Mircea Constantin SCHEAU
@ucv.ro
Automation, Computer and Electronics Faculty
University of Craiova
RESEARCH, TEACHING, or OTHER INTERESTS
Multidisciplinary, Multidisciplinary, Multidisciplinary, Multidisciplinary
Scopus Publications
Scopus Publications
Călin Mihail Rangu, Leonardo Badea, Mircea Constantin Scheau, Larisa Găbudeanu, Iulian Panait, and Valentin Radu
Emerald
PurposeIn recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented insurers with operational challenges and increased costs. The assessment of risks for health systems and cyber–physical systems (CPS) necessitates a heightened degree of attention. The significant values of potential damages and claims request a solid insurance system, part of cyber-resilience. This research paper focuses on the emerging cyber insurance market that is currently in the process of standardizing and improving its risk analysis concerning the potential insured entity.Design/methodology/approachThe authors' approach involves a quantitative analysis utilizing a Likert-style questionnaire designed to survey cyber insurance professionals. The authors' aim is to identify the current methods used in gathering information from potential clients, as well as the manner in which this information is analyzed by the insurers. Additionally, the authors gather insights on potential improvements that could be made to this process.FindingsThe study the authors elaborated it has a particularly important cyber and risk components for insurance area, because it addresses a “niche” area not yet proper addressed in specialized literature – cyber insurance. Cyber risk management approaches are not uniform at the international level, nor at the insurer level. Also, not all insurers can perform solid assessments, especially since their companies should first prove that they are fully compliant with international cyber security standards.Research limitations/implicationsThis research has concentrated on analyzing the current practices in terms of gathering information about the insured entity before issuing the cyber insurance policy, level of details concerning the cyber security posture of the insured entity and way such information should be analyzed in a standardized and useful manner. The novelty of this research resides in the analysis performed as detailed above and the proposals in terms of information gathered, depth of analysis and standardization of approach made. Future work on the topic can focus on the standardization process for analyzing cyber risk for insurance clients, to improve the proposal based also on historical elements and trends in the market. Thus, future research can further refine the standardization process to analyze in more depth the way this can be implemented and included in relevant legislation at the EU level.Practical implicationsProposed improvements include proposals in terms of the level of detail and the usefulness of an independent centralized approach for information gathering and analysis, especially given the re-insurance and brokerage activities. The authors also propose a common practical procedural approach in risk management, with the involvement of insurance companies and certification institutions of cyber security auditors.Originality/valueThe study investigates the information gathered by insurers from potential clients of cyber insurance and the way this is analyzed and updated for issuance of the insurance policy.
Călin Mihail Rangu, Nicolae Pană, and Mircea Constantin Șcheau
Springer International Publishing
Mircea Constantin Șcheau, Monica Violeta Achim, Larisa Găbudeanu, Viorela Ligia Văidean, Alexandru Lucian Vîlcea, and Liliana Apetri
MDPI AG
Drones have been included in more and more activities in various domains, such as military, commercial and personal use. The existing legislative framework insufficiently addresses the responsibility and preventive measures angles in case of vulnerability exploitation and negligence in drone usage. Such aspects can be addressed by the industry in technological processes and standardization. These are especially important aspects given the high impact that misuse of drones can have on individuals, property and buildings within the flight zone when the drone is misused. The aim of this research paper is to investigate how these elements are viewed in existing legislation and by individuals, while taking into account the technical specifics and the stakeholder ecosystem of drone usage. In this respect, we use a complex questionnaire which was sent to a final number of 233 respondents pertaining to firms specialized in IT, legal and cybersecurity. The responses have been analyzed from a qualitative and quantitative perspective. Our results highlight the areas of improvement in the existing standardization and find the followings: (1) stakeholders across the drone ecosystem are viewed as having a shared liability in certain use cases, (2) preventive measure implementation should be dispersed across the stakeholders of drone usage and (3) automation of prevention measures is considered more useful in case of malfunctioning or misuse of drones rather than user manual intervention. In addition, we make proposals to accommodate new policy requirements for the above use cases. The results of this research paper assist policy makers in improving existing standardization framework and technological processes concerning drone usage, but also stakeholders of the drone ecosystem in generating increased trust of the drone users. Further, this research paper can also assist drone software and hardware producers in calibrating their products to ensure trust of the users. In addition, trust in the use of drones for commercial and personal purposes is increased through standardization and proper approaches for situations that may cause damages to drones and to third parties.
Mircea Constantin Șcheau, Monica Violeta Achim, Larisa Găbudeanu, Iulia Brici, and Alexandru-Lucian Vîlcea
MDPI AG
Drones have been used in recent years more and more in various economic sectors (e.g., military, agriculture, retail, transport), but also for personal use and entertainment. The current legislative framework and cyber security standards do not fully address the identification of liable stakeholders in the drone ecosystem for cyber-incidents and the requirement to implement preventive cyber-security measures. The aim of this paper is to investigate how the usage of drones fits in the context of the digital economy. For this purpose, we use a complex questionnaire which was sent to a total of 233 respondents from May to July 2021. The responses are analyzed from a qualitative and quantitative perspective. Our results highlight the areas of improvement in the existing legislation and find the following: (1) respondents are willing to pay additional direct and indirect costs related to cyber security to benefit from more secure drones, (2) the entire ecosystem involved in drone production, distribution, and usage is responsible for ensuring the prevention of security breaches, and (3) respondents perceive a shared liability of stakeholders for certain types of cyber-attacks depending on the role of the stakeholders in the drone ecosystem and the type of vulnerability exploited by the cyber-attack. The details on the specific cyber-attack use cases detail each of the above for each type of cyber-attack. Finally, we make proposals to accommodate the new types of use cases brought by the use of drones in various economic contexts. The results of this research paper assist policy makers in terms of improvement to existing legislation in terms of the drone ecosystem. In addition, they increase visibility for stakeholders in the drone ecosystem in terms of aspects to focus on in order to increase the trust of clients in drone usage.
Corina-Narcisa (Bodescu) Cotoc, Maria Nițu, Mircea Constantin Șcheau, and Adeline-Cristina Cozma
MDPI AG
The aim of this study is to present the trends and effectiveness of money laundering countermeasures from the perspective of a number of suspicious transactions reported to the Financial Intelligence Units (FIUs), a number of analysis results submitted to law enforcement authorities, and the typologies of cases in European Union Member States. In order to determine the impact of the joint effort in the fight against money laundering, we used descriptive statistics to process the data and case studies from annual reports of the European FIUs for 2018 and 2019. The results of our study highlight the increase in the number of suspicious transactions notices, as well as in their quality level. There is an increasing tendency towards information exchange between European Union countries regarding the suspicion of money laundering, but there is no stable trend for referring cases to law enforcement and other responsible institutions. Based on the available data, it can be concluded that the EU anti money laundering measures are efficient, but further steps are needed to achieve higher international coordination and cooperation.
Larisa Găbudeanu, Iulia Brici, Codruța Mare, Ioan Cosmin Mihai, and Mircea Constantin Șcheau
MDPI AG
Specialty literature and solutions in the market have been focusing in the last decade on collecting and aggregating significant amounts of data about transactions (and user behavior) and on refining the algorithms used to identify fraud. At the same time, legislation in the European Union has been adopted in the same direction (e.g., PSD2) in order to impose obligations on stakeholders to identify fraud. However, on the one hand, the legislation provides a high-level description of this legal obligation, and on the other hand, the solutions in the market are diversifying in terms of data collected and, especially, attempts to aggregate data in order to generate more accurate results. This leads to an issue that has not been analyzed yet deeply in specialty literature or by legislators, respectively, the privacy concerns in case of profile building and aggregation of data for fraud identification purposes and responsibility of stakeholders in the identification of frauds in the context of their obligations under data protection legislation. This article comes as a building block in this direction of research, as it contains (i) an analysis of existing fraud detection methods and approaches, together with their impact from a data protection legislation perspective and (ii) an analysis of respondents’ views toward privacy in case of fraud identification in transactions based on a questionnaire in this respect having 425 respondents. Consequently, this article assists in bridging the gap between data protection legislation and implementation of fraud detection obligations under the law, as it provides recommendations for compliance with the latter legal obligation while also complying with data protection aspects.
Mircea Constantin Șcheau, Simona Liliana Crăciunescu, Iulia Brici, and Monica Violeta Achim
MDPI AG
Technological development brings about economic changes that affect most citizens, both in developed and undeveloped countries. The implementation of blockchain technologies that bring cryptocurrencies into the economy and everyday life also induce risks. Authorities are continuously concerned about ensuring balance, which is, among other things, a prudent attitude. Achieving this goal sometimes requires the development of standards and regulations applicable at the national or global level. This paper attempts to dive deeper into the worldwide operations, related to cryptocurrencies, as part of a general phenomenon, and also expose some of the intersections with cybercrime. Without impeding creativity, implementing suggested proposals must comply with the rules in effect and provide sufficient flexibility for adapting and integrating them. Different segments need to align or reposition, as alteration is only allowed in a positive way. Adopting cryptocurrency decisions should be unitary, based on standard policies.