VISTA:an inclusive insider threat taxonomy, with mitigation strategies

Insiders have the potential to do a great deal of damage, given their legitimate access to organisational assets and the trust they enjoy. Organisations can only mitigate insider threats if they understand what the different kinds of insider threats are, and what tailored measures can be used to mitigate the threat posed by each of them. Here, we derive VISTA (inclusiVe InSider Threat tAxonomy) based on an extensive literature review and a survey with C-suite executives to ensure that the VISTA taxonomy is not only scientifically grounded, but also meets the needs of organisations and their executives. To this end, we map each VISTA category of insider threat to tailored mitigations that can be deployed to reduce the threat

Potential Terrorist Uses of Highway-Borne Hazardous Materials, MTI Report 09-03

The Department of Homeland Security (DHS) has requested that the Mineta Transportation Institutes National Transportation Security Center of Excellence (MTI NTSCOE) provide any research it has or insights it can provide on the security risks created by the highway transportation of hazardous materials. This request was submitted to MTI/NSTC as a National Transportation Security Center of Excellence. In response, MTI/NTSC reviewed and revised research performed in 2007 and 2008 and assembled a small team of terrorism and emergency-response experts, led by Center Director Brian Michael Jenkins, to report on the risks of terrorists using highway shipments of flammable liquids (e.g., gasoline tankers) to cause casualties anywhere, and ways to reduce those risks. This report has been provided to DHS. The teams first focus was on surface transportation targets, including highway infrastructure, and also public transportation stations. As a full understanding of these materials, and their use against various targets became revealed, the team shifted with urgency to the far more plentiful targets outside of surface transportation where people gather and can be killed or injured. However, the team is concerned to return to the top of the use of these materials against public transit stations and recommends it as a separate subject for urgent research

Air Force Institute of Technology Research Report 2006

This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems and Engineering Management, Operational Sciences, Mathematics, Statistics and Engineering Physics

Development of a national Human Reliability Program (HRP) model for an emerging nuclear country: Nigerian case study

The current demand for electricity and concern of the climate change in emerging countries has led to the rise in the number of nations adopting nuclear technology options. Besides this, the global rise in terrorism and the existence of credible threats in Nigeria and other emerging countries embarking on nuclear program for peaceful application may pose a critical challenge in implementation of this technology. Furthermore, the dual threat issue of providing electricity, while inadvertently producing weapon and radiological material that could similarly undermine international security must be mitigated. In order to achieve the mitigation target, it is highly important to know the elements human factors, reliability and security culture could play through the life cycle of such scheme as it traverses from cradle to grave. Additionally, the knowledge of these factors will help anticipate and correct the deficiencies that might arise from the degradation of designed procedures in the face of this emerging threats and the catastrophe that any failure could bring about. This knowledge will also provide critical guidance to Nigeria and other nuclear emerging countries that could in turn bring about significant long-term improvements in how facilities and materials are secured and managed. Establishment of a virile Human Reliability Program (HRP) is one of the requirements that is relied upon to promote such assurances of mitigation, safe, secure and uninterrupted application of nuclear technology. The outcome of this research recognizes and establishes; the acceptance and existence of credible nuclear and radiological threats, the role that HRP could play in detection and mitigation of aberrant behaviors. And most importantly, the need to establish and develop a national HRP policy for Nigeria and by extension to other emerging countries implementing nuclear power program for peaceful application. Additionally, a strategy for national threat assessment and evaluation is suggested as this is the first step that precedes the development of an HRP plan. However, this is must take into consideration the dynamics of threat spread over the country and the cost of sustaining the planning and implementation

Corporate governance and banking regulation

The globalisation of banking markets has raised important issues regarding corporate governance regulation for banking institutions. This research paper addresses some of the major issues of corporate governance as it relates to banking regulation. The traditional principal-agent framework will be used to analyse some of the major issues involving corporate governance and banking institutions. It begins by analysing the emerging international regime of bank corporate governance. This has been set forth in Pillar II of the amended Basel Capital Accord. Pillar II provides a detailed framework for how bank supervisors and bank management should interact with respect to the management of banking institutions and the impact this may have on financial stability. The paper will then analyse corporate governance and banking regulation in the United Kingdom and United States. Although UK corporate governance regulation has traditionally not focused on the special role of banks and financial institutions, the Financial Services and Markets Act 2000 has sought to fill this gap by authorizing the FSA to devise rules and regulations to enhance corporate governance for financial firms. In the US, corporate governance for banking institutions is regulated by federal and state statute and regulation. Federal regulation provides a prescriptive framework for directors and senior management in exercising their management responsibilities. US banking regulation also addresses governance problems in bank and financial holding companies. For reasons of financial stability, the paper argues that national banking law and regulation should permit the bank regulator to play the primary role in establishing governance standards for banks, financial institutions and bank/financial holding companies. The regulator is best positioned to represent and to balance the various stakeholder interests. The UK regulatory regime succeeds in this area, while the US regulatory approach has been limited by US court decisions that restrict the role that the regulator can play in imposing prudential directives on banks and bank holding companies. FSA regulatory rules have enhanced accountability in the financial sector by creating objective standards of conduct for senior management and directors of financial companies. The paper suggests that efficient banking regulation requires regulators to be entrusted with discretion to represent broader stakeholder interests in order to ensure that banks operate under good governance standards, and that judicial intervention can lead to suboptimal regulatory results

Launching the Grand Challenges for Ocean Conservation

The ten most pressing Grand Challenges in Oceans Conservation were identified at the Oceans Big Think and described in a detailed working document:A Blue Revolution for Oceans: Reengineering Aquaculture for SustainabilityEnding and Recovering from Marine DebrisTransparency and Traceability from Sea to Shore:  Ending OverfishingProtecting Critical Ocean Habitats: New Tools for Marine ProtectionEngineering Ecological Resilience in Near Shore and Coastal AreasReducing the Ecological Footprint of Fishing through Smarter GearArresting the Alien Invasion: Combating Invasive SpeciesCombatting the Effects of Ocean AcidificationEnding Marine Wildlife TraffickingReviving Dead Zones: Combating Ocean Deoxygenation and Nutrient Runof

Unmanned Aircraft Systems in the Cyber Domain

Unmanned Aircraft Systems are an integral part of the US national critical infrastructure. The authors have endeavored to bring a breadth and quality of information to the reader that is unparalleled in the unclassified sphere. This textbook will fully immerse and engage the reader / student in the cyber-security considerations of this rapidly emerging technology that we know as unmanned aircraft systems (UAS). The first edition topics covered National Airspace (NAS) policy issues, information security (INFOSEC), UAS vulnerabilities in key systems (Sense and Avoid / SCADA), navigation and collision avoidance systems, stealth design, intelligence, surveillance and reconnaissance (ISR) platforms; weapons systems security; electronic warfare considerations; data-links, jamming, operational vulnerabilities and still-emerging political scenarios that affect US military / commercial decisions. This second edition discusses state-of-the-art technology issues facing US UAS designers. It focuses on counter unmanned aircraft systems (C-UAS) – especially research designed to mitigate and terminate threats by SWARMS. Topics include high-altitude platforms (HAPS) for wireless communications; C-UAS and large scale threats; acoustic countermeasures against SWARMS and building an Identify Friend or Foe (IFF) acoustic library; updates to the legal / regulatory landscape; UAS proliferation along the Chinese New Silk Road Sea / Land routes; and ethics in this new age of autonomous systems and artificial intelligence (AI).https://newprairiepress.org/ebooks/1027/thumbnail.jp

CPA\u27s handbook of fraud and commercial crime prevention

https://egrove.olemiss.edu/aicpa_guides/1819/thumbnail.jp

Investigating Emerging Security Threats in Clouds and Data Centers

Data centers have been growing rapidly in recent years to meet the surging demand of cloud services. However, the expanding scale of a data center also brings new security threats. This dissertation studies emerging security issues in clouds and data centers from different aspects, including low-level cooling infrastructures and different virtualization techniques such as container and virtual machine (VM). We first unveil a new vulnerability called reduced cooling redundancy that might be exploited to launch thermal attacks, resulting in severely worsened thermal conditions in a data center. Such a vulnerability is caused by the wide adoption of aggressive cooling energy saving policies. We conduct thermal measurements and uncover effective thermal attack vectors at the server, rack, and data center levels. We also present damage assessments of thermal attacks. Our results demonstrate that thermal attacks can negatively impact the thermal conditions and reliability of victim servers, significantly raise the cooling cost, and even lead to cooling failures. Finally, we propose effective defenses to mitigate thermal attacks. We then perform a systematic study to understand the security implications of the information leakage in multi-tenancy container cloud services. Due to the incomplete implementation of system resource isolation mechanisms in the Linux kernel, a spectrum of system-wide host information is exposed to the containers, including host-system state information and individual process execution information. By exploiting such leaked host information, malicious adversaries can easily launch advanced attacks that can seriously affect the reliability of cloud services. Additionally, we discuss the root causes of the containers\u27 information leakage and propose a two-stage defense approach. The experimental results show that our defense is effective and incurs trivial performance overhead. Finally, we investigate security issues in the existing VM live migration approaches, especially the post-copy approach. While the entire live migration process relies upon reliable TCP connectivity for the transfer of the VM state, we demonstrate that the loss of TCP reliability leads to VM live migration failure. By intentionally aborting the TCP connection, attackers can cause unrecoverable memory inconsistency for post-copy, significantly increase service downtime, and degrade the running VM\u27s performance. From the offensive side, we present detailed techniques to reset the migration connection under heavy networking traffic. From the defensive side, we also propose effective protection to secure the live migration procedure

Big Data Security (Volume 3)

After a short description of the key concepts of big data the book explores on the secrecy and security threats posed especially by cloud based data storage. It delivers conceptual frameworks and models along with case studies of recent technology