The paper at hand presents the design of a survey aiming at the cyber-security culture assessment of critical infrastructures during the COVID-19 crisis, when living reality was heavily disturbed and working conditions fundamentally affected. The survey is rooted in a security culture framework layered into two levels, organizational and individual, further analyzed into 10 different security dimensions consisted of 52 domains. An in-depth questionnaire building analysis is presented focusing on the aims, goals, and expected results. It concludes with the survey implementation approach while underlining the framework’s first application and its revealing insights during a global crisis.
American Journal of Multidisciplinary Research and Development is indexed, refereed and peer-reviewed journal, which is designed to publish research articles.
A STUDY ON CYBER SECURITY AND ITS RISKS K. JeniferAM Publications
Cyber security is a basic term used nowadays by each and everyone in the world. It is appropriate to know about cyber security as everything became digitized in our day-today life, because digital world is the place where cyber crimes emerge. Securing the information has become one of the biggest challenges in the present day. Various measures are taken in order to prevent these cyber crimes, though cyber security is still a very big concern. In this paper I have made a study on cyber security, how far cyber crimes are increasing and what are the threats we should be aware of.
Combating Cybersecurity Challenges with Advanced AnalyticsCognizant
Using an AI-powered analytics platform, IT organizations can shift from a reactive approach to security breaches, to proactively identifying increasingly sophisticated threat vectors and quickly resolving exploitable vulnerabilities.
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...IJNSA Journal
Social engineering attacks can be severe and hard to detect. Therefore, to prevent such attacks, organizations should be aware of social engineering defense mechanisms and security policies. To that end, the authors developed a taxonomy of social engineering defense mechanisms, designed a survey to measure employee awareness of these mechanisms, proposed a model of Social Engineering InfoSec Policies (SE-IPs), and designed a survey to measure the incorporation level of these SE-IPs. After analyzing the data from the first survey, the authors found that more than half of employees are not aware of social engineering attacks. The paper also analyzed a second set of survey data, which found that on average, organizations incorporated just over fifty percent of the identified formal SE-IPs. Such worrisome results show that organizations are vulnerable to social engineering attacks, and serious steps need to be taken to elevate awareness against these emerging security threats.
American Journal of Multidisciplinary Research and Development is indexed, refereed and peer-reviewed journal, which is designed to publish research articles.
A STUDY ON CYBER SECURITY AND ITS RISKS K. JeniferAM Publications
Cyber security is a basic term used nowadays by each and everyone in the world. It is appropriate to know about cyber security as everything became digitized in our day-today life, because digital world is the place where cyber crimes emerge. Securing the information has become one of the biggest challenges in the present day. Various measures are taken in order to prevent these cyber crimes, though cyber security is still a very big concern. In this paper I have made a study on cyber security, how far cyber crimes are increasing and what are the threats we should be aware of.
Combating Cybersecurity Challenges with Advanced AnalyticsCognizant
Using an AI-powered analytics platform, IT organizations can shift from a reactive approach to security breaches, to proactively identifying increasingly sophisticated threat vectors and quickly resolving exploitable vulnerabilities.
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...IJNSA Journal
Social engineering attacks can be severe and hard to detect. Therefore, to prevent such attacks, organizations should be aware of social engineering defense mechanisms and security policies. To that end, the authors developed a taxonomy of social engineering defense mechanisms, designed a survey to measure employee awareness of these mechanisms, proposed a model of Social Engineering InfoSec Policies (SE-IPs), and designed a survey to measure the incorporation level of these SE-IPs. After analyzing the data from the first survey, the authors found that more than half of employees are not aware of social engineering attacks. The paper also analyzed a second set of survey data, which found that on average, organizations incorporated just over fifty percent of the identified formal SE-IPs. Such worrisome results show that organizations are vulnerable to social engineering attacks, and serious steps need to be taken to elevate awareness against these emerging security threats.
Security techniques for intelligent spam sensing and anomaly detection in onl...IJECEIAES
The recent advances in communication and mobile technologies made it easier to access and share information for most people worldwide. Among the most powerful information spreading platforms are the Online Social Networks (OSN)s that allow Internet-connected users to share different information such as instant messages, tweets, photos, and videos. Adding to that many governmental and private institutions use the OSNs such as Twitter for official announcements. Consequently, there is a tremendous need to provide the required level of security for OSN users. However, there are many challenges due to the different protocols and variety of mobile apps used to access OSNs. Therefore, traditional security techniques fail to provide the needed security and privacy, and more intelligence is required. Computational intelligence adds high-speed computation, fault tolerance, adaptability, and error resilience when used to ensure security in OSN apps. This research provides a comprehensive related work survey and investigates the application of artificial neural networks for intrusion detection systems and spam filtering for OSNs. In addition, we use the concept of social graphs and weighted cliques in the detection of suspicious behavior of certain online groups and to prevent further planned actions such as cyber/terrorist attacks before they happen.
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...IJMIT JOURNAL
Cyber security is one of the burning issues in modern world. Increased IT infrastructure has given rise to enormous chances of security breach. Bangladesh being a relatively new member of cyber security arena has its own demand and appeal. Digitalization is happening in Bangladesh for last few years at an appreciable rate. People are being connected to the worldwide web community with their smart devices. These devices have their own vulnerability issues as well as the data shared over the internet has a very good chances of getting breached. Common vulnerability issues like infecting the device with malware, Trojan, virus are on the rise. Moreover, a lack of proper cyber security policy and strategy might make the existing situation at the vulnerable edge of tipping point. Hence the upcoming new infrastructures will be at a greater risk if the issues are not dealt with at an early age. In this paper common vulnerability issues including their recent attacks on cyber space of Bangladesh, cyber security strategy and need for data privacy policy is discussed and analysed briefly.
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
http://bit.ly/Cybersecurite-sept14
Etude mondiale de PwC, CIO et CSO réalisée en ligne du 27 mars 2014 au 25 mai 2014. Les résultats présentés ici sont fondés sur les réponses de plus de 9700 CEO, CFO, CIO, RSSI, les OSC, les vice-présidents et des directeurs de l'information et des pratiques de sécurité de plus de 154 pays.
35 % des répondants sont d'Amérique du Nord, 34 % d'Europe, 14 % d'Asie-Pacifique, 13 % en Amérique du Sud, et 4 % du Moyen-Orient et d’Afrique.
Social media platform and Our right to privacyvivatechijri
The advancement of Information Technology has hastened the ability to disseminate information across the globe. In particular, the recent trends in ‘Social Networking’ have led to a spark in personally sensitive information being published on the World Wide Web. While such socially active websites are creative tools for expressing one’s personality it also entails serious privacy concerns. Thus, Social Networking websites could be termed a double edged sword. It is important for the law to keep abreast of these developments in technology. The purpose of this paper is to demonstrate the limits of extending existing laws to battle privacy intrusions in the Internet especially in the context of social networking. It is suggested that privacy specific legislation is the most appropriate means of protecting online privacy. In doing so it is important to maintain a balance between the competing right of expression, the failure of which may hinder the reaping of benefits offered by Internet technology
UNDERSTANDING TRAFFIC PATTERNS OF COVID-19 IOC IN HUGE ACADEMIC BACKBONE NETW...IJNSA Journal
Recently, APT (Advanced Persistent Threats) groups are using the COVID-19 pandemic as part of their cyber operations. In response to cyber threat actors, IoCs (Indicators of Compromise) are being provided to help us take some countermeasures. In this paper, we analyse how the coronavirus-based cyber attack unfolded on the academic infrastructure network SINET (The Science Information Network) based on the passive measurement with IoC. SINET is Japan's academic information infrastructure network. To extract and analyze the traffic patterns of the COVID-19 attacker group, we implemented a data flow pipeline for handling huge session traffic data observed on SINET. The data flow pipeline provides three functions: (1) identification the direction of the traffic, (2) filtering the port numbers, and (3) generation of the time series data. From the output of our pipeline, it is clear that the attacker's traffic can be broken down into several patterns. To name a few, we have witnessed (1) huge burstiness (port 25: FTP and high port applications), (3) diurnal patterns (port 443: SSL), and (3) periodic patterns with low amplitude (port 25: SMTP) We can conclude that some unveiled patterns by our pipeline are informative to handling security operations of the academic backbone network. Particularly, we have found burstiness of high port and unknown applications with the number of session data ranging from 10,000 to 35,000. For understanding the traffic patterns on SINET, our data flow pipeline can utilize any IoC based on the list of IP address for traffic ingress/egress identification and port filtering.
A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...IJNSA Journal
The number of disaster occurrences around the world based on the climate changes due to the global
warming has been indicating an increase. To prevent and cope with such disaster, a number of researches
have been actively conducted to combine the user location service as well as the sensor network
technology into the expanded IoT to detect the disaster at early stages. However, due to the appearance of
the new technologies, the scope of the security threat to the pre-existing system has been expanding. In this
thesis, the D-SASS using the beacon to provide the notification service to the disaster-involved area and
the safe service to the users is proposed. The LEA Algorithm is applied to the proposed system to design
the beacon protocol collected from the smartphone to safely receive the notification information. In
addition, for data protection of a notification system, LEA and SEED algorithms were applied, and a
comparative analysis was conducted.
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...ijtsrd
In today’s dynamic and technologically advanced world, the Internet has become one of the most innovative and rapidly growing technologies. With its rise, it has also become vulnerable to a significant increase in occurrences of cyber attacks, with detrimental effects. Typically, these cyber attacks are targeted at accessing, manipulating, or damaging confidential data, extracting users money, or extorting an organization’s or user’s private information. Sensitive information, whether intellectual property, financial data, confidential information, or other forms of private data are exposed to unauthorized access or disclosure, which can have adverse consequences. Protecting data has become one of the greatest obstacles today as cyber attacks are constantly escalating. Along with the growth of internet services and the advancement of information technology, the importance of cybersecurity is crucial. Cybersecurity aims to ensure that the security interests of the company and users assets are protected and preserved against relevant cyber threats in the digital world. The data and confidentiality of computing assets pertaining to the network of an organization are protected by cybersecurity. This paper mainly focuses on threats and issues in cybersecurity facing modern technologies. It also focuses on the latest cybersecurity strategies and developments that are transforming the face of cybersecurity. Omkar Veerendra Nikhal "An Analytical Study on Attacks and Threats in Cyber Security and its Evolving Trends on Modern Technologies" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd38195.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/38195/an-analytical-study-on-attacks-and-threats-in-cyber-security-and-its-evolving-trends-on-modern-technologies/omkar-veerendra-nikhal
This presentation examines to what extent that cyber-insurance can be a useful tool to manage the risks and harms caused by massive cyber-attacks from the national as opposed to enterprise standpoint,
DESIGN OF A SECURE DISASTER NOTIFICATION SYSTEM USING THE SMARTPHONE BASED BE...csandit
The number of disaster occurrences around the world based on the climate changes due to the global warming has been indicating an increase. To prevent and cope with such disaster, a number of researches have been actively conducted to combine the user location service as well as the sensor network technology into the expanded IoT to detect the disaster at early stages. However, due to the appearance of the new technologies, the scope of the security threat to the pre-existing system has been expanding. In this thesis, the D-SASS using the beacon to provide the notification service to the disaster-involved region and the safe service to the users is proposed. The LEA Algorithm is applied to the proposed system to design the beacon protocol collected from the smartphone to safely receive the notification information as well as to provide the confidentiality during the data transfer between smartphone and notification server.
A Systematic Review of Android Malware Detection TechniquesCSCJournals
Malware detection is a significant key to Android application security. Malwares threat to Android users is increasing day by day. End users need security because they use mobile device to communicate information. Therefore, developing malware detection and control technology should be a priority. This research has extensively explored various state of the art techniques and mechanisms to detect malwares in Android applications by systematic literature review. It categorized the current researches into static, dynamic and hybrid approaches. This research work identifies the limitation and strength current research work. According to the restrictions of current malware detection technologies, it can conclude that detection technologies that use statistical analysis consume more time, energy and resources as compare to machine learning techniques. The results obtained from this research work reinforce the assertion that detection approaches designed for Android malware do not produce 100% efficient detection accuracy.
Information Sharing of Cyber Threat Intelligence with their Issue and Challengesijtsrd
Today threat landscape growing at the rapid rate with much organization continuously face complex and malicious cyber threats. In today's Internet connected world where technologies support almost every feature of our society, cyber security and forensic specialists are increasingly distributing with wide ranging cyber threats in almost. real time conditions. The capability to detect, analyze, and defend against such threats in near real time conditions is not possible without the employment of threat intelligence, big data, and machine learning techniques. Cyber Threat Intelligence CTI has become a hot topic and being under consideration for many organizations to counter the rise of cyber attacks. The vast majority of information security challenges we face today are the result of serendipitous and naive decisions made in the early stages of the Internet. Khin Myat Nwe Win | Yin Myo Kay Khine Thaw "Information Sharing of Cyber Threat Intelligence with their Issue and Challenges" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26504.pdfPaper URL: https://www.ijtsrd.com/computer-science/computer-security/26504/information-sharing-of-cyber-threat-intelligence-with-their-issue-and-challenges/khin-myat-nwe-win
American Journal of Multidisciplinary Research and Development is indexed, refereed and peer-reviewed journal, which is designed to publish research articles.
Cyber attack awareness and prevention in network securityIJICTJOURNAL
This article aims to provide an overview of cyber attack awareness and prevention in network security. This article discussed the different types of cyber attacks, current trends of cyber attacks, how to prevent cyber attacks and uum students' awareness of cyber attacks. First, we will go over the different types of cyber attack, current trend, impact of cyber attack and the prevention. The approach entailed comparing and observing the outcomes of 13 different papers. The survey's findings would demonstrate the results obtained after analyzing the data collection which are the questionnaire filled out by respondents after watching the cyber attack awareness video to improve awareness of students through the cyber attack. Depending on the outcome of this survey, we will have a better understanding of current students' knowledge and awareness of cyber attacks, allowing us to improve students' understanding of cyber threats and the necessity of cyber security.
Information Risk Insurance Concept and Basic Aspectsijtsrd
The article discusses the essence and history of the emergence of information insurance, identifies the stages, features and problems of the development of insurance of information risks at the present time. The article touches upon such an urgent topic for modern reality as insurance of information risks. Analyzed the characteristic features and the need for this type of insurance. The author considers insurance as the main financial method of information risk management. Particular attention is paid to information risks and their insurance. The work describes in detail the objects of insurance, types of insurance risks. The insurance contract is considered, the main stages of its life cycle are reflected. Holboev A. Yu. "Information Risk Insurance: Concept and Basic Aspects" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-1 , December 2021, URL: https://www.ijtsrd.com/papers/ijtsrd47910.pdf Paper URL: https://www.ijtsrd.com/management/other/47910/information-risk-insurance-concept-and-basic-aspects/holboev-a-yu
Security techniques for intelligent spam sensing and anomaly detection in onl...IJECEIAES
The recent advances in communication and mobile technologies made it easier to access and share information for most people worldwide. Among the most powerful information spreading platforms are the Online Social Networks (OSN)s that allow Internet-connected users to share different information such as instant messages, tweets, photos, and videos. Adding to that many governmental and private institutions use the OSNs such as Twitter for official announcements. Consequently, there is a tremendous need to provide the required level of security for OSN users. However, there are many challenges due to the different protocols and variety of mobile apps used to access OSNs. Therefore, traditional security techniques fail to provide the needed security and privacy, and more intelligence is required. Computational intelligence adds high-speed computation, fault tolerance, adaptability, and error resilience when used to ensure security in OSN apps. This research provides a comprehensive related work survey and investigates the application of artificial neural networks for intrusion detection systems and spam filtering for OSNs. In addition, we use the concept of social graphs and weighted cliques in the detection of suspicious behavior of certain online groups and to prevent further planned actions such as cyber/terrorist attacks before they happen.
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...IJMIT JOURNAL
Cyber security is one of the burning issues in modern world. Increased IT infrastructure has given rise to enormous chances of security breach. Bangladesh being a relatively new member of cyber security arena has its own demand and appeal. Digitalization is happening in Bangladesh for last few years at an appreciable rate. People are being connected to the worldwide web community with their smart devices. These devices have their own vulnerability issues as well as the data shared over the internet has a very good chances of getting breached. Common vulnerability issues like infecting the device with malware, Trojan, virus are on the rise. Moreover, a lack of proper cyber security policy and strategy might make the existing situation at the vulnerable edge of tipping point. Hence the upcoming new infrastructures will be at a greater risk if the issues are not dealt with at an early age. In this paper common vulnerability issues including their recent attacks on cyber space of Bangladesh, cyber security strategy and need for data privacy policy is discussed and analysed briefly.
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
http://bit.ly/Cybersecurite-sept14
Etude mondiale de PwC, CIO et CSO réalisée en ligne du 27 mars 2014 au 25 mai 2014. Les résultats présentés ici sont fondés sur les réponses de plus de 9700 CEO, CFO, CIO, RSSI, les OSC, les vice-présidents et des directeurs de l'information et des pratiques de sécurité de plus de 154 pays.
35 % des répondants sont d'Amérique du Nord, 34 % d'Europe, 14 % d'Asie-Pacifique, 13 % en Amérique du Sud, et 4 % du Moyen-Orient et d’Afrique.
Social media platform and Our right to privacyvivatechijri
The advancement of Information Technology has hastened the ability to disseminate information across the globe. In particular, the recent trends in ‘Social Networking’ have led to a spark in personally sensitive information being published on the World Wide Web. While such socially active websites are creative tools for expressing one’s personality it also entails serious privacy concerns. Thus, Social Networking websites could be termed a double edged sword. It is important for the law to keep abreast of these developments in technology. The purpose of this paper is to demonstrate the limits of extending existing laws to battle privacy intrusions in the Internet especially in the context of social networking. It is suggested that privacy specific legislation is the most appropriate means of protecting online privacy. In doing so it is important to maintain a balance between the competing right of expression, the failure of which may hinder the reaping of benefits offered by Internet technology
UNDERSTANDING TRAFFIC PATTERNS OF COVID-19 IOC IN HUGE ACADEMIC BACKBONE NETW...IJNSA Journal
Recently, APT (Advanced Persistent Threats) groups are using the COVID-19 pandemic as part of their cyber operations. In response to cyber threat actors, IoCs (Indicators of Compromise) are being provided to help us take some countermeasures. In this paper, we analyse how the coronavirus-based cyber attack unfolded on the academic infrastructure network SINET (The Science Information Network) based on the passive measurement with IoC. SINET is Japan's academic information infrastructure network. To extract and analyze the traffic patterns of the COVID-19 attacker group, we implemented a data flow pipeline for handling huge session traffic data observed on SINET. The data flow pipeline provides three functions: (1) identification the direction of the traffic, (2) filtering the port numbers, and (3) generation of the time series data. From the output of our pipeline, it is clear that the attacker's traffic can be broken down into several patterns. To name a few, we have witnessed (1) huge burstiness (port 25: FTP and high port applications), (3) diurnal patterns (port 443: SSL), and (3) periodic patterns with low amplitude (port 25: SMTP) We can conclude that some unveiled patterns by our pipeline are informative to handling security operations of the academic backbone network. Particularly, we have found burstiness of high port and unknown applications with the number of session data ranging from 10,000 to 35,000. For understanding the traffic patterns on SINET, our data flow pipeline can utilize any IoC based on the list of IP address for traffic ingress/egress identification and port filtering.
A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...IJNSA Journal
The number of disaster occurrences around the world based on the climate changes due to the global
warming has been indicating an increase. To prevent and cope with such disaster, a number of researches
have been actively conducted to combine the user location service as well as the sensor network
technology into the expanded IoT to detect the disaster at early stages. However, due to the appearance of
the new technologies, the scope of the security threat to the pre-existing system has been expanding. In this
thesis, the D-SASS using the beacon to provide the notification service to the disaster-involved area and
the safe service to the users is proposed. The LEA Algorithm is applied to the proposed system to design
the beacon protocol collected from the smartphone to safely receive the notification information. In
addition, for data protection of a notification system, LEA and SEED algorithms were applied, and a
comparative analysis was conducted.
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...ijtsrd
In today’s dynamic and technologically advanced world, the Internet has become one of the most innovative and rapidly growing technologies. With its rise, it has also become vulnerable to a significant increase in occurrences of cyber attacks, with detrimental effects. Typically, these cyber attacks are targeted at accessing, manipulating, or damaging confidential data, extracting users money, or extorting an organization’s or user’s private information. Sensitive information, whether intellectual property, financial data, confidential information, or other forms of private data are exposed to unauthorized access or disclosure, which can have adverse consequences. Protecting data has become one of the greatest obstacles today as cyber attacks are constantly escalating. Along with the growth of internet services and the advancement of information technology, the importance of cybersecurity is crucial. Cybersecurity aims to ensure that the security interests of the company and users assets are protected and preserved against relevant cyber threats in the digital world. The data and confidentiality of computing assets pertaining to the network of an organization are protected by cybersecurity. This paper mainly focuses on threats and issues in cybersecurity facing modern technologies. It also focuses on the latest cybersecurity strategies and developments that are transforming the face of cybersecurity. Omkar Veerendra Nikhal "An Analytical Study on Attacks and Threats in Cyber Security and its Evolving Trends on Modern Technologies" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd38195.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/38195/an-analytical-study-on-attacks-and-threats-in-cyber-security-and-its-evolving-trends-on-modern-technologies/omkar-veerendra-nikhal
This presentation examines to what extent that cyber-insurance can be a useful tool to manage the risks and harms caused by massive cyber-attacks from the national as opposed to enterprise standpoint,
DESIGN OF A SECURE DISASTER NOTIFICATION SYSTEM USING THE SMARTPHONE BASED BE...csandit
The number of disaster occurrences around the world based on the climate changes due to the global warming has been indicating an increase. To prevent and cope with such disaster, a number of researches have been actively conducted to combine the user location service as well as the sensor network technology into the expanded IoT to detect the disaster at early stages. However, due to the appearance of the new technologies, the scope of the security threat to the pre-existing system has been expanding. In this thesis, the D-SASS using the beacon to provide the notification service to the disaster-involved region and the safe service to the users is proposed. The LEA Algorithm is applied to the proposed system to design the beacon protocol collected from the smartphone to safely receive the notification information as well as to provide the confidentiality during the data transfer between smartphone and notification server.
A Systematic Review of Android Malware Detection TechniquesCSCJournals
Malware detection is a significant key to Android application security. Malwares threat to Android users is increasing day by day. End users need security because they use mobile device to communicate information. Therefore, developing malware detection and control technology should be a priority. This research has extensively explored various state of the art techniques and mechanisms to detect malwares in Android applications by systematic literature review. It categorized the current researches into static, dynamic and hybrid approaches. This research work identifies the limitation and strength current research work. According to the restrictions of current malware detection technologies, it can conclude that detection technologies that use statistical analysis consume more time, energy and resources as compare to machine learning techniques. The results obtained from this research work reinforce the assertion that detection approaches designed for Android malware do not produce 100% efficient detection accuracy.
Information Sharing of Cyber Threat Intelligence with their Issue and Challengesijtsrd
Today threat landscape growing at the rapid rate with much organization continuously face complex and malicious cyber threats. In today's Internet connected world where technologies support almost every feature of our society, cyber security and forensic specialists are increasingly distributing with wide ranging cyber threats in almost. real time conditions. The capability to detect, analyze, and defend against such threats in near real time conditions is not possible without the employment of threat intelligence, big data, and machine learning techniques. Cyber Threat Intelligence CTI has become a hot topic and being under consideration for many organizations to counter the rise of cyber attacks. The vast majority of information security challenges we face today are the result of serendipitous and naive decisions made in the early stages of the Internet. Khin Myat Nwe Win | Yin Myo Kay Khine Thaw "Information Sharing of Cyber Threat Intelligence with their Issue and Challenges" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26504.pdfPaper URL: https://www.ijtsrd.com/computer-science/computer-security/26504/information-sharing-of-cyber-threat-intelligence-with-their-issue-and-challenges/khin-myat-nwe-win
American Journal of Multidisciplinary Research and Development is indexed, refereed and peer-reviewed journal, which is designed to publish research articles.
Cyber attack awareness and prevention in network securityIJICTJOURNAL
This article aims to provide an overview of cyber attack awareness and prevention in network security. This article discussed the different types of cyber attacks, current trends of cyber attacks, how to prevent cyber attacks and uum students' awareness of cyber attacks. First, we will go over the different types of cyber attack, current trend, impact of cyber attack and the prevention. The approach entailed comparing and observing the outcomes of 13 different papers. The survey's findings would demonstrate the results obtained after analyzing the data collection which are the questionnaire filled out by respondents after watching the cyber attack awareness video to improve awareness of students through the cyber attack. Depending on the outcome of this survey, we will have a better understanding of current students' knowledge and awareness of cyber attacks, allowing us to improve students' understanding of cyber threats and the necessity of cyber security.
Information Risk Insurance Concept and Basic Aspectsijtsrd
The article discusses the essence and history of the emergence of information insurance, identifies the stages, features and problems of the development of insurance of information risks at the present time. The article touches upon such an urgent topic for modern reality as insurance of information risks. Analyzed the characteristic features and the need for this type of insurance. The author considers insurance as the main financial method of information risk management. Particular attention is paid to information risks and their insurance. The work describes in detail the objects of insurance, types of insurance risks. The insurance contract is considered, the main stages of its life cycle are reflected. Holboev A. Yu. "Information Risk Insurance: Concept and Basic Aspects" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-1 , December 2021, URL: https://www.ijtsrd.com/papers/ijtsrd47910.pdf Paper URL: https://www.ijtsrd.com/management/other/47910/information-risk-insurance-concept-and-basic-aspects/holboev-a-yu
This research report studies the economic impact that Cyber Security attacks have on
society as a whole. The aim of this analysis is to examine the negative and positive
impact of these compromises on multiple entities. Our descriptive analysis focuses on
individuals, private and public organizations, costs, revenues, innovations, and jobs to
determine if proliferations of these attacks are either, negative or positive. Although this
paper draws upon the economic factors as result of cyber-attacks, it looks at the outlay
in its historical context of capital expenditures to private and public organizations due to
the increased number of compromises and factors of this paradigm helping to fuel the
growth of innovations or spawn a new industry as a whole
This research report studies the economic impact that Cyber Security attacks have on society as a whole. The aim of this analysis is to examine the negative and positive impact of these compromises on multiple entities. Our descriptive analysis focuses on individuals, private and public organizations, costs, revenues, innovations, and jobs to determine if proliferation's of these attacks are either, negative or positive. Although this
paper draws upon the economic factors as result of cyber-attacks, it looks at the outlay in its historical context of capital expenditures to private and public organizations due to the increased number of compromises and factors of this paradigm helping to fuel the growth of innovations or spawn a new industry as a whole.
In this study, machine learning is examined in relation to commercial machine learning's resilience to the COVID-19 pandemic-related crisis. Two approaches are used to assess the pandemic's impact on machine learning risk, as well as a method to prioritize sectors according to the crisis's potential negative consequences. I conducted the study to determine Santander machine learning's resilience. The data mining area offers prospects for COVID-19's future. A total of 13 machine learning demos were selected for its organization. The Hellweg strategy and the technique for order preference by similarity to ideal solution (TOPSIS) technique were utilized as direct request strategies. Parametric assessment of machine learning versatility in business was based on capital sufficiency, liquidity proportion, market benefits, and share in an arrangement of openings with a perceived disability, and affectability of machine learning's credit portfolio to monetary hazard. As a result of the COVID-19 pandemic, these enterprises were ranked according to their threat. Based on the findings of the research, machine learning worked the best for the pandemic. Meanwhile, machine learning suffered the most during the downturn. It can be seen, for example, in conversations about the impact of the pandemic on developing business sector soundness and managing financial framework solidity risk.
A Bring Your Own Device Risk Assessment ModelCSCJournals
Bring Your Own Device (BYOD), a technology where individuals or employees use their own devices on the organization’s network to perform tasks assigned to them by the organization has been widely embraced. The reasons for adoption are diverse in every organization. In spite of the security control strategies implemented by these organizations to safeguard their information resources, there has been an upsurge in information security breaches as a result of existing vulnerabilities in these systems and the legacy systems in use. Various approaches have been employed to deal with security challenges in BYOD, but according to literature, risk assessment has proved to be the first key step towards improving security of the BYOD environment in an enterprise. Risk assessment models have been proposed by various researchers, although, most are largely influenced by the degree of technological advancement and utilization as well as the working cultures within institutions. The existing models were largely developed in technologically advanced countries and thus do not fit well in developing countries. This study sought to develop flexible BYOD risk assessment model that can be adopted by varied institutions to secure their information resources. The study was carried out in Five (5) purposively selected state universities in Kenya. The research adopted a mixed research design approach with mixed sampling technique utilized to select the participants. Reliability and validity of data collection tools were evaluated and recommended by IT security and network experts. The qualitative and quantitative data was collected by interviewing experts and administering a questionnaire to sampled participants. The developed model was validated both statistically and by experts. The findings revealed that threats and vulnerabilities contributed to 39.9% and 69.2% respectively to the risk of the BYOD environment while Data Encryption (DE) and Software Updates (SU) came out strongly as intervening variables which have a major impact on the relationship between the dependent and independent variables.
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...SG Analytics
However, the adoption of cloud-based cybersecurity products and the advent of IoT security across organizations is likely to create lucrative opportunities for the entire ecosystem; businesses, governments, and cybersecurity vendors.
Visit: https://www.sganalytics.com/blog/increasing-cyberattacks-resulting-in-a-demand-for-cybersecurity-solutions/
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
Social engineering is a major threat to organizations as more and more companies digitize operations and increase connectivity through the internet. After defining social engineering and the problems it presents, this study offers a critical review of existing protection measures, tools, and policies for organizations to combat cyber security social engineering. Through a systematic review of recent studies published on the subject, our analysis identifies the need to provide training for employees to ensure they understand the risks of social engineering and how best to avoid becoming a victim. Protection measures include awareness programs, training of non-technical staff members, new security networks, software usage, and security protocols to address social engineering threats.
CYBERCRIME AWARENESS ON SOCIAL MEDIA: A COMPARISON STUDYIJNSA Journal
The popularity of social media has not waned since it gained popularity in the early 2000s. Social networks such as Facebook, YouTube, Twitter, and Snapchat boast billions of active users worldwide. Social media remains an invaluable tool to both organizations and individuals because of the ease of sharing information and media and the ability to both reach and engage specific audiences of interest. Due to its massive user base, communication ease, and data sharing, social media presents fertile ground for the conduct of cybercrime. Cybercriminals actively target social media users, use social media to facilitate their cybercrime activities, and advertise their criminal activities on social media. The potential dangers of cybercrime on social media necessitate that organizations institute cybercrime on social media policies to guard against these threats and provide employees with cybercrime awareness on social media (CASM) training. CASM is important as corporate and personal use of social media becomes increasingly blurred. This study attempted to measure the CASM scores of employees in security-critical sectors and determine if hearing disability had any impact on the CASM scores. Employees of the education, finance, government, information technology, legal, medicine, military, and Policing sectors in the United States were surveyed. Results showed that the CASM score was average across all sectors. No statistically significant difference in CASM score was found between groups with and without hearing difficulties, although CASM scores were slightly lower for employees with hearing difficulties. The results suggested that more CASM training is needed for employees in the surveyed sectors.
Governments, military, organizations, financial institutions, universities and other businesses collected, process and store a large amount of confidential information and data on computers and transmit that data over networks to other computers. With the continuous rapid growth of volume and sophistication of cyberattacks, quick attempts are required to secure sensitive business and personal information, as well as to protect national security. The paper details about the nature of cyberspace and shows how the internet is unsecure to transmit the confidential and financial information. We demonstrate that hacking is now common and harmful for global economy and security and presented the various methods of cyber attacks in India and worldwide. M. Swetha | L. Prabha | S. Rajadharani "Cyber Security Intelligence" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29261.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/29261/cyber-security-intelligence/m-swetha
COVID 19 has been a caution light worldwide. We must realise that this calamity or crisis happen and is inevitable. It has provoked previously inconceivable uses of technology in all walks of life. Among the socio economic disturbance caused by covid 19, technology will play a vital role in rebuilding the future. This technology transformation or reshaping will result in a contact less society. The current collaboration tools provide for substandard interactions. This review article is an attempt to check out the importance of technology post COVID 19 so that another pandemic would see mankind facing it with modern technologies. Aleena Sabrin | Ajmal Ali | Sarath Krishnan T | Dr. Noha Laj "Technology Post COVID19 - A Review" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33648.pdf Paper Url: https://www.ijtsrd.com/engineering/civil-engineering/33648/technology-post-covid19--a-review/aleena-sabrin
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Hierarchical Digital Twin of a Naval Power SystemKerry Sado
A hierarchical digital twin of a Naval DC power system has been developed and experimentally verified. Similar to other state-of-the-art digital twins, this technology creates a digital replica of the physical system executed in real-time or faster, which can modify hardware controls. However, its advantage stems from distributing computational efforts by utilizing a hierarchical structure composed of lower-level digital twin blocks and a higher-level system digital twin. Each digital twin block is associated with a physical subsystem of the hardware and communicates with a singular system digital twin, which creates a system-level response. By extracting information from each level of the hierarchy, power system controls of the hardware were reconfigured autonomously. This hierarchical digital twin development offers several advantages over other digital twins, particularly in the field of naval power systems. The hierarchical structure allows for greater computational efficiency and scalability while the ability to autonomously reconfigure hardware controls offers increased flexibility and responsiveness. The hierarchical decomposition and models utilized were well aligned with the physical twin, as indicated by the maximum deviations between the developed digital twin hierarchy and the hardware.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
Fundamentals of Electric Drives and its applications.pptx
DESIGNING A CYBER-SECURITY CULTURE ASSESSMENT SURVEY TARGETING CRITICAL INFRASTRUCTURES DURING COVID-19 CRISIS
1. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
DOI: 10.5121/ijnsa.2021.13103 33
DESIGNING A CYBER-SECURITY CULTURE
ASSESSMENT SURVEY TARGETING CRITICAL
INFRASTRUCTURES DURING COVID-19 CRISIS
Anna Georgiadou, Spiros Mouzakitis, and Dimitris Askounis
Decision Support Systems Laboratory, National Technical University of Athens, Iroon
Polytechniou 9, 15780 Zografou, Greece
ABSTRACT
The paper at hand presents the design of a survey aiming at the cyber-security culture assessment of
critical infrastructures during the COVID-19 crisis, when living reality was heavily disturbed and working
conditions fundamentally affected. The survey is rooted in a security culture framework layered into two
levels, organizational and individual, further analyzed into 10 different security dimensions consisted of 52
domains. An in-depth questionnaire building analysis is presented focusing on the aims, goals, and
expected results. It concludes with the survey implementation approach while underlining the framework’s
first application and its revealing insights during a global crisis.
KEYWORDS
Cybersecurity Culture, Assessment Survey, COVID-19 Pandemic, Critical Infrastructures
1. INTRODUCTION
Coronavirus disease 2019, widely known as COVID-19, is an infectious disease caused by severe
acute respiratory syndrome coronavirus 2 (SARS-CoV-2) [1]. The disease was first detected in
late 2019 in the city of Wuhan, the capital of China's Hubei province[2]. In March 2020, the
World Health Organization (WHO) declared the COVID-19 outbreak a pandemic [3]. Today,
with more than 11 million confirmed cases in 188 countries and at least half a million casualties,
the virus is continuing its spread across the world. While epidemiologists argue that the crisis is
not even close to being over, it soon becomes apparent that “the COVID-19 pandemic is far more
than a health crisis: it is affecting societies and economies at their core” [4].
Terms such as “Great Shutdown” and “Great Lockdown” [5, 6, 7] have been introduced to
attribute the major global recession which arose as an economic consequence of the ongoing
COVID-19 pandemic. The first noticeable indication of the accruing recession was the 2020
stock market crash on the 20th of February. International Monetary Fund (IMF) in the April
World Economic Outlook projected global growth in 2020 to fall to -3 percent. This is a
downgrade of 6.3 percentage points from January 2020, making the “Great Lockdown” the worst
recession since the Great Depression, and far worse than the Global Financial Crisis [7].
According to the International Labour Organization (ILO) Monitor, published on 7th April 2020,
full or partial lockdown measures are affecting almost 2.7 billion workers, representing around
81% of the world’s workforce [8].
Organizations from various business domains and operation areas globally try to survive this
unprecedented financial crisis by investing their hopes, efforts, and working reality on
2. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
34
information technology and digitalization. The workforce is being encouraged and facilitated on
teleworking while most products and services become available over the web while, in many
cases, transforming and adjusting to current rather demanding reality. However, the
aforementioned organiations face another, not that apparent, COVID-19 side-effect: the cyber-
crime increase.
The increase in the population percentage connected to the World Wide Web, the expansion of
time spent online, combined with the sense of confinement and the anxiety and fear generated
from the lockdown, seem to catalyzeaction of cyber-criminals. Coronavirus has rapidly reshaped
the dark web activities, as buyers and sellers seize the opportunity to capitalizeon global fears, as
well as dramatic shifts in supply and demand. Phishing emails, social engineering attacks,
malware, ransom ware and spyware, medical related scums, investment opportunities frauds, are
only a few examples of the cyber-crime incidents reported during the crisis period [9, 10].
INTERPOL’s Cybercrime Threat Response team has detected and reported a significant increase
in the number of attempted ransom ware attacks against key organizations and infrastructure
engaged in the virus response. Cybercriminals are using ransom ware to hold hospitals and
medical care services digitally hostage; preventing them from accessing vital files and systems
until a ransom is paid[11].
Cyber-security agencies, organizations, and experts worldwide have issued recommendations and
proposed safeguard measures to assist individuals and corporations defend against cyber-crime.
While the virus is dominating in every aspect of our daily lives and human interaction is being
substituted by digital transactions, cybersecurity gains the role it was deprived from during the
last years. The question that remains unanswered, given the circumstances, is: What are the
COVID-19 pandemic cyber-security culture side-effects on both individual and organizational
level?
The manuscript at hand presents the design and rollout plan of a survey aiming to assess the
cyber-security culture during the COVID-19 pandemic in the critical infrastructure domain.
Section 2 presents background information regarding the importance of public cyber-security
surveys conducted over the years, emphasizingon the variety and originality of their findings.
Building upon their approach, a detailed methodology is reported in Sections 3 & 4, in an effort
to develop a brief, targeted and comprehensible survey for the assessment of the cybersecurity
readiness of organizations during the crisis with emphasis on employees’ feelings, thoughts,
perspective, individuality. In Section 5, we sketch the survey next steps towards its conduction
and fruitful completion. Finally, Section 6 concludes by underlying the importance of our survey
reasoning while focusing on the challenging scientific opportunities that arise from it.
2. BACKGROUND
Over the last decades, cybersecurity surveys have been a powerful asset to academics and
information security professionals seeking to explore the ever-changing technological reality.
Their goal was to uncover current trends in cyber threats, organizations' investment priorities,
cloud security solutions, threat management, application security, security training and
certification, and more.
Initially, they were narrowed down and addressed to certain participants depending on the nature
and specific purpose of each survey. A lighthouse representative of this kind was the Computer
Crime & Security Survey conducted by the Computer Security Institute (CSI) with the
participation of the San Francisco Federal Bureau of Investigation’s (FBI) Computer Intrusion
3. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
35
Squad. This annual survey, during its 15 years of life (starting from 1995 and reaching up to
2010), was probably one of the longest-running continuous surveys in the information security
field[12]. This far-reaching study provided unbiased information and analysis about targeted
attacks, unauthorized access, incident response, organizational economic decisions regarding
computer security and risk management approaches based on the answers provided by computer
security practitioners in U.S. corporations, government agencies, financial institutions, medical
institutions and universities.
Following their lead, many public and private sector organizations are seeking revealing findings
that will help them calibrate their operations and improve their overall presence in the business
world via cybersecurity surveys. Healthcare Information and Management Systems Society
(HIMSS) focusing on the health sector[13]; ARC Advisory Group targeting Industrial Control
Systems (ICS) in critical infrastructures such as energy and water supply, as well as in process
industries, including oil, gas and chemicals [14]; SANS exploring the challenges involved with
the design, operation and risk management of ICS, its cyber assets and communication protocols,
and supporting operations[15]; Deloitte in conjunction with Wakefield Research interviewing C-
level executives who oversee cybersecurity at companies [16]; these being only some of the
countless examples available nowadays.
Current trend in the cybersecurity surveys seems to be broadening their horizon by making them
available and accessible through the internet [17, 18]. Since their goal is to reach out and attract
more participants, thus enriching the collected data and, consequently, enforcing their results,
tend to be shorter, more comprehensive to the majority of average users and apparently web-
based.
Recognizing the unique value of this undisputable fruitful security evaluation methodology and
rushing from the special working and living circumstances due to the COVID-19 pandemic, we
identified the research opportuning to evaluate how this crisis has affected the cybersecurity
culture of both individuals and organizations across the suffering globe. Security threats, frauds,
breaches & perils have been brought to the light, recommendations have been given and
precautions have been made [19, 20, 21]. What about the cybersecurity culture and its potential
scars from this virus? Addressing this concern was our aim when designing, conducting and
analyzing the survey presented in this paper.
3. SECURITY CULTURE FRAMEWORK
During the last years, our research efforts have been focusing on cyber-security in terms of tools,
standards, frameworks and marketplace solutions especially targeting the human element. We
have benchmarked the dominant reveals on the field, classified their possibilities and analyzed
their core security factors. Having identified their gaps and overlaps, common grounds and
differentiation and thoroughly studied several academic principles regarding information
security, including technical analyses, algorithmic frameworks, mathematical models, statistical
computations, behavioral, organizational and criminological theories, we have created a
foundation combining the elements that constitute the critical cyber-security culture elements
[22]. The suggested cybersecurity culture framework is based on a domain agnostic security
model combining the key factors affecting and formulating the cybersecurity culture of an
organization. It is layered into two levels, organizational and individual, analyzed into 10
different security dimensions consisted of 52 domains assessed by more than 500 controls. This
hierarchical approach is being presented in Figure 1. Table 2 and Table 4list dimensions, domains
and indicative controls in an attempt to unfold to the reader the generalized philosophy of our
framework.
4. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
36
Figure 1. Cyber-Security Culture Model: Main Concepts
Table 1.Organisational Levelpresenting indicative controls
Dimension Domain Indicative Controls
Assets Application
Software
Security
Do you only use up-to-date and trusted third-party
components for the software developed by the organization?
Do you apply static and dynamic analysis tools to verify that
secure coding practices are being adhered to for internally
developed software?
Data Security and
Privacy
Do you maintain an inventory of all sensitive information
stored, processed, or transmitted by the organization’s
technology systems, including those located on-site or at a
remote service provider?
Have you ensured that sensitive data or systems are not
regularly accessed by the organization from the network?
Hardware Assets
Management
Do you employ integrity checking mechanisms to verify
hardware integrity?
Do you maintain an accurate and up-to-date inventory of all
assets with the potential to store or process information?
Hardware
Configuration
Management
Have you established and do you maintain secure
configuration management processes (e.g. when servicing
field devices or updating their firmware)?
Do you store the master images and templates on securely
configured servers, validated with integrity monitoring tools,
to ensure that only authorized changes to the images are
possible?
Information
Resources
Management
Do you properly label all relevant assets, depending on their
classification?
Are the classification scheme and labeling procedures
properly communicated to all relevant parties?
Level
Dimension
Domain
Controls
5. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
37
Network
Configuration
Management
Do you maintain documented security configuration standards
for all authorized network devices?
Have you compared all network device configurations against
approved security configurations defined for each network
device in use, and do you alert when any deviations are
discovered?
Network
Infrastructure
Management
Have you associated active ports, services, and protocols to
the hardware assets in the asset inventory?
Do you perform automated port scans on a regular basis
against all systems and alert if unauthorized ports are detected
on a system?
Software Assets
Management
Have you utilized software inventory tools throughout the
organization to automate the documentation of all software on
business systems?
Is the software inventory system tied into the hardware asset
inventory so that all devices and associated software are
tracked from a single location?
Personnel
Security
Does your staff wear ID badges?
Are authorized access levels and type (employee, contractor,
visitor) identified on the Badge?
Physical Safety
and Security Is access to your computing area controlled (single point,
reception or security desk, sign-in/sign-out log,
temporary/visitor badges)?
Do you have an emergency evacuation plan and is it current?
Continuity Backup
Mechanisms
Do you store backups in a remote location?
Do you encrypt backups containing confidential information?
Business
Continuity &
Disaster
Recovery
Do you have an emergency/incident management
communications plan?
Do you have a current business continuity plan?
Capacity
Management
Do you have enough capacity to ensure that data availability
is maintained?
Do you either deny or restrict bandwidth for resource-hungry
services if these are not business critical?
Change
Management
Are the maintenance and copying of program source libraries
subject to strict change control?
Have you established a formal approval procedure for
proposed changes?
Continuous
Vulnerability
Management
Do you perform authenticated vulnerability scanning with
agents running locally on each system or with remote
scanners that are configured with elevated rights on the
system being tested?
Have you utilized a risk-rating process to prioritize the
remediation of discovered vulnerabilities?
Access and
Trust
Access
Management
Have you enabled firewall filtering between VLANs to ensure
that only authorized systems are able to communicate with
other systems necessary to fulfill their specific
responsibilities?
Have you implemented physical or logical access controls for
the isolation of sensitive applications, application data or
systems?
6. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
38
Account
Management
Do you automatically disable dormant accounts after a set
period of inactivity?
Do you maintain an inventory of each of the organization’s
authentication systems, including those located on-site or at a
remote service provider?
Communication Do you have documentation of the mapping of organizational
communication flows?
Do users acknowledge receipt of secret authentication
information?
External
Environment
Connections
Do your policies and procedures ensure the flexibility of your
organization by defining ways of adapting to changes in the
sector and the environment?
Have you established a good cooperation level with other
sectoral organizations (inter-organizational strategic ties)?
Password
Robustness and
Exposure
Does your log-on procedure avoid displaying a password
being entered?
Are your computers set up so that others cannot view staff
entering passwords?
Privileged
Account
Management
Do you identify the privileged access rights associated with
each system or process and the users to whom they need to be
allocated?
Do you log changes to privileged accounts?
Role Segregation Do you properly inform employees about his responsibilities
that remain valid after termination or change of employment?
Are access permissions and authorizations managed according
to the principles of least privilege and separation of duties?
Third-Party
Relationships
Have you formalized contractual relationships with partners
and suppliers regarding information security?
Do you identify and define the necessary requirements a third
party should have to be considered trusty?
Wireless Access
Management
Do you maintain an inventory of authorized wireless access
points connected to the wired network?
Have you created a separate wireless network for personal or
untrusted devices?
Operations Compliance
Review
Do you audit your processes and procedures for compliance
with established policies and standards?
Do you review and revise your security documents, such as:
policies, standards, procedures, and guidelines, on a regular
basis?
7. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
39
Documentation
Fulfillness
Do you have all the necessary policies and procedures
properly documented?
Do you have all the necessary records properly documented?
Efficient
Distinction of
Development,
Testing and
Operational
Environments
Do users have different user profiles for operational and
testing systems?
Do you maintain separate environments for production and
non-production systems?
Operating
Procedures
Do you specify the operational instructions of the installation
and configuration of systems?
Do you specify the operational instructions of the scheduling
requirements, including interdependencies with other systems,
earliest job start and latest job completion times?
Organizational
Culture and Top
Management
Support
Is your leadership actively and continuously involved in
information security planning?
Do you pursue the principle of efficiency in information
security - economy/cost optimization?
Risk Assessment Do you receive threat and vulnerability information from
information sharing forums and sources?
Is the organizational risk tolerance determined and clearly
expressed?
Defense Boundary
Defense
Do you maintain an up-to-date inventory of all of the
organization’s network boundaries?
Do you decrypt all encrypted network traffic at the boundary
proxy prior to analyze the content?
Cryptography Do you encrypt all data stored in cloud services?
Do you encrypt event files locally and in transit?
Email and Web
Browser
Resilience
What is the percentage from your total received emails that
are detected as spam?
What is the percentage of your SSL certificates that are
configured incorrectly?
Information
Security Policy
and Compliance
Have you properly broken-down information security policies
into sub-areas and orderly documented them?
Do your policies and procedures comply with relevant
regional legislation?
Malware Defense What percentage of your systems (workstations, laptops,
servers) are covered by antivirus/antispyware software?
Do you send all malware detection events to enterprise anti-
malware administration tools and event log servers for
analysis and alerting?
Security
Awareness and
Training Program
Do you perform a skills gap analysis to understand the skills
and behaviors workforce members are not adhering to, using
this information to build a baseline education roadmap?
Do you deliver training to address the skills gap identified to
positively impact workforce members' security behavior?
Security
Governance
Audit Logs
Management
Have you ensured that local logging has been enabled on all
systems and networking devices?
Do you protect logs from unauthorized alterations or deletion?
8. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
40
Incident
Response and
Management
What percentage of your security incidents cause service
interruption or reduced availability?
Do you have established processes to receive, analyze and
respond to vulnerabilities disclosed to the organization from
internal and external sources (e.g. internal testing, security
bulletins, or security researchers)?
Penetration Tests
and Red Team
Exercises
Have you tested that you gracefully handle denial of service
attempts (from compromised meters)?
Do you apply a qualified third-party security penetration
testing to test all hardware and software components prior to
live deployment?
Reporting
Mechanisms
Do you provide your employees with a channel in order to
report violations of information security policies or
procedures?
How much time does the organization take in order to respond
to a report?
Security
Management
Maturity
Are critical security tasks handled based on team decision-
making techniques?
Do you organize vertical and horizontal security meetings on
a regular basis?
Controls used by our evaluation methodology aim to assess whether specific security fields have
been taken into consideration and to what extend rather than measure the effectiveness and
efficiency of the actual policies and procedures in place. In other words, evaluate the
multidisciplinary approach towards information security and the depths in which is
organizationally reaching rather than the completeness of security technology solutions acquired
and utilizedby the enterprise under examination.
This approach is even more evident in the individual level where the beliefs, emotions, attitude,
and behavior of the employees is examined under various prisms using a variety of
psychological, behavioral, emotional and specialization assessments.
Table 2. Individual Level presenting indicative controls
Dimension Domain Indicative Controls
Attitude Employee Climate I believe that cyber criminals are more advanced than the
people who are supposed to be protecting us.
I worry that if I report a cyber-attack to the Police it might
damage the reputation of the company.
Employee Profiling Seniority
Enterprise role
Employee
Satisfaction
I am pleased with my organization’s approach towards
information security.
I am happy to conform with the security guidance offered
by our security experts.
Awareness Policies and
Procedures
Awareness
Are you aware of the organizations’ communication
flows?
Are you aware of the organization’s role in the supply
chain?
Roles and
Responsibilities
Awareness
Are you aware of all the devices and systems you are
responsible for?
Are you aware of all the external information systems
they come in contact with?
Behaviour Policies and
Procedures
Do you make sure your mobile devices are not left
exposed?
9. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
41
Compliance Do you efficiently protect mobile devices from physical
hazards?
Security Agent
Persona
What would you do if you saw a colleague not wearing
their security pass around the office?
What would you do if you overheard a discussion, which
you knew to be about some highly sensitive and
confidential information, being held in a corridor where
external visitors often pass through?
Security Behaviour How many of your security incidents stem from non-
secure behavior?
I get into the office wearing my security pass.
Competency Employee
Competency
Specific per organization and employee.
Security Skills
Evaluation
What is necessary for a person to turn a plain text
message into an encrypted message?
Which of the following events presents the greatest risk?
Training
Completion and
Scoring
My achievement score at the last security training
program I participated in was around.
How many self-security assessments do you normally
attempt per year?
4. DESIGNING THE SURVEY
Our goal was to design a survey that would be short and targeted to get the security pulse of
current business reality in the critical infrastructure domain. One of our major aims was to keep
the questionnaire small and easily addressed in a timely manner by a common employee with no
special security expertise or knowledge. This way, we could facilitate participation of a broader
workforce group lessening effort and prerequisites while maximizing result variation and
credibility. Towards that goal, we needed to formulate questions targeting specific security
factors bridging various security domains while smartly extracting information depicting the
existing working security routine and culture, their disruption by the COVID-19 crisis and their
reaction to these special and rather demanding circumstances.
On the other hand, taking into consideration the reported cyber-crime incidents along with the
fraud and attack techniques used by the criminals of the dark web during this period, we focused
our evaluation on specific dimensions related to network infrastructure, asset management,
business continuity, employee awareness, and attitude.
In the paragraphs to follow, we outline how starting from a detailed cyber-security culture
framework with more than 500 controls, we have narrowed down our objectives to a
questionnaire containing no more than 23 questions, depending on the provided answers. Table
3indexes the questions constituting the final version of our questionnaire including secondary
clarification questions presented based on provided participant input whereas Table 4correlates
each of the questions to specific cyber-security levels, dimensions, and domains of our model.
10. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
42
Table 3. Question indexing, including secondary clarification questions presented based
on provided input (asterisk annotated).
Q1 Prior to the COVID-
19 crisis, were you
able to work from
home?
Q9.2 How were you
informed how to use
them?
Q12.6 I am proud to work
for my organisation.
Q2.1 Did you receive any
security guidelines
from your employer
regarding working
from home?
Q10.1 Has your company
adopted a specific
collaboration
solution?
Q12.7 I have access to the
things I need to do
my job well.
Q2.2* Please describe the
main (2-3) security
guidelines provided.
Q10.2* What abilities does it
offer?
Q13 What is your age?
Q3 What kind of devices
are you using to
connect to your
corporate working
environment?
Q11.1 Did you face any of
the below cyber-
security related
threats during the
COVID-19 crisis?
Q14 What is the highest
degree or level of
school you have
completed?
Q4 Are these devices
accessed by users
other than yourself?
Q11.2* Please name any
other cyber-security
threats you
encountered during
this period, not listed
above.
Q15 Please select the
business domain of
the organisationyou
work for.
Q5 These devices are
personal or corporate
assets?
Q12.1 To what extent do
you agree with the
following
statements:
(during this specific
period of the
COVID-19 crisis)
I prefer working
from home than
going to the office.
Q16 Which of the
following best
describes your work
position?
Q6 Are these devices
managed by your
organisation?
Q12.2 I work more
productively from
home.
Q17 Comments
Q7 Which of the
following apply for
the devices you
currently use for your
working from home
employment?
(providing security
measures alternatives,
e.g. antivirus,
password protections)
Q12.3 I collaborate with
my colleagues as
effectively as when
we are in office.
Q8 How do you obtain
access to your
corporate working
environment?
Q12.4 I am satisfied by my
employer’s approach
to the crisis.
Q9.1 Were you asked to
use applications or
Q12.5 I have all the support
I need to face any
11. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
43
services that you
were unfamiliar with,
because of the need
for remote working?
technical problems I
have (e.g. corporate
access issues,
infrastructure
failures, etc.).
4.1. Organizational Level
Culture is defined as a set of shared attitudes, values, goals, and practices that define an
institution or organization. Consequently, cyber-security culture refers to the set of values,
conventions, practices, knowledge, beliefs and behaviors associated with information security.
Therefore, its skeleton is being outlined by the working environment along with the technological
infrastructure and security countermeasures that define it.
To understand, assess and detail the security cultural status of the critical infrastructure
organizations represented in our survey, we have included questions Q1-Q10 that heartbeat the
overall technological and security readiness and adaptability. Under the coronavirus prism, we
intended to understand if teleworking was an option prior to the crisis or not and under which
security policies. Thus, we have included queries polling the remote access procedures and their
meeting standards as well as the types, configuration and management of the devices used to gain
access to the corporate environments. In other words, we attempted to assess the way and the
means of the working from home experience with a clear focus on cyber-security.
Given that one of the most important shifts in the “everyday business” was the “home office”, we
clearly focused on the technological infrastructure used during this period. Preconfigured
workstations were substituted by remote assets, such as laptops, tablets, smartphones, which
gained access to the corporate network via different communication protocols and security
standards. We needed to evaluate this newly deployed working ecosystem and understand the
security precautions made by the participating enterprises.
Additionally, we intended to assess the security maturity of the management, the security
response team, and awareness training program by introducing several questions clearly related to
cyber-security familiarity and readiness. The most critical question of these category is the one
referring to security guidelines provided during the COVID-19 crisis seeking to match their
responsiveness and contemporality. Most of the leading cyber-security entities and experts during
the coronavirus pandemic have issued special security guidelines towards individuals and
organizations. Succeeding or failing to propagate similar guiding principles towards your
workforce during such confusing and challenging periods is a core security indicator.
Another business facet which was examined, although not directly related to information
security, was the collaboration possibilities offered to employees. Business trend and current
reality (including but not limited to COVID-19 crisis) lead to a “remote” or “hybrid” working
structure [23, 24]. Communication and teamwork need to be facilitated and promoted, especially
during this period when general isolation is mandated as the main defense against the virus
spread. Companies are expected to make provision for all means necessary to assist their
employees in being productive, effective and cooperative [25]. This notion and quality are being
tested via two simplified questions included in our survey.
4.2. Individual Level
Moving down to an individual level, evaluation becomes more demanding since virus fear and
emotional stress dominate every aspect of daily life directly or indirectly affecting the human-
12. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
44
related security factors. Questions Q11-Q12 attempt to probe the security behavior, attitude and
competency of the remote workers by examining their emotions, thoughts and beliefs and by
asking them to report any security incidents they came up against.
As Cisco CEO John Chambers stated in a January 2015 post for the World Economic Forum
titled “What does the Internet of Everything mean for security?”, “there are two types of
companies: those who have been hacked, and those who don’t yet know they have been hacked”.
Similarly, there are two types of technology users, those who understand the perils they face
every day, either successfully or not, and those who are simply unaware of the dangers they are
most probably already exposed to. Our question Q11 tries to examine this security familiarity and
awareness among the different seniority, age, expertise, background of the participants.
Question Q12 clearly traces the emotional and intellectual state of the remote workers by listing
several questions deriving from the Insider Threat theory according to which dissatisfaction,
stressful events and personality predispositions can transform a loyal employee to a malicious or
unintentional insider [26, 27].
Questions Q13-Q16 refer to generic information used for an individual profiling and
categorization which shall enable us to analyze gathered results under different prisms offering
various grouping possibilities and leading to possibly interesting findings on the basis of age,
industry, education, working experience and expertise. This enterprise profiling is also believed
to be closely related to security factors formulating fertile ground to a number of human-related
cyber-threats [28, 29, 30].
Table 4. Correlating questions to cyber-security culture framework
Organizational Level Individual Level
Assets
Continui
ty
Access
and
Trust
Operation
s
Defens
e
Securit
y
Govern
ance
Atti
tud
e
Awa
renes
s
Behavio
r
Com
pete
ncy
Q1
- Networ
k
Infrastr
ucture
Manage
ment
- Networ
k
Config
uration
Manage
ment
- Acces
s
Mana
gemen
t
- Extern
al
Envir
onme
nt
Conne
ctions
Q2.
1
Change
Manage
ment
Organizati
onal
Culture
and Top
Manageme
nt Support
Securit
y
Aware
ness
and
Trainin
g
Progra
m
Securit
y
Manage
ment
Maturit
y
Q2.
2*
Q3
Hardwar
e Assets
Manage
Access
Manage
ment
13. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
45
ment
Q4
Access
Manage
ment
- Policies
and
Procedu
res
Compli
ance
- Security
Behavio
r
Q5
- Hardwa
re
Assets
Manage
ment
- Informa
tion
Resour
ces
Manage
ment
- Data
Securi
ty and
Privac
y
- Acces
s
Mana
gemen
t
- Extern
al
Envir
onme
nt
Conne
ctions
Q6
- Hardwa
re
Assets
Manage
ment
- Softwar
e
Assets
Manage
ment
- Informa
tion
Resour
ces
Manage
ment
-Data
Security
and
Privacy
-Access
Manag
ement
-Extern
al
Enviro
nment
Conne
ctions
Q7
-Hardwa
re
Configu
ration
Manage
ment
-Informa
tion
Resourc
es
Manage
ment
-Data
Security
and
Privacy
Malwa
re
Defens
e
Polic
ies
and
Proce
dures
Awar
eness
- Policie
s and
Proced
ures
Compl
iance
- Securit
y
Behavi
or
- Securit
y
Agent
Person
a
14. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
46
Q8
- Networ
k
Infrastr
ucture
Manage
ment
- Networ
k
Config
uration
Manage
ment
- Acces
s
Mana
gemen
t
- Extern
al
Envir
onme
nt
Conne
ctions
Bound
ary
Defens
e
Q9.
1
- Busine
ss
Contin
uity &
Disaste
r
Recove
ry
- Chang
e
Manag
ement
Q9.
2
Commu
nication
Organizati
onal
Culture
and Top
Manageme
nt Support
Q10
.1 Operating
Procedures
Q10
.2*
Q11
.1
-Security
Behavio
r
-Security
Agent
Persona
Secu
rity
Skill
s
Eval
uatio
n
Q11
.2*
Q12
.1
Em
ploy
ee
Cli
mat
e
Q12
.2
Q12
.3
Q12
.4 Em
ploy
ee
Sati
sfac
tion
Q12
.5
Q12
.6
Q12
.7
Q13 Em
ploy
ee
Prof
ilin
g
Q14
Q15
Q16
15. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
47
The accruing questionnaire manages to combine the two security levels of our framework
effectively and efficiently. Additionally, its contents have been tailored to rapidly yet effectually
heartbeat the cyber-security reality during a disrupting chronological period, such as the COVID-
19 pandemic. This agile instrument, although offering a quick and fruitful measurement method
compared to similar concurrent surveys, it cannot be considered an in-depth information security
assessment. Furthermore, it should not be used to label participating organizations but only to
provide an overview of the AS-IS situation.
Having developed a first questionnaire version addressing the security elements of interest based
on our security culture framework, we carefully designed the rest of the survey methodology
including:
• validity testing: identify ambiguous questions or wording, unclear instructions, or other
problems before widespread dissemination possibly conducted by a group of survey
experts, experienced researchers and analysts, certified security and technology officers.
• delivery method: select the appropriate delivery method and possibly run an instrument
validity testing to verify survey conduction methodology.
• sample selection: carefully chose representatives from energy, transport, water, banking,
financial market, healthcare and digital infrastructure from different European countries
(e.g. Cyprus, France, Ger-many, Greece, Italy, Romania, Spain) affected by the COVID-19
crisis.
• survey duration: defining a specific start and end period communicated to all invited
parties.
Survey has been concluded and its results have been made available via a research data repository
[31]. Their analysis and interesting findings are currently under publication.
5. NEXT STEPS
Having performed this indicative(meaning non-restricted within the business limits of an
organization) pilot application of our cyber-security culture framework during a crisis period, we
now focus on conducting similar cyber-security culture assessment surveys to specific
organizations targeting different security domains and not only during the pandemic. We intend
to proceed with extended applications of our framework and conduct a comparative analysis on
the cyber-security differences among the various business domains possibly identifying
variations in needs, threats, attitude, awareness, and overall culture.
6. CONCLUSIONS AND FUTURE WORK
Our survey focuses on evaluating the security readiness and responsiveness of corporations
during the Great Shutdown and more specifically it shall be addressing critical infrastructure
domain representatives from different countries affected by the coronavirus.
Security cultural approach demands flexibility and concurrency. Corporations of the public and
private sector regardless of their specialization and expertise need to develop a digital workplace
strategy that includes collaboration applications, security controls, network management, and
digital technologies. They need to adjust their employment modes, business models,
communication, and marketing channels.
In a radically evolving and transforming environment, security and risk teams need to become
part of the crisis management group, remote working employees need to remain vigilant to cyber-
16. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
48
threats and operations life-cycle needs to remain uninterrupted especially for the operators of
essentials services. Our research aims to investigate if and to what extend is this approach
embraced by the critical infrastructure organizations in different countries nowadays while
revealing interesting findings related to cyber-security and inspiring further scientific research on
this field.
Since unfortunately COVID-19 crisis still holds, we now consider repeating our survey properly
adjusted and addressed to the same organizations involved in the first iteration, to understand if
their security culture status has differentiated and evolved via this crash-testing experience or if
the long-standing critical circumstances have negatively affected their attitude and behavior
towards information technology and security. We are also examining a similar tailor-made survey
focusing on other domains of interest possibly differentiating organizations of the public and
private sector and different financial or workforce dimensions.
ACKNOWLEDGMENT
This project has received funding from the European Union’s Horizon 2020 research and
innovation programme under grant agreement No 832907 [32].
REFERENCES
[1] T. P. Velavan and C. G. Meyer, “The COVID-19 epidemic,” Tropical Medicine and International
Health, vol. 25, no. 3, p. 278–280, 2020.
[2] D. S. Hui, E. I. Azhar, T. A. Madani, F. Ntoumi, R. Kock, O. Dar, G. Ippolito, T. D. Mchugh, Z. A.
Memish, C. Drosten, A. Zumla and E. Petersen, “The continuing 2019-nCoV epidemic threat of
novel coronaviruses to global health — The latest 2019 novel coronavirus outbreak in Wuhan,
China,” International Journal of Infectious Diseases, vol. 91, pp. 264-266, 2020.
[3] “WHO Director-General's opening remarks at the media briefing on COVID-19,” World Health
Organization (WHO), 2020.
[4] United Nations Development Programme, “Socio-economic impact of COVID-19 | UNDP,” 2020.
[Online]. Available: https://www.undp.org/content/undp/en/home/coronavirus/socio-economic-
impact-of-covid-19.html. [Accessed 07 07 07].
[5] M. Wolf, “The world economy is now collapsing,” Financial Times, 14 04 2020. [Online]. Available:
https://www.ft.com/content/d5f05b5c-7db8-11ea-8fdb-7ec06edeef84. [Accessed 01 07 2020].
[6] E. Talamàs, “The Great Shutdown: Challenges And Opportunities,” Forbes, 14 05 2020. [Online].
Available: https://www.forbes.com/sites/iese/2020/05/14/the-great-shutdown-challenges-and-
opportunities/#60eaf6e86f12. [Accessed 07 07 2020].
[7] G. Gopinath, “The Great Lockdown: Worst Economic Downturn Since the Great Depression,”
IMFBlog, 14 04 2020. [Online]. Available: https://blogs.imf.org/2020/04/14/the-great-lockdown-
worst-economic-downturn-since-the-great-depression/. [Accessed 07 07 2020].
[8] “ILO Monitor:COVID-19 and the world of work. Second edition,” International Labour Organization
(ILO), 2020.
[9] A. G. Blanco, “The impact of COVID-19 on the spread of cybercrime,” BBVA, 27 04 2020. [Online].
Available: https://www.bbva.com/en/the-impact-of-covid-19-on-the-spread-of-cybercrime/.
[Accessed 07 07 2020].
[10] “COVID-19 cyberthreats,” INTERPOL, 2020. [Online]. Available:
https://www.interpol.int/en/Crimes/Cybercrime/COVID-19-cyberthreats. [Accessed 07 07 2020].
[11] “Cybercriminals targeting critical healthcare institutions with ransomware,” INTERPOL, 04 04 2020.
[Online]. Available: https://www.interpol.int/en/News-and-Events/News/2020/Cybercriminals-
targeting-critical-healthcare-institutions-with-ransomware. [Accessed 07 07 2020].
[12] C. D. Robert Richardson, “CSI Computer Crime and Security Survey 2010/2011,” Computer Security
Institute (CSI), 2011.
[13] “2019 HIMSS Cybersecurity survey,” Healthcare Information and Management Systems Society,
2019.
17. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
49
[14] T. Menze, “The State Of Industrial Cybersecurity,” ARC Advisory Group, 2019.
[15] B. Filkins and D. Wylie, “SANS 2019 State of OT/ICS Cybersecurity Survey,” SANS™ Institute,
2019.
[16] “The future of cyber survey 2019,” Deloitte, 2019.
[17] “SMESEC - SMEs' Cybersecurity Watch,” SMESEC , [Online]. Available:
https://docs.google.com/forms/d/e/1FAIpQLSdLcZ_6LKFANf6oX2XlOf_4Q55yDGR7ZZKCus7md
4F1IsqvEQ/viewform. [Accessed 17 04 2020].
[18] Information Security Community, “Cybersecurity Trends Survey,” [Online]. Available:
https://www.surveymonkey.com/r/Cybersecurity-DR. [Accessed 17 04 2020].
[19] “COVID-19, Info Stealer & the Map of Threats – Threat Analysis Report,” Reason Labs, 09 03 2020.
[Online]. Available: https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-
threats-threat-analysis-report/. [Accessed 16 04 2020].
[20] “Home working: preparing your organisation and staff,” National Cyber Security Centre, 17 03 2020.
[Online]. Available: https://www.ncsc.gov.uk/guidance/home-working. [Accessed 17 04 2020].
[21] “Working From Home - COVID19 - ENISA,” ENISA - European Union Agency for Cybersecurity,
[Online]. Available: https://www.enisa.europa.eu/topics/WFH-COVID19?tab=details. [Accessed 17
04 2020].
[22] A. Georgiadou, S. Mouzakitis, K. Bounas and D. Askounis, “A Cyber-Security Culture Framework
for Assessing Organization Readiness,” Journal of Computer Information Systems, 2020.
[23] Tessian, “Securing the Future of Hydrid Working,” Tessian, 2020.
[24] “The 2020 State of Remote Work,” Buffer & AngelList, 2020.
[25] S. Shen, J. Sun, D. D. Wan, A. Gao, L. Mok and O. Chen, “Coronavirus (COVID-19) Outbreak:
Short- and Long-Term Actions for CIOs,” Gartner, 2020.
[26] D. Cappelli, A. Moore and R. Trzeciak, The CERT Guide to Insider Threats: How to Prevent, Detect,
and Respond to Information Technology Crimes (Theft, Sabotage, Fraud), Boston: Addison-Wesley
Professional, 2012.
[27] CERT Insider Threat Team, “Unintentional Insider Threats: A Foundational Study,” Software
Engineering Insitute, Pittsburgh, 2013.
[28] S. R. Band, D. Cappelli, L. F. Fischer, A. P. Moore, E. D. Shaw and R. F. Trzeciak, “Comparing
Insider IT Sabotage and Espionage: A Model-Based Analysis,” Software Engineering Institute,
Pittsburgh, 2006.
[29] M. Bishop, “Position: "insider" is relative,” in Proceedings of the 2005 Workshop on New Security
Paradigms, Lake Arrowhead, California, 2005.
[30] M. Bishop and C. Gates, “Defining the insider threat.,” in Proceedings of the 4th annual workshop on
Cyber security and information intelligence research: developing strategies to meet the cyber security
and information intelligence challenges ahead, Oak Ridge Tennessee USA, 2008.
[31] A. Georgiadou, S. Mouzakitis and D. Askounis, “Working from home during COVID-19 crisis – A
Cyber-Security Culture Assessment Survey,” Mendeley Data, Athens, 2020.
[32] “Energy Shield,” Energy Shield, 2019. [Online]. Available: https://energy-shield.eu/. [Accessed 25
03 2020].
18. International Journal of Network Security & Its Applications (IJNSA) Vol.13, No.1, January 2021
50
AUTHORS
Mrs. Anna Georgiadou is a research associate in the Management and Decision Support Systems
Laboratory in the School of Electrical and Computer Engineering at the National Technical University of
Athens (NTUA). She has been working as a senior engineer on operation and system support services for
major telecommunication providers, energy regulators, banking systems, and other critical national
infrastructures. She has recently become a Ph.D. candidate in the cyber-security field inspired by her active
participation in the HEDNO’s (Hellenic Electricity Distribution Network Operator) information security
management group. She is a certified database and network administrator, software developer, and data
analyst.
Dr. Spiros Mouzakitis is a senior research analyst for the National Technical University of Athens
(NTUA). He has 18 years of industry experience in the conception, analysis, and implementation of
information technology systems. His research is focused on decision analysis in the field of decision
support systems, risk management, Big Data Analytics, as well as optimization systems and algorithms,
and enterprise interoperability. He has published in numerous journals including Computer Standards &
Interfaces, International Journal of Electronic Commerce, Information Systems Management, and Lecture
Notes in Computer Science, and has presented his research at international conferences.
Dr. Dimitris Askounis is a Professor in the School of Electrical and Computer Engineering at the National
Technical University of Athens (NTUA). He has been involved in numerous IT research and innovation
projects funded by the EU since 1988 in the thematic areas of eBusiness interoperability, eGovernance,
data exploitation and management, decision support, knowledge and quality management, computer
integrated manufacturing, enterprise resource planning, etc. He teaches digital innovation management,
decision support, and management systems, and he is a member of scientific committees on innovation and
entrepreneurship competitions and incubators offered by International University networks, Financial
Institutions, etc. Dr. Askounis has published over 80 papers in scientific journals and international
conference proceedings.