Paper 1: American perspectives on cyber and security: Coining the linguistic tradition  

 Saara Jantunen, Aki-Mauri Huhtinen

Department of Leadership and Military Pedagogy,

National Defence University, Helsinki, Finland

sijantunen@gmail.com, aki.huhtinen@mil.fi 

Abstract

Politicians can no longer escape commenting on cyber issues, which has made cyber discourse part of everyday politics. This article approaches political statements on ‘cyber’ and analyzes cyber discourse in the context of information operations. The empiricism of the article consists of language analysis, which covers both structural and semantic aspects of political cyber discourse. The results show that cyber is a synonym to threat: The U.S. has the identity of the vulnerable and technologically outdated, while the enemy is skilled and resourceful. This normalization of threat has become part of cyber discourse and legitimizes the exceptional security measures.

Keywords: cyber warfare, critical discourse analysis, securitization, Internet freedom

Paper 2: Does traditional security risk assessment have a future in Information Security?

 A. B. Ruighaver¹, M. Warren¹ and A. Ahmad²,

¹ School of Information Systems,

Deakin University, Australia

Email: {tobias, matthew.warren} @deakin.edu.au  

² Department of Computing and Information Systems,

University of Melbourne, Australia

Email: atif@unimelb.edu.au  

Abstract.

The current information security standards still advocate the use of risk assessment in the prioritisation of security investments. However, prior research on the use of risk assessment methodologies in organisational security has shown that the use of the traditional monolithic risk assessment process described in the current risk management standard is simply not practical at the organisational level. This paper first examines the problems in performing a systematic risk assessment and then discusses the limitations of a traditional risk assessment. To address these limitations, this paper proposes splitting up the current monolithic risk assessment process. The result is an information security assessment framework that puts greater emphasis on situational awareness and allows for better decision making on the prioritization of security investments.

Keywords: information security, risk management, security assessment, security requirements.

Paper 3: Single and Double Power Laws for Cyber-Crimes

Richard E Overill, Jantje A. M. Silomon

Department of Informatics, King’s College London, Strand, London UK

 richard.overill@kcl.ac.uk

jantje.silomon@kcl.ac.uk

Abstract

Eleven years of financial loss data from the CSI annual Computer Crime and Security surveys have been analysed to discover whether or not they obey some form of power law relationship. Evidence is adduced for the existence of both single and double power laws, and their characteristic exponents are determined, together with various statistical and probabilistic reliability measures. The findings are interpreted in terms of the modus operandi of cyber-criminals as revealed in the CSI survey data. In particular, a distinction between opportunistic cyber-crime and serious organized cyber-crime is found at cyber-heists with an average magnitude of circa US$2.86M.