Countering Social Engineering through Social Media: An Enterprise Security Perspective

The increasing threat of social engineers targeting social media channels to advance their attack effectiveness on company data has seen many organizations introducing initiatives to better understand these vulnerabilities. This paper examines concerns of social engineering through social media within the enterprise and explores countermeasures undertaken to stem ensuing risk. Also included is an analysis of existing social media security policies and guidelines within the public and private sectors.Comment: Proceedings of The 7th International Conference on Computational Collective Intelligence Technologies and Applications (ICCCI 2015), LNAI, Springer, Vol. 9330, pp. 54-6

Building in web application security at the requirements stage : a tool for visualizing and evaluating security trade-offs : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science in Information Systems at Massey University, Albany, New Zealand

One dimension of Internet security is web application security. The purpose of this Design-science study was to design, build and evaluate a computer-based tool to support security vulnerability and risk assessment in the early stages of web application design. The tool facilitates risk assessment by managers and helps developers to model security requirements using an interactive tree diagram. The tool calculates residual risk for each component of a web application and for the application overall so developers are provided with better information for making decisions about which countermeasures to implement given limited resources tor doing so. The tool supports taking a proactive approach to building in web application security at the requirements stage as opposed to the more common reactive approach of putting countermeasures in place after an attack and loss have been incurred. The primary contribution of the proposed tool is its ability to make known security-related information (e.g. known vulnerabilities, attacks and countermeasures) more accessible to developers who are not security experts and to translate lack of security measures into an understandable measure of relative residual risk. The latter is useful for managers who need to prioritize security spending. Keywords: web application security, security requirements modelling, attack trees, threat trees, risk assessment

Security Evaluation of Cyber-Physical Systems in Society- Critical Internet of Things

In this paper, we present evaluation of security awareness of developers and users of cyber-physical systems. Our study includes interviews, workshops, surveys and one practical evaluation. We conducted 15 interviews and conducted survey with 55 respondents coming primarily from industry. Furthermore, we performed practical evaluation of current state of practice for a society-critical application, a commercial vehicle, and reconfirmed our findings discussing an attack vector for an off-line societycritical facility. More work is necessary to increase usage of security strategies, available methods, processes and standards. The security information, currently often insufficient, should be provided in the user manuals of products and services to protect system users. We confirmed it lately when we conducted an additional survey of users, with users feeling as left out in their quest for own security and privacy. Finally, hardware-related security questions begin to come up on the agenda, with a general increase of interest and awareness of hardware contribution to the overall cyber-physical security. At the end of this paper we discuss possible countermeasures for dealing with threats in infrastructures, highlighting the role of authorities in this quest

Ready or Not? Protecting the Public's Health From Diseases, Disasters, and Bioterrorism, 2008

Examines ten indicators to assess progress in state readiness to respond to bioterrorism and other public health emergencies. Evaluates the federal government's and hospitals' preparedness. Makes suggestions for funding, restructuring, and other reforms

Encouraging Corporate Innovation for Our Homeland During the Best of Times for the Worst of Times: Extending Safety Act Protections to Natural Disasters’

This article first analyzes the innovative tort reform of the SAFETY Act and then argues for expansion of SAFETY Act type risk protection to natural disasters such as hurricanes, earthquakes and wildfires. The SAFETY Act was drafted to stimulate the development and deployment of technologies that combat terrorism by providing liability protection. Applying the same type of legislation to natural disasters will provide a commensurate benefit of encouraging preparedness and development of technologies that could mitigate harms resulting from natural disasters. The Department of Homeland Security voiced a desire to increase the use of the SAFETY Act by private industry. This article argues that one way to increase the utility of the SAFETY Act and provide more value for the American public is for Congress to extend SAFETY Act protections, by amendment or new legislation, to cover risk related to national catastrophes