Evolution and Diversification of the Going Concern Uncertainties Disclosed in the Auditor’s Report

The going concern of an entity's activity is a fundamental accounting principle. The practical application of this principle has accounting, legal and financial implications. From an accounting point of view, the management of the entities shall be responsible for drawing up the financial statements in accordance with this principle. From a legal perspective, entities that go into liquidation are no longer obliged to respect the going concern principle. When auditing financial statements, auditors shall be responsible for assessing the adequacy of compliance with the principle of going concern and for including the appropriate references in their report. The objective of the paper is to analyse the reasons for including in the auditors' report the paragraph on going concern uncertainties, in the light of their evolution over time, their frequency and diversification. The sample included 120 companies listed on European stock exchanges, included in the main stock indexes for the period 2010-2020. The data was gathered from reports published by auditors that were included in the Audit Analytics database. The results showed that there was an average trend of 20 reported situations per year, but with a significant increase over the last two years analysed mainly due to the situations arising from the impact of the Covid-19 pandemic. The most common reasons were liquidity risk, substantial liabilities and the refinancing of activities. In recent years there has been a diversification of reasons, but with a reduced frequency, such as the working capital, the decrease in stockholder equity and competitor threat. Reporting on going concern issues is of particular importance so that increasing transparency in the publication of this information can contribute to a higher degree of investor confidence in the entities' financial statements.

PACER: Platform for Android Malware Classification, Performance Evaluation and Threat Reporting

Android malware has become the topmost threat for the ubiquitous and useful Android ecosystem. Multiple solutions leveraging big data and machine-learning capabilities to detect Android malware are being constantly developed. Too often, these solutions are either limited to research output or remain isolated and incapable of reaching end users or malware researchers. An earlier work named PACE (Platform for Android Malware Classification and Performance Evaluation), was introduced as a unified solution to offer open and easy implementation access to several machine-learning-based Android malware detection techniques, that makes most of the research reproducible in this domain. The benefits of PACE are offered through three interfaces: Representational State Transfer (REST) Application Programming Interface (API), Web Interface, and Android Debug Bridge (ADB) interface. These multiple interfaces enable users with different expertise such as IT administrators, security practitioners, malware researchers, etc. to use their offered services. In this paper, we propose PACER (Platform for Android Malware Classification, Performance Evaluation, and Threat Reporting), which extends PACE by adding threat intelligence and reporting functionality for the end-user device through the ADB interface. A prototype of the proposed platform is introduced, and our vision is that it will help malware analysts and end users to tackle challenges and reduce the amount of manual work.

Research on Industrial Internet Security Emergency Management Framework Based on Blockchain: Take China as an Example

Building a national unified ISEMS (industrial internet security emergency management system) plays an important role in industrial cybersecurity defense. However, due to technical and management constraints, the current ISEMS has problems such as scattered security organizations, poor sharing channels, and fails to form an overall security guarantee capability for threat reporting, analyzing, warning, and disposing. The blockchain technology has the characters of decentralized trust construction, inter-organizational data sharing, data integrity assurance, data traceability, which just meets the requirements of the emergency management process. This paper analyzes the situation and challenges of ISEMS, describes the system architecture and organizational structure based on the blockchain, and describes the key implementation processes of blockchain-based ISEMS, including threat report, risk analysis, warning release and emergency response.

Impact Analysis of Standardized GNSS Receiver Testing against Real-World Interferences Detected at Live Monitoring Sites

GNSS-based applications are susceptible to different threats, including radio frequency interference. Ensuring that the new applications can be validated against the latest threats supports the wider adoption and success of GNSS in higher value markets. Therefore, the availability of standardized GNSS receiver testing procedures is central to developing the next generation of receiver technologies. The EU Horizon2020 research project STRIKE3 (Standardization of GNSS Threat reporting and Receiver testing through International Knowledge Exchange, Experimentation and Exploitation) proposed standardized test procedures to validate different categories of receivers against real-world interferences, detected at different monitoring sites. This paper describes the recorded interference signatures, their use in standardized test procedures, and analyzes the result for two categories of receivers, namely mass-market and professional grade. The result analysis in terms of well-defined receiver key performance indicators showed that performance of both receiver categories was degraded by the selected interference threats, although there was considerable difference in degree and nature of their impact.

Cyber Security Threat Modeling for Supply Chain Organizational Environments

Cyber security in a supply chain (SC) provides an organization the secure network facilities to meet its overall business objectives. The integration of technologies has improved business processes, increased production speed, and reduced distribution costs. However, the increased interdependencies among various supply chain stakeholders have brought many challenges including lack of third party audit mechanisms and cascading cyber threats. This has led to attacks such as the manipulation of the design specifications, alterations, and manipulation during distribution. The aim of this paper is to investigate and understand supply chain threats. In particular, the paper contributes towards modeling and analyzing CSC attacks and cyber threat reporting among supply chain stakeholders. We consider concepts such as goal, actor, attack, TTP, and threat actor relevant to the supply chain, threat model, and requirements domain, and modeled the attack using the widely known STIX threat model. The proposed model was analyzed using a running example of a smart grid case study and an algorithm to model the attack. A discrete probability method for calculating the conditional probabilities was used to determine the attack propagation and cascading effects, and the results showed that our approach effectively analyzed the threats. We have recommended a list of CSC controls to improve the overall security of the studied organization.

GNSS Threat Monitoring and Reporting: Past, Present, and a Proposed Future

Vulnerability of satellite-based navigation signals to intentional and unintentional interference calls for a high-level overview of Global Navigation Satellite System (GNSS) threats occurring globally to understand the magnitude and evolution of the problem. Therefore, a mechanism needs to be developed whereby disparate monitoring systems will be capable of contributing to a common entity of basic information about the threat scenarios they experience. This paper begins with a literature survey of 37 state-of-the-art GNSS threat monitoring systems, which have been analysed based on their respective operational features - constellations monitored and whether they possess the capability to perform interference-type classification, spoofing detection, and interference localisation. Also described is a comparative analysis of four GNSS threat reporting formats in use today. Based on these studies, the paper describes the Horizon2020 Standardisation of GNSS Threat Reporting and Receiver Testing through International Knowledge Exchange, Experimentation and Exploitation (STRIKE3) proposed integrated threat monitoring demonstration system and related standardised threat reporting message, to enable a high-level overview of the prevailing international GNSS threat scenarios and its evolution over time.