In May 2018, the new Dutch Intelligence and Security Services Act 2017 (Wet op de Inlichtingen- en veiligheidsdiensten, Wiv) will enter into force. It replaces the previous 2002 Act and incorporates many reforms to the information gathering powers of the two intelligence and security services as well as to the accountability and oversight mechanisms. Due to the technologyneutral approach, both the civil and the military intelligence services are now authorized to, for example, intercept communications in bulk, hack third parties, decrypt files, store DNA or use any other future innovative technology. Also, the national security legislation extends the possibilities for the indiscriminate collection of data, and for the processing, storage and analysis thereof. The process leading to the law includes substantial criticism from the various stakeholders involved. Upon publication of this report, an official consultative referendum is being organized on the new act. The aim of this policy brief is to provide an international audience with a comprehensive overview of the most relevant aspects of the act and its context. In addition, there is considerable focus on the checks and balances as well as the bottlenecks of the Dutch intelligence gathering reform. The selection of topics is based on the core issues addressed during the parliamentary debate and on the authors’ insights.
DOCUMENT
From the article: This paper describes the external IT security analysis of an international corporate organization, containing a technical and a social perspective, resulting in a proposed repeatable approach and lessons learned for applying this approach. Part of the security analysis was the utilization of a social engineering experiment, as this could be used to discover employee related risks. This approach was based on multiple signals that indicated a low IT security awareness level among employees as well as the results of a preliminary technical analysis. To carry out the social engineering experiment, two techniques were used. The first technique was to send phishing emails to both the system administrators and other employees of the company. The second technique comprised the infiltration of the office itself to test the physical security, after which two probes were left behind. The social engineering experiment proved that general IT security awareness among employees was very low. The results allowed the research team to infiltrate the network and have the possibility to disable or hamper crucial processes. Social engineering experiments can play an important role in conducting security analyses, by showing security vulnerabilities and raising awareness within a company. Therefore, further research should focus on the standardization of social engineering experiments to be used in security analyses and further development of the approach itself. This paper provides a detailed description of the used methods and the reasoning behind them as a stepping stone for future research on this subject. van Liempd, D., Sjouw, A., Smakman, M., & Smit, K. (2019). Social Engineering As An Approach For Probing Organizations To Improve It Security: A Case Study At A Large International Firm In The Transport Industry. 119-126. https://doi.org/10.33965/es2019_201904l015
MULTIFILE
Worldwide there is a lack of well-educated and experienced information security specialists. The first step to address this issue is arranging enough people with a well-known and acceptable basic level of information security competences. However, there might be a lot of information security education and training, but there is anything but a well-defined outflow level with a known and acceptable basic level of information security competences. There exists a chaotic situation in respect of the qualification of information security professionals, with the emergence of a large number of difficult to compare certificates and job titles. Apparently the information security field requires uniform qualifications that are internationally recognized. Such qualifications could be an excellent way of unambiguously clarifying the knowledge and skills of information security professionals. Furthermore it gives educational institutions a framework which facilitates the development of appropriate information security education and training.
DOCUMENT
In today’s world, information security is a trending as well as a crucial topic for both individuals and organizations. Experts believe that nothing can guarantee any system’s security unless humans’ information security behavior is taken under consideration. Opening an e-mail attachment without checking its source, sharing account information with other people and browsing websites without checking its reliability can be considered as common mistakes in information security behavior. This study examines the factors affecting information security behavior by scrutinising its relationship with different variables which are information knowledge sharing, information security organization policy, the intention of attending information security training and self-efficacy. The present study extensively analyses the data collected from a survey of 630 people ranging from students to managers aged between 15 to 79 in order to generalize the Turkish context. The results of reliability measures and confirmatory factor analysis support the scale of the study. The present study’s findings show that there is a positive relationship between the factors mentioned above and information security behavior.
DOCUMENT
In this paper we research the following question: What motivational factors relate, in which degree, to intentions on compliance to ISP and how could these insights be utilized to promote endusers compliance within a given organization? The goal of this research is to provide more insight in the motivational factors applicable to ISP and their influence on end-user behavior, thereby broadening knowledge regarding information systems security behaviors in organizations from the viewpoint of non-malicious abuse and offer a theoretical explanation and empirical support. The outcomes are also useful for practitioners to complement their security training and awareness programs, in the end helping enterprises better effectuate their information security policies. In this study an instrument is developed that can be used in practice to measure an organizational context on the effects of six motivational factors recognized. These applicable motivational factors are determined from literature and subsequently evaluated and refined by subject matter experts. A survey is developed, tested in a pilot, refined and conducted within four organizations. From the statistical analysis, findings are reported and conclusions on the hypothesis are drawn. Recommended Citation Straver, Peter and Ravesteyn, Pascal (2018) "End-users Compliance to the Information Security Policy: A Comparison of Motivational Factors," Communications of the IIMA: Vol. 16 : Iss. 4 , Article 1. Available at: https://scholarworks.lib.csusb.edu/ciima/vol16/iss4/1
MULTIFILE
This essay explores the notion of resilience by providing a theoretical context and subsequently linking it to the management of safety and security. The distinct worlds of international security, industrial safety and public security have distinct risks as well as distinct ‘core purposes and integrities’ as understood by resilience scholars. In dealing with risks one could argue there are three broad approaches: cost-benefit analysis, precaution and resilience. In order to distinguish the more recent approach of resilience, the idea of adaptation will be contrasted to mitigation. First, a general outline is provided of what resilience implies as a way to survive and thrive in the face of adversity. After that, a translation of resilience for the management of safety and security is described. LinkedIn: https://www.linkedin.com/in/juul-gooren-phd-cpp-a1180622/
DOCUMENT
In this project we take a look at the laws and regulations surrounding data collection using sensors in assistive technology and the literature on concerns of people about this technology. We also look into the Smart Teddy device and how it operates. An analysis required by the General Data Protection Regulation (GDPR) [5] will reveal the risks in terms of privacy and security in this project and how to mitigate them. https://nl.linkedin.com/in/haniers
MULTIFILE
This article focuses on the recent judgment of the Court of Justice, Aranyosi and Caldararu. After conducting a legal analysis on this case, three issues are identified and they are separately discussed in three sections. The aim of this paper is to show the impact of this judgment on public order and public security in Europe on the one hand and on the individual’s fundamental rights, on the other hand. It is going to be argued that even though there are limits to the principle of mutual recognition, this new exception based on fundamental rights establishes a new procedure for non-surrender. Therefore, the Court of Justice creates a non-execution ground which the EU legislator did not intend to include in the Framework Decision on the European arrest warrant. This is explained by looking at the three interconnected notions of Freedom, Security and Justice.
DOCUMENT
With the increase of needs for controlling the passengers that use different modes of transport such as airports, ports, trains, or future ones as hyper loops, security facilities are a key element to be optimized. In the current study, we present an analysis of a security area within an airport with particular restrictions. To improve the capacity, different categories and policies were devised for processing passengers and we propose to adapt the system to these categories and policies. The results indicated that, by designing a proper category in combination with novel technology, it is possible to increase the capacity to values of 2 digits (in terms of passengers/day). As a proof-of-concept, we use a case study of an area within an airport in Mexico based on data and layout of early 2019.
DOCUMENT
Abstract: Background: Chronic obstructive pulmonary disease (COPD) and asthma have a high prevalence and disease burden. Blended self-management interventions, which combine eHealth with face-to-face interventions, can help reduce the disease burden. Objective: This systematic review and meta-analysis aims to examine the effectiveness of blended self-management interventions on health-related effectiveness and process outcomes for people with COPD or asthma. Methods: PubMed, Web of Science, COCHRANE Library, Emcare, and Embase were searched in December 2018 and updated in November 2020. Study quality was assessed using the Cochrane risk of bias (ROB) 2 tool and the Grading of Recommendations, Assessment, Development, and Evaluation. Results: A total of 15 COPD and 7 asthma randomized controlled trials were included in this study. The meta-analysis of COPD studies found that the blended intervention showed a small improvement in exercise capacity (standardized mean difference [SMD] 0.48; 95% CI 0.10-0.85) and a significant improvement in the quality of life (QoL; SMD 0.81; 95% CI 0.11-1.51). Blended intervention also reduced the admission rate (relative ratio [RR] 0.61; 95% CI 0.38-0.97). In the COPD systematic review, regarding the exacerbation frequency, both studies found that the intervention reduced exacerbation frequency (RR 0.38; 95% CI 0.26-0.56). A large effect was found on BMI (d=0.81; 95% CI 0.25-1.34); however, the effect was inconclusive because only 1 study was included. Regarding medication adherence, 2 of 3 studies found a moderate effect (d=0.73; 95% CI 0.50-0.96), and 1 study reported a mixed effect. Regarding self-management ability, 1 study reported a large effect (d=1.15; 95% CI 0.66-1.62), and no effect was reported in that study. No effect was found on other process outcomes. The meta-analysis of asthma studies found that blended intervention had a small improvement in lung function (SMD 0.40; 95% CI 0.18-0.62) and QoL (SMD 0.36; 95% CI 0.21-0.50) and a moderate improvement in asthma control (SMD 0.67; 95% CI 0.40-0.93). A large effect was found on BMI (d=1.42; 95% CI 0.28-2.42) and exercise capacity (d=1.50; 95% CI 0.35-2.50); however, 1 study was included per outcome. There was no effect on other outcomes. Furthermore, the majority of the 22 studies showed some concerns about the ROB, and the quality of evidence varied. Conclusions: In patients with COPD, the blended self-management interventions had mixed effects on health-related outcomes, with the strongest evidence found for exercise capacity, QoL, and admission rate. Furthermore, the review suggested that the interventions resulted in small effects on lung function and QoL and a moderate effect on asthma control in patients with asthma. There is some evidence for the effectiveness of blended self-management interventions for patients with COPD and asthma; however, more research is needed. Trial Registration: PROSPERO International Prospective Register of Systematic Reviews CRD42019119894; https://www.crd.york.ac.uk/prospero/display_record.php?RecordID=119894
DOCUMENT
