i.e. authorization strategy, model and policy as well as access control model and mechanism, this study gives an overview of authorization strategies and propose a classification of access control models providing examples for each category. In contrast to other comparative studies, this study discusses more access control models, including the conventional state-of-the-art models and novel ones. This study also summarizes each of the literature works after selecting the relevant ones focusing on the database system domain or providing a survey, a classification or evaluation criteria of access control models. Additionally, the introduced categories of models are analyzed with respect to various criteria that are partly selected from the standard access control system evaluation metrics by the National Institute of Standards and Technology.

The purpose of this paper is to explore the perceptions of supply chain managers regarding the elements that make up cyber supply chain risk management (CSCRM) and the related level of alignment, to understand how organizations can deploy a CSCRM strategy that goes beyond the technical, internal functioning of single companies and moves beyond the dyad, to create a better alignment that can ultimately lead to improved cyber supply chain resilience.

An exploratory survey in the fast-moving consumer goods (FMCG) industry involving over 100 organizations in Italy was conducted. Results were analysed through one-way analysis of variance, to appraise the differences in the perceptions of the various actors of the FMCG supply chain (Manufacturers, Logistics Service Providers, Retailers).

While a certain degree of alignment of the perceptions across the FMCG supply chain exists, the study found that Logistics Service Providers can play a crucial role as orchestrators of the CSCRM process towards a more “supply chain-oriented” response to cyber threats and risk events. The research also highlights the necessity to see people as key elements for improving cyber resilience in the supply chain.

Through a vertical analysis of a supply chain, the study extends the existing theory on CSCRM, which contains isolated case studies. It also contributes to extending the current theory with the proposal of the paradigm of Logistics Service Providers as orchestrators of the CSCRM process. The study combines different classifications of CSCRM initiatives and embraces theories external to the supply chain literature.

Through the empirical analysis, this study helps practitioners in streamlining the design of cyber security strategies and actions that span across the supply chain for better alignment. This could mean more coordination of efforts and more targeted/accurate investments in CSCRM initiatives. The study invites practitioners to ponder the perceived relevance of the human factor as a source of risk and the perceived importance of countermeasures aimed at mitigating risk events stemming from that source.

By focusing on an entire supply chain, this is one of the first studies on CSCRM that goes beyond the dyad. Its originality also lies in its use of the investigations of perceptions along the supply chain as pillars for the alignment of CSCRM strategies and mitigation initiatives. This original perspective allows for discovering the role of Logistics Service Providers in driving the alignment of the efforts towards better outcomes of the CSCRM process.

The purpose of this study is to create an information classification model that is tailored to suit the specific needs of public sector organizations in Sweden.

To address the purpose of this research, a case study in a Swedish municipality was conducted. Data was collected through a mixture of techniques such as literature, document and website review. Empirical data was collected through interviews with 11 employees working within 7 different sections of the municipality.

This study resulted in an information classification model that is tailored to the specific needs of Swedish municipalities. In addition, a set of steps for tailoring an information classification model to suit a specific public organization are recommended. The findings also indicate that for a successful information classification it is necessary to educate the employees about the basics of information security and classification and create an understandable and unified information security language.

This study also highlights that to have a tailored information classification model, it is imperative to understand the value of information and what kind of consequences a violation of established information security principles could have through the perspectives of the employees.

It is the first of its kind in tailoring an information classification model to the specific needs of a Swedish municipality. The model provided by this study can be used as a tool to facilitate a common ground for classifying information within all Swedish municipalities, thereby contributing the first step toward a Swedish municipal model for information classification.

A deteriorating security situation and an increased need for defence equipment calls for new forms of collaboration between Armed Forces and the defence industry. This paper aims to investigate the ways in which the accelerating demand for increased security of supply of equipment and supplies to the Armed Forces requires adaptability in the procurement process that is governed by laws on public procurement (PP).

This paper is based on a review of current literature as well as empirical data obtained through interviews with representatives from the Swedish Defence Materiel Administration and the Swedish defence industry.

Collaboration with the globalized defence industry requires new approaches, where the PP rules make procurement of a safe supply of defence equipment difficult.

The study's empirical data and findings are based on the Swedish context. In order to draw more general conclusions in a defence context, the study should be expanded to cover more nations.

The findings will enable the defence industry and the procurement authorizations to better understand the requirements of Armed Forces, and how to cooperate under applicable legal and regulatory requirements.

The paper extends the extant body of academic knowledge of the security of supply into the defence sector. It serves as a first step towards articulating a call for new approaches to collaboration in defence supply chains.

Autonomous ports and digital ports are a modern trend of global commercial ports that are established to develop toward smart ports in many ports. Smart port indicators (SPIs) are used as important tools for measuring, encouraging, and indicating smart port performance. These are the main indicators to operate smart port management as the practical direction and port development planning are enclosed. This research aims to identify the SPIs and to develop a conceptual model of smart port performance in a case study of The Eastern Economic Corridor (EEC) in Thailand. Triangulation data are used in the data collection with three sources: the reviewed literature of five international databases in 2016–2021, participant observations, and in-depth interviews. Content analysis is utilized to analyze these data to develop a conceptual model approach. The findings of this research are shown in three main domains classified as smart port operation, smart port environment/energy, and smart port safety/security. These indicators represent 29 SPIs for developing smart port performance, which can be explained with a conceptual model. This information will exist as the foundation framework guiding Thai smart ports towards international standards of smart port efficiency.

The aim of this study is to identify the challenges and barriers to e-Government set up in developing/conflict countries, related to Information Communication and Technology (ICT) and social obstacles – that are common in developing countries like Afghanistan. In today's world e-Government plays an important role of providing easy access to government services that enable citizens in general to communicate faster. This very research concentrates on the implementation of e-Government challenges in developing countries, particularly in Afghanistan. This paper is covering (1) method of study; (2) research strategy; (3) finding and policy recommendation; (4) limitation; (5) theoretical implication; (6) recommendation and conclusion. Additional data related to e-Government in Afghanistan, acquired via a quantitative survey and interviews can also help this analysis.

This research incorporates both theoretical and empirical study; using both quantitative and qualitative method for data collection. Also, as already noted, the study reviews different literature and academic documents. The original work of the study is the collection of relevant first-hand information for empirical analysis from experts of both public and private institutions such as IT, CIO and management experts through the use of a survey tools. This was done using web-based surveying and delivery of hard and soft copies to the experts to obtain their notions about e-Government implementation obstacles. Finally, both quantitative and qualitative survey results are calculated and presented.

Empirical study has established that 5 obstacles out of 15 named by respondents, stakeholder involvement, with the highest mean, (4.1145), coordination (4.0038), information sharing (3.9962), ICT literacy (3.9822) and e-Government awareness (3.8830) are considered to be the major obstacles. This opinion was also expressed by the respondents to the in-depth interview which was explained in a paper with detail.

Most research record numerous limitations, therefore, it is important to note that this study is no exception. Some of the limitations were recorded in the course of the study will be counted for the purpose of placing the finding in the right perspective. The limitations of this study were time constraints and difficult to generate enough participation in the survey. Because of that, I did a quantitative survey but could include very few members of top management. Second, the study is limited due to the lack of participation by respondents from various sectors such as citizens, university students, academia, banks, businesses and NGOs. The third limitation was lack of research materials for this study. Many difficulties were encountered with respect to find materials of previous research studies on the topic and in particularly in the context of Afghanistan.

The studies conducted previously on e-Government and referenced herein highlighted implementation challenges in developing countries as a group. Applying this study in Afghanistan may contribute to our understanding of key challenges facing in implementing e-Government process specifically in Afghanistan. The current study contributes some significant findings to the academic field of studying e-Government implementation challenges. It adds the support and information from public and private sector's perspective regarding major challenges in e-Government implementation in Afghanistan.

As per looking to the experience of developed and developing countries, this study emphasizes the following key initiatives to be performed in parallel with the running projects by Ministry of communication and IT [18]. 1-Pilot projects, 2-Simplification of Business Processes, 3-A strong committed national leadership, 4-Involvement of Stakeholders, 6-To granting incentives for involvement of local ICT companies, 7-Exemption of basic ICT, 8-To develop a standard ICT infrastructure

Governments around the world are under the pressure from rapid globalization, fiscal, social and technological changes to provide services that are citizen-centric, efficient, transparent, effective, one stop, any time and nonstop. Post-conflict countries are under even greater pressure to create such services because they replace the vacuum caused by the violence and will be the only services offered, rather than simply an upgrade of current government offerings that already meet citizen needs. The adoption of technology is the most efficient way to integrate the public and private sector and to provide services with accountability, transparency and efficiency, but this is not an easy task, especially for developing countries. This research looks at e-Government implementation challenges in developing countries and particularly in Afghanistan. A literature review shows many challenges common among developing countries: a lack of ICT literacy, incomplete infrastructure, a digital divide existing between the rural poor and the emerging urban middle class, an uncertainty about data privacy and data security, the absence of comprehensive ICT policies and legislation, lack of an ICT culture in government and the traditional components of the economy, questions regarding the government's ongoing financial commitment to the project, e-Government awareness, willingness of ministries to engage in information sharing, a void of ICT leadership outside the technologically oriented ministries, resistance to change, an historic lack of intergovernmental coordination and low stakeholder involvement are just some of the many challenges identified. The author belief that developing countries realize the importance of e-Government and consider the implementation of e-Government to be the critical tool for economic stability and growth as well as developing a more transparent, less corrupt government. The survey questionnaires were developed based on the challenges found in literature review. The survey questionnaire was translated into local languages (Pashto and Dari) and an English version served as control indicator by a professional local translator. At first a pilot version was sent to 10 officials from the Ministry of Communication and IT. After attesting period, the survey was circulated to 150 respondents who were experts in various fields such as CIO, Management and IT in Afghanistan. All respondents agreed that stakeholder involvement, coordination, information sharing, ICT literacy, awareness, resistance to change, ICT, finance issues, ICT policy, leadership, data privacy, legislation, ICT culture and digital divide are some of the major challenges for e-Government implementation in Afghanistan. Respondents (3.1412) on ICT security were impartial in their response on whether to include this indicator into challenges. Many projects are run by the Ministry of Communication and IT and within completion of these projects most of the challenges that identified in the analysis of the quantitative survey will be addressed, although the government is also vigorously pursuing legal and policy modifications. As per looking to the experience of developed and developing countries, this study emphasizes the following key initiatives to be performed in parallel with the running projects by Ministry of communication and IT [18]. Pilot projects should be implemented in two ministries as test beds prior to general roll out to ensure the efficient use of money needed for E-government projects. This will have two benefits from one side it will save money in terms of failing projects as argued by *19+ “E-government in developing countries fail, with 35% being classified as total failures (E-government was not implemented or was implemented but immediately abandoned), and 50% as partial failures (major goals were not attained and/or there were undesirable outcomes)”. On the other hand, in case.

Information systems' security is more critical than ever before since security threats are rapidly growing. Before putting in place information systems' security measures, organizations are required to determine the maturity level of their information security governance. Literature review reveals that there is no recent study on information systems' security maturity level of banks in Ethiopia. This study thus seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators.

Four private banks are selected as a representative sample. The system security engineering capability maturity model (SSE-CMM) is used as the maturity measurement criteria, and the measurement was based on ISO/IEC 27001 information security control areas. The data for the study were gathered using a questionnaire.

A total of 93 valid questionnaires were gathered from 110 participants in the study. Based on the SSE-CMM maturity model assessment criteria the private banking industry's current maturity level is level 2 (repeatable but intuitive). Institutions have a pattern that is repeated when completing information security operations but its existence was not thoroughly proven and institutional inconsistency still exists.

This study seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators. This topic has not been attempted previously in the context of Ethiopian financial sector.