Rational Cybersecurity for Business

Use the guidance in this comprehensive field guide to gain the support of your top executives for aligning a rational cybersecurity plan with your business. You will learn how to improve working relationships with stakeholders in complex digital businesses, IT, and development environments. You will know how to prioritize your security program, and motivate and retain your team. Misalignment between security and your business can start at the top at the C-suite or happen at the line of business, IT, development, or user level. It has a corrosive effect on any security project it touches. But it does not have to be like this. Author Dan Blum presents valuable lessons learned from interviews with over 70 security and business leaders. You will discover how to successfully solve issues related to: risk management, operational security, privacy protection, hybrid cloud management, security culture and user awareness, and communication challenges. This open access book presents six priority areas to focus on to maximize the effectiveness of your cybersecurity program: risk management, control baseline, security culture, IT rationalization, access control, and cyber-resilience. Common challenges and good practices are provided for businesses of different types and sizes. And more than 50 specific keys to alignment are included. What You Will Learn Improve your security culture: clarify security-related roles, communicate effectively to businesspeople, and hire, motivate, or retain outstanding security staff by creating a sense of efficacy Develop a consistent accountability model, information risk taxonomy, and risk management framework Adopt a security and risk governance model consistent with your business structure or culture, manage policy, and optimize security budgeting within the larger business unit and CIO organization IT spend Tailor a control baseline to your organization’s maturity level, regulatory requirements, scale, circumstances, and critical assets Help CIOs, Chief Digital Officers, and other executives to develop an IT strategy for curating cloud solutions and reducing shadow IT, building up DevSecOps and Disciplined Agile, and more Balance access control and accountability approaches, leverage modern digital identity standards to improve digital relationships, and provide data governance and privacy-enhancing capabilities Plan for cyber-resilience: work with the SOC, IT, business groups, and external sources to coordinate incident response and to recover from outages and come back stronger Integrate your learnings from this book into a quick-hitting rational cybersecurity success plan Who This Book Is For Chief Information Security Officers (CISOs) and other heads of security, security directors and managers, security architects and project leads, and other team members providing security leadership to your busines

Human Factors Certification of Advanced Aviation Technologies

Proceedings of the Human Factors Certification of Advanced Aviation Technologies Conference held at the Chateau de Bonas, near Toulouse, France, 19-23 July 1993

Analyzing Systems Integration Best Practices and Assessment in DoD Space Systems Acquisition

Senior leadership of the Air Force\u27s Space and Missile Center suggested an investigation of systems integration within the space acquisition community in the fall of 2008. This thesis performs that investigation. A review concluded that while Systems Integration (SI) is extensively discussed as an area deserving considerable attention in the Systems Engineering literature, definitions are weak and methods and tools non-existent. Known SI activities are not being traced and assessed for adequacy throughout system development. Employing the Space System Acquisition Lifecycle Framework as the environment for this research, a method of characterizing and tracing SI throughout a program‘s lifecycle by using technical reviews and audits (TR&A) is proposed. Subsequent to a SI trace of an acquisition program, an assessment can be performed to determine the adequacy of the integration of Systems Engineering (SE) tasks. Using this assessment, prudent adjustments to program resources (e.g., SE, finance, research and development, program management, etc.) can be considered that will mitigate or resolve program deficiencies caused by insufficient SI. The proposed method is demonstrated across technical reviews and audits of the Global Positioning Systems (GPS) program. The results of this thesis should accentuate the value of SI during space system acquisition – a key consideration which is rarely recognized

Process study of a complex technology transfer and integration : the case of digital interactive broadcast media

Imperial Users onl

Cerberus : a human powered vehicle

A recumbent trike was designed and built for the ASME Human Powered Vehicle Challenge held at San Jose State University in April of 2013. The vehicle was designed to be low cost for use by commuters and as primary transportation in developing countries. The vehicle placed 11th overall in the competition out of 29 teams, and scored 8th in the innovation event, which was its best ranking out of the 5 individual events

The Future of Facial Recognition Is Not Fully Known: Developing Privacy and Security Regulatory Mechanisms for Facial Recognition in the Retail Sector

In recent years, advances in facial recognition technology have resulted in a rapid expansion in the prevalence of private sector biometric technologies. Facial recognition, while providing new potentials for safety and security and personalized marketing by retailers implicates complicated questions about the nature of consumer privacy and surveillance where a “collection imperative” incentivize corporate actors to accumulate increasingly massive reservoirs of consumer data. However, the law has not yet fully developed to address the unique risks to consumers through the use of this technology. This Note examines existing regulatory mechanisms, finding that consumer sensitivities and the opaque nature of the technology have resulted in over- and underinclusive regulatory regimes. This Note proposes that the broad implications of biometric privacy harms justify more extensive privacy regulation than a narrow focus on data security and self-regulation. It suggests that regulation predicated on consumer data self-management is inefficient in controlling the flow of information generated by facial recognition. This Note finds that a regulatory approach based in collaborative governance may be better suited for regulating complex systems that create hard-to-calculate risks, change too quickly for traditional regulatory approaches, and involve technical and industry expertise that regulators and legislators are unlikely to have

Exploring Government Contractor Experiences Assessing and Reporting Software Development Status

Reports from academic, commercial, and government organizations have documented software-intensive system cost and schedule overruns for decades. These reports have identified lack of management insight into the software development process as one of many contributing factors. Multiple management mechanisms exist. However, these mechanisms do not support the assessment, and subsequent reporting, of software completion status. Additionally, the conceptual framework, based on industry standards, is limited in its relevance to this study due to an emphasis on what is needed while deferring implementation details. The purpose of this phenomenological study was to explore U.S. government contractors\u27 lived experiences of assessing and reporting software completion status with current measurement mechanisms. Twenty program or project managers responded to interview questions targeting positive and challenging experiences with current measurement mechanisms. Qualitative analysis of the experiential data was based on open and axial coding conducted on interview transcripts. Analysis indicated that costly resources are applied to metrics that do not provide the required level of management insight into completion status. These findings have positive social change implications for program managers, project managers, and researchers by documenting the need to develop relevant and cost-efficient status metrics to provide the critical insight required by management to reduce overruns

An application of machine learning to explore relationships between factors of organisational silence and culture, with specific focus on predicting silence behaviours

Research indicates that there are many individual reasons why people do not speak up when confronted with situations that may concern them within their working environment. One of the areas that requires more focused research is the role culture plays in why a person may remain silent when such situations arise. The purpose of this study is to use data science techniques to explore the patterns in a data set that would lead a person to engage in organisational silence. The main research question the thesis asks is: Is Machine Learning a tool that Social Scientists can use with respect to Organisational Silence and Culture, that augments commonly used statistical analysis approaches in this domain. This study forms part of a larger study being run by the third supervisor of this thesis. A questionnaire was developed by organisational psychologists within this group to collect data covering six traits of silence as well as cultural and individual attributes that could be used to determine if someone would engage in silence or not. This thesis explores three of those cultures to find main effects and interactions between variables that could influence silence behaviours. Data analysis was carried out on data collected in three European countries, Italy, Germany and Poland (n=774). The data analysis comprised of (1) exploring the characteristics of the data and determining the validity and reliability of the questionnaire; (2) identifying a suitable classification algorithm which displayed good predictive accuracy and modelled the data well based on eight already confirmed hypotheses from the organisational silence literature and (3) investigate newly discovered patterns and interactions within the data, that were previously not documented in the Silence literature on how culture plays a role in predicting silence. It was found that all the silence constructs showed good validity with the exception of Opportunistic Silence and Disengaged Silence. Validation of the cultural dimensions was found to be poor for all constructs when aggregated to individual level with the exception of Humane Orientation Organisational Practices, Power Distance Organisational Practices, Humane Orientation Societal Practices and Power Distance Societal Practices. In addition, not all constructs were invariant across countries. For example, a number of constructs showed invariance across the Poland and Germany samples, but failed for the Italian sample. Ten models were trained to identify predictors of a binary variable, engaged in Organisational Silence. Two of the most accurate models were chosen for further analysis of the main effects and interactions within the dataset, namely Random Forest (AUC = 0.655) and Conditional Inference Forests (AUC = 0.647). Models confirmed 9 out of 16 of the known relationships, and identified three additional potential interactions within the data that were previously not documented in the silence literature on how culture plays a role in predicting silence. For example, Climate for Authenticity was discovered to moderate the effect of both Power Distance Societal Practices and Diffident Silence in reducing the probability of someone engaging in silence. This is the first time this instrument was validated via statistical techniques for suitability to be used across cultures. The techniques of modelling the silence data using classification algorithms with Partial Dependency Plots is a novel and previously unexplored method of exploring organisational silence. In addition, the results identified new information on how culture plays a role in silence behaviours. The results also highlighted that models such as ensembles that identify non-linear relationships without making assumptions about the data, and visualisations depicting interactions identified by such models, can offer new insights over and above the current toolbox of analysis techniques prevalent in social science research

Exploring abstinence, recovery, identity and personhood in individuals engaging with addiction services

Section A: This review aimed to understand how abstinence is understood in recovery by those who access substance misuse services. A systematic literature review was undertaken and fourteen studies were identified. These were quality assessed using the CASP quality analysis tool. Limitations of CASP as a tool were discussed. The fourteen studies were analysed using thematic synthesis and seven themes with ten sub-themes were identified. Themes were organised along a temporal path. Future clinical and research directions were discussed, as were strengths and limitations of the paper. Section A: This review aimed to understand how abstinence is understood in recovery by those who access substance misuse services. A systematic literature review was undertaken and fourteen studies were identified. These were quality assessed using the CASP quality analysis tool. Limitations of CASP as a tool were discussed. The fourteen studies were analysed using thematic synthesis and seven themes with ten sub-themes were identified. Themes were organised along a temporal path. Future clinical and research directions were discussed, as were strengths and limitations of the paper