In May 2018, the new Dutch Intelligence and Security Services Act 2017 (Wet op de Inlichtingen- en veiligheidsdiensten, Wiv) will enter into force. It replaces the previous 2002 Act and incorporates many reforms to the information gathering powers of the two intelligence and security services as well as to the accountability and oversight mechanisms. Due to the technologyneutral approach, both the civil and the military intelligence services are now authorized to, for example, intercept communications in bulk, hack third parties, decrypt files, store DNA or use any other future innovative technology. Also, the national security legislation extends the possibilities for the indiscriminate collection of data, and for the processing, storage and analysis thereof. The process leading to the law includes substantial criticism from the various stakeholders involved. Upon publication of this report, an official consultative referendum is being organized on the new act. The aim of this policy brief is to provide an international audience with a comprehensive overview of the most relevant aspects of the act and its context. In addition, there is considerable focus on the checks and balances as well as the bottlenecks of the Dutch intelligence gathering reform. The selection of topics is based on the core issues addressed during the parliamentary debate and on the authors’ insights.
DOCUMENT
From the article: This paper describes the external IT security analysis of an international corporate organization, containing a technical and a social perspective, resulting in a proposed repeatable approach and lessons learned for applying this approach. Part of the security analysis was the utilization of a social engineering experiment, as this could be used to discover employee related risks. This approach was based on multiple signals that indicated a low IT security awareness level among employees as well as the results of a preliminary technical analysis. To carry out the social engineering experiment, two techniques were used. The first technique was to send phishing emails to both the system administrators and other employees of the company. The second technique comprised the infiltration of the office itself to test the physical security, after which two probes were left behind. The social engineering experiment proved that general IT security awareness among employees was very low. The results allowed the research team to infiltrate the network and have the possibility to disable or hamper crucial processes. Social engineering experiments can play an important role in conducting security analyses, by showing security vulnerabilities and raising awareness within a company. Therefore, further research should focus on the standardization of social engineering experiments to be used in security analyses and further development of the approach itself. This paper provides a detailed description of the used methods and the reasoning behind them as a stepping stone for future research on this subject. van Liempd, D., Sjouw, A., Smakman, M., & Smit, K. (2019). Social Engineering As An Approach For Probing Organizations To Improve It Security: A Case Study At A Large International Firm In The Transport Industry. 119-126. https://doi.org/10.33965/es2019_201904l015
MULTIFILE
Worldwide there is a lack of well-educated and experienced information security specialists. The first step to address this issue is arranging enough people with a well-known and acceptable basic level of information security competences. However, there might be a lot of information security education and training, but there is anything but a well-defined outflow level with a known and acceptable basic level of information security competences. There exists a chaotic situation in respect of the qualification of information security professionals, with the emergence of a large number of difficult to compare certificates and job titles. Apparently the information security field requires uniform qualifications that are internationally recognized. Such qualifications could be an excellent way of unambiguously clarifying the knowledge and skills of information security professionals. Furthermore it gives educational institutions a framework which facilitates the development of appropriate information security education and training.
DOCUMENT
In this paper we research the following question: What motivational factors relate, in which degree, to intentions on compliance to ISP and how could these insights be utilized to promote endusers compliance within a given organization? The goal of this research is to provide more insight in the motivational factors applicable to ISP and their influence on end-user behavior, thereby broadening knowledge regarding information systems security behaviors in organizations from the viewpoint of non-malicious abuse and offer a theoretical explanation and empirical support. The outcomes are also useful for practitioners to complement their security training and awareness programs, in the end helping enterprises better effectuate their information security policies. In this study an instrument is developed that can be used in practice to measure an organizational context on the effects of six motivational factors recognized. These applicable motivational factors are determined from literature and subsequently evaluated and refined by subject matter experts. A survey is developed, tested in a pilot, refined and conducted within four organizations. From the statistical analysis, findings are reported and conclusions on the hypothesis are drawn. Recommended Citation Straver, Peter and Ravesteyn, Pascal (2018) "End-users Compliance to the Information Security Policy: A Comparison of Motivational Factors," Communications of the IIMA: Vol. 16 : Iss. 4 , Article 1. Available at: https://scholarworks.lib.csusb.edu/ciima/vol16/iss4/1
MULTIFILE
This essay explores the notion of resilience by providing a theoretical context and subsequently linking it to the management of safety and security. The distinct worlds of international security, industrial safety and public security have distinct risks as well as distinct ‘core purposes and integrities’ as understood by resilience scholars. In dealing with risks one could argue there are three broad approaches: cost-benefit analysis, precaution and resilience. In order to distinguish the more recent approach of resilience, the idea of adaptation will be contrasted to mitigation. First, a general outline is provided of what resilience implies as a way to survive and thrive in the face of adversity. After that, a translation of resilience for the management of safety and security is described. LinkedIn: https://www.linkedin.com/in/juul-gooren-phd-cpp-a1180622/
DOCUMENT
1e alinea column: Op 3 december j.l. berichtte Nu.nl naar aanleiding van een gehouden onderzoek dat cyberaanvallen binnen twee jaar van nu als het grootste bedrijfsrisico in Nederland gezien moeten worden en als een groter risico dan economische onzekerheid.
LINK
Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad hoc basis, in close cooperation with other teams, and in time constrained environments. It could be argued that under these working conditions CSIRTs would be likely to encounter problems. A needs assessment was done to see to which extent this argument holds true. We constructed an incident response needs model to assist in identifying areas that require improvement. We envisioned a model consisting of four assessment categories: Organization, Team, Individual and Instrumental. Central to this is the idea that both problems and needs can have an organizational, team, individual, or technical origin or a combination of these levels. To gather data we conducted a literature review. This resulted in a comprehensive list of challenges and needs that could hinder or improve, respectively, the performance of CSIRTs. Then, semi-structured in depth interviews were held with team coordinators and team members of five public and private sector Dutch CSIRTs to ground these findings in practice and to identify gaps between current and desired incident handling practices. This paper presents the findings of our needs assessment and ends with a discussion of potential solutions to problems with performance in incident response. https://doi.org/10.3389/fpsyg.2017.02179 LinkedIn: https://www.linkedin.com/in/rickvanderkleij1/
MULTIFILE
The sense of safety and security of older people is a widely acknowledged action domain for policy and practice in age-friendly cities. Despite an extensive body of knowledge on the matter, the theory is fragmented, and a classification is lacking. Therefore, this study investigated how older people experience the sense of safety and security in an age-friendly city. A total of four focus group sessions were organised in The Hague comprising 38 older people. Based on the outcomes of the sessions, the sense of safety and security was classified into two main domains: a sense of safety and security impacted by intentional acts and negligence (for instance, burglary and violence), and a sense of safety and security impacted by non-intentional acts (for instance, incidents, making mistakes online). Both domains manifest into three separate contexts, namely the home environment, the outdoor environment and traffic and the digital environment. In the discussions with older people on these derived domains, ideas for potential improvements and priorities were also explored, which included access to information on what older people can do themselves to improve their sense of safety and security, the enforcement of rules, and continuous efforts to develop digital skills to improve safety online. Original article at MDPI; DOI: https://doi.org/10.3390/ijerph19073960
MULTIFILE
This article focuses on the recent judgment of the Court of Justice, Aranyosi and Caldararu. After conducting a legal analysis on this case, three issues are identified and they are separately discussed in three sections. The aim of this paper is to show the impact of this judgment on public order and public security in Europe on the one hand and on the individual’s fundamental rights, on the other hand. It is going to be argued that even though there are limits to the principle of mutual recognition, this new exception based on fundamental rights establishes a new procedure for non-surrender. Therefore, the Court of Justice creates a non-execution ground which the EU legislator did not intend to include in the Framework Decision on the European arrest warrant. This is explained by looking at the three interconnected notions of Freedom, Security and Justice.
DOCUMENT
In de volksmond staat het International Facility Management Programme bekend als 'Summerschool'. Het programma, waarmee acht samenwerkende opleidingen uit Duitsland, Finland, Nederland en Oostenrijk mede gestalte geven aan internationalisering, speelt zich namelijk grotendeels in de zomervakantie af. Dit jaar was het - jaarlijks wisselende, internationaal relevante - thema bedrijfscontinuïteit.
DOCUMENT
