Search results for: cybersecurity policy

Authors: Elham Rajabian

Abstract:

The ascent of cybersecurity incidents is a rising threat to most organisations in general, while the impact of the incidents is unique to each of the organizations. It is a need for behavioural sciences to concentrate on employees’ behaviour in order to prepare key security mitigation opinions versus cybersecurity incidents. There are noticeable differences among users of a computer system in terms of complying with security behaviours. We can discuss the people's differences under several subjects such as delaying tactics on something that must be done, the tendency to act without thinking, future thinking about unexpected implications of present-day issues, and risk-taking behaviours in security policies compliance. In this article, we introduce high-profile cyber-attacks and their impacts on weakening cyber resiliency in organizations. We also give attention to human errors that influence network security. Human errors are discussed as a part of psychological matters to enhance compliance with the security policies. The organizational challenges are studied in order to shape a sustainable cyber risks management approach in the related work section. Insiders’ behaviours are viewed as a cyber security gap to draw proper cyber resiliency in section 3. We carry out the best cybersecurity practices by discussing four CIS challenges in section 4. In this regard, we provide a guideline and metrics to measure cyber resilience in organizations in section 5. In the end, we give some recommendations in order to build a cybersecurity culture based on individual behaviours.

Keywords: cyber resilience, human factors, cybersecurity behavior, attitude, usability, security culture

Procedia PDF Downloads 69

Authors: Jian Shao

Abstract:

The effect of entrepreneurship on economic, innovation, and employment has been widely acknowledged by scholars and governments. As an essential factor of influencing entrepreneurship activities, entrepreneurship policy creates a conducive environment to support and develop entrepreneurship. However, the challenge in developing entrepreneurship policy is that policy is normally a combination of many different goals and instruments. Instead of examining the effect of individual policy instruments, we argue that attention to a policy mix is necessary. In recent years, much attention has been focused on comparing a single policy instrument to a policy mix, evaluating the interactions between different instruments within a mix or assessment of particular policy mixes. However, another required step in understanding policy mixes is to understand how and why mixes evolve and change over time and to determine whether any changes are an improvement. In this paper, we try to trace the development of the policy mix for entrepreneurship in China by mapping the policy goals and instruments and reveal the process of policy mix changing over time. We find two main process mechanisms of the entrepreneurship policy mix in China: patching and stretching. Compared with policy repackaging, patching and stretching are more realistic processes in the real world of the policy mix, and they are possible to achieve effectiveness by avoiding conflicts and promoting synergies among policy goals and instruments.

Keywords: entrepreneurship, China, policy design, policy mix, policy patching

Procedia PDF Downloads 164

Authors: Atma Sahu

Abstract:

After 9/11, there will only be cyberwars. The cyberwars increase in intensity the country's cybersecurity workforce's hiring and retention issues. Currently, many organizations have unfilled cybersecurity positions, and to a lesser degree, their cybersecurity teams are understaffed. Therefore, there is a critical need to develop a new program to help meet the market demand for cybersecurity engineers (CYSE) and personnel. Coppin State University in the United States was responsible for developing a cybersecurity engineering BS degree program. The CYSE curriculum design methodology consisted of three parts. First, the ACM Cross-Cutting Concepts standard's pervasive framework helped curriculum designers and students explore connections among the core courses' knowledge areas and reinforce the security mindset conveyed in them. Second, the core course context was created to assist students in resolving security issues in authentic cyber situations involving cyber security systems in various aspects of industrial work while adhering to the NIST standards framework. The last part of the CYSE curriculum design aspect was the institutional student learning outcomes (SLOs) integrated and aligned in content courses, representing more detailed outcomes and emphasizing what learners can do over merely what they know. The CYSE program's core courses express competencies and learning outcomes using action verbs from Bloom's Revised Taxonomy. This aspect of the CYSE BS degree program's design is based on these three pillars: the ACM, NIST, and SLO standards, which all CYSE curriculum designers should know. This unique CYSE curriculum design methodology will address how students and the CYSE program will be assessed and evaluated. It is also critical that educators, program managers, and students understand the importance of staying current in this fast-paced CYSE field.

Keywords: cyber security, cybersecurity engineering, systems engineering, NIST standards, physical systems

Procedia PDF Downloads 57

Authors: Liwen Wang, Yuting Chen, Tong Wu, Shaolei Hu

Abstract:

In order to enhance the security of critical financial infrastructure, this study carries out a transformation of the architecture of a financial trading terminal to a zero trust architecture (ZTA), constructs an active defense system for cybersecurity, improves the security level of trading services in the Internet environment, enhances the ability to prevent network attacks and unknown risks, and reduces the industry and security risks brought about by cybersecurity risks. This study introduces the SDP technology of ZTA, adapts and applies it to a financial trading terminal to achieve security optimization and fine-grained business grading control. The upgraded architecture of the trading terminal moves security protection forward to the user access layer, replaces VPN to optimize remote access, and significantly improves the security protection capability of Internet transactions. The study achieves 1. deep integration with the access control architecture of the transaction system; 2. no impact on the performance of terminals and gateways, and no perception of application system upgrades; 3. customized checklist and policy configuration; 4. introduction of industry-leading security technology such as single-packet authorization (SPA) and secondary authentication. This study carries out a successful application of ZTA in the field of financial trading and provides transformation ideas for other similar systems while improving the security level of financial transaction services in the Internet environment.

Keywords: zero trust, trading terminal, architecture, network security, cybersecurity

Procedia PDF Downloads 126

Authors: Serzhan Ashirov, Dana Nour, Rafat Rob, Khaled Alotaibi

Abstract:

There has been a fast growth in the introduction and use of communications, information, monitoring, and sensing technologies. The new technologies are making their way to the Industrial Control Systems as embedded in products, software applications, IT services, or commissioned to enable integration and automation of increasingly global supply chains. As a result, the lines that separated the physical, digital, and cyber world have diminished due to the vast implementation of the new, disruptive digital technologies. The variety and increased use of these technologies introduce many cybersecurity risks affecting cyber-resilience of the supply chain, both in terms of the product or service delivered to a customer and members of the supply chain operation. US department of energy considers supply chain in the IR4 space to be the weakest link in cybersecurity. The IR4 identified the digitization of the field devices, followed by digitalization that eventually moved through the digital transformation space with little care for the new introduced cybersecurity risks. This paper will examine the best methodologies for securing the electrical substations from cybersecurity attacks due to supply chain risks, and due to digitization effort. SCADA systems are the most vulnerable part of the power system infrastructure due to digitization and due to the weakness and vulnerabilities in the supply chain security. The paper will discuss in details how create a secure supply chain methodology, secure substations, and mitigate the risks due to digitization

Keywords: cybersecurity, supply chain methodology, secure substation, digitization

Procedia PDF Downloads 38

Authors: Nathaniel Evans, Jessica Boersma, Kenneth Kass

Abstract:

With technology and STEM fields growing every day, there is a significant projected shortfall in qualified cybersecurity workers. As such, it is essential to develop a cybersecurity curriculum that builds skills and cultivates interest in cybersecurity early on. With new jobs being created every day and an already significant gap in the job market, it is vital that educators are pro-active in introducing a cybersecurity curriculum where students are able to learn new skills and engage in an age-appropriate cyber curriculum. Within this growing world of cybersecurity, students should engage in age-appropriate technology and cybersecurity curriculum, starting with elementary school (k-5), extending through high school, and ultimately into college. Such practice will provide students with the confidence, skills, and, ultimately, the opportunity to work in the burgeoning information security field. This paper examines educational methods, pedagogical practices, current cybersecurity curricula, and other educational resources and conducts analysis for false assumptions and developmental appropriateness. It also examines and identifies common mistakes with current cyber curriculum and lessons and discuss strategies for improvement. Throughout the lessons that were reviewed, many common mistakes continued to pop up. These mistakes included age appropriateness, technology resources that were available, and consistency of student’s skill levels. Many of these lessons were written for the wrong grade levels. The ones written for the elementary level all had activities that assumed that every student in the class could read at grade level and also had background knowledge of the cyber activity at hand, which is not always the case. Another major mistake was that these lessons assumed that all schools had any kind of technology resource available to them. Some schools are 1:1, and others are only allotted three computers in their classroom where the students have to share. While coming up with a cyber-curriculum, it has to be kept in mind that not all schools are the same, not every classroom is the same. There are many students who are not reading at their grade level or have not had exposure to the digital world. We need to start slow and ease children into the cyber world. Once they have a better understanding, it will be easier to move forward with these lessons and get the students engaged. With a better understanding of common mistakes that are being made, a more robust curriculum and lessons can be created that no only spark a student’s interest in this much-needed career field but encourage learning while keeping our students safe from cyber-attacks.

Keywords: assumptions, cybersecurity, k-12, teacher

Procedia PDF Downloads 136

Authors: Polychronis Kapalidis

Abstract:

In recent years, researchers have started to turn their attention to cyber security and maritime security independently, neglecting, in most cases, to examine the areas where these two critical issues are intertwined. The impact of cybersecurity issues on the maritime economy is emerging dramatically. Maritime transport and all related activities are conducted by technology-intensive platforms, which today rely heavily on information systems. The paper’s argument is that when no defense is completely effective against cyber attacks, it is vital to test responses to the inevitable incursions. Hence, preparedness in the form of testing existing cybersecurity structure via different tools for potential attacks is vital for minimizing risks. Traditional criminal activities may further be facilitated and evolved through the misuse of cyberspace. Kidnap, piracy, fraud, theft of cargo and imposition of ransomware are the major of these activities that mainly target the industry’s most valuable asset; the ship. The paper, adopting a case-study analysis, based on stakeholder consultation and secondary data analysis, namely policy and strategic-related documentation, presents the importance of holistic testing in the sector. Arguing that poor understanding of the issue leads to the adoption of ineffective policies the paper will present the level of awareness within the industry and assess the risks and vulnerabilities of ships to these cybercriminal activities. It will conclude by suggesting that testing procedures must be focused on three main pillars within the maritime transport sector: the human factor, the infrastructure, and the procedures.

Keywords: cybercrime, cybersecurity, organized crime, risk mitigation

Procedia PDF Downloads 132

Authors: Hakan Akin

Abstract:

The aim of this study was to examine the policy making process in Turkish Health System. This policy making process will be examined through public policy change theories. Since political actors played in the formulation of public policies also explains the type of policy change, this actors will be inspected in the supranational and national basis. Also the transformation of public policy in the Turkish health care system will be analysed under the concepts of New right ideology, neo-liberalism, neo-conservatism and governance. And after this analyse, the outputs and outcomes of this transformation will be discussed in the context of developing countries.

Keywords: policy transfer, policy diffusion, policy convergence, new right, governance

Procedia PDF Downloads 446

Authors: Djehich Mohamed Yousri

Abstract:

In this paper, we explore the extent to which states seek to promote regional foreign policy. More specifically, the analytical feasibility is to find out exactly what countries seek to export, and how they have used their relations and foreign policies to enhance cooperation with other countries. The first part discusses the development of regional interests and theoretical approaches that attempted to explain the push for regionalism in the field of foreign policy. The second part of the paper presents the motives and mechanisms through which states spread the idea of regionalism in making foreign policy. Finally, we assess the implications of regionalism for the nature and practice of foreign policy, particularly with regard to the gains or constraints to which various actors are exposed in their regional endeavors. We conclude with some considerations that indicate that strengthening regionalism has become an additional and real program in the field of foreign policy analysis.

Keywords: foreign policy, collective foreign policy, regionalization and foreign policy, regional foreign policy, foreign affairs

Procedia PDF Downloads 217

Authors: Nkosingiphile Mbusozayo Zungu

Abstract:

The purpose of the current study is to adopt informetrics methods to analyse the research on phishing from 2012 to 2021 in three selected databases in order to contribute to global cybersecurity through impactful research. The study follows a quantitative research methodology. We opted for the positivist epistemology and objectivist ontology. The analysis focuses on: (i) the productivity of individual authors, institutions, and countries; (ii) the research contributions, using co-authorship as a measure of collaboration; (iii) the altmetrics of selected research contributions; (iv) the citation patterns and research impact of research on phishing; and (v) research contributions by keywords, to discover the concepts that are related to phishing. The preliminary findings favour developed countries in terms of quantity and quality of research in the domain. There are unique research trends and patterns in the developing countries, including those in Africa, that provide opportunities for research development in the domain in the region. This study explores an important research domain by using unexplored method in the region. The study supports the SDG Agenda 2030, such as ending abuse, exploitation, trafficking, and all other forms of violence and torture of children through the use of cyberspace (SDG 16). Further, the results from this study can inform research, teaching, and learning largely in Africa. Invariably, the study contributes to cybersecurity awareness that will mitigate cybersecurity threats against vulnerable communities.

Keywords: phishing, cybersecurity, informetrics, information security

Procedia PDF Downloads 82

Authors: Dina Maratovna Aikenova

Abstract:

Child care policy must be a priority area of public authorities in any country. This study investigates child care policy in Kazakhstan in accordance with the current position of children and laws. The results show that Kazakhstan policy in this sphere needs more systematic model including state economic and social measures, parental involvement and role of non-government organizations.

Keywords: children, Kazakhstan, policy, vulnerability

Procedia PDF Downloads 450

Authors: Thiru Vandeyar

Abstract:

This study sets out to explore how teachers’ beliefs and attitudes about ICT policy influence a consensus approach to the formulation of a school ICT policy. This case study proposes Q- methodology as an innovative method to facilitate a school’s capacity to develop policy reflecting teacher beliefs and attitudes. Q-methodology is used as a constructivist approach to the formulation of an ICT policy. Data capture was a mix of Q-methodology and qualitative principles. Data was analyzed by means of document, content and cluster analysis methods. Findings were threefold: First, teachers’ beliefs and attitudes about ICT policy influenced a consensus approach by including teachers as policy decision-makers. Second, given the opportunity, teachers have the inherent ability to deconstruct and critically engage with policy statements according to their own professional beliefs and attitudes. And third, an inclusive approach to policy formulation may inform the practice of school leaders and policymakers alike on how schools may develop their own policy.

Keywords: ICT, policy, teacher beliefs, consensus

Procedia PDF Downloads 475

Authors: Alvian R. E. Purnomo, K. Noni Srijati, Hernawan Adi

Abstract:

Government regulation is a result of agreement on the struggle of ideas, interests, and ideologies among elites in state institution. The polemic about death penalty policy in Indonesia is still becoming an interesting discussion and also a complex issue. There are pros/ cons of whether the policy is humane or not. Indonesia becomes the concern of the world’s community because the policy of death penalty applied is considered not reflecting the values of Indonesian culture including tolerance, mutual cooperation, and love. This paper examines them using literature study on how public policy theories respond to humanity issues and how Indonesian government should take steps to the issue of the death penalty that has become polemic until now.

Keywords: government regulation, public policy, death penalty policy, humanity

Procedia PDF Downloads 284

Authors: Md Abu Saieed

Abstract:

Crafting and implementing public policy is one of the indispensable works in any form of state and government. But the policy objectives, methods of formulation and tools of implementation might be different based on the ideological nature, historical legacy, structure and capacity of administration and management and other push and factors. Public policy in Islamic economic system needs to be based on the key guidelines of divine scriptures along with other sources of sharia’h. As a representative of Allah (SWT), the governor and other apparatus of the state will formulate and implement public policies which will enable to establish a true welfare state based on justice, equity and equality. The whole life of Prophet Muhammad (pbuh) and his policy in operating state of affairs in Madina is the practical guidelines for the policy actors and professionals in Islamic system of economics. Moreover, policy makers need to be more meticulous in formulating Islamic public policy which meets the needs and demands of contemporary worlds as well.

Keywords: formulation, Islam, public policy, policy factors, Sharia’h

Procedia PDF Downloads 309

Authors: S. Fantin

Abstract:

This study is the result of the legal research on cybersecurity and data protection within the EUNITY (Cybersecurity and Privacy Dialogue between Europe and Japan) project, aimed at fostering the dialogue between the European Union and Japan. Based on the research undertaken therein, the author offers an outline of the main asymmetries in the laws governing such fields in the two regions. The research is a comparative analysis of the two legal frameworks, taking into account specific provisions, ratio legis and policy initiatives. Recent doctrine was taken into account, too, as well as empirical interviews with EU and Japanese stakeholders and project partners. With respect to the protection of personal data, the European Union has recently reformed its legal framework with a package which includes a regulation (General Data Protection Regulation), and a directive (Directive 680 on personal data processing in the law enforcement domain). In turn, the Japanese law under scrutiny for this study has been the Act on Protection of Personal Information. Based on a comparative analysis, some asymmetries arise. The main ones refer to the definition of personal information and the scope of the two frameworks. Furthermore, the rights of the data subjects are differently articulated in the two regions, while the nature of sanctions take two opposite approaches. Regarding the cybersecurity framework, the situation looks similarly misaligned. Japan’s main text of reference is the Basic Cybersecurity Act, while the European Union has a more fragmented legal structure (to name a few, Network and Information Security Directive, Critical Infrastructure Directive and Directive on the Attacks at Information Systems). On an relevant note, unlike a more industry-oriented European approach, the concept of cyber hygiene seems to be neatly embedded in the Japanese legal framework, with a number of provisions that alleviate operators’ liability by turning such a burden into a set of recommendations to be primarily observed by citizens. With respect to the reasons to fill such normative gaps, these are mostly grounded on three basis. Firstly, the cross-border nature of cybercrime brings to consider both magnitude of the issue and its regulatory stance globally. Secondly, empirical findings from the EUNITY project showed how recent data breaches and cyber-attacks had shared implications between Europe and Japan. Thirdly, the geopolitical context is currently going through the direction of bringing the two regions to significant agreements from a trade standpoint, but also from a data protection perspective (with an imminent signature by both parts of a so-called ‘Adequacy Decision’). The research conducted in this study reveals two asymmetric legal frameworks on cyber security and data protection. With a view to the future challenges presented by the strengthening of the collaboration between the two regions and the trans-national fashion of cybercrime, it is urged that solutions are found to fill in such gaps, in order to allow European Union and Japan to wisely increment their partnership.

Keywords: cybersecurity, data protection, European Union, Japan

Procedia PDF Downloads 94

Authors: Hui Wang, Huan Zhang

Abstract:

This study uses systematic review and qualitative comparative analysis methods to comprehensively inquire about the recent street-level policy entrepreneurship research, to identify the characteristics and lessons we can learn from 20 years of street-level policy entrepreneurship literature, and the relations between political contexts and street-level policy entrepreneurs’ strategies. Using data from a systematic review of street-level policy entrepreneurship literature, we identify the sub-components of different political contexts and core strategies of street-level policy entrepreneurs and estimate the configurational relations between different political settings and street-level policy entrepreneurs’ strategies. Our results show that street-level policy entrepreneurs display social acuity, define the problem, and build team strategies when policy or political streams dominate. Street-level policy entrepreneurs will use lead-by-example strategies when both policy and political streams dominate. Furthermore, street-level policy entrepreneurs will use bureaucratic strategies, even if no stream dominates in the political context.

Keywords: policy entrepreneurs, qualitative comparative analysis, street-level bureaucracy, systematic review

Procedia PDF Downloads 72

Authors: Ratri Werdiningtyas, Yongping Wei, Andrew Western

Abstract:

This paper contributes to on-going attempts at bringing together land, water and environmental policy in catchment management. A tension remains in defining the boundaries of policy integration. Most of Integrated Water Resource Management is valued as rhetoric policy. It is far from being achieved on the ground because the socio-ecological system has not been understood and developed into complete and coherent problem representation. To clarify the feature of integration, this article draws on institutional fit for public policy integration and uses these insights in an empirical setting to identify the mechanism that can facilitate effective public integration for catchment management. This research is based on the journey of Victoria’s government from 1890-2016. A total of 274 Victorian Acts related to land, water, environment management published in those periods has been investigated. Four conditions of integration have been identified in their co-evolution: (1) the integration policy based on reserves, (2) the integration policy based on authority interest, (3) policy based on integrated information and, (4) policy based coordinated resource, authority and information. Results suggest that policy coordination among their policy instrument is superior rather than policy integration in the case of catchment management.

Keywords: catchment management, co-evolution, policy integration, phase

Procedia PDF Downloads 211

Authors: Tarek Saadawi, Rosario Gennaro, Jonathan Akeley

Abstract:

There is rapidly growing demand for professionals to fill positions in Cybersecurity. This is recognized as a national priority both by government agencies and the private sector. Cybersecurity is a very wide technical area which encompasses all measures that can be taken in an electronic system to prevent criminal or unauthorized use of data and resources. This requires defending computers, servers, networks, and their users from any kind of malicious attacks. The need to address this challenge has been recognized globally but is particularly acute in the New York metropolitan area, home to some of the largest financial institutions in the world, which are prime targets of cyberattacks. In New York State alone, there are currently around 57,000 jobs in the Cybersecurity industry, with more than 23,000 unfilled positions. The Cybersecurity Program at City College is a collaboration between the Departments of Computer Science and Electrical Engineering. In Fall 2020, The City College of New York matriculated its first students in theCybersecurity Master of Science program. The program was designed to fill gaps in the previous offerings and evolved out ofan established partnership with Facebook on Cybersecurity Education. City College has designed a program where courses, curricula, syllabi, materials, labs, etc., are developed in cooperation and coordination with industry whenever possible, ensuring that students graduating from the program will have the necessary background to seamlessly segue into industry jobs. The Cybersecurity Program has created multiple pathways for prospective students to obtain the necessary prerequisites to apply in order to build a more diverse student population. The program can also be pursued on a part-time basis which makes it available to working professionals. Since City College’s Cybersecurity M.S. program was established to equip students with the advanced technical skills needed to thrive in a high-demand, rapidly-evolving field, it incorporates a range of pedagogical formats. From its outset, the Cybersecurity program has sought to provide both the theoretical foundations necessary for meaningful work in the field along with labs and applied learning projects aligned with skillsets required by industry. The efforts have involved collaboration with outside organizations and with visiting professors designing new courses on topics such as Adversarial AI, Data Privacy, Secure Cloud Computing, and blockchain. Although the program was initially designed with a single asynchronous course in the curriculum with the rest of the classes designed to be offered in-person, the advent of the COVID-19 pandemic necessitated a move to fullyonline learning. The shift to online learning has provided lessons for future development by providing examples of some inherent advantages to the medium in addition to its drawbacks. This talk will address the structure of the newly-implemented Cybersecurity Master’s Program and discuss the innovations, challenges, and possible future directions.

Keywords: cybersecurity, new york, city college, graduate degree, master of science

Procedia PDF Downloads 116

Authors: Qian Zaijian

Abstract:

E-government is one of the hot issues in the current academic research of public policy and management. As the organic integration of information and communication technology (ICT) and public administration, e-government is one of the most important areas in contemporary information society. Policy information system is a basic subsystem of public policy system, its operation affects the overall effect of the policy process or even exerts a direct impact on the operation of a public policy and its success or failure. The basic principle of its operation is information collection, processing, analysis and release for a specific purpose. The function of E-government for public policy information system lies in the promotion of public access to the policy information resources, information transmission through e-participation, e-consultation in the process of policy analysis and processing of information and electronic services in policy information stored, to promote the optimization of policy information systems. However, due to many factors, the function of e-government to promote policy information system optimization has its practical limits. In the building of E-government in our country, we should take such path as adhering to the principle of freedom of information, eliminating the information divide (gap), expanding e-consultation, breaking down information silos and other major path, so as to promote the optimization of public policy information systems.

Keywords: China, e-consultation, e-democracy, e-government, e-participation, ICTs, public policy information systems

Procedia PDF Downloads 825

Authors: K. Bokreta, D. Benanaya

Abstract:

The objective of this study is to examine the relative effectiveness of monetary and fiscal policy in Algeria using the econometric modelling techniques of cointegration and vector error correction modelling to analyse and draw policy inferences. The chosen variables of fiscal policy are government expenditure and net taxes on products, while the effect of monetary policy is presented by the inflation rate and the official exchange rate. From the results, we find that in the long-run, the impact of government expenditures is positive, while the effect of taxes is negative on growth. Additionally, we find that the inflation rate is found to have little effect on GDP per capita but the impact of the exchange rate is insignificant. We conclude that fiscal policy is more powerful then monetary policy in promoting economic growth in Algeria.

Keywords: economic growth, monetary policy, fiscal policy, VECM

Procedia PDF Downloads 286

Authors: Lukasz Kurowski, Paweł Smaga

Abstract:

We explore the procyclicality of monetary policy decisions towards the financial cycle in the 1995−2015 period on a sample of six central banks. Using interest rate paths and the credit-to-GDP gap to construct a monetary policy procyclicality ratio, we provide evidence that monetary policy procyclicality was high in BoE and CNB and low in Riksbank and ECB. The results support the need for coordination between macroprudential and monetary policies, for example, by including financial stability considerations to the inflation targeting strategy.

Keywords: central bank, financial stability, macroprudential policy, monetary policy

Procedia PDF Downloads 344

Authors: Eugene Wong, Felix Chan, Linsey Chen, Joey Cheung

Abstract:

The widespread use of technologies and cyber/digital means for complex maritime operations have led to a sharp rise in global cyber-attacks. They have generated an increasing number of liability disputes, insurance claims, and legal proceedings. An array of antiquated case law, regulations, international conventions, and obsolete contractual clauses drafted in the pre-technology era have become grossly inadequate in addressing the contemporary challenges. This paper offers a critique of the ambiguity of cybersecurity liabilities under the obligation of seaworthiness entailed in the Hague-Visby Rules, which apply either by law in a large number of jurisdictions or by express incorporation into the shipping documents. This paper also evaluates the legal and technological criteria for assessing whether a vessel is properly equipped with the latest offshore technologies for navigation and cargo delivery operations. Examples include computer applications, networks and servers, enterprise systems, global positioning systems, and data centers. A critical analysis of the carriers’ obligations to exercise due diligence in preventing or mitigating cyber-attacks is also conducted in this paper. It is hoped that the present study will offer original and crucial insights to policymakers, regulators, carriers, cargo interests, and insurance underwriters closely involved in dispute prevention and resolution arising from cybersecurity liabilities.

Keywords: seaworthiness, cybersecurity, liabilities, risks, maritime, transport

Procedia PDF Downloads 111

Authors: Pouriya Angosht Baft, Farzan Safari Sabet

Abstract:

Globalization should be considered as a process that has affected all areas of human activity, including the foreign policy of countries. The phenomenon of globalization has created tremendous changes in the economic, political and cultural fields. Obviously, no country can keep itself away from the new global consequences and globalization process. Dealing with the world requires formulating a realistic and intelligent foreign policy. By examining the phenomenon of globalization and its impact on foreign policy, this article aims to provide solutions for formulating a more active and effective foreign policy. The conclusion of this research is that Iran's foreign policy has gradually moved towards more realism, and maintaining and strengthening national interests in the changing world has been the focus of foreign policymakers and decision-makers. Strengthening the course of more realism in the future should be at the center of formulating Iran's foreign policy.

Keywords: globalization, foreign policy, international relations, realism, iran

Procedia PDF Downloads 14

Authors: Thiru Vandeyar

Abstract:

The present study set out to determine how Q methodology may be used as an inclusive education policy development process. Utilising Q-methodology as a strategy of inquiry, this qualitative instrumental case study set out to explore how teachers, as a crucial but often neglected human resource, may be included in developing policy. A social constructivist lens and the theoretical moorings of Proudford’s emancipatory approach to educational change anchored in teachers’ ‘writerly’ interpretation of policy text was employed. Findings suggest that Q-method is a unique research approach to include teachers’ voices in policy development. Second, that beliefs, attitudes, and professionalism of teachers to improve teaching and learning using ICT are integral to policy formulation. The study indicates that teachers have unique beliefs about what statements should constitute a school’s information and communication (ICT) policy. Teachers’ experiences are an extremely valuable resource in and should not be ignored in the policy formulation process.

Keywords: teachers, q-methodology, education policy, ICT

Procedia PDF Downloads 60

Authors: Pius Akindele Adeniyi

Abstract:

The World's tropical forests are disappearing at an alarming rate of more than 200,000 ha per year as a result of deforestation due mainly to population pressures, economic growth, poor management and inappropriate policy. A forest policy determines the role of the sector in a nation's economy and it is formulated in accordance with the objectives of the national economic development. Urban forestry as a concept is relatively new in Nigeria when compared to European and American countries. It consists of growing of trees, shrubs and grass along streets, in parks, and around public or private buildings whose management rests in the hands of the public and private owners. Major urban centers in Nigeria are devoid of efficiently planned tree-planting programs. Hence, various factors militating against environmental improvements, such as climate and other agents of degradation, are highlighted for the necessary attention. The paper discusses the need for forest policy formulation and the objectives of forest policy. Elements of forest policy are also discussed and in particular, those peculiar to urbanization and degraded lands are Forest policy and land-use and policy implementation together with some problem issues in forest policy are discussed while recommendations are given on formulation of a forest policy.

Keywords: urban, forest, policy, environment, interaction, degraded

Procedia PDF Downloads 63

Authors: Romisaa Ali

Abstract:

The Policy Gradient approach is one of the deep reinforcement learning families that combines deep neural networks (DNN) with reinforcement learning RL to discover the optimum of the control problem through experience gained from the interaction between the robot and its surroundings. In contrast to earlier policy gradient algorithms, which were unable to handle these two types of error because of over-or under-estimation introduced by the deep neural network model, this article will discuss the state-of-the-art SOTA policy gradient technique, trust region policy optimization (TRPO), by applying this method in various environments compared to another policy gradient method, the Proximal Policy Optimization (PPO), to explain their robust optimization, using this SOTA to gather experience data during various training phases after observing the impact of hyper-parameters on neural network performance.

Keywords: deep neural networks, deep reinforcement learning, proximal policy optimization, state-of-the-art, trust region policy optimization

Procedia PDF Downloads 139

Authors: Gampel Alexander, Mazzuchi Thomas, Sarkani Shahram

Abstract:

The cybersecurity landscape is constantly evolving, and organizations must adapt to the changing threat environment to protect their assets. The implementation of the NIST Risk Management Framework (RMF) has become critical in ensuring the security and safety of industrial control and automation systems. However, cybersecurity professionals are facing challenges in implementing RMF, leading to systems operating without authorization and being non-compliant with regulations. The current approach to RMF implementation based on business practices is limited and insufficient, leaving organizations vulnerable to cyberattacks resulting in the loss of personal consumer data and critical infrastructure details. To address these challenges, this research proposes a Model-Based Systems Engineering (MBSE) approach to implementing cybersecurity controls and assessing risk through the RMF process. The study emphasizes the need to shift to a modeling approach, which can streamline the RMF process and eliminate bloated structures that make it difficult to receive an Authorization-To-Operate (ATO). The study focuses on the practical application of MBSE in industrial control and automation systems to improve the security and safety of operations. It is concluded that MBSE can be used to solve the implementation challenges of the NIST RMF process and improve the security of industrial control and automation systems. The research suggests that MBSE provides a more effective and efficient method for implementing cybersecurity controls and assessing risk through the RMF process. The future work for this research involves exploring the broader applicability of MBSE in different industries and domains. The study suggests that the MBSE approach can be applied to other domains beyond industrial control and automation systems.

Keywords: authorization-to-operate (ATO), industrial control systems (ICS), model-based system’s engineering (MBSE), risk management framework (RMF)

Procedia PDF Downloads 56

Authors: Eva Kotlánová

Abstract:

After recession that began in 2007 in the United States and subsequently spilled over the Europe we could expect recovery of economic growth. According to the last estimation of economic progress of European countries, this recovery is not strong enough. Among others, it will depend on economic policy, where and in which way, the economic indicators will proceed. Economic theories postulate that the economic subjects prefer stably, continual economic policy without repeated and strong fluctuations. This policy is perceived as support of economic growth. Mostly in crises period, when the government must cope with consequences of recession, the economic policy becomes unpredictable for many subjects and economic policy uncertainty grows, which have negative influence on economic growth. The aim of this paper is to use panel regression to prove or disprove this hypothesis on the example of five largest European economies in the period 2008–2012.

Keywords: economic crises in Europe, economic policy, uncertainty, panel analysis regression

Procedia PDF Downloads 355

Authors: Noureddine Mohtaram, Jeremy Patrix, Jerome Verny

Abstract:

As an enormous number of online services have been developed into web applications, security problems based on web applications are becoming more serious now. Most intrusion detection systems rely on each request to find the cyber-attack rather than on user behavior, and these systems can only protect web applications against known vulnerabilities rather than certain zero-day attacks. In order to detect new attacks, we analyze the HTTP protocols of web servers to divide them into two categories: normal attacks and malicious attacks. On the other hand, the quality of the results obtained by deep learning (DL) in various areas of big data has given an important motivation to apply it to cybersecurity. Deep learning for attack detection in cybersecurity has the potential to be a robust tool from small transformations to new attacks due to its capability to extract more high-level features. This research aims to take a new approach, deep learning to cybersecurity, to classify these two categories to eliminate attacks and protect web servers of the defense sector which encounters different web traffic compared to other sectors (such as e-commerce, web app, etc.). The result shows that by using a machine learning method, a higher accuracy rate, and a lower false alarm detection rate can be achieved.

Keywords: anomaly detection, HTTP protocol, logs, cyber attack, deep learning

Procedia PDF Downloads 178

Authors: M. Mutemwa

Abstract:

A Cybersecurity Operation Centre (SOC) is a centralized hub for network event monitoring and incident response. SOCs are critical when determining an organization’s cybersecurity posture because they can be used to detect, analyze and report on various malicious activities. For most organizations, a SOC is not part of the initial design and implementation of the Information Technology (IT) environment but rather an afterthought. As a result, it is not natively a plug and play component; therefore, there are integration challenges when a SOC is introduced into an organization. A SOC is an independent hub that needs to be integrated with existing procedures, policies and IT systems of an organization such as the service desk, ticket logging system, reporting, etc. This paper discussed the challenges of integrating a newly developed SOC to an organization’s existing IT environment. Firstly, the paper begins by looking at what data sources should be incorporated into the Security Information and Event Management (SIEM) such as which host machines, servers, network end points, software, applications, web servers, etc. for security posture monitoring. That is which systems need to be monitored first and the order by which the rest of the systems follow. Secondly, the paper also describes how to integrate the organization’s ticket logging system with the SOC SIEM. That is how the cybersecurity related incidents should be logged by both analysts and non-technical employees of an organization. Also the priority matrix for incident types and notifications of incidents. Thirdly, the paper looks at how to communicate awareness campaigns from the SOC and also how to report on incidents that are found inside the SOC. Lastly, the paper looks at how to show value for the large investments that are poured into designing, building and running a SOC.

Keywords: cybersecurity operation centre, incident response, priority matrix, procedures and policies

Procedia PDF Downloads 123