Search results for: cybersecurity behavior

Authors: Norshima Humaidi, Saif Hussein Abdallah Alghazo

Abstract:

Cybersecurity threat have become a serious issue recently, and one of the cause is because human error, which is usually constituted by carelessness, ignorance, and failure to practice cybersecurity behaviour adequately. Using a data from a quantitative survey, Partial Least Squares-Structural Equation Modelling (PLS-SEM) analysis was used to determine the factors that affect cybersecurity protective behaviour (CPB). This study adapts cybersecurity protective behaviour model by focusing on two constructs that can enhance CPB: manager’s information security competencies (MISI) and procedural information security countermeasure (PCM) awareness. Theory of leadership competencies were adapted to measure user’s perception towards competencies among security managers/leader in the organization. Confirmatory factor analysis (CFA) testing shows that all the measurement items of each constructs were adequate in their validity individually based on their factor loading value. Moreover, each constructs are valid based on their parameter estimates and statistical significance. The quantitative research findings show that PCM awareness strongly influences CPB compared to MISI. Meanwhile, MISI was significantlyPCM awarenss. This study believes that the research findings can contribute to human behaviour in IS studies and are particularly beneficial to policy makers in improving organizations’ strategic plans in information security, especially in this new era. Most organizations spend time and resources to provide and establish strategic plans of information security; however, if employees are not willing to comply and practice information security behaviour appropriately, then these efforts are in vain.

Keywords: cybersecurity, protection behaviour, information security, information security competencies, countermeasure awareness

Procedia PDF Downloads 76

Authors: Atma Sahu

Abstract:

After 9/11, there will only be cyberwars. The cyberwars increase in intensity the country's cybersecurity workforce's hiring and retention issues. Currently, many organizations have unfilled cybersecurity positions, and to a lesser degree, their cybersecurity teams are understaffed. Therefore, there is a critical need to develop a new program to help meet the market demand for cybersecurity engineers (CYSE) and personnel. Coppin State University in the United States was responsible for developing a cybersecurity engineering BS degree program. The CYSE curriculum design methodology consisted of three parts. First, the ACM Cross-Cutting Concepts standard's pervasive framework helped curriculum designers and students explore connections among the core courses' knowledge areas and reinforce the security mindset conveyed in them. Second, the core course context was created to assist students in resolving security issues in authentic cyber situations involving cyber security systems in various aspects of industrial work while adhering to the NIST standards framework. The last part of the CYSE curriculum design aspect was the institutional student learning outcomes (SLOs) integrated and aligned in content courses, representing more detailed outcomes and emphasizing what learners can do over merely what they know. The CYSE program's core courses express competencies and learning outcomes using action verbs from Bloom's Revised Taxonomy. This aspect of the CYSE BS degree program's design is based on these three pillars: the ACM, NIST, and SLO standards, which all CYSE curriculum designers should know. This unique CYSE curriculum design methodology will address how students and the CYSE program will be assessed and evaluated. It is also critical that educators, program managers, and students understand the importance of staying current in this fast-paced CYSE field.

Keywords: cyber security, cybersecurity engineering, systems engineering, NIST standards, physical systems

Procedia PDF Downloads 64

Authors: Kevin Fernagut, Olivier Flauzac, Erick M. G. Robledo, Florent Nolot

Abstract:

The adoption of modern lightweight virtualization often comes with new threats and network vulnerabilities. This paper seeks to assess this with a different approach studying the behavior of a testbed built with tools such as Kernel-Based Virtual Machine (KVM), Linux Containers (LXC) and Docker, by performing stress tests within a platform where students experiment simultaneously with cyber-attacks, and thus observe the impact on the campus network and also find the best solution for cyber-security learning. Interesting outcomes can be found in the literature comparing these technologies. It is, however, difficult to find results of the effects on the global network where experiments are carried out. Our work shows that other physical hosts and the faculty network were impacted while performing these trials. The problems found are discussed, as well as security solutions and the adoption of new network policies.

Keywords: containerization, containers, cybersecurity, cyberattacks, isolation, performance, virtualization, virtual machines

Procedia PDF Downloads 123

Authors: Serzhan Ashirov, Dana Nour, Rafat Rob, Khaled Alotaibi

Abstract:

There has been a fast growth in the introduction and use of communications, information, monitoring, and sensing technologies. The new technologies are making their way to the Industrial Control Systems as embedded in products, software applications, IT services, or commissioned to enable integration and automation of increasingly global supply chains. As a result, the lines that separated the physical, digital, and cyber world have diminished due to the vast implementation of the new, disruptive digital technologies. The variety and increased use of these technologies introduce many cybersecurity risks affecting cyber-resilience of the supply chain, both in terms of the product or service delivered to a customer and members of the supply chain operation. US department of energy considers supply chain in the IR4 space to be the weakest link in cybersecurity. The IR4 identified the digitization of the field devices, followed by digitalization that eventually moved through the digital transformation space with little care for the new introduced cybersecurity risks. This paper will examine the best methodologies for securing the electrical substations from cybersecurity attacks due to supply chain risks, and due to digitization effort. SCADA systems are the most vulnerable part of the power system infrastructure due to digitization and due to the weakness and vulnerabilities in the supply chain security. The paper will discuss in details how create a secure supply chain methodology, secure substations, and mitigate the risks due to digitization

Keywords: cybersecurity, supply chain methodology, secure substation, digitization

Procedia PDF Downloads 45

Authors: Nathaniel Evans, Jessica Boersma, Kenneth Kass

Abstract:

With technology and STEM fields growing every day, there is a significant projected shortfall in qualified cybersecurity workers. As such, it is essential to develop a cybersecurity curriculum that builds skills and cultivates interest in cybersecurity early on. With new jobs being created every day and an already significant gap in the job market, it is vital that educators are pro-active in introducing a cybersecurity curriculum where students are able to learn new skills and engage in an age-appropriate cyber curriculum. Within this growing world of cybersecurity, students should engage in age-appropriate technology and cybersecurity curriculum, starting with elementary school (k-5), extending through high school, and ultimately into college. Such practice will provide students with the confidence, skills, and, ultimately, the opportunity to work in the burgeoning information security field. This paper examines educational methods, pedagogical practices, current cybersecurity curricula, and other educational resources and conducts analysis for false assumptions and developmental appropriateness. It also examines and identifies common mistakes with current cyber curriculum and lessons and discuss strategies for improvement. Throughout the lessons that were reviewed, many common mistakes continued to pop up. These mistakes included age appropriateness, technology resources that were available, and consistency of student’s skill levels. Many of these lessons were written for the wrong grade levels. The ones written for the elementary level all had activities that assumed that every student in the class could read at grade level and also had background knowledge of the cyber activity at hand, which is not always the case. Another major mistake was that these lessons assumed that all schools had any kind of technology resource available to them. Some schools are 1:1, and others are only allotted three computers in their classroom where the students have to share. While coming up with a cyber-curriculum, it has to be kept in mind that not all schools are the same, not every classroom is the same. There are many students who are not reading at their grade level or have not had exposure to the digital world. We need to start slow and ease children into the cyber world. Once they have a better understanding, it will be easier to move forward with these lessons and get the students engaged. With a better understanding of common mistakes that are being made, a more robust curriculum and lessons can be created that no only spark a student’s interest in this much-needed career field but encourage learning while keeping our students safe from cyber-attacks.

Keywords: assumptions, cybersecurity, k-12, teacher

Procedia PDF Downloads 147

Authors: Gaurav Kumar Sinha

Abstract:

The oil and gas industry is a critical component of the global economy, relying heavily on industrial control systems (ICS) to manage and monitor operations. However, these systems are increasingly becoming targets for cyber-attacks, posing significant risks to operational continuity, safety, and environmental integrity. This paper explores comprehensive cybersecurity strategies for protecting oil and gas industrial control systems. It delves into the unique vulnerabilities of ICS in this sector, including outdated legacy systems, integration with IT networks, and the increased connectivity brought by the Industrial Internet of Things (IIoT). We propose a multi-layered defense approach that includes the implementation of robust network security protocols, regular system updates and patch management, advanced threat detection and response mechanisms, and stringent access control measures. We illustrate the effectiveness of these strategies in mitigating cyber risks and ensuring the resilient and secure operation of oil and gas industrial control systems. The findings underscore the necessity for a proactive and adaptive cybersecurity framework to safeguard critical infrastructure in the face of evolving cyber threats.

Keywords: cybersecurity, industrial control systems, oil and gas, cyber-attacks, network security, IoT, threat detection, system updates, patch management, access control, cybersecurity awareness, critical infrastructure, resilience, cyber threats, legacy systems, IT integration, multi-layered defense, operational continuity, safety, environmental integrity

Procedia PDF Downloads 11

Authors: Nkosingiphile Mbusozayo Zungu

Abstract:

The purpose of the current study is to adopt informetrics methods to analyse the research on phishing from 2012 to 2021 in three selected databases in order to contribute to global cybersecurity through impactful research. The study follows a quantitative research methodology. We opted for the positivist epistemology and objectivist ontology. The analysis focuses on: (i) the productivity of individual authors, institutions, and countries; (ii) the research contributions, using co-authorship as a measure of collaboration; (iii) the altmetrics of selected research contributions; (iv) the citation patterns and research impact of research on phishing; and (v) research contributions by keywords, to discover the concepts that are related to phishing. The preliminary findings favour developed countries in terms of quantity and quality of research in the domain. There are unique research trends and patterns in the developing countries, including those in Africa, that provide opportunities for research development in the domain in the region. This study explores an important research domain by using unexplored method in the region. The study supports the SDG Agenda 2030, such as ending abuse, exploitation, trafficking, and all other forms of violence and torture of children through the use of cyberspace (SDG 16). Further, the results from this study can inform research, teaching, and learning largely in Africa. Invariably, the study contributes to cybersecurity awareness that will mitigate cybersecurity threats against vulnerable communities.

Keywords: phishing, cybersecurity, informetrics, information security

Procedia PDF Downloads 90

Authors: Tarek Saadawi, Rosario Gennaro, Jonathan Akeley

Abstract:

There is rapidly growing demand for professionals to fill positions in Cybersecurity. This is recognized as a national priority both by government agencies and the private sector. Cybersecurity is a very wide technical area which encompasses all measures that can be taken in an electronic system to prevent criminal or unauthorized use of data and resources. This requires defending computers, servers, networks, and their users from any kind of malicious attacks. The need to address this challenge has been recognized globally but is particularly acute in the New York metropolitan area, home to some of the largest financial institutions in the world, which are prime targets of cyberattacks. In New York State alone, there are currently around 57,000 jobs in the Cybersecurity industry, with more than 23,000 unfilled positions. The Cybersecurity Program at City College is a collaboration between the Departments of Computer Science and Electrical Engineering. In Fall 2020, The City College of New York matriculated its first students in theCybersecurity Master of Science program. The program was designed to fill gaps in the previous offerings and evolved out ofan established partnership with Facebook on Cybersecurity Education. City College has designed a program where courses, curricula, syllabi, materials, labs, etc., are developed in cooperation and coordination with industry whenever possible, ensuring that students graduating from the program will have the necessary background to seamlessly segue into industry jobs. The Cybersecurity Program has created multiple pathways for prospective students to obtain the necessary prerequisites to apply in order to build a more diverse student population. The program can also be pursued on a part-time basis which makes it available to working professionals. Since City College’s Cybersecurity M.S. program was established to equip students with the advanced technical skills needed to thrive in a high-demand, rapidly-evolving field, it incorporates a range of pedagogical formats. From its outset, the Cybersecurity program has sought to provide both the theoretical foundations necessary for meaningful work in the field along with labs and applied learning projects aligned with skillsets required by industry. The efforts have involved collaboration with outside organizations and with visiting professors designing new courses on topics such as Adversarial AI, Data Privacy, Secure Cloud Computing, and blockchain. Although the program was initially designed with a single asynchronous course in the curriculum with the rest of the classes designed to be offered in-person, the advent of the COVID-19 pandemic necessitated a move to fullyonline learning. The shift to online learning has provided lessons for future development by providing examples of some inherent advantages to the medium in addition to its drawbacks. This talk will address the structure of the newly-implemented Cybersecurity Master’s Program and discuss the innovations, challenges, and possible future directions.

Keywords: cybersecurity, new york, city college, graduate degree, master of science

Procedia PDF Downloads 122

Authors: Eugene Wong, Felix Chan, Linsey Chen, Joey Cheung

Abstract:

The widespread use of technologies and cyber/digital means for complex maritime operations have led to a sharp rise in global cyber-attacks. They have generated an increasing number of liability disputes, insurance claims, and legal proceedings. An array of antiquated case law, regulations, international conventions, and obsolete contractual clauses drafted in the pre-technology era have become grossly inadequate in addressing the contemporary challenges. This paper offers a critique of the ambiguity of cybersecurity liabilities under the obligation of seaworthiness entailed in the Hague-Visby Rules, which apply either by law in a large number of jurisdictions or by express incorporation into the shipping documents. This paper also evaluates the legal and technological criteria for assessing whether a vessel is properly equipped with the latest offshore technologies for navigation and cargo delivery operations. Examples include computer applications, networks and servers, enterprise systems, global positioning systems, and data centers. A critical analysis of the carriers’ obligations to exercise due diligence in preventing or mitigating cyber-attacks is also conducted in this paper. It is hoped that the present study will offer original and crucial insights to policymakers, regulators, carriers, cargo interests, and insurance underwriters closely involved in dispute prevention and resolution arising from cybersecurity liabilities.

Keywords: seaworthiness, cybersecurity, liabilities, risks, maritime, transport

Procedia PDF Downloads 115

Authors: Zhiwen Pan, Jesus Pacheco, Salim Hariri, Yiqiang Chen, Bozhi Liu

Abstract:

The Internet of Things (IoT) will lead to the development of advanced Smart Home services that are pervasive, cost-effective, and can be accessed by home occupants from anywhere and at any time. However, advanced smart home applications will introduce grand security challenges due to the increase in the attack surface. Current approaches do not handle cybersecurity from a holistic point of view; hence, a systematic cybersecurity mechanism needs to be adopted when designing smart home applications. In this paper, we present a generic intrusion detection methodology to detect and mitigate the anomaly behaviors happened in Smart Home Systems (SHS). By utilizing our Smart Home Context Data Structure, the heterogeneous information and services acquired from SHS are mapped in context attributes which can describe the context of smart home operation precisely and accurately. Runtime models for describing usage patterns of home assets are developed based on characterization functions. A threat-aware action management methodology, used to efficiently mitigate anomaly behaviors, is proposed at the end. Our preliminary experimental results show that our methodology can be used to detect and mitigate known and unknown threats, as well as to protect SHS premises and services.

Keywords: Internet of Things, network security, context awareness, intrusion detection

Procedia PDF Downloads 165

Authors: Gampel Alexander, Mazzuchi Thomas, Sarkani Shahram

Abstract:

The cybersecurity landscape is constantly evolving, and organizations must adapt to the changing threat environment to protect their assets. The implementation of the NIST Risk Management Framework (RMF) has become critical in ensuring the security and safety of industrial control and automation systems. However, cybersecurity professionals are facing challenges in implementing RMF, leading to systems operating without authorization and being non-compliant with regulations. The current approach to RMF implementation based on business practices is limited and insufficient, leaving organizations vulnerable to cyberattacks resulting in the loss of personal consumer data and critical infrastructure details. To address these challenges, this research proposes a Model-Based Systems Engineering (MBSE) approach to implementing cybersecurity controls and assessing risk through the RMF process. The study emphasizes the need to shift to a modeling approach, which can streamline the RMF process and eliminate bloated structures that make it difficult to receive an Authorization-To-Operate (ATO). The study focuses on the practical application of MBSE in industrial control and automation systems to improve the security and safety of operations. It is concluded that MBSE can be used to solve the implementation challenges of the NIST RMF process and improve the security of industrial control and automation systems. The research suggests that MBSE provides a more effective and efficient method for implementing cybersecurity controls and assessing risk through the RMF process. The future work for this research involves exploring the broader applicability of MBSE in different industries and domains. The study suggests that the MBSE approach can be applied to other domains beyond industrial control and automation systems.

Keywords: authorization-to-operate (ATO), industrial control systems (ICS), model-based system’s engineering (MBSE), risk management framework (RMF)

Procedia PDF Downloads 67

Authors: M. Mutemwa

Abstract:

A Cybersecurity Operation Centre (SOC) is a centralized hub for network event monitoring and incident response. SOCs are critical when determining an organization’s cybersecurity posture because they can be used to detect, analyze and report on various malicious activities. For most organizations, a SOC is not part of the initial design and implementation of the Information Technology (IT) environment but rather an afterthought. As a result, it is not natively a plug and play component; therefore, there are integration challenges when a SOC is introduced into an organization. A SOC is an independent hub that needs to be integrated with existing procedures, policies and IT systems of an organization such as the service desk, ticket logging system, reporting, etc. This paper discussed the challenges of integrating a newly developed SOC to an organization’s existing IT environment. Firstly, the paper begins by looking at what data sources should be incorporated into the Security Information and Event Management (SIEM) such as which host machines, servers, network end points, software, applications, web servers, etc. for security posture monitoring. That is which systems need to be monitored first and the order by which the rest of the systems follow. Secondly, the paper also describes how to integrate the organization’s ticket logging system with the SOC SIEM. That is how the cybersecurity related incidents should be logged by both analysts and non-technical employees of an organization. Also the priority matrix for incident types and notifications of incidents. Thirdly, the paper looks at how to communicate awareness campaigns from the SOC and also how to report on incidents that are found inside the SOC. Lastly, the paper looks at how to show value for the large investments that are poured into designing, building and running a SOC.

Keywords: cybersecurity operation centre, incident response, priority matrix, procedures and policies

Procedia PDF Downloads 135

Authors: Ebtesam Shadadi, Rasha Ibrahim, Essam Ghadafi

Abstract:

Phishing poses a significant threat as a cybercrime by tricking end users into revealing their confidential and sensitive information. Attackers often manipulate victims to achieve their malicious goals. The increasing prevalence of Phishing has led to extensive research on this issue, including studies focusing on phishing attempts in healthcare institutions in the Kingdom of Saudi Arabia. This paper explores the importance of analyzing phishing attacks, specifically focusing on those targeting the healthcare industry. The study delves into the tactics, obstacles, and remedies associated with these attacks, all while considering the implications for Saudi Vision 2030.

Keywords: phishing, cybersecurity, cyber threat, social engineering, vision 2030

Procedia PDF Downloads 14

Authors: Andrew John Zeller, Artjoms Formulevics

Abstract:

Banking and financial services are rapidly transitioning from being monolithic structures focusing merely on their own financial offerings to becoming integrated players in multiple customer journeys and supply chains. Banks themselves are refocusing on being liquidity providers and underwriters in these networks, while the general concept of ‘embeddedness’ builds on the market readily available API (Application Programming Interface) architectures to flexibly deliver services to various requestors, i.e., online retailers who need finance and insurance products to better serve their customers, respectively. With this new flexibility come new requirements for enhanced cybersecurity. API structures are more decentralized and inherently prone to change. Unfortunately, this has not been comprehensively addressed in the literature. This paper tries to fill this gap by looking at security approaches and technologies relevant to API architectures found in embedded finance. After presenting the research methodology applied and introducing the major bodies of knowledge involved, the paper will discuss six dominating technology trends shaping high-level financial services architectures. Subsequently, embedded finance and the respective usage of API strategies will be described. Building on this, security considerations for APIs in financial and insurance services will be elaborated on before concluding with some ideas for possible further research.

Keywords: embedded finance, embedded banking strategy, cybersecurity, API management, data security, cybersecurity, IT management

Procedia PDF Downloads 20

Authors: Zhidong Zhang, Zhi-Chao Zhang

Abstract:

This study focuses on early adolescent externalizing behavioral problems which specifically concentrate on rule breaking behavior and aggressive behavior using the instrument of Achenbach System of Empirically Based Assessment (ASEBA). The purpose was to analyze the relationships between the externalizing behavioral problems and relevant background variables such as sports activities, hobbies, chores and the number of close friends. The stratified sampling method was used to collect data from 1975 participants. The results indicated that several background variables as predictors could significantly predict rule breaking behavior and aggressive behavior. Further, a hierarchical modeling method was used to explore the causal relations among background variables, breaking behavior variables and aggressive behavior variables.

Keywords: aggressive behavior, breaking behavior, early adolescence, externalizing problem

Procedia PDF Downloads 482

Authors: Mohammad Khamoushi, Reza Mirmahdi

Abstract:

The aim of this research was the effect of sensory integration in reduction of stereotype behaviors in autistic children. The statistical population included 55 children with the age range 2/8 – 14 in Esfahan Ordibehesht autistic center. Purposive sampling was used for selecting the sample group and 20 children with random assignment were designated in two group; experimental and control . Research project was quasi-experimental two-group with pretest and posttest. Data collection tools included repetitive behavior scale-revised with six sub-scales: stereotype behavior, self-injurious behavior, compulsive behavior, ritualistic behavior, sameness behavior, restricted behavior. Analysis of covariance was used for analyzing hypotheses. Result show that sensory integration procedure was effective in reduction of stereotype behavior, compulsive behavior and self-injurious behavior in autistic children. According to the findings, it is suggested that effect sensory integration procedure in stereotype behavior of autism children should be studied and used for treatment of other disabilities of this children.

Keywords: autism, sensory integration procedure, stereotype behavior, compulsive behavior

Procedia PDF Downloads 552

Authors: Azita Ramezani, Atousa Ramezani

Abstract:

In the ever-escalating landscape of windows malware the necessity for pioneering defense strategies turns into undeniable this study introduces an avant-garde approach fusing the capabilities of clustering random forests and support vector machines SVM to combat the intricate web of cyber threats our fusion model triumphs with a staggering accuracy of 98.67 and an equally formidable f1 score of 98.68 a testament to its effectiveness in the realm of windows malware defense by deciphering the intricate patterns within malicious code our model not only raises the bar for detection precision but also redefines the paradigm of cybersecurity preparedness this breakthrough underscores the potential embedded in the fusion of diverse analytical methodologies and signals a paradigm shift in fortifying against the relentless evolution of windows malicious threats as we traverse through the dynamic cybersecurity terrain this research serves as a beacon illuminating the path toward a resilient future where innovative fusion models stand at the forefront of cyber threat defense.

Keywords: fusion models, cyber threat defense, windows malware, clustering, random forests, support vector machines (SVM), accuracy, f1-score, cybersecurity, malicious code detection

Procedia PDF Downloads 43

Authors: Lauren Provost

Abstract:

The digital world remains increasingly vulnerable, making the development of effective cybersecurity approaches even more critical in supporting the success of the digital economy and national security. Although approaches to cybersecurity have shifted and improved in the last decade with new models, especially with cloud computing and mobility, a record number of high severity vulnerabilities were recorded in the National Institute of Standards and Technology (NIST), and its National Vulnerability Database (NVD) in 2020. This is due, in part, to the increasing complexity of cyber ecosystems. Security must be approached with a more comprehensive, multi-tool strategy that addresses the complexity of cyber ecosystems, including the human factor. Ethical hacking has emerged as such an approach: a more effective, multi-strategy, comprehensive approach to cyber security's most pressing needs, especially understanding the human factor. Research on ethical hacking, however, is limited in scope. The two main objectives of this work are to (1) provide highlights of case studies in ethical hacking, (2) provide a conceptual framework for research in ethical hacking that embraces and addresses both technical and nontechnical security measures. Recommendations include an improved conceptual framework for research centered on ethical hacking that addresses many factors and attributes of significant attacks that threaten computer security; a more robust, integrative multi-layered framework embracing the complexity of cybersecurity ecosystems.

Keywords: ethical hacking, literature review, penetration testing, social engineering

Procedia PDF Downloads 190

Authors: Vaishali P. Joshi, Pallav Joshi

Abstract:

The objective of this study is to examine the differences fashion innovators and non-fashion innovators in their fashion consumption behavior in terms of their pre-purchase behavior, purchase behavior and post purchase behavior. The questionnaire was distributed to a female college student for data collection for achieving the objective of the first part of the study. Question-related to fashion innovativeness and fashion consumption behavior was asked. The sample was comprised of 81 college females ages 18 through 30 who were attending Business Management degree. A series of attitude questions was used to categorize respondents on the Innovativeness Scale. 32 respondents with a score of 21 and above were designated as Fashion innovators and the remainder (49) as Non-fashion innovators. Findings showed that there exist significant differences between innovators and non-innovators in their fashion consumption behavior. Data was analyzed through frequency distribution table. Many differences were found in the behavior of innovators and non-innovators in terms of their pre-purchase, actual purchase, and post-purchase behavior.

Keywords: fashion, innovativeness, consumption behavior, purchase

Procedia PDF Downloads 536

Authors: Liwen Wang, Yuting Chen, Tong Wu, Shaolei Hu

Abstract:

In order to enhance the security of critical financial infrastructure, this study carries out a transformation of the architecture of a financial trading terminal to a zero trust architecture (ZTA), constructs an active defense system for cybersecurity, improves the security level of trading services in the Internet environment, enhances the ability to prevent network attacks and unknown risks, and reduces the industry and security risks brought about by cybersecurity risks. This study introduces the SDP technology of ZTA, adapts and applies it to a financial trading terminal to achieve security optimization and fine-grained business grading control. The upgraded architecture of the trading terminal moves security protection forward to the user access layer, replaces VPN to optimize remote access, and significantly improves the security protection capability of Internet transactions. The study achieves 1. deep integration with the access control architecture of the transaction system; 2. no impact on the performance of terminals and gateways, and no perception of application system upgrades; 3. customized checklist and policy configuration; 4. introduction of industry-leading security technology such as single-packet authorization (SPA) and secondary authentication. This study carries out a successful application of ZTA in the field of financial trading and provides transformation ideas for other similar systems while improving the security level of financial transaction services in the Internet environment.

Keywords: zero trust, trading terminal, architecture, network security, cybersecurity

Procedia PDF Downloads 138

Authors: Yu Du, Jian-Guo Wang

Abstract:

Green consumption is a key link to develop the ecological economy, and consumers are vital to carry out green consumption. With environmental awareness gradually being aroused, consumers often fail to turn their positive attitude into actual green consumption behavior. According to behavior reasoning theory, reasons for adoption have a direct (positive) influence on consumers’ attitude while reasons against adoption have a direct (negative) influence on consumers’ adoption intentions, the incongruous coexistence of which leads to the attitude-behavior gap of green consumption. Based on behavior reasoning theory, this research integrates reasons for adoption and reasons against adoption into a proposed model, in which reasons both for and against green consumption mediate the relationship between consumer’ values, attitudes, and behavioral intentions. It not only extends the conventional theory of reasoned action but also provides a reference for the government and enterprises to design the repairing strategy of green consumption attitude-behavior gap.

Keywords: green product, attitude-behavior gap, behavior reasoning theory, green consumption, SEM

Procedia PDF Downloads 420

Authors: Claire Biasco, Thaier Hayajneh

Abstract:

A smart city is the integration of digital technologies in urban environments to enhance the quality of life. Smart cities capture real-time information from devices, sensors, and network data to analyze and improve city functions such as traffic analysis, public safety, and environmental impacts. Current smart cities face controversy due to their reliance on real-time data tracking and surveillance. Internet of Things (IoT) devices and blockchain technology are converging to reshape smart city infrastructure away from its centralized model. Connecting IoT data to blockchain applications would create a peer-to-peer, decentralized model. Furthermore, blockchain technology powers the ability for IoT device data to shift from the ownership and control of centralized entities to individuals or communities with Decentralized Autonomous Organizations (DAOs). In the context of smart cities, DAOs can govern cyber-physical systems to have a greater influence over how urban services are being provided. This paper will explore how the core components of a smart city now apply to DAOs. We will also analyze different definitions of DAOs to determine their most important aspects in relation to smart cities. Both categorizations will provide a solid foundation to conduct a cybersecurity assessment of DAOs in smart cities. It will identify the benefits and risks of adopting DAOs as they currently operate. The paper will then provide several mitigation methods to combat cybersecurity risks of DAO integrations. Finally, we will give several insights into what challenges will be faced by DAO and blockchain spaces in the coming years before achieving a higher level of maturity.

Keywords: blockchain, IoT, smart city, DAO

Procedia PDF Downloads 89

Authors: S. Fantin

Abstract:

This study is the result of the legal research on cybersecurity and data protection within the EUNITY (Cybersecurity and Privacy Dialogue between Europe and Japan) project, aimed at fostering the dialogue between the European Union and Japan. Based on the research undertaken therein, the author offers an outline of the main asymmetries in the laws governing such fields in the two regions. The research is a comparative analysis of the two legal frameworks, taking into account specific provisions, ratio legis and policy initiatives. Recent doctrine was taken into account, too, as well as empirical interviews with EU and Japanese stakeholders and project partners. With respect to the protection of personal data, the European Union has recently reformed its legal framework with a package which includes a regulation (General Data Protection Regulation), and a directive (Directive 680 on personal data processing in the law enforcement domain). In turn, the Japanese law under scrutiny for this study has been the Act on Protection of Personal Information. Based on a comparative analysis, some asymmetries arise. The main ones refer to the definition of personal information and the scope of the two frameworks. Furthermore, the rights of the data subjects are differently articulated in the two regions, while the nature of sanctions take two opposite approaches. Regarding the cybersecurity framework, the situation looks similarly misaligned. Japan’s main text of reference is the Basic Cybersecurity Act, while the European Union has a more fragmented legal structure (to name a few, Network and Information Security Directive, Critical Infrastructure Directive and Directive on the Attacks at Information Systems). On an relevant note, unlike a more industry-oriented European approach, the concept of cyber hygiene seems to be neatly embedded in the Japanese legal framework, with a number of provisions that alleviate operators’ liability by turning such a burden into a set of recommendations to be primarily observed by citizens. With respect to the reasons to fill such normative gaps, these are mostly grounded on three basis. Firstly, the cross-border nature of cybercrime brings to consider both magnitude of the issue and its regulatory stance globally. Secondly, empirical findings from the EUNITY project showed how recent data breaches and cyber-attacks had shared implications between Europe and Japan. Thirdly, the geopolitical context is currently going through the direction of bringing the two regions to significant agreements from a trade standpoint, but also from a data protection perspective (with an imminent signature by both parts of a so-called ‘Adequacy Decision’). The research conducted in this study reveals two asymmetric legal frameworks on cyber security and data protection. With a view to the future challenges presented by the strengthening of the collaboration between the two regions and the trans-national fashion of cybercrime, it is urged that solutions are found to fill in such gaps, in order to allow European Union and Japan to wisely increment their partnership.

Keywords: cybersecurity, data protection, European Union, Japan

Procedia PDF Downloads 106

Authors: Polychronis Kapalidis

Abstract:

In recent years, researchers have started to turn their attention to cyber security and maritime security independently, neglecting, in most cases, to examine the areas where these two critical issues are intertwined. The impact of cybersecurity issues on the maritime economy is emerging dramatically. Maritime transport and all related activities are conducted by technology-intensive platforms, which today rely heavily on information systems. The paper’s argument is that when no defense is completely effective against cyber attacks, it is vital to test responses to the inevitable incursions. Hence, preparedness in the form of testing existing cybersecurity structure via different tools for potential attacks is vital for minimizing risks. Traditional criminal activities may further be facilitated and evolved through the misuse of cyberspace. Kidnap, piracy, fraud, theft of cargo and imposition of ransomware are the major of these activities that mainly target the industry’s most valuable asset; the ship. The paper, adopting a case-study analysis, based on stakeholder consultation and secondary data analysis, namely policy and strategic-related documentation, presents the importance of holistic testing in the sector. Arguing that poor understanding of the issue leads to the adoption of ineffective policies the paper will present the level of awareness within the industry and assess the risks and vulnerabilities of ships to these cybercriminal activities. It will conclude by suggesting that testing procedures must be focused on three main pillars within the maritime transport sector: the human factor, the infrastructure, and the procedures.

Keywords: cybercrime, cybersecurity, organized crime, risk mitigation

Procedia PDF Downloads 135

Authors: Thachamon Sinsoongsud, Noppawan Piaseu

Abstract:

This predictive study was aimed to 1) describe self efficacy for risk reduction and preventive behavior for osteoporosis, and 2) examine factors predicting preventive behavior for osteoporosis in nursing students. Through purposive sampling, the sample included 746 nursing students in a public university in Bangkok, Thailand. Data were collected by a self-reported questionnaire on self efficacy and preventive behavior for osteoporosis. Data were analyzed using descriptive statistics and multiple regression analysis with stepwise method. Results revealed that majority of the students were female (98.3%) with mean age of 19.86 + 1.26 years. The students had self efficacy and preventive behavior for osteoporosis at moderate level. Self efficacy and level of education could together predicted 35.2% variance of preventive behavior for osteoporosis (p< .001). Results suggest approaches for promoting preventive behavior for osteoporosis through enhancing self efficacy among nursing students in a public university in Bangkok, Thailand.

Keywords: osteoporosis, self-efficacy, preventive behavior, nursing students

Procedia PDF Downloads 353

Authors: Endah Mastuti, Prihastuti Sudaryono

Abstract:

The rapid development of Internet usage and technology influences the academic behavior of students in high schools. One of the consequences is the emergence of academic procrastination behavior. Academic procrastination behavior is students’ procrastinate behavior in completing assignments. This study aimed to see whether there are differences in the duration of using the internet with academic procrastinate behavior among high school students in Surabaya. The number of research subject is 498 high school students. Instruments of the research are academic procrastination scale and duration of the internet usage questionnaire. The results from One Way Anova shows F value 0.241 with a significance level of 0.868 This demonstrates that there is no difference between the duration of the use of the Internet with academic procrastination behavior in high school students.

Keywords: academic procrastination, duration of internet usage, students, senior high school

Procedia PDF Downloads 336

Authors: Jessemyn Modiini, Timothy Lynar, Elena Sitnikova

Abstract:

We present a novel enhanced compartmental model for malware spread analysis in cyber security. This paper applies cyber security data features to epidemiological compartmental models to model the infectious potential of malware. Compartmental models are most efficient for calculating the infectious potential of a disease. In this paper, we discuss and profile epidemiologically relevant data features from a Domain Name System (DNS) dataset. We then apply these features to epidemiological compartmental models to network traffic features. This paper demonstrates how epidemiological principles can be applied to the novel analysis of key cybersecurity behaviours and trends and provides insight into threat modelling above that of kill-chain analysis. In applying deterministic compartmental models to a cyber security use case, the authors analyse the deficiencies and provide an enhanced stochastic model for cyber epidemiology. This enhanced compartmental model (SUEICRN model) is contrasted with the traditional SEIR model to demonstrate its efficacy.

Keywords: cybersecurity, epidemiology, cyber epidemiology, malware

Procedia PDF Downloads 88

Authors: Ali Muhammad

Abstract:

The purpose of this study is to develop a theoretical framework which demonstrates the effect of four personal factors on employees rule following behavior in Kuwaiti business organizations. The model suggested in this study includes organizational citizenship behavior, affective organizational commitment, organizational trust, and procedural justice as possible predictors of rule following behavior. The study also attempts to compare the effects of the suggested factors on employees rule following behavior. The new model will, hopefully, extend previous research by adding new variables to the models used to explain employees rule following behavior. A discussion of issues related to rule-following behavior is presented, as well as recommendations for future research.

Keywords: employee adherence to rules, organizational justice, organizational commitment, organizational citizenship behavior

Procedia PDF Downloads 437

Authors: Bruno Vilić Belina, Ivan Župan

Abstract:

Smart industry concepts and digital transformation are very popular in many industries. They develop their own digital platforms, which have an important role in innovations and transactions. The main idea of smart industry digital platforms is central data collection, industrial data integration, and data usage for smart applications and services. This paper presents the development of a digital platform for building critical infrastructure protection systems in smart industries. Different service contraction modalities in service level agreements (SLAs), customer relationship management (CRM) relations, trends, and changes in business architectures (especially process business architecture) for the purpose of developing infrastructural production and distribution networks, information infrastructure meta-models and generic processes by critical infrastructure owner demanded by critical infrastructure law, satisfying cybersecurity requirements and taking into account hybrid threats are researched.

Keywords: cybersecurity, critical infrastructure, smart industries, digital platform

Procedia PDF Downloads 84

Authors: Jiraporn Weenuttranon

Abstract:

The objectives of the consumer behavior of bakery products in Bangkok are to study consumer behavior of the bakery product, to study the essential factors that could possibly affect the consumer behavior and to study recommendations for the development of the bakery products. This research is a survey research. Populations are buyer’s bakery products in Bangkok. The probability sample size is 400. The research uses a questionnaire for self-learning by using information technology. The researcher created a reliability value at 0.71 levels of significance. The data analysis will be done by using the percentage, mean, and standard deviation and testing the hypotheses by using chi-square.

Keywords: consumer, behavior, bakery, standard deviation

Procedia PDF Downloads 453