In May 2018, the new Dutch Intelligence and Security Services Act 2017 (Wet op de Inlichtingen- en veiligheidsdiensten, Wiv) will enter into force. It replaces the previous 2002 Act and incorporates many reforms to the information gathering powers of the two intelligence and security services as well as to the accountability and oversight mechanisms. Due to the technologyneutral approach, both the civil and the military intelligence services are now authorized to, for example, intercept communications in bulk, hack third parties, decrypt files, store DNA or use any other future innovative technology. Also, the national security legislation extends the possibilities for the indiscriminate collection of data, and for the processing, storage and analysis thereof. The process leading to the law includes substantial criticism from the various stakeholders involved. Upon publication of this report, an official consultative referendum is being organized on the new act. The aim of this policy brief is to provide an international audience with a comprehensive overview of the most relevant aspects of the act and its context. In addition, there is considerable focus on the checks and balances as well as the bottlenecks of the Dutch intelligence gathering reform. The selection of topics is based on the core issues addressed during the parliamentary debate and on the authors’ insights.
DOCUMENT
Worldwide there is a lack of well-educated and experienced information security specialists. The first step to address this issue is arranging enough people with a well-known and acceptable basic level of information security competences. However, there might be a lot of information security education and training, but there is anything but a well-defined outflow level with a known and acceptable basic level of information security competences. There exists a chaotic situation in respect of the qualification of information security professionals, with the emergence of a large number of difficult to compare certificates and job titles. Apparently the information security field requires uniform qualifications that are internationally recognized. Such qualifications could be an excellent way of unambiguously clarifying the knowledge and skills of information security professionals. Furthermore it gives educational institutions a framework which facilitates the development of appropriate information security education and training.
DOCUMENT
In today’s world, information security is a trending as well as a crucial topic for both individuals and organizations. Experts believe that nothing can guarantee any system’s security unless humans’ information security behavior is taken under consideration. Opening an e-mail attachment without checking its source, sharing account information with other people and browsing websites without checking its reliability can be considered as common mistakes in information security behavior. This study examines the factors affecting information security behavior by scrutinising its relationship with different variables which are information knowledge sharing, information security organization policy, the intention of attending information security training and self-efficacy. The present study extensively analyses the data collected from a survey of 630 people ranging from students to managers aged between 15 to 79 in order to generalize the Turkish context. The results of reliability measures and confirmatory factor analysis support the scale of the study. The present study’s findings show that there is a positive relationship between the factors mentioned above and information security behavior.
DOCUMENT
In this paper we research the following question: What motivational factors relate, in which degree, to intentions on compliance to ISP and how could these insights be utilized to promote endusers compliance within a given organization? The goal of this research is to provide more insight in the motivational factors applicable to ISP and their influence on end-user behavior, thereby broadening knowledge regarding information systems security behaviors in organizations from the viewpoint of non-malicious abuse and offer a theoretical explanation and empirical support. The outcomes are also useful for practitioners to complement their security training and awareness programs, in the end helping enterprises better effectuate their information security policies. In this study an instrument is developed that can be used in practice to measure an organizational context on the effects of six motivational factors recognized. These applicable motivational factors are determined from literature and subsequently evaluated and refined by subject matter experts. A survey is developed, tested in a pilot, refined and conducted within four organizations. From the statistical analysis, findings are reported and conclusions on the hypothesis are drawn. Recommended Citation Straver, Peter and Ravesteyn, Pascal (2018) "End-users Compliance to the Information Security Policy: A Comparison of Motivational Factors," Communications of the IIMA: Vol. 16 : Iss. 4 , Article 1. Available at: https://scholarworks.lib.csusb.edu/ciima/vol16/iss4/1
MULTIFILE
From the article: This paper describes the external IT security analysis of an international corporate organization, containing a technical and a social perspective, resulting in a proposed repeatable approach and lessons learned for applying this approach. Part of the security analysis was the utilization of a social engineering experiment, as this could be used to discover employee related risks. This approach was based on multiple signals that indicated a low IT security awareness level among employees as well as the results of a preliminary technical analysis. To carry out the social engineering experiment, two techniques were used. The first technique was to send phishing emails to both the system administrators and other employees of the company. The second technique comprised the infiltration of the office itself to test the physical security, after which two probes were left behind. The social engineering experiment proved that general IT security awareness among employees was very low. The results allowed the research team to infiltrate the network and have the possibility to disable or hamper crucial processes. Social engineering experiments can play an important role in conducting security analyses, by showing security vulnerabilities and raising awareness within a company. Therefore, further research should focus on the standardization of social engineering experiments to be used in security analyses and further development of the approach itself. This paper provides a detailed description of the used methods and the reasoning behind them as a stepping stone for future research on this subject. van Liempd, D., Sjouw, A., Smakman, M., & Smit, K. (2019). Social Engineering As An Approach For Probing Organizations To Improve It Security: A Case Study At A Large International Firm In The Transport Industry. 119-126. https://doi.org/10.33965/es2019_201904l015
MULTIFILE
With the increase of needs for controlling the passengers that use different modes of transport such as airports, ports, trains, or future ones as hyper loops, security facilities are a key element to be optimized. In the current study, we present an analysis of a security area within an airport with particular restrictions. To improve the capacity, different categories and policies were devised for processing passengers and we propose to adapt the system to these categories and policies. The results indicated that, by designing a proper category in combination with novel technology, it is possible to increase the capacity to values of 2 digits (in terms of passengers/day). As a proof-of-concept, we use a case study of an area within an airport in Mexico based on data and layout of early 2019.
DOCUMENT
COVID-19 arrived in the world suddenly and unexpectedly. It caused major disruptions at economical, operational and other levels. In the case of flight traffic, the operations were reduced to 10% of their original levels. The question after COVID-19 is how to restart the operations and how to keep the balance between safety and capacity. In this paper we present an analysis using simulation techniques for understanding the impact in a security area of an important airport in Latin America; the airport of Mexico City. The results allow to illustrate the potential congestion given by the implemented covid-19 restriction, even when the traffic recovers only by 25% of the pre-covid-19 traffic. The congestion can be mitigated by applying some layout changes (snake queue vs parallel queue) and when more capacity is added to the system (extra security line). The results will raise situational awareness for airport stakeholders when implementing the actions suggested by different international institutions like WHO, IATA or ICAO.
DOCUMENT
Amsterdam Airport Schiphol has faced capacity constraints, particularly during peak periods. At the security screening checkpoint, this is due to the growing number of passengers and a shortage of security staff. To improve operating performance, there is a need to integrate newer technologies that improve passing times. This research presents a discrete event simulation (DES) model for the inclusion of a shoe scanner at the security screening checkpoint at Amsterdam Airport Schiphol. Simulation is a frequently used method to assess the influence of process changes, which, however, has not been applied for the inclusion of shoe scanners in airport security screenings yet. The simulation model can be used to assess the implementation and potential benefits of an optical shoe scanner, which is expected to lead to significant improvements in passenger throughput and a decrease in the time a passenger spends during the security screening, which could lead to improved passenger satisfaction. By leveraging DES as a tool for analysis, this study provides valuable insights for airport authorities and stakeholders aiming to optimize security screening operations and enhance passenger satisfaction.
DOCUMENT
This essay explores the notion of resilience by providing a theoretical context and subsequently linking it to the management of safety and security. The distinct worlds of international security, industrial safety and public security have distinct risks as well as distinct ‘core purposes and integrities’ as understood by resilience scholars. In dealing with risks one could argue there are three broad approaches: cost-benefit analysis, precaution and resilience. In order to distinguish the more recent approach of resilience, the idea of adaptation will be contrasted to mitigation. First, a general outline is provided of what resilience implies as a way to survive and thrive in the face of adversity. After that, a translation of resilience for the management of safety and security is described. LinkedIn: https://www.linkedin.com/in/juul-gooren-phd-cpp-a1180622/
DOCUMENT
This article focuses on the recent judgment of the Court of Justice, Aranyosi and Caldararu. After conducting a legal analysis on this case, three issues are identified and they are separately discussed in three sections. The aim of this paper is to show the impact of this judgment on public order and public security in Europe on the one hand and on the individual’s fundamental rights, on the other hand. It is going to be argued that even though there are limits to the principle of mutual recognition, this new exception based on fundamental rights establishes a new procedure for non-surrender. Therefore, the Court of Justice creates a non-execution ground which the EU legislator did not intend to include in the Framework Decision on the European arrest warrant. This is explained by looking at the three interconnected notions of Freedom, Security and Justice.
DOCUMENT
