puterweeklylulzsec

201TheEditor(s)(ifapplicable)andTheAuthor(s),underexclusivelicencetoSpringerNatureSwitzerlandAG2019G.
PogrebnaandM.
Skilton,NavigatingNewCyberRisks,https://doi.
org/10.
1007/978-3-030-13527-0References1.
EdwardSnowdenBiography.
AccessedSeptember2018.
https://www.
biography.
com/people/edward-snowden-21262897.
2.
Greenwald,G.
(2013,June6).
NSAcollectingphonerecordsofmillionsofVerizoncustomersdaily.
TheGuardian.
https://www.
theguardian.
com/world/2013/jun/06/nsa-phone-records-verizon-court-order.
3.
Greenwald,G.
,MacAskill,E.
,&Poitras,L.
(2013,June11).
EdwardSnowden:ThewhistleblowerbehindtheNSAsurveillancereveltions.
TheGuardian.
https://www.
the-guardian.
com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance.
4.
Franceschi-Bicchierai,L.
(2014,June5).
The10biggestrevelationsfromEdwardSnowden'sleaks.
MashablesUK.
https://mashable.
com/2014/06/05/edward-snowden-revelations/europe=true#E9W_W2HdFPqV.
5.
Assange,J.
,&Rusbridger,A.
(2011,January).
WikiLeaks:TheGuardian'sroleinthebiggestleakinthehistoryoftheworld.
TheGuardian.
https://www.
the-guardian.
com/media/2011/jan/28/wikileaks-julian-assange-alan-rusbridger.
6.
ChelseaManningBiography.
AccessedSeptember2018.
https://www.
biography.
com/people/chelsea-manning-21299995.
7.
Ellison,S.
(2011,February).
Themanwhospilledthesecrets.
VanityFair.
https://www.
vanityfair.
com/news/2011/02/the-guardian-201102.
8.
Stempel,J.
,&Finkle,J.
(2017,October).
Yahoosaysallthreebillionaccountshackedin2013datatheft.
Reuters.
https://www.
reuters.
com/article/us-ya-hoo-cyber/yahoo-says-all-three-billion-accounts-hacked-in-2013-data-theft-idUSKCN1C82O1.
9.
Perlroth,N.
(2016,September).
Yahoosayshackersstoledataon500millionusersin2014.
NewYorkTimes.
https://www.
nytimes.
com/2016/09/23/tech-nology/yahoo-hackers.
html.
202References10.
Evens,M.
(2015,February).
Hackerssteal650millioninworld'sbig-gestbankraid.
TheTelegraph.
https://www.
telegraph.
co.
uk/news/uknews/crime/11414191/Hackers-steal-650-million-in-worlds-biggest-bank-raid.
html.
11.
Palmer,D.
(2018,May).
WannaCryransomwarecrisis,oneyearon:Arewereadyforthenextglobalcyberattackzdnet.
https://www.
zdnet.
com/article/wannacry-ransomware-crisis-one-year-on-are-we-ready-for-the-next-global-cyber-attack/.
12.
Ghena,B.
,Beyer,W.
,Hillaker,A.
,Pevarnek,J.
,&Halderman,J.
A.
(2014,August)Greenlightsforever:Analyzingthesecurityoftrafficinfrastruc-ture.
InProceedingsofthe8thUSENIXWorkshoponOffensiveTechnologies(WOOT'14).
13.
Greenberg,A.
(2015,July).
Hackersremotelykillajeeponthehigh-way—Withmeinit.
Wired.
https://www.
wired.
com/2015/07/hackers-remotely-kill-jeep-highway/.
14.
Perez,E.
(2015,May19).
FBI:Hackerclaimedtohavetakenoverflight'senginecontrols.
CNN.
https://edition.
cnn.
com/2015/05/17/us/fbi-hack-er-flight-computer-systems/index.
html.
15.
Valero,J.
(2016,July).
Hackersbombardaviationsectorwithover1000attackspermonth.
EuroActiv.
https://www.
euractiv.
com/sec-tion/justice-home-affairs/news/hackers-bombard-aviation-sector-with-more-than-1000-attacks-per-month/.
16.
JayJ.
(2018,May).
Healthcaresectorsufferedmorethanhalfofallcyber-at-tacksin2017.
SCMedia.
https://www.
scmagazineuk.
com/healthcare-sector-suffered-half-cyber-attacks-2017/article/1472744.
17.
2017CylanceThreatReport.
AccessedSeptember2018.
https://pages.
cylance.
com/2018-03CylanceThreatReport2017.
html.
18.
Hern,A.
(2017,August31).
Hackingriskleadstorecallof500,000pacemakersduetopatientdeathfears.
TheGuardian.
https://www.
the-guardian.
com/technology/2017/aug/31/hacking-risk-recall-pacemakers-patient-death-fears-fda-firmware-update.
19.
Smith,R.
(2018,July23).
RussianhackersreachU.
S.
utilitycontrolrooms,Homelandsecurityofficialssay.
WallStreetJournal.
https://www.
wsj.
com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-securi-ty-officials-say-1532388110.
20.
Rosenbush,S.
(2017,November16).
Themorningdownload:FirstAI-poweredcyberattacksaredetected.
CIOJournal,WallStreetJournal.
https://blogs.
wsj.
com/cio/2017/11/16/the-morning-download-first-ai-powered-cyberattacks-are-detected/.
21.
Giles,M.
(2018,January).
Sixcyberthreatstoreallyworryaboutin2018.
MITTechnologyReview.
https://www.
technologyreview.
com/s/609641/six-cyber-threats-to-really-worry-about-in-2018/.
22.
Ukrainepowercut"wascyber-attack".
(2017,January11).
BBC.
https://www.
bbc.
co.
uk/news/technology-38573074.
References20323.
Dickinson,B.
(2017,May3).
Thisiswhatfraudlookslikeintheageofartificialintelligence.
TheNextWeb.
https://thenextweb.
com/contribu-tors/2017/05/03/what-fraud-looks-like-in-the-age-of-artificial-intelligence/.
24.
AIandMLcurbingfinancialfraud.
(2018,March6).
FintechFutures.
https://www.
bankingtech.
com/2018/03/ai-and-ml-curbing-financial-fraud/.
25.
Williams,S.
(2017,May12).
InsideChina'sphoney"clickfarm":Tinyofficeuses10,000handsetstosendfakeratingsand"likes"forboostingclients'onlinepopularity.
TheDailyMail.
https://www.
dailymail.
co.
uk/news/arti-cle-4499730/click-farm-10-000-phones-boost-product-ratings.
html.
26.
TacklingthechallengesofsecuringatrillionconnecteddevicesatArmTechCon2017.
(2017,September6).
ARMTechCon2017.
https://www.
arm.
com/company/news/2017/09/tackling-the-challenges-of-securing-a-tril-lion-connected-devices-at-arm-techcon-2017.
27.
UKGovernment.
(2018,March7).
Secure-by-design.
https://www.
gov.
uk/government/publications/secure-by-design.
28.
Pratt,M.
K.
(2018,January16).
WhatisZeroTrustAmodelformoreeffec-tivesecurity.
CSO.
https://www.
csoonline.
com/article/3247848/network-se-curity/what-is-zero-trust-a-model-for-more-effective-security.
html.
29.
Bird,J.
(2018,September26).
AIisnota"silverbullet"againstcyberattacks.
FinancialTimes.
https://www.
ft.
com/content/14cd2608-869d-11e8-9199-c2a4754b5a0e.
30.
TheWhiteHousejustissuedaDefconscaleforcyberattacks.
(2016,August3).
TheFanaticalFuturist.
https://www.
fanaticalfuturist.
com/2016/08/the-white-house-issued-a-defcon-scale-for-cyber-attacks/.
31.
Lee,D.
(2018,September).
Facebooksecuritybreach:Upto50maccountsattacked.
BBCNews.
https://www.
bbc.
co.
uk/news/technology-45686890.
32.
Kuckler,H.
(2018,September28).
Facebookrevealscyberattackaffect-ingupto50musers.
FinancialTimes.
https://www.
ft.
com/content/c5f13f30-c33f-11e8-8d55-54197280d3f7.
33.
Gross,M.
L.
,Canetti,D.
,&Vashdi,D.
R.
(2016).
Thepsychologicaleffectsofcyberterrorism.
BulletinoftheAtomicScientists,72(5),284–291.
34.
Vatis,M.
A.
(2000).
StatementoncybercrimebeforetheSenateJudiciaryCommittee,CriminalJusticeOversightSubcommitteeandHouseJudiciaryCommittee,CrimeSubcommittee.
Washington,DC:USDepartmentofJustice,29.
35.
Denning,D.
(2001).
IscyberterrornextUnderstandingSeptember,11,191–197.
36.
Denning,D.
E.
(2001).
Activism,hacktivism,andcyberterrorism:TheInternetasatoolforinfluencingforeignpolicy.
Networksandnetwars:Thefutureofterror,crime,andmilitancy(pp.
239,288).
SantaMonica:RANDCorporation.
37.
Coleman,G.
(2014,November4).
Hacker,hoaxer,whistleblower,spy:Themanyfacesofanonymous.
LondonandNewYork:VersoBooks.
204References38.
Denning,D.
(2000,Autumn).
Cyberterrorism:Thelogicbombversusthetruckbomb.
GlobalDialogue,2(4).
Archivedfromtheoriginalon27June2013.
Retrieved20August2014.
39.
Holt,T.
J.
,&Schell,B.
H.
(2010).
Corporatehackingandtechnology-drivencrime:Socialdynamicsandimplications(p.
146).
Hershey:IGIGlobal.
40.
Parikka,J.
(2007).
Digitalcontagions:Amediaarchaeologyofcomputerviruses(p.
145).
NewYork:PeterLang.
41.
Salomon,D.
(2005).
Foundationsofcomputersecurity(p.
43).
https://doi.
org/10.
1007/1-84628-341-8.
42.
Bocij,P.
(2006).
Thedarksideoftheinternet(p.
57).
Westport,CT:Praeger.
43.
Szor,P.
(2005).
Theartofcomputervirusresearchanddefense.
Reading:Addison-Wesley.
44.
Holt,T.
J.
,&Schell,B.
H.
(2013).
Hackersandhacking:Areferencehandbook(p.
31).
SantaBarbara:ABC-CLIO.
45.
Indictment.
UnitedStatesofAmericav.
VictorNetyksho,BorisAntonov,DmitriyBadin,IvanYermakov,AlekseyLukashev,SergeyMorgachev,NikolayKozachek,PavelYershov,ArtemMayshev,AleksandrOsadcguk,AlekseyPotemkin,andAlatoliyKovalev.
Accessedathttps://int.
nyt.
com/data/doc-umenthelper/80-netyksho-et-al-indictment/ba0521c1eef869deecbe/opti-mized/full.
pdfaction=click&module=Intentional&pgtype=Article.
46.
FrankAbagnale:"Catchmeifyoucan"|TalksatGoogle.
https://www.
youtube.
com/watchv=vsMydMDi3rI.
47.
DigitalCatapultUK.
(2015).
Trustinpersonaldata:TheUKreview(TheDigitalCatapultReport).
48.
Ashenden,D.
,&Lawrence,D.
(2013,December).
CanwesellsecuritylikesoapAnewapproachtobehaviourchange.
InProceedingsofthe2013WorkshoponNewSecurityParadigmsWorkshop(pp.
87–94).
ACM.
49.
Ashenden,D.
,&Sasse,A.
(2013).
CISOsandorganisationalchange:TheirownworstenemyComputers&Security,39,396–405.
50.
Friedman,S.
E.
,Musliner,D.
J.
,&Rye,J.
M.
(2014).
Improvingautomatedcybersecuritybygeneralizingfaultsandquantifyingpatchperformance.
InternationalJournalonAdvancesinSecurity,7(3–4),121–130.
51.
Jenkins,D.
,Arnaud,J.
,Thompson,S.
,Yau,M.
,&Wright,J.
(2014).
Versioncontrolandpatchmanagementofprotectionandautomationsystems.
PaperPresentedatthe201412thInternationalConferenceonDevelopmentsinPowerSystemProtection(DPSP),Copenhagen,Denmark,31March–3April.
52.
BorisTaratineon"Robustness,Resilience,andAgility".
LinkedInarticle.
53.
Snowden,D.
(2011).
Riskandresilience.
https://www.
youtube.
com/watchv=2Hhu0ihG3kY.
54.
Wolff,J.
(2006).
Risk,fear,blame,shameandtheregulationofpublicsafety.
EconomicsandPhilosophy,22,409–427.
References20555.
Ralston,P.
A.
,Graham,J.
H.
,&Hieb,J.
L.
(2007).
Cybersecurityriskassess-mentforSCADAandDCSnetworks.
ISATransactions,46(4),583–594.
56.
Cherdantseva,Y.
,Burnap,P.
,Blyth,A.
,Eden,P.
,Jones,K.
,Soulsby,H.
,&Stoddart,K.
(2016).
AreviewofcybersecurityriskassessmentmethodsforSCADAsystems.
Computers&Security,56,1–27.
57.
Hughes,J.
,&Cybenko,G.
(2013).
Quantitativemetricsandriskassessment:Thethreetenetsmodelofcybersecurity.
TechnologyInnovationManagementReview,3(8),15–24.
58.
Cooper,P.
(2016).
Cognitiveactivecyberdefence:Findingvaluethroughhack-inghumannature(MScdissertation).
CranfieldUniversity.
59.
Kilber,J.
,Barclay,A.
,&Ohmer,D.
(2014).
SeventipsformanagingGenerationY.
JournalofManagementPolicyandPractice,15(4),80.
60.
Morgan,T.
(2002).
Businessrulesandinformationsystems:AligningITwithbusinessgoals.
NewYork:Addison-Wesley.
61.
Tobin,D.
R.
(1998).
Theknowledge-enabledorganization:Movingfrom"train-ing"to"learning"tomeetbusinessgoals.
Amacom.
62.
Chmielecki,T.
,Cholda,P.
,Pacyna,P.
,Potrawka,P.
,Rapacz,N.
,Stankiewicz,R.
,etal.
(2014,September).
Enterprise-orientedcybersecuritymanagement.
In2014FederatedConferenceonComputerScienceandInformationSystems(FedCSIS)(pp.
863–870).
IEEE.
63.
Aviram,A.
,&Tor,A.
(2003)OvercomingImpedimentstoInformationSharing.
AlabamaLawReview,55,231.
64.
Dressler,J.
,Bowen,C.
L.
,Moody,W.
,&Koepke,J.
(2014).
Operationaldataclassesforestablishingsituationalawarenessincyberspace.
In20146thInternationalConferenceonCyberConflict(CyCon2014)(pp.
175–186).
IEEE.
65.
Koepke,P.
(2017).
Cybersecurityinformationsharingincentivesandbarriers(WorkingPaperCISL#2017-13).
MIT.
Availablefromhttp://web.
mit.
edu/smadnick/www/wp/2017-13.
pdf.
66.
Kadobayashi,Y.
(2010).
Cybersecurityinformationexchangeframework.
ComputerCommunicationReview,40(5),59–64.
67.
Kharlamov,A.
,Jaiswal,A.
,Parry,G.
,&Pogrebna,G.
(2018a).
Acyberdomain-specificriskattitudesscaletoaddresssecurityissuesinthedigitalspace.
BritishAcademyofManagementAward-WinningPaper.
Availablefromhttps://bit.
ly/2P9o990.
68.
Kharlamov,A.
,Jaiswal,A.
,Parry,G.
,&Pogrebna,G.
(2018b).
Heavyregu-lationandexcessiveinformationaboutcybersecuritymakespeoplerisktakingincyberspace(AlanTuringInstituteWorkingPaper).
69.
Loomes,G.
&Pogrebna,G.
(2017).
DopreferencereversalsdisappearwhenweallowforprobabilisticchoiceManagementScience,63(1),166–184.
70.
Loomes,G.
&Pogrebna,G.
(2014).
Testingforindependencewhileallowingforprobabilisticchoice.
JournalofRiskandUncertainty,49(3),189–211.
206References71.
Loomes,G.
&Pogrebna,G.
(2014).
Measuringindividualriskattitudeswhenpreferencesareimprecise.
EconomicJournal,124(576),569–593.
72.
Blavatskyy,P.
&Pogrebna,G.
(2010).
Modelsofstochasticchoiceanddeci-siontheories:Whybothareimportantforanalyzingdecisions.
JournalofAppliedEconometrics,25(6),963–986.
73.
Li,Z.
,Loomes,G.
&Pogrebna,G.
(2017).
Attitudestouncertaintyinastra-tegicsetting.
EconomicJournal,127(601),809–826.
74.
Brenner,S.
W.
(2007).
Historyofcomputercrime.
InThehistoryofinforma-tionsecurity(pp.
705–721).
Amsterdam:Elsevier.
75.
DeNardis,L.
(2007).
Ahistoryofinternetsecurity.
InTheHistoryofInformationSecurity(pp.
681–704).
Amsterdam:Elsevier.
76.
May,R.
(2018).
Thehumanfirewall:CybersecurityisnotjustanITproblem(KindleEdition).
77.
Evans,K.
,&Reeder,F.
(2010).
Ahumancapitalcrisisincybersecurity:Technicalproficiencymatters.
Washington,DC:CSIS.
78.
Nakamoto,S.
(2009,May24).
Bitcoin:Apeer-to-peerelectroniccashsystem(PDF).
Archived(PDF)fromtheoriginalon20March2014.
Retrieved5March2014.
79.
Nakamoto,S.
(2008,October31).
BitcoinP2Pe-cashpaper.
Archivedfromtheoriginalon28December2012.
Retrieved5March2014.
80.
Kharlamov,A.
,Parry,G.
,&Pogrebna,G.
(2018).
Measuringvulnerabilitytowardscybersecurityrisks(WorkingPaper).
81.
Penrose,L.
S.
,&Penrose,R.
(1958).
Impossibleobjects:Aspecialtypeofvisualillusion.
BritishJournalofPsychology,49,31–33.
https://doi.
org/10.
1111/j.
2044-8295.
1958.
tb00634.
x.
(pmid13536303).
82.
Druga,S.
,Williams,R.
,Breazeal,C.
,&Resnick,M.
(2017,June).
HeyGoogleisitOKifIeatyou:Initialexplorationsinchild-agentinteraction.
InProceedingsofthe2017ConferenceonInteractionDesignandChildren(pp.
595–600).
ACM.
83.
Augello,A.
,Gentile,M.
,Weideveld,L.
,&Dignum,F.
(2016).
Amodelofasocialchatbot.
InIntelligentinteractivemultimediasystemsandservices2016(pp.
637–647).
Cham:Springer.
84.
Janarthanam,S.
(2017).
Hands-onchatbotsandconversationalUIdevelopment:BuildchatbotsandvoiceuserinterfaceswithChatfuel,Dialogflow,MicrosoftBotFramework,Twilio,andAlexaSkills.
Birmingham:Packt.
85.
JaneJacobsbiography.
https://www.
biography.
com/people/jane-jacobs-9351679.
86.
Yeung,S.
,Downing,N.
L.
,Fei-Fei,L.
,&Milstein,A.
(2018,April5).
Bedsidecomputervision—Movingartificialintelligencefromdriverassis-tancetopatientsafety.
TheNewEnglandJournalofMedicine,378(14).
https://www.
nejm.
org/doi/full/10.
1056/NEJMp1716891.
87.
Evers,J.
(2006,August7).
VistahackedatBlackHat.
CNET.
https://www.
cnet.
com/news/vista-hacked-at-black-hat/.
References20788.
Adams,J.
(1995[2002]).
Risk.
London:Routledge.
89.
Takingaccountofsocietalconcernsaboutrisk:Framingtheproblem.
(2002).
ProfessorJohnAdamsUCL,ProfessorMichaelThompsonUniversityofBergen.
HealthandSafetyExecutiveHSE.
http://www.
hse.
gov.
uk/research/rrpdf/rr035.
pdf.
90.
Theriskoffreedom:Individuallibertyandthemodernworld.
(1999).
InstituteofUnitedStatesStudies.
http://john-adams.
co.
uk/wpcontent/uploads/2006/risk,%20freedom%20&%20responsibility.
pdf.
91.
Whatisgamificationhttps://www.
bunchball.
com/gamification.
92.
Ashford,W.
(2018,April3).
Automationandgamificationkeytocybersecu-rity.
ComputerWeekly.
https://www.
computerweekly.
com/news/252437833/Automation-and-gamification-key-to-cyber-security.
93.
Usinggamificationtotransformsecurityawareness—SANSSecurityAwarenessSummit,London2016,MashaSedova,SeniorDirectorofTrustEngagement,Salesforce.
https://www.
sans.
org/summit-archives/file/sum-mit-archive-1493221150.
pdf.
94.
6reasonsgamificationimprovescybersecuritytraining.
TechRepublic.
MichaelKassner|August19,2018,https://www.
techrepublic.
com/article/6-reasons-gamification-improves-cybersecurity-training/.
95.
Attributiontheory.
https://www.
simplypsychology.
org/attribution-theory.
html.
96.
Fundamentalattributionerror.
https://ethicsunwrapped.
utexas.
edu/glossary/fundamental-attribution-error.
97.
Securebydesign,PolicyPaper,UKGovernment,March2018relatingtoConsumerInternetofThings(IoT).
https://www.
gov.
uk/government/publications/secure-by-design.
98.
Securitybydesignprinciples.
OWASP.
https://www.
owasp.
org/index.
php/Security_by_Design_Principles.
99.
Bada,M.
&Sasse,A.
(2014,July).
Cybersecurityawarenesscampaigns—Whydotheyfailtochangebehavior(DraftWorkingPaper).
GlobalCyberSecurityCapacityCenter.
http://discovery.
ucl.
ac.
uk/1468954/1/Awareness%20CampaignsDraftWorkingPaper.
pdf.
100.
Lohrmann,D.
(2017,June).
Thetroubleifsecurityawarenesstrainingismainlyapunishment.
GovernmentTechnology.
http://www.
govtech.
com/blogs/lohrmann-on-cybersecurity/the-trouble-if-security-awareness-training-is-only-a-penalty.
html.
101.
Jackson,W.
(2007,March).
Cultureofsecurity,DanLohrmann.
GCN.
https://gcn.
com/articles/2007/03/01/dan-lohrmann--culture-of-security.
aspx.
102.
10steps:Usereducationandawareness(2016,August).
NationalCyberSecurityCentre,UKGov.
https://www.
ncsc.
gov.
uk/guidance/10-steps-user-education-and-awareness.
103.
Condon,R.
(2009,May).
NHSimposesUSBsticksecurity.
https://www.
com-puterweekly.
com/news/1356428/NHS-imposes-USB-stick-security.
208References104.
Heathcote,A.
(2017,May).
Secureconfiguration,GoodPracticeGuide.
NHSDigital.
file://mac/Home/Downloads/secure_configuration_-_good_prac-tice_guide_230517.
pdf.
105.
Honeypothttps://searchsecurity.
techtarget.
com/definition/honey-pot.
106.
Cole,E.
,&Northcutt,S.
Honeypots:Asecuritymanager'sguidetohoneypots.
V1.
1SANSTechnologyInstitute,SecurityLaboratory.
https://www.
sans.
edu/cyber-research/security-laboratory/article/honeypots-guide.
107.
Lyons,K.
,Ellis-Petersen,H.
,Kuo,L.
,&Zhou,N.
(2018,July30).
Malaysianinvestigatorsrelease1,500-pagereportintodisappearanceofMH370.
TheGuardian.
https://www.
theguardian.
com/world/live/2018/jul/30/mh370-final-report-released-by-malaysian-government-live.
108.
SafetyInvestigationReport,MalaysiaAirlinesBoeingB777-200ER(9M-MRO),8March2014.
TheMalaysianICAOAnnex13SafetyInvestigationTeamforMH370.
Issued2July2018MH370/01/2018.
http://mh370.
mot.
gov.
my/MH370SafetyInvestigationReport.
pdf.
109.
Scruton,P.
,Phipps,C.
,&Levett,C.
(2017,January).
MissingflightMH370—Avisualguidetothepartsanddebrisfoundsofar.
TheGuardian.
https://www.
theguardian.
com/world/ng-interactive/2017/jan/17/missing-flight-mh370-a-visual-guide-to-the-parts-and-debris-found-so-far.
110.
Lawler,J.
(2017,May).
Nutritionandbiomarkers—NewwaystotrackfoodintakeIrishTechNews.
https://irishtechnews.
ie/nutrition-and-biomarkers-new-ways-to-track-food-intake/.
111.
Combs,G.
F.
,Trumbo,P.
R.
,McKinley,M.
C.
,Milner,J.
,Studenski,S.
,Kimura,T.
etal.
(2013,March).
Biomarkersinnutrition:Newfrontiersinresearchandapplication.
AnnalsoftheNewYorkAcademyofSciences,1278(1),1–10.
https://doi.
org/10.
1111/nyas.
12069.
112.
Blood,DNAandLifestylehabitstestbiotrackersforwellness.
InsideTracker.
AccessedSeptember2018.
https://www.
insidetracker.
com/https://www.
insidetracker.
com/customer/onboarding/choose-plan/.
113.
Johnston,A.
,&Warkentin,M.
(2010,September).
Fearappealsandinfor-mationsecurity,behaviours:Anempiricalstudy.
MISQuarterly,34(3).
http://www.
uab.
edu/cas.
114.
Evans,M.
,Maglaras,L.
A.
,He,Y.
&Janicke,H.
(2016,January).
Humanbehaviorasanaspectofcybersecurityassurance(arXiv:1601.
03921v1[cs.
CR]).
115.
Aytes,K.
,Connolly,T.
,Ovelgonne,M.
,Dumitras,T.
,Prakash,A.
,Subrahmanian,V.
S.
,&Wany,B.
(2017,July).
Understandingtherelation-ship,betweenhumanbehaviorandsusceptibilitytocyber-attacks:Adata-drivenapproach.
ACMTransactionsonIntelligentSystemsandTechnology(TIST)—SpecialIssue:CyberSecurityandRegularPapers,8(4),Articleno.
51.
116.
Gross,M.
L.
Canetti,D.
,&Vashdi,D.
R.
(2016).
Thepsychologicaleffectsofcyberterrorism.
PMCUSNationalLibraryofMedicine.
BulletinoftheAtomicScientists,72(5),284–291.
Publishedonline4August,2016.
https://doi.
org/10.
1080/00963402.
2016.
1216502.
References209117.
Whipple,A.
(2016,May).
Thehackerpsychologyplaysonthesehumanfearsandmisperceptions.
Hackerpsychology:Understandingthe4emotionsofsocialengineering.
NetworkWorld.
AccessedSeptember2018.
https://www.
net-workworld.
com/article/3070455/cloud-security/hacker-psychology-under-standing-the-4-emotions-of-social-engineering.
html.
118.
Paulie"Gloves"Gavoni.
(2018,February).
FightScience:OvercomingfearandanxietythroughACTion.
BloodyElbow,forMMAandUFCnews.
https://www.
bloodyelbow.
com/2018/2/13/17006696/fight-science-overcoming-fear-anxiety-through-action.
119.
Mobbs,D.
,Hagan,C.
C.
,Dalgleish,T.
,Silston,B.
&Prévost,C.
(2015).
Theecologyofhumanfear:Survivaloptimizationandthenervoussystem.
FrontiersinNeuroscience,9,55.
https://doi.
org/10.
3389/fnins.
2015.
00055.
120.
Liu,C.
,Marchewka,J.
T.
,Lu,J.
,&Yu,C.
S.
(2004,December).
Beyondconcern—Aprivacy-trust-behavioralintentionmodelofelectroniccommerce.
Information&Management,42(2),289–304.
https://doi.
org/10.
1016/j.
im.
2004.
01.
003.
121.
Ferrara,E.
(2015,Spring).
Manipulationandabuseonsocialmedia.
ACMSIGWEBNewsletter.
Article4.
https://arxiv.
org/pdf/1503.
03752.
pdf.
122.
vanDeursen,A.
&Helsper,E.
(2015).
AnuancedunderstandingofInternetuseandnon-useamongstolderadults.
EuropeanJournalofCommunication,ISSN0267-3231https://doi.
org/10.
1177/0267323115578059.
123.
Children'sonlineprivacyandfreedomofexpression.
(2018,May).
UnitedNationsChildren'sFund(UNICEF).
https://www.
unicef.
org/csr/files/UNICEF_Childrens_Online_Privacy_and_Freedom_of_Expression(1).
pdf.
124.
Onlineabuse,factsandfigures.
NSPCC.
https://www.
nspcc.
org.
uk/preventing-abuse/child-abuse-and-neglect/online-abuse/facts-statistics/.
125.
Globalallianceagainstchildsexualabuseonline—Report—December2013.
EU.
https://ec.
europa.
eu/home-affairs/sites/homeaffairs/files/what-we-do/policies/organized-crime-and-human-trafficking/global-alliance-against-child-abuse/docs/global_alliance_report_201312_en.
pdf.
126.
Childsexualabuse—Nationalchildren'sadvocacycenter.
(2018).
http://www.
nationalcac.
org/wp-content/uploads/2018/02/CSA-Perpetrators.
pdf.
127.
Neumann,P.
R.
(2013).
Optionsandstrategiesforcounteringonlineradical-izationintheUnitedStates.
Journal,StudiesinConflictandTerrorism,36(6).
https://doi.
org/10.
1080/1057610X.
2013.
784568.
128.
Malcher,A.
(2016,August).
Psychologicalmanipulationviasocialmediaandself-identity.
Securitynewsdesk.
http://www.
securitynewsdesk.
com/psychological-manipulation-via-social-media-concept-self-identity/.
129.
Palos-Sanchez,P.
R.
,Hernandez-Mogollon,J.
M.
,&Campon-Cerro,A.
M.
(2017).
Thebehavioralresponsetolocationbasedservices:Anexami-nationoftheinfluenceofsocialandenvironmentalbenefits,andprivacy.
Sustainability,9(11)(1988).
https://doi.
org/10.
3390/su9111988,https://www.
mdpi.
com/2071-1050/9/11/1988/pdf.
210References130.
The"basketball"awarenessstudy.
YouTube.
AccessedSeptember2018.
https://www.
youtube.
com/watchv=47LCLoidJh4.
131.
The"door"study.
YouTube.
Accessedseptember2018.
https://www.
youtube.
com/watchv=FWSxSQsspiQ.
132.
Cromwell,H.
C.
(2008).
Sensorygating:Atranslationaleffortfrombasictoclinicalscience.
ClinicalEEGandNeuroscience.
https://doi.
org/10.
1177/155005940803900209.
133.
31psychologicaldefensemechanismsexplained.
PsychologistWorld.
AccessedSeptember2018.
https://www.
psychologistworld.
com/freud/defence-mechanisms-list.
134.
Whitbourne,S.
K.
(2016,October).
Your9topdefensemechanisms,revis-ited.
https://www.
psychologytoday.
com/us/blog/fulfillment-any-age/201610/your-9-top-defense-mechanisms-revisited.
135.
Ziegler,D.
J.
(2016).
Defensemechanismsinrationalemotivecognitivebehaviortherapypersonalitytheory.
JournalofRational-Emotive&Cognitive-BehaviorTherapy,34,135–148.
https://doi.
org/10.
1007/s10942-016-0234-2.
136.
Field,T.
A.
,Beeson,E.
T.
,&Jones,L.
K.
(2015).
ThenewABCs:Aprac-titioner'sguidetoneuroscience-informedcognitive-behaviortherapy(PDF).
JournalofMentalHealthCounseling,37(3),206–220.
https://doi.
org/10.
17744/1040-2861-37.
3.
206.
137.
Cognitivebehavioraltherapy(CBT).
Mind.
AccessedSeptember2018.
https://www.
mind.
org.
uk/information-support/drugs-and-treatments/cogni-tive-behavioural-therapy-cbt/#.
W6n7LNNKgdU.
138.
Theethicsofmanipulation.
(2018,March).
StanfordEncyclopediaofPhilosophy.
https://plato.
stanford.
edu/entries/ethics-manipulation/.
139.
Ienca,M.
&Vayena,E.
(2018,March).
Cambridgeanalyticaandonlinemanipulation.
ScientificAmerican.
https://blogs.
scientificamerican.
com/observations/cambridge-analytica-and-online-manipulation/.
140.
Microsoftsecurityservicingcommitmentstowindowsbulletin.
(2018,June).
https://msdnshared.
blob.
core.
windows.
net/media/2018/06/Microsoft-Security-Servicing-Commitments_SRD.
pdf.
141.
Sheyner,O.
,&Wing,J.
(2003).
Toolsforgeneratingandanalyzingattackgraphs.
CarnegieMellonUniversity,USA.
InternationalSymposiumonFormalMethodsforComponentsandObjects.
FMCO2003:FormalMethodsforComponentsandObjects(pp344–371).
http://www.
cs.
cmu.
edu/afs/cs/pro-ject/svc/projects/security/fmco04.
pdf.
142.
Durkota,K.
,Lis,V.
,Boansk,B.
,&Kiekintveld,C.
(2015).
Optimalnetworksecurityhardeningusingattackgraphgames.
InProceedingsoftheTwenty-FourthInternationalJointConferenceonArtificialIntelligence(IJCAI).
143.
Ingols,K.
,Lippmann,R.
,&Piwowarski,K.
Practicalattackgraphgenera-tionfornetworkdefense.
InProceedingsofthe22ndAnnualComputerSecurityApplicationsConference(ACSAC'06)(pp.
121–130).
https://doi.
org/10.
1109/acsac.
2006.
39.
References211144.
Zhang,S.
,Ou,X.
,Singhal,A.
,&Homer,J.
Anempiricalstudyofavul-nerabilitymetricaggregationmethod.
NISTWebsite.
https://ws680.
nist.
gov/publication/get_pdf.
cfmpub_id=908558.
145.
Homer,J.
,Varikuti,A.
,Ou,X.
,&McQueen,M.
A.
(2008).
Improvingattackgraphvisualizationthroughdatareductionandattackgrouping.
InJ.
R.
Goodall,G.
Conti,K.
L.
Ma(eds.
),VisualizationforComputerSecurity.
VizSec2008.
LectureNotesinComputerScience,vol.
5210.
BerlinandHeidelberg:Springer.
146.
Ou,X.
,Govindavajhala,S.
,&Appel,A.
W.
MulVAL:Alogic-basednetworksecurityanalyzer.
SSYM2005Proceedingsofthe14thconferenceonUSENIXSecuritySymposium—Volume14(p.
8).
147.
OVALwebsite.
https://oval.
cisecurity.
org/.
148.
PCmagdefinitionofrootlevelaccess.
https://www.
pcmag.
com/encyclopedia/term/63338/root-level.
149.
Desjardins,J.
(2017,February).
Here'showmanymillionsoflinesofcodeittakestorundifferentsoftware.
BusinessInsider.
http://uk.
businessinsider.
com/how-many-lines-of-code-it-takes-to-run-different-software-2017-2r=US&IR=T.
150.
McCandless,D.
(2015).
Informationisbeautiful.
https://informationisbeauti-ful.
net/visualizations/million-lines-of-code/.
151.
Lloyd,S.
(2001,September).
Measuresofcomplexity:Anonexhaustivelist.
IEEEControlSystemsMagazine,21(4)(MIT),7–8.
https://doi.
org/10.
1109/mcs.
2001.
939938.
152.
Hoffman,C.
(2017,November).
Intelmanagementengine,explained:ThetinycomputerinsideyourCPU.
How-ToGeek.
https://www.
howtogeek.
com/334013/intel-management-engine-explained-the-tiny-computer-inside-your-cpu/.
153.
Davis,J.
(2016,August).
TrapXlaunchesransomwaredeceptiontool,CryptoTrap.
HealthITNews.
https://www.
healthcareitnews.
com/news/trapx-launches-ransomware-deception-tool-cryptotrap.
154.
FirstmidwestbankusesFidelisDeceptiontodetectandrespondtosecurityanomalies,casestudy.
AccessedOctober2018.
https://www.
fidelissecurity.
com/case-study-first-midwest-bank.
155.
20deceptiontechnologycompanies:In-depthguide[2018].
AppliedAIblog.
https://blog.
appliedai.
com/deception-tech-companies/.
156.
Kolton,D.
(2018,May).
5waysdeceptiontechisdisruptingcybersecurity.
TNW.
https://thenextweb.
com/contributors/2018/05/26/5-ways-deception-technology-is-changing-cybersecurity/.
157.
Hutchins,E.
M.
,Cloppert,M.
J.
,&Amin,R.
M.
(2011,January).
Intelligence-drivencomputernetworkdefenseinformedbyanalysisofadversarycampaignsandintrusionkillchains.
https://www.
lockheedmartin.
com/con-tent/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.
pdf.
212References158.
Goldwasser,S.
,Micali,S.
,&Rackoff,C.
(1989,February).
Theknowl-edgecomplexityofinteractiveproofsystems.
MIT.
SocietyforIndustrialandAppliedMathematics,18(1),186–208.
http://people.
csail.
mit.
edu/sil-vio/Selected%20Scientific%20Papers/Proof%20Systems/The_Knowledge_Complexity_Of_Interactive_Proof_Systems.
pdf.
159.
Lexie.
(2017,November).
Zero-knowledgeproofsexplained:Part1.
ExpressVPN.
https://www.
expressvpn.
com/blog/zero-knowledge-proofs-explained/.
160.
Quisquater,J.
J.
,Guillou,L.
C.
,&Berson,T.
A.
(1990).
Howtoexplainzero-knowledgeprotocolstoyourchildren.
AdvancesinCryptology—CRYPTO'89:Proceedings,435,628–631.
http://pages.
cs.
wisc.
edu/~mkow-alcz/628.
pdf.
161.
Zero-knowledgeproof.
Wikipedia.
https://en.
wikipedia.
org/wiki/Zero-knowledge_proof.
162.
LukasS.
"Onzero-knowledgeproofsinblockchains",May,TheArgonGroup,Medium.
https://medium.
com/@argongroup/on-zero-knowledge-proofs-in-blockchains-14c48cfd1ddl.
163.
Blum,M.
,Feldman,P.
,&Micali,S.
(1988).
Non-interactivezero-knowledgeanditsapplications.
InProceedingsofthetwentiethannualACMsymposiumonTheoryofcomputing(STOC1988)(pp.
103–112).
164.
Goldreich,O.
,&Oren,Y.
(1994).
Definitionsandpropertiesofzero-knowledgeproofsystems.
JournalofCryptology,7(1),1–32.
165.
Bitansky,N.
,Canetti,R.
,Chiesa,A.
,&Tromer,E.
Fromextractablecollisionresistancetosuccinctnon-interactiveargumentsofknowledge,andbackagain.
(ProceedingITCS'12)Proceedingsofthe3rdInnovationsinTheoreticalComputerScienceConference(pp.
326–349).
https://eprint.
iacr.
org/2011/443.
pdf.
166.
Sasson,E.
B.
,Chiesa,A.
,Garman,C.
,Green,M.
,Miers,I.
,Tromer,E.
,&Virza,M.
(2014,May18).
Zerocash:Decentralizedanonymouspaymentsfrombitcoin(PDF).
IEEE.
167.
Orcutt,M.
(2017,November).
Amind-bendingcryptographictrickprom-isestotakeblockchainsmainstream.
MITTechnologyReview.
https://www.
technologyreview.
com/s/609448/a-mind-bending-cryptographic-trick-prom-ises-to-take-blockchains-mainstream/.
168.
Greenwald,J.
(2016,September).
PPPLandPrincetondemonstratenoveltechniquethatmayhaveapplicabilitytofuturenucleardisarmamenttalks.
PrincetonPlasmaPhysicsLaboratory.
https://www.
pppl.
gov/news/2016/09/pppl-and-princeton-demonstrate-novel-technique-may-have-applicability-fu-ture-nuclear.
169.
Cameron-Huff,A.
(2017,March).
Howtokenizationisputtingreal-worldassetsonblockchains.
Nasdaq.
https://www.
nasdaq.
com/article/how-tokenization-is-putting-real-world-assets-on-blockchains-cm767952.
170.
Cosset,D.
(2018,January).
Blockchain:WhatisminingDev.
to.
https://dev.
to/damcosset/blockchain-what-is-mining-2eod.
References213171.
Khatwani,S.
(2018,October).
Whatisdoublespending&howdoesbitcoinhandleitcoinsutra.
https://coinsutra.
com/bitcoin-double-spending/.
172.
Howbitcoinminingworks.
AccessedOctober2018.
https://www.
bitcoinmin-ing.
com/.
173.
Eremenko,K.
(May).
Howdoesbitcoin/blockchainminingworkMedium.
https://medium.
com/swlh/how-does-bitcoin-blockchain-mining-work-36db1c5cb55d.
174.
Dwork,C.
,&Naor,M.
(1993).
Pricingviaprocessing,or,combattingjunkmail.
AdvancesinCryptology.
CRYPTO'92:LectureNotesinComputerScienceNo.
740.
Springer:139–147.
175.
Jakobsson,M.
,&Juels,A.
(1999).
Proofsofworkandbreadpuddingproto-cols.
CommunicationsandMultimediaSecurity.
KluwerAcademicPublishers:258–272.
176.
Cecin,F.
(2016,June).
Digitalmoneywithproof-of-useful-work.
Medium.
https://medium.
com/money-games/digital-money-with-proof-of-useful-work-81ff547695e4.
177.
WhatiszerotrustCentrifyzerotrustsecurity.
AccessedOctober2018.
https://www.
centrify.
com/education/what-is-zero-trust/.
178.
BeyondCorp.
GoogleCloud.
https://cloud.
google.
com/beyondcorp/.
179.
OperationAuroraCyberattack2009.
https://en.
wikipedia.
org/wiki/Operation_Aurora.
180.
BeyondCorp.
com.
https://beyondcorp.
com/.
181.
ArubaperspectivewithGartnerReportsevenimperativestoadoptaCARTAapproach.
https://www.
gartner.
com/imagesrv/media-products/pdf/hpe/hpe-1-504080P.
pdf.
182.
RonaldReagan:Trustbutverify;watchcloselyanddon'tbeafraidtoseewhatyousee.
AccessedOctober2018.
https://www.
youtube.
com/watchv=yfZ5fa5bPJU.
183.
Robertson,J.
,&Riley,M.
(2018,October4).
Thebighack:HowChinausedatinychiptoinfiltrateU.
S.
companies.
BloombergBusinessweek.
https://www.
bloomberg.
com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies.
184.
TheGuardian.
(2018,June7).
China'sZTEtopayUS$1bnfineinnewdealtosavecompany.
https://www.
theguardian.
com/business/2018/jun/07/us-china-zte-deal-fine-sanctions.
185.
Wolfe,H.
B.
(2018).
AustraliashouldreverseitsHuawei5Gban.
HuaweipaidpostNewYorkTimes.
https://www.
nytimes.
com/paidpost/hua-wei/australia-should-reverse-its-huawei-5g-ban.
htmlcpv_dsm_id=191241192&tbs_nyt=2018-oct-nytnative_hp.
186.
Thelinkbetweenperceivedcomfortandperceivedsafety,VTISwedishTransportAdministration.
AccessedSeptember2018.
https://www.
vti.
se/en/Research-areas/driving-simulation1/Application/Perceived-comfort-and-perceived-safety/.
214References187.
CFdisclosureguidance:TopicNo.
2.
(2011).
CyberSecurity.
https://www.
sec.
gov/divisions/corpfin/guidance/cfguidance-topic2.
htm.
188.
UpdatedSECguidanceFebruary201817CFRParts229and249[ReleaseNos.
33-10459;34-82746].
Commissionstatementandguidanceonpub-liccompanycybersecuritydisclosures.
https://www.
sec.
gov/rules/interp/2018/33-10459.
pdf.
189.
Godlee,F.
,Smith,J.
,&Marcovitch,H.
(2011).
Wakefield'sarticlelinkingMMRvaccineandautismwasfraudulent.
https://doi.
org/10.
1136/bmj.
c7452(Published6January2011)BMJ,342,c7452https://www.
bmj.
com/con-tent/342/bmj.
c7452.
190.
RulingondoctorinMMRscare.
(2010,January).
NHS.
https://www.
nhs.
uk/news/medical-practice/ruling-on-doctor-in-mmr-scare/.
191.
Smith,R.
(2012,November).
MMRuptakeratesfinallyrecoveredfromWakefieldscandalfiguresshow.
TheTelegraph.
https://www.
telegraph.
co.
uk/news/health/news/9705374/MMR-uptake-rates-finally-recovered-from-Wakefield-scandal-figures-show.
html.
192.
HealthandSocialCareAct2008(RegulatedActivities)Regulations2014:Regulation20:Dutyofcandor.
https://www.
cqc.
org.
uk/guidance-providers/regulations-enforcement/regulation-20-duty-candour.
193.
Witkin,R.
(1983,July).
Jet'sfuelranoutaftermetricconversionerrors.
NewYorkTimes.
https://www.
nytimes.
com/1983/07/30/us/jet-s-fuel-ran-out-af-ter-metric-conversion-errors.
html.
194.
AviationSafetyNetwork.
July1983Report.
https://aviation-safety.
net/database/record.
phpid=19830723-0.
195.
Greatmiscalculations:TheFrenchrailwayerrorand10others.
(2014,May).
BBC.
https://www.
bbc.
co.
uk/news/magazine-27509559.
196.
Fox-Brewster,T.
(2014,September).
LondonersgiveupeldestchildreninpublicWi-Fisecurityhorrorshow.
TheGuardian.
https://www.
theguardian.
com/technology/2014/sep/29/londoners-wi-fi-security-herod-clause.
197.
Anderson,R.
(2002,June20–21).
Securityinopenversusclosedsystems—ThedanceofBoltzmann,CoaseandMoore.
OpenSourceSoftware:Economics,LawandPolicy,Toulouse,France.
198.
Lemos,R.
(2002,June).
Open,closedsourcesecurityaboutequalZdnet.
https://www.
zdnet.
com/article/open-closed-source-security-about-equal-5000296876/.
199.
Smith,L.
J.
(2018,August).
Whybuyingacarortryingtotaxyourcarthisweekendcouldseeyoulanda1,000fine.
TheExpress.
https://www.
express.
co.
uk/life-style/cars/1004805/DVLA-car-tax-website-down-fine-buying-car-UK.
200.
Leyden,J.
(2018,March).
DVLAdeniesdrivinglicenseprocessingsiteisasecurity'carcrash'.
TheRegister.
https://www.
theregister.
co.
uk/2018/03/09/dvla_insecure_site_dispute/.
References215201.
Measuringthecostofcybercrime,WES2012Conference.
https://www.
econ-infosec.
org/archive/weis2012/papers/Anderson_WEIS2012.
pdf.
202.
Clayton,R.
(2012,October).
MeasuringCybercrime.
UniversityofCambridge,Computerlaboratory.
https://www.
cl.
cam.
ac.
uk/~rnc1/talks/121019-cybercrime.
pdf.
203.
Hoffman,C.
(2014,February).
5seriousproblemswithHTTPSandSSLsecurityontheweb.
How-ToGeek.
https://www.
howtogeek.
com/182425/5-serious-problems-with-https-and-ssl-security-on-the-web/.
204.
February28thDDoSIncidentReport.
(2018,March).
GitHubEngineering.
SKottler.
https://githubengineering.
com/ddos-incident-report/.
205.
Ranger,S.
(2018,March).
GitHubhitwiththelargestDDoSattackeverseen.
zdnet.
https://www.
zdnet.
com/article/github-was-hit-with-the-largest-ddos-attack-ever-seen/.
206.
Memcached.
https://memcached.
org/.
207.
Understandingtriangulationfraud.
(2015,October).
Radial.
https://www.
radial.
com/insights/understanding-triangulation-fraud.
208.
RedteamdefinitionfromFinancialTimesLexicon.
http://lexicon.
ft.
com/termterm=red-team.
209.
DoDD8570.
1:Blueteam.
ADI(formerlySyprisElectronics).
https://www.
sypriselectronics.
com/information-security/cyber-security-solutions/computer-network-defense/.
210.
Cyberguardian:Blueteam.
SANSInstitute.
https://www.
sans.
org/cyber-guardian/blue-team.
211.
Murdoch,D.
(2014).
Blueteamhandbook.
IncidentResponseEdition(2nded.
).
CreateSpaceIndependentPublishingPlatform.
ISBN978-1500734756.
212.
Miessler,D.
(2016,February).
Thedifferencebetweenred,blue,andpurpleteams.
https://danielmiessler.
com/study/red-blue-purple-teams/.
213.
Jamil,A.
(2010,March29).
ThedifferencebetweenSEM,SIMandSIEM.
Sectier.
https://www.
gmdit.
com/NewsView.
aspxID=9IfB2Axzeew=.
214.
Kubecka,C.
(2011,December29).
28c3:Securitylogvisualizationwithacorrelationengine.
https://www.
youtube.
com/watchv=j4pF9VUdphc&fea-ture=youtu.
be,https://events.
ccc.
de/congress/2011/Fahrplan/events/4767.
en.
html.
215.
Swift,D.
(2010).
SuccessfulSIEMandlogmanagementstrategiesforauditandcompliance.
SANSInstitute.
https://www.
sans.
org/reading-room/whitepapers/auditing/paper/33528.
216.
Pauli,D.
(2016,November).
IoTwormcanhackPhilipsHuelightbulbs,spreadacrosscities.
TheRegister.
https://www.
theregister.
co.
uk/2016/11/10/iot_worm_can_hack_philips_hue_lightbulbs_spread_across_cities/.
217.
Ronen,E.
,O'Flynn,C.
,Shamir,A.
,&Weingarten,A.
O.
Goesnuclear:Creatingazigbeechainreaction.
IoTIEEESecurity&Privacy.
https://doi.
org/10.
1109/msp.
2018.
1331033.
216References218.
Symmetricvs.
Asymmetricencryption—WhataredifferencesSSL2Buy.
AccessedOctober2018.
https://www.
ssl2buy.
com/wiki/symmetric-vs-asymmetric-encryption-what-are-differences.
219.
Anoverviewofpublickeyinfrastructures(PKI).
AccessedOctober2018.
https://www.
techotopia.
com/index.
php/An_Overview_of_Public_Key_Infrastructures_(PKI).
220.
Kocher,P.
,Jaffe,J.
,&Jun,B.
Differentialpoweranalysis(DPA).
CryptographyResearch,Inc.
https://www.
paulkocher.
com/doc/DifferentialPowerAnalysis.
pdf.
221.
Introductiontoside-channelattacks.
Rambus.
AccessedOctober2018.
http://info.
rambus.
com/hubfs/rambus.
com/Gated-Content/Cryptography/Introduction-to-Side-Channel-Attacks-eBook.
pdfhsCtaTracking=c476fb62-8de1-44e8-b7c9-9607f0cb447e%7Cafdca38a-dd94-44ba-a18c-a7eb8ad70d5d.
222.
DPACountermeasures.
Rambus.
AccessedOctober2018.
https://www.
ram-bus.
com/security/dpa-countermeasures/.
223.
Seppala,T.
J.
(2016,November).
HackershijackPhilipsHuelightswithadrone.
Engadget.
https://www.
engadget.
com/2016/11/03/hackers-hijack-a-philips-hue-lights-with-a-drone/.
224.
Zetter,K.
(2015,January).
Acyberattackhascausedconfirmedphysicaldamageforthesecondtimeever.
Wired.
https://www.
wired.
com/2015/01/german-steel-mill-hack-destruction/.
225.
DieLagederIT-SicherheitinDeutschland2014German(SteelMillHackReport).
https://www.
wired.
com/wp-content/uploads/2015/01/Lagebericht2014.
pdf.
226.
Timeline:HowStuxnetattackedanuclearplant.
BBCiwonder.
https://www.
bbc.
com/timelines/zc6fbk7.
227.
Muncaster,P.
(2018,June).
MPs:CNIattacksareUK'sbiggestcyber-threat.
InfosecurityMagazine.
https://www.
infosecurity-magazine.
com/news/mps-cni-attacks-are-uks-biggest/.
228.
Spanier,G.
(2016,March8).
Protectingbrandreputationinthewakeofacyber-attack.
Raconteur.
https://www.
raconteur.
net/risk-management/protecting-brand-reputation-in-the-wake-of-a-cyber-attack.
229.
TheTelegraph.
(2018,February28).
Whydigital-agedirectorsneeddirec-torsandofficers(D&O)cover.
https://www.
telegraph.
co.
uk/business/risk-insights/directors-need-d-and-o-insurance/.
230.
AustralianmetaldetectorcompanycountscostofChinesehacking.
(2015,June).
Reuters.
https://www.
reuters.
com/article/china-cybersecurity-australia/australian-metal-detector-company-counts-cost-of-chinese-hacking-idUSL-3N0YX2OX20150624.
231.
Monaghan,A.
(2016,May12).
TalkTalkprofitshalveaftercyber-attack.
TheGuardian.
https://www.
theguardian.
com/business/2016/may/12/talktalk-profits-halve-hack-cyber-attack.
232.
AshleyAdisondatabreach.
Wikipedia.
AccessedOctober2018.
https://en.
wikipedia.
org/wiki/Ashley_Madison_data_breach.
References217233.
Thomsen,S.
(2015,July20).
ExtramaritalaffairwebsiteAshleyMadisonhasbeenhackedandattackersarethreateningtoleakdataonline.
BusinessInsider.
http://uk.
businessinsider.
com/cheating-affair-website-ashley-madi-son-hacked-user-data-leaked-2015-7r=US&IR=T.
234.
Curtis,S.
AshleyMadisonhackthreatenstoexpose37madulterers.
TheTelegraph.
https://www.
telegraph.
co.
uk/technology/internet-secu-rity/11750432/Adultery-website-Ashley-Madison-hack-threatens-to-expose-37.
5m-cheaters.
html.
235.
AshleyMadisonhack:2unconfirmedsuicideslinkedtobreach,Torontopolicesay.
(2015,August24).
CBCCanada.
https://www.
cbc.
ca/news/can-ada/toronto/ashley-madison-hack-2-unconfirmed-suicides-linked-to-breach-toronto-police-say-1.
3201432.
236.
Chirgwin,R.
(2015,August23).
AshleyMadisonspamstarts,asleaklinkedtofirstsuicide.
TheRegister.
https://www.
theregister.
co.
uk/2015/08/23/ashley_madison_spam_starts_as_leak_linked_to_first_suicide/.
237.
10effectivewaystoprotectyourintellectualproperty.
(2018,July23).
ForbesTechnologyCouncil.
https://www.
forbes.
com/sites/forbestechcoun-cil/2018/07/23/10-effective-ways-to-protect-your-intellectual-proper-ty/#254c7f5732e1.
238.
iRobotsuesHooverandBlack&Deckeroverrobo-vacuums.
(2017,April18).
BBC.
https://www.
bbc.
co.
uk/news/technology-39629339.
239.
D&OliabilityindataprivacyandcybersecuritysituationsintheUS.
(2014,January).
FinancierWorldwide.
https://www.
financierworldwide.
com/do-liability-in-data-privacy-and-cyber-security-situations-in-the-us/#.
W9V-GtP7QdU.
240.
15U.
S.
C.
A.
§45(n)(West).
Inassessingthereasonablenessofcybersecuritypractices,courtshaveconsideredthesensitivityofdata,thesizeandcomplex-ityofthecompany'snetwork,andthecostofadditionalsecuritymeasures.
SeeF.
T.
C.
v.
WyndhamWorldwideCorp.
,799F.
3d236,255(3dCir.
2015).
241.
Enhancedcyberriskmanagementstandards,81Fed.
Reg.
74315(pro-posedOctober26,2016)(tobecodifiedat12C.
F.
R.
pt.
30).
https://www.
federalregister.
gov/documents/2016/10/26/2016-25871/enhanced-cyber-risk-management-standards.
242.
Cyber-securityregulation.
Wikipedia.
AccessedOctober2018.
https://en.
wikipedia.
org/wiki/Cyber-security_regulation.
243.
Cyber-attack:Yourlegalresponsibilitiesasacompanydirector.
(2017,September).
Finch.
https://www.
finchib.
co.
uk/cyber-attack-legal-responsibilities-company-director/.
244.
TheTelegraph.
(2018,February28).
Whydigital-agedirectorsneeddirec-torsandofficers(D&O)cover.
https://www.
telegraph.
co.
uk/business/risk-insights/directors-need-d-and-o-insurance/.
245.
Kurt,M.
N.
,Ylmaz,Y.
,&Wang,X.
(2018,June28).
Real-timedetectionofhybridandstealthycyber-attacksinsmartgrid.
IEEE(arXiv:1803.
00128v2[cs.
IT]).
https://arxiv.
org/pdf/1803.
00128.
218References246.
Cazorla,L.
,Alcaraz,C.
,&Lopez,J.
(2018,June).
Cyberstealthattacksincriticalinformationinfrastructures.
IEEESystemsJournal,12(2).
https://iee-explore.
ieee.
org/document/7445136.
247.
IsdatamanipulationthenextstepincybercrimeCloudmask.
AccessedOctober2018.
https://www.
cloudmask.
com/blog/is-data-manipulation-the-next-step-in-cybercrime.
248.
Myer,D.
(2017,November17).
IDcardsecurity:Spainisfacingchaosoverchipcryptoflaws.
ZDNet.
https://www.
zdnet.
com/article/id-card-security-spain-is-facing-chaos-over-chip-crypto-flaws/.
249.
Leyden,J.
(2017,November3).
EstoniagovernmentlocksdownIDsmartcards:Refreshorelse.
TheRegister.
https://www.
theregister.
co.
uk/2017/11/03/estonian_e_id_lockdown/.
250.
Meltdownandspectre.
AccessedOctober2018.
https://meltdownattack.
com/.
251.
WikiLeaksdumpsdocsonCIA'shackingtools.
Krebsonsecurity.
AccessedOctober2018.
https://krebsonsecurity.
com/tag/weeping-angel/.
252.
Friedmann,S.
(2017,March13).
WhatistheweepingangelprogramJohnOliverdebunkedtherumors.
Bustle.
https://www.
bustle.
com/p/what-is-the-weeping-angel-program-john-oliver-debunked-the-rumors-43861.
253.
Lee,D.
(2016,February18).
ApplevtheFBI—AplainEnglishguide.
BBC.
https://www.
bbc.
co.
uk/news/technology-35601035.
254.
Lapowsky,I.
(2018,April18).
HowRussianFacebookadsdividedandtar-getedUSvotersbeforethe2016election.
Wired.
https://www.
wired.
com/story/russian-facebook-ads-targeted-us-voters-before-2016-election/.
255.
Stewart,E.
(2018,July31).
Facebookhasalreadydetectedsuspiciousactivitytryingtoinfluencethe2018elections.
Vox.
https://www.
vox.
com/2018/7/31/17635592/facebook-elections-russia-2018-midterms.
256.
Facebook-CambridgeAnalyticadatascandal.
BBC.
AccessedOctober2018.
https://www.
bbc.
co.
uk/news/topics/c81zyn0888lt/facebook-cambridge-analytica-data-scandal.
257.
Hatton,E.
(2018,February12).
Lifeonline:Howbigisyourdigitalfoot-printRNZ.
https://www.
radionz.
co.
nz/news/national/350224/life-online-how-big-is-your-digital-footprint.
258.
ISO/IEC27032:2012—Informationtechnology—Securitytechniques—Guidelinesforcybersecurity.
http://www.
iso27001security.
com/html/27032.
html.
259.
CostofCyberCrimeReport2017.
PonemonInstituteLLC.
https://www.
accenture.
com/t20171006T095146Z__w__/us-en/_acnmedia/PDF-62/Accenture-2017CostCybercrime-US-FINAL.
pdf#zoom=50.
260.
Bletchleypark.
AccessedOctober2018.
https://en.
wikipedia.
org/wiki/Bletchley_Park.
261.
HowAlanTuringcrackedtheenigmacode.
(2018,January).
ImperialWarMuseum,UK.
https://www.
iwm.
org.
uk/history/how-alan-turing-cracked-the-enigma-code.
References219262.
Casestudy:Screeningoutmaliciouscomputerhackers.
FAMA.
AccessedOctober2018.
https://static1.
squarespace.
com/static/58d277cfe6f2e10bb-3d0ea70/t/59026913e6f2e110bafd7b75/1493330195511/Fama+Case+Study+-+Hacking.
pdf.
263.
Anonymoushackers'officialwebsite.
http://www.
anonymoushackers.
net/.
264.
Theoperationnewbloodsuper-secretsecurityhandbookbyanonymous.
https://elusuariofinal.
wordpress.
com/2011/07/01/the-operation-newblood-super-secret-security-handbook-by-anonymous/.
265.
Octavev2.
0(andOctave-Sv1.
0forsmallandmediumbusinesses).
https://www.
enisa.
europa.
eu/topics/threat-risk-management/risk-management/cur-rent-risk/risk-management-inventory/rm-ra-methods/m_octave.
html.
266.
Egan,M.
(2018,April).
Whatisthedarkwebandhowtoaccessit.
TechAdvisorIDG.
https://www.
techadvisor.
co.
uk/how-to/internet/dark-web-3593569/.
267.
Frey,T.
(2015,September).
Thefutureofthedarknet:9criticallyimpor-tantpredictions.
FuturistSpeaker.
https://www.
futuristspeaker.
com/business-trends/the-future-of-the-darknet-9-critically-important-predictions/.
268.
Hackerratings,ratingdefenses.
(2018,September).
NCSC.
https://www.
ncsc.
gov.
uk/blog-post/rating-hackers-rating-defences.
269.
StructuredThreatInformationeXpression(STIX)1.
xarchivewebsiteastructuredlanguageforcyberthreatintelligence.
https://oasis-open.
github.
io/cti-documentation/.
270.
STIXTAXIIdocumentation.
https://oasis-open.
github.
io/cti-documentation/.
271.
Japan:LegalresponsestotheGreatEastJapanEarthquakeof2011,Law.
govTheLawLibraryofCongress.
AccessedSeptember2018.
https://www.
loc.
gov/law/help/japan-earthquake/index.
php.
272.
Kaufmann,D.
,&Penciakova,V.
(2011,March).
Japan'stripledisas-ter:Governanceandtheearthquake,tsunamiandnuclearcrises.
BrookingsInstitute.
https://www.
brookings.
edu/opinions/japans-triple-disaster-govern-ance-and-the-earthquake-tsunami-and-nuclear-crises/.
273.
Dellinger,A.
J.
(2017,May).
TelefonicaWannaCryRansomware:OneofSpain'slargesttelecomcompanieshitbycyberattack.
InternationalBusinessTimes.
https://www.
ibtimes.
com/telefonica-wannacry-ransom-ware-one-spains-largest-telecom-companies-hit-cyberattack-2538211.
274.
Investigation:WannaCrycyber-attackandtheNHS.
(2018,April).
(NAOReport)DepartmentofHealth.
https://www.
nao.
org.
uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS.
pdf.
275.
Smart,W.
(2018,February).
LessonslearnedreviewoftheWannaCryRansomwarecyberattack(NHSIndependentReport).
ChiefInformationOfficerforHealthandSocialCare.
https://www.
england.
nhs.
uk/wp-content/uploads/2018/02/lessons-learned-review-wannacry-ransomware-cyber-at-tack-cio-review.
pdf.
220References276.
Jones,S.
(2017,May).
Timeline:HowtheWannaCrycyber-attackspread.
FinancialTimes.
https://www.
ft.
com/content/82b01aca-38b7-11e7-821a-6027b8a20f23.
277.
Cybergrandchallenge(CGC).
DARPA.
https://www.
darpa.
mil/program/cyber-grand-challenge.
278.
"decidability"and"verifiability".
StackExchange.
https://cs.
stackexchange.
com/questions/12068/please-explain-decidability-and-verifiability.
279.
NP-hardness.
AccessedSeptember2018.
https://ipfs.
io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/NP-hardness.
html.
280.
Stepanova,E.
(2008).
Terrorisminasymmetricalconflict:StockholmInternationalPeaceResearchInstitute(SIPRIReport23)(PDF).
OxfordUniversity.
281.
Asymmetriccyber-attackdefinition.
AccessedSeptember2018.
https://whatis.
techtarget.
com/definition/asymmetric-cyber-attack.
282.
Solon,O.
(2016,August).
Hackinggroupauctions'cyberweapons'stolenfromNSA.
TheGuardian.
https://www.
theguardian.
com/technology/2016/aug/16/shadow-brokers-hack-auction-nsa-malware-equation-group.
283.
Megiddo,G.
(2018,July).
NSOemployee'Stole'classifiedIsraelicyberweap-onstosellonDarknet.
Haaretz.
https://www.
haaretz.
com/israel-news/nso-employee-stole-classified-israeli-cyber-weapons-to-sell-on-darknet-1.
6244589.
284.
Zilber,N.
(2018,August).
Theriseofcyber-mercenaries.
ForeignPolicy.
https://foreignpolicy.
com/2018/08/31/the-rise-of-the-cyber-mercenaries-israel-nso/.
285.
MorrisWorm,DDoSattackdefinitions—DdoSPedia.
https://security.
radware.
com/ddos-knowledge-center/ddospedia/morris-worm/.
286.
Phonephreaking.
http://www.
historyofphonephreaking.
org/faq.
php.
287.
GreyMarket.
Wikipedia,AccessedOctober2018.
https://en.
wikipedia.
org/wiki/Grey_market.
288.
Pastrana,S.
,Hutchings,A.
,Caines,A.
,&Buttery,P.
(2018,September10–12).
Characterizingeve:Analysingcybercrimeactorsinalargeunder-groundforum.
21stInternationalSymposium,RAID2018,Heraklion,Crete,Greece.
Proceedings.
https://www.
cl.
cam.
ac.
uk/~sp849/files/RAID_2018.
pdf.
289.
Leyden,J.
(2016,April).
Hackerssofaraheadofdefendersit'snotevenagame.
TheRegister.
https://www.
theregister.
co.
uk/2016/04/26/verizon_breach_report/.
290.
Gaissmaier,W.
(2012,September).
Moretrafficdeathsinwakeof9/11.
SeniorFellow/HardingCenterforRiskLiteracy,MaxPlanckInstituteforHumanDevelopment,Berlin.
https://www.
mpg.
de/6347636/terrorism_traffic-accidents-USA.
291.
Jenkins,A.
(2017,July).
Whichissafer:AirplanesorcarsFortune.
http://fortune.
com/2017/07/20/are-airplanes-safer-than-cars/.
References221292.
The6dimensionsofnationalculture.
AccessedOctober2018.
https://www.
hofstede-insights.
com/models/national-culture/.
293.
McCarthy,N.
(2015,July).
America'sinsanerateofgunhomicideinperspec-tive.
Statista.
https://www.
statista.
com/chart/3672/americas-insane-rate-of-gun-homicide-in-perspective/.
294.
Lopez,G.
(2018,June).
America'suniquegunviolenceproblem,explainedin17mapsandcharts.
Vox.
https://www.
vox.
com/pol-icy-and-politics/2017/10/2/16399418/us-gun-violence-statistics-maps-charts.
295.
Kahan,D.
,&Braman,D.
(2003,April).
Morestatistics,lesspersuasion:Aculturalissuesofgun-riskperceptions.
Article.
UniversityofPennsylvaniaLawReview,151(4).
https://scholarship.
law.
upenn.
edu/cgi/viewcontent.
cgiarticle=3212&context=penn_law_review.
296.
Reddy,C.
Top10prosandconsofhiringhackerstoenhancesecurity.
Wisestep.
AccessedOctober2018.
https://content.
wisestep.
com/top-pros-cons-hiring-hackers-enhance-security/.
297.
Palmer,D.
(2018,September).
IshiringahackereveragoodideaZDNet.
https://www.
zdnet.
com/article/is-hiring-a-hacker-ever-a-good-idea/.
298.
Globalcyberlympics2018.
https://www.
cyberlympics.
org/about-the-games/.
299.
Hacktheworld2017–2018.
HackerOne.
https://www.
hackerone.
com/hacktheworld/2017.
300.
Khandelwal,S.
(2016,September).
Theprojectzerocontest—GooglewillPayyou$200,000tohackandroidOS.
HackerNews.
https://thehackernews.
com/2016/09/hacking-android-competition.
html.
301.
Silvanovich,N.
(2017,March).
Projectzeroprizeconclusion.
Projectzero.
Google.
https://googleprojectzero.
blogspot.
com/2017/03/project-zero-prize-conclusion.
html.
302.
Giles,M.
(2018,August).
AIforcybersecurityisahotnewthing—Andadangerousgamble.
MITSloaneReview.
https://www.
technologyreview.
com/s/611860/ai-for-cybersecurity-is-a-hot-new-thing-and-a-dangerous-gamble/.
303.
Knight,W.
(2017,April).
ThedarksecretattheheartofAI.
MITSloaneReview.
https://www.
technologyreview.
com/s/604087/the-dark-secret-at-the-heart-of-ai/.
304.
DARPA'sexplainableartificialintelligence(XAI)program2018.
https://www.
src.
org/calendar/e006556/abstract_gunning.
pdf.
305.
Kenyon,H.
S.
(2018,February).
AI,PleaseExplainYourself.
SignalsAFCEA.
https://www.
afcea.
org/content/ai-please-explain-yourself.
306.
AIischangingcybersecurity,butit'snotacatch-allsolution.
Computing.
AccessedOctober2018.
https://www.
computing.
co.
uk/ctg/spon-sored/3063441/ai-is-changing-cybersecurity-but-its-not-a-catch-all-solution.
222References307.
Partnoy,F.
(2011,July).
Thecostofahumanlife,statisticallyspeak-ing.
TheGlobalist.
https://www.
theglobalist.
com/the-cost-of-a-human-life-statistically-speaking/.
308.
PhilipslightingisnowSignify.
(2018,May16).
PressRelease.
https://www.
signify.
com/en-us/about/news/press-releases/2018/20180516-philips-lighting-is-now-signify.
309.
Ram,A.
,Wisniewska,A.
,Kao,J.
S.
,Rininsland,.
,&Nevitt,C.
(2018,October23).
Howsmartphoneappstrackusersandsharedata.
FinancialTimes.
https://ig.
ft.
com/mobile-app-data-trackers/.
310.
Binns,R.
,Lyngs,U.
,VanKleek,M.
,Zhao,J.
,Libert,T.
,&Shadbolt,N.
(2018).
Thirdpartytrackinginthemobileecosystem.
ComputersandSociety.
https://doi.
org/10.
1145/3201064.
3201089,https://arxiv.
org/pdf/1804.
03603.
pdf.
311.
Taylor,V.
F.
,&Martinovic,I.
Shortpaper:Alongitudinalstudyoffinan-cialappsinthegoogleplaystore.
InternationalConferenceonFinancialCryptographyandDataSecurity,FC2017:December2017,FinancialCryptographyandDataSecurity(pp302–309).
312.
Lardinois,F.
(2018,January).
Googlesaysitremoved700KappsfromthePlayStorein2017,up70%from2016.
Techcrunch.
https://techcrunch.
com/2018/01/30/google-says-it-removed-700k-apps-from-the-play-store-in-2017-up-70-from-2016/.
313.
Shu,C.
(2018,October).
TwittersaysithasremovedseveralaccountsaffiliatedwithInfowarsandAlexJones.
Techcrunch.
https://techcrunch.
com/2018/10/22/twitter-says-it-has-removed-several-accounts-affiliated-with-infowars-and-alex-jones/.
314.
Wagner,K.
&Molla,R.
(2018,May).
Facebookhasdisabledalmost1.
3billionfakeaccountsoverthepastsixmonths.
Recode.
https://www.
recode.
net/2018/5/15/17349790/facebook-mark-zuckerberg-fake-accounts-content-policy-update.
315.
Unity3Dwebsite.
https://unity3d.
com/.
223TheEditor(s)(ifapplicable)andTheAuthor(s),underexclusivelicencetoSpringerNatureSwitzerlandAG2019G.
PogrebnaandM.
Skilton,NavigatingNewCyberRisks,https://doi.
org/10.
1007/978-3-030-13527-0IndexAAccess2,4,7,17,20,23–25,38,41,48,61,63,64,85,86,90,101,119,125,127,133,156,159,160,172,178,184,189Accountability174Act22,37,174,191,192Action13,66,106,132,156Addresses27,56AdvancedPersistentThreat(APT)xxxi,160,161Advantagexxxv,71,119,134,152Adversary33,133,161AdwarexxxviiiAgencies45,119,121,192Alertsxxxii,182Amazon176,177American37,41,70Analytics41Anonymousxxxi,24,45Apple1,20,60,176Application42,50,167,168,179,182,192Applicationprogramminginterface(API)xxxi,168Area37,41,57,112,137,158,163,172ArtificialIntelligence(AI)xxxi,4,5,56,57,71,87,118–120,129,134,155,156,165,200Assessment147Asset79,164Attack3,5,6,13,19,20,22,23,25–28,33,34,36,39,43,45–48,50,52,53,56–59,61,62,69–71,80,81,84,85,88,89,91,98,100,102,106–109,118–121,123,127–129,132–134,152–155,158,160,162,163,167,168,172,176,177,179,182–188,190–192Attacker32,33,133,153,162,163,182–184AttackGraph(AG)xxxiAttackPolicyxxxiAttackStrategyxxxiiAttackSurfacexxxii,xl,5,7,177,183224IndexAuthentication18,85,160Automatedtellermachine(ATM)xxxi,155,159BBackdoor17,18,159,160BATxxxiiBehavior4,50,91,93,110,112,133,140,159,165,174,188,192,199Behavior-ChangeWheel(BCW)xxxiiBlackSecxxxiiBlockchaintechnology(BCT)xxxii,3,58,163Botnetxxxii,25,48,119,120,178Botsxxxii,119,134Bring-You-Own-Device(BYOD)xxxiiBrowserxxxiii,xli,90,91Bug24,37,84,165,176,178CCampaigns161Capitalxxxv,90,192CareCERTxxxiiCARTAxxxiiCenterforStrategicandInternationalStudies(CSIS)xxxivCertificationxxxiii,191CertifiedEthicalHacker(CEH)xxxiiCertifiedInformationSystemsSecurityProfessional(CISSP)xxxii,xxxiiiCertifiedinRiskandInformationSystemsControl(CRISC)xxxiiiCERTxxxiiCharacteristicxxxiv,40,78,89,97,107,110,121,151,178China138,187Chinese112,187,192Cloud179Cloud-IAPxxxiiiCode14,20,21,23,25,27,35,37,43–45,48,59,85,117,146,159,166,176,181,183Cognitivexxxi,159CognitiveBehavioralTherapy(CBT)xxxiiCommandsxxxv,41Commercial42,66,171,175,178,185,189Commission50,174Committee42CommitteeonPaymentsandMarketInfrastructures(CPMI)xxxiiiCommunication6,24,64,88,91,105,109,120,127,131,140,149,155,159,171–173,175,181,186Communityxxxvii,xxxviii,15,20,22,24,26,33,45,108,121,146,176Company7,23,34,37,38,40,41,57,60,65,66,68,70,80–82,84,85,87,88,92,93,105,106,112,119,127,128,156,157,162,164,165,171,175,177–180,185–187,189–192,199Compromisedxli,27,34,48,60,80,81,86,89,98,159,168,182,187Computer13–15,19–25,32–34,37,39,40,42,43,48,56,76,85,88,97,98,106,119,158,160–163,178,180,181Computerizedxxxv,24Computersciencexxxi,120Concept28,37,38,44,60,92,99,128,131,157,160,167Confidencexxxiv,xxxix,132Confidentialxxxiv,xli,4,61,63,176Connected14,22,85,86,121,126,127,163,182,183,188Consentxli,41,164Index225Consequencexxxix,6,13,15,21,42,44,48,50,56,61,62,71,83,90,92,101,102,128,146,152,154,173,177Consumer34,71,101,106,109,110,191Control4,6,24,25,122,127,159,164,165,171,174,182,184–186,189,192Cookiesxxxiii,xlCo-operation57,58Corporation31,32,38,45,66,68,90,164,172,192Costs66,68–70,82,101,102,109,131,132,153,154,177,178,184,191Country23,25,37,61,80,106,200Credentialsxxxiii,6,189Creditcard38,53,81Crime14,19,22,24,32,44,62,86,162,178,188Critical39,76,127,157,163,177,186,192CriticalInfrastructureInformationAct(CIIA)xxxii,190CriticalNationalInfrastructureAttack(CNI)xxxiii,185Cross-SiteRequestForgery(CSRF)xxxivCross-SiteScripting(XSS)xxxiiiCulture69,139Cyber4,6–8,13,14,18,26–28,32–34,37,39–41,46,51,57,58,61,62,66,71,72,75,76,83,85,88,92,93,99,101,105–108,111,112,121–123,129,131,132,138,140,154,158,168,171,172,177,183,184,190–192,199,200CyberassurancexxxivCyberattack4,27,47,48,50,59,107,119,158,161,172,174,177,178,182,187,188,192CyberSecurityEnhancementAct(CSEA)xxxiv,190CyberSecurityLaw(CSL)xxxivCyberthreat13,18,25–28,43,57CyberthreatIntelligence(CTI)xxxivDDoSingxxxivData4,7,14,18,23,26–28,38,40–42,46,48,51,53,55,56,59,61,62,64–66,68,70,71,75,80,81,83–86,88,90,98,99,101,105,110,126–129,137,138,145,146,148,149,157,159,160,164,165,171,173,176–179,181,184,186–189,191,192Databases105,126,129,164,192DCMSxxxivDDoSingxxxivDefenseAdvancedResearchProjectsAgency(DARPA)xxxivDenial-of-Service(DoS)xxxiv,xxxv,18,20,69,186Department69,89,151DepartmentofHomelandSecurity(DHS)xxxivDestroying87Device20,23,58,85,86,88,89,157,160,183,184,188,190DiagnosticxxxivDifferentialpoweranalysis(DPA)xxxv,183,184Digital2,6,7,14,20,25,46,55,57–59,62–64,66,68,78,84,89,94,98,101,102,104,108,122,126,127,129–131,134,137–140,149,157,162,164,183,184,186,190,192,199DigitalforensicsxxxivDistributedDenial-of-Service(DDoS)xxxi,xxxii,58,102,179,183226IndexDMZxxxivDNSxxxivDoDxxxivEEconomic78,164Electronicxxxv,xxxviii,18,25,81,162,178E-mailxxxv,2,18,23–25,27,46,56,57,59,61,62,81,84,85,89,90,92,106,109,120,123,172Emotionalxxxix,42ENISAxxxvEnvironment14,32,36,37,79,82,94,100,108,137,152,168,174,186Equipment20Errorxxxix,5,14,18,174,175,179,191Ethicalhacker35–37European46,175EuropeanConventiononHumanRights(ECHR)xxxvEuropeanCourtofJustice(ECJ)xxxvEuropeanEconomicArea(EEA)xxxvEuropeanUnion(EU)xxxv,6,66,138Event6,19,26,28,62,63,70,71,76,83,101,105,130–132,154,158,167,173,181Eventmanagement181Expert1,14,86,173,176,191Exploitxxxv,6,7,17–19,27,28,42,43,107,154,159,162,167,179,181–183FFAANGxxxvFacebook1,6,24,41,63,68,102,119,137,138Failurexxxix,14,127,168,175,181Faultxxxviii,xxxix,14,183Federal40,160FederalInformationSecurityManagementAct(FISMA)xxxv,190FederalTradeCommission(FTC)xxxv,190Financial5,26,32,37,40,42,47,52,53,59,70,80,98,101,109,138,156,160,162,168,192Fixxxxv,60,89,98,162,167,168,171,176,178,182,183Flawxxxix,xli,162,163,179,180Forensic80,86,121,133Framework77,103,110,154,157,191Fraud14,21,23,37,53,109,138,173,178,179FSBxxxvGGainedxxxix,86Gamificationxxxv,93GeneralDataProtectionRegulation(GDPR)xxxv,5,66,67,191Goodsxxxv,157,164Google1,7,37,60,61,68,82,86,120,176,177Government1,5,6,14,32,36,39,45,139,155Gramm–Leach–BlileyAct(GLBA)xxxvi,190Group13,21–23,25,32,34,37,39,40,40,41,43–46,51,110,111,113,122,154,175,176,178,180,186,187HHackerxxxviii,xl,3,4,15,20–24,31–33,33–35,35,36,38,40,42,43,45–47,50,52,53,58,Index22761,81,86,128,158–160,166,174,176,187,192Hackingxxxi,xxxii,xxxvii,1,4,13,15,20,22,23,26,35,40,41,51,53,69,86,182,187Hacktivistxxxi,24,37,39Hardware184Harmfulxxxvii,6,23,69,88,105Health64,65,122,140,154,157,166,173,174,192HealthInsurancePortabilityandAccountabilityAct(HIPAA)xxxvi,190HomelandSecurityAct(HSA)xxxvi,190Honeypot(HP)xxxvi,89Hostxxxiv,xxxvi,24,48,182Humanxxxi,xxxix,13,57,62,89,90,117,120,137,146,148IIndex83,129,132,154,181IndicatorsofCompromise(IoC)xxxvi,160,181Information1,4,8,15,18,21,23–27,31,32,34,35,38,40–42,44,46–48,53,55,59,61,63,66,69,80,81,83,85,87,92,93,105–112,119,127,129,131,137,138,140,148,149,152,157,158,162–164,166,167,171,172,174,180,183,184,187,192,199InformationSystemsAuditandControlAssociation(ISACA)xxxiii,xxxviiInformationTechnology(IT)xxxvii,68,70,89,91,92,94,184,185Infrastructure102,122,154,179,192Institute52,70,86,89,160Insurance186,190IntellectualProperty(IP)xxxvi,xl,108,171,185,187–189Intelligence3,4,15,45,46,61,107,166,181Interfaces93,125,126International26,45InternationalHumanRightsLaw(IHRL)xxxviInternationalOrganizationofSecuritiesCommission(IOSCO)xxxviInternet22,23,25,43,46,64–66,76,85,86,106InternetofThingsbotnet(IoTBotnet)xxxviInternetProtocol(IP)xxxiv,xxxvi,187,189InternetServiceProvider(ISP)xxxviiInterpolxxxviIntrusion48,161,182IntrusionDetectionSystem(IDS)xxxvi,158,160,161Investigationxxxiv,24,40–43,64,158,166,175,189,191ISCxxxviiISO76,77Isolatedxxxvi,105,118ISSEPxxxviiKKillchainxxxvii,161Knowledge8,33,44,45,48,63,106,129,158,168,171,182LLaw50,59,98,119,162,173,175,199Learning8,162,168,174Legitimate43,121Locationxxxix,63,129,158,162,188Lockheed161Loggingxxxiii,85,181228IndexLost70,91,102,156LulzSecxxxii,xxxviiMMachine24,86,119,122,156,157,159,177,178,185Machine-to-Machine(M2M)xxxvii,157Maliciousxxxvii,13,14,18,21,24,26,40,42,43,45,48,85,92,138,174,181,183Malwarexxxvii,3,18,22,24,34,46,48,56,69,85,160,176,182,183Management4,8,36,71,72,76,83,84,89,92,101,110,127,128,149,157,166,167,178–180,184,189Manipulation5,167,186,192MasqueradexxxviiMechanism99,128,159Media64,69Members22,40,52,61,62,91,125,156,166Memory59,160,179MFAxxxviiMind6,14,31,44,66,86,89MITxxxvii,22,37MLPSxxxviiMoney32,37,39,43,48,53,55,64,101,102,185Monitored155MPSxxxviiMulVALxxxviiNNACxxxviiNAOxxxviiNational4,39,161NationalCyberSecurityCentre(NCSC)xxxvii,78,176NationalHealthService(NHS)80NationalInstituteofStandardsandTechnology(NIST)xxxvii,76,77NationalSecurityAgency(NSA)xxxvii,1Network4,13,14,19,20,22–25,32,34,44,48,50,52,63,69,85,86,89,125–127,129,137,138,151,157–161,167,168,179,181,182,192NewEnglandComplexSystemsInstitute(NECSI)xxxviiOObjectivesxxxviii,161Online15,25,27,34,35,37,40,41,56,62,69,90,91,119,120,137,138,157,163,164,178,188OperationAnti-SecurityxxxviiOrganization37,60,61,80,81,83,87,89,91,94,99–101,104,105,112,113,125–127,135,148,153,166,172,175,177,180,184,185,190,192OriginalEquipmentManufacturer(OEM)xxxvii,164,190Outcomexxxix,25,62,69,77,84,110,159OVALxxxviiiOWASPxxxviiiOwners59,60,70,98,125,157,176,178,186,187PPagesxxxiii,41Password3,18,20,58,61,81,88,90,91,111,182Patchxxxv,xxxviii,75,76,84,183Penetratexxxiv,xxxv,79Index229PenTestxxxviiiPeople3,15,20,21,23,31,38,41,44,45,52,56,57,59,61–66,75,76,87,89,92,93,106,109,111,112,120,123,125,132,138,140,154,157,158,162,163,171,174,175,185,189Perception68,99,100,130,138,140,173,174Perform32,36,71,91,180,184Performancexxxviii,5,109,153,191Personxxxv,xl,25,39,40,43,44,91,109,121,138,157,164,174,175,192Personal6,20,38,40,47,48,56,59,61,62,64–66,85,89,101,110,119,120,137,138,140,146,154,173,187,188,191Phishingxxxviii,172Phone1,19,22,32,58,85,163Physical14,26,57–59,62,85,94,98,102,106,122,126,127,137,139,163,183,184PIRxxxviiiPKIxxxviiiPlannedxxxix,45,46,175Point37,65,67,72,78,92,100,104,117,133,146,147,154,156,159,160,162,178,188Police37,56,107,121,163,165,187Policy5,7,46,68,71,88–90,127,130,182–184,191,192PolymorphicCodexxxviiiPOTSxxxviiiPoUWxxxviiiPower38,48,69,99,129,151,155,162,183,184Prevention25,178Privacy6,32,56,62,63,66,102,111,129,137,164,175PrivacyPolicies(PP)xxxviiiPrivate45,125–127Problemxxxiv,37,66,79,82,84,86–88,92,123,187Professional31,191PrognosticxxxviiiProgramxxxvi–xxxviii,xli,xlii,22,24,44,53,132,176,179,182Property14,40,102,145Protection85,86,129,153,166,183,185,188Protocol179,181Psychologicalxii,xxxix,5,18,41,46,56–59,91,100,132,138,200PUAxxxviiiPublic45,46,125–127RRational-EmotiveBehaviorTherapy(REBT)xxxviiiReachabilityxxxviiiRecordingxxxiiiRequestxxxiv,68,178Resource46,48,177Riskxxxix,6–8,13,22,26–28,42,55,68,70–72,76,83,84,92,93,98,101,106,109–111,113,128,131–133,138,139,145–149,156,161,166–168,171,172,176,188,191RiskperceptionxxxixRussian3,4,36,61SScience8,42,59,66,110,113,130–132SearchforExtraterrestrialIntelligence(SETI)xxxixSecuritiesandExchangeCommission(SEC)xxxix,172Security1,4,5,18,27,28,32,36,39,57,60,61,63,70,76,78,80,230Index81,84–86,89,93,98–100,103,111,112,127,129,145,154,158,160–163,165,166,168,172,173,175,176,179–181SecurityEventManagement(SEM)xxxix,181SecurityInformationandEventManagement(SIEM)xxxix,160,167,179,181,182SecurityInformationManagement(SIM)xxxix,181Sensitivexxxviii,2,58,65,123,137,161Serversxxxiii,xxxiv,xl,xli,48,69,159Service3,18,22,25,43,45,48,62,63,80,82,89,102,127,133,157,158,162–165,179,181,187,188,192Severity90,172Sharing53,106–110,112,140,149,158,171,172,176Skills35,45,48,153,167Social5,18,20,24,32,37,40,56,57,59,61,63,80,88,102,109,112,119,120,123,131,132,137–139,155,164,173,174SocialEngineeringxxxix,119,120,123Software18,21,22,25,34,43,44,48,81,153,165,176,178,181,184,188–190SoftwarebugxxxixSolutionxxxv,18,60,75,87,91,99,145,163,189Spamxxxii,25,48,56,178Sport69Spywarexxxvii,xxxix,69,182SQLixlSSOxlStandard76Statusxxxix,164STIXxlStore27,28,38,43,55,183,189Supply-chain76,78,187Suspectxxxvi,24,160,192System6,13,14,17,19–21,23–28,34,36,40,42–44,47,48,50,55,57,59–61,70,71,75,76,78–80,82–92,97–101,108,109,119,121–123,127–130,132,140,151–153,155,157–160,164–168,176–180,184,189,192,193TTAXIIxlTeamxxxii,61,87,90,111,120,154,180,181,187Technical5,14,18,20,45,48,82,84,87–89,91,108,130,145,146,154,167,168Technology1,14,15,22,25,26,31–33,56,58,60,75,79,82,84,87,89,110,119,120,125,128,134,159–162,173,179,180,186Temporarilyxxxiv,36TermsofService(ToS)xlThird-partyxl,69,164Threat13,18,26,28,37,39,43,55–57,70–72,84,89,91,101,107,108,148,155,159,161,166,167,179,181,185,186,189ThreatActorxlThreatSurfacexlThreatTargetxlThreatVectorxlTools18,26,36,39,57–60,72,76,83,84,91,106–110,117,119,129,131,149,160,161,167,168,171,179Trackingxl,1,122,158Trojanxxxii,xxxiv,xxxvii,xli,22,186Trust64,199Index231Trustworthyxxxviii,86,110,157,199UUEBAxliUnauthorizedxxxii,xxxv,xxxvi,xl,69,184Uncertainty145UncertaintyAvoidanceIndex(UAI)xliUnitedKingdom(UK)34,63–65,69,70,78,80,86,88,90,106,111,112,140,173,176,178,185,191UnitedStates(U.
S.
)23,184,188UnitedStatesComputerEmergencyReadinessTeam(US-CERT)xliUniversalDeclarationofHumanRights(UDHR)xliUnpredictable39,40UnwantedxxxviiiUpdate4,6,120,153,157Userxxxii–xxxiv,xxxvii,xl,xli,2,4,5,7,18,20–26,59,62–64,89,91,102,119,125,127,137,138,164,166,178,187,188Usernamesxxxviii,3VValuexxxvi,xxxix,xl,48,64,66,68,72,77,81,94,112,126,164,185,188,190Vector4,155VirtualMachine(VM)xliVirtualPrivateNetwork(VPN)xli,80,168Virusxli,13,18,20–24,34,38,52,56,59,85,161,176,181,182Vulnerabilityxli,6–8,26–28,34,36,37,45,48,55,60,64,70–72,75,82–84,97,99,101,105,107,109,112,113,119,126,128,130,132,137,138,145,154,159,161,162,166–168,176,179–183,199WWeaknessxli,xlii,83,154,156Web24,35,46,56,127,152,173,179,186Website32,38,45,56,59,61,66,69,81,111,138,187,188White-hathackerxxxiiWi-Fixli,126,175Windowsxli,89,176,186WorldEconomicForum(WEF)xliiWormxxxvii,xli,xlii,18,20,22,23,182–184XXSRFxxxiv,xliiZZero-dayxlii,34,37,60,71,101,128,159,167Zero-KnowledgeProof(ZKP)xlii