Attitudes toward, and awareness of, online privacy and security: a quantitative comparison of East Africa and U.S. internet users

Ruhwanya, Zainab Said

January 1900

Master of Science / Computing and Information Sciences / Eugene Vasserman / The increase in penetration of Internet technology throughout the world is bringing an increasing volume of user information online, and developing countries such as those of East Africa are included as contributors and consumers of this voluminous information. While we have seen concerns from other parts of the world regarding user privacy and security, very little is known of East African Internet users’ concern with their online information exposure. The aim of this study is to compare Internet user awareness and concerns regarding online privacy and security between East Africa (EA) and the United States (U.S.) and to determine any common attitudes and differences. The study followed a quantitative research approach, with the EA population sampled from the Open University of Tanzania, an open and distance-learning university in East Africa, and the U.S. population sampled from Kansas State University, a public university in the U.S. Online questionnaires were used as survey instruments. The results show no significant difference in awareness of online privacy between Internet users from East Africa and the U.S. There is however, significant difference in concerns about online privacy, which differ with the type of information shared. Moreover, the results have shown that the U.S. Internet users are more aware of online privacy concerns, and more likely to have taken measure to protect their online privacy and conceal their online presence, than the East African Internet users. This study has also shown that East Africans Internet users are more likely to be victims of online identity theft, security issues and reputation damage.

Privacy

Security

Data protection and privacy law

Online Privacy

Cyber security

Internet

Computer Science (0984)

Information Technology (0489)

Sub-Saharan Africa Studies (0639)

SPICE: A Software Tool for Studying End-user’s Insecure Cyber Behavior and Personality-traits

Tamrakar, Anjila

10 August 2016

Insecure cyber behavior of end users may expose their computers to cyber-attack. A first step to improve their cyber behavior is to identify their tendency toward insecure cyber behavior. Unfortunately, not much work has been done in this area. In particular, the relationship between end users cyber behavior and their personality traits is much less explored. This paper presents a comprehensive review of a newly developed, easily configurable, and flexible software SPICE for psychologist and cognitive scientists to study personality traits and insecure cyber behavior of end users. The software utilizes well-established cognitive methods (such as dot-probe) to identify number of personality traits, and further allows researchers to design and conduct experiments and detailed quantitative study on the cyber behavior of end users. The software collects fine-grained data on users for analysis.

Cognitive Psychology

Computer and Systems Architecture

Experimental Analysis of Behavior

Science and Technology Studies

Weaponized malware, physical damage, zero casualties – what informal norms are emerging in targeted state sponsored cyber-attacks? : The dynamics beyond causation: an interpretivist-constructivist analysis of the US media discourse regarding offensive cyber operations and cyber weapons between 2010 and 2020

Sallinen, Margarita

January 2021

In 2010, the discovery of the malicious computer worm Stuxnet shocked the world by its sophistication and unpredictability. Stuxnet was deemed as the world’s first cyber weapon and started discussions concerning offensive cyber operations – often called “cyber warfare” – globally. Due to Stuxnet, rapid digitalisation and evolving technology, it became vital for decision makers in the US to consider formal norms such as laws, agreements, and policy decisions regarding cyber security. Yet, to obtain a holistic understanding of cyber security, this thesis uses constructivism as its theoretical framework to understand changing informal norms and social factors including the ideas and morals of the US society regarding offensive cyber operations. This thesis critically analyses the discourse of three of the largest US newspapers by circulation: the New York Times, the Washington Post and The Wall Street Journal. A significant shift was discovered in the US media’s publications and in informal norms regarding offensive cyber operations and the use of cyber weapons in just one decade, by comparing the discourses relating to Stuxnet in 2010 and the US presidential election in 2020. This thesis concludes that it is equally important to consider ideas and morals when researching a technical field such as cyber security by arguing that informal norms guide the choices actors make when developing formal norms at the international level. The findings of this thesis are intended to provoke a normative, urgent, and focused discussion about cyber security. The findings are also intended to shift attention to how language is used in discussions about the cyber sphere, offensive cyber operations and cyber weapons as components of the traditional battlefield.

constructivism

critical discourse analysis

cyber operations

cyber security

cyber warfare

cyber weapons

interpretivism

informal norms

media

war studies

Other Social Sciences

Annan samhällsvetenskap

Data tampering in Vehicle CAN Bus networks

Arapantonis, Elpidoforos

January 2019

The paradigm of the automotive industry has changed, over the course of the last10-15 years. Electronics and software, have introduced in many dierents parts ofa vehicle and the drive-by-wire it is taking over the vehicle functions. Connectivityfunctionalities are increasing in the context of the automotive industry as well. Allthe aforementioned parts have more than one common link. This thesis project willfocus on one of these links, which is the security. The focus will be the CAN busprotocol and specically, on investigating the implications of an adversary havingphysical access in a vehicle. An experiment will be contucted as part of this thesiswork, by using open source hardware (Arduino and Raspberry Pi) and a Man-inthe-middle (MITM) attack scenario, will be implemented. The application, whichwill perform the MITM attack (small scale CAN bus fuzzer) will be developedduring this project and it will be distributed as an open source software afterwards.

Automotive Cyber Security

CAN bus vulnerabilities

Raspberry Pi

Arduino

Instrument Cluster

Annan elektroteknik och elektronik

Návrh zavedení bezpečnostních opatření v souladu s ISMS pro obchodní společnost / Design of security countermeasures implementation in accordance with ISMS for business company

Dočekal, Petr

January 2018

The master’s thesis focuses on area of security countermeasures in accordance with information security management system. Presents basic theoretical background of information and cyber security and describes a current state in the company. The thesis’s output is the design of security countermeasures implementation which contribute to information security in the company.

Budování bezpečnostního povědomí na fakultě podnikatelské / Building security awareness at the Faculty of Business and Management

Volfová, Jana

January 2021

This diploma thesis is focused on Security Awareness Education at the Faculty of Business and Management. It consists of three main parts: theoretical, analytical and practical considerations. The theoretical part is the introduction to basic terms, processes and analysis to help understand the thesis. The analytical part includes an introduction to the chosen organization and the implementation of analysis, which were presented in the theoretical part. The practical part contains, among other things, the actual proposals for Security Awareness Education at the faculty and its benefits.

[en] AUTOMATION OF MEASUREMENT AND DATA SAFETY IN SMART GRID: STUDY OF THE BRAZILIAN EXPERIENCE / [pt] AUTOMAÇÃO DA MEDIÇÃO E SEGURANÇA DE DADOS EM REDES INTELIGENTES: ESTUDO DA EXPERIÊNCIA BRASILEIRA

08 November 2021

[pt] Indutoras de inovação, as redes inteligentes de energia (smart grid) têm promovido mudanças significativas nos processos de fornecimento e controle de energia elétrica. Diante das oportunidades e desafios de incorporação da tecnologia de smart grid em suas práticas operacionais, as concessionárias de energia elétrica ficam expostas a novos riscos de segurança relacionados às suas necessidades de comunicação, automação de sistemas, introdução de novas tecnologias e tratamento de dados. O presente trabalho tem por objetivo mostrar que tais riscos podem ser minimizados pela adoção de recomendações normativas específicas. Objetiva, também, analisar parâmetros relacionados à segurança da informação na implantação da infraestrutura de medição inteligente no smart grid, assim contribuindo para a reflexão e produção de conhecimento na área. A experiência brasileira foi identificada a partir de uma pesquisa realizada junto a concessionárias inovadoras de energia elétrica que, tendo percebido a importância estratégica de adoção da tecnologia de redes inteligentes, já adotaram medidas estratégicas para a sua implantação. A pesquisa desenvolveu-se no contexto de cinco grandes vertentes de análise: contexto geral, segurança e vulnerabilidade da informação, impactos e aderência às normas aplicáveis. No Brasil, a motivação para o uso das redes inteligentes volta-se à confiabilidade do sistema elétrico nacional e ao combate às perdas não técnicas, refletindo compromisso com a melhoria da qualidade do serviço prestado ao consumidor final. Dentre os resultados do trabalho destacam o recenseamento da legislação aplicável e, à luz de iniciativas bem sucedidas de outros países em smart grid, o diagnóstico da experiência brasileira. Como conclusão, o trabalho (i) produz evidências de que as redes inteligentes contribuem para a redução de custos operacionais e perdas não técnicas e (ii) sinaliza para a necessidade de se intensificar a pesquisa sobre redes inteligentes como alternativa eficaz de superação da vulnerabilidade de acesso à informação imposta pelos medidores eletrônicos. / [en] Inducing innovation, the smart grids have promoted significant changes in electrical energy s supply and control processes. Given the opportunities and challenges for incorporating smart grid technology in their operating practices, the electrical utilities are exposed to new security risks related to their needs of communication, systems automation, new technologies introduction and data processing. This paper aims to show that these risks can be minimized by the adoption of specific policy recommendations. Also aims in analyzing parameters related to information security on the deployment of smart metering infrastructure on smart grids, this way contributing on reflection and knowledge production in the area. The Brazilian experience was idenified from a survey of innovative electrical utilities that, having realized the strategic importance of adoption of smart grid technology, were early adopters of strategic measures for its implementation. The research was developed in the context of five main pillars of analysis: general context, security and information vulnerability, impacts and adherence to applied standards. In Brazil, the motivation for the use of smart grids back to the national electrical system reliability and mitigation of non-technical losses, reflecting commitment to improve quality of service provided to the end consumer. Among the results of the survey it is highlighted the revision of legislation and, considering successful smart grid initiatives in other countries, the diagnosis of the Brazilian experience. In conclusion, the work (i) produces evidence that smart grids help reduce operating costs and non-technical losses and (ii) indicates the need to intensify research on smart grids as an effective alternative to overcome the vulnerability of access to information imposed by electronic meters.

[pt] REGULACAO

[pt] CYBER SEGURANCA

[pt] MEDICAO INTELIGENTE

[pt] REDES INTELIGENTES

[pt] NORMAS

[pt] SETOR ELETRICO

[pt] METROLOGIA

[en] REGULATION

[en] CYBER SECURITY

[en] SMART GRIDS

[en] RULES

[en] ELECTRICAL SECTOR

[en] METROLOGY

Blockchain on Data Security : An interpretive approach on Cyber Security Professionals’ perceptions

Gkougkaras, Vasileios

January 2021

This Master’s Thesis main purpose is to identify the perceptions of Cyber Security Professionals on Blockchain Technology and whether it could potentially become a substitutefor the current data security systems or not. A literature review was initially performed in order to explore previous related research on the field of Cyber Security, its infrastructure andthe main aspects of Blockchain Technology.Qualitative research was conducted in regards to the participants’ perceptions. Morespecifically, individual interviews were held with each one of the participants all of whom are professionals in the field of Cyber Security. Five different themes emerged from theinterviews which were performed by asking open-ended questions and holding a dialogue with the participants. Those themes start with (1) their opinions on current data security infrastructure and methods. Following that theme a half hour presentation on basic blockchain operations and applications were held in order to identify their (2) current understanding onblockchain. (3) Discussions were held in regards to blockchain’s scalability and sustainability,followed by (4) the security of Blockchains. In the end the (5) fifth and final theme covered the main purpose of this master’s thesis which is whether blockchain can be implemented asan alternate technology on data privacy and security.This Master’s Thesis contributes to the current knowledge on Blockchain within the field ofinformatics by providing the perceptions of Cyber Security Professionals in regards to its operation and implementation. Furthermore it aims to identify whether any possible applications of blockchain technology could be suggested for future implementation in thedomain of data security.The discussion summarizes the empirical findings acquired from the interviews and theperceptions of the participants on Blockchain Technology. By exploring the themes thatemerged from the interviews, it is clearly evident that blockchain is still not a technology thatcan be trusted as an alternative to the current security infrastructures and methods according to the participants. Despite that fact a lot of advantages and optimistic elements were derived since blockchain’s immutability and security demonstrates a high level of tamperingresistance, thus making it suitable as a technology within the Information security industry. Incase blockchain manages to overcome its shortcomings it could prove to be a necessary tool in data privacy and security.

Information Systems

Informatics

Qualitative Research

Blockchain

Cyber Security

DataSecurity

ICT

Privacy

Infrastructure

Human Factor

Consensus Mechanisms

SmartContracts

Authentication

Encryption

Mining

Immutability

Scalability

Networks

Information Systems

Zavedení ISMS v malém podniku / The Implementation of ISMS in a Small Company

Svoboda, Milan

January 2016

The diploma thesis focuses on proposing an information security management system (ISMS) in a small company. This publication includes theoretical facts, which are needed to understand and design a ISMS. The design proposal of the ISMS itself is based on an analysis of the current status of the company's information security. The proposed security measures are based on the actual state of information security within the company, and on recommendations stemming from the ISO/IEC 27000 standard.

A MACHINE LEARNING BASED WEB SERVICE FOR MALICIOUS URL DETECTION IN A BROWSER

Hafiz Muhammad Junaid Khan (8119418)

12 December 2019

Malicious URLs pose serious cyber-security threats to the Internet users. It is critical to detect malicious URLs so that they could be blocked from user access. In the past few years, several techniques have been proposed to differentiate malicious URLs from benign ones with the help of machine learning. Machine learning algorithms learn trends and patterns in a data-set and use them to identify any anomalies. In this work, we attempt to find generic features for detecting malicious URLs by analyzing two publicly available malicious URL data-sets. In order to achieve this task, we identify a list of substantial features that can be used to classify all types of malicious URLs. Then, we select the most significant lexical features by using Chi-Square and ANOVA based statistical tests. The effectiveness of these feature sets is then tested by using a combination of single and ensemble machine learning algorithms. We build a machine learning based real-time malicious URL detection system as a web service to detect malicious URLs in a browser. We implement a chrome extension that intercepts a browser’s URL requests and sends them to web service for analysis. We implement the web service as well that classifies a URL as benign or malicious using the saved ML model. We also evaluate the performance of our web service to test whether the service is scalable.

Computer System Security

Machine learning in cyber-security

Real time malicious URL detection

Generic features for malicious URLs

Cybersecurity

cybersecurity engineering