Physical Sciences and Mathematics Commons^™

Contracting For Algorithmic Accountability, Cary Coglianese, Erik Lampmann

All Faculty Scholarship

As local, state, and federal governments increase their reliance on artificial intelligence (AI) decision-making tools designed and operated by private contractors, so too do public concerns increase over the accountability and transparency of such AI tools. But current calls to respond to these concerns by banning governments from using AI will only deny society the benefits that prudent use of such technology can provide. In this Article, we argue that government agencies should pursue a more nuanced and effective approach to governing the governmental use of AI by structuring their procurement contracts for AI tools and services in ways that …

An Analysis Of International Agreements Over Cybersecurity, Lucas Ashbaugh

Electronic Theses and Dissertations

Research into the international agreements that increase cooperation over cybersecurity challenges is severely lacking. This is a necessary next step for bridging diplomatic challenges over cybersecurity. This work aspires to be push the bounds of research into these agreements and offer a tool that future researchers can rely on. For this research I created, and made publicly available, the International Cybersecurity Cooperation Dataset (ICCD), which contains over 350 international cybersecurity agreements and pertinent metadata. Each agreement is marked per which subtopics within cybersecurity related agreements it covers. These typologies are:

• Discussion and Dialogue

• Research

• Confidence Building Measures

• Incident Response

• Crime …

  ---

  Go to article

How Much Should We Spend To Protect Privacy?: Data Breaches And The Need For Information We Do Not Have, Richard Warner, Robert Sloan

All Faculty Scholarship

A cost/benefit approach to privacy confronts two tradeoff issues. One is making appropriate tradeoffs between privacy and many goals served by the collection, distribution, and use of information. The other is making tradeoffs between investments in preventing unauthorized access to information and the variety of other goals that also make money, time, and effort demands. Much has been written about the first tradeoff. We focus on the second. The issue is critical. Data breaches occur at the rate of over three a day, and the aggregate social cost is extremely high. The puzzle is that security experts have long explained …

Analysis Of Security In Big Data Related To Healthcare, Isabel De La Torre, Begoña García-Zapirain, Miguel López-Coronado

Journal of Digital Forensics, Security and Law

Big data facilitates the processing and management of huge amounts of data. In health, the main information source is the electronic health record with others being the Internet and social media. Health-related data refers to storage in big data based on and shared via electronic means. Why are criminal organisations interested in this data? These organisations can blackmail people with information related to their health condition or sell the information to marketing companies, etc. This article analyses healthcare-related big data security and proposes different solutions. There are different techniques available to help preserve privacy such as data modification techniques, cryptographic …

Nuclear Security Culture And Batan’S Assessment: Batan’S Experience, Anhar R. Antariksawan

International Journal of Nuclear Security

Organizations should increase safety to minimize the harmful effects of nuclear materials. Additionally, organizations should take measures to protect security culture within the organization itself. This paper covers the National Nuclear Energy Agency of Indonesia’s (BATAN’s) promotion of nuclear security culture and self- assessment projects, which is based on the International Atomic Energy Agency’s (IAEA) methodology.

The Utility Of Table-Top Exercises In Teaching Nuclear Security, Christopher Hobbs, Luca Lentini, Matthew Moran

International Journal of Nuclear Security

In the emerging field of nuclear security, those responsible for education and training are constantly seeking to identify and engage with tools and approaches that provide for a constructive learning environment. In this context, this paper explores the nature and value of Tabletop exercises (TTX) and how they can be applied in the nuclear security context. On the one hand, the paper dissects the key components of the TTX and considers the broader pedagogical benefits of this teaching method. On the other hand, the paper draws lessons from the authors’ experience of running TTXs as part of nuclear security professional …

Introduction, Tracy Mitrano

Tracy Mitrano

No abstract provided.

Chapter Five: The San Bernardino Iphone Case, Tracy Mitrano

Tracy Mitrano

Slides: Ag Water Sharing: Legal Challenges And Considerations, Peter D. Nichols

Innovations in Managing Western Water: New Approaches for Balancing Environmental, Social and Economic Outcomes (Martz Summer Conference, June 11-12)

Presenter: Peter D. Nichols, Esq., Partner, Berg, Hill, Greenleaf and Ruscitti, Boulder, CO

25 slides

Mobile Device Use: Increasing Privacy And Security Awareness For Nurse Practitioners, Lauren Storbrauck

Economic Crime Forensics Capstones

Nurse practitioners are increasingly using mobile devices to access electronic medical records, as the use of the devices increases so does the risk of a potential breach. This is a direct result of technological advances such as larger storage capacities, faster computing speeds, and better portability/connectivity (Torrieri, 2011). These devices include: mobile phones, tablets, and laptops. The use of these devices has greatly facilitated the work of Nurse Practitioners, by allowing them to have instant access to patient records, health history and recommended treatment plans (Ventola, 2014). However, seventy-three percent of all mobile users stated that they are not always …

Evidentiary Power And Propriety Of Digital Identifiers And The Impact On Privacy Rights In The United States, Michael Losavio, Deborah Keeling

Journal of Digital Forensics, Security and Law

Media and network systems capture and store data about electronic activity in new, sometimes unprecedented ways; computational systems make for new means of analysis and knowledge development. These new forms offer new, powerful tactical tools for investigations of electronic malfeasance under traditional legal regulation of state power, particular that of Fourth Amendment limitations on police searches and seizures under the U.S. Constitution. But autonomy, identity and authenticity concerns with electronic data raise issues of public policy, privacy and proper police oversight of civil society. We examine those issues and their implications for digital and computational forensics

I Remember Richelieu: Is Anything Secure Anymore?, Michael G. Crowley, Michael N. Johnstone

Australian Security and Intelligence Conference

Petraeus-gate, hacked nude celebrity photos in the cloud and the recent use of a search and seizure warrant in the United States of America to seek production of customer email contents on an extraterritorial server raises important issues for the supposably safe storage of data on the World Wide Web. Not only may there be nowhere to hide in cyberspace but nothing in cyberspace may be private. This paper explores the legal and technical issues raised by the these matters with emphasis on the courts decision “In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and …

Balance Or Trade-Off? Online Security Technologies And Fundamental Rights, Mireille Hildebrandt

Mireille Hildebrandt

In this contribution I argue that the image of the balance is often used to defend the idea of a trade-off. To understand the drawbacks of this line of thought I will explore the relationship between online security technologies and fundamental rights, notably privacy, non-discrimination, freedom of speech and due process. After discriminating between three types of online security technologies I will trace the reconfiguration of the notion of privacy in the era of smart environments. This will lead to an inquiry into the metaphor of the scale, building on the triple test regarding the justification of the limitation of …

Privacy Issues And Solutions In Social Network Sites, Xi Chen, Katina Michael

Associate Professor Katina Michael

The boom of the internet and the explosion of new technologies have brought with them new challenges and thus new connotations of privacy. Clearly, when people deal with e-government and e-business, they do not only need the right to be let alone, but also to be let in secret. Not only do they need freedom of movement, but also to be assured of the secrecy of their information. Solove [6] has critiqued traditional definitions of privacy and argued that they do not address privacy issues created by new online technologies. Austin [7] also asserts: “[w]e do need to sharpen and …

Book Review: Handbook On Securing Cyber-Physical Critical Infrastructure: Foundations And Challenges (Written By Sajal K. Das, Krishna Kant, Nan Zhang), Katina Michael

Professor Katina Michael

This 800+ page handbook is divided into eight parts and contains thirty chapters, ideal for either an advanced undergraduate or graduate course in security. At the heart of this handbook is how we might go about managing both physical and cyber infrastructures, as they continue to become embedded and enmeshed, through advanced control systems, and new computing and communications paradigms.

Book Review Of Hacking: The Next Generation (Written By Nitesh Dhanjani, Billy Rios & Brett Hardin), Katina Michael

Professor Katina Michael

Hacking: The Next Generation demonstrates just how hackers continue to exploit “back doors”. New ways of working and new ways of communicating have meant that the number of attack vectors continue to rise rapidly. This provides hackers with a greater number of opportunities to penetrate systems using blended approaches while organizations struggle to come up to speed with the latest technology developments and commensurate security capabilities. Dealing with anticipated threats is a lot harder than dealing with known threats.

Book Review: Securing The Cloud: Cloud Computer Security Techniques And Tactics, Katina Michael

Associate Professor Katina Michael

With so much buzz around Cloud Computing, books like this one written by Winkler are much in demand. Winkler’s experience in the computing business shines through and as readers we are spoiled with a great deal of useful strategic information- a jam packed almost 300 page volume on securing the cloud.

Book Review: Security Risk Management: Building An Information Security Risk Management Program From The Ground Up, Katina Michael

Associate Professor Katina Michael

In an age of outsourcing tasks that are not considered to be a core competency of the business, organisations have often relied on external consultants for matters pertaining to security. In actual fact, most companies could have utilized existing skill-sets in-house to produce a security risk management program, if only they knew what steps to take, and how to go about it all. Evan Wheeler in his book on information security risk management does just that- he equips professionals tasked with security, with the thinking required to create a program that is more preoccupied with the complex strategic-level questions than …

Cloud Computing: Architectural And Policy Implications, Christopher S. Yoo

All Faculty Scholarship

Cloud computing has emerged as perhaps the hottest development in information technology. Despite all of the attention that it has garnered, existing analyses focus almost exclusively on the issues that surround data privacy without exploring cloud computing’s architectural and policy implications. This article offers an initial exploratory analysis in that direction. It begins by introducing key cloud computing concepts, such as service-oriented architectures, thin clients, and virtualization, and discusses the leading delivery models and deployment strategies that are being pursued by cloud computing providers. It next analyzes the economics of cloud computing in terms of reducing costs, transforming capital expenditures …

Slides: Threats To Biological Diversity: Global, Continental, Local, J. Michael Scott

Shifting Baselines and New Meridians: Water, Resources, Landscapes, and the Transformation of the American West (Summer Conference, June 4-6)

Presenter: J. Michael Scott, U.S. Geological Survey, Idaho Cooperative Fish and Wildlife Research Unit, University of Idaho

38 slides

Data Security Measures In The It Service Industry: A Balance Between Knowledge & Action, N. Mlitwa, Y. Kachala

Journal of Digital Forensics, Security and Law

That “knowledge is power” is fast becoming a cliché within the intelligentsia. Such power however, depends largely on how knowledge itself is exchanged and used, which says a lot about the tools of its transmission, exchange, and storage. Information and communication technology (ICT) plays a significant role in this respect. As a networked tool, it enables efficient exchanges of video, audio and text data beyond geographical and time constraints. Since this data is exchanged over the worldwide web (www), it can be accessible by anyone in the world using the internet. The risk of unauthorised access, interception, modification, or even …

Alphaco: A Teaching Case On Information Technology Audit And Security, Hüseyin Tanriverdi, Joshua Bertsch, Jonathan Harrison, Po-Ling Hsiao, Ketan S. Mesuria, David Hendrawirawan

Journal of Digital Forensics, Security and Law

Recent regulations in the United States (U.S.) such as the Sarbanes-Oxley Act of 2002 require top management of a public firm to provide reasonable assurance that they institute internal controls that minimize risks over the firm’s operations and financial reporting. External auditors are required to attest to the management’s assertions over the effectiveness of those internal controls. As firms rely more on information technology (IT) in conducting business, they also become more vulnerable to IT related risks. IT is critical for initiating, recording, processing, summarizing and reporting accurate financial and non-financial data. Thus, understanding IT related risks and instituting internal …

Big Horn River Litigation Experience: The Second Generation – Post Decree Administration, Gordon W. Fassett

Innovation in Western Water Law and Management (Summer Conference, June 5-7)

5 pages.

Surface Water And Groundwater Conjunctive Use Management: Santa Clara County, California, Jeanette L. Micko

Innovation in Western Water Law and Management (Summer Conference, June 5-7)

47 pages (includes illustrations and maps).