From the article: This paper describes the external IT security analysis of an international corporate organization, containing a technical and a social perspective, resulting in a proposed repeatable approach and lessons learned for applying this approach. Part of the security analysis was the utilization of a social engineering experiment, as this could be used to discover employee related risks. This approach was based on multiple signals that indicated a low IT security awareness level among employees as well as the results of a preliminary technical analysis. To carry out the social engineering experiment, two techniques were used. The first technique was to send phishing emails to both the system administrators and other employees of the company. The second technique comprised the infiltration of the office itself to test the physical security, after which two probes were left behind. The social engineering experiment proved that general IT security awareness among employees was very low. The results allowed the research team to infiltrate the network and have the possibility to disable or hamper crucial processes. Social engineering experiments can play an important role in conducting security analyses, by showing security vulnerabilities and raising awareness within a company. Therefore, further research should focus on the standardization of social engineering experiments to be used in security analyses and further development of the approach itself. This paper provides a detailed description of the used methods and the reasoning behind them as a stepping stone for future research on this subject. van Liempd, D., Sjouw, A., Smakman, M., & Smit, K. (2019). Social Engineering As An Approach For Probing Organizations To Improve It Security: A Case Study At A Large International Firm In The Transport Industry. 119-126. https://doi.org/10.33965/es2019_201904l015
MULTIFILE
Amsterdam Airport Schiphol has faced capacity constraints, particularly during peak periods. At the security screening checkpoint, this is due to the growing number of passengers and a shortage of security staff. To improve operating performance, there is a need to integrate newer technologies that improve passing times. This research presents a discrete event simulation (DES) model for the inclusion of a shoe scanner at the security screening checkpoint at Amsterdam Airport Schiphol. Simulation is a frequently used method to assess the influence of process changes, which, however, has not been applied for the inclusion of shoe scanners in airport security screenings yet. The simulation model can be used to assess the implementation and potential benefits of an optical shoe scanner, which is expected to lead to significant improvements in passenger throughput and a decrease in the time a passenger spends during the security screening, which could lead to improved passenger satisfaction. By leveraging DES as a tool for analysis, this study provides valuable insights for airport authorities and stakeholders aiming to optimize security screening operations and enhance passenger satisfaction.
This essay explores the notion of resilience by providing a theoretical context and subsequently linking it to the management of safety and security. The distinct worlds of international security, industrial safety and public security have distinct risks as well as distinct ‘core purposes and integrities’ as understood by resilience scholars. In dealing with risks one could argue there are three broad approaches: cost-benefit analysis, precaution and resilience. In order to distinguish the more recent approach of resilience, the idea of adaptation will be contrasted to mitigation. First, a general outline is provided of what resilience implies as a way to survive and thrive in the face of adversity. After that, a translation of resilience for the management of safety and security is described. LinkedIn: https://www.linkedin.com/in/juul-gooren-phd-cpp-a1180622/
Today, embedded devices such as banking/transportation cards, car keys, and mobile phones use cryptographic techniques to protect personal information and communication. Such devices are increasingly becoming the targets of attacks trying to capture the underlying secret information, e.g., cryptographic keys. Attacks not targeting the cryptographic algorithm but its implementation are especially devastating and the best-known examples are so-called side-channel and fault injection attacks. Such attacks, often jointly coined as physical (implementation) attacks, are difficult to preclude and if the key (or other data) is recovered the device is useless. To mitigate such attacks, security evaluators use the same techniques as attackers and look for possible weaknesses in order to “fix” them before deployment. Unfortunately, the attackers’ resourcefulness on the one hand and usually a short amount of time the security evaluators have (and human errors factor) on the other hand, makes this not a fair race. Consequently, researchers are looking into possible ways of making security evaluations more reliable and faster. To that end, machine learning techniques showed to be a viable candidate although the challenge is far from solved. Our project aims at the development of automatic frameworks able to assess various potential side-channel and fault injection threats coming from diverse sources. Such systems will enable security evaluators, and above all companies producing chips for security applications, an option to find the potential weaknesses early and to assess the trade-off between making the product more secure versus making the product more implementation-friendly. To this end, we plan to use machine learning techniques coupled with novel techniques not explored before for side-channel and fault analysis. In addition, we will design new techniques specially tailored to improve the performance of this evaluation process. Our research fills the gap between what is known in academia on physical attacks and what is needed in the industry to prevent such attacks. In the end, once our frameworks become operational, they could be also a useful tool for mitigating other types of threats like ransomware or rootkits.
Despite their various appealing features, drones also have some undesirable side-effects. One of them is the psychoacoustic effect that originates from their buzzing noise that causes significant noise pollutions. This has an effect on nature (animals run away) and on humans (noise nuisance and thus stress and health problems). In addition, these buzzing noises contribute to alerting criminals when low-flying drones are deployed for safety and security applications. Therefore, there is an urgent demand from SMEs for practical knowledge and technologies that make existing drones silent, which is the main focus of this project. This project contributes directly to the KET Digital Innovations\Robotics and multiple themes of the top sectors: Agriculture, Water and Food, Health & Care and Safety. The main objective of this project is: Investigate the desirability and possibilities of extremely silent drone technologies for agriculture, public space and safety This is an innovative project and there exist no such drone technology that attempts to reduce the noises coming from drones. The knowledge within this project will be converted into the first proof-of-concepts that makes the technology the first Minimum Viable Product suitable for market evaluations. The partners of this project include WhisperUAV, which has designed the first concept of a silent drone. As a fiber-reinforced 3D composite component printer, Fiberneering plays a crucial role in the (further) development of silent drone technologies into testable prototypes. Sorama is involved as an expert company in the context of mapping the sound fields in and around drones. The University of Twente is involved as a consultant and co-developer, and Research group of mechatronics at Saxion is involved as concept developer, system and user requirement verifier and validator. As an unmanned systems innovation cluster, Space53 will be involved as innovation and networking consultant.
In our increasingly global society, organizations face many opportunities in innovation, improved productivity and easy access to talent. At the same time, one of the greatest challenges, businesses experience nowadays, is the importance of social and/or human capital for their effectiveness and success (Backhaus and Tikoo, 2004; Mosley, 2007; Theurer et al., 2018; Tumasjan et al., 2020). High-quality employees are crucial to the competitive strength of an organization in the global economy, as these employees have a major influence on organizational reputation (Dowling at al., 2012). An important question is how, under these global circumstances, organizations and companies in the Netherlands can best be stimulated to attract and preserve social capital.Several studies have suggested the scarcity of talent and the crucial importance of gaining competitive advantage with recruitment communication to find the fit between personal and fundamental organizational characteristics and values for employees (Cable and Edwards, 2004; Bhatnagar and Srivastava, 2008; ManPower Group, 2014; European Communication Monitor (ECM), 2018). In order to become an employer of choice, organizations have to not only stand out from the crowd during the recruitment process but work on developing loyalty and a culture of trust in their relationship with employees (ECM, 2018). Employer Branding focuses on the process of promoting an organization, as the “employer of choice” to a desired target group, which an organization aims to attract and retain. This process encompasses building an identifiable and unique employer identity or, more specifically, “the promotion of a unique and attractive image” as an employer (Backhaus 2004, p. 117; Backhaus and Tikoo 2004, p. 502).One of the biggest challenges in the North of the Netherlands at the moment is the urgent need for qualified labor in the IT, energy and healthcare sectors and the excess supply of international graduates who are able to find a job in the North of the Netherlands (AWVN, 2019). Talent development, as part of the regional labor market and education policy, has been an important part of government programs and strategies in the region (VNO-NCW Noord, 2018). For instance, North Netherlands Alliance (SNN) signed a Northern Innovation Agenda for the 2014-2020 period. SNN encourages, facilitates and connects ambitions focused on the development of the Northern Netherlands. Also, the Social Economic council North Netherlands issued an advice on the labour market in the North Netherlands (SER Noord Nederland, 2017). Knowledge institutions also contribute through employability programs. Another example is the Regional Talent Agreement (Talent Akkoord) framework issued by the Groningen educational institutions, employers and employees’ organizations and regional authorities in which they jointly commit to recruiting, training, retaining and developing talent for the Northern labor market. Most of the hires with a maximum of five year of experience at companies are represented by millennials. To learn what values make an attractive brand for employees in the of the North of the Netherlands, we conducted a first study. When ranking the most important values of corporate culture which matter to young employees, they mention creative freedom, purposeful work, flexibility, work-life balance as well as personal development. Whereas attractive workplace and job security do not matter to such a degree. A positive work environment and a good relationship with colleagues are valued highly (Hein, 2019).To date, as far as we know, no other employer branding studies have been carried out for the North of the Netherlands. Further insight is needed into the role of employer branding as a powerful tool to retain talent in Northern industry in particular.The goal of this study is to provide a detailed analysis of the regional industry in the Northern Netherlands and contribute to: 1) the scientific body of knowledge about whether and how employer branding can strengthen the attractiveness of a regional industry in the labor market; 2) the application of this knowledge and insights by companies and governments in local policy development in the North of the Netherlands.
