Washington Okori,Sarah Buteraba

DOI: https://doi.org/10.32996/jcsts.2024.6.4.10

2024-10-05

Journal of Computer Science and Technology Studies

Abstract:This study examined the risks faced by telecommunication companies due to cyber-attacks and threats to their critical information infrastructure. It suggests control measures to avert the vulnerabilities of such infrastructure to cyber attackers. Critical information infrastructure is important to the companies as a revenue enabler and reputation identifier. However, the infrastructure, if not well protected, can be a national security threat, affect the national economy, and disrupt societal integration and business globally. Cyber security is the protection of internet-connected systems, including hardware, software, people, and data, from cyber-attacks. Its threat exploits the increased complexity and connectivity of critical infrastructure systems. The identification of the critical information infrastructure was done through document analysis and discussion with the network technical teams. The infrastructure systems, such as devices, servers, data, database, firewall, and network, were identified in this study as vulnerable to attack. This study suggests a framework to support timely intrusion detection and for the protection of critical information infrastructure. To secure and safeguard the critical information infrastructure from inherent vulnerabilities, it is recommended that continuous monitoring of the critical infrastructure attack gates should be made part of the overall risk management of a telecommunication company, and innovations in cyber security detection and prevention should be harnessed.

Bright Ojo,Justine Chilenovu Ogborigbo,Maureen Oluchukwuamaka Okafor

DOI: https://doi.org/10.30574/wjarr.2024.22.3.1921

2024-06-30

World Journal of Advanced Research and Reviews

Abstract:Critical infrastructure must withstand cyber and physical assaults in today's interconnected world. This study explores innovative strategies to shield these systems from cyber-physical threats. As networks become more connected, cyberattacks grow more sophisticated, making it imperative to safeguard sectors like transportation, energy, water, and information. The paper analyzes the present and future threat landscape, identifying vulnerabilities within critical infrastructures and proposing targeted mitigation strategies to enhance security. The research leverages AI and machine learning to develop detection tools that identify and predict cyber-physical attacks, enhancing response times and preventive measures. Additionally, resilience engineering and architecture are crucial in fortifying infrastructure, enabling it to withstand and recover from attacks while maintaining essential functions. The study also reviews legislation and policies surrounding infrastructure protection, pinpointing shortcomings and recommending improvements to bolster national security. Effective countermeasures against cyber-physical threats require collaboration and information sharing among government bodies, industry stakeholders, and educational institutions. These partnerships facilitate the exchange of knowledge, best practices, and tools to address threats efficiently. Furthermore, the paper highlights the importance of training programs that equip professionals with skills to integrate cyber and physical security defenses. Exploring the integration of blockchain, IoT, and autonomous technologies could further enhance the resilience of critical systems. These technologies foster secure communications and automated responses to incidents. Lastly, community awareness initiatives play a vital role in preparing for and mitigating cyber-physical attacks, ensuring that public readiness and resilience are maintained. This comprehensive approach aims to fortify critical infrastructure against evolving cyber threats, ensuring continuous operation and security.

Aristotle Onumo,Irfan Ullah-Awan,Andrea Cullen

DOI: https://doi.org/10.1145/3424282

2021-06-01

ACM Transactions on Management Information Systems

Abstract:The increase in cybersecurity threats and the challenges for organisations to protect their information technology assets has made adherence to organisational security control processes and procedures a critical issue that needs to be adequately addressed. Drawing insight from organisational theory literature, we develop a multi-theory model, combining the elements of the theory of planned behaviour, competing value framework, and technology—organisational and environmental theory to examine how the organisational mechanisms interact with espoused cultural values and employee cognitive belief to influence cybersecurity control procedures. Using a structured questionnaire, we deployed structural equation modelling (SEM) to analyse the survey data obtained from public sector information technology organisations in Nigeria to test the hypothesis on the relationship of socio-organisational mechanisms and techno-cultural factors with other key determinants of employee security behaviour. The results showed that knowledge of cybersecurity and employee cognitive belief significantly influence the employees’ intentions to comply with organisational cybersecurity control mechanisms. The research further noted that the influence of organisational elements such as leadership on employee security behaviour is mediated by espoused cultural values while the impact of employee cognitive belief is moderated by security technologies. For effective cybersecurity compliance, leaders and policymakers are therefore to promote organisational security initiatives that ensure incorporation of cybersecurity principles and practices into job descriptions, routines, and processes. This study contributes to behavioural security research by highlighting the critical role of leadership and cultural values in fostering organisational adherence to prescribed security control mechanisms.

Muhammad Muzamil Aslam,Ali Tufail,Ki-Hyung Kim,Rosyzie Anna Awg Haji Mohd Apong,Muhammad Taqi Raza

DOI: https://doi.org/10.3390/s23187999

IF: 3.9

2023-09-21

Sensors

Abstract:In recent years, the Internet of Things (IoT) has had a big impact on both industry and academia. Its profound impact is particularly felt in the industrial sector, where the Industrial Internet of Things (IIoT), also known as Industry 4.0, is revolutionizing manufacturing and production through the fusion of cutting-edge technologies and network-embedded sensing devices. The IIoT revolutionizes several industries, including crucial ones such as oil and gas, water purification and distribution, energy, and chemicals, by integrating information technology (IT) with industrial control and automation systems. Water, a vital resource for life, is a symbol of the advancement of technology, yet knowledge of potential cyberattacks and their catastrophic effects on water treatment facilities is still insufficient. Even seemingly insignificant errors can have serious consequences, such as aberrant pH values or fluctuations in the concentration of hydrochloric acid (HCI) in water, which can result in fatalities or serious diseases. The water purification and distribution industry has been the target of numerous hostile cyber security attacks, some of which have been identified, revealed, and documented in this paper. Our goal is to understand the range of security threats that are present in this industry. Through the lens of IIoT, the survey provides a technical investigation that covers attack models, actual cases of cyber intrusions in the water sector, a range of security difficulties encountered, and preventative security solutions. We also explore upcoming perspectives, illuminating the predicted advancements and orientations in this dynamic subject. For industrial practitioners and aspiring scholars alike, our work is a useful, enlightening, and current resource. We want to promote a thorough grasp of the cybersecurity landscape in the water industry by combining key insights and igniting group efforts toward a safe and dependable digital future.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Joshua Nterful,Ibrahim Osman Adam,Muftawu Dzang Alhassan,Abdallah Abdul-Salam,Abubakar Gbambegu Umar

DOI: https://doi.org/10.1108/ics-11-2022-0174

2024-03-01

Information and Computer Security

Abstract:Purpose This paper aims to identify the critical success factors in improving information security in Ghanaian firms. Design/methodology/approach Through an exploratory study of both public and private Ghanaian organizations. The study relied on a research model based on the technology–organization–environment (TOE) framework and a survey instrument to collect data from 525 employees. The data was analyzed using partial least squares-structural equation modeling (PLS-SEM). Findings The findings confirm the role of the technological, organizational and environmental contexts as significant determinants in the implementation of information security in Ghanaian organizations. Results from PLS-SEM analysis demonstrated a positive correlation between the technology component of information security initiative, organization's internal efforts toward its acceptance and a successful implementation of information security in Ghanaian firms. Top management support and fund allocation among others will result in positive information security initiatives and positive attitudes toward securing the organization's information assets. Research limitations/implications The authors discussed the implications of the authors' findings for research, practice and policy. Social implications The results of this study will be useful for both governmental and non-governmental organizations in terms of best practices for increasing information security. Results from this study will aid organizations in developing countries to better understand their information security needs and identify the necessary procedures to address them. Originality/value This study contributes to filling the knowledge gap in organizational information security research and the TOE framework. Despite the TOE framework being one of the most influential theories in contemporary research of information system domains in an organizational context, there is not enough research linking the domains of information security and the TOE model.

Victor Kasonde,Christopher Chembe

DOI: https://doi.org/10.33260/zictjournal.v5i1.92

2021-06-07

Zambia ICT Journal

Abstract:The purpose of this study was to assess the best practices in the implementation of the data centres in Zambia. For this reason, a total of 120 respondents were randomly selected from various institutions to participate in the study. The results shows that the impact of new hardware technologies on the infrastructure of the data center facility in Zambia will result in speedy access to data. The results also shows that the location of the Data Centre can be a critical design considerations and best practices in the site selection and design of data center in Zambia. It was observed that availability of power and also security can be a critical design considerations and best practices in the site selection and design of data center in Zambia. In addition, the study showed that human capital is the most common cost elements associated with different levels of data center reliability and fault tolerance in Zambia among others. Based on these recognitions, the following recommendations were made: that deliberate measures should be put in place to acquire new hardware technologies for the data center facility in Zambia to ensure speedy access to data. It was further recommended that in trying to design new data centers, the selection of the location should be a critical consideration. Furthermore, it was revealed that the management of data center facility in Zambia should also be organized through capacity building.

Ankur Shukla,Basel Katt,Livinus Obiora Nweke,Prosper Kandabongee Yeng,Goitom Kahsay Weldehawaryat

DOI: https://doi.org/10.1016/j.cosrev.2022.100496

2022-07-29

Abstract:System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.

Cryptography and Security,Software Engineering

Papa Kobina Orleans-Bosomtwe

2024-07-24

Abstract:Critical infrastructure refers to essential physical and cyber systems vital to the functioning and stability of societies and economies. These systems include key sectors such as healthcare, energy, and water supply, which are crucial for societal and economic stability and are increasingly becoming prime targets for malicious actors, including state-sponsored hackers, seeking to disrupt national security and economic stability. This paper reviews literature on critical infrastructure security, focusing on penetration testing and exploit development. It explores four main questions: the characteristics of critical infrastructure, the role and challenges of penetration testing, methodologies of exploit development, and the contribution of these practices to security and resilience. The findings of this paper reveal inherent vulnerabilities in critical infrastructure and sophisticated threats posed by cyber adversaries. Penetration testing is highlighted as a vital tool for identifying and addressing security weaknesses, allowing organizations to fortify their defenses. Additionally, understanding exploit development helps anticipate and mitigate potential threats, leading to more robust security measures. The review underscores the necessity of continuous and proactive security assessments, advocating for integrating penetration testing and exploit development into regular security protocols. By doing so, organizations can preemptively identify and mitigate risks, enhancing the overall resilience of critical infrastructure. The paper concludes by emphasizing the need for ongoing research and collaboration between the public and private sectors to develop innovative solutions for the evolving cyber threat landscape. This comprehensive review aims to provide a foundational understanding of critical infrastructure security and guide future research and practices.

Cryptography and Security

Aaron Zimba,George Mukupa,Victoria Chama

DOI: https://doi.org/10.48550/arXiv.2212.13721

2022-12-28

Abstract:The number of registered SIM cards and active mobile phone subscribers in Zambia in 2020 surpassed the population of the country. This clearly shows that mobile phones in Zambia have become part of everyday life easing not only the way people communicate but also the way people perform financial transactions owing to the integration of mobile phone systems with financial payment systems. This development has not come without a cost. Cyberattackers, using various social engineering techniques have jumped onto the bandwagon to defraud unsuspecting users. Considering the aforesaid, this paper presents a high-order analytical approach towards mobile phone-based social engineering cyberattacks (phishing, SMishing, and Vishing) in Zambia which seek to defraud benign victims. This paper presents a baseline study to reiterate the problem at hand. Furthermore, we devise an attack model and an evaluation framework and ascertain the most prevalent types of attack. We also present a logistic regression analysis in the results section to conclude the most prevalent mobile phone-based type of social engineering attack. Based on the artifacts and observed insights, we suggest recommendations to mitigate these emergent social engineering cyberattacks.

Cryptography and Security

Hewa Balisane,,Ehigiator Egho-Promise,Emmanuel Lyada,Folayo Aina,Abimbola Sangodoyin,Halima Kure,,,,,

DOI: https://doi.org/10.26562/irjcs.2024.v1106.03

2024-06-30

International Research Journal of Computer Science

Abstract:The rapidly evolving landscape of cyber threats necessitates robust and adaptable strategies to safeguard networking. This study explores the development and evaluation of a comprehensive framework for threat mitigation, integrating advanced methodologies from cybersecurity, risk management, and threat intelligence. Leveraging a mixed-methods approach, including surveys and secondary data analysis, the research assesses current practices and identifies critical gaps in existing frameworks. The proposed multi-layered defense mechanism incorporates proactive and reactive measures, aligning real-time threat intelligence with sophisticated incident response strategies. Key components such as anomaly detection systems, employee training, and continuous security audits are highlighted as essential elements of the framework. Through extensive validation, including empirical tests and case studies, the framework demonstrates its efficacy in enhancing organizational resilience against complex cyber threats. The findings provide valuable insights into the practical application of integrated cybersecurity measures, offering a scalable and flexible solution tailored to the dynamic nature of digital security challenges. This study addresses the critical need for an adaptable and holistic approach to threat mitigation, contributing to the field of cybersecurity with actionable strategies for managing and mitigating digital threats

Hao Wang,Nathan Lau,Ryan M Gerdes

DOI: https://doi.org/10.1177/0018720818769250

Abstract:Objective: The aim of this study was to apply work domain analysis for cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems. Background: Adoption of information and communication technology in cyberphysical systems (CPSs) for critical infrastructures enables automated and distributed control but introduces cybersecurity risk. Many CPSs employ SCADA industrial control systems that have become the target of cyberattacks, which inflict physical damage without use of force. Given that absolute security is not feasible for complex systems, cyberintrusions that introduce unanticipated events will occur; a proper response will in turn require human adaptive ability. Therefore, analysis techniques that can support security assessment and human factors engineering are invaluable for defending CPSs. Method: We conducted work domain analysis using the abstraction hierarchy (AH) to model a generic SCADA implementation to identify the functional structures and means-ends relations. We then adopted a case study approach examining the Stuxnet cyberattack by developing and integrating AHs for the uranium enrichment process, SCADA implementation, and malware to investigate the interactions between the three aspects of cybersecurity in CPSs. Results: The AHs for modeling a generic SCADA implementation and studying the Stuxnet cyberattack are useful for mapping attack vectors, identifying deficiencies in security processes and features, and evaluating proposed security solutions with respect to system objectives. Conclusion: Work domain analysis is an effective analytical method for studying cybersecurity of CPSs for critical infrastructures in a psychologically relevant manner. Application: Work domain analysis should be applied to assess cybersecurity risk and inform engineering and user interface design.

Uchenna D Ani,Jeremy D McK Watson,Nilufer Tuptuk,Steve Hailes,Madeline Carr,Carsten Maple

DOI: https://doi.org/10.48550/arXiv.2208.07965

2022-08-16

Cryptography and Security

Abstract:The UK Critical National Infrastructure is critically dependent on digital technologies that provide communications, monitoring, control, and decision-support functionalities. Digital technologies are progressively enhancing efficiency, reliability, and availability of infrastructure, and enabling new benefits not previously available. These benefits can introduce vulnerabilities through the connectivity enabled by the digital systems, thus, making it easier for would-be attackers, who frequently use socio-technical approaches, exploiting humans-in-the-loop to break in and sabotage an organization. Therefore, policies and strategies that minimize and manage risks must include an understanding of operator and corporate behaviors, as well as technical elements and the interfaces between them and humans. Better security via socio-technical security Modelling and Simulation can be achieved if backed by government effort, including appropriate policy interventions. Government, through its departments and agencies, can contribute by sign-posting and shaping the decision-making environment concerning cybersecurity M&S approaches and tools, showing how they can contribute to enhancing security in Modern Critical Infrastructure Systems.

Henry Matey Akwetey,Paul Danquah,Godfred Yaw Koi-Akrofi

DOI: https://doi.org/10.48550/arXiv.2202.01778

2022-02-01

Cryptography and Security

Abstract:The increasing critical dependencies on Internetof-Things (IoT) have raised security concerns; its application on the critical infrastructures (CIs) for power generation has come under massive cyber-attack over the years. Prior research efforts to understand cybersecurity from Cyber Situational Awareness (CSA) perspective fail to critically consider the various Cyber Situational Awareness (CSA) security vulnerabilities from a human behavioural perspective in line with the CI. This study evaluates CSA elements to predict cyber-attacks in the power generation sector. Data for this research article was collected from IPPs using the survey method. The analysis method was employed through Partial Least Squares Structural Equation Modeling (PLS-SEM) to assess the proposed model. The results revealed negative effects on people and cyber-attack, but significant in predicting cyber-attacks. The study also indicated that information handling is significant and positively influences cyber-attack. The study also reveals no mediation effect between the association of People and Attack and Information and Attack. It could result from an effective cyber security control implemented by the IPPs. Finally, the study also shows no sign of network infrastructure cyber-attack predictions. The reasons could be because managers of IPPs had adequate access policies and security measures in place.

Pius Ewoh,Tero Vartiainen

DOI: https://doi.org/10.2196/46904

2024-05-31

Abstract:Background: Health care organizations worldwide are faced with an increasing number of cyberattacks and threats to their critical infrastructure. These cyberattacks cause significant data breaches in digital health information systems, which threaten patient safety and privacy. Objective: From a sociotechnical perspective, this paper explores why digital health care systems are vulnerable to cyberattacks and provides sociotechnical solutions through a systematic literature review (SLR). Methods: An SLR using the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) was conducted by searching 6 databases (PubMed, Web of Science, ScienceDirect, Scopus, Institute of Electrical and Electronics Engineers, and Springer) and a journal (Management Information Systems Quarterly) for articles published between 2012 and 2022 and indexed using the following keywords: "(cybersecurity OR cybercrime OR ransomware) AND (healthcare) OR (cybersecurity in healthcare)." Reports, review articles, and industry white papers that focused on cybersecurity and health care challenges and solutions were included. Only articles published in English were selected for the review. Results: In total, 5 themes were identified: human error, lack of investment, complex network-connected end-point devices, old legacy systems, and technology advancement (digitalization). We also found that knowledge applications for solving vulnerabilities in health care systems between 2012 to 2022 were inconsistent. Conclusions: This SLR provides a clear understanding of why health care systems are vulnerable to cyberattacks and proposes interventions from a new sociotechnical perspective. These solutions can serve as a guide for health care organizations in their efforts to prevent breaches and address vulnerabilities. To bridge the gap, we recommend that health care organizations, in partnership with educational institutions, develop and implement a cybersecurity curriculum for health care and intelligence information sharing through collaborations; training; awareness campaigns; and knowledge application areas such as secure design processes, phase-out of legacy systems, and improved investment. Additional studies are needed to create a sociotechnical framework that will support cybersecurity in health care systems and connect technology, people, and processes in an integrated manner.

Georgios Michail Makrakis,Constantinos Kolias,Georgios Kambourakis,Craig Rieger,Jacob Benjamin

DOI: https://doi.org/10.48550/arXiv.2109.03945

2021-09-08

Cryptography and Security

Abstract:Critical infrastructures (CI) and industrial organizations aggressively move towards integrating elements of modern Information Technology (IT) into their monolithic Operational Technology (OT) architectures. Yet, as OT systems progressively become more and more interconnected, they silently have turned into alluring targets for diverse groups of adversaries. Meanwhile, the inherent complexity of these systems, along with their advanced-in-age nature, prevents defenders from fully applying contemporary security controls in a timely manner. Forsooth, the combination of these hindering factors has led to some of the most severe cybersecurity incidents of the past years. This work contributes a full-fledged and up-to-date survey of the most prominent threats against Industrial Control Systems (ICS) along with the communication protocols and devices adopted in these environments. Our study highlights that threats against CI follow an upward spiral due to the mushrooming of commodity tools and techniques that can facilitate either the early or late stages of attacks. Furthermore, our survey exposes that existing vulnerabilities in the design and implementation of several of the OT-specific network protocols may easily grant adversaries the ability to decisively impact physical processes. We provide a categorization of such threats and the corresponding vulnerabilities based on various criteria. As far as we are aware, this is the first time an exhaustive and detailed survey of this kind is attempted.

Audecious Mugwagwa,Ernest Bhero,Colin Chibaya

DOI: https://doi.org/10.20525/ijrbs.v13i4.3308

2024-06-11

International Journal of Research in Business and Social Science (2147-4478)

Abstract:Technological development has witnessed tremendous and an increase in business interactions as they execute their daily business. Information technology and broadband are significant drivers of productivity and efficiency growth for small firms as they expand their market. This development has raised growing concerns as it relates to data and information security, infrastructure, and related resources due to an increase in cybersecurity hazards faced by Small to Medium Enterprises globally. In South Africa, although, during the first four months of 2022, cyber-attacks decreased by 13% to account for 419506 internet attacks, this statistic remains high enough for concern. To counter escalating cybersecurity risks, organizations must have a cybersecurity strategy to safeguard their operations, clients, data, and infrastructure. The threat landscape is changing over time, and despite ongoing attempts to strengthen security, they don't appear to be enough to prevent evolving cyberattacks. The study aims to identify cybersecurity threats facing Small to Medium Enterprises in South Africa by reviewing the literature and identifying key Cybersecurity challenges. It also examines the strategies, resources, and techniques used in South Africa to reduce cybersecurity threats. Lastly, the paper recommends adopting a comprehensive Cybersecurity strategy to build future-proof cybersecurity for Small to Medium Enterprises in South Africa.

Fatai Adeshina Adelani,Tosin Michael Olatunde,Johnson Sunday Oliha

DOI: https://doi.org/10.53294/ijfetr.2024.6.2.0029

2024-04-30

International Journal of Frontiers in Engineering and Technology Research

Abstract:This review paper examines the theoretical perspectives on cybersecurity challenges facing critical water infrastructure, with a focus on comparative insights from Africa and the United States. By exploring foundational theories of risk management, resilience, and deterrence, the paper delineates how these concepts are applied and adapted to address the cybersecurity needs of critical water systems within the distinct contexts of the two regions. The analysis identifies common challenges such as malware attacks, system vulnerabilities, human factors, and how regional differences influence technological infrastructure, regulatory environments, and cyber threat landscapes. Through a comparative analysis, the paper highlights lessons learned and best practices from both regions, emphasizing the importance of capacity building, comprehensive risk management, and the role of public-private partnerships. The paper concludes with a call for future research to develop adaptable theoretical models that address different regions' unique cybersecurity challenges, underlining theoretical understanding's critical role in enhancing the global resilience of critical water infrastructure against cyber threats.

Angelo Corallo,Mariangela Lazoi,Marianna Lezzi,Angela Luperto

DOI: https://doi.org/10.1016/j.compind.2022.103614

IF: 10

2022-05-01

Computers in Industry

Abstract:Cybersecurity is one of the main challenges faced by companies in the context of the Industrial Internet of Things (IIoT), in which a number of smart devices associated with machines, computers and people are networked and communicate with each other. In this connected industrial scenario, personnel need to be aware of cybersecurity issues in order to prevent or minimise the occurrence of cybersecurity incidents and corporate data breaches, and thus to make companies resilient to cyber-attacks. In addition, the recent increase in smart working due to the COVID-19 pandemic means that the need for cybersecurity awareness is more relevant than ever. In this study, we carry out a systematic literature review in order to analyse how the existing state of the art deals with cybersecurity awareness in the context of IIoT, and to provide a comprehensive overview of this topic. Four areas of analysis are considered: (i) definitions of the concepts of cybersecurity awareness and information security awareness, with keyword extrapolation (e.g. cybersecurity control level, information and responsibility); (ii) the industrial context of the analysed studies (e.g. manufacturing, critical infrastructure); (iii) the techniques adopted to raise company awareness of cybersecurity (e.g. serious games, online questionnaires); and (iv) the main benefits of a large-scale campaign of cybersecurity awareness (e.g. the effectiveness of employees in terms of managing cybersecurity issues, identification of cyber-attacks). Practitioners and researchers can benefit from our analysis of the features of each area in their future research and applications.

computer science, interdisciplinary applications

Uchenna D Ani,Jeremy D McK. Watson,Jason R.C. Nurse,Al Cook,Carsten Maple

DOI: https://doi.org/10.48550/arXiv.1904.01551

2019-04-03

Abstract:As new technologies such as the Internet of Things (IoT) are integrated into Critical National Infrastructures (CNI), new cybersecurity threats emerge that require specific security solutions. Approaches used for analysis include the modelling and simulation of critical infrastructure systems using attributes, functionalities, operations, and behaviours to support various security analysis viewpoints, recognising and appropriately managing associated security risks. With several critical infrastructure protection approaches available, the question of how to effectively model the complex behaviour of interconnected CNI elements and to configure their protection as a system-of-systems remains a challenge. Using a systematic review approach, existing critical infrastructure protection approaches (tools and techniques) are examined to determine their suitability given trends like IoT, and effective security modelling and analysis issues. It is found that empirical-based, agent-based, system dynamics-based, and network-based modelling are more commonly applied than economic-based and equation-based techniques, and empirical-based modelling is the most widely used. The energy and transportation critical infrastructure sectors reflect the most responsive sectors, and no one Critical Infrastructure Protection (CIP) approach - tool, technique, methodology or framework -- provides a fit-for-all capacity for all-round attribute modelling and simulation of security risks. Typically, deciding factors for CIP choices to adopt are often dominated by trade-offs between complexity of use and popularity of approach, as well as between specificity and generality of application in sectors.

Cryptography and Security,Networking and Internet Architecture,Systems and Control

Steve Goliath,Pitso Tsibolane,Dirk Snyman

2024-11-06

Abstract:Cyberattacks frequently target higher educational institutions, making cybersecurity awareness and resilience critical for students. However, limited research exists on cybersecurity awareness, attitudes, and resilience among students in higher education. This study addresses this gap using the Theory of Planned Behavior as a theoretical framework. A modified Human Aspects of Information Security Questionnaire was employed to gather 266 valid responses from undergraduate and postgraduate students at a South African higher education institution. Key dimensions of cybersecurity awareness and behavior, including password management, email usage, social media practices, and mobile device security, were assessed. A significant disparity in cybersecurity awareness and practices, with postgraduate students demonstrating superior performance across several dimensions was noted. This research postulates the existence of a Cybersecurity-Education Inflection Point during the transition to postgraduate studies, coined as the Cybersecurity-Resilience Gap. These concepts provide a foundation for developing targeted cybersecurity education initiatives in higher education, particularly highlighting the need for earlier intervention at the undergraduate level.

Cryptography and Security