Security Leaders Research Articles

Authentication Methods Selection in Information Security through Hybrid AHP and EGT

The information security leader frequently encounters the challenge of choosing the appropriate defence strategy. Effective multi-criteria decision-making (MCDM) is essential in the field of information security for determining the optimal strategies that involve more than one party. To address this challenge, we propose a hybrid model that combines the strengths of the Analytic Hierarchy Process (AHP) with Evolutionary Game Theory (EGT). The hybrid model helps the information security leader assess the criteria for security controls and make the optimal decisions to protect the organization's data. Initially, the AHP is utilized to assess the criteria of information security control. Subsequently, the priority of the alternatives is established through evaluating these criteria. Furthermore, we will construct a defence-attack circumstance using the EGT framework, which involves formulating strategies and determining payoffs for both the information security leaders and attackers involved. We utilize the replicator dynamic to examine the process of evolution in the game, resulting in the determination of the optimal strategy. A case study is conducted to determine the optimal strategy for information security leaders and attackers. The result indicates that the best defence strategy is password protection, followed by token-based and biometric-based protections. On the other hand, the optimal strategy for attackers is no attack, followed by attack and moderate attack. This study contributes to the multi-criteria decision-making (MCDM) problem’s solving by considering the dynamic aspect between both defender and attacker in the context of information security.

The impact of succession planning strategy for security leaders in achieving professional professionalism: Exploratory research at Defense University for military studies

The impact of succession planning strategy for security leaders in achieving professional professionalism: Exploratory research at Defense University for military studies

Secure Leader–Follower Formation Control of Networked Mobile Robots Under Replay Attacks

Secure Leader–Follower Formation Control of Networked Mobile Robots Under Replay Attacks

Advancing Cyber Resilience: Bridging the Divide Between Cyber Security and Cyber Defense

The field of cyber security is characterized by its diverse range of techniques, tools, and concepts, and it is closely interconnected with the security of information and operational technology. The distinguishing characteristic of cyber security is in the adoption of offensive information technology strategies with the intention of achieving adversarial objectives. Nevertheless, the broad and unrestricted utilization of the word "cyber security," frequently used interchangeably with information security or IT security, has the potential to create misunderstandings among both consumers and professionals in the security field. The merging of these disciplines obscures important differences between them, notwithstanding their interconnectedness. This paper advocates for a significant suggestion aimed at security leaders: to limit the usage of the word "cyber security" to refer specifically to security practices that are closely intertwined with and dependent on information technology and operational technology environments and systems, solely for defensive objectives. In the context of computer network security, cyber defense plays a crucial role as a mechanism that addresses adversary acts, protects key infrastructure, and ensures information assurance for a wide range of enterprises, government agencies, and interconnected networks [3]. This study primarily examines the interplay between cyber security and cyber defense, emphasizing the development of the notion of cyber resilience. This paper presents a new conceptual framework for understanding cyber resilience, shedding light on the complex interplay between these several domains. Furthermore, in this model, the authors critically examine the tactics and measures necessary to enhance the resilience of cyber security and cyber defense in the face of escalating cyber threats. The article examines CRRT and MACS history, purpose, and future directions. At EU level, through the policy of innovation there is opportunity for more robust resilience and joint defense against ever-changing landscape of threat.

Exploring the practicalities and quality of pentesting at scale : Globally, pentest coverage is increasing but remains insufficient

Over the course of the last two years, we have seen cybercrime increase during the COVID-19 pandemic and beyond. But despite this increase, most organisations do not do enough pentesting to combat cyberattacks. This paper explores the practicalities and quality of pentesting at scale to help organisations understand the importance of implementing a pentesting programme. Too often, development, security and operations work in silos. Organisations must work together to create a cohesive partnership. As an industry, we must decide that we want to fix things, and then we have to do it. It is not going to be easy, but it is simple. We need to work together — security practitioners and engineers — to collaboratively decide that it is important enough to get asset inventory right. Organisations must decide that it is important enough to update their software, install patches when software is vulnerable and implement a pentest programme. Security leaders must decide to look for the vulnerabilities that are exploitable and find them and fix them.

Application and Importance of Cyber Security in Military Service: A Literature Review

Cybersecurity includes a vast variety of practices, gear, and concepts related closely to those of records and operational generation (OT) safety. Cybersecurity is specific in its inclusion of the offensive use of records era to assault adversaries. Use of the term “cybersecurity” as a key task and a synonym for records safety or IT safety confuses clients and security practitioners and obscures essential variations between those disciplines. The recommendation for security leaders is that they ought to use the time period “cybersecurity” to designate the most effective security practices associated with the protective actions related to or relying upon information era and/or OT environments and systems. Within this paper, we are aiming to provide an explanation for “cybersecurity” and describe the relationships among cybersecurity, facts security, OT security, IT security, and different associated disciplines and practices, e.g. Cyber defense, related to their implementation aligned with the planned or present cybersecurity strategy on the national level. In this case, observe the given example of The National Cybersecurity Strategy of the Republic of Croatia, and an Action plan is provided and elaborated. The Strategy's primary objective is to apprehend organizational problems in its implementation and increase the knowledge of the significance of this difficulty inside the society

The impact of strategic agility in exploiting core capabilities An Exploratory Study for Opinions of Security Leaders in Salah al-Din Police Directorate and Facilities

هدفت البحث الى بيان أثر خفة الحركة الاستراتيجية في استغلال القدرات الجوهرية لمجموعة من القيادات الأمنية في مديرية شرطة صلاح الدين والمنشآت، كما تهدف البحث الى تعريف عينة البحث بموضوعات (خفة الحركة الاستراتيجية، القدرات الجوهرية) وكيفية الاستفادة منها في عملية التخطيط الاستراتيجي للمديرية عينة البحث. ولتحقيق هدف البحث قام الباحث بتقديم إطار منهجي للدراسة وأطار نظري شامل بالاعتماد على أحدث المصادر التي تناولت المتغيرات، وإطار ميداني لتحليل واختبار فرضيات البحث، من خلال الاعتماد على استمارة الاستبانة كأداة أساسية لجمع البيانات من الميدان المبحوث، واعتماد المنهج الوصفي التحليلي الذي يحاول الباحث من خلاله وصف الظاهرة موضوع البحث، لهذا اعتمد الباحث في البحث أسلوب الحصر الشامل في تحديد حجم العينة، فقد تطلب ذلك دراسة اراء القيادات الأمنية من رتبة (العقيد، العميد، اللواء) في المستويات الإدارية العليا في مديرية شرطة صلاح الدين والمنشآت، وعليه ومن اجل إمكانية تعميم نتائج البحث قام الباحث بتوزيع (85) استمارة، استرجع منها (79) صالحة للتحليل، واستخدم الباحث برنامج الحزمة الإحصائية (SPSS) لوصف وتشخيص متغيرات البحث واختبار فرضياتها. وتوصلت البحث الى مجموعة من الاستنتاجات كان أهمها: تبين من خلال نتائج الجانب الميداني وجود علاقة ارتباط بين خفة الحركة الاستراتيجية واستغلال القدرات الجوهرية في الميدان المبحوث، لتشير هذه النتائج إلى أن استغلال القدرات الجوهرية يعتمد بشكل جيد على ابعاد خفة الحركة الاستراتيجية، أي تشير هذه العلاقات إلى أنه كلما زاد توجه قادة المديرية نحو تبني خفة الحركة الاستراتيجية كلما ساهم ذلك في تطوير القدرات الجوهرية. وقدمت البحث مجموعة من المقترحات كان أهمها تهيئة الظروف الملائمة والمناسبة والاهتمام بأداء المورد البشري وتحفيزه لكي يقدم كل ما لديه من قدرات ومهارات وابداعات وابتكارات فكرية وفنية.

COVID-19 Restrictions In Jails And Prisons: Perspectives From Carceral Leaders.

COVID-19 has been an unprecedented challenge in carceral facilities. As COVID-19 outbreaks spread in the US in early 2020, many jails, prisons, juvenile detention centers, and other carceral facilities undertook infection control measures such as increased quarantine and reduced outside visitation. However, the implementation of these decisions varied widely across facilities and jurisdictions. We explored how carceral decision makers grappled with ethically fraught public health challenges during the pandemic. We conducted semistructured interviews during May-October 2021 with thirty-two medical and security leaders from a diverse array of US jails and prisons. Although some facilities had existing detailed outbreak plans, most plans were inadequate for a rapidly evolving pandemic such as COVID-19. Frequently, this caused facilities to enact improvised containment plans. Quarantine and isolation were rapidly adopted across facilities in response to COVID-19, but in an inconsistent manner. Decision makers generally approached quarantine and isolation protocols as a logistical challenge, rather than an ethical one. Although they recognized the hardships imposed on incarcerated people, they generally saw the measures as justified. Comprehensive outbreak control guidelines for pandemic diseases in carceral facilities are urgently needed to ensure that future responses are more equitable and effective.

Cyber Security and Cyber Defense: Challenges and Building of Cyber Resilience Conceptual Model

Cyber security encompasses a broad range of practices, tools and concepts related closely to those of information and operational technology security. Cyber security is distinctive in its inclusion of the offensive use of information technology to attack adversaries. Use of the term cyber security as a key challenge and a synonym for information security or IT security misleads customers and security practitioners and obscures critical differences between these disciplines. Recommendation for security leaders is that they should use the term cyber security to designate only security practices related to the defensive actions involving or relying upon information technology and/or operational technology environments and systems. Cyber defense is a computer network defense mechanism which includes response to actions and critical infrastructure protection and information assurance for organizations, government entities and other possible networks [3]. In this paper, we investigate how cyber security and cyber defense may lead to cyber resilience with the novel model of cyber resilience designed and presented. Furthermore, within the same model authors investigate actions for cyber security and cyber defense in conditions of increasing challenge of cyber-attacks and the limited capabilities to respond to this threat describing the process of creation, performance and future of EU Cyber Rapid Response Teams (abbr. CRRT) and Mutual Assistance in Cyber Security, introducing novel approach to cyber security and cyber defense at the EU level.

Police Leadership Training: Effective Policies and Methods

Modern security institutions face important issues related to police leadership training and contemporary security challenges. The scope and context of training programs in security institutions must be evaluated to develop effective policies and methods for training security leaders. The International Police Science Association (IPSA) aims to support effective training approaches and other aspects of effective policing by supporting and sharing international scientific efforts in police science.

CYBER SECURITY

Cybersecurity encompasses a broad range of practices, tools and concepts related closely to those of information and operational technology (OT) security. Cybersecurity is distinctive in its inclusion of the offensive use of information technology to attack adversaries. Use of the term “cybersecurity” as a key challenge and a synonym for information security or IT security confuses customers and security practitioners, and obscures critical differences between these disciplines. Recommendation for security leaders is that they should use the term “cybersecurity” to designate only security practices related to the defensive actions involving or relying upon information technology and/or OT environments and systems. Within this paper, we are aiming to explain “cybersecurity” and describe the relationships among cybersecurity, information security, OT security, IT security, and other related disciplines and practices, e.g. cyber defence, related to their implementation aligned with the planned or existing cybersecurity strategy at the national level. In the case study given example of The National Cybersecurity Strategy of the Republic of Croatia and Action plan is presented and elaborated. The Strategy's primary objective is to recognize organizational problems in its implementation and broaden the understanding of the importance of this issue in the society.

An integrated approach of designing functionality with security for distributed cyber-physical systems.

In this work, we propose a multi-tier architectural model to separate functionality and security concerns for distributed cyber-physical systems. On the line of distributed computing, such systems require the identification of leaders for distribution of work, aggregation of results, etc. Further, we propose a fault-tolerant leader election algorithm that can independently elect the functionality and security leaders. The proposed election algorithm identifies a list of potential leader capable nodes to reduce the leader election overhead. It keeps identifying the highest potential node as the leader, whenever needed, including the situation when one has failed. We also explain the proposed architecture and its management method through a case study. Further, we perform several experiments to evaluate the system performance. The experimental results show that the proposed architectural model improves the system performance in terms of latency, average response time, and the number of real-time tasks completed within the deadline.

Proposition 187 and the Travel Ban: Addressing Economy, Security, and White Christian Nationalism in U.S. Christian Communities

The ideology of white Christian nationalism has become increasingly visible in the United States. This ideology intersects with public debate over immigration, posing a threat both to immigrants’ well-being and to American ideals of democracy. This essay considers how religious leaders in primarily white Christian communities addressed two historical moments related to immigration in the U.S.: Proposition 187 in California, and the “travel ban” instituted by the Trump administration in 2017. Christian leaders who supported Prop 187 and the ban, and those who opposed the two policies, tended to talk past each other when they discussed the issue of immigration and these specific policies. Pro-187 leaders used rhetoric of economic damage and pro-ban leaders used rhetoric of national security, whereas anti-187 and anti-ban leaders used rhetoric of hospitality and nondiscrimination. Christian leaders who opposed these policies attempted to apply the moral teachings of their religious tradition, but ethicists and religious leaders who wish to fully engage in conversation about immigration in the U.S. should incorporate discussion of economic and security concerns into their consideration of hospitality, in order both to address anxieties and to pull the veil back on racial and religious discrimination that hides behind these anxieties.

Trauma-informed hospital security: a policy for intimate partner violence in a pediatric healthcare setting

Background: Increasing numbers of providers are adopting “trauma-informed approaches” in patient care models to address intimate partner violence (IPV), but most hospitals’ security policies and practices do not incorporate trauma-informed approaches. Pre-existing security culture and differing approaches to trauma-informed care necessitate policy-level interventions. To support the physical and emotional safety of IPV survivors within the hospital environment, the security leaders at our tertiary-care, inner-city pediatric hospital expressed the need for a trauma-informed IPV security policy.

Staying one step ahead of your adversaries: How to build a cyber threat intelligence team capable of delivering business value

From enabling security teams to effectively respond to incidents to ensuring security investments are targeted on real-world risk, when effectively implemented, a cyber threat intelligence (CTI) team can deliver value against a broad range of operational and strategic requirements. While many organisations recognise the value CTI can provide, delivering on that value proposition is often more difficult. CTI is a data-driven process; however, building an effective CTI capability requires far more than effective data collection and exploitation. This paper contends that for many organisations the challenge in realising value from their CTI team is not a data problem, it is a communication problem. To address this challenge, security leaders need to look beyond the traditional intelligence life cycle and a consider a number of organisational factors which, taken together, provide a firm foundation to enable a CTI team to effectively communicate and influence stakeholders across the organisation. Specifically, security leaders should position the team strategically, populate that team with a diverse blend of skills, provide a clear direction and purpose, and implement a robust communication and influencing strategy. Together these measures improve the ability of the organisation to realise business value from CTI.

The human variable: Designing a security strategy for a future in flux

The hybrid workforce is no longer a concept, it is a reality. But as employees embrace new working environments and flow in and out of the office, this hybrid approach poses a unique challenge for security leaders. This paper explores how organisations will need to create a security strategy rooted in the variability of the hybrid workforce — one that meets employees where they are and helps them learn the role they play in securing this new model. This strategy is rooted in three key principles: adopt a zero-trust approach, personalise data protection and bolster hands-on, robust training. Readers can expect to learn what it really takes to put this approach into practice — and what threats and roadblocks they should anticipate along the way.

Invisible while visible: an Australian perspective on queer women leaders in international affairs

In among the silencing and invisibility of their stories, queer women operate as critical leaders in international affairs. They face multiple marginalisations: (1) challenging the archetypical diplomat or security leader as a heteronormative (white) male; and (2) operating in different cultural contexts with varying negative attitudes towards women in power and homosexuality in general. Providing both empirical and theoretical contributions to the fields of diplomacy, feminist and queer theory, this article gains unique access to Australian lesbian, gay, bisexual, trans and gender diverse, and intersex diplomats and attachés to understand: what are the experiences of queer woman leaders in international affairs?

Adapt to the daily operations of campus security in the wake of COVID‐19

The COVID‐19 pandemic has upended the normal routines of colleges and universities across the nation. Campus security departments are no exception. With fewer people on campus, their responsibilities have changed but not lessened. Campus security leaders must also consider the health threats posed to their own staff as they make assignments and monitor the unfolding pandemic.

Security Challenges of Formulating, Implementing, and Enforcing Parental/Youth Escort Policies in Shopping Malls

This paper draws on data and evidence from a premises security lawsuit to illustrate the security challenges of formulating, implementing, and enforcing parental/youth escort policies in shopping malls. While there is some diversity in terms of content and implementation, parental/youth escort policies typically require teenagers under a specific age to be accompanied by an adult if they are on shopping mall property past a certain hour. Over the last several decades, parental/youth escort policies have proliferated as shopping malls increasingly confront violent incidents, teenage disturbances, and criminal activity. The paper describes the security problems faced by shopping malls as places of unstructured socializing for teenagers; and discusses the limitations and conflicts associated with implementing a parental/youth escort policy. A major goal of this paper is to show how extant criminological research can serve as a valuable tool in helping security leaders and practitioners fulfill their roles in creating, maintaining, and assessing security programs.

Accelerating Action in Global Health Security: Global Biosecurity Dialogue as a Model for Advancing the Global Health Security Agenda.

Biosecurity and biosafety measures are designed to mitigate intentional and accidental biological risks that pose potentially catastrophic consequences to a country's health system, security, and political and economic stability. Unfortunately, biosecurity and biosafety are often under-prioritized nationally, regionally, and globally. Security leaders often deemphasize accidental and deliberate biological threats relative to other challenges to peace and security. Given emerging biological risks, including those associated with rapid technological advances and terrorist and state interest in weapons of mass destruction, biosecurity deserves stronger emphasis in health and security fora. The Global Biosecurity Dialogue (GBD) was initiated to align national and regional donor initiatives toward a common set of measurable targets. The GBD was launched by the Nuclear Threat Initiative (NTI), with support from Global Affairs Canada's Weapons Threat Reduction Program and the Open Philanthropy Project, and in coordination with the government of The Netherlands as the 2018-19 Chair of the Global Health Security Agenda (GHSA) Action Package Prevent-3 (APP3) on Biosafety and Biosecurity. The GBD provides a multisectoral forum for sharing models, enabling new actions to achieve biosecurity-related targets, and promoting biosecurity as an integral component of health security. The GBD has contributed to new national and continent-wide actions, including the African Union and Africa Centres for Disease Control and Prevention's new regional Initiative to Strengthen Biosafety and Biosecurity in Africa. Here we present the GBD as a model for catalyzing action within APP3. We describe how the benefits of this approach could expand to other GHSA Action Packages and international health security initiatives.