References

[1] P. Pagani, Cyber Defense Magazine (CDM), Cyber Defense Media Group, 2019.
[2] H. Österle e B. Otto, «Consortium Research: A Method for Researcher-Practitioner Collaboration in Design-Oriented IS Research,» Business & Information Systems Engineering, vol. 2, n. 5, pp. 283-293, October 2010.
[3] F. Xia, L. T. Yang, L. Wang e A. Vinel, «Internet of Things,» International Journal of Communication Systems 25 (September 2012), vol. 9, pp. 1101-1102, 2012.
[4] H. Meng, V. Thing, Y. Cheng, Z. Dai e L. Zhang, «A survey of Android exploits in the wild,» Computers & Security, vol. 76, pp. 71-91, 2018.
[5] C. A. Ardagna, E. Damiani, J. Schutte e P. Stephanow, «A Case for IoT Security Assurance,» in Internet of Things (ITTCC), Springer Link, 2017, pp. 175-192.
[6] S. Choi e M. E. Johnson, Do Hospital Data Breaches Reduce Patient Care Quality?, 2019.
[7] J. Jiang e G. Bai, «Evaluation of Causes of Protected Health Information Breaches,» JAMA Internal Medicine, vol. 179, 2018.
[8] I. Butun, P. Österberg e H. Song, «Security of the Internet of Things: Vulnerabilities, Attacks and Countermeasures,» IEEE Communications Surveys & Tutorials, vol. PP, pp. 1-1, 2019.
[9] M. Park, H. Oh e K. Lee, «Security Risk Measurement for Information Leakage in IoT-Based Smart Homes from a Situational Awareness Perspective,» Sensors, vol. 19, p. 2148, 2019.
[10] A. Maiti, M. Jadliwala, J. He e I. Bilogrevic, «Side-Channel Inference Attacks on Mobile Keypads using Smartwatches,» IEEE Transactions on Mobile Computing, vol. PP, 2017.
[11] A. Sarkisyan, R. Debbiny e A. Nahapetian, «WristSnoop: Smartphone PINs prediction using smartwatch motion sensors,» in Proceedings of the 2015 IEEE International Workshop on Information Forensics and Security (WIFS), Rome, 2015.
[12] S. Chakraborty, W. Ouyang e M. Srivastava, «LightSpy: Optical eavesdropping on displays using light sensors on mobile devices,» in Proceedings of the 2017 IEEE International Conference on Big Data (Big Data), Boston, MA, USA, 11-14 December 2017.
[13] C. A. Ardagna, R. Asal, E. Damiani e Q. Vu, «From Security to Assurance in the Cloud: A Survey,» in ACM Computing Surveys (CSUR), August, 2015.
[14] M. Anisetti, C. A. Ardagna, F. Gaudenzi e E. Damiani, «A semi-automatic and trustworthy scheme for continuous cloud service certification,» IEEE Transactions on Services Computing, 2017.
[15] M. Anisetti, C. A. Ardagna, F. Gaudenzi, E. Damiani e G. Jeon, «Cost-effective deployment of certified cloud composite services,» Journal of Parallel and Distributed Computing, vol. 135, 2019.
[16] A. Shaik, R. Borgaonkar, N. Asokan, V. Niemi e J.-P. Seifert, «Practical Attacks Against Privacy and Availability in4G/LTE Mobile Communication Systems,» ArXiv, vol. abs/1510.07563, 7 August 2015.
[17] S. Hussain, O. Chowdhury, S. Mehnaz e E. Bertino, «LTEInspector: A Systematic Approach forAdversarial Testing of 4G LTE,» Network and Distributed Systems Security (NDSS) Symposium 2018, February 2018.
[18] M. Chlosta, D. Rupprecht, T. Holz, Pöpper e Christina, «LTE Security Disabled—Misconfiguration inCommercial Networks,» in Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, 2019.
[19] R. Bassil, A. Chehab, I. Elhajj e A. Kayssi, «Signaling oriented denial of service on LTE networks,» in Proceedings of the 10th ACM international symposium on Mobility management and wireless access, 2012.
[20] M. Brundage, S. Avin, J. Clark, H. Toner, P. Eckersley, B. Garfinkel, A. Dafoe, P. Scharre, T. Zeitzoff, B. Filar, H. Anderson, H. Roff, G. Allen, J. Steinhardt, C. Flynn e S. HÉigeartaigh, «The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation,» ArXiv, february 2018.
[21] G. Pék, L. Buttyan e B. Bencsáth, «A Survey of Security Issues in Hardware Virtualization,» ACM Computing Surveys (CSUR), vol. 45, pp. 45, 3, Article 40, June 2013.
[22] B. Williams, «Virtualization System Security,» IBM Corporation, 2010.
[23] M. Armbrust, A. Fox, R. Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica e M. Zaharia, «Above the Clouds: A Berkeley View of Cloud Computing,» University of California at Berkeley UCB/EECS-2009-28, February, vol. 28, February 2009.
[24] P. Mell e T. Grance, «The NIST definition of cloud computting,» 2019.
[25] S. Chandna, R. Singh e F. Akhtar, «Data Scavenging Threat in Cloud Computing,» International Journal of Advances In Computer Science and Cloud Computing, 2014.
[26] Y. Xia, Y. Liu, H. Chen e B. Zang, «Defending against vm rollback attack,» in Proceeedings of the 42nd IEEE International Conference on Dependable Systems and Networks Workshops, 2012.
[27] F. Rocha, T. Gross e A. van Moorsel, «Defense-in-depth against malicious insiders in the cloud,» in Proceeedings of the IEEE International Conference on Cloud Engineering (IC2E’13), 2013.
[28] Y. Zhang, A. Juels, A. Oprea e M. K. Reiter, «Homealone: Co-residency detection in the cloud via side-channel analysis,» in Proceeedings of the IEEE Symposium on Security and Privacy (SP’11), 2011.
[29] Y. Zhang, A. Juels, M. K. Reiter e T. Ristenpart, «Cross-VM side channels and their use to extract private keys,» in Proceeedings of the ACM Conference on Computer and Communications Security, 2012.
[30] M. Weiß, B. Heinz e F. Stumpf, «A cache timing attack on AES in virtualization environments,» in Proceedings of the International Conference on Financial Cryptography and Data Security, 2012.
[31] G. Irazoqui, M. S. Inci, T. Eisenbarth e B. Sunar, «Fine grain cross-VM attacks on xen and VMware,» in Proceeedings of the International Conference on Big Data and Cloud Computing, 2014.
[32] Y. Yarom e K. Falkner, «FLUSH+ RELOAD: A high resolution, low noise, L3 cache side-channel attack,» in Proceeedings of the USENIX Security Symposium, 2014.
[33] G. Irazoqui, M. S. Inci, T. Eisenbarth e B. Sunar, «Seriously, get off my cloud! cross-VM RSA key recovery in a public cloud,» IACR Cryptology ePrint Archive, 2015.
[34] C. Maurice, C. Neumann, O. Heen e A. Francillon, «C5: Cross-cores cache covert channel,» in Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, 2015.
[35] J. Xiao, Z. Xu, H. Huang e H. Wang, «A covert channel construction in a virtualized environment,» in Proceeedings of the ACM Conference on Computer and Communications Security, 2012.
[36] P. Pessl, D. Gruss, C. Maurice, M. Schwarz e S. Mangard, «DRAMA: Exploiting DRAM addressing for cross-CPU attacks,» in Proceeedings of the USENIX Security Symposium, 2016.
[37] B. Albelooshi, K. Salah, T. Martin e E. Damiani, «Experimental Proof: Data Remanence in Cloud VMs,» IEEE 8th International Conference on Cloud Computing (CLOUD) 2015, 2015.
[38] B. Albelooshi, K. Salah, T. Martin e E. Damiani, «Experimental Proof: Data remanence in cloud VMs,» in Proceedings of the International Conference on Cloud Computing, 2015.
[39] S. Shafieian, M. Zulkernine e A. Haque, «Attacks in Public Clouds: Can They Hinder the Rise of the Cloud?,» in Cloud Computing, 2014, pp. 3-22.
[40] N. Fernandes e O. C. M. B. Duarte, «XNetMon: A Network Monitor for Securing Virtual Networks,» IEEE International Conference on Communications, pp. 1-5, 2011.
[41] A. van Cleeff, W. Pieters e R. Wieringa, «Security Implications of Virtualization: A Literature Study,» in International Conference on Computational Science and Engineering, Washington DC, USA, 2009.
[42] L. Shi, Y. Wu, Y. Xia, N. Dautenhahn, H. Chen, B. Zang e J. Li, «Deconstructing Xen,» in Proc of NDSS, 2017.
[43] J.-R. Yeh, H.-C. Hsiao e A.-C. Pang, «Migrant Attack: A Multi-resource DoS Attack on Cloud Virtual Machine Migration Schemes,» in 11th Asia Joint Conference on Information Security (AsiaJCIS), 2016.
[44] S. T. King e P. M. Chen, «SubVirt: Implementing malware with virtual machines,» in In Proceeedings of the IEEE Symposium on Security and Privacy, 2006.
[45] A. Desnos, E. Filiol e I. Lefou, «Detecting (and creating!) a HVM rootkit (aka BluePill-like),» Journal in Computer Virology, pp. 23-49, 2011.
[46] A. Jasti, P. Shah, R. Nagaraj e R. Pendse, «Security in multi-tenancy cloud,» in Proceeedings of the IEEE International Carnahan Conference on Security Technology, 2010.
[47] S. Checkoway e H. Shacham, «Iago attacks: Why the system call API is a bad untrusted RPC interface,» International Conference on Architectural Support for Programming Languages and Operating Systems – ASPLOS, pp. 253-264, 2013.
[48] M. Kandias, N. Virvilis e D. Gritzalis, «The insider threat in cloud computing,» in Proceeedings of the International Workshop on Critical Information Infrastructures Security, 2011.
[49] F. Rocha e M. Correia, «Lucy in the sky without diamonds: Stealing confidential data in the cloud,» in Proceeedings of the IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W’11), 2011.
[50] C. Li, A. Raghunathan e N. K. Jha, «Secure virtual machine execution under an untrusted management OS,» in Proceeedings of the 3rd IEEE International Conference on Cloud Computing, 2010.
[51] Y. Demchenko, P. Membrey, P. Grosso e C. Laat, «Addressing Big Data Issues in Scientific Data Infrastructure,» in Proc. of CTS 2013, San Diego, CA, USA, May, 2013.
[52] C. A. Ardagna, P. Ceravolo e E. Damiani, «Big Data Analytics as-a-Service: Issues and challenges,» in Proc. of the 3rd International Workshop on Privacy and Security of Big Data (PSBD 2016), Washington, VA, USA, December, 2016.
[53] D. Eckhoff e C. Sommer, «Driving for Big Data? Privacy Concerns in Vehicular Networking,» Security & Privacy, IEEE, vol. 12, n. 1, pp. 77-79, January 2014.
[54] R. Lu, H. Zhu, X. Liu, J. K. Liu e J. Shao, «Toward Efficient and Privacy-Preserving Computing in Big Data Era,» Network, IEEE, vol. 28, n. 4, pp. 46-50, July 2014.
[55] D. Wu, M. J. Greer, D. W. Rosen e D. Schaefer, «Cloud Manufacturing: Strategic Vision and State-of-the-Art,» Journal of Manufacturing Systems, vol. 32, n. 4, pp. 564-579, 2013.
[56] K. E. Martin, «Ethical issues in the big data industry,» MIS Quarterly Executive, vol. 14, p. 2, 2015.
[57] H. V. Jagadish, J. Gehrke, A. Labrinidis, Y. Papakonstantinou, J. M. Patel, R. Ramakrishnan e C. Shahabi, «Big Data and Its Technical Challenges,» Communications of the ACM, vol. 57, n. 7, pp. 86-94, 2014.
[58] H. R. Ekbia, M. Mattioli, I. Kouper, G. Arave, A. Ghazinejad, T. Bowman, V. R. Suri, A. Tsou, S. Weingart e C. R. Sugimoto, «Big Data, Bigger Dilemmas: A Critical Review,» Journal of the Association for Information Science and Technology, vol. 66, n. 8, pp. 1523-1545, 2015.
[59] E. Damiani, «Toward Big Data Leak Analysis,» Proceedings of the Privacy and Security of Big Data Workshop (PSBD 2015), IEEE Big Data Conference, 1-3 November 2015.
[60] S. Aditham e N. Ranganathan, «A novel framework for mitigating insider attacks in big data systems,» 2015 IEEE International Conference on Big Data, 2015.
[61] G. Li, P. Zhu, J. Li, Z. Yang, N. Cao e Z. Chen, «Security Matters: A Survey on Adversarial Machine Learning».
[62] Z. Mengchen, B. An, Y. Yu, S. Liu e S. J. Pan, «Data Poisoning Attacks onMulti-Task Relationship Learning,» in Proc. of the The Thirty-Second AAAI Conferenceon Artificial Intelligence (AAAI-18), 2018.
[63] S. Yi, T. Erpek, Y. E. Sagduyu e J. H. Li, «Spectrum Data Poisoning with Adversarial Deep Learning,» MILCOM 2018 – 2018 IEEE Military Communications Conference (MILCOM), 2018.
[64] B. Li, Y. Wang, A. Singh e Y. Vorobeychik, «Data poisoning attacks on factorization-based collaborative filtering,» in Proceedings of the 30th International Conference on Neural Information Processing Systems (NIPS’16), 2016.
[65] D. Zügner, A. Akbarnejad e S. Günnemann, «Adversarial Attacks on Neural Networks for Graph Data,» in Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD ’18), 2018, 2018.
[66] J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka e G. Lo Iacono, «All your clouds are belong to us: security analysis of cloud management interfaces,» in Proceedings of the 3rd ACM workshop on Cloud computing security workshop (CCSW ’11), 2011.
[67] J. Huang, D. M. Nicol e R. H. Campbell, «Denial-of-Service Threat to Hadoop/YARN Clusters with Multi-Tenancy,» IEEE International Congress on Big Data, 2014.
[68] E. R. Osawaru e R. A. Ariyaluran Habeeb, «A Highlight of Security Challenges in Big Data,» International Journal of Information Systems and Engineering (online), vol. 2, n. 1, April 2014.
[69] M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom e M. Hamburg, « Meltdown: reading kernel memory from user space,» in Proceedings of the 27th USENIX Conference on Security Symposium (SEC’18), 2018.
[70] P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz e Y. Yarom, «Spectre Attacks: Exploiting Speculative Execution,» in Proc. of the 40th IEEE Symposium on Security and Privacy (S\&P’19)}, 2019.
[71] M. Anisetti, C. Ardagna, E. Damiani e G. Polegri, «Test-Based Security Certification of Composite Services,» ACM Transactions on the Web, vol. 13, pp. 1-43, February 2019.
[72] S. De Capitani di Vimercati, S. Foresti, G. Livraga e P. Samarati, «Data privacy: Definitions and techniques,» International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 20, n. 6, pp. 793-817, 2012.
[73] P. Orduña, A. Almeida, U. Aguilera, X. Laiseca, D. López-de-Ipiña e A. Gómez-Goiri, «Identifying’Identifying Security Issues in the Semantic Web: Injection attacks in the Semantic Query Languages,» VI Jornadas Científico-Técnicas en Servicios Web y SOA (JSWEB 2010p.), pp. 43-50, September 2010.
[74] N. Ben Mustapha, H. Zghal, M.-A. Aufaure e H. Ben Ghezala, «Enhancing semantic search using case-based modular ontology,» in Proceeding of the 2010 ACM Symposium on Applied Computing, 2010.
[75] I. Homoliak, F. Toffalini, J. Guarnizo, Y. Elovici e M. Ochoa, «Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures,» ACM Computing Surveys, vol. 52, pp. 1-40, March 2019.
[76] A. Kellett, «Trends and Future Directions in Data Security—2015 Vormetric Insider Threat Report,» Vormetric Data Security, 2015.
[77] M. Collins, M. Theis, R. Trzeciak, J. Strozer, J. Clark, D. Costa, T. Cassidy, M. Albrethsen e A. Moore, «Common Sense Guide to Prevention and Detection of Insider Threats (5th ed.),» Pittsburgh, PA, 2016.
[78] M. Reddy, M. Keeney, E. Kowalski, D. M. Cappelli e A. P. Moore, «Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector,» Pittsburgh, PA, 2005.
[79] E. Kowalski, T. Conway, S. Keverline, M. Williams, D. M. Cappelli, B. Willke e A. P. Moore, «Insider threat study: Illicit cyber activity in the government sector,» 2008.
[80] L. F. Fischer, «Characterizing information systems insider offenders,» in Proceedings of the Conference of the International Military Testing Association, 2003.
[81] E. Shaw, K. Ruby e J. Post, «The Insider threat to information systems: The psychology of the dangerous insider,» Security Awareness Bulletin, vol. 2, pp. 1-10, 1998.
[82] M. Keeney, E. Kowalski, A. P. Moore, T. Shimeall e S. Rogers, «Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors,» Washington DC, 2005.
[83] G. Magklaras e S. Furnell, «Insider Threat Prediction Tool: Evaluating the probability of IT misuse,» Computers & Security, vol. 21, pp. 62-73, 2002.
[84] G. Jabbour e D. A. Menascé, «Stopping the insider threat: The case for implementing autonomic defense mechanisms in computing systems,» in Proceedings of the International Conference of Information Security and Privacy, 2009.
[85] M. Bishop, S. Engle, S. Peisert, S. Whalen e C. Gates, «Case studies of an insider framework,» in Hawaii International Conference on System Sciences, Los Alamitos, CA, 2009.
[86] C. W. Probst e J. Hunker, «The Risk of Risk Analysis And its Relation to the Economics of Insider Threats,» Springer, 2010, pp. 279-299.
[87] J. Predd, S. L. Pfleeger, J. Hunker e C. Bulford, «Insiders Behaving Badly,» Security & Privacy, IEEE, vol. 6, n. 4, pp. 66-70, 2008.
[88] M. Anisetti, C. A. Ardagna, R. Asal, L. Comi, E. Damiani e F. Gaudenzi, «A Knowledge-Based IoT Security Checker,» in Proc. of the 2nd Workshop on Fog-to-Cloud Distributed Processing (F2c-DP), Turin, Italy, August, 2018.
[89] P. Bhat e K. Dutta, «A Survey on Various Threats and Current State of Security in Android Platform,» ACM Computing Surveys, vol. 52, pp. 1-35, February 2019.
[90] N. Zhang, K. Yuan, M. Naveed, X. Zhou e X. Wang, «Leave Me Alone: App-Level Protection against Runtime Information Gathering on Android,» in Proceedings of the 2015 IEEE Symposium on Security and Privacy, 2015.
[91] U. Fiore, F. Palmieri, A. Castiglione, V. Loia e A. De Santis, «Multimedia-based battery drain attacks for Android devices,» in Proceedings of the 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC’14), 2014.
[92] S. oeplau, Y. Fratantonio, A. Bianchi, A. Bianchi, C. Kruegel e G. Vigna, «Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications,» in Proceedings of the Network and Distributed System Security Symposium, 2014.
[93] N. Hardy, «The Confused Deputy (or why capabilities might have been invented),» ACM SIGOPS Operating Systems Review 22, vol. 4, pp. 36-38, October 1988.
[94] R. Schlegel, K. Zhang, X.-y. Zhou, M. Intwala, A. Kapadia e X. Wang, «Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones,» in Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS), 2011.
[95] P. H. Meland, M. Asim, D. Ayed, F. Dalpiaz, E. Félix, P. Giorgini, S. Gonzáles, B. Lempereur e J. Ronan, «Security and Trustworthiness Threats to Composite Services: Taxonomy, Countermeasures, and Research Directions,» in Brucker A.D., Dalpiaz F., Giorgini P., Meland P.H., Rios E. (eds) Secure and Trustworthy Service Composition, vol. 8900, Springer, Cham, 2014.
[96] M. Evans, L. Maglaras, Y. He e H. Janicke, «Human Behaviour as an aspect of Cyber Security Assurance,» Security and Communication Networks 9(17), 2016.
[97] T. Holz, N. Pohlmann, E. Bodden, M. Smith e J. Hoffmann, «Human-Centered. Systems Security,» Bochum, 2016.
[98] I. Corradini e E. Nardelli, «Building Organizational Risk Culture in Cyber Security: The Role of Human Factors,» in Advances in Human Factors in Cybersecurity, vol. 782, Springer, Cham, 2019.
[99] N. Sohrabi Safa, R. Von Solms e L. Futcher, «Human aspects of information security in organisations,» Computer Fraud & Security, pp. 15-18, 2016.
[100] A. Vieane, G. Funke, R. Gutzwiller, V. Mancuso, B. Sawyer e C. Wickens, «Addressing Human Factors Gaps in Cyber Defense,» in Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 2016.
[101] A. Rashid, G. Danezis, H. Chivers, E. Lupu, A. Martin, M. Lewis e C. Peersman, «Scoping the Cyber Security Body of Knowledge,» IEEE Security & Privacy, vol. 16, n. 3, pp. 96-102, 2018.
[102] H. Aldawood e G. Skinner, «Challenges of Implementing Training and Awareness Programs Targeting Cyber Security Social Engineering,» in 2019 Cybersecurity and Cyberforensics Conference (CCC), May 2019.
[103] M. Courtney, «States of cyber-warfare,» Engineering & Technology, vol. 12, n. 3, pp. 22-25, 2017.
[104] R. Hughes, «NATO and Cyber Defence,» in Atlantisch Perspectief, 2009, p. 33.
[105] C. S. Yoo, «Cyber Espionage or Cyberwar?: International Law, Domestic Law, and Self-Protective Measures,» in Cyberwar: Law and Ethics for Virtual Conflicts, 2015, pp. 15-3.
[106] C. Everett, «The lucrative world of cyber-espionage,» Computer Fraud & Security, vol. 7, pp. 5-7, 2009.
[107] B. Watkins, «The impact of cyber attacks on the private sector,» Association for International Affair, 2014.
[108] M. Bressler e L. Bressler, «Protecting your company’s intellectual property assets from cyber-espionage,» Journal of Legal, Ethical, and Regulatory Issues, vol. 18, n. 1, p. 21, 2015.
[109] A. Garg, J. Curtis e H. Halper, «Quantifying the financial impact of IT security breaches,» Information Manaement & Computer Security, vol. 11, n. 2, pp. 73-84, 2003.
[110] E. Gal-Or e A. Ghose, «The Economic Consequences of Sharing Security Information,» in Economics of information security, Boston, MA, 2004.
[111] S. Chai, M. Kim e H. Rao, «Firms’ information security investment decisions: Stock market evidence of investors’ behavior,» Decision Support Systems, vol. 50, n. 4, pp. 651-661, 2011.
[112] L. Gordon, M. Loeb e L. Zhou, «The Impact of Information Security Breaches: Has There Been a Downward Shift in Costs?,» Journal of Computer Security, vol. 19, n. 1, pp. 33-56, 2011.
[113] V. Richardson, M. W. Watson e R. E. Smith, «Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches,» Journal of Information Systems, 2019.
[114] Z. He, T. Frost e R. Pinsker, «The Impact of Reported Cybersecurity Breaches on Firm Innovation,» Journal of Information Systems, 2019.
[115] P. Rosati, M. Cummins, P. Deeney, F. Gogolin, L. Van der Werff e T. G. Lynn, «The effect of data breach announcements beyond the stock price: Empirical evidence on market activity,» International Review of Financial Analysis, vol. 49, pp. 146-154, 2017.
[116] C. Scherer e H. Cho, «A Social Network Contagion Theory of Risk Perception,» Risk analysis : an official publication of the Society for Risk Analysis, vol. 23, n. 2, pp. 261-267, 2003.
[117] V. Bakir, «Media and risk: Old and new research directions,» Journal of Risk Research, vol. 13, n. 1, pp. 5-18, 2010.
[118] I. Chung, «Social Amplification of Risk in the Internet Environment,» Risk analysis : an official publication of the Society for Risk Analysis, vol. 31, n. 12, pp. 1883-1896, 2011.
[119] W. Gharibi e M. Shaabi, «Cyber Threats In Social Networking Websites,» International Journal of Distributed and Parallel Systems, vol. 3, 2012.
[120] S. Johnson, K. Bowers, L. Gamman, L. Tisdall e A. Warne, «Theft of Customers’ Personal Property in Cafés and Bars,» in Problem-Oriented Guides for Police, 2010, p. 60.
[121] S. G. Wakeling, P. Hannay e Z. Baig, «A review of data breaches and losses that occurred from laptops that were stolen or otherwise misplaced in 2015 and 2016,» in The Proceedings of 15th Australian Information Security Management Conference, Perth, Western Australia, 5-6 December, 2017.
[122] R. Mahajan, D. Wetherall e T. Anderson, «Understanding BGP misconfiguration,» ACM SIGCOMM Computer Communication Review, vol. 32, n. 4, pp. 3-16, 2002.
[123] O. Nordström e C. Dovrolis, «Beware of BGP attacks,» Computer Communication Review, vol. 34, pp. 1-8, 2004.
[124] V. Pappas, D. Wessels, D. Massey, S. Lu, A. Terzis e L. Zhang, «Impact of Configuration Errors on DNS Robustness,» ACM SIGCOMM Computer Communication Review, vol. 34, n. 4, 2004.
[125] F. Cuppens, N. Cuppens-Boulahia e J. Garcia-Alfaro, «Detection and removal of firewall misconfiguration,» in Proceedings of the 2005 IASTED International Conference on Communication, Network and Information Security, 2005.
[126] B. Eshete, A. Villafiorita e K. Weldemariam, «Early Detection of Security Misconfiguration Vulnerabilities in Web Applications,» 2011 Sixth International Conference on Availability, Reliability and Security, 2011.
[127] A. Continella, M. Polino, M. Pogliani e S. Zanero, «There’s a Hole in that Bucket!: A Large-scale Analysis of Misconfigured S3 Buckets,» in Proceedings of the 34th Annual Computer Security Applications Conference, 2018.
[128] E. Schultz, «A framework for understanding and predicting insider attacks,» Computers & Security, vol. 21, n. 6, pp. 526-531, 2002.
[129] P. Turner, W. Polk e E. Barker, «Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance,» National Institute of Standards and Technology, 2012.
[130] B. Danev, H. Luecken, S. Capkun e K. Eldefrawy, «Attacks on physical-layer identification,» in Proceedings of the third ACM conference on Wireless network security, 2010.
[131] V. Khanna, E. Kim e Y. Lu, «CEO Connectedness and Corporate Fraud,» The Journal of Finance, vol. 70, n. 3, pp. 1203-1252, 2015.
[132] A. Etzioni, «Geo. J. The Private Sector: A Reluctant Partner in Cybersecurity,» in Int’l Aff. 15, 2014, p. 69.
[133] P. Tobin, M. Mckeever, J. Blackledge, M. Whittington e B. Duncan, «UK Financial Institutions Stand to Lose Billions in GDPR Fines: How can They Mitigate This?,» in Br. Account. Financ. Assoc. Scottish Area Gr. Annu. Conf., BAFA, Ed. a cura di, Aberdeen, 2017.
[134] P. Voigt e A. Bussche, «Enforcement and Fines Under the GDPR,» in The EU General Data Protection Regulation (GDPR), Springer, Cham, 2017, pp. 201-217.
[135] M. Lesk, «Cybersecurity and Economics,» IEEE Security & Privacy, vol. 9, n. 6, pp. 76-79, 2011.
[136] J. J. Cordes, «An overview of the economics of cybersecurity and cybersecurity policy,» 2011.
[137] B. Kaplan, «Selling Health Data,» Cambridge quarterly of healthcare ethics : CQ : the international journal of healthcare ethics committees, vol. 24, n. 03, pp. 256-71, 2015.
[138] M. Huesch, M. Ong e B. D. Richman, «Could Data Broker Information Threaten Physician Prescribing and Professional Behavior?,» SSRN Electronic Journal, 2015.
[139] E. Toch, C. Bettini, E. Shmueli, L. Radaelli, A. Lanzi, D. Riboni e B. Lepri, «The Privacy Implications of Cyber Security Systems: A Technological Survey,» ACM Computing Surveys, vol. 51, n. 2, p. 36, 2018.
[140] H. Ye, X. Cheng, M. Yuan, L. Xu, J. Gao e C. Cheng, «A survey of security and privacy in big data,» in 2016 16th international symposium on communications and information technologies (iscit), 2016.
[141] H. Berghel, «Equifax and the Latest Round of Identity Theft Roulette,» Computer, vol. 50, n. 12, pp. 72-76, 2017.
[142] R. Langner, «Stuxnet: Dissecting a Cyberwarfare Weapon,» IEEE Security & Privacy, vol. 9, n. 3, pp. 49-51, 2011.
[143] C. Bronk e E. Tikk-Ringas, «The Cyber Attack on Saudi Aramco,» Survival, vol. 55, n. 2, pp. 81-96, 2013.
[144] V. Joubert, «Five Years After Estonia’s Cyber Attacks: Lessons Learned for NATO?,» NATO Defense College, 2012.
[145] J. F. Brenner, «Eyes wide shut: The growing threat of cyber attacks on industrial control systems,» Bulletin of the Atomic Scientists, vol. 69, n. 5, pp. 15-20, 2013.
[146] G. Silowash, D. Cappelli, A. Moore, R. Trzeciak, T. J. Shimeall e L. Flynn, «Common sense guide to mitigating insider threats,» 2012.
[147] Ö. Sandıkcı e A. Ekici, «Politically motivated brand rejection,» Journal of Business Research, vol. 62, n. 2, pp. 208-217, 2009.
[148] J. J. Angel e D. M. McCabe, «The Business Ethics of Short Selling and Naked Short Selling,» Journal of Business Ethics, vol. 85, n. 1, pp. 239-249, 2009.
[149] D. W. Mccormick e J. C. Spee, «IBM and Germany 1922–1941,» Organization Management Journal, vol. 5, n. 4, pp. 214-223, 2008.
[150] S. M. Rao e J. B. Hamilton III, «The effect of published reports of unethical conduct on stock prices,» Journal of Business Ethics, vol. 15, n. 12, pp. 1321-1330, 1996.
[151] F. M. Chee, «An Uber ethical dilemma: examining the social issues at stake,» Journal of Information, Communication and Ethics in Society, vol. 16, n. 3, pp. 261-274, 2018.
[152] M. Ahsan, «Entrepreneurship and Ethics in the Sharing Economy: A Critical Perspective,» Journal of Business Ethics, pp. 1-15, 2018.
[153] B. Srinidhi, J. Yan e G. K. Tayi, «Allocation of Resources to Cyber-Security: The Effect of Misalignment of Interest between Managers and Investors,» Decision Support Systems, vol. 75, pp. 49-62, 2015.
[154] E. Flaspöler, A. Hauke, P. Pappachan, D. Reinert, B. T., N. Henke e R. O. D. Beeck, «The human machine interface as an emerging risk,» EU-OSHA (European Agency for Safety and Health at Work), Luxembourg, 2009.
[155] C. Ciborra, «The Labyrinths of Information: Challenging the Wisdom of Systems,» OUP, Oxford, 2002.
[156] C. Kruse, B. Frederick, T. Jacobson e D. K. Monticone, «Cybersecurity in healthcare: A systematic review of modern threats and trends,» Technology and Health Care, vol. 25, n. 1, pp. 1-10, 2017.
[157] H. Kupwade Patil e R. Seshadri, «Big Data Security and Privacy Issues in Healthcare,» 2014 IEEE International Congress on Big Data, pp. 762-765, 2014.
[158] J. Sametinger e J. W. Rozenblit, «Security Challenges for Medical Devices,» Communications of the ACM, vol. 58, n. 4, pp. 75-82, 2015.
[159] A. Humayed, J. Lin, F. Li e B. Luo, «Cyber-Physical Systems Security — A Survey,» IEEE Internet of Things Journal, vol. 4, n. 6, pp. 1802-1831, 2017.
[160] M. Shafahi, L. Kempers e H. Afsarmanesh, «Phishing through social bots on Twitter,» 2016 IEEE International Conference on Big Data (Big Data), 2016.
[161] C. Shao, G. L. Ciampaglia, O. Varol, A. Flammini e F. Menczer, «The spread of fake news by social bots,» pp. 96-104, 2017.
[162] C. Shao, G. L. Ciampaglia, O. Varol, A. Flammini, F. Menczer e K.-C. Yang, «The spread of low-credibility content by social bots,» Nature Communications, vol. 9, n. 1, p. 4787, 2018.
[163] A. Bessi e E. Ferrara, «Social bots distort the 2016 U.S. Presidential election online discussion,» First Monday, vol. 21, n. 11-7, 2016.
[164] F. Brachten, M. Mirbabaie, S. Stieglitz, O. Berger, S. Bludau e K. Schrickel, «Threat or Opportunity? – Examining Social Bots in Social Media Crisis Communication».
[165] A. Nowak, P. Lukowicz e P. Horodecki, «Assessing Artificial Intelligence for Humanity: Will AI be the Our Biggest Ever Advance ? or the Biggest Threat [Opinion],» IEEE Technology and Society Magazine, vol. 37, n. 4, pp. 26-34, 2018.
[166] Y. Duan, J. Edwards e Y. Dwivedi, «Artificial intelligence for decision making in the era of Big Data – evolution, challenges and research agenda,» International Journal of Information Management, vol. 48, pp. 63-71, 2019.
[167] D. Helbing, B. Frey, E. Hafen, J. van den Hoven, G. Gigerenzer, R. Zicari, A. Zwitter e Y. Hofstetter, «Will Democracy Survive Big Data and Artificial Intelligence?,» In Towards Digital Enlightenment, pp. 73-98, 2019.
[168] E. Global, «Swiss Organization Better Prepared to Predict and Resist Cyber-attacks but Still a Long Way to go: EY Global Information Security Survey,» 2017. [Online]. Available: https://www.ey.com/ch/en/newsroom/news-releases/news-release-ey-swiss-organizations-better-prepared-to-predict-and-resist-cyber-attacks. [Consultato il giorno 12 June 2019].
[169] SecCord Project, «SECurity and trust COoRDination and enhanced collaboration,» [Online]. Available: https://cordis.europa.eu/project/rcn/105977/factsheet/es. [Consultato il giorno 27 November 2019].
[170] IPACSO Project, «Innovation Framework for ICT Security,» [Online]. Available: https://ipacso.eu/. [Consultato il giorno 27 November 2019].
[171] M. Brzoska, R. Bossong e E. van Um, «Security Economics in the European Context: Implications of the EUSECON Project,» Economics of Security Working Paper Series, vol. 58, 2011.
[172] VALUESEC Project, «Mastering the Value Function of Security Measures,» [Online]. Available: https://cordis.europa.eu/project/rcn/97989/factsheet/en. [Consultato il giorno 27 November 2019].
[173] CIRAS Project, «Critical Infrastructure Risk Assessment Support,» [Online]. Available: http://www.cirasproject.eu/. [Consultato il giorno 27 November 2019].
[174] ECOSSIAN Project, «European Control System Security Incident Analysis Network,» [Online]. Available: https://ecossian.eu. [Consultato il giorno 27 November 2019].
[175] PULSE Project, «Platform for European Medical Support During Major Emergencies,» [Online]. Available: http://www.pulse-fp7.com. [Consultato il giorno 27 Novembre 2019].
[176] SECONOMICS Project, «Socio-economics meets Security,» [Online]. Available: http://seconomicsproject.eu/. [Consultato il giorno 27 November 2019].
[177] B. Arief, M. B. Adzmi e T. Gross, «Understanding cybercrime from its Stakeholders Perspectives: Part 1–Attackers,» IEEE Security & Privacy, vol. 13, pp. 71-76, February 2015.
[178] S. Dzomira, «Electronic Fraud (Cyber Fraud) Risk in the Banking Industry,» Risk Governance and Control: Financial Markets and Institutions, vol. 4, pp. 16-26, 2014.
[179] U. M. e W. Fuadi, «A Method for Evaluating Information Security Governance (ISG) Components in Banking Environment,» Journal of Physics: Conference Series, vol. 812, pp. 12-31, 2017.
[180] S. Robert, T. Vijay e Z. Tim, «Best Practices in Cyber Supply Chain Risk Management,» US Resilience Project, 2016.
[181] S. Dynes, E. Goetz e M. Freeman, «Cyber Security: Are Economic Incentives Adequate?,» in Critical Infrastructure Protection, Springer, 2008, pp. 15-27.
[182] M. Camillo, «Cyber Security: Risks and Management of Risks for Global Banks and Financial Institutions,» Journal of Risk Management in Financial Institutions, vol. 10, pp. 196-200, 2017.
[183] A. R. Raghavan e L. Parthiban, «The Effect of Cybercrime on a Bank’s Finances,» International Journal of Current Research & Academic Review, vol. 2, pp. 173-178, January 2014.
[184] X. Vives, «Regulatory Reform in European Banking,» European Economic Review, vol. 35, pp. 505-515, 1991.
[185] K. Richards, R. LaSalle, M. Devost, F. van den Dool e J. Kennedy-White, «2017 Cost of Cyber Crime Study,» Ponemon Institute LLC, 2017.
[186] M. Brencht e T. Nowey, «A Closer Look at Information Security Costs,» in The economics of Information Security and Privacy, Springer, 2013, pp. 2-24.
[187] S. Morgan, «2019 Official Annual Cybercrime Report,» Herjavec Group, 2019.
[188] S. Moore, «Gartner Forecasts Worldwide Information Security Spending to Exceed 124 million in 2019,» Gartner, 2018.
[189] J. Bauer e M. Van Eeten, «Introduction to the Economics of Cyber security,» Communications and Strategies, vol. 81, pp. 13-22, 2011.
[190] T. Moore, «The Economics of Cyber Security: Principles and Policy Options,» International Journal of Critical Infrastructure Protection (IJCNIP), vol. 3, pp. 103-117, 2010.
[191] WhiteHouse, «The Cost of Malicious Cyber Activity to the U.S. Economy,» 2018. [Online]. Available: https://www.whitehouse.gov/wp-content/uploads/2018/03/The-Cost-of-Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf. [Consultato il giorno 3 June 2019].
[192] AFCEA, «The Economics of Cybersecurity: A Practical Framework for Cybersecurity Investment,» AFCEA International Cyber Committee, 2013.
[193] A. J. Kornecki e K. Hall, «Approaches to Assure Safety in Fly-By-Wire Systems: Airbus vs. Boeing,» in IASTED Conference on Software Engineering and Applications, Cambridge, 2004.
[194] C. McGuffin e P. Mitchell, «On Domains: Cyber and the Practice of Warfare,» International Journal, vol. 69, n. 3, pp. 394-412, 2014.
[195] Joint Task Force Transformation Initiative, «Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,» National Institute of Standards and Technology (NIST), 2014.
[196] E. Rich, J. Gonzalez, Y. Qian, F. Sveen, J. Radianti e S. Hillen, «Emergent Vulnerabilities in Integrated Operations: A Proactive Simulation Study of Economic Risk,» International Journal of Critical Infrastructure Protection, vol. 2, pp. 110-123, 2009.
[197] T. C. Horng, «A Comparative Analysis of Supply Chain Management Practices by Boeing and Airbus: Long-term Strategic Implications,» Massachusetts Institute of Technology, Massachusetts, 2006.
[198] P. Y. Chen, G. Kataria e R. Krishnan, «Correlated Failures, Diversification, and Information Security Risk Management,» MIS quarterly, pp. 397-422, 2011.
[199] W. Sonnenreich, J. Albanese e B. Stout, «Return On Security Investment (ROSI) – A Practical Quantitative Model,» Journal of Research and practice in Information Technology, vol. 38, p. 45–52, 2006.
[200] BBC, «Boeing Admits it Fell Short on Safety Alert for 737,» BBC News, 2019.
[201] C. P. Gibson e S. M. Banik, «Analyzing the Effect of Ransomware Attacks on Different Industries,» in nternational Conference on Computational Science and Computational Intelligence (CSCI 2017), Las Vegas, USA, 2017.
[202] Varonis Systems, «2018 Varonis Data Risk Report,» Varonis Inc, 2018.