30 research outputs found
To What Extent Has Information Security Professionalism Achieved Recognition?
The practice of securing information was until recently associated strongly with securing the Information Technology systems which store and process it. As it has developed as a specialised area of work however, particularly as the critical importance of human and social factors has increasingly been recognised, it has acquired an identity separate from that of computing. The separation has been sufficient for the formation of a new, distinct occupation, with specialised credentialing bodies being established to attest to practitioners’ professional competence. This study is the first empirical academic investigation into the professionalisation of UK Information Security. It considers attitudes towards professional status, the desirability and practicality of licensing, the current standing of the occupation and its prospects for the future. The analysis draws heavily from the substantial Sociology of the Professions, both from the structural and procedural theory of profession-forming and the later critiques of motivation, class and power. Semi-structured interviews were undertaken with twenty-seven individuals comprising security analysts, managers, academics, professional bodies and the UK Government. Interviews took place between November 2012 and March 2015. Results are presented in two stages of analysis, using Actor–Network Theory as a theoretical lens. Whilst significant progress has been made towards forming a recognisable Information Security profession, its status is not yet comparable to more established peers. Aligned with US National Research Council findings but using a broader basis in professionalisation theory, the UK occupation was found to be too diffusely demarcated both internally and with respect to its bordering professions. It has yet to coalesce around distinct internal specialities with discrete qualification routes and establish the hierarchical arrangement of its major branches. Without such stratification of roles and a well-accepted claim to controlling a clearly demarcated body of knowledge, it is not possible to establish the boundaries of a graduate profession superior to any supporting para-professions, and thus position itself as requiring an advanced abstract education comparable to its peers. A rationalisation of credentials and institutions is required to produce a strong professional body which can advance the cause of the profession and properly establish and embed these roles. At present however – contrary to the tenor of much of the relevant sociology – neither the pursuit of professional status nor the exclusion of unqualified workers were found to be major motivators for current practitioners. By contrast government, the final arbiter of professional monopoly, is attempting urgently to increase the appeal of the profession to address a national skills shortfall, but is wary of direct market intervention in the form of licensing. Therefore, whilst change is rapid, significant impediments to full professional recognition remain
Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -
The Internet today provides the environment for novel applications and
processes which may evolve way beyond pre-planned scope and
purpose. Security analysis is growing in complexity with the increase
in functionality, connectivity, and dynamics of current electronic
business processes. Technical processes within critical
infrastructures also have to cope with these developments. To tackle
the complexity of the security analysis, the application of models is
becoming standard practice. However, model-based support for security
analysis is not only needed in pre-operational phases but also during
process execution, in order to provide situational security awareness
at runtime.
This cumulative thesis provides three major contributions to modelling
methodology.
Firstly, this thesis provides an approach for model-based analysis and
verification of security and safety properties in order to support
fault prevention and fault removal in system design or redesign.
Furthermore, some construction principles for the design of
well-behaved scalable systems are given.
The second topic is the analysis of the exposition of vulnerabilities
in the software components of networked systems to exploitation by
internal or external threats. This kind of fault forecasting allows
the security assessment of alternative system configurations and
security policies. Validation and deployment of security policies
that minimise the attack surface can now improve fault tolerance and
mitigate the impact of successful attacks.
Thirdly, the approach is extended to runtime applicability. An
observing system monitors an event stream from the observed system
with the aim to detect faults - deviations from the specified
behaviour or security compliance violations - at runtime.
Furthermore, knowledge about the expected behaviour given by an
operational model is used to predict faults in the near
future. Building on this, a holistic security management strategy is
proposed. The architecture of the observing system is described and
the applicability of model-based security analysis at runtime is
demonstrated utilising processes from several industrial scenarios.
The results of this cumulative thesis are provided by 19 selected
peer-reviewed papers
Learning plan networks in conversational video games
Thesis (S.M.)--Massachusetts Institute of Technology, School of Architecture and Planning, Program in Media Arts and Sciences, 2007.Includes bibliographical references (p. 121-123).We look forward to a future where robots collaborate with humans in the home and workplace, and virtual agents collaborate with humans in games and training simulations. A representation of common ground for everyday scenarios is essential for these agents if they are to be effective collaborators and communicators. Effective collaborators can infer a partner's goals and predict future actions. Effective communicators can infer the meaning of utterances based on semantic context. This thesis introduces a computational cognitive model of common ground called a Plan Network. A Plan Network is a statistical model that provides representations of social roles, object affordances, and expected patterns of behavior and language. I describe a methodology for unsupervised learning of a Plan Network using a multiplayer video game, visualization of this network, and evaluation of the learned model with respect to human judgment of typical behavior. Specifically, I describe learning the Restaurant Plan Network from data collected from over 5,000 players of an online game called The Restaurant Game.by Jeffrey David Orkin.S.M
Proceedings of the 22nd Conference on Formal Methods in Computer-Aided Design – FMCAD 2022
The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing
Regulation of the private security industry
The regulation of the private security industry has been an issue of debate for a number of years in
South Africa, as well as in the rest of the world. The debate mainly centers around issues such as the
need for regulation in this Industry and the objectives of regulation. This thesis argues that regulation
is of utmost importance in this Industry and furthermore, that the objective ofregulation should be
to set standards in the Industry. If this is the case, the protection of the public interest will be a
natural result of regulating the standards.
In addition, this thesis argues for the inclusion of the private investigator into the scope of regulation
and suggests that this sector should ultimately be regulated through the means of separate legislation.
This thesis furthermore provides two models for the regulation of the private security industry in
South Africa. These models are described as the Semi-Integrated Wide Model (SIWM) and the Fully
Integrated Wide Model (FIWM). These two models provide Government with the option of
regulating the Industry without alienating the latter. Government will still have the ultimate
responsibility for regulation, but will allow the Industry to be central in setting standards and
requirements. In this way, the Industry will not regulate itself and Government will have the ultimate
responsibility of protecting the interests of the public and the StatePolice PracticeD. litt. et. Phil. (Police Science