Towards optimal multi-objective models of network security: survey

Information security is an important aspect of a successful business today. However, financial difficulties and budget cuts create a problem of selecting appropriate security measures and keeping networked systems up and running. Economic models proposed in the literature do not address the challenging problem of security countermeasure selection. We have made a classification of security models, which can be used to harden a system in a cost effective manner based on the methodologies used. In addition, we have specified the challenges of the simplified risk assessment approaches used in the economic models and have made recommendations how the challenges can be addressed in order to support decision makers

Toward optimal multi-objective models of network security: Survey

Information security is an important aspect of a successful business today. However, financial difficulties and budget cuts create a problem of selecting appropriate security measures and keeping networked systems up and running. Economic models proposed in the literature do not address the challenging problem of security countermeasure selection. We have made a classification of security models, which can be used to harden a system in a cost effective manner based on the methodologies used. In addition, we have specified the challenges of the simplified risk assessment approaches used in the economic models and have made recommendations how the challenges can be addressed in order to support decision makers

Defense against Insider Threat: a Framework for Gathering Goal-based Requirements

Insider threat is becoming comparable to outsider threat in frequency of security events. This is a worrying situation, since insider attacks have a high probability of success because insiders have authorized access and legitimate privileges. Despite their importance, insider threats are still not properly addressed by organizations. We contribute to reverse this situation by introducing a framework composed of a method for identification and assessment of insider threat risks and of two supporting deliverables for awareness of insider threat. The deliverables are: (i) attack strategies structured in four decomposition trees, and (ii) a matrix which correlates defense strategies, attack strategies and control principles. The method output consists of goal-based requirements for the defense against insiders

An Analytical Evaluation of Network Security Modelling Techniques Applied to Manage Threats

The current ubiquity of information coupled with the reliance on such data by businesses has led to a great deal of resources being deployed to ensure the security of this information. Threats can come from a number of sources and the dangers from those insiders closest to the source have increased significantly recently. This paper focuses on techniques used to identify and manage threats as well as the measures that every organisation should consider to put into action. A novel game-based onion skin model has been proposed, combining techniques used in theory-based and hardware-based hardening strategies

Real Option Applications to Information Security

Real options present advantages over the standard discounting methods. In this paper we analyze them briefly and examine their potential applications on information security. The applications of real options on valuation of information assets, information security investment and capital budgeting provide considerable benefits. Finally portfolios of real options and other financial products can reduce information security risk.Real options, information security, valuation, information security investment, capital budgeting, portfolio theory, information security risk.

Security Analysis Using Subjective Attack Trees

Postprin

Scaling land and water technologies in Tanzania: Opportunities, challenges and policy implications

The scaling of land and water technologies has widely increased across different parts of the world; and is recognized as important for ecological systems. These technologies contribute to sustainable management of watersheds on which agriculture, food production and rural livelihoods for most developing communities depend upon. There are ongoing efforts designed to halt land degradation in the Western Usambara which have arisen from pressure on land resources mainly caused by demographic growth, deforestation and the abandoning of the traditional regenerative land use and farming systems. Socio-cultural and economic factors such as education level, age, gender, and land tenure, marital status and income earnings of smallholder farmers are factors considered important in the adoption of land and water management practices. Environmental factors were also identified as limiting factors to smallholder farmers in soil-water management practices. Such factors involved physical distance, slope, type of crops grown and farm sizes. Insecure land tenure especially among women limits their adoption of the technologies. Technological complexity of the technology (farmers prefer technology that are less complex and easier to use), preference for less labor intensive technology, required capital, land ownership (less adoption in new technology on hired/leased land), approach of introducing the technology (preference of participatory bottom up approach), and motivation and the involvement of farmers from conceptualization to implementation are factors that impact adoption of technologies between farmers. Unsustainable cultivation in catchments and destruction of water sources in Tanzania is limiting the flow of water on which some of water use technologies directly depend. In some areas where farmers and pastoralists co-exist, conflicts always arise from grazing on farmland, with destruction to water infrastructure. In recognition of the need for sustainable management of land and water, and the increasing conflicts over use of resources by different sectors, Tanzania has enacted several policies. The irrigation policy calls for the improvement of irrigation water use efficiency and effectiveness by promoting closed conduit systems and high efficiency methods such as drip irrigation and promotion of efficient water utilization technologies such as the System of Rice Intensification. There is need for harmonization and linkage of land and water management and the policies to avoid conflicts. Whereas for example the customary land law recognizes the right to land entailing some resources therewith, the water law does not recognize such customary right by granting the ownership right to water by the owner of land on which the water resource is found. There is need for adequate mechanisms for enforcing policies, regulations and by-laws. Local water governance institutions such as water user associations are important for sustainable scaling of land and water technologies. Horizontal and vertical scaling of the land and water technologies depends on factors such as facilitation of registration of water user associations and empowering them; implementing projects based on actual ground conditions for ease of adoption by communities; and involvement of the local government. Strengthening linkages between relevant institutions and their respective roles and responsibilities also require to be clearly defined. Promotion of land and water technologies should not be gender-blind but rather ensure participation of women and youth in the training and implementation. An integrated systems approach is needed to address the multi-faceted challenges in sustainable land and water management, and a focus on the entire value chain activities; from input supply to output market