To What Extent Has Information Security Professionalism Achieved Recognition?

The practice of securing information was until recently associated strongly with securing the Information Technology systems which store and process it. As it has developed as a specialised area of work however, particularly as the critical importance of human and social factors has increasingly been recognised, it has acquired an identity separate from that of computing. The separation has been sufficient for the formation of a new, distinct occupation, with specialised credentialing bodies being established to attest to practitioners’ professional competence. This study is the first empirical academic investigation into the professionalisation of UK Information Security. It considers attitudes towards professional status, the desirability and practicality of licensing, the current standing of the occupation and its prospects for the future. The analysis draws heavily from the substantial Sociology of the Professions, both from the structural and procedural theory of profession-forming and the later critiques of motivation, class and power. Semi-structured interviews were undertaken with twenty-seven individuals comprising security analysts, managers, academics, professional bodies and the UK Government. Interviews took place between November 2012 and March 2015. Results are presented in two stages of analysis, using Actor–Network Theory as a theoretical lens. Whilst significant progress has been made towards forming a recognisable Information Security profession, its status is not yet comparable to more established peers. Aligned with US National Research Council findings but using a broader basis in professionalisation theory, the UK occupation was found to be too diffusely demarcated both internally and with respect to its bordering professions. It has yet to coalesce around distinct internal specialities with discrete qualification routes and establish the hierarchical arrangement of its major branches. Without such stratification of roles and a well-accepted claim to controlling a clearly demarcated body of knowledge, it is not possible to establish the boundaries of a graduate profession superior to any supporting para-professions, and thus position itself as requiring an advanced abstract education comparable to its peers. A rationalisation of credentials and institutions is required to produce a strong professional body which can advance the cause of the profession and properly establish and embed these roles. At present however – contrary to the tenor of much of the relevant sociology – neither the pursuit of professional status nor the exclusion of unqualified workers were found to be major motivators for current practitioners. By contrast government, the final arbiter of professional monopoly, is attempting urgently to increase the appeal of the profession to address a national skills shortfall, but is wary of direct market intervention in the form of licensing. Therefore, whilst change is rapid, significant impediments to full professional recognition remain

Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers

Learning plan networks in conversational video games

Thesis (S.M.)--Massachusetts Institute of Technology, School of Architecture and Planning, Program in Media Arts and Sciences, 2007.Includes bibliographical references (p. 121-123).We look forward to a future where robots collaborate with humans in the home and workplace, and virtual agents collaborate with humans in games and training simulations. A representation of common ground for everyday scenarios is essential for these agents if they are to be effective collaborators and communicators. Effective collaborators can infer a partner's goals and predict future actions. Effective communicators can infer the meaning of utterances based on semantic context. This thesis introduces a computational cognitive model of common ground called a Plan Network. A Plan Network is a statistical model that provides representations of social roles, object affordances, and expected patterns of behavior and language. I describe a methodology for unsupervised learning of a Plan Network using a multiplayer video game, visualization of this network, and evaluation of the learned model with respect to human judgment of typical behavior. Specifically, I describe learning the Restaurant Plan Network from data collected from over 5,000 players of an online game called The Restaurant Game.by Jeffrey David Orkin.S.M

Proceedings of the 22nd Conference on Formal Methods in Computer-Aided Design – FMCAD 2022

The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing

Regulation of the private security industry

The regulation of the private security industry has been an issue of debate for a number of years in South Africa, as well as in the rest of the world. The debate mainly centers around issues such as the need for regulation in this Industry and the objectives of regulation. This thesis argues that regulation is of utmost importance in this Industry and furthermore, that the objective ofregulation should be to set standards in the Industry. If this is the case, the protection of the public interest will be a natural result of regulating the standards. In addition, this thesis argues for the inclusion of the private investigator into the scope of regulation and suggests that this sector should ultimately be regulated through the means of separate legislation. This thesis furthermore provides two models for the regulation of the private security industry in South Africa. These models are described as the Semi-Integrated Wide Model (SIWM) and the Fully Integrated Wide Model (FIWM). These two models provide Government with the option of regulating the Industry without alienating the latter. Government will still have the ultimate responsibility for regulation, but will allow the Industry to be central in setting standards and requirements. In this way, the Industry will not regulate itself and Government will have the ultimate responsibility of protecting the interests of the public and the StatePolice PracticeD. litt. et. Phil. (Police Science