Cyber Crime and Cyber Terrorism

Download 5,67 Mb.

Pdf ko'rish

bet	48/283
Sana	19.05.2022
Hajmi	5,67 Mb.
	#604880

1 ... 44 45 46 47 48 49 50 51 ... 283

Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

44
CHAPTER 5
User requirements for cyber-security investigations
the same humans also present a potential systemic weakness if their requirements
and limitations are not properly considered or fully understood in relation to other
aspects of the total system in which they operate (
Wilson et al., 2005
).
From a similar perspective, cyber-security operates at a systemic level where us-
ers (e.g., the public), service providers (e.g., on-line social and business facilitators)
and commercial or social outlets (e.g., specific banking, retail, social networks, and
forums) come together in the virtual and shared interactions of cyber-space in order
to process transactions. A key difference is that there are no formal policing agents
present, no police or security guards that users can go to for assistance. Perhaps
the closest analogy to any form of on-line policing would be moderators of social
networks and forums but these are often volunteers with no formal training and ul-
timately no legal responsibility for cyber-security. Whilst there are requirements for
secure transactions especially when people are providing their personal and banking
details to retails sites, social media sites are particularly vulnerable to identity theft
through the information people might freely and/or unsuspectingly provide to third
parties. There is no common law of cyber-space as in the real-world and social norms
are easily distorted and exploited creating vulnerabilities for security threats.
Another factor in cyber-security is the potential temporal distortions that can oc-
cur with cyber-media. Historic postings or blogs might propagate future security
threats in ways that real-world artifacts may not. For example, cyber-ripples may
develop from historic posts and blogs and may have more resonance following a par-
ticular event. Cyber poses a paradoxical perspective for security. Threats can emerge
rapidly and dynamically in response to immediate activities (e.g., the UK riots of
2011), while in other ways the data are historical and can lie dormant for long periods
of time. However, that data still possesses a presence that can be as hard hitting as an
event that has just only happened. Understanding the ways in which users might draw
significance from cyber-media is an important part of understanding cyber-influence.
From a cyber-security perspective, the traditional view of security poses a num-
ber of challenges:
• Who are the users (and where are they located at the time of their interaction)?
• Who is responsible for cyber-security?
• How do we identify user needs for cyber-security?
• What methods and tools might be available/appropriate for eliciting
cyber-requirements?
• What might characterize suspicious behavior within cyber-interactions?
• What is the nature of the subject being observed (e.g., is it a behavior, a state, an
action, and so on)?
Underlying these challenges are fundamental issues of security and user performance.
Reducing the likelihood of human error in cyber-interactions is increasingly important.
Human errors could not only hinder the correct use and operation of cyber technolo-
gies they can also compromise the integrity of such systems. There is a need for formal
methods that allow investigators to analyze and verify the correctness of interactive
systems, particularly with regards to human interaction (
Cerone and Shaikh, 2008
).

Download 5,67 Mb.

Do'stlaringiz bilan baham:

1 ... 44 45 46 47 48 49 50 51 ... 283