“Bromancing” at Yad Vashem

Recently, as core technologies leading the fourth industrial revolution, such as the Internet of Things (IoT), 5G, the cloud, and big data, have promoted smart convergence across national socio-economic infrastructures, cyber systems are expanding and becoming complex, and they are not effective in responding to cyber safety risks and threats using security technology solutions limited to a single system. Therefore, we developed cyber security technology that combines machine learning and AI technology to solve complex problems related to cyber safety. In this regard, this study aims to identify technology development trends to prevent the risks and threats of various cyber systems by monitoring major cyber security convergence fields and technologies through the symmetrical thesis and patent analysis. Because thesis information can explain the superiority of technology and patent information can explain the usefulness of a technology, they can be effectively used for analyzing and predicting technology development trends. Therefore, in this study, latent Dirichlet allocation is applied to extract text-document-based technical topics for the symmetrical thesis and patent information to identify security convergence fields and technologies for cyber safety. In addition, it elucidates cyber security convergence fields and technology trends by applying a dynamic topic model and long short-term memory, which are useful for analyzing technological changes and predicting trends. Based on these results, cyber security administrators, system operators, and developers can effectively identify and respond to trends in related technologies to reduce threats, and companies and experts developing cyber security solutions can present a new security approach.

Cyber security is a basic need for every digital device such as computers, mobiles, networks, servers and electronic items. It protects digital devices from various malicious cyber-attacks or threats created over the Internet. In the digitized world, cyber security threats have been an emerging problem. In the current scenario the growth of digital devices is very high, and the risks of cyber security technologies (CST) are serious issues. These types of threats should be considered when choosing the best among cyber security technologies. For this purpose, we approach mathematically to determine the safest CST. In this paper, first we study CST and their risk factors. Then, Fermatean fuzzy sets (FFSs) are used to develop Fermatean fuzzy multi attribute border approximation area comparison (FF-MABAC) method. This method handles more uncertain decision-making problems by computing distance between each alternative and bordered approximation area (BAA). At the end of the paper, an application has been given to CST and their computing approaches are demonstrated numerically. Finally, a sensitivity analysis of results is conducted and direction for future research is provided.KeywordsCyber Security Technologies (CST)Risk assessmentFermatean fuzzy setsMabac modelMCDM

Building and running cyber security in both worlds, modern cloud security in combination with legacy on premises, introduces extra complexity. Some of the well-known security patterns and models are not applicable in cloud systems, while modern security models like zero trust (ZT) barely fit into legacy systems. Security technologies and tools are the subject of constant enhancements and adaptions to their environment. They can make security decisions on a very fine-grained basis. The corresponding rule sets and policies are becoming more and more decentralised, detailed and complex. Introducing modern security models such as ZT or micro-perimeter enforces the effect. The overall situation makes it hard for the responsible person to control the cyber security situation and the staff operating cyber security systems and technologies. Both are overwhelmed by the mass of fine-grained, fragmented and distributed security workloads. This paper introduces a practical model for security classifications in cyber security environments. The main goal of the model is to reduce complexity and keep cyber environments manageable. The model delivers not only a cyber risk classification regarding a single business application but works as an integrated view over risks for complete cyber environments.

The increasing number of cyber-attacks has become a serious threat to organizations, organizations that are not prepared to face cyber-attacks on their organizational resources will experience huge losses and reduce organizational performance. It is a big challenge for organizations to combat cyber-attacks by improving cyber security, but there is still little research examining the factors that affect an organization’s cyber security readiness from a holistic point of view. This study integrates a framework based on technology, organization, environment, and technology readiness to examine various factors that affect cyber security readiness in organizations, as well as their impact on organizational performance, where the impact is in the form of tangible and intangible benefits. This study proposes 4 hypotheses to test the framework that has been built. A total of 260 data have been validated from an online questionnaire survey given to organizations and companies. This study applied quantitative approach, while the main method used was SEM-PLS and the software involved was SmartPLS V2. The results of the study indicate that the overall hypotheses proposed have a significant impact, cyber security readiness and technology have a positive impact on organizational security performance, which in turn has an impact on the intangible benefits and tangible benefits. The results of this study can be used by organizations as a guide in improving cyber security to achieve superior performance in organizations and improve understanding of references related to cyber security in organizations. Meanwhile, this research has impact to the society because the good cooperation and good organization will be achieved. it also increases the social cooperation responsibility.

Information Technology (IT) security is an issue which cannot be wished away by organizations and particularly Small and Medium Enterprises (SMEs). SMEs should embrace IT security in order to realize the benefits of IT without compromising the IT security status. Much like any other business asset, information is an asset that needs to be strategically managed and protected. It is therefore imperative that SMEs understand the value of information contained within their business systems and have a framework for assessing and implementing IT security. To address challenges faced by SMEs especially in Kenya, this research establishes an Information Technology (IT) framework that can allow Kenyan SMEs implement cost effective security measures. Particularly this work considers IT security requirements and appropriate metrics. There is evidence from the research to suggest that despite having some IT security measures in place, Kenyan SMEs still face some serious IT security challenges. In the light of the challenges faced by Kenyan SMEs, this work recommends a framework which is supposed among other things provide metrics of evaluating the effectiveness of implemented security measures. The framework is likely to assist SME stakeholders measure the effectiveness of their security enhancing mechanisms.

Although cost-benefit analyses are an important aspect of information technology (IT) security (ITS) management, previous research focuses largely on the customer perspective and neglects the supplier side. However, since ensuring a high level of ITS in modern IT products is typically associated with a large investment, customers' willingness to pay is essential for decision making in the context of IT product development. We draw on Kano's theory of attractive quality to analyze how customers generally evaluate implemented ITS safeguards. Based on expert interviews and a large-scale empirical study involving customer company decision makers, this paper demonstrates that different customer evaluations of ITS safeguards are associated with different levels of willingness to pay. Therefore, our results will enable IT suppliers not only to understand their customers' ITS needs but also to derive optimal ITS strategies, which may provide both economic and competitive advantages. Further theoretical and practical implications are also discussed.

Information technology (IT) security, which is concerned about protecting the confidentiality, integrity and availability of information technology assets, inherently possesses a significant amount of risk, some known and some unknown. IT security risk management has gained considerable attention over the past decade due to the collapsing of some large organisations in the world. Previous investigative research in the field of IT security have indicated that despite the efforts that organisations employ to reduce IT security risks, the trend of IT security attacks are still increasing. One of the contributing factors to poor management of IT security risk is attributed to the fact that IT security risk management is often left to the technical security technologist who do not necessarily employ formal risk management tools and reasoning. For this reason, organisations find themselves in a position where they do not have the correct approach to identify, assess and treat IT security risks. Employing a formal risk based approach in managing IT security risk assist in ensuring that risks that matter to an organisation are accounted for and as a result, receive the correct level of attention. Defining an approach of how IT security risk is managed should be seen as a fundamental task, which is the basis of this research. The objective of this paper is to propose an approach for identifying, assessing and treating IT security risk which incorporates a robust risk analysis and assessment process. The risk analysis process aims to make use of a comprehensive IT security risk universe which caters for the complex and dynamic nature of IT security. The research will contribute to the field of IT security by using a consolidated approach that utilises coherent characteristics of the available qualitative risk management frameworks to provide a stronger approach that will enable organisations to treat IT security risk better.

Cyber security that also known as information technology security is to protect computers, mobile devices, servers, electronic systems and networks from malicious digital attacks. In recent years, cyber security threats have been a growing problem for any critical digital infrastructure and various cyber-attacks created over the Internet are also becoming a big issue for the society. Therefore, the use of technologies developed to provide cyber security is very important. However, the risks of cyber security technologies should be taken into account when choosing among cyber security technologies. For this aim, we have proposed a multi-criteria decision making (MCDM) methodology based on hesitant fuzzy sets (HFSs) that gives experts extra flexibility in using linguistic terms to evaluate the criteria and alternatives to determine the best cyber security technology. For this aim, a study has also been discussed which deals with risk factors in the selection of cyber security technologies via fuzzy MCDM process.

It is a well-known fact that the language of IT security experts differs from that of non-security-related people, leading to a multitude of problems. However, very little work has examined the differences in perception between security experts within a single security department or company. The sociological theory of power relations and organizational uncertainties by Croizer and Friedberg suggests that uncertainties about the narratives used in a department can lead to potentially harmful power relations and dissatisfied employees. We conducted a qualitative interview study within two distinct IT security companies in order to research the impact of diverging security narratives within security departments. Our results show that there is indeed an uncertainty about the term IT security. However, one company we interviewed regarded this uncertainty as highly beneficial for team creativity, communication, and mutual education, while the other, more technical-focused company showed few diversions within the security staff, but a possibly uniting conflict with the company’s IT department. Our results suggest that conscious shaping of a zone of uncertainty around the security narrative in the work context can be an important management skill for IT security practitioners. Furthermore, we show that the analysis of language uncertainties provides a powerful approach to studying the motivation of professional security groups.

SummarySo far, information security has been focusing mainly on how to improve security and safety technologies. As people are becoming connected with a larger amount of cyber equipment, however, the human aspect in cyber security and safety has gained more attention as an essential issue. In other words, both security and usability of ICT systems have recently become much more critical to achieve. Nevertheless, as everybody knows, security and usability have a trade‐off relationship. Even when a security technology offers a high security level for an ICT system, if it greatly degrades the usability, the security technology will not be used. However, it is not always true that we can never accept any difficulty or bother. If a security technology burdens a user but the user does not notice the burden or even enjoys it, there is no problem. How people feel is key. Against this background, my colleagues and I have been studying how to combine security technologies and human factors, specifically cognitive and psychological characteristics. We call the concept “humanics information security.” This paper describes our pilot studies and explains how our humanics information security approach can effectively achieve both security and usability for ICT systems.

Virginia has been consistently rated by various studies as the number one state for doing business in the United States. The industries of information technology and defense are among the major industries within Virginia. The global demand for cybersecurity technology is exploding. The project identifies the top ten foreign markets that offer the best opportunities for exports of cyber security goods, services and technologies by companies located in Virginia. In addition to providing a broad overview of the top ten markets, the study identifies and analyzes the five most promising markets in depth. The ten markets examined are presented in the order of the most promising. The first five contain the in depth assessments. These assessments focus on strategies for market access, including government procurement procedures, trade regulations, laws, market access restrictions, tenders, and business challenges.

Cyber security is one of the most important technological and political subjects in the world today, due to almost continuous revelations of incidents and breaches that cause economic damage to many institutions, states and users of electronic communications. To prevent these threats the cyber security technology in the last 20 years has started to rapidly change the scene of cybercrime. Cyber security technology is shaping the way that technology impacts on the business and the industry with components that provide more secure processing and work.Cyber security education is today becoming a new field of application treated in the literature as meta-science due to the interdisciplinarity where new educational approaches are applied with use of serious games. In this paper we are discussing the need for enhanced education and training of Cyber security professional and the general public due to the lack of these skills among the European work force. The latest reports about the role-playing-games in the training process of cyber security students have shown that this type of tool is especially well-suited for the training process in that area. The internet search and the review of various articles from cyber security domains have shown that there is a wide number of video games that teach cyber security principles, skills and basic knowledge. Video games used in the education and training are referred to be known as serious games (they usually offer some type of entertainment but their purpose is to enhance the learning of the trained subject). The undertaken analysis has shown that the education level of the games differs very much, as some of them are suitable just for children audience, teaching young children how to stay safe on internet, while the rest of the games are more demanding and are focused on obtaining the fundamental cyber security skills and knowledge. Our study presented in the paper has developed the parameters that enable the game evaluation in both aspects: the technical requirements (8 parameters) and the educational and learning capability (12 parameters).The study was carried out on a group of selected games (12) from each of the known classification of “group of five” (Capture the flag group, Firewall group, General group, The Network group and The Table Top group) developed by TULIPS (Technology Usability Lab in Privacy and Security (https://groups.inf.ed.ac.uk/tulips/)) that were available for play. The outcome results presented in the paper are providing good overview of the current offer. The evaluation has shown that despite some deficiency, the games in the area of cyber security are providing a good student training for both the general public, industry and businesses. With the results of evaluated games, we have been discussed at which educational level cyber security games should be embedded in order to satisfy the increased demand for cyber security skill labour force. However, it was also noticed that compared with other educational fields where serious games are successfully used, the field of cyber security was left behind as the offer is still very modest.

More than six decades since its inception, Artificial Intelligence (AI) stands at the cusp of a transformative shift. The global perspective on AI has evolved optimistically, as it increasingly permeates every facet of human life. AI is revolutionizing national security strategies and capabilities worldwide, but its impact on the Global South remains a topic of growing significance and concern. Every nation actively seeks to bolster internal security through AI-driven initiatives, including surveillance, cyber security, and autonomous technologies. This review paper delves into AI's role in analyzing vast datasets, uncovering patterns, and identifying security threats and challenges focusing specifically on the Global South. It considers the potential advantages AI offers in enhancing national security capabilities while addressing concerns surrounding its integration. Drawing from existing literature, it presents a comprehensive analysis of AI's prospective future in the cyber and national security domains within these nations. Ultimately, this paper aims to answer whether AI serves as a facilitator in strengthening internal security or poses unforeseen challenges and raises the importance of capacity-building, technology transfer, and international cooperation. It provides valuable insights into the evolving landscape of AI in the context of national security in the Global South.

Nuclear Power Plant Instrumentation and Control System(NPP I&C) which is used to operate safely is changing from analog technology to digital technology. Ever since NPP Centrifuge of Iran Bushehr was shut down by Stuxnet attack in 2010, the possibility of cyber attacks against the NPP has been increasin g. However, the domestic and international regulatory guideline s that was published to strengthen the cyber security of the NPP I&C describes security requirements and method s to establish policies and procedures. These guidelines are not appropriate for the development of real applicable cyber security technology . Therefore, specialized cyber security technologies for the NPP I&C need to be developed to enhance the security of nuclear power plants. This paper proposes a cyber security technology d evelopment system which is exclusively for the development of nuclear technology. Furthermore, this method has been applied t o the ESF-CCS developed by The KINCS R&D project.Keywords: CyberSecurity, Digital Instrumentation & Control System, Logic al, Logical Architecture, Threat접수일(2013년 11월 19일), 수정일(2014년 4월 3일), 게재확정일(2014년 4월 16일)* 본 연구는 2013년도 산업통상자원부의 재원으로 한국에너지기술평가원(KETEP)의 지원을 받아 수행한 연구과제입니다. (No. 20121510100030)

The increasing significance of information technology (IT) security to firms is evident from their growing IT security budgets. Firms rely on security technologies such as firewalls and intrusion detection systems (IDSs) to manage IT security risks. Although the literature on the technical aspects of IT security is proliferating, a debate exists in the IT security community about the value of these technologies. In this paper, we seek to assess the value of IDSs in a firm’s IT security architecture. We find that the IDS configuration, represented by detection (true positive) and false alarm (false positive) rates, determines whether a firm realizes a positive or negative value from the IDS. Specifically, we show that a firm realizes a positive value from an IDS only when the detection rate is higher than a critical value, which is determined by the hacker’s benefit and cost parameters. When the firm realizes a positive (negative) value, the IDS deters (sustains) hackers. However, irrespective of whether the firm realizes a positive or negative value from the IDS, the IDS enables the firm to better target its investigation of users, while keeping the detection rate the same. Our results suggest that the positive value of an IDS results not from improved detection per se, but from an increased deterrence enabled by improved detection. Finally, we show that the firm realizes a strictly nonnegative value if the firm configures the IDS optimally based on the hacking environment.