Law Commons^™

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Adoption Of Cybersecurity Policies By Local Governments 2020, Donald F. Norris Phd, Laura K. Mateczun Jd

Journal of Cybersecurity Education, Research and Practice

This paper should be of interest to the readers of this journal because it addresses a subject that has received little scholarly attention; namely, local government cybersecurity. The U.S. has over 90,000 units of local government, of which almost 39,000 are “general purpose” units (i.e., municipalities, counties, towns and townships). On average, these governments do not practice cybersecurity effectively (Norris, et al., 2019 and 2020). One possible reason is that they do not adopt and/or implement highly recommended cybersecurity policies. In this paper, we examine local government adoption or lack of adoption of cybersecurity policies using data from three surveys. …

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …

Geofencing As Applied Within The Field Of Cybersecurity: An Overview Of Potential Risks And Advantages, Kasandra Adams

Electronic Theses, Projects, and Dissertations

This culminating experience project explores geofencing as a potential risk and advantageous tool within the field of cybersecurity. Geofencing is defined here as a software program feature that allows its users to collect and deliver data within a specific targeted geographical area. Currently used applications are addressed from a cybersecurity mindset by applying the hacker methodology to demonstrate the potential threat. Additionally, geofencing is applied to the NIST Cybersecurity Framework to demonstrate potential benefits for cyber defence. Finally, vulnerabilities associated with applying geofencing to cyber defense, and its potential implications on privacy and cybersecurity laws is discussed and recommendations for …

Cybersecurity Oversight Liability, Benjamin P. Edwards

Georgia State University Law Review

A changing cybersecurity environment now poses a significant corporate-governance challenge. Although some cybersecurity data breaches may be inevitable, courts now increasingly consider when a corporation’s officers and directors may be held liable on theories that they acted in bad faith and failed to adequately oversee the corporation’s affairs. This short essay reviews recent derivative decisions and encourages corporate boards to recognize that in an environment filled with increasing threats, a reasonable response will require devoting real resources and attention to cybersecurity issues.

Procure-To-Pay Software In The Digital Age: An Exploration And Analysis Of Efficiency Gains And Cybersecurity Risks In Modern Procurement Systems, Drew Lane

MPA/MPP/MPFM Capstone Projects

Procure-to-Pay (P2P) softwares are an integral part of the payment and procurement processing functions at large-scale governmental institutions. These softwares house all of the financial functions related to procurement, accounts payable, and often human resources, helping to facilitate and automate the process from initiation of a payment or purchase, to the actual disbursal of funds. Often, these softwares contain budgeting and financial reporting tools as part of the offering. As such an integral part of the financial process, these softwares obviously come at an immense cost from a set of reputable vendors. In the case of government, these vendors mainly …

Steering (Or Not) Through The Social And Legal Implications Of Autonomous Vehicles, Melissa L. Griffin

The Journal of Business, Entrepreneurship & the Law

No abstract provided.

Breadcrumbs: Privacy As A Privilege, Prachi Bhardwaj

Capstones

Breadcrumbs: Privacy as a Privilege Abstract

By: Prachi Bhardwaj

In 2017, the world saw more data breaches than in any year prior. The count was more than the all-time high record in 2016, which was 40 percent more than the year before that.

That’s because consumer data is incredibly valuable today. In the last three decades, data storage has gone from being stored physically to being stored almost entirely digitally, which means consumer data is more accessible and applicable to business strategies. As a result, companies are gathering data in ways previously unknown to the average consumer, and hackers are …

The Future Of Nuclear Security: A Medical Physicist’S Perspective, Katharine E. Thomson

International Journal of Nuclear Security

Planning for the future of nuclear security is a vital and complex task, requiring cooperation and contribution from many disciplines and industries. This diversity of expertise should include the medical sector, which faces many of the same challenges as the nuclear industry: controlling access to dangerous material, creating a strong security culture, cooperating with the wider world and engaging the public.

Medical physicists, of which the author is one, oversee all aspects of small-scale radiation use. This paper discusses three key areas increasingly important to both medical and nuclear uses of radioactive materials: public engagement, prevention of nuclear and radiological …

Deterring And Dissuading Nuclear Terrorism, John J. Klein

Journal of Strategic Security

While nuclear deterrence theory may be well-suited to dealing with nuclear-armed states, its suitability for deterring nuclear terrorism has frequently been questioned since 9/11. While terrorist organizations do not necessarily act uniformly or according to the same underlying beliefs, many of the most aggressive organizations are motivated by an ideology that embraces martyrdom and an apocalyptic vision.1 This ideology may be based on religion or a desire to overthrow a government. Consequently, terrorists motivated by ideology who intend to use a stolen or improvised nuclear device against the United States or its interests may not care about the resulting military …

Modeling Human Behavior To Anticipate Insider Attacks, Frank L. Greitzer , Ph.D., Ryan E. Hohimer

Journal of Strategic Security

The insider threat ranks among the most pressing cyber-security challenges
that threaten government and industry information infrastructures.
To date, no systematic methods have been developed that provide a
complete and effective approach to prevent data leakage, espionage, and
sabotage. Current practice is forensic in nature, relegating to the analyst
the bulk of the responsibility to monitor, analyze, and correlate an overwhelming
amount of data. We describe a predictive modeling framework
that integrates a diverse set of data sources from the cyber domain, as well
as inferred psychological/motivational factors that may underlie malicious
insider exploits. This comprehensive threat assessment approach
provides …

China's Use Of Cyber Warfare: Espionage Meets Strategic Deterrence, Magnus Hjortdal

Journal of Strategic Security

This article presents three reasons for states to use cyber warfare and
shows that cyberspace is—and will continue to be—a decisive element in
China's strategy to ascend in the international system. The three reasons
are: deterrence through infiltration of critical infrastructure; militarytechnological
espionage to gain military knowledge; and industrial espionage
to gain economic advantage. China has a greater interest in using
cyberspace offensively than other actors, such as the United States, since
it has more to gain from spying on and deterring the United States than
the other way around. The article also documents China's progress in
cyber warfare and …

Radicalization And The Use Of Social Media, Robin L. Thompson

Journal of Strategic Security

The use of social media tools by individuals and organizations to radicalize individuals for political and social change has become increasingly popular as the Internet penetrates more of the world and mobile computing devices are more accessible. To establish a construct for radicalization,the power and reach of social media will be described so there is common understanding of what social media is and how it is utilized by various individuals and groups. The second section will answer the question of why social media applications are the perfect platform for the radical voice. Finally, the use of social media and its …

The Sec Staff's "Cybersecurity Disclosure" Guidance: Will It Help Investors Or Cyber-Thieves More?, Sarah Jane Hughes, Roland L. Trope

Articles by Maurer Faculty

No abstract provided.