Security and privacy controls are the safeguards and countermeasures employed within an organizational system to protect the confidentiality, integrity, and availability of the system and its information, as well as the privacy of individuals. Selecting and implementing the appropriate controls for a system are important tasks that can have major implications on the operations and assets of an organization, as well as the welfare of individuals and the Nation.

Most research in defence centres on big NATO nations, while much less focus has been given to smaller NATO nations. The paper explores this issue. First, the author redefines the term 'small NATO nations' and introduces a new idea: 'no-capability NATO nation'. Then, the author conducts a systematic literature review on defence acquisition (DA). From 122 records, only five are found to relate to small NATO nations. Moreover, the identified literature is US-dominated and EU concerns prevail over NATO concerns.

This article analyzes the attempts to construct global cybersecurity norms. It differs from much of the existing literature on norm-construction since it moves beyond the interstate level to examine subnational groups and private sector actors that function as norm entrepreneurs in this policy area.

Many of these potential uses raise important social and ethical questions which demand the attention of all those involved in the research, administration, management and regulation of neuroscience research and related technological developments, including those in information and communication technologies (ICT) and robotics. In this Opinion, we suggest that we can increase our ability to identify which programmes and projects of research, development and innovation are ‘of concern’ by applying the principles of Responsible Research and Innovation (RRI) to the concept of ‘dual use’ and distinguishing between ‘responsible’ and ‘irresponsible’ systems of research and technological development. We therefore use the term ‘dual use research of concern’ (DURC) to refer to neuroscience research and technological innovations, and brain inspired developments in information and communication technologies, for use in the political, security, intelligence and military domains, which are either directly of concern because of their potential for use in ways that threaten the peace, health, safety, security and well-being of citizens, or are undertaken without responsible regard to such potential uses.

This article explains the origins and institutionalisation of cyber security in Australia—particularly ‘civilian cyber security’. The authors trace the origin of Australia’s first computer emergency response team and explain how this organisational form spread from the USA. Through it, Australia helped enable international cooperation. Domestically, however, the authors argue that the Australian government has struggled with the delegation, orchestration and abdication of responsibility for civilian cyber security, underinvesting in civilian organisations while overrelying on military and intelligence agencies. The history of this organisational field provides valuable insight into how to improve national policy and operations for cyber security.

this paper seeks to identify if the national cybersecurity centres appear to be successful

IS literature has identified various economic, performance, and environmental factors affecting cybersecurity investment decisions. However, economic modeling approaches dominate, and research on cybersecurity performance as an antecedent to investments has taken a backseat. Neglecting the role of performance indicators ignores real-world concerns driving actual cybersecurity investment decision-making. We investigate two critical aspects of cybersecurity performance: breach costs and breach identification source, as antecedents to cybersecurity investment decisions. We use organizational learning to theorize how performance feedback from these two aspects of cybersecurity breaches influences subsequent investment decisions. Using firm-level data on 722 firms in the UK, we find that higher breach costs are more likely to elicit increases in cybersecurity investments. This relationship is further strengthened if a third party identifies the breach instead of the focal firm. We contribute to the literature on cybersecurity investments and incident response.

over the past two decades, China has adopted a policy of augmenting its information warfare (IW) capabilities by leveraging the civilian sector (notably private institutions, academia, and civilian government institutions). This paper provides a broad survey of China’s cyber auxiliary capabilities and assesses how China uses its civilian economy as a “strategic reserve” in all four areas of the Information Domain.

In this paper, we present PocketCTF, an extensible and fully independent CTF platform, open to educators to run realistic virtual labs to host cybersecurity exercises in their classrooms. PocketCTF is based on containerization technologies to minimize the deployment effort and to utilize less system resources.