دانلود کتاب Information and Cyber Security: 19th International Conference, ISSA 2020, Pretoria, South Africa, August 25–26, 2020, Revised Selected Papers

فهرست مطالب :

Preface Conference Focus Organization Contents Risks and Threats Arising from the Adoption of Digital Technology in Treasury 1 Introduction 2 Literature Review 3 Smart Treasury Digital Model (STDM) 4 Identifying Risks and Threats that May Arise from Adopting Digital Technology 4.1 Risk Driver 1 - Explainability 4.2 Risk Driver 2 - Cyber Security 4.3 Risk Driver 3 - Fairness and Avoidance of Bias 4.4 Risk Driver 4 - Data Protection and Quality 4.5 Risk Driver 5 - International Standards 4.6 Risk Driver 6 - Business Continuation 4.7 Risk Driver 7 - Technical Knowledge and Skills 5 Managing Digital Risks and Threats in Treasury 5.1 Step 1 - Develop a Board Approved Risk Appetite Policy 5.2 Step 2 - Evolve from a Defensive to an Offensive Environment 5.3 Step 3 - Training and Awareness on Digital Technology Risks 5.4 Step 4 - Real-Time Threat Monitoring 5.5 Step 5 - Collaboration and Information Sharing 5.6 Step 6 - Update/Revise IT Systems and Security 6 Further Development and Research 7 Conclusion References Cyber Security Canvas for SMEs 1 Security Research and SMEs 2 A Brief Overview of Information Security Management Systems and Security Frameworks 2.1 Structure and Functions of an ISMS 2.2 ISO/IEC 27001 2.3 BSI IT-Grundschutz Catalogues 2.4 NIST-Framework 2.5 Bottom Line for Canvas Design 3 Shaping a Cyber Security Canvas 3.1 Design of the Prototype 3.2 Advanced Design Abstraction of the Prototype 3.3 Cyber Security Canvas 3.4 Structure and Scalability of the Model 3.5 Limits of the Model 4 First Experience and Implications 4.1 Baseline Situation and Test Design 4.2 Findings 4.3 Implications References Risk Forecasting Automation on the Basis of MEHARI 1 Introduction 1.1 Motivation 1.2 Our Contributions 2 Background Information 2.1 Harmonized Method of Risk Analysis 3 Proposed Method 3.1 Attacks 3.2 Threats 3.3 Vulnerabilities 3.4 Exploitability 3.5 Attack Vectors 4 Experiment Result 5 Related Work 5.1 OWASP Risk Rating Methodology 5.2 Quantitative CVSS-Based Cyber Security Risk Assessment Methodology 6 Conclusion References Protecting Personal Data Within a South African Organisation 1 Introduction 2 Background Literature 2.1 The Privacy Problem and the Need for Privacy 2.2 Keeping Private Data and Personal Information Protected 2.3 Privacy-Enhancing Technologies (PET) 3 Design and Implementation 3.1 Data Collection 4 Research Results and Discussion 4.1 Master Data Department 4.2 The Customer Interaction Centre (CIC) 4.3 The Credit Department 4.4 Survey Questionnaire Responses 4.5 System and Application Analysis and Review 4.6 Enhancing Privacy Through Legislation and PETs 5 Conclusion References Concern for Information Privacy in South Africa: An Empirical Study Using the OIPCI 1 Introduction 2 Concerns About Information Privacy 3 Overview of CFIP Instruments 4 Methodology 4.1 Measuring Instrument 4.2 Sample 5 Results 5.1 Questionnaire Validation 6 Conclusion References Security Education, Training, and Awareness: Incorporating a Social Marketing Approach for Behavioural Change 1 Introduction 2 Background 2.1 Security Education Training and Awareness 2.2 Theoretical Framing – Social Marketing Approach 2.3 Summary of Social Marketing and SETA 3 Proposed SETA Development Process 3.1 Scoping Phase 3.2 Selecting Phase 3.3 Understanding Phase 3.4 Designing Phase 3.5 Managing Phase 4 Application of the Proposed SETA Planning Process 5 Conclusion and Future Work References Exploring Emotion Detection as a Possible Aid in Speaker Authentication 1 Introduction 2 Authentication 2.1 Biometrics for Authentication 2.2 Speaker Authentication Under Duress 3 Emotion Through Voice 4 Feature Extraction Techniques and Models 4.1 Feature Extraction Techniques 4.2 Models 5 Experiments Conducted 6 Discussion 7 Conclusions and Future Work References Identification of Information Security Controls for Fitness Wearable Manufacturers 1 Introduction 2 Methodology 2.1 Stage 1: Literature Review 2.2 Stage-2: Analysis Approach 3 Findings and Presentation 3.1 Vulnerabilities Affecting Fitness Wearables 3.2 Identification of Security Controls 4 Limitation and Future Research 5 Conclusion References A Critical Evaluation of Validation Practices in the Forensic Acquisition of Digital Evidence in South Africa 1 Introduction 2 The Forensic Acquisition Process 2.1 Forensic Imaging 2.2 Write Blocking 3 The Importance of Validation in the Forensic Acquisition Process 4 Validation Standards and Practices Relating to the Forensic Acquisition Process 4.1 National Institute of Standards and Technology Computer Forensics Tool Testing Project 4.2 The Scientific Working Group on Digital Evidence 4.3 European Network of Forensic Science Institutes 4.4 Dual Tool Validation 4.5 Vendor Validation 5 Forensic Acquisition Tool Validations in South Africa 5.1 Questioning in Court About Tool Validation 5.2 Training About Tool Validation 5.3 Knowledge of Tool Validation Standards 5.4 The Use and Validation of Write-Blockers 5.5 The Use and Validation of Forensic Imaging Tools 6 Conclusions 6.1 The Use of Non-validated Tools During Forensic Acquisitions 6.2 The Use of Validated Tools During Forensic Acquisitions 6.3 Self-validation of Tools 6.4 Vendor ‘‘Validation’’ 6.5 The Impact on the Reliability of Digital Evidence 6.6 Failure of the Justice System 7 Future Research References Investigating Customer-Facing Security Features on South African E-commerce Websites 1 Introduction 2 Background 2.1 Increasing Customer Trust 2.2 Privacy in E-Commerce 2.3 Security from a Customer’s Perspective 2.4 Security Evaluation Criteria 3 Methodology 3.1 Sampling 3.2 Data Collection 4 Analysis and Discussion 4.1 Privacy 4.2 Account Security 4.3 Website Security 4.4 Discussion 5 Conclusion References Author Index