La sécurisation du commerce électronique dans l'espace OHADA / Securing electronic commerce in OHADA space

Billong Billong, Abel Henri

09 February 2017

La thèse a pour ambition de faire un état des lieux de la sécurisation du commerce électronique dans l'espace OHADA. Compte tenu de l'inexistence d'un Acte uniforme dédié à la matière et que les Actes uniformes consacrés par le législateur OHADA concerne surtout les aspects traditionnels de du commerce, il sera également question d'accroître la sécurité en améliorant le processus qui y conduit. L’intérêt du sujet tient notamment au fait que le commerce électronique n’a pas encore fait l’objet d’une réglementation en droit OHADA. Il s’agit d’une réflexion prospective visant à dégager des propositions pour une évolution de la matière. De notre point de vue, la réglementation OHADA actuelle, est illisible et source de difficultés par rapport aux objectifs de sécurisation poursuivis en Afrique. Il est donc intéressant de proposer un modèle de sécurisation à partir des initiatives existantes dans l’espace OHADA et dans le droit français et européen très en avance en la matière. / Besides the opportunity of a regulation on electronic commerce and its actors, the rules governing the construction process particularly interested observer. Regarding supervision of business law, the position of the common legislator OHADA is not indisputable. New methods to achieve commercial transactions in Africa have indeed revealed the fragility of its foundations. Thus, the balance inherent in the establishment of OHADA is increasingly threatened .The intervention of the common organization was actively expected in order to legally manage the consequences of using the Internet. Those expectations have not been actually entirely satisfied. Indeed, OHADA has not yet released any uniform act dedicated to e-commerce. This leads to the usage of the existing rules, still embryonic. This is the state initiatives whose legitimacy and effectiveness depend on the principles of OHADA. Although likely to fill gaps of the latter, they are nevertheless clearly insufficient. They do not make it possible to grasp all the changes and developments of practices inherent in dematerialization and ubiquity.Yet, as far as their vehicles namely the Internet, the emergence of online economic activity generates important security needs. The control of multiple security risks depends on the emergence of other standard-setting initiatives. The model building should reinforce the coherence of the process as well as the modernization of the rules concerned. In addition to French and community laws, despite the observed imperfections, processes and resulting rules represent a nourishing source of secure e-commerce model in OHADA.

Commerce électronique

Cybercriminalité

Sécurisation

Espace OHADA

Harmonisation

Internet

Cybersécurité

Securisation

E-Commerce

Cybercrime

Cybersecurity

Security

Safety

Harmonization

Internet

Ohada

340

Enhancing security risk awareness in end-users via affective feedback

Shepherd, Lynsay A.

January 2016

Background: Risky security behaviour displayed by end-users has the potential to leave devices vulnerable to compromise, despite the availability of security tools designed to aid users in defending themselves against potential online threats. This indicates a need to modify the behaviour of end-users, allowing them to consider the security implications of their actions online. Previous research has indicated affective feedback may serve as a successful method of educating users about risky security behaviours. Thus, by influencing end-users via affective feedback it may be possible to engage users, improving their security awareness. Aims: Develop and apply knowledge of monitoring techniques and affective feedback, establishing if this changes users’ awareness of risky security behaviour in the context of a browser-based environment. Methodology: The methodology employs the use of log files derived from the monitoring solution, and information provided by users during the experiments. Questionnaire data was compared against log files and information provided during experiments, providing an overall quantitative approach. Results: In the case of the log files and questionnaires, participants were found to have engaged in instances of risky security behaviours, which they were unaware of, and this indicated a low-level of awareness of risky security behaviour. Whilst the results indicate the affective feedback did not make a difference to behaviour during the course of the experiments, participants felt that the affective feedback delivered had an impact, raising their security awareness, encouraging them to learn about online security. Conclusions: This body of research has made a novel contribution to the field of affective feedback and usable security. Whilst the results indicate the affective feedback made no difference to behaviour, users felt it had an impact on them, persuading them to consider their security behaviours online, and encouraging them to increase their knowledge of risky security behaviours. The research highlights the potential application of affective feedback in the field of usable security. Future work seeks to explore different ways in which affective feedback can be positioned on-screen, and how feedback can be tailored to target specific groups, such as children, or elderly people, with the aim of raising security awareness.

Blurring Safety Between Online and Offline Worlds: Archival, Correlational, and Experimental Evidence of Generalized Threat in the Digital Age

January 2017

abstract: Decades of research in cyberpsychology and human-computer interaction has pointed to a strong distinction between the online and offline worlds, suggesting that attitudes and behaviors in one domain do not necessarily generalize to the other. However, as humans spend increasing amounts of time in the digital world, psychological understandings of safety may begin to influence human perceptions of threat while online. This dissertation therefore examines whether perceived threat generalizes between domains across archival, correlational, and experimental research methods. Four studies offer insight into the relationship between objective indicators of physical and online safety on the levels of nation and state; the relationship between perceptions of these forms of safety on the individual level; and whether experimental manipulations of one form of threat influence perceptions of threat in the opposite domain. In addition, this work explores the impact of threat perception-related personal and situational factors, as well as the impact of threat type (i.e., self-protection, resource), on this hypothesized relationship. Collectively, these studies evince a positive relationship between physical and online safety in macro-level actuality and individual-level perception. Among individuals, objective indicators of community safety—as measured by zip code crime data—were a positive reflection of perceptions of physical safety; these perceptions, in turn, mapped onto perceived online safety. The generalization between perceived physical threat and online threat was stronger after being exposed to self-protection threat manipulations, possibly underscoring the more dire nature of threats to bodily safety than those to valuable resources. Most notably, experimental findings suggest that it is not the physical that informs the digital, but rather the opposite: Online threats blur more readily into physical domains, possibly speaking to the concern that dangers specific to the digital world will bleed into the physical one. This generalization of threat may function as a strategy to prepare oneself for future dangers wherever they might appear; and indeed, perceived threat in either world positively influenced desires to act on recommended safety practices. Taken together, this research suggests that in the realm of threat perception, the boundaries between physical and digital are less rigid than may have been previously believed. / Dissertation/Thesis / Doctoral Dissertation Psychology 2017

Social psychology

Communication

Computer science

cybersecurity

extended parallel process model

online offline comparison

online safety

safety

security sentiment

Um big brother global? os programas de vigilância da NSA à luz da securitização dos espaços sociotecnológicos / A global big brother? the NSA surveillance programs in the light of the securitization of socio-technological spaces

Frazão, Pedro Henrique Oliveira

19 May 2016

Submitted by Elesbão Santiago Neto (neto10uepb@cche.uepb.edu.br) on 2018-04-17T17:34:39Z No. of bitstreams: 1 PDF - Pedro Henrique Oliveira Frazão.pdf: 48458154 bytes, checksum: bfeab5c13f03bd3b57617d633439cb1e (MD5) / Made available in DSpace on 2018-04-17T17:34:39Z (GMT). No. of bitstreams: 1 PDF - Pedro Henrique Oliveira Frazão.pdf: 48458154 bytes, checksum: bfeab5c13f03bd3b57617d633439cb1e (MD5) Previous issue date: 2016-05-19 / CAPES / The increasing use of cyberspace in International Relations is providing a new scenario for world politics. The evolution of digital media has provided a data flow never before seen in human history, which eventually expanded the role of information as a bargaining chip in the power relations of the current international scenario. One of the changes observed from this process was the strengthening of surveillance – which gains new tools in the cyber environment – as a mechanism of monitoring, law enforcement, control and acquisition of information that makes international actors relevant in the new cyberpower relations. Thus, this dissertation analyzes this phenomenon from two main lines that complement each other: the evolution of surveillance as a key dimension of (cyber)security through a panoptic and post-panoptic approach and how these perspectives influence the current cyber surveillance phenomena. To do so, we present Foucault's studies of disciplinary society and its developments that have given rise to an information society of control, and Bauman’s analysis on liquid modernity and how its characteristics can influence contemporary surveillance. The second line of analysis, drawn from the data collected so far, deals with a vision of cyber surveillance as a tool of cyberspace securitization process. Following this logic, studies of the Copenhagen School, based on the constructivist theory of International Relations, point out a favorable path to understanding the role of cyber surveillance within the cybersecurity issues. As an example case, we examine how this process took place within NSA programs of global surveillance revealed in mid-2013 by Edward Snowden. In order to achieve these objectives, classical authors of surveillance and security studies will be reviewed, as well as new approaches; for the presentation and analysis of the proposed case, documentary analysis, reports and speeches relating to international responses in the face of revelations of the NSA programs will be used. / O crescente uso do ciberespaço nas Relações Internacionais vem propiciando um novo cenário para a política mundial. A evolução dos meios digitais proporcionou um fluxo de dados nunca antes visto na história da humanidade, o que acabou ampliando o papel da informação enquanto moeda de troca nas relações de poder do cenário internacional atual. Uma das transformações observadas a partir deste processo foi o fortalecimento da vigilância – que ganha novas ferramentas no ambiente cibernético – enquanto mecanismo de monitoramento, manutenção da ordem, controle e aquisição de informações que tornem os atores internacionais relevantes nas novas relações de poder cibernéticas. Sendo assim, a presente dissertação analisa este fenômeno a partir de duas linhas principais que se complementam: a evolução da vigilância enquanto dimensão-chave da (ciber)segurança, através de uma abordagem panóptica e pós-panóptica e como estas perspectivas influenciam nos fenômenos atuais de vigilância cibernética. Para tanto, apresentam-se os estudos de Foucault acerca da sociedade disciplinar e os seus desdobramentos que deram lugar a uma sociedade de controle informacional, e as análises de Bauman sobre a modernidade líquida e como tais características podem influenciar a vigilância contemporânea. A segunda linha de análise, elaborada a partir dos dados levantados até então, aborda uma visão da vigilância cibernética enquanto ferramenta do processo de securitização do ciberespaço. Seguindo esta lógica, os estudos da Escola de Copenhague, baseados na teoria construtivista das Relações Internacionais, apontam um caminho propício para a compreensão do papel da vigilância cibernética dentro das questões de cibersegurança. Como exemplo de caso, examina-se como esse processo se deu dentro dos programas de vigilância global da NSA, revelados em meados de 2013 por Edward Snowden. A fim de alcançar tais objetivos, serão revisados autores clássicos dos estudos de vigilância e segurança, bem como novas abordagens; para a apresentação e análise do caso proposto, serão utilizados análises documentais, reportagens e discursos referentes às respostas internacionais em face das revelações dos programas da NSA.

Cibersegurança

Securitização

Vigilância cibernética

Panóptico

Agência de segurança - NSA

Cybersecurity

Securitization

Cyber surveillance

Panopticon

Security Agency - NSA

CIENCIAS HUMANAS

Strategie pro rozvoj vzdělávání v oblasti bezpečnosti ICT na vysokých školách / Strategy for the development of education in the field of ICT security at universities

Sulanová, Monika

January 2017

The thesis deals with the problems of education in ICT security experts at universities in order to design a strategy for the development of education in present degree courses that dealing with this issue. The theoretical part focuses on the definition of ICT security and to familiarize the reader with the basic concepts of information security management and management of cyber security and gives an overview of the overall development of ICT security and the current trends in this area. It also describes the current situation on the labor market in relation to ICT security and the education of professionals in this field and characterizes the existing recommendations for education in ICT security. Practical part focuses on analyzing the current education ic ICT security and on analyzing the knowledge and skills requirements of the labor market to professionals in this area. Defines the basic professional role and knowledge domains that should be covered by this role. In the analytical part they are evaluated current profiles of graduates Master's degree programs focused on this area in order to find gaps in the knowledge base of graduates based on the requirements of the labor market and the existing recommendations. The results of the analysis are input to define a strategy on education in ICT security, which gives basic recommendations on how to eliminate the shortcomings.

JamaicaEye : What does cyber security look like in one of the most recently developed CCTV networks?

Svensson, Elina, Rydén, Annika

January 2019

The issue approached in this study is the possible gaps in cybersecurity in the Closed-Circuit TV system (CCTV) currently being implemented in Jamaica. During 2018, the government of Jamaica together with systems developers from MSTech Solutions developed and started to implement a video surveillance system with the aim to cover the entire nation to reduce criminal activities and create a safer society. To address potential problems of cybersecurity in this system, the purpose of this study was to explore which cybersecurity domains and factors were the most important in the JamaicaEye project. In order to examine such a purpose, the cybersecurity of the system is put into contrast with the cybersecurity domains of the C2M2 model to unveil similarities and differences in cybersecurity strategy and application. To be able to collect in-depth data of the JamaicaEye project, a hybrid of a field-and a case- study took place in Ocho Rios, Jamaica, during approximately 9 weeks. Data collection was carried out through interviews with representatives from the Jamaican government and the systems developer, MSTech Solutions. After compiling and transcribing the collected data from the interview the color coding and comparison of the results with the cybersecurity capability maturity model, C2M2, started. The C2M2 model was chosen as the theoretical framework for this study. The results of mapping the theoretical data with the empirical data gave underlying material and a perspective on the most important cybersecurity factors in the JamaicaEye system. This study will be a foundation for future expansion of the project in Jamaica, but also similar projects in other nations that are in need for cybersecurity development, management and assessment. Mainly, this study will be useful for those in the industry of development, analysis and assessment, and cybersecurity of CCTV systems.

Cybersecurity

CCTV system

CCTV network

CCTV surveillance

risk management

threats

vulnerabilities

JamaicaEye

implementation

Computer and Information Sciences

Data- och informationsvetenskap

Reference Model to Identify the Maturity Level of Cyber Threat Intelligence on the Dark Web

Santos, Ricardo Meléndez, Gallardo, Anthony Aguilar, Aguirre, Jimmy Armas

01 January 2021

El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado. / In this article, we propose a reference model to identify the maturity level of the cyber intelligence threat process. This proposal considers the dark web as an important source of cyber threats causing a latent risk that organizations do not consider in their cybersecurity strategies. The proposed model aims to increase the maturity level of the process through a set of proposed controls according to the information found on the dark web. The model consists of three phases: (1) Identification of information assets using cyber threat intelligence tools. (2) Diagnosis of the exposure of information assets. (3) Proposal of controls according to the proposed categories and criteria. The validation of the proposal was carried out in an insurance institution in Lima, Peru, with data obtained by the institution. The measurement was made with artifacts that allowed to obtain an initial value of the current panorama of the company. Preliminary results showed 196 emails and passwords exposed on the dark web of which one corresponded to the technology manager of the company under evaluation. With this identification, it was diagnosed that the institution was at a “Normal” maturity level, and from the implementation of the proposed controls, the “Advanced” level was reached. / Revisión por pares

Cyber threat intelligence

Cybersecurity

Dark web

Maturity model

Information assets

Intelligence tool

Maturity levels

Reference modeling

Technology managers

Dopad bezpečnosti IIoT na proaktivní údržbu firemních aktiv / Impact of IIoT security on proactive maintenance of company's assets

Chomyšyn, Maxim

January 2020

This work examines possible safety risks associated with the operation of IIoT technologies in industrial production. The content of this document is an analysis of used IIoT technologies, their purpose and method of implementation into production processes and the company's technology strategy. The outcome of this analysis will serve to develop possible risk scenarios and their associated impacts. Finally, I recommend possible changes that either eliminate these risks completely or at least minimize them.

Impact of mobile botnet on long term evolution networks: a distributed denial of service attack perspective

Kitana, Asem

31 March 2021

In recent years, the advent of Long Term Evolution (LTE) technology as a prominent component of 4G networks and future 5G networks, has paved the way for fast and new mobile web access and application services. With these advantages come some security concerns in terms of attacks that can be launched on such networks. This thesis focuses on the impact of the mobile botnet on LTE networks by implementing a mobile botnet architecture that initiates a Distributed Denial of Service (DDoS) attack. First, in the quest of understanding the mobile botnet behavior, a correlation between the mobile botnet impact and different mobile device mobility models, is established, leading to the study of the impact of the random patterns versus the uniform patterns of movements on the mobile botnet’s behavior under a DDoS attack. Second, the impact of two base transceiver station selection mechanisms on a mobile botnet behavior launching a DDoS attack on a LTE network is studied, the goal being to derive the effect of the attack severity of the mobile botnet. Third, an epidemic SMS-based cellular botnet that uses an epidemic command and control mechanism to initiate a short message services (SMS) phishing attack, is proposed and its threat impact is studied and simulated using three random graphs models. The simulation results obtained reveal that (1) in terms of users’ mobility patterns, the impact of the mobile botnet behavior under a DDoS attack on a victim web server is more pronounced when an asymmetric mobility model is considered compared to a symmetric mobility model; (2) in terms of base transceiver station selection mechanisms, the Distance-Based Model mechanism yields a higher threat impact on the victim server compared to the Signal Power Based Model mechanism; and (3) under the Erdos-and-Reyni Topology, the proposed epidemic SMS-based cellular botnet is shown to be resistant and resilient to random and selective cellular device failures. / Graduate

Mobile Botnet

LTE

Long Term Evolution Network

Distributed Denial of Service Attack

DDoS

Cellular Botnet

Botnet

Cybersecurity

Cyber Security

Cyber Attacks

Between Defence and Offence: An Analysis Of The US "Cyber Strategic Culture" / Between Defence and Offence: An Analysis Of The US "Cyber Strategic Culture"

Persoglia, Davide

January 2018

The present thesis deals with the US strategic approach and posture to cybersecurity from a national point of view. On such a topic much has been written already, nonetheless the present work finds a degree of originality by tackling such object of analysis shifting the focus to a ideational perspective. By drawing insights from the meta-theory of Constructivism and the rich research tradition on strategic culture, the present thesis aims at understanding what kind of norms seem to be informing/mirroring what has been labelled the US "cyber strategic culture", and if it is possible to speak of a "shift", or at least track an evolution regarding them, in a historical timeframe that runs from the early 2000s up to the present days. To pursue the stated research agenda, a methodology grounded in discourse and thematic analysis is utilised, with an analytical framework centred around two opposite "thematic normative categories" (themes) called "defensiveness" and "offensiveness", each characterised by a "story" made up by three sub-themes, delineating specific strategic behaviours. A set of official strategies, all tackling cybersecurity and published during the mentioned timeframe by both the White House and the military, form the primary sources to which such methodology is applied, with particular...