Search

Your search keyword '"Bernik, Igor"' showing total 265 results
Start Over Author "Bernik, Igor" Search Limiters Available in Library Collection
265 results on '"Bernik, Igor"'

1. State surveillance in the digital age: Factors associated with citizens' attitudes towards trust registers

Author

Turha, Katja, Vrhovec, Simon, and Bernik, Igor

Subjects
Computer Science - Computers and Society, Computer Science - Cryptography and Security
Abstract

This paper investigates factors related to the acceptance of trust registers (e.g., the Chinese Social Credit System - SCS) in Western settings. To avoid a negative connotation, we first define the concept of trust register which encompasses surveillance systems in other settings beyond China, such as FICO in the US. Then, we explore which factors are associated with people's attitude towards trust registers leaning on the technology acceptance and privacy concern theories. A cross-sectional survey among Slovenian Facebook and Instagram users (N=147) was conducted. Covariance-based structural equation modeling (CB-SEM) was used to test the hypothesized associations between the studied constructs. Results indicate that attitude towards trust register is directly associated with perceived general usefulness of the trust register. Additionally, perceived general usefulness is associated with perceived usefulness of the trust register for ensuring national security and fighting crime, its ease of use, and privacy concern regarding data collection. As one of the first studies investigating attitude towards trust registers in a Western country, it provides pioneering insights into factors that may be relevant in case such registers would be implemented in a Western context, and provides some practical implications regarding messaging for would-be implementers of such systems.

Published
2024

2. Cybersecurity competence of older adult users of mobile devices

Author

Vrhovec, Simon, Bernik, Igor, Fujs, Damjan, and Vavpotič, Damjan

Subjects
Computer Science - Cryptography and Security
Abstract

This work reports on a cross-sectional study on device proficiency, support availability and cybersecurity competence of older adult users of smartphones and/or tablets. Results indicate that cybersecurity competence is associated with both device proficiency and support availability although the variance explained is relatively low. There were no differences in cybersecurity competence between users and non-users of either mobile devices. Users of both smartphones and tablets had significantly higher device proficiency than non-users. Users of tablets had significantly higher support availability than non-users while there were no significant differences between users and non-users of smartphones.

Published
2024
Full Text
View/download PDF

5. Cyberattack Response Model for the Nuclear Regulator in Slovenia

Author

Tomažič, Samo and Bernik, Igor

Subjects
cybersecurity, cyberattack, regulator, Electronic computers. Computer science, nuclear security, QA75.5-76.95, cybera
Abstract

Cyberattacks targeting the nuclear sector are now a reality; they are becoming increasingly frequent and sophisticated, while the perpetrators are increasingly motivated. The key stakeholders in the nuclear sector, such as nuclear facility operators, nuclear regulators responsible for nuclear safety or nuclear security, technical support organisations and computer equipment suppliers, must take the necessary cybersecurity measures to prepare for potential cyberattacks and provide the highest possible level of response to such cyberattacks. This can only be achieved by adopting a systematic approach to cyberattack response. When conducting the research study presented herein, a descriptive method was applied to review the scientific literature, various standards, recommendations and guides, as well as to devise an inventory of publicly available sources. On the basis of such an analysis, individual questions were then formulated in order to compile a structured interview, which was conducted with international experts working at nuclear facilities, nuclear regulators, technical support organisations, computer equipment suppliers and other organisations responsible for providing cybersecurity in the nuclear sector. On the basis of their responses, researchers devised an innovative and comprehensive Cyberattack Response Model to be used by Slovenia's nuclear safety regulator and the regulator responsible for the physical protection of nuclear facilities and nuclear and radioactive materials.

Published
2019

6. Neomejen dostop do informacijskih sistemov z mobilnimi napravami

Author

Bernik, Igor and Markelj, Blaž

Subjects
mobile devices, mobilne naprave, corporate information systems, information security, blended threats, business integrity, poslovanje, udc:004.056, informacijska varnost, kombinirane grožnje
Abstract

Purpose: Mobile devices have become an indispensible part of modern communications they enable easy access to the Internet and also remote manipulation of data stored in corporate information systems. The number of mobile device users is on the rise, but most of them don’t comprehend completely the less obvious functions of these devices. Users also have almost no control over background computer programs, because they run without their knowledge and volition. From the standpoint of information security, a lack of awareness of the risks can seriously compromise the integrity of corporate networks and information systems. The weakest links are users, but also the technology itself. To ensure the functioning and security of information systems, corporations and individual users should learn about protective mechanisms. It is also important that users adhere to implemented (internal) safety regulations. Design/Methods/Approach: We used descriptive and comparative methods, and made an overview of published literature, as well as processes pertaining to the use of mobile devices and related security issues. We compared general elements of information security in regard to the use of mobile devices. Findings: At present mobile devices are more and more frequently used to access information systems. The majority of users are concerned almost exclusively with the question, how to get uninterrupted remote access to data, but far less with security issues. This paper presents some guidelines for achieving and maintaining information security. Research limitations/implications: It has been noted, that this is a time of turbulent development and evolution in the field of mobile devices, and also related security issues, so best practices haven’t been defined yet. Corporations and other organizations have just recently begun defining guidelines to eliminate security breaches through mobile devices, therefore a comparison of their implemented solutions is practically impossible. VS_ Practical implications: We propose guidelines, which can be used to: minimize information security risks posed by mobile devices evaluate the current state of information security and implement protective measures against cyber threats encountered by corporations and individual users of mobile devices. Originality/Value: Information security is a relatively new field because mobile devices and remote access to the Internet and data have just recently come into wider use. At the same time security issues and protective measures have stayed largely overlooked. Security threats are many, so it is impervious that users learn more about them and adopt some necessary security measures. Namen prispevka: Mobilne naprave so postale stalnica vsakodnevnega komuniciranja, dostopa do omrežij in oddaljenega dela s podatki v zaprtih korporativnih informacijskih sistemih. Število uporabnikov se skokovito povečuje, malo uporabnikov pa delovanje naprav razume, prav tako pa nimajo pregleda nad delovanjem elementov naprave za komunikacijo v ozadju, kjer ni potrebna direktna interakcija z uporabnikom. Nepoznavanje, s stališča informacijske varnosti oziroma varne uporabe mobilnih naprav, lahko resno ogrozi informacijski sistem celotne organizacije. Šibka člena pri zagotavljanju informacijske varnosti sta uporabnik in tehnologija. Za zagotavljanje stalnega dela in ustrezno stopnjo varnosti je pomembno poznavanje varnostnih mehanizmov s strani uporabnikov in spoštovanje predpisanih omejitev za varno delo. Metode: Uporabljeni sta bili deskriptivna in primerjalna metoda. Narejen je bil pregled literature in postopkov, ki navajajo rabo mobilnih naprav in njihovo zaščito. Primerjani so bili elementi splošne in varne rabe mobilnih naprav z vidika informacijske varnosti. Ugotovitve: Uporaba mobilnih naprav za oddaljen dostop do informacijskih sistemov je v začetni fazi. Večina organizacij in uporabnikov se ukvarja zgolj z zagotavljanjem dostopa in delom, pozabljajo pa na informacijsko-varnostni vidik. Prispevek predstavlja smernice za vzpostavitev večje stopnje informacijske varnosti. Omejitve/uporabnost raziskave: Zaradi turbolentnega razvoja in sprememb na omenjenem področju je razumevanje uporabe mobilnih naprav v začetni fazi in dostopnost do uspešnih praks (angl. best practices) omejena. Izdelava smernic varne rabe mobilnih naprav in njihovo udejanjanje v praksi je v začetni fazi, zato ni možna primerjalna analiza uspešnosti predlaganih ukrepov. Praktična uporabnost: Predstavljene so smernice varne rabe mobilnih naprav, ocena trenutnega stanja informacijske varnosti in smernice za zaščito pred grožnjami, katerim so izpostavljeni organizacije in posamezniki ob uporabi mobilnih naprav. Izvirnost/pomembnost prispevka: Uporabniki so šele pred kratkim začeli množično uporabljati mobilne naprave za dostopanje do podatkov, zato so nova tudi informacijsko-varnostna vprašanja, vezana na mobilno tehnologijo. Širša raba oddaljenega dostopanja se šele uveljavlja, varnostni postopki in mehanizmi pa so zanemarjeni. Ker se kažejo možnosti zlorabe in uresničenja groženj, pa je pred udejanjanjem pomembno zagotoviti ustrezna znanja in postopke, da ne pride do tega.

Published
2020

7. Information Warfare in Slovenia – from Traditional Local to Global Cyber Space

Author

Bernik, Igor and Prislan, Kaja

Subjects
pravna podlaga, udc:343.3/.7:004, information warfare, information communication technology, informacijsko bojevanje, Slovenia, informacijsko-kumunikacijske tehnologije, legal regulations, Slovenija
Abstract

Namen prispevka: Opozoriti želimo na tveganja, ki so jim izpostavljeni vsi informacijski sistemi in jih prinaša informacijsko bojevanje. Z razvojem sodobne informacijskokomunikacijske tehnologije (v nadaljevanju IKT) je vojaško, politično, gospodarsko in ideološko motivirano bojevanje pridobilo popolnoma nove razsežnosti in nevarnosti, čeprav se njene resnosti marsikatera država še vedno ne zaveda. Zaradi anonimnosti, možnosti dostopanja z oddaljene lokacije in zakrivanja izvora napada, storilci svoje cilje dosegajo lažje in hitreje, kot je to bilo mogoče pred razvojem spleta in informacijske tehnologije. To je omogočilo razvoj in prenos informacijskega bojevanja na različna družbena področja. Ker pa so tehnike informacijskega bojevanja postale primerljive z ostalo (klasično) računalniško kriminaliteto, je kompleksnost problematike še toliko širša. Resnost in nevarnost tovrstne grožnje prikazujemo skozi primere. S predstavitvijo trenutne zakonske ureditve v Sloveniji pa želimo prikazati neustrezno normativno podlago za delo organov pregona. Trenutna zakonska ureditev omogoča stanje, v katerih je primere informacijskega bojevanja lažje vršiti kot preganjati. Metode: Podan je pregled definicij informacijskega bojevanja v strokovni literaturi. Na podlagi analize definicij je predlagana konkretna in natančnejša opredelitev pojava informacijskega bojevanja. Kratko so predstavljeni nekateri primeri kibernetskih napadov, ki potrjujejo obstoj tovrstne grožnje. Analizirana je aktualna zakonodaja v Republiki Sloveniji. Na podlagi ugotovljenih slabosti so podani utemeljeni predlogi za izboljšave zakonodaje. Ugotovitve: Temeljna ugotovitev prispevka je, da se je (informacijsko) bojevanje, kot tradicionalni način doseganja ciljev, z razvojem sodobne IKT razširilo v vse sfere družbenega življenja, skladno s tem pa so se spremenile tudi njegove tehnike delovanja. Kibernetsko okolje je tej grožnji omogočilo neobvladljivo širjenje, kar je povzročilo novo globalno/transnacionalno tveganje za države in organizacije. Gospodarstvo, kritična infrastruktura, politični odnosi in svetovni mir so tista temeljna področja, ki jih informacijsko bojevanje želi kompromitirati. Kot kaže trenutno stanje normativne ureditve informacijskega bojevanja, so na nacionalni ravni naše države pomanjkanje politične volje, nerazumevanje in ravnodušnost temeljni atributi, ki omogočajo obstoj in razvoj informacijskega bojevanja. Na ravni svetovnih velesil in mednarodnih organizacij pa gre, zaradi zavedanja in uporabe prednosti tovrstnega bojevanja, za poskus ohranjanja neurejenega stanja, saj z informacijskim bojevanjem napadajo normativno ureditev. Izvirnost/pomembnost prispevka: Izvirna vrednost prispevka je opredelitev informacijskega bojevanja. Poleg tega pa je pomemben tudi prikaz narave informacijskega bojevanja na primerih in stanje normativne ureditve. Slednje je glavni zaviralec za preprečevanje opisane problematike. Purpose: The purpose of this paper is to draw attention to security risks to information systems which confront every country and organization – the risk in question is information warfare. Development of modern information communication technology has led us to the situation in which politically, economically and ideologically motivated warfare has gained a completely new dimension and constitutes new dangers, but many countries still don’t acknowledge its presence. Anonymity, the possibility of accessing information from distant locations, and the possibility of concealing the source of the attack are enabling perpetrators to achieve their vicious goals much easier and faster than before the development of the Internet and information technology in general. Development made it possible for information warfare to spread to different social spheres. The complexity of this modern threat has become much more worrisome, because techniques of information warfare have became comparable with other (classic) computer crimes. We would like to demonstrate the gravity and danger of this threat through practical examples and present the current legal regulation of this issue in Slovenia. The current Slovenian legislation creates conditions in which it is easier to commit information warfare than prosecute it. Design/Methods/Approach: In forming a definition of information warfare, we used a comparative method. We carried out a comparison of different written sources published abroad. For better understanding the nature of modern warfare, we presented some practical examples. An understanding of the legislation in the Republic of Slovenia in reference to these issues was acquired through a thorough study and comparison of Slovenian legal acts. Findings: The main finding of this paper is that information warfare, which was used in the past for military purposes, has now (with the development of modern technology) spread into every area of society. Simultaneously the techniques of information warfare have also changed. Cyber space allowed information warfare to extend uncontrollably, and this resulted in the birth of new transnational and global threats to all countries and organizations. Economies, crucial national infrastructure, political relations and world peace are the main areas that information warfare tries to compromise. The current legislation, at the national and global levels, reflects, that a lack of political will, incomprehension and apathy are the major factors which allow information warfare to exist and develop. Originality/Value: The originality of this paper is in the suggested definition of information warfare, and further in the presentation of the nature of this specific threat through practical examples and an overview of the relevant legislature, which is the main obstacle in the prevention of this type of criminality.

Published
2020

8. Upravljanje tveganj v informacijski varnosti

Author

Bernik, Igor and Prislan, Kaja

Subjects
grožnje, security threats, information system, Slovenia, changes, informacijski sistemi, informacijska varnost, Slovenija, udc:004.056(497.4), risks, risk management, tveganje, management
Abstract

Purpose: Modern organizations are no longer able to operate and achieve their goals without information technology. The only stability in the modern world is change, and users adjust to them, as do the threats to information technology. Therefore, the only way to control threats to information security is to execute a process of risk management, which enables organizations to manage threats. This paper introduces various ways of managing information security threats and researches the existence of risk management systems in Slovenia. Design/Methods/Approach: The study focused on the research of the perception of information security risk management among Slovenian organizations. For this purpose, research has been conducted in different organizations. The results of this research revealed that threats to information security are largely not fully comprehended. Moreover, the structure of risk management systems depends completely on each individual organization. The problem is therefore the fact that there are as many systems as there are organizations. In theory, any information system must be examined thoroughly before risk management systems are established. It is important to know the weaknesses of the system, possible threats to it and ways of attack, and what consequences follow. Findings: Risks can be managed in different ways. Organizations choose mostly among the following approaches: (1) informal or unsystematic approach (2) general approach, which provides the same protection mechanism for every organizational level (3) exact approach, which refers to an analysis of the entire information system (4) a combination of a general and an exact approach. When organizations choose their approach, they establish the control mechanisms. With these mechanisms it is possible to simply avoid risks, mitigate their consequences, accept a particular risk, or introduce adequate security mechanisms. Due to continual changes such systems must be constantly evaluated and improved. This means that systems must be constantly adjusted to new types of threats. By establishing a safe information system, organizations can consider different trends, recommendations and effective practices for instance the ISO 27000 series of standards. In the process of managing information security, it is of great significance to establish a risk management system, to be able to recognize the most exposed areas, and to protect them accordingly. Research limitations: Research results cannot be generalized due to the relatively small number of companies interviewed. Practical implications: This paper represents a useful source of information for companies establishing information security risk management systems, and it represents the basis for further research. Originality/Value: Guidelines for establishing a secure information system and forms conclusions on how these guidelines are considered in practice are represented. The study has original value because it is based on a research of the current state of risk management procedures in different organizations. Organizations can consider different guidelines, recommendations and good practices for establishing their own effective information security. Findings show that defining management responsibility, identifying key vulnerabilities and securing them, are the three most significant elements in effective risk management and maintenance of information security. Namen prispevka: V sodobnem času organizacije ne morejo optimalno funkcionirati in dosegati zastavljenih ciljev brez informacijske tehnologije. Edina stalnica so spremembe, katerim se poleg uporabnikov prilagajajo tudi grožnje v informacijskem okolju. Iz tega sledi, da je vodenje procesa upravljanja s tveganji edini način obvladovanja in upravljanja omenjenih groženj. Predstavljamo načine in naravo upravljanja informacijske varnosti ter prikazujemo trenutno stanje omenjenih procesov v slovenskem prostoru. Metode: Prispevek se osredotoča na razumevanje informacijske varnosti in z njo povezanega sistema upravljanja s tveganji med slovenskimi organizacijami. V ta namen je bila izpeljana raziskava z usmerjenimi intervjuji v različnih slovenskih podjetjih. Rezultati kažejo, da grožnje informacijski varnosti v večini organizacij niso ustrezno razumljene, poleg tega pa je proces upravljanja s tveganji preveč odvisen od posamezne organizacije. Problem se kaže v tem, da poznamo toliko sistemov upravljanj s tveganji, kolikor imamo organizacij. Teoretično pa bi vsak informacijski sistem moral biti podvržen natančni analizi, preden se sistem upravljanja s tveganji vzpostavi in vpelje v organizacijsko strukturo. Poznavanje organizacijskih ranljivosti, potencialnih groženj in posledic, ki bi ob njihovem uresničenju nastale, pa je pri tem ključnega pomena. Ugotovitve: S tveganji lahko upravljamo na različne načine, organizacije pa lahko v grobem izbirajo med štirimi različnimi pristopi: (1) neformalen ali nesistematičen pristop, (2) splošen pristop, s katerim se vzpostavlja enaka zaščita na različnih organizacijskih ravneh, (3) natančna analiza celotnega informacijskega premoženja, (4) kombinacija splošnega in natančnega pristopa. Ko organizacija izbere enega izmed pristopov mora vzpostaviti ustrezne kontrolne oz. zaščitne mehanizme, s katerimi se lahko tveganjem preprosto izogne, prenaša posledice na druga okolja, grožnje sprejema ali pa vpelje ustrezno stopnjo zaščite. Zaradi nenehnih sprememb, predvsem v informacijskem okolju, pa je potrebno vpeljane nadzorne mehanizme stalno ocenjevati in posodabljati, kar pomeni, da ga je potrebno nenehno prilagajati novim tipom groženj. Pri vzpostavljanju ustreznega in varnega informacijskega sistema si lahko organizacije pomagajo z različnimi priporočili in dobrimi praksami, med katere vsekakor uvrščamo serijo standardov ISO 27000. V procesu upravljanja s tveganji je ključnega pomena vzpostavitev sistema, ki je sposoben identificirati grožnjam najbolj izpostavljena območja in jih tudi ustrezno zavarovati. Omejitve raziskave: Rezultatov raziskave ne moremo posploševati, saj je število organizacij vključenih v raziskavo relativno majhno. Praktična uporabnost: Prispevek predstavlja uporaben vir informacij za podjetja, ki vzpostavljajo sisteme upravljanja z informacijsko varnostjo, prav tako pa predstavlja osnovo za nadaljnje raziskave. Izvirnost/pomembnost prispevka: Predstavljene so smernice pri vzpostavljanju sistema informacijske varnosti in ugotovitve, kako so te smernice uporabljene v praksi. Prispevek ima izvirno vrednost, ker je osnovan na raziskavi trenutnega stanja procesov upravljanja s tveganji v različnih organizacijah. Le-te lahko pri vpeljevanju učinkovite informacijske varnosti upoštevajo različne smernice, priporočila in uspešne prakse. Rezultati raziskave kažejo, da so razumevanje odgovornosti managementa, prepoznavanje ključnih ranljivosti in zaščita le-teh trije najpomembnejši elementi pri učinkovitem upravljanju s tveganji in vzdrževanju informacijske varnosti.

Published
2020

9. Combating cybercrime in Slovenia

Author

Ilievski, Aleksandar and Bernik, Igor

Subjects
pravna podlaga, institucije, cybercrime, Slovenia, udc:343.9:004, institutions, Slovenija, legal basis, limiting, kibernetska kriminaliteta, omejevanje
Abstract

Namen prispevka: Številna poročila mednarodnih in nacionalnih organizacij iz zadnjega obdobja govorijo o hitrem in inovativnem razvoju kibernetske kriminalitete. V tem prispevku želimo analizirati organiziranost in način boja proti kibernetski kriminaliteti v Sloveniji, proučiti pravne podlage za to področje in predstaviti nacionalne statistične podatke o njenem uresničevanju. Metode: Splošne ugotovitve so oblikovane na podlagi pregleda literature, pregleda dejavnosti v Republiki Sloveniji, javnih, zasebnih in mednarodnih organizacijah, povezanih s kibernetsko in informacijsko varnostjo, pregleda zakonodaje ter dostopnih uradnih statističnih podatkov o kibernetski kriminaliteti. Ugotovitve: Ključno vlogo pri preiskovanju kibernetske kriminalitete v Sloveniji imajo Center za računalniško preiskovanje, Slovenski center za posredovanje pri omrežnih incidentih (SI-CERT) in Evropski center za kibernetsko kriminaliteto. V boj proti kibernetski kriminaliteti so vključene tudi druge državne, nepolicijske organizacije, zasebna informacijsko-varnostna podjetja, nevladne in mednarodne organizacije. Pravna podlaga za boj proti kibernetski kriminaliteti v Sloveniji je napredna in je del več nacionalnih in mednarodnih pravnih aktov. Največji problem, s katerim se srečujejo organi pregona, je redko obravnavanje kibernetskih kaznivih dejanj v globalnem razcvetu kibernetske kriminalitete, saj smo imeli v Sloveniji v zadnjih sedmih letih le nekaj obsodilnih obsodb. Omejitve/uporabnost raziskave Prispevek proučuje boj proti kibernetski kriminaliteti v Sloveniji, vključujoč mednarodne organizacije, ki delujejo na območju države. Izvirnost/pomembnost prispevka: Na državni ravni še niso bili analizirani način, organiziranost in uspešnost boja proti kibernetski kriminaliteti. V prispevku izpostavljamo probleme, s katerimi se srečuje Slovenija, in predlagamo priporočila za uspešnejši boj proti kibernetski kriminaliteti. Purpose: Numerous recent reports by international and national organizations talk about the rapid and innovative development of cybercrime. In this paper we would like to analyze the structure and method of combating cybercrime in Slovenia, examine the legal basis regarding this field and present national statistics on its implementation. Methods: The general findings are reported on the basis of literature, reviews of the activities of individual state, public, private and international organizations related to cyber and information security, reviews of laws and further available official statistics in the field of cybercrime. Findings: The Center for computer investigation, SI-CERT and the European cybercrime center play a key role in the investigation of cybercrime in Slovenia. Additional nonpolice government organizations, private information-security companies, NGOs and international organizations are also included in the fight against cybercrime. The legal basis for the fight against cybercrime in Slovenia is advanced and is part of several national and international acts. The biggest problem faced by the law enforcement authorities is a rare approach to cyber criminal offenses during the global boom in cybercrime. For instance, there were only a few condemnatory convictions in Slovenia in the last seven years. Research limitations / Implications: The paper examines the combat against cybercrime in Slovenia, including international organizations which are operating in the country. Originality/Value: The exact method, the organization and level of success of the fight against cybercrime have not yet been analyzed within a national framework. In this paper, we highlight the problems which Slovenia faces, and recommend more effective methods to fight against cybercrime.

Published
2020

10. Socio-psychological implications of cyberterrorism

Author

Prislan, Kaja and Bernik, Igor

Subjects
kibernetski terorizem, cyberterrorism, udc:343.3/.7:004, psihološki vidik, socio-psychological aspect, zastraševanje, storilci, intimidation, perpetrators
Abstract

Namen prispevka: S prispevkom želimo predstaviti sinergijo učinkov nerealnih predstav o tehnologiji in terorizmu, realne sposobnosti in aktivnosti kibernetskih teroristov, hkrati pa opozoriti na grožnjo, ki je z vidika informacijske varnosti, predvsem na nacionalni ravni, ne smemo zanemariti. Metode: V prispevku je uporabljena deskriptivna metoda in metoda komparacije, s katerima smo analizirali predpostavke strokovnih in znanstvenih prispevkov na obravnavano tematiko. Z metodo sinteze spoznanj smo nadgradili trenutne teoretične pristope pri pojasnjevanju narave storilcev kibernetske kriminalitete in kibernetskega terorizma. Ugotovitve: Zaradi razvoja globalnega kibernetskega prostora je kriminaliteta pridobila povsem nove razsežnosti in priložnosti. Tako kot uporabniki sodobne tehnologije in klasični zlonamerni storilci v tem prostoru delujejo tudi kibernetski teroristi, katerih namen je s pomočjo tehnologije povzročiti čim večji strah in medijsko odzivnost. Psihološki učinki uporabe tehnologije prispevajo k temu, da kibernetski terorizem spremlja visoka stopnja nerazumevanja, posledično pa tudi strahu. Ker tovrstna kibernetska kriminaliteta nima urejene politične in pravne podlage, to skupaj z nerazumevanjem sodobne tehnologije, strahu pred njeno uporabo in možnimi zlorabami povzroča velik učinek zastraševanja. Čeprav kibernetski terorizem predstavlja resno grožnjo nacionalnim in organizacijskim informacijskim infrastrukturam, je njegovo udejanjanje v fizičnem okolju zgolj posredno. Teroristi sodobno tehnologijo za enkrat izkoriščajo predvsem kot orodje za pomoč pri načrtovanju napadov in ohranjanju lastnega obstoja. Izvirnost/pomembnost prispevka: Pomembnost prispevka se kaže v njegovi aktualnosti. Tako kot klasična kibernetska kriminaliteta tudi kibernetski terorizem postaja vse pogostejša tematika medijev in polemičnih razprav. S senzacionalnim poročanjem se velikokrat povzročajo dramatične in nerealne asociacije na kibernetski terorizem, v smislu možnih scenarijev in posledic. V prispevku predstavljamo njegove realne zmožnosti in temeljne značilnosti, izvirnost pa se kaže v njegovi pojasnjevalni in razlagalni vlogi. Purpose: This paper intends to present the synergy between unrealistic notions about technology and terrorism and the cyberterrorists’ real capabilities and activities. At the same time, the paper also points to the threat, which must not be neglected from the information security point of view, particularly at the national level. Design/Methods/Approach: The paper presents the use of descriptive and comparative methods, which were applied to analyse several assumptions found in professional and scientific publications in the relevant field. The synthesis method was then applied to consider the findings and upgrade current theoretical approaches in order to explain the nature of cybercrime and cyberterrorism perpetrators. Findings: Due to the development of global cyberspace, crime gained entirely new dimensions and opportunities. Apart from modern technology users and typical malevolent perpetrators, cyberterrorists, whose intention is to instigate as much fear and media attention as possible by using technology, are also operating in cyberspace. Psychological effects stemming from the use of technology contribute to the fact that cyberterrorism is characterised by a high level of misunderstanding and consequently fear. When considered in combination with the lack of understanding of modern technology, as well as the fear of its use and potential abuse, the fact that this type of cybercrime does not have a structured political and legal basis generates major intimidation effects. Although cyberterrorism represents a serious threat to information infrastructures owned by states and organisations, its actualisation in the physical environment is merely indirect. At the moment, terrorists mostly use modern technology as instrumentalities for planning attacks and preserving their own existence. Originality/Value: The importance of this paper is demonstrated by its up-to-date nature. Apart from traditional cybercrime, cyberterrorism is also becoming a subject of ever more frequent media attention and controversial debates. Sensationalist reporting often generates dramatic and unrealistic notions regarding cyberterrorism, as well as its potential scenarios and implications. This paper, however, presents the true capabilities and basic characteristics of cyberterrorism, while its originality is demonstrated by its explanatory and interpretative nature.

Published
2020

11. Ensuring the security of information by understanding user behaviour on a mobile device

Author

Bernik, Igor and Markelj, Blaž

Subjects
grožnje, varnost, mobilne naprave, študenti, udc:004.056:621.395.721.5
Abstract

Namen prispevka: Uporabniki različnih demografskih skupin vsakodnevno uporabljajo mobilne naprave v osebne in poslovne namene. Pri uporabi mobilnih naprav s pomočjo nameščene programske opreme in pri dostopanju do omrežij zanemarjajo varovanje informacij in večinoma ne delujejo v skladu s principi informacijske varnosti. Ob nevestni rabi mobilnih naprav je tveganje veliko. Ker so študenti velika skupina uporabnikov mobilnih naprav, ki vstopa v poslovni svet, smo izvedli raziskavo, kako le-ti uporabljajo mobilne naprave, koliko poznajo grožnje in uporabo možnih varnostnih zaščit. S tem znanjem organizacije lahko pripravimo na trenutne in prihajajoče informacijskovarnostne izzive. Metode: Predstavljene ugotovitve temeljijo na deskriptivnih dognanjih, izhajajočih iz pregleda virov in izvedene raziskave med študentsko populacijo ter analizirane s pomočjo statističnih metod. Ugotovitve: Študenti slabo poznajo načela varne uporabe mobilnih naprav, programske opreme zanje ter groženj in varnostnih rešitev. Glavne ugotovitve raziskave, izvedene 2012, pokažejo nizko stopnjo zavedanja in poznavanja groženj, ki pretijo uporabnikom mobilnih naprav ter nizko stopnjo uporabe varnostnih rešitev. Mobilne naprave postajajo mesto, kjer se shranjujejo in obdelujejo osebni in poslovni podatki. Pri mobilnih napravah je meja med osebnimi in poslovnimi podatki popolnoma izginila. Zato je pri uporabi mobilnih naprav priporočljivo spoštovati informacijskovarnostna priporočila in s tem zagotoviti ustrezno zaščito podatkov, do katerih imamo dostop. Omejitve/uporabnost raziskave Znanstvene objave na temo, ki jo obravnavamo v prispevku, so redke. Navedb primerov širših razsežnosti zlorab iz prakse, preiskovanja kriminalitete in dejanskih sodnih obravnav pa je malo. Praktična uporabnost: Skozi izsledke ugotavljamo načine uporabe mobilne naprave, zavedanje groženj in uporabo varnostnih rešitev. Izvirnost/pomembnost prispevka: Menimo, da je delo na področju uporabe mobilnih naprav originalno in na izviren način obravnava predstavljeno problematiko. Purpose: Mobile devices are used every day by users from various demographic groups, both for personal and business purposes. Users neglect information security and generally do not operate according to the principles of information security while using the mobile devices by using the installed software and accessing networks. When using the mobile devices in unconscious manner the risk is high. Since the students are a very large group of users of mobile devices, we conducted a survey among them on how they use their mobile devices, and how much do they know of the threats and the use of possible security features. Design/Methods/Approach: The presented results are based on descriptive findings resulting from the review of resources and on the research conducted among the student population and subsequently analysed by statistical methods. Findings: Students have poor knowledge of the safe use of mobile devices, the software for them, threats and security solutions. The main findings of the survey, conducted in 2012, show low level of awareness and knowledge of threats to mobile security of smart phones and low level of utilization of security solutions. Mobile devices are becoming a place to store and process personal and business data. In the case of mobile devices the boundary between personal and business data is disappearing completely. Therefore, when using mobile devices it is advisable to observe safety information and recommendations in order to ensure adequate protection of the data to which we have access. Research Limitations / Implications: Scientific publications on the topic under discussion in this paper are rare. Allegations of abuse cases from practice, investigation of crime and the actual court case law is limited. Practical Implications: Through the results of the descriptive analysis and done research ways to use mobile devices are found, as well as the awareness of the threat and use of security solutions. Originality/Value: There is no access to comparative research, so the work on the use of mobile devices is original, since it addresses the issue presented in an original way.

Published
2020

12. Kibernetska kriminaliteta

Author

Bernik, Igor

Subjects
zaščita, kibernetski prostor, investicije, stroški, udc:004.056, kibernetska kriminaliteta
Abstract

Purpose: This paper focuses on investments in protection of organisations against cybercrime. Current research points to enormous financial losses suffered by countries, organisations and individuals due to the impact of criminal offences committed in cyberspace. A detailed overview shows that such losses are fictitious and that the largest share of costs is generated by investments into protection, which, however, is not omnipotent. At the same time, practitioners in the field of cyberspace security find that awareness rising among personnel is a much more efficient and inexpensive method of protection enabling a higher level of security in cyberspace and individual organisations. Design/Methods/Approach: The author adapted the cost model of cybercrime by examining data regarding costs and losses inflicted by cybercrime available in different reports and documents drafted by global organisations and governments and analysing the true causes of such losses. Findings: The cost model presented in this paper considers the main causes of losses in a comprehensive manner and indicates guidelines for the protection of organisations. However, the provision of greater security in cyberspace is not only a technical, organisational and personnel problem, but ever more often also a political problem, as it is related to the regulation of cyberspace. The costs related to this problem are increasing, since no one endeavours to tackle it. Practical Implications: By becoming familiar with the causes and the cost model, organisations may find it easier to decide to invest into protection against attacks from cyberspace and improve their own efficiency with lower costs. Originality/Value: This paper presents the impacts of cybercrime on organisations from the point of view of costs and not from the point of view of technical experts in organisations, which are mostly responsible for the implementation of information systems’ protection. Therefore, the analysis of the issue provides management with the possibility to better understand individual problems, thus enabling it to take appropriate positions and support more efficient solutions or methods of protection. Namen prispevka: Prispevek prikazuje investicije v zaščito organizacij pred kibernetsko kriminaliteto. Aktualne raziskave kažejo oz. predstavljajo enormne finančne izgube držav, organizacij in posameznikov zaradi vpliva kriminalitete v kibernetskem prostoru. Podrobnejši pregled pokaže, da so te izgube fiktivne in da se večina stroškov skriva v investicijah v zaščito, ki pa ni vsemogočna, hkrati pa praktiki varnosti kibernetskega prostora ugotavljajo, da je ozaveščanje osebja učinkovitejša in cenejša zaščita ter ima večji vpliv na varnost kibernetskega prostora in organizacij. Metode: Z analizo stroškov in izgub zaradi kibernetske kriminalitete, predstavljenih skozi različna poročila globalnih študij in vladnih dokumentov, ter dejanskih vzrokov za izgube predstavljamo adaptirani stroškovni model kibernetske kriminalitete. Ugotovitve: Predstavljeni stroškovni model celovito obravnava glavne vzroke izgub in nakazuje smernice zaščite organizacij. Zagotavljanje višje varnosti kibernetskega prostora pa ni zgolj tehnični, organizacijski in problem osebja, pač pa zaradi regulacije kibernetskega prostora tudi vse bolj politični problem. Ker pa se nihče globalno ne loti reševanja problema, stroški le naraščajo. Praktična uporabnost: Organizacije se s poznavanjem vzrokov in stroškovnega modela lažje odločajo za ustrezna vlaganja v zaščito pred napadi iz kibernetskega prostora in izboljšajo lastno učinkovitost z manjšimi stroški. Izvirnost/pomembnost prispevka: Zaradi predstavitve vpliva kibernetske kriminalitete na organizacije iz stroškovnega in ne vidika tehnične stroke v organizacijah, ki so večinoma odgovorna za izvedbo zaščite informacijskih sistemov, je razumevanje bližje managementu, s čimer zavzame ustrezna stališča in zaradi boljšega razumevanja podpira učinkovitejše zaščite oz. rešitve.

Published
2020

13. Decision-making factors contributing to the management of information security in organisations

Author

Prislan, Kaja and Bernik, Igor

Subjects
udc:004.056:005, varnostni management, organizacije, informacijska varnost, tveganja, odločitveni procesi
Abstract

Namen prispevka: V preglednem znanstvenem prispevku analiziramo aktualne varnostne trende in sociološke ter psihološke ovire, s katerimi se sooča varnostni management, z namenom pojasniti dileme pri zagotavljanju informacijske varnosti. V času negotovih razmer v poslovnem okolju postaja informacijska varnost vse pomembnejši poslovni proces. Učinkovitost je pogojena z različnimi okoljskimi, strukturnimi in osebnostnimi dejavniki, ki jih je potrebno upravljati, če se želi ustrezno obvladovati tveganja, ki ogrožajo obstoj organizacij. Metode: Analiza varnostnih trendov je izvedena s pregledom aktualnih mednarodnih raziskav o trenutnem stanju informacijske varnosti. Prav tako je bil izveden pregled teorij, ki pojasnjujejo vpliv psiholoških dejavnikov na odločitvene procese. S sintezo ugotovitev smo izoblikovali predpostavke o vzrokih neracionalnih odločitev, teoretične pristope pa smo nadgradili z njihovo umestitvijo v organizacijsko in varnostno področje. Ugotovitve: Ugotavljamo, da organizacije funkcije informacijske varnosti ne razvijajo ustrezno. Pregled aktualnih raziskav je pokazal, da se organizacije pogosto neučinkovito odzivajo na povečana varnostna tveganja, saj jim to onemogočajo neugodne poslovne razmere, strokovna nepodkovanost in tradicionalna vodstvena mentaliteta, spremembe na področju varnostnih rešitev in kognitivne pristranskosti pri odločevalcih. Prav tako ugotavljamo, da je učinkovitost informacijske varnosti vse bolj pogojena z netehničnimi ukrepi, pri čemer največjo vlogo odigra usposobljen, dobro razvit in strateško naravnan varnostni management. Praktična uporabnost: Varnostni trendi, ki jih predstavljamo v prispevku, za večino sodobnih organizacij predstavljajo velik izziv pri doseganju poslovne uspešnosti. S prispevkom želimo opozoriti na sodobne varnostne dileme in prispevati k večji ozaveščenosti odgovornega managementa. Ponujamo tudi izhodiščne točke za učinkovito soočanje s kognitivnimi ovirami pri sprejemanju odločitev. Izvirnost/pomembnost prispevka: Prispevek je aktualen, saj analizira najnovejše raziskave o informacijski varnosti in na osnovi tega predstavlja sodobne trende. Prav tako je izviren, ker združuje spoznanja s področja psihologije tveganj in odločitev ter informacijske varnosti v organizacijski kontekst. Purpose: Information security is becoming an ever more important business process in this period characterised by uncertainty in the business environment. Its efficiency depends on various environmental, structural, and personal factors which need to be managed in order to adequately control all risks threatening organisations‘ survival. This paper analyses current security trends, as well as sociological and psychological obstacles in security management, with a view to clarifying different dilemmas related to the provision of information security. Design/Methods/Approach: The analysis of security trends was conducted on the basis of an overview of current international research on the present state of play in the field of information security. It also includes an overview of theories explaining the impact of psychological factors on decision-making processes. Assumptions regarding the reasons for irrational decisions were drawn by performing the synthesis of findings, while theoretical approaches were upgraded by placing them in the organisational and security fields. Findings: The authors find that organisations are not developing the function of information security in an adequate manner. The overview of current research shows that organisations are often inefficient in their response to higher security risks, since they are prevented from doing so by unfavourable business conditions, lack of expertise, traditional management mentality, changes in the field of security- related solutions and cognitive bias found in decision-makers. The authors also find that the efficiency of information security is ever more dependent on non- technical measures, whereby trained, well-developed and strategically-oriented security management plays a crucial role. Practical Implications: For the majority of modern organisations, security trends presented in this paper represent a great challenge in terms of achieving business success. This paper wishes to draw attention to contemporary security-related dilemmas and raise the awareness of responsible management. The paper also provides several starting points enabling an efficient confrontation with cognitive obstacles in the course of decision-making. Originality/Value: This paper is up-to-date, as it analyses the latest research into information security and uses such analysis to present contemporary trends. It is also original, since it combines findings from the fields of the psychology of risk and decision- making, as well as from information security, and places them in organisational context.

Published
2020

14. Informacijska varnost ob rabi mobilnih naprav v slovenskih podjetjih

Author

Markelj, Blaž and Bernik, Igor

Subjects
grožnje, varnost, mobilne naprave, organizacije, podjetja, Slovenija, udc:004.056:[004.382.75+621.395.721.5]
Abstract

Purpose: In the business world, mobile devices represent an important tool for carrying out one‘s work. By providing the possibility to have constant access to different types of data and information, such devices are an important element in the decision-making process. The access to necessary data at any given moment in the decision-making process represents a competitive edge in the business environment. However, despite all of the advantages provided by mobile devices, their users fail to consider the issue of information security, since the access to and transfer of information via mobile devices makes them vulnerable to security risks. The media report on numerous new threats that put mobile devices at risk on a daily basis. The realisation of such threats to information security becomes more likely when users use mobile devices carelessly and simultaneously fail to use adequate security protection. It is therefore important for organisations and experts responsible for the safe use of mobile devices to introduce appropriate technical and organisational solutions and measures for the safe use of such devices. Design/Methods/Approach: Conclusions are based on descriptive findings and results of a study conducted among the staff of different Slovene organisations, who are responsible for the safe use of mobile devices by employees. Findings: Users of mobile devices in different organisations use their devices both for private as well as for business purposes, and the use of such devices gives them a competitive edge in the business world. Results of a study conducted in 34 Slovene organisations demonstrate that these organisations are currently in the initial stages of introducing both technical and organisational solutions, and measures for the provision of information security related to the use of mobile devices among their employees. According to the findings, the use of regulations and standards, which would define the safe use of mobile devices in relevant organisations, is rare. In mobile devices, the boundary between personal and business data has disappeared completely. The use of mobile devices must, therefore, follow the information security recommendations and provide adequate protection of data accessible to users. Research Limitations / Implications: The topic discussed in this paper remains a sensitive issue for different organisations, which is why conducting the study was rather challenging. The number of existing research efforts in this field is limited, and consequently, there are very few grounds that could serve as the basis for the performance of the aforementioned research. Practical Implications: Results show the manners in which mobile devices are used and protected against threats. On the basis of these results, organisations could seek ways to improve their methods for the protection of mobile devices and increase the level of protection awarded to their information systems. Originality/Value: Work conducted in the field of mobile devices is original and deals with the issues presented hereby in an innovative manner. Namen prispevka: Mobilne naprave so v poslovnem svetu pomemben delovni pripomoček. Z možnostjo neprestane povezave do podatkov tovrstne naprave predstavljajo pomemben element v procesu odločanja. Dostop do potrebnih podatkov v trenutku odločanja v poslovnem svetu pomeni konkurenčno prednost. Poleg vseh prednosti, ki jih mobilne naprave ponujajo, pa uporabnik malo razmišlja o informacijski varnosti, saj z dostopanjem in prenosom informacij z mobilnimi napravami le-te izpostavljamo varnostnim tveganjem. V medijih vsakodnevno beremo o številnih novih grožnjah, ki pretijo omenjenim napravam, kar pa ob uporabnikovi nevestni rabi in hkratni neuporabi varnostnih zaščit predstavlja verjetnost za uresničitev groženj informacijski varnosti posameznika in/ali organizacije. Zato je pomembno, da organizacije in strokovnjaki, ki so zadolženi za varno rabo mobilnih naprav, vpeljejo ustrezne tehnične in organizacijske rešitve in ukrepe za varno rabo mobilnih naprav. Metode: Ugotovitve temeljijo na deskriptivnih dognanjih in izvedenih raziskavah med strokovnjaki v slovenskih organizacijah, ki so odgovorni za varno rabo mobilnih naprav med zaposlenimi. Ugotovitve: Uporabniki mobilnih naprav v različnih organizacijah uporabljajo mobilne naprave tako v zasebne kot v poslovne namene, njihova raba pa predstavlja kokurenčno prednost v poslovnem okolju. Rezultati raziskave, izvedene v 34 slovenskih organizacijah, kažejo, da so organizacije v začetnih fazah uvajanja tako tehničnih kot organizacijskih rešitev in ukrepov za vzpostavitev informacijske varnosti ob rabi mobilnih naprav med zaposlenimi. Uporaba pravilnikov in standardov, ki bi opredeljevali varno rabo mobilnih naprav v organizacijah je redkost. Pri tem pa je meja med osebnimi in poslovnimi podatki na mobilnih napravah popolnoma izginila, zato je pri njihovi rabi nujno slediti informacijskovarnostnim priporočilom in zagotoviti ustrezno zaščito podatkov, do katerih imamo dostop. Omejitve/uporabnost raziskave Tematika, obravnavana v prispevku, je za organizacije občutljive narave, zato je bila izvedba raziskave zahtevna. Tovrstnih raziskav je malo, zato ni veliko osnov, na katere bi se oprli pri izvedbi predstavljene raziskave. Praktična uporabnost: Rezultati raziskave kažejo načine rabe mobilnih naprav in zavarovanja le-teh pred grožnjami. Na podlagi rezultatov organizacije lahko pristopijo k izboljšanju načina varovanja mobilnih naprav in dvigu zaščite informacijskih sistemov. Izvirnost/pomembnost prispevka: Predstavljeno delo na področju rabe mobilnih naprav je originalno in na izviren način obravnava predstavljeno problematiko.

Published
2020

15. The Impact of the Diversity of Information on the Seizure and Investigation of Mobile Devices in Organisations

Author

Markelj, Blaž and Bernik, Igor

Subjects
grožnje, mobilne naprave, udc:004.056, informacijska varnost, tveganja, varnostni incidenti
Abstract

Namen prispevka: Mobilne naprave so stičišče različnih podatkov, ki izhajajo iz osebne in poslovne rabe. Zaradi enostavnosti rabe in izjemnih možnosti povezovanja so se pojavile številne varnostne grožnje. Te pretijo uporabnikom mobilnih naprav in povečujejo tveganje informacijskovarnostnih incidentov. V primeru odtujitve poslovnih podatkov, ki so na mobilni napravi, in zahtev po preiskavi, ne moremo več govoriti o »običajnem« zasegu in pregledu mobilne naprave – varovati moramo osebne podatke in ravnati na pravno predpisan način ohranjanja pričakovane zasebnosti. Metode: Dognanja temeljijo na pregledu virov ter analizi in interpretaciji rezultatov dvostopenjske raziskave (anketa in intervju) med uporabniki mobilnih naprav v 34 slovenskih organizacijah. Anketirani so bili zaposleni, ki pri svojem delu uporabljajo informacijsko-komunikacijske tehnologije, intervjuvanci pa odgovorni za informacijsko varnost v obravnavanih organizacijah. Ugotovitve: Raziskava kaže, da je meja med osebno in poslovno rabo pri rabi mobilnih naprav izginila, ob stalnem povečevanju groženj se povečuje tudi tveganje incidentov (izguba informacij, odtujitve mobilne naprave ipd.). Za varno rabo mobilnih naprav je treba spoštovati zakonodajo, informacijskovarnostna pravila, politike in standarde, ki jasno določajo, kako uporabljati mobilno napravo v povezavi s poslovnimi podatki. Ob incidentu sta pomembna odziv posameznika in organizacije ter postopek obravnave in preiskovanja. Omejitve raziskave Viri in primerljive raziskave, ki obravnavajo rabo mobilnih naprav, z njim povezane grožnje in varnostne incidente, so redki, organizacije pa ne prijavljajo tovrstnih incidentov. Praktična uporabnost: Mobilne naprave lahko zaradi varnostnih incidentov povzročijo škodo – tako uporabnikom kot organizacijam. Njihova raba pa predstavlja različna varnostna tveganja, predlagani so ukrepi za preprečevanje in obravnavo varnostnih incidentov. Izvirnost: Tematika o rabi mobilnih naprav v povezavi z varnostnimi incidenti je v začetni fazi razvoja, raziskave redke, predstavljene ugotovitve za slovenski prostor pa novost. Purpose: Mobile devices carry various data originating from personal and business use of mobile devices. Due to their simple use and extreme possibilities of connecting, numerous security threats to mobile device users have arisen. These threats increase the risk of information security incidents. In case of loss of business data on mobile device, the seizure and inspection of a mobile device should be dealt in a specifically sensitive manner personal data must be protected according to the reasonable expectation of privacy. Design/Methods/Approach: The results are based on the literature review, analysis and interpretation of results of a two-level research (survey and interview) among the users of mobile devices in 34 Slovenian organisations. The survey was conducted among the employees who use information communication technology with their work, whereas the interviewees were the ones who are responsible for information security in these organisations. Findings: The research shows that the boundary between personal and business use of mobile devices has disappeared and the constant rise of threats increases also the risk of security incidents (such as loss of data, loss of mobile device, etc.). In order to use mobile devices safely, respective legislation, rules of information security, politics and standards, which clearly define the appropriate use of mobile device in relation to business data, must be respected. When an incident does occur, the response of an individual and the organisation and the procedure of investigation are of importance. Research Limitations / Implications: Previous literature and similar researches, which deal with the use of mobile devices, connected threats and security incidents, are rare, whereas the organisations do not report such incidents. Practical Implications: Mobile devices can cause damage to the users and organisations via security incidents. Their use represents various security risks, therefore the article includes suggestions for prevention and dealing with security incidents. Originality/Value: The topic of using mobile devices in connection to security incidents is in the early stages of development, the research is rare and the findings are a novelty for Slovenia.

Published
2020

18. Mobile devices and effective information security

Author

Markelj, Blaž and Bernik, Igor

Subjects
mobile devices, ozaveščenost, mobilne naprave, information security, blended threats, prikrite grožnje, udc:004.056, awareness, informacijska varnost
Abstract

Rapidly increasing numbers of sophisticated mobile devices (smart phones, tab computers, etc.) all over the world mean that ensuring information security will only become a more pronounced problem for individuals and organizations. It’s important to effectively protect data stored on or accessed by mobile devices, and also during transmission of data between devices and between device and information system. Technological and other trends show, that the cyber threats are also rapidly developing and spreading. It's crucial to educate users about safe usage and to increase their awareness of security issues. Ideally, users should keep-up with technological trends and be well equipped with knowledge otherwise mobile technology will significantly increase security risks. Most important is that we start educating youth so that our next generations of employees will be part of a culture of data and information security awareness.

Published
2017

19. To fear or not to fear on cybercrime

Author

Bernik, Igor, Dobovšek, Bojan, and Markelj, Blaž

Subjects
grožnje, udc:343.3/.7:004, threats, cybercrime, opinion, strah, fear, zaznavanje, perception, mnenje, kibernetska kriminaliteta
Abstract

To understand cybercrime and its various forms, one must be familiar with criminality in general. How individuals perceive crime, and how much they fear it is further influenced by news media (Crawford, 2007). Van Duyne (2009), who monitored criminality, wrote about changes which started to be noticed twenty years ago and have shaped a new Europe, a territory without inner borders, and so with more mobility and opportunities for the Europeans. But these novelties and changes in the way we work have also caused certain new problems. It can be said that perpetrators of crimes, who are no longer hindered by state borders, now know no geographical limitations. Vander Baken and Van Daele (2009), for example, have researched mobility in connection to transnational criminality. Von Lampe (2007) has established that perpetrators no longer act individually, but frequently work in cooperation with one another. Crime and mobility are being “greased” by money, and have become a part of everyday life (Van Duyne, 2009). An individual’s perception and understanding of criminality is also biased on certain cultural myths in regard to crime (Meško and Eman, 2009).

Published
2017

20. Social-economic aspects of cybercrime

Author

Ilievski, Aleksandar and Bernik, Igor

Subjects
udc:343.3/.7:004, gospodarski razvoj, cybercrime, social-economic aspects, economic development, kibernetska kriminaliteta, družbeno-ekonomski vidik
Abstract

The purpose of the study is to highlight the main issues of developing countries regarding cybercrime and examine the possible link between weak economic development and escalating levels of cybercrime. The findings were established on the basis of literature review, comparative studies and the synthesis of findings. The existing sociological theories of crime are not limited to traditional crime and may be used for the interpretation of its cyber version. By analysing individual sociological theories and the results of empirical research, we found that social-economic factors, such as GDP per capita, unemployment and education, are closely related to the incidence of cybercrime in different countries. This enables us to conclude that the relatively poor economic development is one of the reasons contributing to a higher incidence of cybercrime in Eastern European countries. By taking into account factors of different nature, one could increase the understanding of cybercrime and the possibility of adopting and implementing reliable preventive measures. However, this paper strives not only to understand the factors related to cybercrime, but also to raise awareness, stimulate a proactive approach and develop preventive actions in the fight against cybercrime.

Published
2017

21. Measuring information security performance with 10 by 10 model for holistic state evaluation

Author

Bernik, Igor and Prislan, Kaja

Subjects
organizations, information security, efficiency, organizacije, udc:004.056, security management, merjenje, informacijska varnost, učinkovitost, varnostni menedžment, measuring
Abstract

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

Published
2017

23. The Effects of Information Warfare on Slovenian Organizations in Business and Public Sectors

Author

Bernik, Igor and Prislan, Kaja

Subjects
udc:343.3/.7:004, informacijsko bojevanje, organizacije, Slovenija, kriminaliteta, kibernetska kriminaliteta
Abstract

Namen prispevka: Pridobivanje informacijske prevlade z metodami informacijskega bojevanja je oblika organizirane kibernetske kriminalitete, ki se vse pogosteje pojavlja tudi v organizacijski sferi. Predstavljamo stanje tovrstne kriminalitete in družbene odgovornosti do pojava v Sloveniji. Na podlagi prikazanih rezultatov predlagamo priporočila organizacijam pri vzpostavljanju informacijske varnosti. Namen prispevka je ozaveščanje odgovornih v organizacijah o nevarnosti informacijskega bojevanja. Metode: Z deskripcijo je predstavljena narava informacijskega bojevanja, stanje v slovenskem organizacijskem prostoru pa je ugotavljano z anketiranjem in statistično obdelavo zbranih podatkov. Ugotovitve: Prave informacije omogočajo prednost in konkurenčnost, zato je informacijsko bojevanje s pomočjo sodobne tehnologije preraslo tradicionalne okvirje. V tekmovalnem organizacijskem okolju namreč le prave informacije omogočajo prednost in konkurenčnost. Tehnike informacijskega bojevanja predstavljajo faktor tveganja za informacijsko varnost in poslovni uspeh, glavne grožnje pa izvirajo iz notranjega organizacijskega okolja. Ker so vključene v globalni kibernetski prostor, so pred organizirano kibernetsko kriminaliteto ogrožene tudi slovenske organizacije. Omejitve: Reprezentativnost rezultatov je omejena zaradi nezainteresiranosti za predmet raziskave, nerazumevanja obravnavane tematike in neodzivnosti organizacij. Praktična uporabnost: Analiza ogroženosti slovenskih organizacij omogoča razumevanje nevarnosti kibernetske kriminalitete in omogoča identifikacijo kritičnih ranljivosti v organizacijski strukturi, obenem pa organizacijam zagotavlja možnost primerjave stanja informacijske varnosti z drugimi organizacijami. Izvirnost: Ugotovitve raziskave opozarjajo na prisotnost in nevarnost organizirane kibernetske kriminalitete v Sloveniji in dajejo podlago za nadaljnja preučevanja. Purpose: The achievement of information superiority with information warfare methods is a form of organized cybercrime which is now becoming more obvious also in business environments. We present the current conditions regarding cybercrime and the awareness of this phenomenon in Slovenia, and give organizations recommendations for establishing better information security. The purpose of this paper is to increase the awareness of these issues amongst executives in Slovenian corporations and organizations from the public sector, including the military and police. Design/Methods/Approach: We used the descriptive method to outline the nature of information warfare and determined the present state of information security in Slovenian corporations and public sector organizations through the use of questionnaires and a statistical analysis of the compiled data. Findings: Information can be a competitive advantage, which is why information warfare, based on modern technology, is bursting out of its traditional frames. In competitive business environments only the right kind of information can be exploited as an advantage. Information warfare techniques are a risk factor to information security in corporations and in the public sector, as they endanger the business success of the former and threaten the operational stability of the latter. The main threats can usually be found within organizational structures. Businesses and organizations from the public sector nowadays interact in the global cyberspace, and since Slovenian organizations are not exempt from this, they, too, are threatened by organized cybercrime. Research limitations/implications: Statistical representation in our study was limited because of a lack of interest for our research subject, ignorance of these issues, and uncooperativeness on the part of the analyzed Slovenian organizations. Practical implications: This analysis of the information threats to Slovenian organizations in the business and public sector deepens the understanding of how dangerous cybercrime can be, and helps us identify vulnerable spots in organizational structures, and also enables executives to make comparisons between their own information security status and conditions in other organizations.

Published
2015

33. Ogrožanja kritične infrastrukture iz kibernetskega prostora

Author

Lukman, Miloš and Bernik, Igor

Subjects
kibernetski prostor, critical infrastructure, kritična infrastruktura, information security, udc:004:343.3/.7, kibernetski napadi, cyber space, informacijska varnost, cyber attacks
Abstract

Internet je izbrisal mednarodne meje, bliskovita rast informacijske tehnologije in univerzalen dostop do kiberprostora je hekerje in morebitne kiberteroriste pripeljal na prag sistemov za kritično infrastrukturo. Zagotavljanje varnosti in zaščite teh sistemov postaja eno izmed temeljnih vprašanj nacionalne varnosti ter gospodarske stabilnosti. Po napovedih strokovnjakov lahko v naslednjih letih pričakujemo številne napade na sisteme za upravljanje kritične infrasturkture. Le vprašanje časa je, kdaj bodo napadalci iz teoretičnega proučevanja možnosti uporabe informacijsko-komunikacijske tehnologije prešli v njeno praktično uporabo na vseh področjih informacijskega bojevanja. Prispevek je usmerjen v prepoznavanje zunanjih dejavnikov, ki ogrožajo kibernetski sloj sistemov kritične infrastrukture. Podana bo splošna klasifikacija tehnik napadov in storilcev ter temeljni varnostni ukrepi za zaščito pred kibernetskimi napadi.

Published
2012

44. Factors of malware infections

Author

Rupnik, Vid and Bernik, Igor

Subjects
factors of infections, grožnje, dejavniki okužbe, threats, udc:004.056(043.2), diplomske naloge, ransomware, izsiljevalska programska oprema
Abstract

Na uporabnike spleta vsakodnevno preži mnogo nevarnosti, denimo izsiljevalski virusi kot različne prevare, s pomočjo katerih bi se napadalci radi dokopali do denarja svojih žrtev. Najdonosnejše tehnike, ki jih uporabljajo, so različni tipi izsiljevalske programske opreme ( ang. ransomware) tako imenovani izsiljevalski virusi. Z navedenimi virusi, ki so v zadnjih letih v porastu. Napadalci ob napadu, katerega glavna funkcija je zaklep pomembnih podatkov v sistemu, od tarč zahtevajo odkupnino v zameno za pridobitev ključa, ki odklene šifrirane podatke. S porastom tehnologije se preko poenostavljanja različnih področij z IoT napravami, veča tudi možnost za nove vrste okužb. Zato je potrebno na svetovni ravni v sedanjosti, ter še bolj v prihodnosti, zavedanje dejavnikov okužbe ter uveljavljanje smernic ter napotkov za varnost pred izsiljevalsko programsko opremo v poslovne ter zasebne namene. S pravilnimi tehnikami preventivnega obvarovanja pred napadi z izsiljevalsko programsko opremo, kot so sprotno posodabljanje sistemov ter programske opreme, izdelovanje varnostnih kopij in zmožnost samozaznavanja zlonamerne spletne strani ter elektronske pošte, organizacije in tudi posamezniki zelo zmanjšajo možnost za okužbo, kar posledično pripomore k boljšemu poslovanju organizacij ter prepreči nepotrebne težave posameznikom, kot so npr. izguba podatkov, finančne posledice ter širjenje virusa med ostale uporabnike spleta. Zaradi neizogibnega razvijanja nove izsiljevalske programske opreme, ki bo imela zmožnosti za prodor v novodobne sisteme, kot so pametni avtomobili, pametni domovi, medicinska oprema ter nosljive naprave, bo za prihodnje življenje brez motenj potrebno, tudi strateško organiziranje boja proti ustvarjalcem izsiljevalske programske opreme. There are many threats to Internet users every day, such as extortion viruses in form of various scams that help attackers gain access to their victims' money. The most profitable techniques used are the different types ransomware, the so-called extortion software. With the above mentioned viruses, which are on the rise in recent years, attackers carrie out an attack, which main function is to lock the important data in the system and demand the ransom from the targets in return for obtaining a key that unlocks the encrypted data. With the rise of technology, the possibility of new types of infections is increasing through the facilitation of various fields with IoT devices. It is therefore necessary globally in the present, and even more so in the future, to be aware of infectious agents and to enforce security measures and guidelines against extortion software for business and private purposes. With Proper anti-malware attack techniques against extortion software such as regular system and software updates, data back-up and the ability to self-detect a malicious website or email, organizations and even individuals are able to greatly reduce the chance of infection, which in turn helps to improve business organization and prevent unnecessary problems for individuals, such as. data loss, financial consequences and the spread of the virus to other web users. Due to the inevitable development of new extortion software, which will have the capability to break into modern systems such as smart cars, smart homes, medical equipment and wearables, it will also be necessary to strategically organize the fight against the creators of extortion software for future life without disturbance.

Published
2020

45. Cyberspace, radicalization and islamic state

Author

Rajlić, Milica and Bernik, Igor

Subjects
terorizem, diplomske naloge, protiteroristična strategija, ICT, cybercrime, udc:343.3/.7:004.7(043.2), terrorism, anti-terrorist strategy, IKT, kibernetska kriminaliteta, Islam
Abstract

Razvoj IKT in kibernetskega okolja vsakdanjik slehernega posameznika spreminja v nekaj nepredvidljivega in čisto novega. Gre za nov način življenja, ki ga je ustvarila človeška roka, zato je človek tudi edini dejavnik, ki ga lahko spreminja in posodablja. Obstajata dve skupini ljudi tisti, ki ga želijo izkoristiti v dobre namene, da si olajšajo življenje in delo, ter tisti, ki so z njim razvili nove možnosti nelegalnega in protizakonitega delovanja v družbi. The development of ICT and cyber space transforms the everyday life of every individual into something unpredictable and completely new. It`s a new way of life which was created by the human hand, so a human is the only factor that can change or update it. There are two groups of people those who want to use it for good purposes in to simplify their lives and work, and those who developed new possibilities for illegal activities in society.

Published
2019

46. Secure data and information security in the state authority

Author

Petavar, Matevž and Bernik, Igor

Subjects
data protection, obdelava podatkov, information security, diplomske naloge, varovani podatki, data abuse, informacijska varnost, zloraba podatkov, udc:343.3/.7:004(043.2), data processing, davčna tajnost, tax secrecy
Abstract

Varovani podatki, ki se masovno pridobivajo in obdelujejo v procesih znotraj državnih organov, kamor sodi tudi Finančna uprava Republike Slovenije (FURS), kot so osebni podatki, tajni podatki, davčna tajnost in poslovna skrivnost, so izpostavljeni velikemu tveganju za razkritje in zlorabo. Zato je izrednega pomena informacijska varnost in definirani postopki varovanja posameznih podatkov ter predpisani posamezni ukrepi in načini varovanja podatkov. S tega vidika je je predmet raziskovanja v zaključnem delu ugotavljanje zadostne učinkovitosti politike informacijske varnosti znotraj organa FURS, ustreznost zagotavljanja varovanja podatkov in ter ustreznost posameznih ukrepov za dosego varnosti podatkov. V nalogi je raziskano ali imajo v izbranem državnem organu razdelane definicije glede namenov obdelave osebnih podatkov in ali imajo predpisane določene obveznosti kot upravljalci in obdelovalci varovanih podatkov. Z vidika pravne ureditve poslovne skrivnosti, ki zavezuje tudi FURS, je v nalogi predstavljen problem ureditve temelja poslovne skrivnosti v Sloveniji ter primerjava ureditve poslovne skrivnosti z izbranimi državami ter na tej podlagi je opravljena preveritev ali je Slovenija implementirala v svojo zakonodajo Direktivo (EU) 2016/943 Evropskega parlamenta in Sveta z dne 8. junija 2016 o varstvu nerazkritega strokovnega znanja in izkušenj ter poslovnih informacij (poslovnih skrivnosti) pred njihovo protipravno pridobitvijo, uporabo in razkritjem. Secured data, which is mass-produced and processed in procedures in state bodies, including the Financial Administration of the Republic of Slovenia (FURS), such as personal data, classified information, tax secrecy and business secrets, are exposed to high risk. disclosure and abuse. Therefore, information security is very important and defines the procedures for protecting individual data and prescribes individual measures and methods of data protection. From this point of view, the subject of the research is in the final work, in order to determine the adequacy of the effectiveness of the information security policy in the FURS body, the relevance of providing data protection and the appropriateness of the individual measures for the achievement of the data security. The task examines whether the definitions regarding the purposes of processing personal data are processed in the selected state body and that they have ashieved certain obligations as managers and processors of protected data. In terms of legal regulation of business secrets, which also obliges the FURS, it is the task of presenting the problem of regulating the basis for business secrets in Slovenia and comparison of business secrets with selected countries and on that basis verification. it was established whether Slovenia implemented Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed professional knowledge and commercial information (business secrets) before their illegal acquisition, use and disclosure.

Published
2019

47. The role of cryptocurrency on the dark net

Author

Vejapi, Ramel and Bernik, Igor

Subjects
projekt Tor, Cryptocurrency, globoki internet, Invisible Internet Project, Deep web, udc:004.056(043.2), Project Tor, Dark net, bitcoin, temni internet, kriptovalute, navidezni internetni projekt, diplomske naloge, anonimnost, Anonymity
Abstract

V diplomskem delu je predstavljena vloga kriptovalute na temnem internetu. V današnjem svetu je njena prisotnost postavila pomembno vprašanje anonimnosti in prostega pretoka informacij. Globoki in temni splet je za vsakodnevne uporabnike interneta neznan. Zavedajo se, da obstaja, vendar ga ne uporabljajo. Vsebine na temnem internetu so namreč ilegalne, na globokem pa niso. Tako se razrešuje dilema, ali sta to pravzaprav dva spleta ali le en. Oba interneta sta del celote, kamor spadajo tudi vsa naša socialna omrežja. Celoto imenujemo internet. Dostop do globokega in temnega interneta nam omogočajo različni brskalniki, ki so bili narejeni z namenom prostega pretoka informacij ter prostega gibanja po internetu z uživanjem anonimnosti. V diplomskem delu smo predstavili brskalnika Tor in I2P, ki sta priljubljena brskalnika, imata največ uporabnikov ter sta najpogosteje prisotna v akademskih vodah. Predstavili smo tudi delovanje usmerjevalnikov, ki informacijo šifrirata na svoja posebna načina Tor za šifriranje in zaščito informacij uporablja večnivojski usmerjevalnik, I2P pa posebni večnivojski usmerjevalnik, t. i. česnov usmerjevalnik. Oba brskalnika smo analizirali glede anonimnosti in hitrosti in ju primerjali. V diplomskem delu predstavljamo postopek dostopa do ilegalnih vsebin z uporabo brskalnika Tor. Ker na današnjem internetu nismo nikoli popolnoma anonimni, želita Tor in I2P to zagotoviti. In the bachelor's thesis, is introduces the role of cryptocurrency on the deep web. In today's world the presence of cryptocurrency has put an important question about anonymity and how can that anonymity be abused. On the other side, we have a browser like Tor and I2P that enable free flow of information with the security of anonymity. Deep and dark net is for everyday internet user unknown. The explanation of those words for everyday user can mean a wired website or an illegal websites. Partially they are correct websites on the dark net are mostly illegal websites. The Deep web and dark net are explained in today's media as two different Internets, however they are wrong Dark net is part of the deep web and both of them are part of todays world wide web including our popular social media. Access to the deep and dark net are accessible with the help of browsers that they were made to provide free access of information and browsing experience with full anonymity in our bachelor's thesis, we will look at two browsers and they are Tor and I2P, we chose those two browsers because of there user base and popularity in academic waters. We introduced how their rauters are working to encrypt the information. Tor uses the onion router on the other side I2P uses the garlic router for the encrypt and protect the information. We analysed both of the browsers on category's anonymity, speed and comparison with each other. In thesis is also introduced the way how easy is to get access to illegal websites with the use of browser Tor. In today's world wide web we are never browsing anonymously Tor and I2P are working to be truly anonymous.

Published
2019

48. Understanding of the deep and dark web in Slovenia

Author

Klemenčič, Jure and Bernik, Igor

Subjects
globoki splet, splet, diplomske naloge, criminal, kriminal, bitcoin, deep web, temni splet, dark web, udc:004.738.5+343.3/.7(043.2), web
Abstract

Dandanes skoraj vsak izmed nas uporablja računalnik, mobilni telefon in ostale pametne naprave - pa naj bo to za komunikacijo, zabavo ali pa službene zadeve. Iz dneva v dan se posledično veča tudi število uporabnikov spleta, saj so potrebe po vsebinah na spletu vse bolj iskane in popularne. Čedalje bolj se vsebine selijo na splet, saj so tam lažje dostopne in omogočajo uporabnikom dostop kjerkoli. Za dostop potrebujemo le povezavo z internetom in napravo, katera nam omogoča dostop. Površinski splet oz. splet, ki ga uporabljamo za vsakdanjo uporabo, ni celota svetovnega spleta, je le zgornja plast omenjenega. Zraven površinskega spleta poznamo še globoki in temni splet, ki pa sta manj poznana, skrita in težje dostopna. V diplomskem delu bomo odkrivali, kaj sestavlja globoki in temni splet ter ugotavljali, ali v tem delu spleta najdemo samo legalne ali pa tudi ilegalne zadeve. Podrobneje bomo spoznali brskalnike, s katerimi dostopamo do teh vsebin, med katerimi je najbolj znan TOR – The Onion Router, ki nam zagotavlja stopnjo anonimnosti in zasebnosti. Prav tako bomo spoznali tudi kriptovaluto Bitcoin, ki je glavni način plačevanja v tem predelu spleta. V praktičnem delu diplomskega dela bomo raziskali, ali Slovenci področje temnega in globokega spleta poznamo, ali zanj prvič slišimo. V tem delu bomo ugotovili tudi, za kakšne namene uporabniki globokega in temnega spleta uporabljajo ta del svetovnega spleta in kako varno se počutijo med brskanjem po le-tem. To bomo ugotovili s pomočjo anketnega vprašalnika, ki ga bomo razdelili med naključne anketirance. Namen našega diplomskega dela je bralcem predstaviti in razširiti znanje o tem skrivnostnem delu svetovnega spleta. Nowadays, almost everyone uses a computer, mobile phone and other smart devices whether it be for communication, entertainment or business related matters. Consequently, there are more users of the web each day due to the demands for online content, which is becoming more desirable and more popular. Contents are increasingly moving to the web because they can be accessed there easily and anywhere. To access them, we only need an internet connection and a device which enables this access. Surface web, or the web that we use every day, does not represent the whole World Wide Web, only the top layer of it. In addition to the surface web, we also know the deep and dark web, which are less known, hidden and less accessible. This diploma thesis will uncover what the deep and dark web consist of, and establish if we can find only legal or perhaps also illegal contents in this part of the web. There will be more details about browsers with which we can access these contents, most notably TOR – The Onion Router, which guarantees the appropriate level of anonymity and privacy. In addition, Bitcoin cryptocurrency, which is the main method of payment in this part of the web, will be discussed. In the practical part of the thesis, we will investigate whether Slovenians know the domain of the deep and dark web or have they never heard about it. This section will also give the reader an idea for what purposes the users of the deep and dark web use this part of the World Wide Web and how safe they feel while browsing. The research was done with the help of a questionnaire which was distributed among random interviewees. The intention of this diploma thesis is to present and expand the knowledge of the readers about this mysterious part of the World Wide Web.

Published
2019

49. Response model to cyber attacks at nuclear facilities

Author

Tomažič, Samo and Bernik, Igor

Subjects
odziv, response, jedrsko varovanje, critical infrastructure, kritična infrastruktura, cyber security, doktorske disertacije, kibernetska varnost, nuclear security, cyber-attack, udc:004.056:621.039(043.3), kibernetski napad
Abstract

Raziskovanje področja izrednih dogodkov v jedrski varnosti je specifično. Svetovna zgodovina ponuja izredno malo število primerov jedrskih in radioloških nesreč, ki so privedle do resnih posledic škodljivega vpliva ionizirajočega sevanja na ljudi in okolje, kar kaže na posebno specifiko. Na področju jedrskega varovanja in kibernetske varnosti v jedrskih objektih je primerov še manj, obenem pa nihče ne želi ali ne sme deliti informacij o tovrstnih dogodkih. V doktorski disertaciji je celovito predstavljena problematika kibernetske varnosti in odziva na kibernetske napade v jedrskih objektih oziroma v jedrskem sektorju na splošno. Izvedena raziskava je prva tovrstna v Sloveniji in ena izmed redkih v svetu. Z metodo deskripcije smo pregledali članke, diplomske naloge, magistrske naloge, doktorske disertacije, strokovne spletne strani, knjige, znanstvene revije in najrazličnejše standarde, priporočila in navodila ter izvedli popis javno dostopnih virov, kot so državne zakonodaje, nacionalna poročila držav članic, predpise, smernice, dobre prakse, dokumente upravljavcev jedrskih objektov in upravnih organov ter poročila mednarodnih organizacij. Na podlagi omenjenega pregleda smo oblikovali teoretična izhodišča. Stanje smo nato natančno analizirali z vodenimi strukturiranimi intervjuji z mednarodnimi strokovnjaki, zaposlenimi v jedrskih objektih, pri upravnih organih, tehnično podpornih organizacijah, z dobavitelji računalniške opreme ter pri drugih, ki so zadolženi za kibernetsko varnost v jedrskem sektorju. Podatke smo nato obdelali z osnovano teorijo. Zbrani podatki predstavljajo izhodišče za pripravo modela odziva na kibernetske napade v jedrskih objektih, ki smo ga z metodo modeliranja izgradili, verificirali in validirali. Na podlagi virov in mnenj stroke smo prišli do ugotovitev o problematiki, med katerimi najbolj izstopajo težave upravljavcev jedrskih objektov pri implementaciji ustreznih zaščitnih ukrepov na podlagi predpisov upravnih organov ter uporabi primernih smernic. Upravljavci jedrskih objektov so pri upravljanju kibernetske varnosti prepuščeni sami sebi, še posebej zaradi pomanjkanja izmenjave informacij v celotnem jedrskem sektorju doma in v tujini. Na podlagi znanja in razumevanja smo izdelali model odziva na kibernetske napade v jedrskih objektih, ki je namenjen vsem deležnikom v jedrskem sektorju pri organiziranju svojih in skupnih aktivnosti v povezavi z odzivom na kibernetske napade. Model sestavljajo štiri dimenzije deležniki, komunikacija, stopnjevanje in faze odziva. Izdelan model so dodatno validirali tudi ključni deležniki. Z izdelanim modelom smo v sodelovanju z Upravo Republike Slovenije za jedrsko varnost in vsemi ključnimi deležniki organizirali prvo državno vajo s področja odziva na kibernetske napade v jedrskem sektorju. Med vajo smo se osredotočili le na dimenziji deležnikov in komunikacije med njimi, tako zaradi kompleksnosti modela kot zaradi prepoznanih največ pomanjkljivosti ravno na tem področju. Model je dovolj splošen, da se ga lahko s prilagoditvami implementira tudi v druge sektorje kritične infrastrukture. Rezultati doktorske disertacije so na voljo širši javnosti in prinašajo pomemben prispevek k nacionalni in mednarodni varnosti na področju kritične infrastrukture. Na znanstvenem področju pa prinašajo inovativen in celovit model za obravnavanje kibernetskih napadov na kritično infrastrukturo, s poudarkom na zagotavljanju učinkovitega jedrskega varovanja in jedrske varnosti. Nuclear safety research is a very specific domain. History offers us just a small number of events that had serious radiological consequences for people and the environment. In the field of nuclear security, and with focus on cyber security in the nuclear sector, the number of serious events is even smaller. Even in the case of such events, not everybody wants to share this information. In our doctoral dissertation we presented a comprehensive view on cyber security and cyber security incident response planning at nuclear facilities, and nuclear sector in general. We conducted research on this topic, which was the first one of this kind in Slovenia, and one of only a few such studies in the world. Using the method of description, we have analyzed articles, bachelor diplomas, master diplomas, doctoral dissertations, professional web pages, scientific magazines, many different standards, recommendations, guides and other publicly available sources like national legislations, member state reports, regulations, guides, good practices, nuclear facility operator and competent authority procedures, and reports of international organizations. Based on the analysis of all these sources, the theoretical starting point was constructed. We then further analyzed the state of cyber security in nuclear sector with guided structured interviews, involving international experts from nuclear facilities, competent authorities, technical support organizations, computer equipment suppliers, and other stakeholders involved in cyber security activities in nuclear sector. Data were processed with the grounded theory. All the data gathered represented a starting point for the development of a response model to cyber-attacks at nuclear facilities, which we developed, verified and validated with the modelling method. Based on the sources and expert opinions, we came to the conclusion about the topic, and identified the problems that stand out the most. One example lies with the nuclear facility operators and their implementation of appropriate measures, based on regulatory guides, issued or pointed out by the competent authorities. Nuclear facility operators are also left to implement computer security to themselves, especially because there is a lack of information exchange within the entire nuclear sector on both a domestic and international level. Based on knowledge gained, and our understanding of the situation, we built a response model to cyber-attacks at nuclear facilities, which is intended for use by all stakeholders in the nuclear sector, for organizing internal and joint activities in preparation for a cyber-attack. The model consists of four dimensions stakeholders, communication, escalation and phases. The model was additionally validated by all key stakeholders. With assistance from the Slovenian Nuclear Safety Administration and key stakeholders, we tested the model during the first exercise on cyber-attack at nuclear facility in nuclear sector ever held in Slovenia. During the exercise we focused only on two dimensions stakeholders and communication between them. The first reason for this approach was that it is a quite complex model, and the second reason was the current lack of communication in the entire nuclear sector. The model is general enough to be implemented in other sectors of critical infrastructure, with minimal modification. Results of the doctoral dissertation are available to the public and bring an important contribution for a national and international security of critical infrastructure. From a scientific perspective, they bring innovative and comprehensive model for cyber-attack response planning in entire critical infrastructure sector, with a focus on assuring effective nuclear security and nuclear safety.

Published
2019

50. Secure usage of social networks for youngsters

Author

Škofca, Ines Maria and Bernik, Igor

Subjects
varna uporaba spletnih socialnih omrežij, mladostniki, safe use of online social network, udc:004.056(043.2), diplomske naloge, online social networks, adolescents, advantages and dangers of online social networks, prednosti in nevarnosti spletnih socialnih omrežjih, spletna socialna omrežja
Abstract

V diplomskem delu:  predstaviti področje varnosti v socialnih spletnih omrežij na starostni skupini 14 letnikov,  predstaviti nevarnosti uporabe spletnih socialnih omrežij pa tudi prednosti,  podati smernice, kako mladostnike zaščititi pred pastmi spleta in podati priporočila za varno uporabo spletnih socialnih omrežij, we present most common risks and dangers online, such as: sexual harassment, sexting, bullying, hate speech and online social network addiction, identity theft ect. We also present measures or action young people can undertake in order to more effectively protect themselves against unwanted content and negative experiences on line in general.

Published
2019

Catalog

Books, media, physical & digital resources
See catalog results