Search results

This paper aims to describe an effort to provide for a robust and secure software development paradigm intended to support DevSecOps in a naval aviation enterprise (NAE) software support activity (SSA), with said paradigm supporting strong traceability and provability concerning the SSA’s output product, known as an operational flight program (OFP). Through a secure development environment (SDE), each critical software development function performed on said OFP during its development has a corresponding record represented on a blockchain.

An SDE is implemented as a virtual machine or container incorporating software development tools that are modified to support blockchain transactions. Each critical software development function, e.g. editing, compiling, linking, generates a blockchain transaction message with associated information embedded in the output of a said function that, together, can be used to prove integrity and support traceability. An attestation process is used to provide proof that the toolchain containing SDE is not subject to unauthorized modification at the time said critical function is performed.

Blockchain methods are shown to be a viable approach for supporting exhaustive traceability and strong provability of development system integrity for mission-critical software produced by an NAE SSA for NAE embedded systems software.

A blockchain-based authentication approach that could be implemented at the OFP point-of-load would provide for fine-grain authentication of all OFP software components, with each component or module having its own proof-of-integrity (including the integrity of the used development tools) over its entire development history.

Many SSAs have established control procedures for development such as check-out/check-in. This does not prove the SSA output software is secure. For one thing, a build system does not necessarily enforce procedures in a way that is determinable from the output. Furthermore, the SSA toolchain itself could be attacked. The approach described in this paper enforces security policy and embeds information into the output of every development function that can be cross-referenced to blockchain transaction records for provability and traceability that only trusted tools, free from unauthorized modifications, are used in software development. A key original concept of this approach is that it treats assigned developer time as a transferable digital currency.

The practice of corporate environmental disclosure (CED) has been in existence for more than a decade now, rising to prominence as a result of the upsurge in environmental accounting in the 1990s. Ahmad (2004), by studying in the period of 1998‐2001, found that there is no evidence of environmental disclosure either in term of its quantity or in term of its quality, especially if the health and safety category is excluded; more than 5 years passed now. Some key changes happened in Libyan context such as establishment of Libyan Stock Market and issue of Libyan environmental law no, 15 of 2003. These changes may push CED in Libya steps forward. Thus, the objective of this study is to examine to what extent current CED practice in Libya has been improved. Content analysis is used in this study to investigate CED practices by all the 18 largest industrial companies quoted on Industrial and Mineralisation Secretary (IMS) in Libya. The results of this study reveal that CED in Libya, both in term of its quantity and quality, has been developed over the period between 2001 and 2007. Such development was explained in the shadow of reciprocal direct and indirect accountability model of industrial companies within the main central authorities especially, the relationship with IMS.

Security and safety have remained important concerns for mankind since ancient times. In the context of railways, however, the threat perceptions to safety and security have increased significantly lately. In view of this, the Indian Railways requires an effective and efficient security management system. The purpose of this paper is to propose an integrated approach to help develop the Indian railway security system (IRSS) by successively reducing the complexity of the system through a series of studies.

The relevant elements of the complex system of Indian Railways have been identified. The framework in which the elements exist and interact with each other has been clearly established using the interpretive structural modelling (ISM) technique. The output of ISM is further reduced in complexity by having different policy option profiles. A comparison of different option profiles has been done by a multi-criteria decision-making technique, the analytic hierarchy process (AHP), by choosing suitable criteria for comparison.

The following elements need to be pursued as the key objectives for making IRSS: protection of passengers, protection of property, modernisation, manpower enhancement, multi-skilling of staff, latest technology and enhanced legal powers.

The present research can be extended in many important ways. Interpretive structural models for different contextual relationships can be developed and used for formulating and implementing customised security policy. Policy elements and the ISM structure obtained in this research can be utilised for the system dynamic modelling of IRSS. A pilot study can be done to implement the recommendations made in this study.

The ISM model developed can be implemented as a policy tool in enhancing the railway’s security. Some of the policy elements proposed appear to be consistent with the strategic direction being undertaken in the railway security in the country.

Security is an important concern for mankind and social civilisations. The results have significant welfare implications in India and the rest of the world.

The present study is one of the first approaches in a series of studies in railway security in India. The results of this study can be extended to other security scenarios with similar needs.

Various organizational landscapes have evolved to improve their business processes, increase production speed and reduce the cost of distribution and have integrated their Internet with small and medium scale enterprises (SMEs) and third-party vendors to improve business growth and increase global market share, including changing organizational requirements and business process collaborations. Benefits include a reduction in the cost of production, online services, online payments, product distribution channels and delivery in a supply chain environment. However, the integration has led to an exponential increase in cybercrimes, with adversaries using various attack methods to penetrate and exploit the organizational network. Thus, identifying the attack vectors in the event of cyberattacks is very important in mitigating cybercrimes effectively and has become inevitable. However, the invincibility nature of cybercrimes makes it challenging to detect and predict the threat probabilities and the cascading impact in an evolving organization landscape leading to malware, ransomware, data theft and denial of service attacks, among others. The paper explores the cybercrime threat landscape, considers the impact of the attacks and identifies mitigating circumstances to improve security controls in an evolving organizational landscape.

The approach follows two main cybercrime framework design principles that focus on existing attack detection phases and proposes a cybercrime mitigation framework (CCMF) that uses detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface. The methods and implementation processes were derived by identifying an organizational goal, attack vectors, threat landscape, identification of attacks and models and validation of framework standards to improve security. The novelty contribution of this paper is threefold: first, the authors explore the existing threat landscapes, various cybercrimes, models and the methods that adversaries are deploying on organizations. Second, the authors propose a threat model required for mitigating the risk factors. Finally, the authors recommend control mechanisms in line with security standards to improve security.

The results show that cybercrimes can be mitigated using a CCMF to detect, assess, analyze, evaluate and respond to cybercrimes to improve security in an evolving organizational threat landscape.

The paper does not consider the organizational size between large organizations and SMEs. The challenges facing the evolving organizational threat landscape include vulnerabilities brought about by the integrations of various network nodes. Factor influencing these vulnerabilities includes inadequate threat intelligence gathering, a lack of third-party auditing and inadequate control mechanisms leading to various manipulations, exploitations, exfiltration and obfuscations.

Attack methods are applied to a case study for the implementation to evaluate the model based on the design principles. Inadequate cyber threat intelligence (CTI) gathering, inadequate attack modeling and security misconfigurations are some of the key factors leading to practical implications in mitigating cybercrimes.

There are no social implications; however, cybercrimes have severe consequences for organizations and third-party vendors that integrate their network systems, leading to legal and reputational damage.

The paper’s originality considers mitigating cybercrimes in an evolving organization landscape that requires strategic, tactical and operational management imperative using the proposed framework phases, including detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface, which is currently inadequate.

A Digital Twin (DT) is a digital replica of an artefact which is updated on real-time or semi–real-time basis. In 2017, Gartner listed DT as one of the top 10 emerging technologies of the year. Since then, there have been numerous attempts to develop architecture and reference models for DTs, and in some studies, DT construction for real-world case studies is reported. This chapter attempts to provide a contextualised background on DT for smart cities. It also discusses various stakeholders involved in devising and/or employing DTs in a smart city. The chapter concludes with a set of recommendations for the training requirements of final DT users.

This paper presents the design, development and trialling of the mobile execution environment (MEE), a secure portable execution environment designed to support secure teleworking. Teleworking is an established work practice, yet often the information security controls in the teleworking location are weaker than those in a corporate office. Security concerns also prevent organisations allowing personnel to telework.

The design science research methodology was applied to develop the MEE, and this paper is structured using the process elements of the methodology.

In this paper, the problem addressed and the design objectives are defined. The design and implementation is discussed, and the testing and trialling approach adopted to demonstrate the MEE is summarised. An evaluation of the demonstration results against the design objectives is presented.

The MEE is part of an ongoing research project using open source software; the structure and functionality of the software can limit or influence the direction of the research.

The MEE provides a secure portable execution environment suitable for transaction-oriented work performed remotely; e.g. teleworkers performing customer support work.

The paper contributes to encouraging the implementation of teleworking.

The MEE builds on the concept of a portable executable operating system that uploads onto a PC through an external port. The MEE extends this concept by providing a hardened secure computing environment that is uploaded from a secure storage device or a standard thumb drive (USB flash drive).

Aim of the present monograph is the economic analysis of the role of MNEs regarding globalisation and digital economy and in parallel there is a reference and examination of some legal aspects concerning MNEs, cyberspace and e‐commerce as the means of expression of the digital economy. The whole effort of the author is focused on the examination of various aspects of MNEs and their impact upon globalisation and vice versa and how and if we are moving towards a global digital economy.

Compiled by K.G.B. Bakewell covering the following journals published by MCB University Press: Facilities Volumes 8‐18; Journal of Property Investment & Finance Volumes 8‐18; Property Management Volumes 8‐18; Structural Survey Volumes 8‐18.

Index by subjects, compiled by K.G.B. Bakewell covering the following journals: Facilities Volumes 8‐18; Journal of Property Investment & Finance Volumes 8‐18; Property Management Volumes 8‐18; Structural Survey Volumes 8‐18.