297,445 research outputs found
Recommended from our members
Current capabilities, requirements and a proposed strategy for interdependency analysis in the UK
The UK government recently commissioned a research study to identify the state-of-the-art in Critical Infrastructure modelling and analysis, and the government/industry requirements for such tools and services. This study (Cetifs) concluded with a strategy aiming to bridge the gaps between the capabilities and requirements, which would establish interdependency analysis as a commercially viable service in the near future. This paper presents the findings of this study that was carried out by CSR, City University London, Adelard LLP, a safety/security consultancy and Cranfield University, defense academy of the UK
Limits and opportunities of risk analysis application in railway systems
Risk Analysis is a collection of methods widely used in many industrial sectors. In the transport sector it has been particularly used for air transport applications. The reasons for this wide use are well-known: risk analysis allows to approach the safety theme in a stochastic - rather than deterministic - way, it forces to break down the system in sub-components, last but not least it allows a comparison between solutions with different costs, introducing de facto an element of economic feasibility of the project alternatives in the safety field. Apart from the United Kingdom, in Europe the application of this tool in the railway sector is relatively recent. In particular Directive 2004/49/EC (the "railway safety directive") provides for compulsory risk assessment in relation to the activities of railway Infrastructure Managers (IMs) and of Railway
Undertakings (RUs). Nevertheless the peculiarity of the railway system - in which human, procedural, environmental and technological components have a continuous interchange and in which human responsibilities and technological functions often overlap - induced the EC to allow wide margins of subjectivity in the interpretation of risk assessment. When enacting Commission Regulation (EC) No 352/2009 which further regulates this subject, a risk assessment is considered positive also if the IM or RU declare to take safety measures widely used in normal practice. The paper shows the results of a structured comparative analysis of the rail sector and other industrial sectors, which illustrate the difficulties, but also the opportunities, of a transfer towards the railway system of the risk analysis methods currently in use for the other systems
Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures
An IT risk assessment must deliver the best possible quality of results in a time-effective way. Organisations are used to customise the general-purpose standard risk assessment methods in a way that can satisfy their requirements. In this paper we present the QualTD Model and method, which is meant to be employed together with standard risk assessment methods for the qualitative assessment of availability risks of IT architectures, or parts of them. The QualTD Model is based on our previous quantitative model, but geared to industrial practice since it does not require quantitative data which is often too costly to acquire. We validate the model and method in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results w.r.t. the goals of the stakeholders of the system. We also perform a review of the most popular standard risk assessment methods and an analysis of which one can be actually integrated with our QualTD Model
Towards an integrated model for citizen adoption of E-government services in developing countries: A Saudi Arabia case study
This paper considers the challenges that face the widespread adoption of E-government in developing countries, using Saudi Arabian our case study. E-government can be defined based on an existing set of requirements. In this paper we define E-government as a matrix of stakeholders; governments to governments, governments to business and governments to citizens using information and communications technology to deliver and consume services. E-government has been implemented for a considerable time in developed countries. However E-government services still faces many challenges their implemented and general adoption in developing countries. Therefore, this paper presents an integrated model for ascertaining the intention to adopt E-government services and thereby aid governments in accessing what is required to increase adoption
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting
Hosting providers play a key role in fighting web compromise, but their
ability to prevent abuse is constrained by the security practices of their own
customers. {\em Shared} hosting, offers a unique perspective since customers
operate under restricted privileges and providers retain more control over
configurations. We present the first empirical analysis of the distribution of
web security features and software patching practices in shared hosting
providers, the influence of providers on these security practices, and their
impact on web compromise rates. We construct provider-level features on the
global market for shared hosting -- containing 1,259 providers -- by gathering
indicators from 442,684 domains. Exploratory factor analysis of 15 indicators
identifies four main latent factors that capture security efforts: content
security, webmaster security, web infrastructure security and web application
security. We confirm, via a fixed-effect regression model, that providers exert
significant influence over the latter two factors, which are both related to
the software stack in their hosting environment. Finally, by means of GLM
regression analysis of these factors on phishing and malware abuse, we show
that the four security and software patching factors explain between 10\% and
19\% of the variance in abuse at providers, after controlling for size. For
web-application security for instance, we found that when a provider moves from
the bottom 10\% to the best-performing 10\%, it would experience 4 times fewer
phishing incidents. We show that providers have influence over patch
levels--even higher in the stack, where CMSes can run as client-side
software--and that this influence is tied to a substantial reduction in abuse
levels
Trusted CI Experiences in Cybersecurity and Service to Open Science
This article describes experiences and lessons learned from the Trusted CI
project, funded by the US National Science Foundation to serve the community as
the NSF Cybersecurity Center of Excellence. Trusted CI is an effort to address
cybersecurity for the open science community through a single organization that
provides leadership, training, consulting, and knowledge to that community. The
article describes the experiences and lessons learned of Trusted CI regarding
both cybersecurity for open science and managing the process of providing
centralized services to a broad and diverse community.Comment: 8 pages, PEARC '19: Practice and Experience in Advanced Research
Computing, July 28-August 1, 2019, Chicago, IL, US
- …