Search results

This paper aims to discuss the ethical aspects of hardware reverse engineering (HRE) and propose an ethical framework for HRE when used to mitigate cyber risks of the digital supply chain of critical infrastructure operators.

A thorough review and analysis of existing relevant literature was performed to establish the current state of knowledge in the field. Ethical frameworks proposed for other areas/disciplines and identified pertinent ethical principles have been used to inform the proposed framework’s development.

The proposed framework provides actionable guidance to security professionals engaged with such activities to support them in assessing whether an HRE project conforms to ethical principles. Recommendations on action needed to complement the framework are also proposed. According to the proposed framework, reverse engineering is neither unethical nor illegal if performed honourably. Collaboration with vendors and suppliers at an industry-wide level is critical for appropriately endorsing the proposed framework.

To the best of the authors’ knowledge, no ethical framework currently guides cybersecurity research, far less of cybersecurity vulnerability research and reverse engineering.

Cybersecurity attacks on critical infrastructures, businesses and nations are rising and have reached the interest of mainstream media and the public’s consciousness. Despite this increased awareness, humans are still considered the weakest link in the defense against an unknown attacker. Whatever the reason, naïve-, unintentional- or intentional behavior of a member of an organization, the result of an incident can have a considerable impact. A security policy with guidelines for best practices and rules should guide the behavior of the organization’s members. However, this is often not the case. This paper aims to provide answers to how cybersecurity-related behavior is assessed.

Research questions were formulated, and a systematic literature review (SLR) was performed by following the recommendations of the Preferred Reporting Items for Systematic Reviews and Meta-Analyses statement. The SLR initially identified 2,153 articles, and the paper reviews and reports on 26 articles.

The assessment of cybersecurity-related behavior can be classified into three components, namely, data collection, measurement scale and analysis. The findings show that subjective measurements from self-assessment questionnaires are the most frequently used method. Measurement scales are often composed based on existing literature and adapted by the researchers. Partial least square analysis is the most frequently used analysis technique. Even though useful insight and noteworthy findings regarding possible differences between manager and employee behavior have appeared in some publications, conclusive answers to whether such differences exist cannot be drawn.

Research gaps have been identified, that indicate areas of interest for future work. These include the development and employment of methods for reducing subjectivity in the assessment of cybersecurity-related behavior.

To the best of the authors’ knowledge, this is the first SLR on how cybersecurity-related behavior can be assessed. The SLR analyzes relevant publications and identifies current practices as well as their shortcomings, and outlines gaps that future research may bridge.

The purpose of this paper is to propose the integration of disaster recovery plan (DRP) objects development activities with the activities of the structured system analysis and design method (SSADM) methodology for developing an information system.

A step‐by‐step correlation of the SSADM methodology with DRP development activities is performed. By following this approach, a smaller system for emergency operations (DRP) can be designed in parallel with that for normal operations. Furthermore, the implementation of a normal operations system based on the requirements analysis and of an emergency operations system based on the critical business functions may follow the same line of reasoning.

The proposed enhancement brings benefits to both the organization and the system developer in terms of expenditure, self‐knowledge, personnel experience, reaction time, time and capability management and increase of competitiveness.

The practical acceptance of the proposed approach can drastically reduce the time elapsing between the completion of the normal operations system and the design of the emergency operations system. Moreover, the needs of the emergency operations system can be forecasted during the design of the normal operations system.

The paper extends the SSADM methodology by incorporating DRP development.

This paper aims to study an enterprise resource planning (ERP) software selection problem. The primary goal of this paper is to propose a two‐phase procedure to select an ERP vendor and a suitable ERP software.

In the first phase of the proposed method the preliminary actions – such as constructing a project team, collecting all possible information about ERP vendors and systems, and identifying the ERP system characteristics – are established. In the second phase, the authors present a modular approach to ERP vendor and software selection and propose a 0‐1 programming model to minimize total costs associated with procurement and integration expenditures.

The proposed approach and the model are considered to be more useful for small manufacturing enterprises (SMEs).

In using the model for analyzing the data about a real case study that is a commercial SME and based on obtained results, some parameter values of the model for all SMEs are suggested.

Education delivery via electronic media is becoming relevant in Nigeria educational systems, especially the universities. In spite of this, there are hindrances affecting the total acceptability of this technology.

In this paper, we investigated these critical factors by analyzing the questionnaires collected from three sampled universities in Nigeria: private, public and state owned universities.

The results obtained indicated that mass unawareness, low computer literacy level and cost were identified as the critical factors affecting the acceptability of the technology.

Analysis herein has shown the factors affecting the acceptability of e‐learning in Nigeria. The results obtained will assist policy makers by finding solutions to literacy problems in Nigeria.

Security information management (SIM) has emerged recently as a strong need to ensure the ongoing security of information systems. However, deploying a SIM and the associated sensors is a challenge in any organization, as the complexity and cost of such a project are difficult to bear. This paper aims to present an architecture for outsourcing a SIM platform, and discuss the issues associated with the deployment of such an environment.

The paper is an overview of the typical SIM and a possible architecture for its outsourcing.

The paper explains that the day‐to‐day operation of a SIM is beyond the financial capabilities of all but the largest organizations, as the SIM must be monitored constantly to ensure timely reaction to alerts. Many managed security services providers (MSSP), therefore, propose outsourcing the alert management activities. Sensors are deployed within the customer's infrastructure, and the alerts are sent to the outsourced SIM along with additional log information.

The paper illustrates that intrusion detection and SIM as two important and active research domains for information systems security.

The objective of this study was to investigate the placement, role, functioning, and human resource aspects of IT departments in Kuwaiti corporate companies in the banking and finance sector.

The results of this study are based on an interview‐based survey of IT managers in 17 banking, finance and investment companies in Kuwait. Data were collected through open‐ended interviews, focused upon the profile and organizational characteristics of IT operations, including placement, reporting relationship, role of managers, human resources, and internal organization. Information was collected about employment of servers, operating environments and applications of IT systems and networks these companies were using.

It has been found that most companies had elaborate IT functions where IT managers played a significant role. Large companies had built in‐house systems with little outsourcing while the majority of the other companies used turnkey systems and a great deal of outsourcing. Diversity was noted in system and network applications, related to the size and organizational needs of these companies. It was found that websites of most companies were static and these companies had to take firm initiatives if they had to adopt e‐commerce or electronic transactions.

This study has provided crucial understanding about the management of IT functions and applications in Kuwaiti companies.

Digital signatures are only enjoying a gradual and reluctant acceptance, despite the long existence of the relevant legal and technical frameworks. One of the major drawbacks of client‐generated digital signatures is the requirement for effective and secure management of the signing keys and the complexity of the cryptographic operations that must be performed by the signer. Outsourcing digital signatures to a trusted third party would be an elegant solution to the key management burden. Aims to investigate whether this is legally and technically feasible.

In this paper's approach a relying party trusts a Signature Authority (SA) for the tokens it issues, rather than a Certification Authority for the certificates it creates in a traditional public key infrastructure scheme.

The paper argues that passing the control of signature creation to a SA rather than the signer herself, is not a stronger concession than the dependence on an identity certificate issued by a Certification Authority.

The paper proposes a framework for outsourced digital signatures.

The paper aims at identifying key information technology enablers for business continuance.

The paper provides an analysis of the issues surrounding communication technology downtime and business continuity.

To be competitive, today's business has to be continuous from a data availability perspective and agile with regard to data access. System and/or application downtime are not an option in modern business since each hour, even minute, of downtime may generate negative financial effects. A framework for the design and implementation of a server operating environment for business continuance is presented.

Analyses an important issue in the business environment.