This article is dedicated to the creation of the analytical model of quantitative estimation of cybersecurity of Information Systems of Critical Infrastructure (ISCI). The model takes into consideration the existence,...This article is dedicated to the creation of the analytical model of quantitative estimation of cybersecurity of Information Systems of Critical Infrastructure (ISCI). The model takes into consideration the existence, in the discussed ISCI, of both the intelligent tools of detection, analysis and identification of threats and vulnerabilities and means for restauration and elimination of their consequences. The development of the model also takes into consideration probabilistic nature of flow of events happening in ISCI and transferring the system between different states of cybersecurity. Among such probabilistic events we mean any operational perturbations (that can cause extreme situations) happening in ISCI under the influence of cyber-threats, as well as events concerning restoration and elimination of consequences of such cyber-threats. In this work, as methods of modelling, there have been used methods of system-oriented analysis based on theory of probability, theory of reliability and theory of queues. These methods enabled to describe analytically dependence of effectiveness indices of ISCI operation on abovementioned probabilistic processes.展开更多
The importance of a nation’s infrastructure is a vital core for economic growth, development, and innovation. Health, wealth, access to education, public safety, and helping prepare for global crises like pandemics a...The importance of a nation’s infrastructure is a vital core for economic growth, development, and innovation. Health, wealth, access to education, public safety, and helping prepare for global crises like pandemics are all dependent on functioning and reliable infrastructures. In decades, the substantial threats affecting infrastructures globally whether in the form of extreme weather, Covid-19 pandemic, or the threats of state and non-state actors’ hackers, demanded urgency in building resilience infrastructures both during crises and in more stable conditions. At the same time, the adoption of emerging and innovative technologies boosts the development of the infrastructures using information, communication, and technology (ICT) platform. This shift accelerated its evolution toward digitization where interdependent and interconnected cyberspace demands collaborative and holistic strategies in protecting critical and high risks infrastructure assets from a growing number of disruptive cyberattacks. These ever-evolving cyber threats are creating increasingly dangerous and targeted cyberattacks to damage or disrupt the critical infrastructures delivering vital services to government, energy, healthcare, transportation, telecommunication, and other critical sectors. The infrastructure’s high risks assets present serious challenges and are crucial to safety, efficiency, and reliability. Any nation must recognize and determine how to cope with any type of threats to their critical infrastructure as well as the strategies to remain resilient. This article first describes the challenges and the need for critical infrastructure protection including the related global risks challenges. It then reviews the United Nations, the European Union, and the United States’ strategies, priorities, and urgencies of critical infrastructure protection. Subsequently, it surveys the critical infrastructure protection resilience strategies including ISO, IEC, ISA, NIST, CAF and CMM frameworks.展开更多
In the current digital era, it is difficult to preserve the confidentiality, integrity, and availability of an organization’s information and technology assets against cyber attacks. Organizations cannot rely solely ...In the current digital era, it is difficult to preserve the confidentiality, integrity, and availability of an organization’s information and technology assets against cyber attacks. Organizations cannot rely solely on technical solutions for defense, since many cyber attacks attempt to exploit non-technical vulnerabilities such as how well employees comply with the organization’s cybersecurity policies. This study surveyed 245 randomly selected employees of government organizations in the Kingdom of Saudi Arabia with an electronically distributed questionnaire about factors that influence employees’ compliance with cybersecurity policies. The study found that ethical factors had the most influence on employee compliance with cybersecurity policies, followed in decreasing order of influence by legislative factors, technical factors, and administrative factors.展开更多
As Vehicular ad hoc networks (VANETs) become more sophisticated, the importance of integrating data protection and cybersecurity is increasingly evident. This paper offers a comprehensive investigation into the challe...As Vehicular ad hoc networks (VANETs) become more sophisticated, the importance of integrating data protection and cybersecurity is increasingly evident. This paper offers a comprehensive investigation into the challenges and solutions associated with the privacy implications within VANETs, rooted in an intricate landscape of cross-jurisdictional data protection regulations. Our examination underscores the unique nature of VANETs, which, unlike other ad-hoc networks, demand heightened security and privacy considerations due to their exposure to sensitive data such as vehicle identifiers, routes, and more. Through a rigorous exploration of pseudonymization schemes, with a notable emphasis on the Density-based Location Privacy (DLP) method, we elucidate the potential to mitigate and sometimes sidestep the heavy compliance burdens associated with data protection laws. Furthermore, this paper illuminates the cybersecurity vulnerabilities inherent to VANETs, proposing robust countermeasures, including secure data transmission protocols. In synthesizing our findings, we advocate for the proactive adoption of protective mechanisms to facilitate the broader acceptance of VANET technology while concurrently addressing regulatory and cybersecurity hurdles.展开更多
International and U.S.corporations must be well advised regarding specific regulations and laws that affect cybersecurity decisions because the Board of Directors must perform due diligence to avoid regulatory neglige...International and U.S.corporations must be well advised regarding specific regulations and laws that affect cybersecurity decisions because the Board of Directors must perform due diligence to avoid regulatory negligence and lawsuit liability.Depending on the standards and the regulations that do define reasonable care,the corporate director is faced with the challenge of determining how and what cybersecurity laws apply.Then,directors can institute best cybersecurity management practices.This paper provides guidance regarding the application of the law in the areas of cyber security for the international corporations interacting with the European General Data Protection Regulations(GDPR),the California Consumer Privacy Act(CCPA),and recent Federal Trade Commission(FTC)administrative agency rulings.Reading this paper is worth your time because it will inform you of the legal challenges that international and domestic corporations face in making decisions about spending capital to manage cybersecurity and at the same time perform due diligence.In other words,if there is a cybersecurity breach,this paper will provide insights into what law must be followed by the corporation enabling the best management decisions assuring adequate response,compliance,thereby avoiding unnecessary liability risk.The paper also provides reflections about whether the GDPR serves as a better legal comprehensive regulatory model rather than the recently enacted laws in the U.S.展开更多
The U.S.and the international business community is in a crisis regarding ransomware attacks and cybersecurity policing/regulation.Based on recent events,state sponsored cyber hackers have made it their mission to hol...The U.S.and the international business community is in a crisis regarding ransomware attacks and cybersecurity policing/regulation.Based on recent events,state sponsored cyber hackers have made it their mission to hold the information security world hostage extorting money for a returning of data systems to normal functioning.This paper examines the challenges for the global business community regarding the scope of the attacks,the current state of the law in the U.S.intended to provide current information to the international business community,illustrate the challenges for regulators and the courts,illustrate the recent progress of the criminal investigatory aspects of apprehending cybercriminals,report on the non-delegable duties of decision makers in the international community doing business in the U.S.,and demonstrate the potential solutions to this evolving international crisis.It is worth your time to read this paper for the following reasons:1.Understanding the risks and the scope of the problem moving forward with doing business in the U.S.;2.communicating recent developments fostering cooperation and contributing to mediating cybersecurity events for international corporations;and 3.providing information on the current state of the law by the U.S.Supreme Court pointing out the relevant and the consequential outcomes of the legal system leading to potential smart solutions for planning business decisions.展开更多
Starting from the importance of preserving our information and protecting our devices against attacks on their vulnerabilities, this article aims to establish the level of knowledge in computer security and problem-so...Starting from the importance of preserving our information and protecting our devices against attacks on their vulnerabilities, this article aims to establish the level of knowledge in computer security and problem-solving of students at a university in northwest Mexico. This research has a quantitative approach where the European Framework of Digital Competencies for Citizenship was used as a reference to identify and establish the level of the competencies that were evaluated. The IKANOS Test was used as a data collection tool. The results show that students know the importance of keeping their devices safe and how valuable the information found on them is. On the other hand, the results also show a considerable percentage of students who do not have the knowledge and are at a basic level of knowledge to solve technical problems with their devices.展开更多
In the digital age, phishing attacks have been a persistent security threat leveraged by traditional password management systems that are not able to verify the authenticity of websites. This paper presents an approac...In the digital age, phishing attacks have been a persistent security threat leveraged by traditional password management systems that are not able to verify the authenticity of websites. This paper presents an approach to embedding sophisticated phishing detection within a password manager’s framework, called PhishGuard. PhishGuard uses a Large Language Model (LLM), specifically a fine-tuned BERT algorithm that works in real time, where URLs fed by the user in the credentials are analyzed and authenticated. This approach enhances user security with its provision of real-time protection from phishing attempts. Through rigorous testing, this paper illustrates how PhishGuard has scored well in tests that measure accuracy, precision, recall, and false positive rates.展开更多
This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
In this in-depth exploration, I delve into the complex implications and costs of cybersecurity breaches. Venturing beyond just the immediate repercussions, the research unearths both the overt and concealed long-term ...In this in-depth exploration, I delve into the complex implications and costs of cybersecurity breaches. Venturing beyond just the immediate repercussions, the research unearths both the overt and concealed long-term consequences that businesses encounter. This study integrates findings from various research, including quantitative reports, drawing upon real-world incidents faced by both small and large enterprises. This investigation emphasizes the profound intangible costs, such as trade name devaluation and potential damage to brand reputation, which can persist long after the breach. By collating insights from industry experts and a myriad of research, the study provides a comprehensive perspective on the profound, multi-dimensional impacts of cybersecurity incidents. The overarching aim is to underscore the often-underestimated scope and depth of these breaches, emphasizing the entire timeline post-incident and the urgent need for fortified preventative and reactive measures in the digital domain.展开更多
文摘This article is dedicated to the creation of the analytical model of quantitative estimation of cybersecurity of Information Systems of Critical Infrastructure (ISCI). The model takes into consideration the existence, in the discussed ISCI, of both the intelligent tools of detection, analysis and identification of threats and vulnerabilities and means for restauration and elimination of their consequences. The development of the model also takes into consideration probabilistic nature of flow of events happening in ISCI and transferring the system between different states of cybersecurity. Among such probabilistic events we mean any operational perturbations (that can cause extreme situations) happening in ISCI under the influence of cyber-threats, as well as events concerning restoration and elimination of consequences of such cyber-threats. In this work, as methods of modelling, there have been used methods of system-oriented analysis based on theory of probability, theory of reliability and theory of queues. These methods enabled to describe analytically dependence of effectiveness indices of ISCI operation on abovementioned probabilistic processes.
文摘The importance of a nation’s infrastructure is a vital core for economic growth, development, and innovation. Health, wealth, access to education, public safety, and helping prepare for global crises like pandemics are all dependent on functioning and reliable infrastructures. In decades, the substantial threats affecting infrastructures globally whether in the form of extreme weather, Covid-19 pandemic, or the threats of state and non-state actors’ hackers, demanded urgency in building resilience infrastructures both during crises and in more stable conditions. At the same time, the adoption of emerging and innovative technologies boosts the development of the infrastructures using information, communication, and technology (ICT) platform. This shift accelerated its evolution toward digitization where interdependent and interconnected cyberspace demands collaborative and holistic strategies in protecting critical and high risks infrastructure assets from a growing number of disruptive cyberattacks. These ever-evolving cyber threats are creating increasingly dangerous and targeted cyberattacks to damage or disrupt the critical infrastructures delivering vital services to government, energy, healthcare, transportation, telecommunication, and other critical sectors. The infrastructure’s high risks assets present serious challenges and are crucial to safety, efficiency, and reliability. Any nation must recognize and determine how to cope with any type of threats to their critical infrastructure as well as the strategies to remain resilient. This article first describes the challenges and the need for critical infrastructure protection including the related global risks challenges. It then reviews the United Nations, the European Union, and the United States’ strategies, priorities, and urgencies of critical infrastructure protection. Subsequently, it surveys the critical infrastructure protection resilience strategies including ISO, IEC, ISA, NIST, CAF and CMM frameworks.
文摘In the current digital era, it is difficult to preserve the confidentiality, integrity, and availability of an organization’s information and technology assets against cyber attacks. Organizations cannot rely solely on technical solutions for defense, since many cyber attacks attempt to exploit non-technical vulnerabilities such as how well employees comply with the organization’s cybersecurity policies. This study surveyed 245 randomly selected employees of government organizations in the Kingdom of Saudi Arabia with an electronically distributed questionnaire about factors that influence employees’ compliance with cybersecurity policies. The study found that ethical factors had the most influence on employee compliance with cybersecurity policies, followed in decreasing order of influence by legislative factors, technical factors, and administrative factors.
文摘As Vehicular ad hoc networks (VANETs) become more sophisticated, the importance of integrating data protection and cybersecurity is increasingly evident. This paper offers a comprehensive investigation into the challenges and solutions associated with the privacy implications within VANETs, rooted in an intricate landscape of cross-jurisdictional data protection regulations. Our examination underscores the unique nature of VANETs, which, unlike other ad-hoc networks, demand heightened security and privacy considerations due to their exposure to sensitive data such as vehicle identifiers, routes, and more. Through a rigorous exploration of pseudonymization schemes, with a notable emphasis on the Density-based Location Privacy (DLP) method, we elucidate the potential to mitigate and sometimes sidestep the heavy compliance burdens associated with data protection laws. Furthermore, this paper illuminates the cybersecurity vulnerabilities inherent to VANETs, proposing robust countermeasures, including secure data transmission protocols. In synthesizing our findings, we advocate for the proactive adoption of protective mechanisms to facilitate the broader acceptance of VANET technology while concurrently addressing regulatory and cybersecurity hurdles.
文摘International and U.S.corporations must be well advised regarding specific regulations and laws that affect cybersecurity decisions because the Board of Directors must perform due diligence to avoid regulatory negligence and lawsuit liability.Depending on the standards and the regulations that do define reasonable care,the corporate director is faced with the challenge of determining how and what cybersecurity laws apply.Then,directors can institute best cybersecurity management practices.This paper provides guidance regarding the application of the law in the areas of cyber security for the international corporations interacting with the European General Data Protection Regulations(GDPR),the California Consumer Privacy Act(CCPA),and recent Federal Trade Commission(FTC)administrative agency rulings.Reading this paper is worth your time because it will inform you of the legal challenges that international and domestic corporations face in making decisions about spending capital to manage cybersecurity and at the same time perform due diligence.In other words,if there is a cybersecurity breach,this paper will provide insights into what law must be followed by the corporation enabling the best management decisions assuring adequate response,compliance,thereby avoiding unnecessary liability risk.The paper also provides reflections about whether the GDPR serves as a better legal comprehensive regulatory model rather than the recently enacted laws in the U.S.
文摘The U.S.and the international business community is in a crisis regarding ransomware attacks and cybersecurity policing/regulation.Based on recent events,state sponsored cyber hackers have made it their mission to hold the information security world hostage extorting money for a returning of data systems to normal functioning.This paper examines the challenges for the global business community regarding the scope of the attacks,the current state of the law in the U.S.intended to provide current information to the international business community,illustrate the challenges for regulators and the courts,illustrate the recent progress of the criminal investigatory aspects of apprehending cybercriminals,report on the non-delegable duties of decision makers in the international community doing business in the U.S.,and demonstrate the potential solutions to this evolving international crisis.It is worth your time to read this paper for the following reasons:1.Understanding the risks and the scope of the problem moving forward with doing business in the U.S.;2.communicating recent developments fostering cooperation and contributing to mediating cybersecurity events for international corporations;and 3.providing information on the current state of the law by the U.S.Supreme Court pointing out the relevant and the consequential outcomes of the legal system leading to potential smart solutions for planning business decisions.
文摘Starting from the importance of preserving our information and protecting our devices against attacks on their vulnerabilities, this article aims to establish the level of knowledge in computer security and problem-solving of students at a university in northwest Mexico. This research has a quantitative approach where the European Framework of Digital Competencies for Citizenship was used as a reference to identify and establish the level of the competencies that were evaluated. The IKANOS Test was used as a data collection tool. The results show that students know the importance of keeping their devices safe and how valuable the information found on them is. On the other hand, the results also show a considerable percentage of students who do not have the knowledge and are at a basic level of knowledge to solve technical problems with their devices.
文摘In the digital age, phishing attacks have been a persistent security threat leveraged by traditional password management systems that are not able to verify the authenticity of websites. This paper presents an approach to embedding sophisticated phishing detection within a password manager’s framework, called PhishGuard. PhishGuard uses a Large Language Model (LLM), specifically a fine-tuned BERT algorithm that works in real time, where URLs fed by the user in the credentials are analyzed and authenticated. This approach enhances user security with its provision of real-time protection from phishing attempts. Through rigorous testing, this paper illustrates how PhishGuard has scored well in tests that measure accuracy, precision, recall, and false positive rates.
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
文摘In this in-depth exploration, I delve into the complex implications and costs of cybersecurity breaches. Venturing beyond just the immediate repercussions, the research unearths both the overt and concealed long-term consequences that businesses encounter. This study integrates findings from various research, including quantitative reports, drawing upon real-world incidents faced by both small and large enterprises. This investigation emphasizes the profound intangible costs, such as trade name devaluation and potential damage to brand reputation, which can persist long after the breach. By collating insights from industry experts and a myriad of research, the study provides a comprehensive perspective on the profound, multi-dimensional impacts of cybersecurity incidents. The overarching aim is to underscore the often-underestimated scope and depth of these breaches, emphasizing the entire timeline post-incident and the urgent need for fortified preventative and reactive measures in the digital domain.
