WP
Authored
13 records found
Risk Personalization
Governing Uncertain Collective Risk Through Individual Decisions
Individuals are regularly made responsible for risks they wish to take: one can consent to processing of personal data, and decide what to buy based on risk information on product labels. However, both large-scale processing of personal data and aggregated product choices may car
...
Bayesian network model to distinguish between intentional attacks and accidental technical failures
A case study of floodgates
Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attack
...
On the anatomy of social engineering attacks
A literature-based dissection of successful attacks
The aim of this study was to explore the extent to which persuasion principles are used in successful social engineering attacks. Seventy-four scenarios were extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenario was split into atta
...
Game mechanics and technological mediation
An ethical perspective on the effects of MMORPG’s
In the past decades, video games have grown from a niche market to one of the major entertainment media, enticing millions of players worldwide. When ethical aspects of video games are being debated, the discussion oftentimes revolves around effects of their content, such as viol
...
Cyberattacks against healthcare institutions threaten patient care. The risk of being targeted by a damaging attack is increased when medical devices are used which rely on unmaintained legacy software that cannot be replaced and may have publicly known vulnerabilities. This revi
...
Beyond individual-centric privacy
Information technology in social systems
In the public debate, social implications of information technology are mainly seen through the privacy lens. Impact assessments of information technology are also often limited to privacy impact assessments, which are focused on individual rights and well-being, as opposed to th
...
The hybrid victim
Re-conceptualizing high-tech cyber victimization through actor-network theory
Victims are often conceptualized as single, human and static entities with certain risk factors that make them more vulnerable and attractive for offenders. This framework is challenged by emerging forms of high-tech cybercrime, such as ransomware, botnets and virtual theft, in w
...
Cybersecurity as a Politikum
Implications of Security Discourses for Infrastructures
In the cybersecurity community it is common to think of security as a design feature for systems and infrastructures that may be difficult to balance with other requirements. What is less studied is how security requirements come about, for which reasons, and what their influence
...
Individual preferences in security risk decision making
An exploratory study under security professionals
Risk assessments in the (cyber) security domain are often, if not always, based on subjective expert judgement. For the first time, to the best of our knowledge, the individual preferences of professionals from the security domain are studied. In on online survey they are asked t
...
Portunes
Representing attack scenarios spanning through the physical, digital and social domain
The security goals of an organization are realized through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals by combining physical, digital an
...
Laptop theft
A case study on the effectiveness of security mechanisms in open organizations
Organizations rely on physical, technical and procedural mechanisms to protect their IT systems. Of all IT systems, laptops are the probably the most troublesome to protect, since they are easy to remove and conceal. When the thief has physical possession of the laptop, it is dif
...
Training students to steal
A practical assignment in computer security education
Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solution
...
The effectiveness of surveillance technology
What intelligence officials are saying
In recent years, Western governments have come under sharp criticism for their use of surveillance technology. They have been accused of sweeping up massive amounts of information without evidence of the technologies being effective in improving security. The view of critics is c
...
Contributed
7 records found
Cyberattack-Related Cascading Effects Mitigation
A Risk-based Approach for ICS Network Segmentation Design in Chemical Plants
Cascading effects are high-impact, low-probability phenomena that have caused catastrophic impacts in various chemical and process plants around the world. With the increasing trend of cyberattacks targeting critical infrastructures, there is a concern that accidents caused by cy
...
An empirical study into how cyber security professionals deal with uncertainty in information security risk assessments
Understanding perceptual aspects and judgment operations
The information security (IS) risk assessment process is an essential part to organisation's their protection of digital assets. However, the fast changing IS environment causes for limited knowledge of eventualities, dependencies and values of systems and phenomena. Consequently
...
Simulating ecosystem-level cybersecurity for the future generation of critical infrastructures
Exploring the impact of cyber-defensive strategies on critical infrastructures through agent-based modelling
The increased decentralisation and heterogeneity of critical infrastructure systems pose a threat to the safe and secure operation of critical infrastructures by complicating cybersecurity procedures. The increased frequency and impact of cyberthreats have led to the desire to de
...
Modelling Humanitarian Interaction
Exploring the factors that determine humanitarian interaction and the policies that influence them through agent-based modelling. The case of information security.
Humanitarian assistance is driven by data and information. Through the whole
chain of actions – from early warning systems to evaluation – information
determines priorities, resource allocation, and donors’ willingness to donate.
However, the potential harm that comes with data i
...
Analysing the impact of cyber insurance on the cyber security ecosystem
Utilising agent-based modelling to explore the effects of insurance policies
Cyberattacks are a constant threat to organisations worldwide. The uncertainty and difficulty of properly conducting cyber risk management processes do not make it easier for organisations to cope with cyberattacks. Cyber insurance can be a partial solution to the dilemma that or
...
What drives cybersecurity investment?
Organizational factors and perspectives from decision-makers
One of the leading perspectives from literature is that decisions about investments should be made based on a comprehensive cost-benefit analysis and on a cyber-risk assessment. However, many organizations do not undertake this sophisticated analyses due to the lack of available
...
Distinguishing Attacks and Failures in Industrial Control Systems
Knowledge-based Design of Bayesian Networks for Water Management Infrastructures
Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attack
...