Research Tools Used by Computer Forensic Teams

Computer Forensics is a branch of digital forensics which is used in identifying, preserving, recovering, analyzing and presenting facts and opinions about the information (Caloyannides, 2001, p. 22). This branch is mainly associated with the wide range of computer crimes. With the discovery of internet, computer crimes have been reached a significant level. There are many activities like viruses through which computer systems either in digital or electronic form are attacked all over the world. Computer Forensics teams are present to monitor and investigate such intrusions and protect computers and networks from such situations.

Several research tools are introduced by the software developing companies which facilitate examinations of cyber-attacks for computer forensics teams. Some of the most wide-spread tools are given below:

  • Appliance for Digital Investigation and Analysis (ADIA)
  • File Recovery Software
  • File Viewers
  • Password Recovery Software
  • X-Ways Forensics
  • Writing Tools
  • Network Tools
  1. Appliance for Digital Investigation and Analysis (ADIA): It is a VMware based appliance which is used for digital investigation and acquisition. Some of the best features of this tool are that it is built from public domain software and is free of charge. Besides, it is released on March 2012 and publically available.
  2. File Recovery Software: Another research tool used by computer forensics is file recovery software, which helps to find out the deleted files. Moreover, in many cases it also assists in recovering the files which are very difficult to analyze.
  3. File Viewers: There are various types of file viewers software which enable computer forensics to view the file without actual opening it.
  4. Password Recovery Software: This is another tool that helps computer forensics team regain the password. It can be considered one of the best tools since it is used to access password protected files. In addition, even if the password list is destroyed password recovery software can still recover it. By using the tool, computer forensics can investigate cybercrime more efficiently.
  5. X-Ways Forensics: Integrated Computer Forensics Software: It is an advanced research environmental tool for computer forensics. Being very efficient, it runs fast and finds deleted files. It is comprised of imaging, disk cloning, data interrupter, etc. (ISFCE: Certified Computer Examiner, 2005).
  6. Writing Tools: Writing tools replicate the data of hardware and software.
  7. Network Tools: Network tools are applied to analyze network traffic. For this purpose, packet sniffers are used which help computer forensics detect and analyze a live attack on the system. By using such tools, computer forensics team can perform its duties in a more effective manner. The team will be able to define the place where the attack has been carried out from. All the tools mentioned above are used by computer forensics to detect and control computer intrusions. All of them are also to decrease the rate of computer crimes.

Thus, there are several Forensics Toolkits available in the markets which are free of charge, for example, CERT Forensics Toolkit. CERT Forensics Toolkit contains tools that are freely available to federal, state, local law enforcement agencies, including the Department of Defense, within the USA (Caloyannides, 2001). Apart from this, there are also some tools which are open source and are free for everyone. Some of them are Data Acquisition, Volume Systems, File System, Memory and etc.

References

Caloyannides, M. (2001). Computer Forensics and Privacy. Boston, MA: Artech House.

ISFCE: Certified Computer Examiner. (2005). Web.

Agility and Situational Awareness in the Context of Cyber Security

Agility

In the context of cyber security, agility is a concept that refers to measures that corporate organizations are taking in order to ensure operational flexibility and quick response to dynamic environmental factors that affect their normal operation. This concept is the one that is used to establish stable and secure cloud management systems for an internet-based data storage facility. Governance is comprised of activities executed by those responsible for the success of a corporate enterprise (the board and executive management). Their major responsibilities are strategy formulation and execution to ensure that both long and short-term objectives are achieved. Among the strategies formulated are risk reduction mechanisms. Cyber security is a concept that defines an enterprises reliance on cyberspace that is full of threats. Cyber security governance, therefore, entails the security governance of an organizations information system. It is noticeable that features of information management address information security outside online storage facilities. The movement of information between offline and online dimensions is so frequent that cyber security management should encompass information security governance (Weill & Jeanne 163).

Components of agility

Responsiveness-it is the ability of an enterprise to quickly react to information system jeopardy attempts. It measures the flexibility of an enterprise. An enterprise should, therefore, deploy mechanisms to enable it to detect and respond to indications of unauthorized attempts to access its database. Responsiveness is important for an organizations success because an earlier detection of unauthorized information access will allow an enterprise ample time to identify the source of cyber security weakness and take corrective measures. Earlier detection will also prevent huge damage or disruption of information in a Companys database. Information loss prevention plays an important role in cost management. The information-gathering process is an expensive process therefore, reducing the frequency with which it is performed saves a lot of money. Unauthorized access into and tampering with an organizations database has a potentially negative effect on an organizations ability to carry out its normal business (NDIA 24). Disruption of an organizations information system affects its decision-making processes. The effect has a bearing on the fact that decision-making, for instance, financial decisions, is based on historical information. Therefore, organizations should develop processes that provide alternative decision-making processes in the event that their adversaries, through cyberattacks, interfere with the critical facet of an organizations decision-making process (NIST 21).

Timely-in the context of agility, timely is a concept referring to the availability of cyber security measures and when needed by an enterprise. An organization should implement a process that provides an alternative decision making, which allows timely decision and delegation of responsibilities in the event that an adversarys actions result in a successful long-term disruption of an enterprises primary decision-making process, or otherwise renders it unable to make a timely response to security issues (NIST 16).

Importance of agility in the decision-making process

Because of the concept of agility, organizations have implemented processes that provide a secondary decision-making mechanism, which supports responsibility allocation if it occurs that information damage results in long-term disruption of decision-making facets (Lewis & Baird 214). Agility facilitates the delegation of decision-making responsibilities from general managers to heads of various departments. This reduces the decision-making period thus reducing time wastage. It also brings together heads of various departments, for instance, agency officials, information security officers and CEOs, thus ensuring a perfect decision making-process (GAO 4).

SA and agility

Organizations should create situation awareness programs to sensitize their employees on the actual existence of adversaries with the malicious intention for an organizations information system. In addition, awareness should also be created on the available mechanisms put in place by the organizations to mitigate the risk attributed to its dependability on cyberspace (Selke & Renn 97). To ensure uniform effort towards the implementation of cyber security measures in an organization, it is imperative that employees are involved in the process. Their involvement will familiarize them with the organizations long-term plan to invest in cyber security, which security measures need to be integrated into the organizations system and its core missions (IRGC 6). Situational awareness should aim at enlightening members of an organization on the urgency for investing in cyber security as compared to other areas of investment. The awareness will also inform lower departmental managers on how the organization can make cyber-security investment decisions. There should also be aware of strategic integration to address the scope of cyber-security strategy integration into an organizations risk management process. Situational awareness enlightens members of an organization about various disciplines that are involved in cyber security (Clark & Sitko 17). For instance, the safety of information and communication system is among the disciplines involved. The discipline awareness will create awareness of the interdependency between the disciplines. For instance, distribution of information and management among heads of operational activities in different areas as well as organization baselines among those who are responsible for strategic planning are unleashed. Situational awareness should also relay the risk mitigation approach to the organization members (Posthumus & Rossouw von 123). The approach of an organization to alleviate risk reflects its commitment to conform to principles of excellent performance. For instance, an organization can decide to focus on conformity to principles of good performance to facilitate strong characteristics of its cyber security management with compliance. Situational awareness is also important because it informs decision-makers and strategic planners about the necessity of identifying and assessing risk factors. Various factors can form the basis of cyber risk modeling. They include factors related to threats, vulnerability and consequences (Hamilton 9).

Why agile in cyber security

Cyber security measures should be agile to facilitate earlier detection of threats to an organizations database and to ascertain whether a threat source exists within the organization or not. Classification, processing and storage of information in an organization will be effective and efficient with the implementation of agility in cyber security. Corporate entities with large information files stored in online facilities rest assured of the safety and security of their information resources and protection against the existing persistent threat from cyber attackers (Cyber security Today and Tomorrow 79).

Importance of increasing agility, which increases overall SA agility

An increase in agility demands that an organization tailors its governance and security measures to the threat it faces. The levels of preparedness for cyber threats vary depending on how current, clear, and precise an organizations security plans should be in order to report to the strategic planning process on threat mitigation and operational decisions. Intelligence should, therefore, increase agility in organizations in order to establish strong, resilient, and penetration-resistant information systems that support the core missions of an organization. An increase in agility will also facilitate continuous improvement in security controls and increase flexibility in risk management activities to reduce cyber threats. An increase in agility will increase the responsiveness of an organization in detecting insider threats and reduce supply chain risk as security assurance and trustworthiness of information systems are upheld. The functionality of cyber security will be enhanced by developing appropriate services and risk-mitigating mechanisms to strengthen security and ensure correctness, completeness, and resistance information system (Eberstein 222).

Conclusion

Cyber threat is a nightmare to corporate entities that practice cloud computing. Information resources are important in an organization and thus, should be protected against malicious damage. As a result, measures should be implemented to create cyber security, which will protect the information resources of an organization from damage. Situational awareness should be made to organization members to facilitate the implementation of security strategies. A secure organization information system will stabilize decision-making processes in an organization.

Works Cited

Clark, Tammy & Sitko Toby. Information Security Governance: Advancing the State of the Practice. PDF file. 2008. Web.

Cyber security Today and Tomorrow: Pay Now or Pay Later. Washington, D.C: National Academy Press, 2002. Print.

Eberstein, M. Mark. Agility: Competing and Winning in a Tech-Savvy Marketplace, Hoboken: J. Wiley & Sons, 2010. Print.

GAO. Cyberspace: United States Faces Challenges in Addressing Global Cyber security and Governance. PDF file. 2010. Web.

Hamilton, A. Booz. Information Security Governance: Governance Considerations for the Cloud Computing Environment. PDF file. 2009. Web.

IRGC: An Introduction to the IRGC Risk Governance Framework. 2008. Web.

Lewis, James, & Zoe Baird. Cyber Security. Washington, D.C: CSIS Press, Center for Strategic and International Studies, 2003. Print.

National Defense Industrial Association (NDIA). Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure. 2009. Web.

NIST. Information Security Guide for Government Executives. 2007. Web.

NIST. Information Security Handbook: A Guide for Managers. PDF file. 2006. Web.

Posthumus Shaun & Rossouw von Solms. A framework for the governance of information security, Computers & Security. 23 (2004): 638-646. Print.

Selke, Piet & Renn Ortwin. Risk Governance of Pervasive Computing Technologies, The International Journal of Technology, Knowledge and Society, 4 (2008). Print.

Weill, Peter and Jeanne Ross. A Matrixed Approach to Designing IT Governance, MIT Sloan Management Review, Winter: Thomson Learning, 2005. Print.

Cyber Security Threat and Its Impact on the UAE

Cyber Security Threat, its Nature, and Types

The term cyber threat is mainly used to describe information security issues. It is a crime aimed to steal information, damage data, or ruin digital life. Cyber security threats can take such forms as phishing, spying, DoS attacks, data breaches, cyber fraud, politically motivated attacks, and so forth. Not all malicious cyber actions can be considered cyberwar. Some cyberattacks are aimed to harm individuals, steal their personal information, or disrupt intellectual property. Others make part of cyberwarfare and are defined by Aboul Enein (2017, 16) as the use of force to cause damage or destruction for a political purpose by states or political groups. This presentation will discuss cyber security threats, their impact on UAE international security, and ways to address them.

Imranuddin (2017, 30) distinguishes the following types of cybercrime:

  • Hacking. This type of cyber offense involves impinging upon and changing software or hardware which is not protected adequately by creators.
  • Data breach. It means that some critical information is stolen from a system without permission. Data breaches can happen to both large and small organizations.

Cyber Threats in United Arab Emirates

The issue of cyber threats has been a point of multiple concerns in the UAE recently. In 2018, the UAE government and private sector were the subject of a total of 230 cyber attacks, as The National UAE reports (More Than 200 Cyber Attacks So Far This Year, 2019). The described statistics is quite troubling, even given the global trends. Specifically, the 2019 reports mention 80,000 cyber attacks per day in 2018 (The Ultimate List of Cyber Security Statistics for 2019, 2020). Therefore, immediate measures are overdue so that cybercrime could be addressed in the UAE.

Common Cybercrimes in the UAE

Currently, several types of cybercrimes appear to be prevalent in the UAE environment. Among these, financial fraud is the most frequently committed one (The Rise of Cybercrime in Dubai and UAE, 2015). Financial fraud poses the greatest threat to cybersecurity in the UAE since, in most cases, the threat causing a rise in cybercrime rates comes from within organizations (The Rise of Cybercrime in Dubai and UAE, 2015). Therefore, the level of cybersecurity needs to be updated to protect UAE organizations from malicious intents of some of its less trustworthy staff.

As far as the types of attacks that the UAE owners of online data have to face on a daily basis, one should mention ransomware and adware. According to the 2015 data, AdWare.Win32.BetterSurf.b was the most notorious ransomware in 2014, having infected more than 1,228,000 computers (The Rise of Cybercrime in Dubai and UAE, 2015).

Preparedness of the Middle East countries for cyberattacks

In general, the Middle East countries demonstrate different levels of preparedness for cyberattacks, with the UAE being among the most prepared ones (Chandra et al. 2019).

Preparedness for cyberattacks in GCC countries in 2018-2019
Preparedness for cyberattacks in GCC countries in 2018-2019 (Chandra et al. 2019, 2806).

Laws that ensure cyber security in the UAE

When speaking about the UAE governmental methods of addressing cyber threats, it is crucial to mention its cyber legislation. There are two primary laws that ensure cyber security in the UAE. They include Federal Law No. 1 of 2006 that governs transactions and e-commerce and Federal Law No. 5 issued in 2012 and aimed to assist in combatting cyber security. The latter has changed the definition of a privacy breach, expanded the list of offenses and penalties (Imranuddin 2017).

According to the law No. 5, any unpermitted access to websites or data is considered an offense charged under liability standards. Penalties are applied if anyone tries to access websites, systems, or sensitive data without authorization. Disruptors might be deported or committed to prison. The law controls the policy connected with international communication and data technologies. It also enacts penalties for other cyber violations such as spreading pornography, insulting religious traditions, casting aspersions on public officials, falsifying documents, stealing passwords, pin codes, and other financial data (Imranuddin 2017).

Cybercrime Threat Analysis

National Interest Scale

With the rise in attention to the problems of cybersecurity, the perception of the subject matter as the issue of the national interest has grown substantially. Therefore, on the national interest scale, the concern of cybersecurity and the reduction in the levels of cybercrime can be regarded as quite high. Indeed, given the 2006 and 2012 regulations that the UAE government established as the means of protecting its citizens, the extent of national interest toward the problem has grown. However, with no additions to the current regulations despite the time passed since their adoption, the national interest rates may reduce, which will contribute to a rise in the level of threat.

Use of History

Using retrospective analysis to evaluate the current problem of cyberattacks , on will notice that the level of threat from cybercrime tends to increase as digital technologies become more complex. However, the existing UAE regulations have not been updated accordingly, which creates additional obstacles to improving the rates of cybersecurity. For instance, in 2011, the number of cyberattacks in the UAE amounted to 588; however, in 2020, the specified issue has risen to 70,000 for smartphones alone (Gulf Information Security Expo and Conference, 2020). In turn, the regulatory strategies have remained the same.

UAE and U.S.

The outlined information is quite troublesome, even though the threat of cyberattacks has become ubiquitous across the globe. Indeed, comparing the existing strategies for addressing cybercrime in the UAE to those of other countries, including those in Europe and the U.S., one will find similar concerns. For instance, in the U.S., the rise in reported cybercrimes (approximately 1,300 per day) and a total of more than $3.5 billion damage to organizations have shown the need for tougher cybercrime regulations and an enhanced framework for cybersecurity (Federal Bureau of Investigation, 2020).

Logical Fallacies in Addressing Cybersecurity Issues in the UAE

Likewise, the application of the analysis driven by the identification of common logical fallacies in the discourse will help to determine the nature and extent of the threat.

Ad Hominem

The ad hominem fallacy, which occurs most frequently when discussing the problem of cybersecurity, suggests that it is natural for people to make mistakes, including the errors that they make when managing online interactions (Butwick and Weiniger, 2019). Therefore, the specified assumption suggests that reinforcing cybersecurity further or trying to educate people in the issue of cybersecurity is pointless. The described sentiment is quite far from the truth; moreover, it prevents effective dissemination of knowledge about cybercrime prevention.

Onus Probandi

Another type of fallacy, onus probandi, or the burden of proof, is often used to reduce the impression of threat that the presence of cybersecurity issues entails. Namely, a range of sources of information fail to provide sufficient evidence to support their claims concerning high security rates of digital data, which leads to misinformation. The described issue occurs in the UAE setting quite often, with newspaper rarely shedding enough light on the problem of cybersecurity (Dederer and Singer, 2019).

The Ways to Address Cyber Security Threats in the UAE

Presently, the fine for cybercrime ranges from AED 250,000 to 500,000. At first glance, the price to pay is quite ample. However, the specified measure appears to be lacking efficiency due to the low effect of the legal repercussions. Although the fine is quite large, potential perpetrators do not face an incentive powerful enough to make them avoid cybercrimes (UAE Department of Justice, 2020). Therefore, extra repercussions, including a jail time, must be added to the list.

In addition, increasing the level of education among average users should be central to the mitigation of cybercrimes in the UAE. Although updating the existing regulations and reinforcing the security system will play a vital role in reducing the risks, it will also be essential to ensure that the human factor should not become a source of threat. Therefore, cybersecurity education should be made readily available to all users as a part of the national security program. The specified service should be advertised copiously on all possible platforms, especially social media sites.

Educational institutions, Society, and Industry

Educational institutions

UAE educational establishments play a pivotal role in strengthening cyber security. They aim to educate prospective cyber security employees that would protect the nation from any cyber threats. It is also crucial to cooperate with industry working groups to keep the knowledge up-to-date and useful. Cyber security should be included in special training programs and courses at universities. The UAE has already created several centers focused on cyber security research; for example, the Information Security Research Center at the Khalifa University (Chandra et al. 2019). The UAE has a vast number of long-term educational projects; one of them is to build a cyber security academy.

Society

UAE residents should be taught how to prevent and address possible cyber threats. The new generations should be aware of how to surf the Internet safely and protect their personal information. According to Chandra et al. (2019, 2808), in 2018, the initiative Cybersecurity Ambassador was launched to build a secure e-culture, empowering Emirati students as ambassadors for cybersecurity to promote a secure electronic lifestyle in the UAE.

Industry

Since the UAE has been subject to numerous cyberattacks in recent years, it has become evident that it is critical to invest into high-capacity, reliable technologies. Moreover, it is crucial to teach personnel how to observe safety and use technologies correctly. Training on cyber security can help mitigate possible risks and even increase efficiency and productivity. As described by Chandra et al. (2019, 2807), UAE organizations can enhance their IT security and make attacks difficult merely by addressing some essential vulnerabilities that include obsolete and unsupported software, weak passwords, unpatched systems, and weaknesses in configuration management. It is also vital to enhance the collaboration between international and national entities. In this way, many innovative technologies can be implemented into private enterprises to improve their safety and security.

To conclude, the UAE is one of the most promising and highly developed Middle East countries. Unfortunately, it is often subject to cyber security threats and attacks. The state implements a number of efficient measures to strengthen its cybercrime defenses.

Since the UAE has been subject to numerous cyberattacks in recent years, it has become evident that it is critical to invest into high-capacity, reliable technologies. Moreover, it is crucial to teach personnel how to observe safety and use technologies correctly. Training on cyber security can help mitigate possible risks and even increase efficiency and productivity. As described by Chandra et al. (2019, 2807), UAE organizations can enhance their IT security and make attacks difficult merely by addressing some essential vulnerabilities that include obsolete and unsupported software, weak passwords, unpatched systems, and weaknesses in configuration management. It is also vital to enhance the collaboration between international and national entities. In this way, many innovative technologies can be implemented into private enterprises to improve their safety and security.

To conclude, the UAE is one of the most promising and highly developed Middle East countries. Unfortunately, it is often subject to cyber security threats and attacks. The state implements a number of efficient measures to strengthen its cybercrime defenses.

Conclusion

To outline the findings, one will need the tools such as the national interest scale. The specified analytical tool allows gauging the extent of threat when considering the existing statistical information. Namely, according to the recent facts concerning the rate of cybercrimes identification, the UAE cybersecurity has been improved significantly. However, when examining the statistics on cybercrime prevention, one will admit that the specified issue represents a serious gap in the UAE cybersecurity strategy.

In addition, looking back at the analysis performed above, one should mention that the historical analysis and the introduction of logical fallacies have contributed significantly to the understanding of what affects the rise in cybersecurity risks in the UAE. Namely, the historical assessment has shown the gaps in the development of cybersecurity strategies in the UAE. In turn, the application of the logical fallacies to the case has shown why a significant number of people tend to overlook obvious security concerns when using digital technology.

References

Aboul Enein, Sameh. 2017. Cybersecurity Challenges in the Middle East. Geneva: Geneva Papers.

Butwick, A. J., & Weiniger, C. F. 2019. Combatting Myths and Misinformation about Obstetric Anesthesia. International Journal of Obstetric Anesthesia, 40: 1-3.

Chandra, Geetanjali Ramesh, Bhoopesh Kumar Sharma, and Iman Ali Liquat. 2019. UAEs Strategy Towards Most Cyber Resilient Nation. International Journal of Innovative Technology and Exploring Engineering (IJITEE), 8(12): 2803-2809.

Dederer, H. G., and Singer, T. 2019. Adverse Cyber Operations: Causality, Attribution, Evidence, and Due Diligence. International Law Studies, 95 (1): 14.

Imranuddin, Mohammed. 2017. A Study of Cyber Laws in the United Arab Emirates. PhD diss., Rochester Institute of Technology.

Aboul Enein, Sameh. 2017. Cybersecurity Challenges in the Middle East. Geneva: Geneva Papers.

Butwick, A. J., & Weiniger, C. F. 2019. Combatting Myths and Misinformation about Obstetric Anesthesia. International Journal of Obstetric Anesthesia, 40: 1-3.

Chandra, Geetanjali Ramesh, Bhoopesh Kumar Sharma, and Iman Ali Liquat. 2019. UAEs Strategy Towards Most Cyber Resilient Nation. International Journal of Innovative Technology and Exploring Engineering (IJITEE), 8(12): 2803-2809.

Dederer, H. G., and Singer, T. 2019. Adverse Cyber Operations: Causality, Attribution, Evidence, and Due Diligence. International Law Studies, 95 (1): 14.

Imranuddin, Mohammed. 2017. A Study of Cyber Laws in the United Arab Emirates. PhD diss., Rochester Institute of Technology.

Hacking Government Website From the View of Right and Justice

Abstract

The research will mainly focus on existing computer crimes, and some of the ethical issues that should be taken into concern in information technology. Hacking as one of the ethical issues will be broadly looked at some of the topics about hacking will include; hacking methods, hacking vulnerabilities i.e. weaknesses exhibited in systems that make it easy for hackers gain access to a system, information contained in government websites and lastly the research will look at why at times hacking is viewed as a just practice and a right to people.

Introduction

The environment has direct influence on the personality and behaviors of individuals. In the past, the environment consisted of family, friends and the local community members. However, the environment has considerably changed after the invention of the internet, because globally many people have access to the internet and the use of internet make individuals establish contacts with new people from diverse backgrounds and culture. There exists a relation between new environment and the human personality or behavior, for example some people use technology for learning purposes, some for work or business while others use it for pleasure. There are some individuals or groups who use the internet for illegal purposes; this may involve obtaining sensitive information without permission and downloading of files or programs without permission. Computer crimes refers to the use of the computer system or the internet to commit criminal activities

Computer Crimes

A computer crime is an unlawful act done via a computer or a network and some of the habitual crimes that may be involved include; racket, theft, blackmail, falsification, and misappropriation of funds. The illegal activities take place when an unauthorized user gains access to a computer system, unlawfully intercepts data being transmitted by a computer, interferes with data, or interferes with the system (Bishop: 2005, p. 109).

Computer crimes can be divided into two categories; crimes that directly target computer devices or networks and crimes that are facilitated by computer networks or devices. Mean code, denial of service (DNA) and system viruses are examples of unlawful actions that aim computer networks. Crimes that use computers or networks include; cyber talking, theft, drug trafficking etc (Bishop: 2005, p. 103).

Some of the precise computer crimes include; spam which refers to the sending of mass mail messages for marketable purposes, fraud which may be defined by many activities; the altering of computer information in an unauthorized way, changing or damaging output with the aim of hiding unauthorized transactions, changing or deleting stored data, and writing code for fraud purposes, another computer crime is the obscene content, harassment whereby the content used may be offend to the user, drug trafficking whereby the transactions between the drug traffickers may take place via the internet, the last crime likely to take place is cyber terrorism which is defined as the act of terrorism that is committed through computer networks (Maxine: 1994, p. 72).

Ethics in computing

Computer ethics refers to a dissection of practical idea which deals with how computing professionals should make decisions concerning professional and social conduct. Computer ethics is the examination of the life and public force of computer technology and the subsequent formulation and explanation of policies for the ethical use of such technology.

Since the introduction of computers there are some ethical dilemmas that have raised an example of such a dilemma is hacking which will be explained later in the research paper. Some of the ethical issues in computing include; safe storage and recovery of information i.e. how should data in a large database be protected, software piracy the question that arise from software piracy is if it is morally right to replicate music or software, use of the internet as an instrument for abuse e.g. spreading pornography and lastly values promoted via the internet for example the internet can be used as a means to support democracy (Best, Picquet: 1996, p. 137).

Hacking

Hacking is one of the ethical issues that this research paper will cover broadly. Hacking is the unlawful use of a computer and networked resources. Hacking is considered to be unlawful and is only supposed to be implemented when an organization needs an ethical hacker to access its information. Hacking mostly occurs when there is the existence of vulnerabilities; examples of vulnerabilities are; condensed plan of Web servers, use of inappropriate software, disabled guard controls, and choosing of inferior passwords (Best, Picquet: 1996, p. 140).

Hacking as an activity has gained fame via the media this is through hacker magazines which publish hackers credentials, fame and there achievements, fiction books, and also non-fictional and fictional movies. A Hacker can be grouped into various categories depending on his activities, the various categories include; white hat who is a hacker who gains entry in to computer systems without any malevolent intentions his main aim is to learn more about computer systems such hackers end up being security system consultants for organizations, grey hat hacker who is a hacker that has uncertain ethics, black hat hacker who is a hacker who gains access in a system without authorization with his main aim being to maliciously damage users information, Cyber terrorist uses his skills to carry out acts of terrorism, script Kiddie who is a hacker who is not an expert but accesses systems using packaged programs written by other hackers and lastly a hacktivist who is a hacker who spreads political messages via the use of technology (Best, Picquet: 1996, p. 153).

Hacking methods

The whole process of hacking involves three processes; one of process is network enumeration and in this process the hacker gathers information about the device he plans to attack, Vulnerability analysis is the other process and at this stage the hacker identifies the means he will use to attack, the last process is the exploitation process and in this process the hacker attacks a system by using the vulnerabilities found in the vulnerability analysis stage. There exist a number of apparatus and techniques that are used by hackers to exercise the art of hacking, the tools and techniques include; security utilize which is a function that is all set and its main purpose is to take benefit over a known flaw, vulnerability scanner is a tool that checks for computer known weaknesses in a network, port scanners are also used which check which ports on a specified computer are open and available for access, Packet sniffer is used to capture data packets that capture passwords and data in a network, spoofing attack is a technique which involves a program masking itself as another by falsifying data with the intention of convincing users or systems in to enlightening secret information, roolkit is used with the projected use of hiding the recognition of a system security, social technology is the technique of convincing users to give out important information about a system this is mainly achieved by impersofinication whereby a hacker pretends to be someone else, A Trojan horse which is a program that seems to be doing one thing, but is actually doing another can be used to set up a back door in a computer system such that the impostor can gain access later, A virus which is a program that replicates itself and spreads by inserting copies of itself into other programs or documents, a worm also replicates itself but it differs from a virus in the sense that it penetrates system networks a user interference, A Keylogger is the last tool used it records each keystroke on an affected for later retrieval its main aim is obtaining confidential information that typed on the affected machine(Maxine: 1994, p. 63).

Hacking vulnerabilities

Websites are generally hacked due to existing vulnerabilities below we will look at the existing attacks that make websites vulnerable to attacks by hackers the vulnerabilities include.

Cross site scripting: It happens when a users program sends data to a web browser without first encrypting the substance. This gives hackers the opportunity to carry out mean code in a browser that lets them take control over user sessions, add unfriendly substance and carry out malware attacks. One of the options to protect a user from such attacks is through the use of a white list, a white list is used to confirm all arriving data, and any data that is not specified in the whitelist is discarded because it is regarded as being bad data (Best, Picquet: 1996, p92).

Injection flaws: This problem occurs when users data is sent to interpreters as either a control or a query, hackers ploy the interpreter with insertion flaws which permit the hacker to build, comprehend, revise or erase any data offered for the application. The only way to protect a user from this attack is by avoiding the use of an interpreter and if it is a must then safe application programming interfaces (API).

Malicious file execution: This problem occurs when web applications admit filenames or files from users which enable attackers to carry out remote program implementation, remote setting up of programs or entirely compromise a system. One way of protecting users from this vulnerability is by avoiding the use of input provided by users as filename for server based assets also firewalls policies should be set up to avoid new links to external websites(Bishop: 2005, p92).

Insecure direct object reference: The problem occurs when hackers maneuver straight object references to obtain un permitted entry to other objects, mostly happens when uniform resource locaters hold references to objects like files, database records or keys, a hacker can attack by searching for a valid key and expose information on the Web interface. This vulnerability is protected by the use of an index or reference map to evade revealing direct object references, the other way is to authorize users visiting the site.

Cross site request forgery: The attack takes power of affected web browser when logged in the site and transmits wicked program to the web application, websites are vulnerable to such an attack because they allow requests based on session cookies. One way of protecting the users from such an attack is to avoid the dependence on identifications that are submitted mechanically by Web browsers (Bishop: 2005, p. 105).

Information leakage: Error posts that are displayed by web applications to users offer information to hackers about program design and inner mechanism, hackers then use this information to initiate an attack. To protect an application from such an attack will entail the use of a testing tool to investigate the errors generated by an application; applications that are not tested will not produce error posts.

Broken authentication and session management: client and managerial accounts are attacked when web applications fail to guard qualifications and sessions, the problem occurs when the authentication system is rare, weaknesses are introduced through authentication procedures such as log out, password, remember me, and account update. Qualifications should be kept in an encrypted format and also users should avoid using convention cookies for authentication or session administration (Maxine: 1994, p. 86).

Insecure cryptographic storage: This problem occurs when web programmers do not encrypt sensitive data, or poorly plan the web encryption process, these failures lead to the revelation of sensitive data. The only way to protect websites from such attacks is through the use of standard public algorithms for encryption.

Insecure communications: Occurs when network traffic is not encrypted. Hackers can gain entry to non defended communications which include transmissions of qualifications and secretive information. To protect websites from such an attack, there should be use of legitimate link during the broadcast of perceptive data, and also use appropriate protocols to protect communications between networked resources such as servers and databases (Maxine: 1994, p. 45).

Failure to restrict Uniform resource locater access: This vulnerability occurs when web pages do not limit a small division of restricted users. Hackers use a method known as forced browsing which involves the process of guessing links and brute power techniques to find unguarded web pages. To guard users, guard all uniform resource locaters with an efficient admission control method that will validate the users task and privileges.

Hacking government Web sites

There some other areas that hacking is considered to be right and just even though most governments consider the art as being illegal. There are some reasons that make it difficult to burn the use of hacking programs, they include; use of a hacking tool such as a port scanner can help a network administrator identify vulnerable ports and protect them, password recovery tools can also be used to acquire an old password incase a user loses one, by governments restricting the use of hacking tools by its residents wont do it good because other this may not protect its citizens from hackers from other countries, businesses should be given an opportunity to use hacking tools to protect themselves from hackers, another reason for using hacking tools is the purpose of education students should be allowed to use hacking tools so that they can effectively learn how to use them for effective purposes (Best, Picquet: 1996, p142).

Information contained in government Websites

There exist a collection of information contained in government websites such information include;

Links to Government Websites: Government websites contains links to other government websites that are publicly available; the other governments may direct that there website not to be made public. It is considered just and right for country citizens to have information about there government operations and though hacking may be considered as un ethical it may be used to provide information to citizens which is there right and assists them in practicing justice. Government websites also offers links to non-government websites which offer government information that is not available on the official website. By hacking government sites information that may be hidden in the non government sites because it is considered confidential is made available to the citizens (Best, Picquet: 1996, p. 153).

Government sites also contain links of particular attention to citizens by momentarily posting them in a spot of distinction on the site. Some of the links may consist of: reports events, news, or other items of interest to the citizens. Hacking in to government websites not only provides concealed sensitive government information to the public, but it also enables hackers to spread information to the entire public regarding a particular topic for example hackers can hack in to a government website and post a message that prohibits homosexuality so that the whole public can have a view of the message and learn the consequences of supporting such an act, at this point hacking is considered to be right and the hackers are seen to be practicing justice (Maxine: 1994, p. 52).

Hacking can also be rightly used for counter terrorism acts which are considered to be right and just, for example an Indian group known as Indian cyber warriors alleged Pakistan for recent event of terrorism in Mumbai and termed it as one of the reasons for hacking into Pakistani government sites another reason was to revenge the act of hacking that was being practiced by a group naming itself as Pakistan cyber army on the Indian government websites (Bishop: 2005, p109).Another right and just reason for hacking will be convey messages to warn governments against participating in illegal activities such as supporting and funding terrorists.

Conclusion

The research first started by looking at various computer crimes that are practiced via the network some of the crimes looked at include; racket, theft, blackmail, falsification, and misappropriation of funds. The illegal activities take place when an unauthorized user gains access to a computer system, unlawfully intercepts data being transmitted by a computer, interferes with data, or interferes with the system. The research also categorized the computer crimes into two categories; crimes that directly target computer devices or networks and crimes that are facilitated by computer networks or devices. The next topic the research covered was ethics in computing and some of the ethical dilemmas mentioned included; Some of the ethical issues in computing include; safe storage and recovery of information i.e. how should data in a large database be protected, software piracy the question that arise from software piracy is if it is morally right to replicate music or software, use of the internet as an instrument for abuse. Later on the research narrowed down on one of the computer crimes which was Hacking, it defined Hacking as the unlawful use of a computer and networked resources, hacking methods were broadly looked. Hackers attack a system by first discovering a system vulnerability, the research looked at some of the vulnerabilities which were; Cross site scripting, Injection flaws, Malicious file execution, Insecure direct object reference, Cross site request forgery, Information leakage, Broken authentication and session management, Insecure cryptographic storage, Insecure communications and Failure to restrict Uniform resource locater access. The research further narrowed down on website security by looking at information that can be unlawfully accessed by hackers from a website, focus was then later on drawn to government websites where the research talked about why some hackers consider it to be just and right for them to hack in to Government websites.

References

  1. Bishop, M. (2005). Introduction to computer security.Publication: Boston: Addison-Wesley pp. 103-110.
  2. Best, Reba A., and D. Cheryn Picquet (1996). Computer crime, abuse, liability, and security: Jefferson, N.C., McFarland, pp. 136-155.
  3. MacCafferty, Maxine. (1994) Computer security. London, Aslib.pp. 43-91.

Public-Private Partnerships for Election Systems Cybersecurity

Introduction

Public-private partnerships (PPPs) in the US have a long history of success. The first PPPs in the US were the power purchase agreements signed in the 1980s (Mirchandani & Jacobo, 2021). According to World Bank (2020a), a PPP can be defined as a long-term contract between a private party and a government entity, for providing a public asset or service, in which the private party bears significant risk and management responsibility, and remuneration is linked to performance (para. 1). PPPs should be distinguished from public contracts, such as concessions. In public contracts, the private sector provides the service directly to the public and bears all the associated end-user risks (World Bank, 2020a). In PPPs, unlike in public contracts, government agencies take full responsibility for the end product before the general public (World Bank, 2020a). The private party is responsible only for the portion of work it has completed for the public.

PPPs can be guided either by special laws or by general laws. According to World Bank (2021), there are several reasons a government may decide to enact a PPP law. They include giving priority to the process of procuring and developing PPP projects and establishing a clear institutional framework for managing PPPs (World Bank, 2021). The government can create a PPP law based on its judgment or utilize a set of recommendations provided by the World Bank (2021). In the US, there is no federal law that instructs the states on how to address PPPs (Mirchandani & Jacobo, 2021). Currently, almost every state has enacted a law that permits PPPs in social or transportation projects. However, some states still rely on common law to guide PPPs. The most common PPP projects in the US are the development of roads and related infrastructure, as well as building prisons, university housing, and school (Mirchandani & Jacobo, 2021). The changes in the election protocols due to the COVID-19 pandemic demonstrated that improvement is needed in government cybersecurity. The present paper aims at discussing PPPs in the sphere of election security.

Roles of the Private Actors in Election Cybersecurity

The use of PPP for cybersecurity has become imperative to address cybersecurity issues and prevent attacks that can lead to leakage or disruption of sensitive and valuable data. The private sector controls many critical systems that need to be protected and usually has more resources than the government (Germano, 2014). Private actors also have valuable expertise that can help to understand the peculiarities of malicious users and software critical to protecting government assets (Germano, 2014). At the same time, the government holds very specific information that can be used to fend off cyberattacks and mitigate their consequences. Moreover, government agencies, such as the National Security Agency (NSA), Defense Advanced Research Projects Agency (DARPA), Department of Defense (DoD), and Department of Homeland Security (DHS), have valuable knowledge about cybersecurity; however, since the agencies are responsible for very specific focus and do not address cybersecurity at large (Potter, 2019). PPPs can help to collaborate and line up against cybersecurity threats.

The role of the private actors in PPPs concerning election cybersecurity includes four critical aspects described below. These four roles are based on information and knowledge sharing with an emphasis on confidentiality and competitive concerns (Germano, 2014).

  1. Sharing insights about peculiarities of threats. Private actors, such as cybersecurity companies, have information about details of the attacks on companies and specific knowledge about how to mitigate and prevent these attacks (Germano, 2014). This knowledge is usually a part trade secret, which is a source of competitive advantage (Potter, 2019). Sharing this information with the public parties can help them to understand how to better protect the election process without the risk of disclosing the information to other companies. However, this can be achieved only when a highly effective collaboration framework is enforced.
  2. Analyzing information from the public sector. The private actors have developed a set of useful processes helpful for analyzing information about possible threats and using it to protect against cyber threats (Potter, 2019). Applying this expertise to the information gained from government agencies can help to extract valuable knowledge about the best strategies for protecting elections from attacks from malicious users. Additionally, private companies can help to stimulate coordination of all the acquired information.
  3. Developing threat intelligence. The private sector developed several strategies of threat intelligence that may involve hacking into the offenders system to understand how it works (Germano, 2014). Such an approach can help develop proactive strategies that prevent the loss, theft, or disruption of data; however, such strategies are illegal in the US (Germano, 2014). When guided by the US government, the private sector can create effective methods of threat intelligence without fear of breaking the law.
  4. Conducting security assessment. Private parties can use all the gained knowledge and expertise to conduct security assessments of election networks (Erbach, 2020). Such expertise may lead to early detection of threats and vulnerabilities, which can compromise the security of elections. Mitigation of these threats and vulnerabilities is expected to improve election cybersecurity.

Benefits and Risks

The present section provides an overview of the possible benefits and risks of PPPs for both private and public parties. The risks of PPPs include:

  1. Disclosure and Exposure. Without an established protocol that ensures the confidentiality of PPPs in cybersecurity, the private sector needs to tolerate the risk of disclosure of sensitive data about the vulnerabilities to third parties. Disclosure of such information may lead to negative press, regulatory scrutiny, and public relations (Germano, 2014). This risk is currently a significant barrier to the establishment of PPPs.
  2. Loss of control. Private actors often prefer to retain control over the investigation of breaches to avoid unnecessary disclosure (Germano, 2014). Additionally, PPPs may mean granting absolute control over private computer systems and information within these systems. Companies need to feel secure to partner with the government effectively.
  3. Increased cost. PPPs may be associated with increased costs for the government in comparison with traditional procurement projects (Rybnicek et al., 2020). Therefore, the government needs to establish control over costs and ensure that the increased use of funds is justified.
  4. Limited scope. The private actors do only what they were paid to do, which implies that any work outside the signed contract will not be completed. Therefore, government agencies bear the risk of describing the incomplete scope of the partnership, which will lead to decreased effectiveness (World Bank, 2020b).

While the risks for both parties are considerable, numerous benefits of PPPs should be mentioned. Several benefits of PPPs are listed below:

  1. Innovation. The introduction of private-sector technology into the public sector can spur innovation (World Bank, 2020b). As a result, the quality and effectiveness of cybersecurity of all government agencies may be improved.
  2. Development of private sector capabilities. Exposure to knowledge and competencies of the public sector may help to improve the practices of private companies. Additionally, PPPs in the sphere of election cybersecurity can establish long-term relationships between the two sectors, which may mean stable money inflow from future PPPs (World Bank, 2020b).
  3. Risk transfer. The government may transfer the risk of owning and managing assets that help to develop cybersecurity software and protocols to the private parties (World Bank, 2020b). As a result, the high cost of such partnerships may be offset by the decrease in risks.

Recommendations

The present section provides recommendations for private parties for companies to engage in before committing to participation in a PPP for cybersecurity.

  1. Assess all the risks and benefits. Private actors need to understand all the risks and benefits of engaging in PPPs. As mentioned by Germano (2014), PPPs may be associated with significant risks of loss of control, disclosure of sensitive information, and exposure to unwanted legislative scrutiny, negative press, and public relations. Additionally, the companies may need to share strategically valuable information with a third party. Even though the third party is the government, private firms may still feel uncomfortable sharing information about the source of competitive advantage due to the lack of trust. Thus, the company needs to ensure that benefits surpass the risks to sustain a PPP contract regardless of the risks.
  2. Learn the legal framework that regulates PPPs. Mirchandani and Jacobo (2021) state that regulatory frameworks differ from state to state, which implies that practices appropriate in one state may be inappropriate outside of it. Therefore, it is crucial to understand if the relationships between the private and public actors will be managed by a specific law or common law and how the law modifies the partnership between the two parties (World Bank, 2020a).
  3. Assess the level of the companys cybersecurity. Before uniting the networks with the government, the private companies need to assess their level of cybersecurity. National Institute of Standards and Technology (NIST, 2018) developed a comprehensive framework for network security. This network consists of five basic functions, including identifying, protecting, detecting, responding, and recovering (NIST, 2018). The framework includes a set of recommendations that can help to streamline the cybersecurity processes.
  4. Review best practices in cybersecurity. Cybersecurity and Infrastructure Security Agency (CISA, 2019) developed a list of tips for election cybersecurity. These best practices should also be utilized by the companies attempting to partner with the public parties based on election cybersecurity. Recommendations include having a unified software and patch management system, network segmentation, log management, blocking suspicious activity, and employing effective credential management practices (CISA, 2019).

Summary

The present paper overview PPPs as a source of improving election cybersecurity. The research revealed that, in the US, states might have their own PPP laws or avoid having any specific regulations that guide PPPs. Regardless of the regulatory framework, private and public actors are exposed to significant risks. Private actors can face the risk of losing control and faces unwanted exposures and disclosures. The government may face the risk of increased cost and limited scope of the partnership. However, the risks are usually offset by the benefits of PPPs for both parties. Before engaging in a partnership with a public party, a private actor needs to ensure that it understands all the risks, benefits, and regulatory frameworks. Additionally, the company needs to assess the companys cybersecurity practices and implement best practices applicable to cybersecurity.

References

Cybersecurity and Infrastructure Security Agency. (2019). Security Tip (ST19-002). Web.

Erbach, M. (2020). FedTech. Web.

Germano, J. (2014). The Center on Law and Security. Web.

Mirchandani, D., & Jacobo, A. (2021). The public-private partnership law review: USA. The Law Reviews. Web.

National Institute of Standards and Technology. (2018). . Web.

Potter, B. (2019). . Web.

Rybnicek, R., Plakolm, J., & Baumgartner, L. (2020). Public Performance & Management Review, 43(5), 1174-1208. Web.

World Bank. (2020a). ? Web.

World Bank. (2020b). . Web.

World Bank. (2021). . Web.

Cybersecurity and How It Impacts Identity Protection and/or Ransomware

Cybersecurity became more valuable over the years, affecting almost all spheres of human activity due to the increased importance of data and its protection against the undesirable accessibility to specific information. Referring to Seemms et al. (2018), cybersecurity is defined as a state of defense against cyberattacks with the help of internet-connected tools such as IT systems. Cybersecurity impacts the safety of a companys valuable data, which should be stored with limited access without any external involvement due to confidentiality, privacy, or other reason. This system is essential primarily for governmental or military units and big enterprises due to the necessity for these parties to keep their data secret in private information, innovations, or knowledge (Seemms et al., 2018). Therefore, the companys top management should pay increased attention to the cybersecurity issues and policies operated within the company.

How Cybersecurity Affects Modern Management and Leadership Strategies

Each failure of protecting private organizational information may provoke a scandal in public and decrease shareholders value due to the increased risk of the companys failure in the market. Therefore, the companys strategy should be modified according to cybersecurity importance and actual changes in the emerging virtual market. Leadership strategy may include educating and training employees to correctly deal with the risks of scams, such as the most common email frauds. In addition, the resource allocation within the company should include investments in cybersecurity development to protect the companys property against attacks. The company may use online tools that may decrease the risk of data loss; for instance, ensuring the third parties credibility may prevent the problem.

Significant Risks Which Organizational Leadership Must Confront

Organizational management can face several risks that arise based on the lack of cybersecurity applied in the companys system. Buchanan and Prasad (2019) outlined the main threats that the top management may face in cybersecurity issues. Firstly, organizational leadership should not undervalue the importance of cybersecurity since the risk of losing the data stored in the companys database may harm the corporate reputation and trustworthiness.

Secondly, the cybersecurity system applied in the organization must meet the rapidly emerging IT industry, which means that the dynamic risk of new cyber-attacks should be expected to develop technologies further. Therefore, the companys leadership should constantly evaluate the actual situation in the market and update their virtual security system according to those changes. Thirdly, the IT department or specialists responsible for the companys protection in the cyber environment must be reliable and keep confidential and private corporate information regarding cybersecurity.

Yahoo Example of Cybersecurity Failure

In 2016 Yahoo company announced that in 2014 almost 500 million user accounts information was stolen due to the cyber attack, which was not prevented by the companys cybersecurity system. This case provoked a big scandal because Yahoo knew about the possibility of the breach in advance of the actual attack. According to Whittler and Farris (2017), the companys value was decreased by $1,5 million right after the announcement was publicly reported.

The failure of cybersecurity by the companys leadership may result in unauthorized access to sensitive, protected, or confidential data resulting in the compromise or potential compromise of confidentiality, integrity, and availability of the affected data (Whittler & Farris, 2017, p.2). This case outlines the importance of the companys cybersecurity awareness and its potential impact on further organizational performance. The companys leadership must react immediately to the risks arising from the cyber environment, which threaten the security of the stored data, either corporate or customers private information.

References

Buchanan, W. J. & Prasad, A. R. (Eds.). (2019). . River Publisher. Web.

Seemms, P. S., Nandhini, S. & Sowmiya, M. (2018). . International Journal of Advanced Research in Computer and Communication Engineering, 7(11). Web.

Whittler, K. A. & Farris, P. W. (2017). . Journal of Advertising Research, 57(1), 3-9. Web.

Moral Issues Surrounding the Hacking of Emails

Introduction

With advent of internet, email hacking has become one of the biggest Information Technology (IT) crimes being perpetuated around the globe. Several people and organisations have lost millions of dollars from the activities of the hackers, and while some countries have laws that can be used to prosecute the email hackers, some countries do not have IT law.

The internet creates the advantages of sending letters, pictures and other important documents, and a person can create a free email through websites such as Yahoo, MSN, to mention a few. However, to create an email, a user must register and create an account. Creating an account involves setting up a username and a password that should be known only by a user.

Password is a secret word, numbers, or combination of the two that allow a person to have access to his account. Thus, after creating an account, an email is ready to be used and a user can send letters or message to another person anywhere in the world. A user can also send some important documents to another person or even store some valuable information such bank information, credit card information, or Social Security Number in the email.

With the realisation that email might contain some important message and valuable documents, some unscrupulous people have devised ways to burst into the email accounts of another people to steal information from email box. The devises to enter into another peoples email and steal information in the email is called Email Hacking.

This paper examines the moral issues surrounding the hacking of emails.

The rest of the paper are organised as follows:

First, this paper presents email hacking history and how email hacking started.

Moreover, essay examines the motivations surrounding email hacking. It should be noted that people or an organisation do not hack for the fun of it, there are motivations behind these acts, which can be personal, economic or political motivations.

In addition, this paper reveals how email is being hacked. With increase in advance in Information Technology, many techniques are being used to burst into another peoples email and steal some valuable information.

The other section of the paper examines the effect of email hacking on society and its effect on the society in general. It should noted that stealing of valuable information through email hacking has become a phenomenon in both developed and developing countries and the acts are affecting the society in general.

Moreover, the paper examines the response of the society on email hacking.

Finally, the paper provides the conclusion for the whole essay, which also contains recommendations on how email hacking can be reduced.

Meanwhile, before analysing the motivations behind email hacking, it is essential to gain insight into the history of email hacking.

History of email hacking

Studies reveal that email hacking started between 1950s and 1960s. In those years, hacking was synonymous to computer genius and people with technical ability to master computer. Thus, in those years, hackers were termed heroes of computer revolution that is now considered to be criminal acts. Even in those early years, some universities such as Massachusetts Institute of Technology (MIT) in United States used their computer laboratories to teach students methods of hacking to improve students computer skills.

At these periods, hackings were well financed by large institutions such as MIT and Harvard. The motives behind these were to develop and gain new knowledge in computer security (Best, 2006).

In 1970s, new system of hacking was developed, people devised ways to break into telephone network and make long distant calls free of charge.

In 1980s, many people had had accessed to computer, and during this time, there were many inexpensive computers that were easily available. Thus, this was the time when hacking was beginning to gain popularity. Modem devises to hack began to be at hackers reach.

The tendency to pursue the criminal acts was gaining popularity at this time. For example, gangs were forming called the Electronics gang with the mission to break into the privacy of computer securities.

It should be noted that in these previous years, email hackings were never known because the internet was never being used in the public.

In the 1990s, the internet became the public usage and with launching of World Wide Web (WWW), several organisations allowed people to create accounts and personal emails to communicate to friends, relatives and even organisations (Clarke, Clawson, and Cordell, 2003).

Communications through email leads to the driven urge to breaks into other peoples emails with the intentions to steal sensitive information. In 2000s, email hacking is the order of the day, there are many-sophisticated software that can spy on the usernames and passwords of the email owners to gain access to other people email messages. Formerly, hackers were concentrated in USA and few advanced countries, with advent of internet, email hackers can be found virtually in any country. Email hackers can now be found in Asia, Latin America, North America, in many countries in Europe, and few countries in Africa.

With the increase in email hacking, questions are being raised in the business circles on what motivate the email hackers to perpetuate these criminal acts.

Motivation behind emails hacking

Studies reveal the motivations that make people to indulge in email hackings. Evers (2005) argues that the motivation for email hacking is solely monetary purpose.

Many people receive scam emails that appear to be identical with the trusted corporate company. The main purpose of these scam emails are to trick people to reveal the sensitive personal information, such as bank information, and the main purpose of these acts are to steal money from victims accounts (Evers, 2005).

Hines (2004) supports the argument provided by Evers by stating that 7 out 10 people that go online receive phishing emails that advise them to provide their personal information and 15% of these people provide their personal information and were successfully duped (Hines, 2004).

Although, these two authors provide solid arguments on the motives for the email hacking. Nevertheless, not all email hackers are motivated because of money. For example, some young people between the ages of 16 and 30 do hacking to show their expertise in the computer technology. Situation sometimes arises in the chat room where some people boast of having the computer expertise than the other person.

To support this argument Best (2006) points out that some people engage in email hacking just to boast on their ability to ferment art and skills. These people do not have intention to steal money or whatsoever from the individual or organisation. Rather, the basis is only pleasure and play, and these kinds of people are called script kiddies in U.S because these categories of hacker are mostly teenagers and young people between the ages of 18 and 30. It should be noted these group of hackers do not have computer skills because they use automated hacking program to do their email hacking in order to show their group about their expertise in Information Technology (Best, 2006).

Lakhani, and Wolf (2003) who points out that most email hackers indulge in the hacking activities for intrinsic motivation support argument put forward by Best. These include doing something for enjoyment and fun rather than for financial rewards. It should be noted that these hacking group derive enjoyment from the hacking so that it is impossible for them to stop the hacking activities. According to Lakhani and Wolf who state that, Enjoyable activities are found to provide feelings of creative discovery, a challenge overcome and a difficulty resolved.

Thus, the enjoyment derived is the basis of principle of email hacking. Sometimes, peer group or social group is formed among the hackers that will only permit the people who have the skills to perpetrate the email hacking into the group (Lakhani, and Wolf, 2003).

All the authors argument on the motivation behind email hacking are correct, the motivations that lead people into email hacking should be combinations of financial rewards, showing off the computer skills or programming skills, and for enjoyment purpose. This paper argues that all these factors are the motivations behind the email hackings. While some people may indulge in the email hacking for the purpose of fun, enjoyment and showing off the skills, the motivation for another people may not be the same, some people are motivated because of money. No matter the motivations, email hackings harms the victims. Before discussing the effect of email hacking on society, the next section provides the methods the hackers use in perpetuating email hacking

Methods of email hacking

There are several methods, which email hackers use to accomplish their acts. Due to the technicalities involved in carrying out these tasks, some terminologies are used to describe the tactics the hackers used. Some of hacking tactics are described below:

First, the email hackers may use tactics which Chang (2004) refers as social engineering. This is a tactic hacker uses to launch into the emails of unsuspected person and obtain their personal information. In social engineering, hackers do not need technical skills to accomplish these tasks; hackers only use psychological tricks to gain access to the system. For example, social engineering hackers can disguise as an employee or company executive out of town or country, and contact the IT help desk on the phone, telling them that he has lost his username and password, in a matter of urgency, an hacker will ask the IT help desk for his username and password. If he is able to acquire this information, the email hackers will burst into the company email, and steal valuable information (Chang, 2004).

In addition, a hacker may trick a company employee to download malicious program attachment sent to an employees email. The tactics is to gain access to the email of employees through the back door, which will give hackers the ability to have access to personal information. Hackers may also trick an employee to download an attachment that contain virus such as Trojan horse, the trick is to damage the computer of an unsuspected person in order to gain access. For example, email attackers send spyware to 1 out 3 company in the UK to gain access (Chang, 2004)

Moreover, email hackers can attempt to crack a password of unsuspected email user by making use of password cracker. In most online system, the combination of username and password are used to improve the security system of the computer system. Thus, to gain access to passwords, hacker may use dictionary files and combination of dictionary words and numbers. Alternatively, hackers may use only dictionary words to gain access to the computer or hybrid. For example, hackers may use dog1, dog2, dog3, and so on to gain access. It should be noted that these tactics take long time to accomplish, however sometimes email hackers accomplish their tasks. (Chang, 2004).

Presently, most companies have program that protect their computer system from the authorised access, which is called firewall. However, to gain access, hackers may dial telephone number of an organisation, and record the number that answers the telephone call. This can be done through hacker program. Thus, later in the night, hackers will call back the organisation and try to enter the organisational computer system by through the back door (Chang, 2004).

In addition, hacker may burst into the network of the unsuspected user to gather the username and password. The trick is to make use of a program called network packet sniffers, the program can analyse the unencrypted traffic and the hackers can get hold of sensitive information through these methods (Chang 2004).

Finally, email hackers may pose as reputable organisations, for example, there are many organisations with flashy websites that disguise as loan or mortgage companies. In the United States, there are payday loan companies that advertise themselves of giving out loan. In the course of registration with these companies, sensitive information is being asked. The information such as Social Security Number and the victim emails. Having collected this information, the hackers may use the information such as username and password to burst into the emails the unsuspected victims.

It should be noted that the activities of email hackers have caused both financial and psychological damages on society as discussed in the next section.

Effects email hacking on society

There are several financial consequences that email hacking has caused on society. Apart from the society impact, email hacking has caused psychological impact on the people. Report by Majuca and Kesan (2009) reveal the estimation of the financial damages of the email hacking on the society. For example, the cost of email hacking attacks on the companies is huge (Majuca and Kesan, 2009).

Many people and companies fail to report to the police because of the thinking that it would be a waste of time, this is because it is only tiny percentages of the hackers ever get caught. It should be noted that the hackers can be anywhere in the world, and the big problem is that a person in Australia can get access to the computer of another person in U.S. Despite the huge amount of money being lost through hacking, the hackers are difficult to track down.

The financial impact is that millions of dollars are lost into the hands of hackers each year. Apart from monetary value, personal information such Social Security Number, credit card information, or other sensitive information are getting into the hands of email hackers each year, thereby putting financial havoc on the victim (Chang, 2004).

Another damage of email hackers on an individual is that after getting access to email, hacker can reset password and username, which will prevent the person from login. Moreover, email hackers can deliberately delete the sensitive information and files found in the email messages and the victims who do not have a back up file to retrieve these information would end up losing valuable information.

Moreover, most companies affected by hackers have lost customers in their bids to report to police. For example, if companies emails are hacked and sensitive information are stolen. If this company report to the police and the matter get into the hand of press, the competitors can quickly use this as a competitive advantage by reporting to the world that they have protective measures to prevent such hackers attack. The customers of the attacking company may shift to the rival company, thereby making this company to lose customers.

Despite the financial damages on email attacks on the society, society is helpless to fight back. Moreover, police of most countries do not have technical skills to track down the hackers criminal. The damaging effects of email hackers makes the author to examine the response of society on the email hacking.

Society Response

As was discussed in the previous chapter, society is helpless to defend the cyber attack of the email hackers due to the technicality involved. Although, several corporate organisations have set up educational programs to educate their employees on the malicious attachment to the email in order to have access to their computer.

Apart from this, several laws are passed to protect society on the email hackers. For example, there is US law of Electronic Communications Privacy Act, which is to protect people from illegitimately entering into private email of organisation and individual. Wiretap Act is also set up against computer hackers.

Despite these laws, only few hackers are prosecuted because of the difficulties to prove that the hackers actually perpetuate these acts (Chang, 2004).

Conclusion

Hacking of email is one of the IT crimes currently perpetuated virtually all over the world. The paper reveals that this crime has caused havoc to many victims around the world, and the difficulty in tracking down the email hackers is one the main problems that make the attackers to continuing in their acts. The problems of email hacking is that some IT professionals are included in launching these attacks. Although, arguments arise that not many people indulge in email hacking for stealing or financial purpose. Nevertheless, doing email hacking for financial reward or for improving computer skills, bursting into the private email of an individual or a corporate organisation without authorisation is a crime and effort should be made on behalf the governments to fully train the policemen in Information Technology and the techniques to combat the email hacking.

This paper enhances the knowledge of individual, corporate organisation and society as a whole on email hacking and the techniques the hackers use in carrying out their acts.

Index

Email : The is private email address used to send and receive message. It is also used to send and receive document.

E mail hacking: This is the activity of the of some people to enter into private email of an individual or business organisation without authorisation.

Email hacker: These are the people perpetuate in email hacking.

IT law: This is a law to prevent people from breaking IT regulation..

Password : This is secrete word or number or combination of two known only to email owner in order to have access to his inbox.

Phishing : This is the activities of hackers to disguise as reputable organisation to steal people username and password.

Social engineering: This is the trick the email hacker use to steal username and password.

Spyware: This is program that damage computer system to have access to computer system.

References

  1. Best, K, (2006), Visceral Hacking or Packet Wanking? The Ethics of Digital Code, Social Science Electronic Publishing, Inc, UK
  2. Chang, J, (2004), Computer Hacking: Making the Case for a National Reporting Requirement, Social Science Electronic Publishing, Inc, UK.
  3. Clarke, Z, Clawson, J, Cordell, M, (2003), A brief History of Hacking, Historical Approaches to Digital Media, USA.
  4. Evers, J, (2005), Hacking for Dollars, CBS Interactive Inc, USA.
  5. Hines, M, (2004), Caught in a Phishing trap, CBS Interactive Inc, USA..
  6. Lakhani, K, Wolf, R, G, (2003), Why Hackers Do What They Do: Understanding Motivation and Effort in Free/Open Source Software Projects, Social Science Electronic Publishing, Inc, UK.
  7. Majuca, R, P, Kesan, J, (2009), Hacking Back: Optimal Use of Self-Defense in Cyberspace, Social Science Electronic Publishing, Inc, UK

Cyber Security and Employees

Introduction

Nowadays, data breaches are increasing in volume and scope (Holtfreter and Harrington 1). Cybercriminals become able to steal billions from organizations and compromise private information. The major factors that define the thriving of cyber ganging are the insufficient level of employees competence, the lack of knowledge about the technical side of information protection, and non-compliance with safety standards.

Main text

Researchers usually distinguish three major groups of data breaches according to their causal factors: internal, external, and non-traceable (Holtfreter and Harrington 3). The number of internal factors of data breaches is the biggest. This category includes improper protection of data, theft, or hacking by employees with a high or a low probability of fraudulent intent, and unintentional loss of data.

The external factors include theft, hacking, or loss by the individuals who are not related to the organization. Non-employees, third parties, and hackers are responsible for most of the compromised records (over 70%), and the higher amount of data breaches. But although the number of compromised data cases happen due to the external factors more often (47% comparing to 38% of data breaches caused by the internal factors), employees actions and misconduct have greater significance in this regard and are associated with far more important implications for organizations than the actions performed by the third parties.

The mentioned internal casual factors indicate the lack of employees competence, the inefficiency of HR practices, the underdevelopment of corporate culture that enforces ineffective safety policies, or fails to ensure information sharing among all team members.

It is observed that many data breaches occur because organizations use inefficient and outdated data encryption standards. At the same time, the implementation of the improved versions of standards, e.g. 128-bit Advanced Encrypted Standard, may impede breaking key codes and minimize the risks of identity theft (Holtfreter and Harrington 3). It is possible to say that all external factors of any data breach case are, to some extent, interrelated with the internal factors.

For example, theft or loss of data by the third party is often induced by an improper exposal or disposal of information, i.e. employees inattentiveness or lack of knowledge (Holtfreter and Harrington 4). A data breach can happen accidentally, unintentionally, because an employee did not pay a lot of attention to security measures and did not consider potential risks of a data carrier stealing and loss. Thus, an individual employee may actually be regarded as the weakest link in data protection management. However, organizations can and should undertake measures to reduce potential security risks.

As it is observed by Holtfreter and Harrington, hackers are more skilled at what they do and often can access organizational networks without significant difficulties. However, a great number of both internal and external factors associated with employee involvement in data breach occurrence represent serious threats to corporate welfare, as well as personal data and identities of all related companies stakeholders.

Conclusion

First of all, leaders need to encourage proper data disposal by developing an adequate safety culture and educating employees. Moreover, they should prevent unauthorized intrusion through the adoption of more strict regulatory measures and implementation of advanced security technology. In this way, it may become possible to maintain the desired professional behavior and significantly reduce risks of data breaches or compromised records.

Works Cited

Holtfreter, Robert, and Adrian Harrington. Employees Are the Weakest Links, Part 1: Data Breaches and Untrained Workers. Fraud Magazine. 2016. Web.

Cybersecurity and Social Networks

The problem in the first article was the area of IT security as it relates to social networks within an organization. Recently, there have been many trends the security of information and communication technologies, in particular, due to the expansion of the reach of social media which increase the size of social network, which has taken the rates sharing personal and working information to very high levels and also posed increased risks to data networks. One note is that this article does not specifically analyze social media networks, but more so social networks. Within this, every growing data intensive environment, there is the unique need to secure enterprise data within this environment. This gap poses new increased risks. Social media networks which could pose some increases risks, however, could prove some advantages in increasing the stretch or mixing the diversity of the social networks, due to the intense popularity of social networking service and it mediums. The use of this services by employees within the organization, and the need or desire to share information across social media mediums could expand the present stretch of social networks within an organization. Thus, access to readily available information and the need to connect to others yields both benefits and undesirable consequences within an organization. (Dang-Pham, Pittayachawan, & Bruno, 2016)

Employees remain the biggest risk within the organization to IT security. However, employees can also be a significant asset to reduce the risks that are related to information security. Understanding compliance behavior remains crucial for organizations to secure its data by leveraging their human capital resources. The general problem is that technology-based solutions do not sufficiently address gaps in information security compliance. The study posits that employees outcome beliefs shape the employees views about conformity with compliance. Intrinsic benefit shapes benefits of conformity, any rewards that are received, the benefits of any conformity while intrinsic value forms the costs of compliance to the employee, the vulnerability of resources, and any sanctions that could be levied. Ths problem area looks at the risk of noncompliance with IT security policy to the business and evaluates the implementation of training and IT programs. (Bulgurcu, Cavusoglu, & Benbasat, 2010)

Comprisals within IT security and vulnerabilities have resulted in the increase in ransomware attacks and other types of cybercrime including, financial fraud, stalking, and blackmai(Gradon, 2013). There is a lot of literature that covers these areas and many of the theories which evolve around this subject matter of security as it relates to the business enterprise. As this area in an area of increasing vulnerability, I would like to extent the research into this area. For this reason, and much more, my contribution within this area has significant worth. One item that was unique, within the research model, what that the article used network analysis.

So many emerging behavioural security studies focus on ways to improve compliance within the security arena by fear, and newly by looking at the intrinsic beliefs and social relationships between individuals. How do we relate the structural patterns and integrate them into the organization to the benefit of security? One of the most critical issues in the research field remains that many end-users in organisations do not possess the sufficient knowledge to mitigate information security risks (Rocha Flores, Antonsen, & Ekstedt, 2014). Many areas look at fear to spur compliance and also look at security training as a check the block mechanism to spur compliance. A gap that remains how do you spur interest in the subject area, or within information technology fields in general. Does fear longterm create legitimate compliance or only short term benefit? How do employees interpret conflicting information from varying sources, some who agree with their interpretations and some and disagree with their interpretations of security beliefs? How do we resolve internal conflict between a close colleague and an expert within the field? Can we use the structural patterns between individuals, experts, and non-specialists, to garner interest? What happens if that garnered interest conflict with intrinsic belief? How do we prevent the dissemination of incorrect information across these mediums?

The research questions involved in this article posed are why employees willing to share information security advice and secondly what are the structural patterns of the information security advice sharing networks are. The research within these two articles revolves around these two questions. The literary review looks at what motivates employees to share security advice and looks at particular behaviours could have some influence. The reason this is studied is that active security knowledge sharing helps to develop self efficacy and complaince and helps to prevent the redevelopment of new security practices that may already be commonplace. The article poses that many of the prior works looked at intributes of individuals, however, did not look at how these attritubutes interact together in a social media forum with connects people how may be very different, from different organizations and separate geographically.

These are several areas that are studied in many prior works. These draw upon many theories including the Theory of Planned Behavior and Motivational Theory which is prevalant in many security works. The first three hypotheses were developed from this theory. The Theory of Planned Behavior has been looked as an antecedent ot compliance. This article looks at the sharing activity itself. These are based on the premise subjective norms motivate an individuals intention to share security knowledge, percieved behavioural control, and attitude. This is included and extended in many works and the literature review surrounded these these works. This article also looked at personality relationships and how they relate to their perceptions of security. Prior studies looking at traits which affect the perception on security studies.

The article reviewed the Accountablity Theory and developed the second hypotheses from this theory. Within this theory, accountability is attached to the self image, and this motivates inviduals to comply. This theory remains a fairly new theory introduced in 2015 and has been introduced by many different security domains. This theory looks at the not only at how the individual looks at the compliance of the individual but how that accountability relates to organizaitonal accounatability amd there desire to share security advice.

The IVs, independent variables, in the study were the attitude towards performing information security behaviors, subjective norm, perceived behavioural control, perceived accountability, the occurrence of giving work related advice ties, the occurrence of interpersonal trust ties, and the occurrence of giving security troubleshooting ties. These were divided into different categories of the node effects, or source of security advice, and network effects. The study looked at how security knowledge was transfered though the network effects between different nodes.

The dependent variable within the article is the occurrence of giving security advice ties between two randon employees. The article further analyzes the connections that allow the dissimination of security related information.

This study looked at network analysis to determine how individuals in the organization, based on how these social networks developed, would dissiminate this information. One interesting finding in work is that employees are perceiving subjective norms about performing security behaviours are less likely to give security advise to others. One reason that the article meantioned this is that individuals could add social pressure on these individuals. I pose that this could be negative pressue as well, even though this was not mentioned within the article. So, an employees behavioural norm could remain in conflict with the organization culture. This area of study is one area that was not revieweded and is an area that we could review further.

Literature Review

The problems of the modern day cyber security are as urgent as never before. With enterprises relying on computer and internet networks more and more often, IT security faces a significant number of issues. Researchers determine the nature of such problems in different ways. For example, Grau and Kennedy (2014) define such problems as common threats faced today, such as malware, physical attacks, social engineering, social media, misuse, errors, and environmental effects (p. 53). Moreover, the problems are approached from the perspective of their relation to different strata of society (e. g. citizens, governments, banks, and key infrastructures). The authors then note that the problems are caused by various actors. These are the criminal, the hactivist, and the nation-state (Grau and Kennedy 2014, p. 54).

Based on these findings, authors present the current trends and trends that are in development as of now. There are six current trends of interest. Firstly, the man-in-the-browser attacks, which are characterized by the criminals attempting to emulate a believable browser experience to gather information on security details (logins, passwords, etc.). Secondly, the ransomware is emerging; it is a malware that is embedded in the operational system as an anti-virus or any other type of malware protecting software. The goal of this malware is also to gather sensitive or compromising data. The third trend is the development of polymorphisms. This is a sophisticated malware that is generated for each user while remaining equal functionality-wise. Remaining trends drawn out by the authors include other types of malware (package exploit kits, new-generation botnets) and methods of causing network malfunctions (DDoS)

Other researchers focus on different topics; some may argue that these subjects are based on more general problems. Chin, Kaplan and Weinberg (2014) concentrate on the general problems that the current cybersecurity units face. These include insufficient cyberattacks protection, minimal efforts of improving cyber security in various institutions, and low engagement of senior leaders of public and private institutions in the problems of cyber security. Another article by Tisdale (2015) suggests that, despite the widespread problems which seem to take over the cybersecurity efforts, it is wrong to approach the solution search in technical, and information technology connected way. Instead, Tisdale argues, recent researches in cyber security call for a comprehensive approach that considers business objectives, governance, and risk management along with organizational psychology and other factors such as those described in the Clinger-Cohen Act (p. 191).

Thus, the trends may be perceived in different ways and via different approaches. Some argue that the cyber security efforts must be focused on fighting off the new-generation malware developed en masse by various criminals and criminal collectives across the world. Others call for developing a new perspective that would alter the approach to cyber security with taking different nuances into account. As of right now, there is no way to tell which approach will be the most beneficial one. However, while some tend to focus on developing the methods to fight off malware and cyber attacks, other researchers create new-generation tools that allow ensuring a higher quality of cyber security. For example, Fielder, Panaousis, Malacaria, Hankin and Smeraldi (2016) in their article provide an analysis of a hybrid game-theoretic and optimisation approach to the allocation of an SMEs cyber security budget (p. 22).

Another example of approaching cyber security is, for instance, an article by Craigen, Diakun-Thibault and Purse (2014) that has a goal of providing a more precise definition of what the cybersecurity must be. The authors conclude that the more inclusive, unifying definition presented in this article aims to facilitate interdisciplinary approaches to cybersecurity (Craigen, Diakun-Thibault & Purse 2014, p. 18). Thus, a more sophisticated theoretical approach is taken to represent the goals of cyber security. This allows for clearer understanding of the primary focuses that the cyber security units must preserve.

On the other hand, some researchers tend to concentrate on identifying practical approaches either undertaken by some organizations, or the approaches that are still being developed. For example, Nelson and Madnick (2017) provide a list of approaches around cyber-security measurement and reporting (p. 12). These approaches include measures of cyber-security compliance, tracking of risk based on business models, and cyber-risk activities tracking. Thus, it is evident that there is a focus on both theoretical and practical aspects of the problem.

The proposed study is going to consider both the theoretical and practical aspects of cyber security and apply the resulting information to social networks in an attempt to determine the factors that tend to affect the level of security in social networks. Social networks are becoming exceedingly popular with some of them being made for recreation and others for business (Saridakis, Benson, Ezingeard, & Tennakoon, 2016). As for network security, it is a complex and costly activity, which, however, is necessary to protect the shared data and users privacy (Jang-Jaccard & Nepal, 2014). A preliminary research implies that cyber security in social networks is a relatively understudied topic, but it is apparently significant because of the above-mentioned issues and the legal and ethical requirements to protect the information and privacy of the users (Jabee & Alam, 2016; Jang-Jaccard & Nepal, 2014). Moreover, it has been established that improved security is also a factor that the users take into account when choosing to employ a social network (Jabee & Alam, 2016; Kwon, Park, & Kim, 2014). In other words, legal, ethical, and survival reasons make cyber security a modern challenge for networks, which calls for extensive research. The proposed study will attempt to find and possibly explain the patterns in the development of network security. The specific research question that the proposed study intends to consider can be phrased as follows: do the size (number of users) and purpose of a social network affect its security level?

Research Model

The research model discusses the following variables. The independent variables include the size and purpose of the social networks that are going to be studied. The size is going to be operationalized as the number of users; the upcoming research will indicate which networks can be viewed as relatively big or small. The purpose is going to include business and recreation purposes. The dependent variable is the security level of the social networks. It is going to be operationalized through the number of safeguards employed by the networks and their relative effectiveness (Jabee & Alam, 2016). The specific criteria will be developed with the help of the literature on the topic. The mediating variable that is expected to limit or expand the effect of the independent variable on the dependent one is the funding (resource availability) of the networks. The future research will demonstrate if it is possible to find the information one the networks funding, which will help to operationalize the variable. When the specifics of the variables operationalization are apparent, an appropriate statistical analysis tool will be chosen.

Hypotheses

Four hypotheses that consider the relationships between variables can be proposed.

  • H1: the level of security of social networks depends on the purpose of these networks.

The first hypothesis implies that the purpose of the networks can define the sensitivity of the data used, which may call for additional safeguards. As a result, the following sub-hypotheses are offered.

  • H1a: the level of security increases for business-related networks.
  • H1b: the level of security decreases for recreation-related networks.
  • H2: the level of security of social networks depends on the size (number of users) of these networks.

The second hypothesis implies that a bigger number of the users can either result from greater security or call for better protection of the users (as follows from the literature review). As a result, the following sub-hypotheses can be offered.

  • H2a: the level of security increases for larger networks.
  • H2b: the level of security decreases for smaller networks.

It is also noteworthy that, as shown in the literature review, the security of networks is a complicated and costly phenomenon. It can be suggested that the availability of resources can limit or improve the ability of a network to ensure security. Thus, two additional hypotheses discuss the mediating variable.

  • H3: the relationship between the purpose of the network and its level of security is mediated by the funding of the network.
  • H4: the relationship between the size of the network and its level of security is mediated by the funding of the network.

The hypotheses and the variables are shown in Figure 1.

The relationship between variables and hypotheses
Figure 1. The relationship between variables and hypotheses.

Sample

The sampling strategy is going to use quota sampling to cover all the required types of networks, including big, small, business-related, and recreational ones. The coverage will improve the sampling validity (Terrell, 2015, p. 87). Apart from that, the size of the sample needs to be considered to ensure reliable results; this aspect can be calculated after a more or less comprehensive information on the currently existing social networks that fit the search criteria is gathered.

Limitations

Some of the limitations of the proposed study can be determined at this stage. In particular, some problems with attaining the information on the funding of social networks can be anticipated. Also, the choice of business-related networks is expected to be more limited than that of the recreational ones. Finally, the current operationalization efforts suggest that the criteria for the dependent variable need to be very carefully considered to provide an objective relative assessment of the level of security in networks. The first two issues imply the possibility of inefficient sampling, which will be limited by the availability of the information; the last issue suggests that the quality of research will depend on the quality of the criteria for the dependent variable. In other words, the latter issue may but does not have to result in limitations. Other limitations will become more apparent as more information on the research is gathered.

References

Chinn, D., Kaplan, J., & Weinberg, A. (2014). . Web.

Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining Cybersecurity. Technology Innovation Management Review, 4(10), 13-21.

Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support approaches for cyber security investment. Decision Support Systems, 86, 13-23.

Grau, D., & Kennedy, C. (2014). TIM lecture series  the business of cybersecurity. Technology Innovation Management Review, 4(4), 53-57.

Jabee, R., & Alam, M. A. (2016). Issues and challenges of cyber security for social networking sites (Facebook). International Journal of Computer Applications, 144(3), 36-40.

Jang-Jaccard, J., & Nepal, S. (2014). . Journal of Computer and System Sciences, 80(5), 973-993.

Kwon, S., Park, E., & Kim, K. (2014). A comparative analysis of user acceptance of Facebook and Twitter. The Social Science Journal, 51(4), 534-544.

Nelson, N., Madnick, S. (2017). Trade-offs between digital innovation and cyber-security. Cambridge, MA: Massachusetts Institute of Technology.

Saridakis, G., Benson, V., Ezingeard, J., & Tennakoon, H. (2016). Technological Forecasting and Social Change, 102, 320-330.

Terrell, S. (2015). Writing a proposal for your dissertation. New York, NY: Guilford Publications.

Tisdale, S. M. (2015). Cybersecurity: Challenges from a systems, complexity, knowledge management and business intelligence perspective. Issues in Information Systems, 16(3), 191-198.

Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010, September). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-548.

Dang-Pham, D., Pittayachawan, S., & Bruno, V. (2016). Why employees share information security advice? Exploring the contributing factors and structural patterns of security advice sharing in the workplace. Computers in Human Behaviors, 196-206.

Gradon, K. (2013). Crime science and the Internet battlefield: securing the analog world from digitial crime. Secur Priv, 93-95.

Jabee, R., & Alam, M. A. (2016). Issues and challenges of cyber security for social networking sites (Facebook). International Journal of Computer Applications, 144(3), 36-40.

Jang-Jaccard, J., & Nepal, S. (2014). . Journal of Computer and System Sciences, 80(5), 973-993.

Kwon, S., Park, E., & Kim, K. (2014). A comparative analysis of user acceptance of Facebook and Twitter. The Social Science Journal, 51(4), 534-544.

Rocha Flores, W., Antonsen, E., & Ekstedt, M. (2014). Information security knowledge sharing organizations: Investigating the efect of behavioral information security governance and national culture. Computers & Security, 43, 90-100.

Saridakis, G., Benson, V., Ezingeard, J., & Tennakoon, H. (2016). . Technological Forecasting and Social Change, 102, 320-330.

Terrell, S. (2015). Writing a proposal for your dissertation. New York, NY: Guilford Publications.

Computer Forensics: Data Acquisition

Introduction

Data acquisition is a branch of computer forensics concerned with the retrieval of data originally located on a suspect medium such as a hard drive. These data could be images or files. The types of data acquisition are either live or static. This acquisition can fall in any one of the four methods highlighted below:

  • The bitstream disk to image, which can be used to create copies, which are bit for bit replicas. This method can enable one to make more than one copy during the process.
  • The bitstream disk to disk is used where bitstream disk to the image is not possible.
  • While considering the files of interest only, the logical or sparse acquisition will suffice. However, this option remains suitable for large disks and can collect pieces of deleted data.

For the 2GB hard disk in question, a lossless compression may be suitable. However, for effectiveness, this will be combined with a digital signature verification process. For such a case, the contents will be copied as an accurate image to a file preferably to another disk using third-party tools such as ProDiscover or EnCase. However, this depends on other factors that would otherwise disqualify the bitstream disk to the image file method.

Another hard disk is used as the target medium onto which a copy of the suspect hard disk is made. EnCase and SnapCopy is examples of software that can be employed for this process. The acquisition precedes validation of the data. Windows has no inbuilt validation algorithms that are typically hashing algorithms. Third-party utilities are used for such validation processes. Alternatively, Linux validation can be used with the dcfldd with a verify file option to compare the image to the original.

Computer forensics training

CYber DEfense Trainer (CYDEST) describes a virtual environment addressing computer forensics as well as network defense. Considering that training on an actual platform may be costly and remote, CYDEST provides an opportunity for network administrators as well as digital forensics investigators to run real-life scenarios in a virtual environment. This setup achieves realism through support for highly realistic invasive training scenarios which include ongoing attacks and live forensics as well as an automated evaluation of students performance (Brueckner et al., 2008, p.105). CYDEST relies on virtualization.

Virtualization for this case is capable of achieving rich scenarios at random, which are suitable for training purposes. This virtualization is hosted with Xen, which is a hypervisor running directly on the hardware as an operating system control program (Brueckner et al., 2008, p.105). Xen will support one or more machines as specially privileged guests. This platform also supports the Linux operating system as a privileged guest. In a CYDEST session, the hosts seen by the student are unprivileged. Xen can also allow other architectures to enable hosts on the network to run licensed software such as windows.

CYDEST in its assessment employs passive and active observation. The former will cover reports involving a students responses to direct queries. Active observation on the other hand is whereby a students actions are monitored and both the direct and indirect results are analyzed. CYDEST is web-based and can be accessed over the internet or locally (Brueckner et al., 2008, p.106). Some shortcomings as far as CYDEST is concerned to relate to the complexity of some of its components. It is not uncommon that a virtual host may unexpectedly crash in which case the system reverts to a predefined baseline. It can be also noted that the student exercises are not repeatable.

Return on investment (ROI)

Determining the return on investment (ROI) is the single most important aspect of any investment today. This stands true for real estate, stocks, or new business ventures just to mention a few. Estimating a return on investment (ROI) helps the business planner to choose from among several investment options. During an IT project, training remains one of the relevant aspects for successful project delivery. This could be team training for those directly involved in the project or user training for the eventual beneficiaries of the project deliverable. User or staff training will result in improved performance and productivity.

It will be noted though that there are no cash flows representing training and therefore net present value as an ROI method is unsuitable to use here. While considering employees as organizational assets, their work can be determined by their remuneration package. Their salaries would translate to how much worth the employee is to the organization. However, this cannot be directly measured in terms of cash flows for the net present value method in determining the return on investment. A return based on their salaries would be a more appropriate method to determine the return on investment as the use of the net present value (NPV) method is unsuitable.

An alternative to NPV would be the use of the annual percentage yield (APY). For such a method, the cost associated with the investment will first be determined; the returns will then be calculated or estimated. The next undertaking would be to define a timeline for the returns and based on this calculation of the annualized return of investment or the annual percentage yield.

Reference

Brueckner, S, Guaspari, D, Adelstein, F, & Weeks, J. (2008). Automated computer forensics training in a virtualized environment. Digital investigation, 5(1), 105- 111.