Page - 61 - in Critical Issues in Science, Technology and Society Studies - Conference Proceedings of the 17th STS Conference Graz 2018

required. The probability, severity, and counter-measures1, called controls are analyzed to enunciate a framework on which resources can be deployed. To manage the risk posed by threats, controls are deployed. ISO 27000:2005 describes a control as “any administrative, management, technical, or legal method that is used to manage risk. Controls are safeguards or countermeasures. Controls include things like practices, policies, procedures, programs, techniques, technologies, guidelines, and organizational structures.” They strengthen the ability of the asset to counter these threats. Non-deployment of controls to mitigate the threats may lead to the inadequate accrual of value. Controls have a cost as well as an overhead. They must therefore be applied judiciously. Furthermore, their deployment must inspire confidence in the netizen, while simultaneously having credibility with not only the local governing bodies, but also the concerned internet service providers (ISPs). The mechanism is illustrated in Figure 1. Figure 1 – Operationalizing Risk Threats. According to the ISO 270052, risks emerge when “threats abuse vulnerabilities of assets to generate harm for the organization”. For our purpose, ‘asset’ is the value identified. A threat is thus a specific scenario or a sequence of actions that exploits (through its vectors) a set of vulnerabilities associated with the accrual of value. Their identification is fundamental to risk analysis. There is a causal connection between the realization of a threat (or a threat vector) and the resolution of the dilemma. A threat can also be interpreted as any eventuality, if it occurs and goes unchecked will lead to the emergence of a dilemma. New forms and scope for expression by threat agents have also enabled violations of protective rights such as those concerned with security, defamation, hate speech, discrimination, and child protection. Advances in the Internet of Things (IoT) technologies and the ever increasing pervasiveness of digital services on the 1 The Internet Engineering Task Force (IETF) RFC 2828 defines the term countermeasure as “an action, device, procedure, or technique that reduces a threat, vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.” 2 ISO/IEC 27005 is part of a growing family of International Standards published by the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC) in the area of Information security management systems (ISMS) of International Standards is often referred to as the 'ISO/IEC 27000 series'; http://www.itgovernance.co.uk/ 61