Papers by Tamás Szádeczky
Hadtudomány, 2022
A digitalizáció minden üzleti területet elér, csak idő kérdése, hogy a kevésbé fejlett területek,... more A digitalizáció minden üzleti területet elér, csak idő kérdése, hogy a kevésbé fejlett területek, mint a címben foglalt vízi közművek mikor jutnak el a jelenlegi nyugat-európai szintre. A tanulmány elemzi a digitalizáció lehetséges területeit a klórgáz-adagolástól az okos merőkig, majd az új szolgáltatások biztonsági kihívásait állítja ezekkel párhuzamba. . Ezek a folyamatok már a villamosenergia-ellátás területén lejátszódtak: a kritikus infrastruktúrára vonatkozó szabályok, a bevezetett technológiák (pl. okos merők), a kockázatokból eredő incidensek és az ezek miatt megindult tudományos kutatások. Ezek mind előre vetítik a vízi közmű-szektor jövőjét, amit inkább proaktívan alakítani kellene a jó példák alapján.
Bookmarks Related papers MentionsView impact
Periodica Polytechnica Social and Management Sciences, 2023
In recent decades, Information and Communication Technologies (ICT) have significantly evolved, f... more In recent decades, Information and Communication Technologies (ICT) have significantly evolved, further establishing the information society. However, ICT systems are subject to security incidents, and most malicious attacks have cascading effects. Decision-makers need to understand the potential financial effects of incidents if they wish to clearly perceive the potential risks and thus make an appropriate allocation of resources to ICT security. Our research attempts to develop a comprehensive toolset for the analysis of cybersecurity incidents. The toolset is based on conventional methodologies of cash-flow evaluation and balance of payments. We discuss several use cases of real-world examples with incidents affecting essential service providers and manufacturers. The case studies involve incidents affecting energy service providers, banks, water utilities, aircraft manufacturers, car manufacturers, IT software providers, air, rail, and water transport companies, the pharmacy, and the health sector. Analysis of the incidents involves our framework being applied at three levels: organisational, governmental, and international.
Bookmarks Related papers MentionsView impact
Acta Polytechnica Hungarica, 2023
This paper discusses the increasing significance of smart water management, within the context of... more This paper discusses the increasing significance of smart water management, within the context of the fourth industrial revolution and the associated cybersecurity risks, particularly in Hungary and Central Europe. By examining the current state of smart water management and analyzing the various cybersecurity threats, this study seeks to raise awareness around the need for enhanced security measures, in this critical sector. The research methodology is primarily based on a through literature review and secondarily, on related data analysis. The paper identifies several cybersecurity challenges and potential solutions for smart water management and finally suggests future research directions, to ensure the safe and sustainable development of this critical infrastructure.
Bookmarks Related papers MentionsView impact
International Journal of Information and Communication Technology Education, 2022
Massive open online courses (MOOCs) aim at unlimited participation and open access via the web. T... more Massive open online courses (MOOCs) aim at unlimited participation and open access via the web. There are concerns about the actual value of such courses. This is predominantly due to higher dropout rates. According to studies, only 7-13% go on to complete these courses. The high dropout rate in MOOCs is a challenge for education providers. This paper aims to explore reasons for high dropout rates within MOOCs and how they can be minimized. With this in mind, two research questions have been set for this study: 1) Why do MOOC participants not complete their courses? 2) How can the course completion rate be increased? Implementation of the strategies investigated in this paper can increase completion rates in MOOCs. In conclusion, after analyzing the collected data, the final results have shown that gamification increased the completion rate of MOOCs.
Bookmarks Related papers MentionsView impact
Security and Defence Quarterly
The complex relationships of economic actors and the high dependency on information and communica... more The complex relationships of economic actors and the high dependency on information and communication technologies make it necessary for all relevant entities to develop protection. This protection should include preventive and reactive controls in a risk-proportionate manner in relation to the business value protected. We aimed to develop a solution to support cybersecurity-related business decisions with financial analytics. The risk-based approach helps management find the optimum solution with minimal costs, where protection prevents some incidents from occurring, while the risks associated with other incidents are accepted in an informed way. The security industry developed a number of apparatuses to find the optimum security controls that enforced the fiscal aspects, which typically contain solutions used in planning. However, the actual expenditure often differs from the planned budget for several reasons, one of which is the occurrence of security incidents. We used the comm...
Bookmarks Related papers MentionsView impact
Central and Eastern European eDem and eGov Days, Sep 22, 2022
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Academic and Applied Research in Military and Public Management Science, 2498-5392 2786-0744, 2018
The paper deals with comparative research of the communication security of e-Government services ... more The paper deals with comparative research of the communication security of e-Government services in Germany and Hungary. The focus point of the research is to analyse the cryptographic security algorithms and protocols which encrypt communication in the relations of the citizen and a governmental body. The analysis includes the general e-Government portals, central web services, and specialised services, like taxation and criminal record extracts. The actuality of the topic lies in the fact that the security of the citizens' personal data, used, stored and transferred by the governmental bodies can be in danger. Two examples are the loss of 25 million UK citizens' personal data in 2007 because of a failure of the UK Customs Service and the compromise personally identifiable information of 191 million US citizens, stored in the Voter Database in 2015. The goal of the research is to check the current practice used for governmental communication, based on international standards and current practices. The study compares the e-administration systems of a country of Central Europe which is considered less developed in e-government systems and processes than a Western European country. Based on the evaluation, which can be found at the end of this study, those persons who are responsible for the operation of such systems, can see the actual benchmarks of the communication security. So, this way they can learn about the usage of what communication protocols and cryptographic algorithms are recommended and under what settings.
Bookmarks Related papers MentionsView impact
2020 IEEE 18th International Symposium on Intelligent Systems and Informatics (SISY), 2020
Nowadays, the digital transformation of organizations is not a challenge but a must-have. In the ... more Nowadays, the digital transformation of organizations is not a challenge but a must-have. In the spring of 2020, practically the whole world worked from home offices. Now digital adaptation is the challenge for many people and orgaization. This situation poses challenges for the cybersecurity world. At the time of writing this article, there is no exact data yet on what cybersecurity incidents have occurred or how much damage they have caused. Nevertheless, it is certain that in the pandemic chaos, many corporates made mistakes during their digital adaptation processes. To a considerable extent, these mistakes are due to humans. Even though there are outstanding technological solutions or regulations at a company, if this riskfactor is not appropriately managed, then the other two are worthless. Despite the need, there is no widespread human risk anylisys method in cybersecurity, because it is difficult to measure, and covered in obscurity. In this paper, the authors propose a fuzzy model to organizations whereby they can measure this risk if they have sufficient information about the workforce. The model will be easier understood if presented through a specific threat, the digital leakage of classified information from a critical infrastructure.
Bookmarks Related papers MentionsView impact
2018 International IEEE Conference and Workshop in Óbuda on Electrical and Power Engineering (CANDO-EPE), 2018
The aim of our research was to elaborate the current concept of the IoT based on the scientific p... more The aim of our research was to elaborate the current concept of the IoT based on the scientific papers up to now and to draw up the potential legal and security risks, which may affect the users or the state. We categorized the challenges of the IoT usage. The main problems in the aspect of data protection, are traceability and confidentiality issues.
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
2020 IEEE 3rd International Conference and Workshop in Óbuda on Electrical and Power Engineering (CANDO-EPE), 2020
Due to the technical advancement, Information and Communication Technologies have been a critical... more Due to the technical advancement, Information and Communication Technologies have been a critical part of our life a while resulting in better conformity and faster administration. On the other hand, threat space has expanded with the digitalization and altered to be more complicated as an undesired effect by this advancement. Recognizing this fact as an outcome of the Estonian cyberattack campaign, the European Union is consciously strengthening its cyber-defence. However, legislation evolves slowly, so after an eleven-year delay, the Network and information security (NIS) Directive came to the effect. The NIS Directive made advances to the world of critical infrastructures in the European Union, but on the other hand, threats have evolved, too. From these two threads comes the question of whether the nature of the incidents has changed or not. This work tries to find the answer with the review of publicly available cyber-incidents that occurred in the last ten years, focusing on t...
Bookmarks Related papers MentionsView impact
Interdisciplinary Description of Complex Systems, 2019
Nowadays we cannot speak about cybersecurity as a simple problem. It is not just about users cann... more Nowadays we cannot speak about cybersecurity as a simple problem. It is not just about users cannot properly use the devices because of a malware settle in their computers. Now professionals have to work in a more complex system. The information technology meshes most of our life. Begin with people use their smartphones over that companies lead most of their processes via computers. Nations want that their citizens can live in a healthier, more comfortable, economical place, so they started to think about how can they warrant a better life. Result in this governments started to make critical infrastructure more economical with the help of information technology. That is how Smart Cities began to evolve. However, bringing into practice these innovations is still not enough. If we use any technology, we shall use it securely, that is why we must build our advanced city as a secure Smart City. If not, our systems can be attacked in different ways. In the view of last years, we can acce...
Bookmarks Related papers MentionsView impact
Security and Defence Quarterly, 2021
Computer networks are usually modelled from one aspect, e.g., the physical layer of the network, ... more Computer networks are usually modelled from one aspect, e.g., the physical layer of the network, although this does not allow the researcher to understand all usage of that device. We aim to develop a model which leverages all aspects of a networked computer and, therefore, provides complete information to the scientist for all further security research, especially that related to the social sciences. Network science is about the analysis of any network, from social to protein. It is much easier to analyse computer networks with technical tools than protein networks. It is, therefore, a straightforward way to crawl the web as Albert-Laszlo Barabasi did to model its connections, nodes, and links in graph theory to analyse its internal connections. His analysis was based solely on the network layer. Our methodology uses graph theory and network science and integrates all ISO/OSI (computer networking) layers into the model. Each layer of the ISO/OSI model has its topology separately, but all of them also work as part of the complex system to operate the network. It therefore creates a multipartite graph of the network under analysis. Furthermore, the virtual private networks (VPNs) and application usage are also integrated as nodes and links. With this model, the computer network infrastructure and usage data can be used for further non-computing related research, e.g., social science research, as it includes the usage patterns of the network users.
Bookmarks Related papers MentionsView impact
Land Forces Academy Review, 2021
In current socio-economic processes, info-communication services play a determining role, modifyi... more In current socio-economic processes, info-communication services play a determining role, modifying the activities of certain actors. The growing dependence that has developed over the past two decades has imposed the need to give political will to security, which has led to an iterative evolution of the regulatory environment. Therefore, the regulatory framework requires certain entities to develop safeguards including controls that enhance both prevention and response in a manner commensurate with the business value of the information to be protected. However, due to the nature of cybersecurity, developing such countermeasures is not the task of a standalone organization but all entities in cyberspace in a wide range, from individuals to the public sector. Therefore, each entity involved must design protection capabilities in a manner commensurate with the risk, which requires strategic tools and methods and drives organizations to learn from their security incidents. Following ou...
Bookmarks Related papers MentionsView impact
Security and Defence Quarterly, 2021
Botnets, the remotely controlled networks of computers with malicious aims, have significantly af... more Botnets, the remotely controlled networks of computers with malicious aims, have significantly affected the international order from Ukraine to the United States in recent years. Disruptive software, such as malware, ransomware, and disruptive services, provided by those botnets has many specific effects and properties. Therefore, it is paramount to improve the defences against them. To tackle botnets more or less successfully, one should analyse their code, communication, kill chain, and similar technical properties. However, according to the Business Model for Information Security, besides technological attributes, there is also a human and organisational aspect to their capabilities and behaviour. This paper aims to identify the aspects of different attacks and present an analysis framework to identify botnets' technological and human attributes. After researching the literature and evaluating our previous findings in this research project, we formed a unified framework for the human-organisational classification of botnets. We tested the defined framework on five botnet attacks, presenting them as case studies. The chosen botnets were ElectrumDoSMiner, Emotet, Gamover Zeus, Mirai, and VPNFilter. The focus of the comparison was motivation, the applied business model, willingness to cooperate, capabilities, and the attack source. For defending entities, reaching the target state of defending capabilities is impossible with a one-time development due to cyberspace's dynamic behaviour and botnets. Therefore, one has to develop cyberdefence and conduct threat intelligence on botnets using such methodology as that presented in this paper. This framework comprises people and technological attributes according to the BMIS model, providing the defender with a standard way of classification.
Bookmarks Related papers MentionsView impact
Land Forces Academy Review, 2021
In the current social and economic processes, information and communication services play a decis... more In the current social and economic processes, information and communication services play a decisive role, changing several entities’ operations. The growing dependence that has developed over the last two decades made the security needs introduced political will, which has resulted in an iterative evolution of the regulatory environment. Hence, the legal framework requires that several entities develop protection that includes controls enhancing both preventive and reactive in a risk-proportionate manner under the business value to be protected. Nevertheless, due to the nature of cybersecurity, the development of such capabilities is not the task of a single organisation but all entities involved in cyberspace, including, e.g., individuals, non-profit and for-profit organisations, public sector actors. Therefore, each involved entity should design protection capabilities in a risk-proportionate manner, which requires strategic approaches and tools and requires organisations to lear...
Bookmarks Related papers MentionsView impact
Belügyi Szemle
Az információ- és kommunikációtechnológián alapuló ipari forradalom nem csak az egyre növekvő mér... more Az információ- és kommunikációtechnológián alapuló ipari forradalom nem csak az egyre növekvő mértékű digitalizációt, hanem az azzal járó biztonsági kockázatokat és az utóbbiból következő gazdasági károkat is magával hozza. A védekezést nehezíti, hogy egyes előrejelzések szerint 2021-re világszinten 3,5 millió betöltetlen kiberbiztonsági pozícióval kell számolnunk. Ez a munkaerőpiaci helyzet pedig nemcsak technikai, hanem stratégiai és szakpolitikai kérdéseket is felvet. Az innovációt nem lineáris folyamatként modellező Triple Helixmodellből kiindulva ezt a technológiai fejlődés által indukált hiányt az egyetemek, az állam és a vállalatok kapcsolatain, partnerségi viszonyán keresztül is vizsgálhatjuk. Ennek alapja, hogy egyrészt a területen nélkülözhetetlen tudás, illetve az ipari igények is folyton változnak, ugyanakkor az felsőoktatási keretszámok és a közoktatási orientáció is állami feladat. Jelen tanulmány a felsőoktatási tanulmányaik mellett extra fejlődésre és megmérettetésre...
Bookmarks Related papers MentionsView impact
Pro Futuro
A technológia fejlődésének társadalomra gyakorolt hatása a társadalomelmélet kedvelt témaköre az ... more A technológia fejlődésének társadalomra gyakorolt hatása a társadalomelmélet kedvelt témaköre az elmúlt ötven évben: számtalan szakirodalmi forrás elemzi az információs társadalom kialakulását és az informatikai és kommunikációs technológiák társadalmi hatásait. E társadalmi változások aztán jellemzően leképeződnek a jogalkotásban is, rendszerint több-kevesebb késéssel követve azokat. Az Európai Unió információs társadalom- és médiapolitikájának jogalkotási eredményei, az ahhoz kapcsolódó folyamatos szakmai és éles politikai viták, és egy új jogterület, az infokommunikációs jog kialakulása egyértelműen mutatja ennek jelentőségét.
Bookmarks Related papers MentionsView impact
Uploads
Papers by Tamás Szádeczky