9,011 research outputs found
Countering Social Engineering through Social Media: An Enterprise Security Perspective
The increasing threat of social engineers targeting social media channels to
advance their attack effectiveness on company data has seen many organizations
introducing initiatives to better understand these vulnerabilities. This paper
examines concerns of social engineering through social media within the
enterprise and explores countermeasures undertaken to stem ensuing risk. Also
included is an analysis of existing social media security policies and
guidelines within the public and private sectors.Comment: Proceedings of The 7th International Conference on Computational
Collective Intelligence Technologies and Applications (ICCCI 2015), LNAI,
Springer, Vol. 9330, pp. 54-6
Building in web application security at the requirements stage : a tool for visualizing and evaluating security trade-offs : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science in Information Systems at Massey University, Albany, New Zealand
One dimension of Internet security is web application security. The purpose of this Design-science study was to design, build and evaluate a computer-based tool to support security vulnerability and risk assessment in the early stages of web application design. The tool facilitates risk assessment by managers and helps developers to model security requirements using an interactive tree diagram. The tool calculates residual risk for each component of a web application and for the application overall so developers are provided with better information for making decisions about which countermeasures to implement given limited resources tor doing so. The tool supports taking a proactive approach to building in web application security at the requirements stage as opposed to the more common reactive approach of putting countermeasures in place after an attack and loss have been incurred. The primary contribution of the proposed tool is its ability to make known security-related information (e.g. known vulnerabilities, attacks and countermeasures) more accessible to developers who are not security experts and to translate lack of security measures into an understandable measure of relative residual risk. The latter is useful for managers who need to prioritize security spending. Keywords: web application security, security requirements modelling, attack trees, threat trees, risk assessment
Security Evaluation of Cyber-Physical Systems in Society- Critical Internet of Things
In this paper, we present evaluation of security
awareness of developers and users of cyber-physical systems. Our
study includes interviews, workshops, surveys and one practical
evaluation. We conducted 15 interviews and conducted survey with
55 respondents coming primarily from industry. Furthermore, we
performed practical evaluation of current state of practice for a
society-critical application, a commercial vehicle, and reconfirmed
our findings discussing an attack vector for an off-line societycritical
facility. More work is necessary to increase usage of security
strategies, available methods, processes and standards. The security
information, currently often insufficient, should be provided in the
user manuals of products and services to protect system users. We
confirmed it lately when we conducted an additional survey of
users, with users feeling as left out in their quest for own security
and privacy. Finally, hardware-related security questions begin to
come up on the agenda, with a general increase of interest and
awareness of hardware contribution to the overall cyber-physical
security. At the end of this paper we discuss possible
countermeasures for dealing with threats in infrastructures,
highlighting the role of authorities in this quest
Ready or Not? Protecting the Public's Health From Diseases, Disasters, and Bioterrorism, 2008
Examines ten indicators to assess progress in state readiness to respond to bioterrorism and other public health emergencies. Evaluates the federal government's and hospitals' preparedness. Makes suggestions for funding, restructuring, and other reforms
Encouraging Corporate Innovation for Our Homeland During the Best of Times for the Worst of Times: Extending Safety Act Protections to Natural Disasters’
This article first analyzes the innovative tort reform of the SAFETY Act and then argues for expansion of SAFETY Act type risk protection to natural disasters such as hurricanes, earthquakes and wildfires. The SAFETY Act was drafted to stimulate the development and deployment of technologies that combat terrorism by providing liability protection. Applying the same type of legislation to natural disasters will provide a commensurate benefit of encouraging preparedness and development of technologies that could mitigate harms resulting from natural disasters. The Department of Homeland Security voiced a desire to increase the use of the SAFETY Act by private industry. This article argues that one way to increase the utility of the SAFETY Act and provide more value for the American public is for Congress to extend SAFETY Act protections, by amendment or new legislation, to cover risk related to national catastrophes
- …