Security Analytics
Agents: kids, children, youth, men, women, senior people;
Organization : Security council of global organizations;
Social security goals : healthcare, ageing population, technological transition, higher public expectations, employment of young workforce, labour markets and digital economy, protection of migrant workforce, inequalities and discrimination, new risks, shocks and extreme events;
Verification mechanism: audit security intelligence through intelligent surveillance technologies (e.g. drones, CCTVs, webcams, smartphones).
o Social crimes : Ensure safety from (relationship management problems, superstition, narrow religious outlook, sex, domestic violence, drug and alcohol addiction, addiction of pornographic films and video games, smoking, mental stress, panic, financial crime);
o Safety from natural disaster/ /* refer chapter 2*/
o Safety from war, bioterrorism and acts of terrorisms
Output: security intelligence
Prof. Roberts and Dr. Gremy Smith are exploring the security of social networking services through a case analysis on cancer of mind, depression and stress management (section 8).. There are various methods of social engineering based on specific attributes of human decision making, cognitive biases or bugs in human hardware. Social engineering can steal confidential data of the users through phones, session hijack, criminal posing or stealing of company secrets. A malicious hacker may contact the target through a social networking site; gains the trust of the target and tries to access sensitive private data. Social engineering relies heavily on various principles of influence such as reciprocity, commitment and consistency, social proof, authority, liking and scarcity. Reciprocity forces people to return a favor. Commitment and consistency forces people to disclose private data.
Authority may force a user to reveal critical strategic information. People are easily persuaded by other people whom they like. Perceived scarcity may generate demand. Vishing or voice phishing is the criminal practice of using social engineering over telephone system to gain access to private personal and financial information from the public for the purpose of financial reward. Phishing is a technique of fraudulently obtaining private information through e-mail. Smishing is use of SMS to lure victims into a specific course of action. Like phishing, it can be clicking on a malicious link or divulging information. Impersonation is pretending to be another person with the goal of gaining access physically to a system. The life- cycle of social engineering goes through information gathering, engaging with victim, attacking and closing interaction.
Pretexting is the act of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances. Vishing uses a rogue interactive voice response (IVR) system. Spear phishing fraudulently obtains private information by sending highly custom emails to few end users. Water holing is a targeted social engineering strategy that capitalizes on the trust users have in websites they regularly visit. The victim feels safe to do things they would not do in a different situation. Baiting is like the real-world Trojan horse that uses physical media and relies on the curiosity or greed of the victim. Quid pro quo means something for something. In case of tailgating, an attacker, may seek entry to a restricted area secured by unattended, electronic access control, e.g. by RFID card, simply walks in behind a person who has legitimate access.
The security intelligence of regulatory compliance is a multi-dimensional parameter which should be verified at various levels. The regulatory clauses should be defined and audited by a group of authorized agents correctly and rationally. The scope of social security technologies should be correctly identified; relevant data should be sourced through authenticated channels. The social networking system should preserve confidentiality, privacy and integrity of data. For any critical analysis, the system should ask the identity and authentication of the users. After correct identification and authentication, the system should address the issue of authorization. The system should be configured in such a way that an unauthorized agent cannot perform any task out of scope. The system should ask the credentials of the requester; validate the credentials and authorize the agents to perform a specific task. The agents should be assigned an explicit set of access rights according to role. Privacy is another important issue; the analysts can view only the information according to authorized access rights.
It is also crucial to verify and evaluate various rules and regulatory clauses for social security in terms of fairness, correctness, rationality, transparency, accountability, commitment and trust. It is essential to evaluate the performance of the system in terms of reliability, consistency, and stability. The performance of the system is expected to be consistent and reliable. Liveness ensures that under certain conditions an event will ultimately occur. Deadlock freeness indicates that the system should never be in a state in which no progress is possible. The system should be protected from various types of internal and external malicious attacks such as false data injection, Sybil, shilling and denial of service (DoS) attack. The auditors must assess the threats of such types malicious attacks by adversaries. It is also important to assess the risk of multi-party corruptions on the social security technologies in terms of agents, policy, procedure and protocol. An efficient knowledge based system is expected to monitor the gaps and violations in regulatory compliance in real-time and diagnose any fault just like supervisory control and data acquisition system.