Centre of Expertise Cyber Security

The information security field requires standardised education. This could be based on generic job profiles and a standard competence framework. The question is whether this is possible and feasible. To find out, the author did a case study: developing an information security master curriculum based on a generic PVIB job profile and the underlying competence framework e-CF.

Read more

The ransomware attack on Maastricht University (2019) and the wiperware attack on Maersk (2017) painfully demonstrated that major incidents cannot be prevented and can even turn into cyber crises. The extent to which organisations can limit the impact of cyber crises is determined, among other things, by their business continuity and crisis management. How do you adequately organise these control measures, however?

Download article (PDF)

Implementing a distributed computation architecture has several basis functional requirements, such as load balancing, fault tolerance and security. The challenge is in how you manage these requirements as a whole. Security is a specific problem in that it is made up of a number of important aspects, such as confidentiality, integrity and availability. Each of these aspects is vital in a distributed system.One important aspect of security is access control. The central premise of this thesis is: “If you can name it, you can control access to it”.This dissertation examines the security requirements of the WebCom distributed computing environment and develops the security architecture for WebCom, primarily to provide a systematic access control mechanism for condensed graph applications.The flexibility of this architecture is demonstrated with a number of case studies, including a micropayment architecture for distributed computations, an automated administration architecture for Grid and an activity based secure workflow architecture.

T.B. Quillinan. Secure Naming for Distributing Computing using the Condensed Graph Model. Ph.D. Thesis. University College Cork, Cork, Ireland. July 2006.

Contemporary crisis management has to deal with complex socio-technical environments involving many interdependent elements. Many dependencies in such settings result in complex cascading processes that can have adverse effects on the population, environment, and economy. Adequate situation awareness and the capability to
predict the development of a crisis situation under different circumstances is a critical element of effective, and timely, crisis management and response.

de Oude, Patrick; Pavlin, Gregor;  Quillinan, Thomas; Jeraj, Julij, and Abouhafc, Abdelhaq. (2017). Cloud-Based Intelligence Aquisition and Processing for Crisis Management. 133-153. 10.1007/978-3-319-52419-1_9

Objectives

Examine the level of engagement of young users with money mule recruitment ads on Instagram.

Methods

Three ads reflecting key cybercrime involvement mechanisms and targeting Dutch user clusters were run on two Instagram placements. By means of this quasi-experimental 3 × 2 factorial design, we were able to analyze the reach and views of the ads, click-through rates, gender of the participants, and temporal distributions of user engagement.

Results

Mimicking actual recruitment environments, analysis shows that up to 3% of young users engaged with the ads, especially those promoting a luxury lifestyle and using neutralization techniques. Men were more likely to engage, and click-through rates were higher at night.

Conclusions

Some young Instagram users seem prone to making money through their bank cards and risk becoming involved in cybercrime online. We encourage future research to explore further the use of social media in criminological studies.

Journal of Experimental Criminology (2022)

Understanding cybercrime involvement: a quasi-experiment on engagement with money mule recruitment ads on Instagram